Item 1.
Business
Overview
Symantec Corporation is a global leader in cyber security. We provide cyber security products, services, and solutions to more than 350,000 organizations and 50 million individuals worldwide. Our Integrated Cyber Defense Platform helps business and government customers unify cloud and on-premises security to deliver a more effective cyber defense solution, while driving down cost and complexity. Our Cyber Safety solutions from Norton LifeLock help consumers protect their devices, online privacy, identities, and home networks.
Our business and consumer offerings are powered by the largest civilian threat intelligence network, which uses artificial intelligence, machine learning, and human intelligence to analyze trillions of rows of data every day across hundreds of millions of devices to discover and help prevent advanced threats that might otherwise go undetected. We believe this threat intelligence data is a competitive advantage, and a primary way we are able to provide faster and better protection for customers.
Founded in 1982, Symantec has operations in more than 45 countries. Our headquarters are located at 350 Ellis Street, Mountain View, California. Our internet home page is located at www.symantec.com. The information contained, or referred to, on our website is not part of this annual report unless expressly noted.
Fiscal 2019 Business Highlights
During fiscal 2019, we continued to make progress enhancing and expanding our product and services portfolio and improving product integration, partner integration, and sales delivery to help enterprise customers deploy our Integrated Cyber Defense Platform. We also made progress driving market adoption and increasing customer retention of our Consumer Cyber Safety (previously called Consumer Digital Safety) solutions, building on our Norton LifeLock product portfolio. In addition, we implemented operational improvements to reduce costs and complexity, building on the business transformation programs we completed in fiscal 2019, and leveraged synergies from the successful integration of our acquired businesses.
|
|
•
|
Our product development teams built extensive point-to-point integrations across endpoint, network, cloud, and email security products,
responding to customer demand to consolidate vendors and enhance their security posture across control points.
|
|
|
•
|
We further extended our Integrated Cyber Defense (ICD) Platform through application programming interfaces (APIs) and engineering-level integration with more than 120 certified technology partners that have developed or are in the process of developing over 250 integrations of complementary products and services to expand our
ecosystem, helping businesses implement a coordinated and robust approach to threat protection, detection, and response that improves security outcomes and drives down cost and complexity.
|
|
|
•
|
We expanded the marketing of bundled offerings of cyber safety services for consumers through the integration of our Norton-branded security services with LifeLock-branded identity theft protection services, to help individuals and families combat ever-evolving cyberthreats. Bundling these solutions enables us to combine our Norton and LifeLock demand generation and customer relationship management programs to drive new customer acquisition, improve retention, and cross-sell within our large installed base.
|
|
|
•
|
We launched significant new products to advance our portfolio and competitive position:
|
|
|
◦
|
Symantec Advanced EDR Tools and Managed EDR:
We introduced Symantec’s Advanced Endpoint Detection and Response (EDR) tools and fully managed EDR (MEDR) service, enabling security teams around the world to stay ahead of threats. EDR improves incident response, threat hunting, and forensics, fortifying teams with investigation expertise and threat intelligence from a world-class team of security operations center analysts. MEDR detects stealthy attacks and examines suspicious activity for faster incident validation and response.
|
|
|
◦
|
Cloud Security Portfolio Enhancements:
We expanded our cloud security portfolio to help organizations protect cloud applications and related infrastructure. Our ICD Platform offers robust cloud protection, providing visibility and control for virtually any cloud app, and integrations with CloudSOC CASB, Cloud Workload Protection (CWP), and Data Loss Protection (DLP), while enabling customers to track more risk attributes and scan cloud applications and repositories with new API Integrations.
|
|
|
◦
|
Data Loss Prevention Enhancements for Office 365:
We introduced new features to protect data, whether at rest or in transit, on-premises or in the cloud, and everywhere it flows through a single management console.
|
|
|
◦
|
Cloud-based Network Security with Web Isolation:
We introduced industry-first Web Isolation technology that integrates into our Web Security Service (WSS) and enables web browsing, nearly eliminating the risk of infection by zero-day malware or advanced threats.
|
|
|
◦
|
Cloud-based Network Security with Integrated Endpoint Protection
: We introduced improved network-to-endpoint protection with the integration of Symantec Endpoint Protection (SEP) and SEP Mobile into WSS, allowing web traffic re-directs to WSS for enforcement of network security policies while consequently eliminating the need for a separate agent to manage traffic flow. Our new SD-Cloud Connector enables customers to combine the performance and reliability of Software Defined WAN (SD-WAN) technology with our
|
WSS to create a simple, high-performance method to connect branch office locations with our leading cloud security service.
|
|
◦
|
Targeted Attack Analytics:
We expanded our Advanced Threat Protection (ATP) offering to include our targeted attack technology. This feature enables ATP customers to leverage advanced machine learning to automate the discovery of targeted attacks, one of the most dangerous intrusions in corporate networks.
|
|
|
•
|
Consistent with our strategy of acquiring companies with complementary technology to enhance our products, services, and solutions and speed time to market, we completed several acquisitions during our fiscal year 2019, including the following:
|
|
|
◦
|
Appthority.
With this acquisition,
we are able to provide mobile application security to our Consumer Cyber Safety customers, enabling them to analyze mobile apps for both malicious capabilities and unsafe and unwanted behaviors, such as vulnerabilities, risk of sensitive data loss, and privacy-invasive actions.
|
|
|
◦
|
Javelin
. This acquisition brings advanced software technology to our Enterprise Security solutions, enabling enterprises to defend against Active Directory-based (AD) attacks through detection of AD misconfigurations and backdoors to help prevent AD reconnaissance and credentials misuse by authorized devices and applications.
|
|
|
◦
|
Luminate.
With this acquisition, our solutions now incorporate software defined perimeter and zero trust technology enabling us to deliver private secure application access to all users, regardless of device, location, or infrastructure, extending the power of our ICD Platform to users and significantly extending our leadership in cloud security beyond alternative approaches.
|
|
|
•
|
We expanded our strategic partnerships in our Enterprise Security and Consumer Cyber Safety segments, including:
|
|
|
◦
|
Fortinet
. We entered into an expansive partnership agreement with Fortinet in an effort to provide customers with comprehensive and robust firewall security solutions. Under this arrangement, we intend to integrate Fortinet’s Next-Generation Firewall (NGFW) capabilities into our cloud-delivered WSS and to integrate our endpoint protection solutions into the Fortinet Security Fabric platform. This technology partnership is designed to provide essential security controls across endpoint, network, and cloud environments that are critical to enforcing the zero trust security framework, a model built on the reality that threats everywhere, both inside and outside an organization, require a multi-layered approach to prevention, detection, and response.
|
|
|
◦
|
AON
. We entered into a strategic partnership with AON, as part of our longer-term strategy to drive consumer adoption through business-to-business-to-consumer relationships. AON offers solutions to help high net worth individuals defend their assets against cyber criminals. The partnership provides that we will offer to AON customers features across our Consumer Cyber Safety solutions. We believe Cyber Safety is synergistic with many brands globally, such as insurers, banks, telecom providers and other organizations. As we expand Cyber Safety internationally and to address a growing array of vertical needs, we believe partnerships such as AON will expand the value we bring customers and the revenue potential for our consumer business.
|
Business Strategy
Our strategy is to combine best-of-breed technology with unmatched scale to deliver a comprehensive cyber security set of solutions for business and government customers, as well as consumers.
Our Enterprise Security strategy is to leverage our ICD Platform, partner ecosystem and global threat intelligence network to deliver Integrated Cyber Defense to business and government customers, helping them improve security while reducing cost and complexity. Our ICD Platform enables us to acquire new customers and cross-sell our full portfolio of products and services to existing customers and to customers of partners in our expansive ecosystem, such as Amazon.com Inc.’s AWS, Box, Inc., IBM Security, Microsoft Corporation (Microsoft), Oracle Corporation, ServiceNow, Inc., Splunk Inc., and many others.
Our Consumer Cyber Safety strategy is to combine and leverage our portfolio of Norton and LifeLock offerings to deliver a set of Cyber Safety solutions that address today’s continually evolving and increasingly complex threat landscape. This threat landscape puts consumers at increased risk of having their security, online privacy, and identities compromised. As the risks to consumers shift from PC-based attacks to more sophisticated threats such as ransomware, identity theft, and privacy risks, our software and services provide a multi-layered approach to protect consumers, regardless of device, network, or location.
Products and Services
Enterprise Security Portfolio: Integrated Cyber Defense
Our Enterprise Security portfolio includes a deep and broad mix of products, services, and solutions, delivered as part of our ICD Platform. Our platform unifies cloud and on-premises security to provide advanced threat protection and information protection across endpoints, networks, email, and cloud applications. Key components of our ICD Platform include:
|
|
•
|
Advanced Security Services
|
|
|
•
|
Advanced Threat Protection:
Multiple layers of threat prevention, detection, and forensic technology provide a robust view of malicious activities across control points, enabling users to contain, investigate, and remediate threats.
|
|
|
•
|
Information Protection:
Encryption, data loss prevention, multi-factor authentication, tagging, and analytics enable businesses and governments to protect confidential information and IT assets while managing compliance requirements and restricting access to authenticated users.
|
|
|
•
|
Identity Management:
Cloud-based authentication service with multi-factor authentication to cloud apps, network, and Virtual Private Network (VPN) to reduce the risk of breaches and unauthorized access.
|
|
|
•
|
Compliance enforcement:
A suite of governance, risk, and compliance tools help customers inventory their IT assets, evaluate vulnerabilities, govern information access, and automate compliance reporting for more than 100 regulatory and best-practice frameworks including GDPR, HIPAA, NIST, PCI, and SWIFT.
|
|
|
•
|
Third-party applications:
Over 250 TIPP (Technology Integration Partner Program) certified integrations enhance productivity for security operations and incident response teams while extending the value of current cyber investments.
|
|
|
•
|
Endpoint Security:
A single agent architecture delivers multi-layered security across endpoints - desktop, server, mobile, and IoT - and enables customers to protect enterprise and mobile workforces, regardless of operating system, device, or network security approaches.
|
|
|
•
|
Network Security:
Cloud and on-premises network security solutions, based on an advanced proxy architecture, provide superior defense against advanced threats, enable users to protect critical business information, and help ensure secure and compliant use of cloud applications and the web.
|
|
|
•
|
Email Security:
Multiple layers of protection (including threat isolation and advanced analytics) against ransomware, spear phishing, and enterprise email compromise help identify targeted attacks and enable users to protect email against user error and data leakage.
|
|
|
•
|
Cloud Application Security:
Advanced solutions that secure cloud access, cloud infrastructure, and cloud applications, providing in-depth visibility, data security, and threat protection to safeguard users, information, and workloads across public and private clouds.
|
|
|
•
|
Cyber Security Services
|
|
|
•
|
An integrated portfolio including Managed Security Services, Incident Response, and Deep Sight Threat Intelligence, driven by our private network of cyber security analysts within our global security operations centers.
|
|
|
•
|
ICD Platform Foundations
|
Our solutions are powered by the following critical features:
|
|
•
|
Threat Intelligence:
The world’s largest civilian threat intelligence network applies deep security research, expert analysis, and artificial intelligence to monitor and synthesize nine trillion rows of telemetry daily, helping discover and block targeted attacks and cybercrime that would otherwise go undetected.
|
|
|
•
|
AI and Machine Learning Services:
Artificial intelligence and machine learning analyze massive amounts of control point data and sift through our entire telemetry data set to help identify potential threats and accelerate response and remediation.
|
|
|
•
|
API and ICD Exchange Services:
APIs and ICD Exchange (ICDx) vastly simplify integrations with ICD, providing enhanced protection, investigation, and remediation across Symantec endpoints, networks, email, cloud applications, and third-party products.
|
|
|
•
|
ICD Manager Services:
A shared management console provides a single point of control for policy management, monitoring, and reporting.
|
|
|
•
|
Automation:
Built-in automation simplifies investigation, accelerates response times, and minimizes damages from attacks, while reducing manual processes and cost of security operations.
|
|
|
•
|
An expansive set of open APIs with over 100 certified technology partners creating the broadest ecosystem in cyber security, enabling a coordinated and best-in-class approach to threat protection, detection, and response.
|
In addition to our core product portfolio, Symantec offers enterprise security services including:
|
|
•
|
Consulting Services:
We provide the experience, expertise, and industry intelligence to assist enterprises to better architect, design, implement, and optimize their security software, people, and processes. Symantec consultants guide enterprises toward solutions that meet their business goals and leave them with the knowledge to maintain and enhance their security environment.
|
|
|
•
|
Premium Support Services:
Our premium support services for enterprises focus on timely and accurate issue resolution by placing a product family expert at the center of a tailored support experience, who provides technical support, manages escalations, delivers case and system reviews, oversees environmental health checks, and provides proactive services such as upgrade planning and feature optimization.
|
|
|
•
|
Cyber Security Services:
We provide continual threat monitoring, customized guidance, and 24x7 personalized service within an enterprise’s security environment through our Managed Security Services, Deep Sight Intelligence, and Incident Response Services.
|
Consumer Cyber Safety Portfolio
Our Consumer Cyber Safety solutions consist primarily of the following product offerings which are being integrated into a unified user experience under the Norton LifeLock brand:
|
|
•
|
Norton Security:
Our Norton Security solutions are available as a subscription service providing protection for devices against malware, viruses, adware, and ransomware on multiple platforms: Windows, Mac, Android, and iOS. Users also have access to a password manager, parental controls, and safe web browsing that blocks malicious sites and filters browser search results. Users also can perform secure cloud backups of photos, financial files, and other important documents on Windows, providing additional protection in the event ransomware attacks make these files unavailable. For mobile devices, Norton Security also filters risky apps, enables stolen device recovery, provides contact recovery, and blocks unwanted spam texts and calls. Norton Security includes 24x7 support by trained support agents who are available to assist customers.
|
|
|
•
|
LifeLock Identity Theft Protection:
Our LifeLock identity theft protection solution provides identity monitoring, alerts, and restoration to our customers. LifeLock puts users in control of their identity elements, including social security numbers, bank accounts, email addresses, physical addresses, and driver’s license and phone numbers. The service alerts users on key events and recommends actions to prevent unauthorized access. If an identity theft takes place, LifeLock’s identity experts work with the user to restore their identities, managing interaction with various governmental agencies, financial institutions, and merchants - and addressing legal fees, wage loss, and associated damages.
|
|
|
•
|
Norton Wi-Fi Privacy VPN:
Our Norton Wi-Fi Privacy VPN service offers a protected way to connect to the Internet, encrypting data users send over internet connections and enhancing levels of privacy online. With this service, users can confidently access private information such as passwords, bank details, and credit card numbers when using public Wi-Fi on PC, Mac, or mobile device without risk of compromise. Users can also connect globally to their favorite apps, websites, and online streaming by changing their virtual location. This service also limits the ability of websites to track users, thereby eliminating persistent personalized ads based on browsing history.
|
Sales and Go-to-Market Strategy
Our go-to-market network includes direct sales forces and broad e-commerce capabilities, as well as indirect sales resources that support our global partner ecosystem. We also maintain strategic relationships with a number of original equipment manufacturers (OEMs), Internet service providers (ISPs), global service integrators (GSIs), wireless carriers, and retail and online stores through which we market and sell our products.
Enterprise
We sell and market our products and services to large enterprises, including business, government, and public-sector customers, through our field sales force and reseller channels. Our field sales team leverages our global partner ecosystem, primarily targeting senior executives and IT department personnel responsible for managing a company’s highest-order IT and cyber security initiatives.
We also sell and market our products and services to small, medium, and large businesses through field sales and inside sales forces that leverage indirect sales partners around the world, who are specifically trained and certified to sell our solutions. These partners include national solution providers, regional solution providers, national account resellers, global/federal system integrators, and managed service providers.
Our enterprise products and services are also available on our e-commerce platform, as well as through authorized distributors, GSIs, and OEMs, who incorporate our technologies into their products, bundle our products with their offerings, or serve as authorized resellers of our products.
Consumer
We sell and market our consumer products and services to individuals, households, and small businesses globally. We bring these products to market through direct marketing and co-marketing programs supported by our e-commerce and tele-sales platforms. In addition, we utilize Internet-based resellers, system builders, ISPs, employee benefits providers, wireless carriers, retailers, and OEMs to distribute our offerings worldwide. We drive consumer business growth through global brand and demand campaigns, new customer acquisition, retention focused cross-selling, and customer success programs.
Research and Development
Symantec embraces a global research and development strategy to drive organic innovation and product integration across our portfolio. Our engineering and product management teams are focused on delivering new versions of existing product lines, as well as developing entirely new products and services to drive the company’s leadership in cyber security. We also have a technology research organization focused on short, medium, and longer-term applied research projects, with the goal of transferring completed innovations into our product groups for commercialization.
Symantec’s Security Technology and Response organization is a global team of security engineers, threat analysts, and researchers who provide the underlying functionality, content, and support for many of our solutions. These front-line security experts analyze threat telemetry collected through our vast cyber intelligence networks to protect our customers against current and emerging threats. Our research and development teams also leverage these vast data sets and insights to develop new technologies and approaches in order to improve security outcomes for our customers.
We believe that technical leadership is essential to our success, and we expect to continue to commit substantial resources to research and development.
Product and Technical Support
Symantec has support facilities throughout the world, staffed by technical product experts knowledgeable in the operating environments in which our products are deployed. Our support experts assist customers with both issue resolution and threat detection.
We provide Enterprise Security customers with various levels of technical support and customer success services. Our support program offers annual maintenance support contracts, including content, updates, and technical support. Our Essential Support includes: self-service options, assisted support delivered by telephone or electronically during contracted-for hours, immediate patches for severe problems, periodic software updates, and access to our technical knowledge base and frequently asked questions. Our Premium Support includes all Essential Support services with the addition of proactive health checks, assigned technical contacts, and other customer success activities.
Our Consumer Cyber Safety support includes self-help online services and phone, chat, and email support worldwide. Most of our Norton Security products come with automatic downloads of the latest virus definitions, application bug fixes, and patches, as well as a “Virus Protection Promise,” which in some markets provides free virus removal services to customers whose protected computers become infected. Our Consumer Cyber Safety service and support offerings come with 24x7x365 customer support, along with alert resolution, lost wallet protection, and restoration services during normal business hours.
Competition
Our markets are consolidating, highly competitive, and subject to rapid changes in technology. The competitive landscape has changed significantly over the past few years, with new competition arising. Some of the market growth has come from startups that focus on solving a particular issue or delivering a niche-oriented product, and from larger integration providers that increasingly seek to add to or extend their offerings. We focus on delivering comprehensive customer solutions, integrating across our broad product portfolio, and partnering with other technology providers to differentiate our offerings and platforms from the competition.
In addition to the competition we face from direct competitors, we face indirect or potential competition from retailers, application providers, operating system providers, network equipment manufacturers, and other OEMs who may provide various solutions and functions in their current and future offerings. We compete with these same parties to acquire technologies, products, or companies. We also compete with other software companies in our effort to place our products on the computer equipment sold to consumers and enterprises by OEMs. We compete for access to distribution channels and for spending at the retail level for our consumer offerings and in corporate accounts for our enterprise offerings.
Our Enterprise Security competitors vary by product category, geography, channel, and customer size:
|
|
•
|
Endpoint security competitors include McAfee LLC (McAfee), Microsoft, CrowdStrike, Inc., and Carbon Black, Inc., as well as several point-product competitors, freeware providers, and regional security companies.
|
|
|
•
|
Network security competitors include Palo Alto Networks Inc. (Palo Alto), FireEye Inc. (FireEye), Cisco Systems, Inc. (Cisco), McAfee, Forcepoint LLC (Forcepoint), and Zscaler, Inc., as well as other established and emerging companies.
|
|
|
•
|
Cloud security competitors include Cisco, McAfee, Microsoft, and Netskope, Inc., as well as other established and emerging companies. We expect additional competition as the market for security-as-a-service continues to develop and expand.
|
|
|
•
|
Email security competitors include Proofpoint, Inc. and Microsoft.
|
|
|
•
|
Advanced threat protection competitors include McAfee, Palo Alto, FireEye, International Business Machines Corporation (IBM), and Dell EMC, as well as Niksun Inc. and Trend Micro Inc. (Trend Micro). As new IT budgets are created to address next-generation threats, we expect to compete with additional specialized vendors, as well as larger vendors that may continue to acquire or bundle their products.
|
|
|
•
|
Information protection competitors include RSA (a Dell Technologies business), McAfee, Forcepoint, Digital Guardian, Inc., and Microsoft.
|
|
|
•
|
Cyber security services and managed security services competitors include FireEye, IBM, and SecureWorks Corporation, as well as other additional established and emerging companies.
|
Our Consumer Cyber Safety competitors vary by product category, geography, and channel. Norton Security competitors include Avast Software s.r.o., McAfee, Microsoft, and Trend Micro. Consumer backup product competitors include Carbonite, Inc. LifeLock identity theft protection competitors include credit bureaus Experian PLC, Equifax Inc., and TransUnion, as well as others including Affinion Group, Inc., Anchor Free, Inc., Credit Karma, Inc., and Intersections, Inc.
We believe that the principal competitive factors necessary to be successful in our industry include product quality and effectiveness, time-to-market, price, reputation, financial stability, breadth of product offerings, customer support, brand recognition, and effective sales and marketing efforts.
Intellectual Property
Protective measures
Our intellectual property is an important and vital asset of the company that enables us to develop, market, and sell our products and services and enhance our competitive position. Intellectual property includes our proprietary business and technical know-how, inventions, works of authorship, and confidential information. To protect our intellectual property, we rely primarily upon legal rights in trade secrets, patents, copyrights, and trademarks, in addition to company policies and procedures, security practices, contracts, and relevant operational measures.
We protect the confidentiality of proprietary information by entering into non-disclosure agreements with our employees, contractors, and channel and business partners, and we enter into license agreements with respect to our software and proprietary information that include confidentiality terms. These agreements are generally non-transferable and have either a perpetual or time-limited term. We also publish company policies on trade secret protection and employ access controls and associated security measures to protect our facilities, equipment, and networks.
Patents, copyrights, trademarks, and licenses
We maintain an internal patent program with the objective of identifying inventions that provide the basis for new patent applications in areas of importance to our business. We have approximately 2,345 U.S. patents, in addition to foreign patents and pending U.S. and foreign patent applications, which relate to inventive aspects of our products and technology. The duration of our patents is determined by the laws of the issuing country. In the U.S., this is typically twenty years from the date of filing of the priority patent application resulting in the patent, which we believe is adequate relative to expected product lifecycles.
Our products, particularly our software and related documentation, are protected under U.S. and international copyright laws and laws related to the protection of intellectual property and proprietary rights. We employ procedures to label copyrightable works with the appropriate proprietary rights notices, and we actively enforce these rights in the U.S. and abroad. However, these measures may not provide adequate protection, and our intellectual property rights may be challenged.
Symantec, Norton, LifeLock, and associated logos, including the checkmark in a circle logo, are trademarks or registered trademarks of the company in the U.S. and other countries in which we conduct business. In addition, we have used, registered, or applied to register other trademarks and service marks to help distinguish our products and services from those of our competitors. We actively enforce our trademark, service mark, and trade name rights in the U.S. and abroad based on our rights under common law, and various U.S. and foreign laws and regulations, as well as rights under international treaties and conventions. The duration of our trademark registrations varies from country to country. In the U.S., we are generally able to maintain our trademark rights and renew trademark registrations for as long as the trademarks are in use.
In limited cases, we license intellectual property from third parties for use in our products and generally must rely on those third parties to protect the licensed rights. This can include open source software which is not subject to proprietary rights protection. While the ability to maintain and protect our intellectual property rights is important to our success, we believe our business is not materially dependent on any individual patent, copyright, trademark, trade secret, license, or other intellectual property right.
Seasonality
As is typical for many technology companies, our business is subject to seasonality. See our quarterly results of operations in “
Selected Quarterly Financial Data (Unaudited)” included in Part II, Item 8 of this Annual Report on Form 10-K.
Corporate Responsibility
Our annual Corporate Responsibility Report can be found via the Symantec website at https://www.symantec.com/about/corporate-responsibility. The information contained, or referred to, on our website, including our Corporate Responsibility Report, is not part of this annual report unless expressly noted.
Employees
As of
March 29, 2019
, we employed more than 11,900 people worldwide.
Available information
Our Internet home page is located at www.symantec.com. We make available free of charge our annual reports on Form 10-K, quarterly reports on Form 10-Q, current reports on Form 8-K, and amendments to those reports as soon as reasonably practicable after we electronically file such material with the Securities and Exchange Commission (SEC) on our investor relations website located at www.symantec.com/invest. The information contained, or referred to, on our website is not part of this annual report unless expressly noted. The SEC maintains a website that contains reports, proxy and information statements, and other information regarding our filings at http://www.sec.gov.
Item 1A.
Risk Factors
A description of the risk factors associated with our business is set forth below. The list is not exhaustive, and you should carefully consider these risks and uncertainties before investing in our common stock.
A decrease in demand for our solutions could adversely affect our financial results.
We are subject to fluctuations in demand for our solutions due to a variety of factors, including market transitions, general economic conditions, competition, product obsolescence, technological change, shifts in buying patterns, the timing and duration of hardware refresh cycles, financial difficulties and budget constraints of our current and potential customers, public awareness of security threats to IT systems, and other factors. While such factors may, in some periods, increase product sales, fluctuations in demand can also negatively impact our sales. If demand for our solutions declines, whether due to general economic conditions, a shift in buying patterns or otherwise, our revenues and margins would likely be adversely affected.
Fluctuations in our quarterly financial results have affected the trading price of our outstanding securities in the past and could affect the trading price of our outstanding securities in the future.
Our quarterly financial results have fluctuated in the past and are likely to vary in the future due to a number of factors, many of which are outside of our control. If our quarterly financial results or our predictions of future financial results fail to meet our expectations or the expectations of securities analysts and investors, the trading price of our outstanding securities could be negatively affected. Volatility in our quarterly financial results may make it more difficult for us to raise capital in the future or
pursue acquisitions. Our operating results for prior periods may not be effective predictors of our future performance.
Factors associated with our industry, the operation of our business, and the markets for our solutions may cause our quarterly financial results to fluctuate, including but not limited to:
|
|
•
|
Fluctuations in our revenue due to the transition of our sales contracts to a higher mix of products subject to ratable versus point-in-time revenue recognition;
|
|
|
•
|
Fluctuations in demand for our solutions;
|
|
|
•
|
Entry of new competition into our markets;
|
|
|
•
|
Our ability to achieve targeted operating income and margins and revenues;
|
|
|
•
|
Competitive pricing pressure for one or more of our classes of our solutions;
|
|
|
•
|
Our ability to timely complete the release of new or enhanced versions of our solutions;
|
|
|
•
|
The number, severity, and timing of threat outbreaks (e.g. worms, viruses, malware, ransomware, and other malicious threats) and cyber security incidents (e.g., large scale data breaches);
|
|
|
•
|
Our resellers making a substantial portion of their purchases near the end of each quarter;
|
|
|
•
|
Customers’ tendency to negotiate licenses and other agreements near the end of each quarter;
|
|
|
•
|
Cancellation, deferral, or limitation of orders by customers;
|
|
|
•
|
Loss of customers or strategic partners;
|
|
|
•
|
Changes in the mix or type of products and subscriptions sold and changes in the renewal rates for our subscriptions;
|
|
|
•
|
The rate of adoption of new technologies, new releases of operating systems, and new business processes;
|
|
|
•
|
Consumer confidence and spending changes, which could be impacted by market changes and general economic conditions, among other reasons;
|
|
|
•
|
Political and military instability caused by war or other events, which could slow spending within our target markets, delay sales cycles, and otherwise adversely affect our ability to generate revenues and operate effectively;
|
|
|
•
|
The timing, rate and pricing of customer purchases to replace older versions of our hardware products that have reached end of life;
|
|
|
•
|
The impact of litigation, regulatory inquiries, or investigations;
|
|
|
•
|
The timing and extent of significant restructuring charges;
|
|
|
•
|
The impact of acquisitions and our ability to achieve expected synergies;
|
|
|
•
|
Disruptions in our business operations or target markets caused by, among other things, terrorism or other intentional acts, outbreaks of disease, or earthquakes, floods, or other natural disasters;
|
|
|
•
|
Fluctuations in foreign currency exchange rates;
|
|
|
•
|
Movements in interest rates; and
|
|
|
•
|
Changes in tax laws, rules, and regulations.
|
Any of the foregoing factors could cause the trading price of our outstanding securities to fluctuate significantly.
Our business depends on customers renewing their arrangements for maintenance, subscriptions, managed security services, and cloud-based (cloud) offerings.
A large portion of our Enterprise Security revenue is derived from arrangements for maintenance, subscriptions, managed security services, and cloud offerings, yet customers have no contractual obligation to purchase additional solutions after the initial subscription or contract period. In particular, term-based license subscriptions and cloud-based products are increasing as
a percentage of our total revenues. While we believe our customers’ renewal rates, in general, have been relatively stable in recent periods, customer retention and renewal rates may decline or fluctuate as a result of a number of factors, including our customers’ level of satisfaction with our solutions or our customer support, customer budgets, and the pricing of our solutions compared with the solutions offered by our competitors, any of which may cause our revenue to grow more slowly than expected, or to decline. Accordingly, we must invest significant time and resources in providing ongoing value to our customers. If these efforts fail, if our customers do not renew for other reasons, or if our customers renew on terms less favorable to us, our revenue may decline, and our business will suffer.
If we are unable to develop new and enhanced solutions that achieve widespread market acceptance, or if we are unable to continually improve the performance, features, and reliability of our existing solutions or adapt our business model to keep pace with industry trends, our competitive position may weaken, and our business and operating results could be adversely affected.
Our future success depends on our ability to effectively respond to the rapidly changing needs of our customers, as well as competitive technological developments and industry changes, by developing or introducing new and enhanced solutions on a timely basis.
We have in the past incurred, and will continue to incur, significant research and development expenses as we strive to remain competitive.
If we are unable to anticipate or react to competitive challenges or if existing or new competitors gain market share in any of our markets, our competitive position could weaken, and we could experience a decline in our sales that could adversely affect our business and operating results.
Additionally, we must continually address the challenges of dynamic and accelerating market trends and competitive developments, such as the emergence of advanced persistent threats in the security space, the continued volatility in the PC market, the market shift towards mobility, and the increasing transition towards subscription and cloud-based solutions, all of which continue to make it more difficult for us to compete effectively. For example, although we have been investing heavily in solutions that address the cloud security market, we cannot be certain that it will develop at a rate or in the manner we expect or that we will be able to compete successfully with new entrants or more established competitors. Customers may require features and capabilities that our current solutions do not have. Our failure to develop new solutions and improve our existing solutions that satisfy customer preferences and effectively compete with other market offerings
in a timely and cost-effective manner may harm our ability to renew our subscriptions with existing customers and to create or increase demand for our solutions, which may adversely impact our operating results. The development and introduction of new solutions involves a significant commitment of time and resources and are subject to a number of risks and challenges including but not limited to:
|
|
•
|
Lengthy development cycles;
|
|
|
•
|
Evolving industry standards and technological developments by our competitors and customers;
|
|
|
•
|
Evolving platforms, operating systems, and hardware products, such as mobile devices, and related product and service interoperability challenges;
|
|
|
•
|
Entering into new or unproven markets;
|
|
|
•
|
Executing new product and service strategies;
|
|
|
•
|
Trade compliance difficulties;
|
|
|
•
|
Developing or expanding efficient sales channels; and
|
|
|
•
|
Obtaining sufficient licenses to technology and technical access to operating system software.
|
If we are not successful in managing these risks and challenges, or if our new or improved solutions are not technologically competitive or do not achieve market acceptance, our business and operating results could be adversely affected.
If we are unable to attract and retain qualified employees, lose key personnel, fail to integrate replacement personnel successfully, or fail to manage our employee base effectively, we may be unable to develop new and enhanced solutions, effectively manage or expand our business, or increase our revenues.
Our future success depends upon our ability to recruit and retain key management, technical (including cyber-security experts), sales, marketing, finance, and other personnel. Our officers and other key personnel are employees-at-will and we generally do not have employment or non-compete agreements with our employees, and we cannot assure you that we will be able to retain them. Competition for people with the specific skills that we require is significant, especially in and around our headquarters in the Silicon Valley, and we face difficulties in attracting, retaining, and motivating employees as a result. In order to attract and retain personnel in a competitive marketplace, we must provide competitive pay packages, including cash and equity-based compensation. Additionally, changes in immigration laws could impair our ability to attract and retain highly qualified employees. If we fail to attract new personnel or fail to retain and motivate our current personnel, our business, results of operations and future growth prospects could suffer. The volatility in our stock price may from time to time adversely affect our ability to recruit or retain employees. In addition, we may be unable to obtain required stockholder approvals of future increases in the number of shares required for issuance under our equity compensation plans. As a result, we may issue fewer equity-based incentives and may be impaired in our efforts to attract and retain necessary personnel. If we are unable to hire and retain qualified employees, or conversely, if we fail to manage employee performance or reduce staffing levels when required by market conditions, our business and operating results could be adversely affected.
Effective succession planning is also important to our long-term success. Failure to ensure effective transfer of knowledge and smooth transitions involving key employees could hinder our strategic planning and execution. From time to time, key personnel leave our company and the frequency and number of such departures has widely varied and have resulted in significant changes to our executive leadership team. For example, we are initiating a Chief Executive Officer transition process, and appointed an interim President and Chief Executive Officer. Additionally, our Chief Operating Officer resigned in November 2018 and, as previously disclosed, our Chief Financial Officer is stepping down and is being replaced by a new Chief Financial Officer as of the date hereof. Although we strive to reduce the negative impact of changes in our leadership, the loss of any key employee could result in significant disruptions to our operations, including adversely affecting the timeliness of product releases, the successful implementation and completion of company initiatives, the effectiveness of our disclosure controls and procedures, our internal control over financial reporting, and our results of operations. In addition, hiring, training, and successfully integrating replacement sales and other personnel could be time consuming and expensive, may cause additional disruptions to our operations, and may be unsuccessful, which could negatively impact future financial results.
We operate in a highly competitive environment, and our competitors may gain market share in the markets for our solutions that could adversely affect our business and cause our revenues to decline.
We operate in intensely competitive markets that experience rapid technological developments, changes in industry standards, changes in customer requirements, and frequent new product introductions and improvements. If we are unable to anticipate or react to these competitive challenges, or if existing or new competitors gain market share in any of our markets, our competitive position could weaken, and we could experience a decline in our sales that could adversely affect our business and operating results. To compete successfully, we must maintain an innovative research and development effort to develop new solutions and enhance our existing solutions, effectively adapt to changes in the technology or product rights held by our competitors, appropriately respond to competitive strategies, and effectively adapt to technological changes and changes in the ways that our information is accessed, used, and stored by our customers. If we are unsuccessful in responding to our competitors or to changing technological and customer demands, our competitive position and our financial results could be adversely affected.
Our competitors include software and cloud-based vendors that offer solutions that directly compete with our offerings. In addition to competing with these vendors directly for sales to end-users of our solutions, we compete with them for the opportunity to have our solutions bundled with the offerings of our strategic partners, such as computer hardware original equipment manufacturers (OEMs) and internet service providers (ISPs). Our competitors could gain market share from us if any of these strategic partners replace our solutions with those of our competitors or if these partners more actively promote our competitors’ solutions than our own. In addition, software and cloud-based vendors who have bundled our solutions with theirs may choose to bundle their solutions with their own or other vendors’ solutions or may limit our access to standard interfaces and inhibit our ability to develop solutions for their platform. In the future, further product development by these vendors could cause our solutions to become redundant, which could significantly impact our sales and financial results.
We face growing competition from network equipment, computer hardware manufacturers, large operating system providers, and other technology companies, as well as from companies in the identity threat protection space such as credit bureaus. Many of these competitors are increasingly developing and incorporating into their products data protection software that competes at some levels with our offerings. Our competitive position could be adversely affected to the extent that our customers perceive the functionality incorporated into these products as replacing the need for our solutions.
Security protection is also offered by some of our competitors at prices lower than our prices or, in some cases is offered free of charge. Some companies offer lower-priced or free security products within their computer hardware or software products. Our competitive position could be adversely affected to the extent that our customers perceive these lower cost or free security products as replacing the need for more effective, full featured solutions, such as those that we provide. The expansion of these competitive trends could have a significant negative impact on our sales and operating results by causing, among other things, price reductions of our solutions, reduced profitability, and loss of market share.
Many of our competitors have greater financial, technical, sales, marketing, or other resources than we do and consequently, may have the ability to influence customers to purchase their products instead of ours. Further consolidation within our industry or other changes in the competitive environment could result in larger competitors that compete with us on several levels. We also face competition from many smaller companies that specialize in particular segments of the markets in which we compete.
Our cloud offerings present execution and competitive risks.
Our cloud offerings are critical to our business. Our competitors are rapidly developing and deploying cloud offerings for consumers and business customers. Pricing and delivery models are evolving. Devices and form factors influence how users access services in the cloud. We have made and are continuing to make significant investments in, and devoting significant resources to develop and deploy, our own cloud strategies. We cannot assure you that our ongoing investments in and development of our cloud infrastructure and related cloud offerings will achieve the expected returns for us or that we will be able to compete successfully in the marketplace. In addition to software development costs, we are incurring significant costs to build, execute upon, and maintain the infrastructure needed to support our cloud offerings. These costs may reduce the operating margins we have previously achieved. Whether we are successful in this business model depends on our execution in a number of areas, including:
|
|
•
|
Continuing to innovate and bring to market compelling cloud-based solutions that generate increasing traffic and market share; and
|
|
|
•
|
Ensuring that our cloud offerings meet the reliability expectations of our customers and maintain the security of their data.
|
We invest in research and development activities in both the short and long term, and these investments may achieve delayed, or lower than expected, benefits which could harm our operating results.
While we continue to focus on managing our costs and expenses, we also continue to invest significantly in research and development activities, in both the short and long term, as we focus on organic growth through internal innovation in each of our business segments. We believe that we must continue to dedicate a significant amount of resources to our research and development efforts to maintain our competitive position, and that the level of these investments will increase in future periods. We recognize the costs associated with these research and development investments earlier than the anticipated benefits, and the return on these investments may be lower, or may develop more slowly, than we expect. If we do not achieve the benefits anticipated from these investments, or if the achievement of these benefits is delayed, our operating results may be adversely affected.
Changes in industry structure and market conditions could lead to charges related to discontinuance of certain of our products or businesses and asset impairments.
In response to changes in industry structure and market conditions, we may be required to strategically reallocate our resources and consider restructuring, disposing of, or otherwise exiting certain businesses. Any decision to limit investment in or dispose of or otherwise exit businesses may result in the recording of special charges, such as inventory and technology-related write-offs, workforce reduction costs, charges relating to consolidation of excess facilities, or claims from third parties who were resellers or users of discontinued products. Our estimates with respect to the useful life or ultimate recoverability of our carrying basis of assets, including purchased intangible assets, could change as a result of such assessments and decisions. Although in certain instances our supply agreements allow us the option to cancel, reschedule, and adjust our requirements based on our business needs prior to firm orders being placed, our loss contingencies may include liabilities for contracts that we cannot cancel, reschedule or adjust with contract manufacturers and suppliers.
Further, our estimates relating to the liabilities for excess facilities are affected by changes in real estate market conditions. Additionally, we are required to evaluate goodwill impairment on an annual basis and between annual evaluations in certain circumstances, and future goodwill impairment evaluations may result in a charge to earnings.
Matters relating to or arising from our completed Audit Committee Investigation, including regulatory investigations and proceedings, litigation matters, and potential additional expenses, may adversely affect our business and results of operations.
As previously disclosed in our public filings, the Audit Committee completed its internal investigation in September 2018. In connection with the Audit Committee Investigation, we voluntarily contacted the SEC. The SEC commenced a formal investigation, and we continue to cooperate with that investigation. The outcome of such an investigation is difficult to predict. If the SEC commences legal action, we could be required to pay significant penalties and become subject to injunctions, a cease and desist order, and other equitable remedies. We can provide no assurances as to the outcome of any governmental investigation.
We have incurred, and will continue to incur, significant expenses related to legal and other professional services in connection with the ongoing SEC investigation, which may continue to adversely affect our business and financial condition. In addition, securities class actions and other lawsuits have been filed against us, our directors, and officers (see also, “We are subject to pending securities class action and stockholder derivative legal proceedings . . .” below). The outcome of the securities class actions and other litigation and regulatory proceedings or government enforcement actions is difficult to predict, and the cost to defend, settle, or otherwise resolve these matters may be significant. Plaintiffs or regulatory agencies or authorities in these matters may seek recovery of very large or indeterminate amounts or seek to impose sanctions, including significant monetary penalties. The monetary and other impact of these litigations, proceedings, or actions may remain unknown for substantial periods of time. Further, an unfavorable resolution of litigations, proceedings or actions could have a material adverse effect on our business, financial condition, and results of operations and cash flows. Any future investigations or additional lawsuits may also adversely affect our business, financial condition, results of operations, and cash flows.
We are subject to pending securities class action and stockholder derivative legal proceedings that may adversely affect our business.
Several securities class action and purported derivative lawsuits have been filed against us arising out of the announcement of the Audit Committee Investigation. In addition, we have received demands from purported stockholders to inspect corporate books and records under Delaware law. No specific amounts of damages have been alleged in these lawsuits. We will continue to incur legal fees in connection with these pending cases, including expenses for the reimbursement of legal fees of present and former officers and directors under indemnification obligations. The expense of continuing to defend such litigation may be significant. We intend to defend these lawsuits vigorously, but there can be no assurance that we will be successful in any defense. If any of the lawsuits related to our Audit Committee Investigation are decided adversely, we may be liable for significant damages directly or under our indemnification obligations, which could adversely affect our business, results of operations and cash flows. Further, the amount of time that will be required to resolve these lawsuits is unpredictable, and these actions may divert management’s attention from the day-to-day operations of our business, which could further adversely affect our business, results of operations, and cash flows.
The delayed filing of some of our periodic SEC reports has made us currently ineligible to use a registration statement on Form S-3 to register the offer and sale of securities, which could adversely affect our ability to raise future capital or complete acquisitions.
As a result of the delayed filing of some of our periodic reports with the SEC in connection with the completed Audit Committee Investigation, we will not be eligible to register the offer and sale of our securities using a registration statement on Form S-3 until December 2019, at the earliest. Registering the offer and sale of our securities prior to the time we are eligible to use Form S-3 may increase our transaction costs, and the amount of time required to complete the transaction could increase, making it more difficult to execute any such transaction successfully and potentially harming our financial condition.
Our indemnification obligations and limitations of our director and officer liability insurance may have a material adverse effect on our financial condition, results of operations, and cash flows.
Under Delaware law, our certificate of incorporation, our bylaws, and certain indemnification agreements to which we are a party, we have an obligation to indemnify, or we have otherwise agreed to indemnify, certain of our current and former directors and officers with respect to past, current, and future investigations and litigation.
The scope of our indemnification obligations may be broader than the coverage available under our directors’ and officers’ liability insurance, or there may be insufficient coverage available. Further, in the event the directors and officers are ultimately determined not to be entitled to indemnification, we may not be able to recover any amounts we previously advanced to them.
We cannot provide any assurances that future indemnification claims, including the cost of fees, penalties or other expenses, will not exceed the limits of our insurance policies, that such claims are covered by the terms of our insurance policies or that our insurance carrier will be able to cover such claims. Further, should a coverage dispute arise, we may also incur significant expenses in relation to litigating or attempting to resolve any such dispute. Accordingly, we may incur significant unreimbursed costs to satisfy our indemnification obligations, which may have a material adverse effect on our financial condition, results of operations or cash flows.
We may need to change our pricing models to compete successfully.
The intense competition we face, in addition to general and economic business conditions, can put pressure on us to change our prices. If our competitors offer deep discounts on certain solutions or develop products or support offerings that the marketplace considers more valuable, we may need to lower prices or offer other favorable terms in order to compete successfully. Any such changes may reduce margins and could adversely affect our operating results.
In addition, a weakening of economic conditions or significant uncertainty regarding the stability of financial markets could adversely impact our business, financial condition, and operating results in a number of ways. Impacts could include longer sales cycles, pressure to lower prices for our solutions, a reduction in the rate of adoption of our solutions by new customers, and a lower rate of current customers purchasing upgrades to our current solutions.
Any broad-based change to our prices and pricing policies could cause our revenues to decline or be delayed as our sales force implements and our customers adjust to the new pricing policies. We or our competitors may bundle solutions for promotional purposes or as a long-term go-to-market or pricing strategy or provide guarantees of prices. These practices could, over time, significantly constrain the prices that we can charge for certain of our offerings.
Defects, disruptions or risks related to our cloud offerings could impair our ability to deliver our services and could expose us to liability, damage our brand and reputation, or otherwise negatively impact our business.
Our cloud offerings may contain errors or defects that users identify after they begin using them that could result in unanticipated service interruptions, which could harm our reputation and our business. Since our customers use our cloud offerings for mission-critical protection from threats to electronic information, endpoint devices, and computer networks, any errors, defects, disruptions in service or other performance problems with our cloud offerings could significantly harm our reputation and may damage our customers’ businesses. If any such performance problems occur, customers could elect not to renew, or delay or withhold payment to us, we could lose future sales or customers may make warranty or other claims against us, which could result in an increase in our provision for doubtful accounts or warranty, an increase in collection cycles for accounts receivable or the expense and risk of litigation.
We currently serve our cloud-based customers from hosting facilities, including third-party hosting facilities, located across the globe. Damage to, or failure of, any significant element of these hosting facilities could result in interruptions in our service, which could harm our customers and expose us to liability.
The occurrence of a natural disaster or an act of terrorism, a decision to close the facilities without adequate notice or other unanticipated problems could result in lengthy interruptions in the delivery of our solutions.
Global climate change may result in certain natural disasters occurring more frequently or with greater intensity, such as drought, wildfires, storms, sea-level rise, and flooding. Interruptions or failures in our service delivery could cause customers to terminate their subscriptions with us, could adversely affect our renewal rates, and could harm our ability to attract new customers. Our business would also be harmed if our customers believe that our cloud offerings are unreliable.
Our solutions are complex and operate in a wide variety of environments, systems, applications, and configurations, which could result in failures of our solutions to function as designed.
Because we offer very complex solutions, undetected errors, failures or bugs may occur, especially when solutions are first introduced or when new versions are released. Our products are often installed and used in large-scale computing environments with different operating systems, system management software, and equipment and networking configurations, which may cause errors or failures in our solutions or may expose undetected errors, failures, or bugs in our solutions. Our customers’
computing environments are often characterized by a wide variety of standard and non-standard configurations that make pre-release testing for programming or compatibility errors very difficult and time-consuming. In addition, despite testing by us and others, errors, failures, or bugs may not be found in new solutions or releases until after they are delivered to customers. In the past, we have discovered software errors, failures, and bugs in certain of our solutions after their introduction and, in some cases, have experienced delayed or lost revenues as a result of these errors.
Errors, failures, or bugs in solutions released by us could result in negative publicity, damage to our brand and reputation, returns, loss of or delay in market acceptance of our products, loss of competitive position, or claims by customers or others. Many of our end-user customers use our solutions in applications that are critical to their businesses and may have a greater sensitivity to defects in our solutions than to defects in other, less critical, software products. In addition, if an actual or perceived breach of information integrity, security, or availability occurs in one of our end-user customer’s systems, regardless of whether the breach is attributable to our products, the market perception of the effectiveness of our solutions could be harmed. Alleviating any of these problems could require significant expenditures, our capital, and other resources and could cause interruptions, delays, or cessation of our licensing, which could cause us to lose existing or potential customers and could adversely affect our operating results.
Our products, solutions, cloud offerings, systems, and website may be subject to intentional disruption that could adversely impact our reputation and future sales.
Despite our precautions and significant ongoing investments to protect against security risks, data protection breaches, cyber-attacks, and other intentional disruptions of our solutions, we expect to be an ongoing target of attacks specifically designed to impede the performance and availability of our offerings and harm our reputation as a company. Similarly, experienced computer programmers or other sophisticated individuals or entities, including malicious hackers, state-sponsored organizations, and insider threats including actions by employees and third-party service providers, may attempt to penetrate our network security or the security of our systems and websites and misappropriate proprietary information or cause interruptions of our services, including the operation of our global civilian cyber intelligence threat network. Such attempts are increasing in number and in technical sophistication, and if successful could expose us and the affected parties, to risk of loss or misuse of proprietary or confidential information or disruptions of our business operations. While we invest and devote significant resources to maintain and continually enhance and update our methods to detect and alert us to such breaches, attacks, and disruptions, these efforts may not be sufficient, even with rapid detection, to prevent the damage such a breach of our products, solutions, cloud offerings, systems, and websites may cause.
Our inability to successfully recover from a disaster or other business continuity event could impair our ability to deliver our products and services and harm our business.
We are heavily reliant on our technology and infrastructure to provide our products and services to our customers. For example, we host many of our products using third-party data center facilities, and we do not control the operation of these facilities. These facilities are vulnerable to damage, interruption, or performance problems from earthquakes, hurricanes, floods, fires, power loss, telecommunications failures, and similar events. They are also subject to break-ins, computer viruses, sabotage, intentional acts of vandalism, and other misconduct. The occurrence of a natural disaster or an act of terrorism, a decision to close the facilities without adequate notice or other unanticipated problems could result in lengthy interruptions in the delivery of our products and services.
Furthermore, our business administration, human resources, and finance services depend on the proper functioning of our computer, telecommunication, and other related systems and operations. A disruption or failure of these systems or operations because of a disaster or other business continuity event could cause data to be lost or otherwise delay our ability to complete sales and provide the highest level of service to our customers. In addition, we could have difficulty producing accurate financial statements on a timely basis, and deficiencies may arise in our internal control over financial reporting, which may impact our ability to certify our financial results, all of which could adversely affect the trading value of our stock. Although we endeavor to ensure there is redundancy in these systems and that they are regularly backed-up, there are no assurances that data recovery in the event of a disaster would be effective or occur in an efficient manner, including the operation of our global civilian cyber intelligence threat network.
If these systems or their functionality do not operate as we expect them to, we may be required to expend significant resources to make corrections or find alternative sources for performing these functions.
Any errors, defects, disruptions, or other performance problems with our products and services could harm our reputation and may damage our customers’ businesses. For example, we may experience disruptions, outages, and other performance problems due to a variety of factors, including infrastructure changes, human or software errors, capacity constraints due to an overwhelming number of users accessing our websites simultaneously, fraud, or security attacks. In some instances, we may not be able to identify the cause or causes of these performance problems within an acceptable period of time. Interruptions in our products and services, including the operation of our global civilian cyber intelligence threat network, could impact our revenues or cause customers to cease doing business with us. In addition, our business would be harmed if any of the events of this nature caused our customers and potential customers to believe our services are unreliable. Our operations are dependent upon our ability to protect our technology infrastructure against damage from business continuity events that could have a significant disruptive effect on our operations. We could potentially lose customer data or experience material adverse interruptions to our operations or delivery of services to our clients in a disaster recovery scenario.
We collect, use, disclose, store, or otherwise process personal information, which subjects us to privacy and data security laws and contractual commitments, and our actual or perceived failure to comply with such laws and commitments could harm our business.
We collect, use, store or disclose (collectively, process) an increasingly large amount of personal information, including from employees and customers, in connection with the operation of our business, particularly in relation to our identity and information protection offerings. We process an increasingly high volume, variety, and velocity of personal information as a result of our identity and information protection offerings that rely on large data repositories of personal information and consumer transactions. The personal information we process is subject to an increasing number of federal, state, local, and foreign laws regarding privacy and data security, as well as contractual commitments. Any failure or perceived failure by us to comply with such obligations may result in governmental enforcement actions, fines, litigation, or public statements against us by consumer advocacy groups or others and could cause our customers to lose trust in us, which could have an adverse effect on our reputation and business.
Additionally, changes to applicable privacy or data security laws could impact how we process personal information and therefore limit the effectiveness of our solutions or our ability to develop new solutions.
For example, the European Union General Data Protection Regulation imposes more stringent data protection requirements and provides for greater penalties for noncompliance of up to the greater of €20 million or four percent of worldwide annual revenues.
Data protection legislation is also becoming increasingly common in the U.S. at both the federal and state level. For example, in June 2018, the State of California enacted the California Consumer Privacy Act of 2018 (the CCPA), which will come into effect on January 1, 2020. The CCPA requires companies that process information on California residents to make new disclosures to consumers about their data collection, use, and sharing practices, allows consumers to opt out of certain data sharing with third parties, and provides a new cause of action for data breaches. However, California legislators have stated that they intend to propose amendments to the CCPA, and it remains unclear what, if any, modifications will be made to the CCPA or how it will be interpreted. Additionally, the Federal Trade Commission (the FTC) and many state attorneys general are interpreting federal and state consumer protection laws to impose standards for the online collection, use, dissemination, and security of data. The burdens imposed by the CCPA and other similar laws that may be enacted at the federal and state level may require us to modify our data processing practices and policies and to incur substantial expenditures in order to comply.
Global privacy and data protection legislation, enforcement, and policy activity are rapidly expanding and evolving, and may be inconsistent from jurisdiction to jurisdiction.
We may be or become subject to data localization laws mandating that data collected in a foreign country be processed and stored only within that country. If any country in which we have customers were to adopt a data localization law, we could be required to expand our data storage facilities there or build new ones in order to comply. The expenditure this would require, as well as costs of compliance generally, could harm our financial condition.
Additionally, third parties with whom we work, such as vendors or developers, may violate applicable laws or our policies and such violations can place personal information of our customers at risk. In addition, o
ur customers may also accidentally disclose their passwords or store them on a device that is lost or stolen, creating the perception that our systems are not secure against third-party access.
This could have an adverse effect on our reputation and business. In addition, such third parties could be the target of cyberattack and other data breaches which could impact our systems or our customers’ records.
Our acquisitions and divestitures create special risks and challenges that could adversely affect our financial results.
As part of our business strategy, we may acquire or divest businesses or assets. These activities can involve a number of risks and challenges, including:
|
|
•
|
Complexity, time, and costs associated with managing these transactions, including the integration of acquired business operations, workforce, products, IT systems, and technologies;
|
|
|
•
|
Diversion of management time and attention;
|
|
|
•
|
Loss or termination of employees, including costs associated with the termination or replacement of those employees;
|
|
|
•
|
Assumption of liabilities of the acquired business or assets, including pending or future litigation, investigations or claims related to the acquired business or assets;
|
|
|
•
|
The addition of acquisition-related debt;
|
|
|
•
|
Increased or unexpected costs and working capital requirements;
|
|
|
•
|
Dilution of stock ownership of existing stockholders;
|
|
|
•
|
Unanticipated delays or failure to meet contractual obligations; and
|
|
|
•
|
Substantial accounting charges for acquisition-related costs, amortization of intangible assets, and higher levels of stock-based compensation expense.
|
We have invested and continue to invest and devote significant resources in the integration of businesses we acquire. The success of each acquisition depends in part on our ability to realize the anticipated business opportunities, including certain cost savings and operational efficiencies or synergies and growth prospects from integrating these businesses in an efficient and effective manner. If integration of our acquired businesses is not successful, we may not realize the potential benefits of an acquisition or suffer other adverse effects. To integrate acquired businesses, we must integrate and manage the personnel and
business systems of the acquired operations. We also must effectively integrate the different cultures of acquired business organizations into our own in a way that aligns various interests and we may need to enter new markets in which we have no or limited experience and where competitors in such markets have stronger market positions. Moreover, to be successful, large complex acquisitions depend on large-scale product, technology, and sales force integrations that are difficult to complete on a timely basis or at all and may be more susceptible to the special risks and challenges described above.
In addition, we have in the past, and may in the future, divest businesses, product lines, or assets. Such initiatives may require significant separation activities that could result in the diversion of management’s time and attention, loss of employees, substantial separation costs, and accounting charges for asset impairments.
Any of the foregoing, and other factors, could harm our ability to achieve anticipated levels of profitability or other financial benefits from our acquired or divested businesses, product lines or assets or to realize other anticipated benefits of divestitures or acquisitions.
If we fail to manage our sales and distribution channels effectively, or if our partners choose not to market and sell our solutions to their customers, our operating results could be adversely affected.
We sell our solutions to customers around the world through multi-tiered sales and distribution networks.
Sales through these different channels involve distinct risks, including the following:
Direct Sales
. A portion of our revenues from enterprise products is derived from sales by our direct sales force to end-users. Risks associated with direct sales include:
|
|
•
|
Longer sales cycles associated with direct sales efforts;
|
|
|
•
|
Difficulty in hiring, retaining, and motivating our direct sales force, particularly through periods of transition in our organization;
|
|
|
•
|
Substantial amounts of training for sales representatives to become productive in selling our solutions, including regular updates to
our products, and associated delays and difficulties in recognizing the expected benefits of investments in new products and updates;
|
|
|
•
|
Increased administrative costs in processing orders and increased credit risk in pursuing payment from each end user; and
|
|
|
•
|
Increased responsibility for custom and export activities that may result in added costs.
|
Indirect Sales Channels
. A portion of our revenues is derived from sales through indirect channels, including, but not limited to, distributors that sell our products to end-users and other resellers. This channel involves a number of risks, including:
|
|
•
|
Our resellers and distributors are generally not subject to minimum sales requirements or any obligation to market our solutions to their customers;
|
|
|
•
|
Our reseller and distributor agreements are generally nonexclusive and may be terminated at any time without cause;
|
|
|
•
|
Our lack of control over the timing of delivery of our solutions to end-users;
|
|
|
•
|
Our resellers and distributors may violate applicable law or regulatory requirements or otherwise cause damage to our reputation through their actions;
|
|
|
•
|
Our resellers and distributors frequently market and distribute competing solutions and may, from time to time, place greater emphasis on the sale of these solutions due to pricing, promotions, and other terms offered by our competitors; and
|
|
|
•
|
Any consolidation of electronics retailers can continue to increase their negotiating power with respect to software providers such as us.
|
OEM Sales Channels. A portion of our revenues is derived from sales through our OEM partners that incorporate our products into, or bundle our products with, their products. Our reliance on this sales channel involves many risks, including:
|
|
•
|
Our lack of control over the volume of products delivered and the timing of such delivery;
|
|
|
•
|
Most of our OEM partners are not subject to minimum sales requirements. Generally, our OEM partners do not have any obligation to market our products to their customers;
|
|
|
•
|
Our OEM partners may terminate or renegotiate their arrangements with us and new terms may be less favorable due to competitive conditions in our markets and other factors;
|
|
|
•
|
Sales through our OEM partners are subject to changes in general economic conditions, strategic direction, competitive risks, and other issues that could result in a reduction of OEM sales;
|
|
|
•
|
The development work that we must generally undertake under our agreements with our OEM partners may require us to invest significant resources and incur significant costs with little or no assurance of ever receiving associated revenues;
|
|
|
•
|
The time and expense required for the sales and marketing organizations of our OEM partners to become familiar with our solutions may make it more difficult to introduce those solutions to the market; and
|
|
|
•
|
Our OEM partners may develop, market, and distribute their own solutions and market and distribute products of our competitors, which could reduce our sales.
|
If we fail to manage our sales and distribution channels successfully, these channels may conflict with one another or otherwise fail to perform as we anticipate, which could reduce our sales and increase our expenses as well as weaken our competitive position. Some of our distribution partners have experienced financial difficulties in the past, and if our partners suffer financial difficulties in the future because of general economic conditions or for other reasons, these partners may delay paying their obligations to us, and we may have reduced revenues or collections that could adversely affect our operating results. In addition, reliance on multiple channels subjects us to events that could cause unpredictability in demand, which could increase the risk that we may be unable to plan effectively for the future, and could adversely affect our operating results.
We face heightened regulation in our Consumer Cyber Safety segment, which could impede our ability to market and provide our solutions or adversely affect our business, financial position, and results of operations.
We are subject to heightened regulation in our Consumer Cyber Safety segment as a result of the sale of our identity and information protection products, which we sell as a result of our acquisition of LifeLock, including a wide variety of federal, state, and local laws and regulations, including the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, the Federal Trade Commission Act (FTC Act), and comparable state laws that are patterned after the FTC Act. Moreover, LifeLock entered into consent decrees and similar arrangements with the FTC and 35 states’ attorneys general in 2010 and a settlement with the FTC in 2015 relating to allegations that certain of LifeLock’s advertising and marketing practices constituted deceptive acts or practices in violation of the FTC Act, which impose additional restrictions on the LifeLock business, including prohibitions against making any misrepresentation of “the means, methods, procedures, effects, effectiveness, coverage, or scope of” LifeLock’s identity theft protection services. Any of the laws and regulations that apply to our business are subject to revision or new or changed interpretations, and we cannot predict the impact of such changes on our business.
Additionally, the nature of our
identity and information protection products
subjects us to the broad regulatory, supervisory, and enforcement powers of the Consumer Financial Protection Bureau which may exercise authority with respect to our services, or the marketing and servicing of those services, by overseeing our financial institution or credit reporting agency customers and suppliers, or by otherwise exercising its supervisory, regulatory, or enforcement authority over consumer financial products and services.
Our international operations involve risks that could increase our expenses, adversely affect our operating results, and require increased time and attention of our management.
We derive a substantial portion of our revenues from customers located outside of the U.S., and we have significant operations outside of the U.S., including engineering, sales, customer support, and production. Our international operations are subject to risks in addition to those faced by our domestic operations, including:
|
|
•
|
Potential loss of proprietary information due to misappropriation or laws that may be less protective of our intellectual property rights than U.S. laws or that may not be adequately enforced;
|
|
|
•
|
Requirements of foreign laws and other governmental controls, including tariffs, trade barriers and labor restrictions, and related laws that reduce the flexibility of our business operations;
|
|
|
•
|
Potential changes in trade relations arising from policy initiatives or other political factors;
|
|
|
•
|
Regulations or restrictions on the use, import, or export of encryption technologies that could delay or prevent the acceptance and use of encryption products and public networks for secure communications;
|
|
|
•
|
Local business and cultural factors that differ from our normal standards and practices, including business practices that we are prohibited from engaging in by the Foreign Corrupt Practices Act and other anti-corruption laws and regulations;
|
|
|
•
|
Central bank and other restrictions on our ability to repatriate cash from our international subsidiaries or to exchange cash in international subsidiaries into cash available for use in the U.S.;
|
|
|
•
|
Fluctuations in currency exchange rates, economic instability, and inflationary conditions could reduce our customers’ ability to obtain financing for our products or could make our products more expensive or could increase our costs of doing business in certain countries;
|
|
|
•
|
Limitations on future growth or inability to maintain current levels of revenues from international sales if we do not invest sufficiently in our international operations;
|
|
|
•
|
Longer payment cycles for sales in foreign countries and difficulties in collecting accounts receivable;
|
|
|
•
|
Difficulties in staffing, managing, and operating our international operations;
|
|
|
•
|
Difficulties in coordinating the activities of our geographically dispersed and culturally diverse operations;
|
|
|
•
|
Seasonal reductions in business activity in the summer months in Europe and in other periods in other countries;
|
|
|
•
|
Costs and delays associated with developing software and providing support in multiple languages; and
|
|
|
•
|
Political unrest, war, or terrorism, or regional natural disasters, particularly in areas in which we have facilities.
|
A significant portion of our transactions outside of the U.S. is denominated in foreign currencies. Accordingly, our revenues and expenses will continue to be subject to fluctuations in foreign currency rates. We have in the past and expect in the future to be affected by fluctuations in foreign currency rates, especially if international sales grow as a percentage of our total sales or our operations outside the U.S. continue to increase.
For example, the United Kingdom’s (U.K.) planned exit from the European Union (EU) (Brexit) has caused and may continue to cause significant volatility in global financial markets and will likely have an adverse impact on labor and trade in addition to creating further short-term uncertainty and currency volatility. In the absence of a future trade deal, the U.K.’s trade with the European Union and the rest of the world would be subject to tariffs and duties set by the World Trade Organization. Any adjustments we make to our business and operations as a result of Brexit could result in significant time and expense to complete. While we have not experienced any material financial impact from Brexit on our business to date, we cannot predict its future implications. Any impact from Brexit on our business and operations over the long term will depend, in part, on the outcome of tariff, tax treaties, trade, regulatory, and other negotiations the U.K. conducts.
If we do not protect our proprietary information and prevent third parties from making unauthorized use of our products and technology, our financial results could be harmed.
Most of our software and underlying technology is proprietary. We seek to protect our proprietary rights through a combination of confidentiality agreements and procedures and through copyright, patent, trademark, and trade secret laws. However, these measures afford only limited protection and may be challenged, invalidated, or circumvented by third parties. Third parties may copy all or portions of our products or otherwise obtain, use, distribute, and sell our proprietary information without authorization.
Third parties may also develop similar or superior technology independently by designing around our patents. Our shrink-wrap license agreements are not signed by licensees and therefore may be unenforceable under the laws of some jurisdictions. Furthermore, the laws of some foreign countries do not offer the same level of protection of our proprietary rights as the laws of the U.S., and we may be subject to unauthorized use of our products in those countries. The unauthorized copying or use of our products or proprietary information could result in reduced sales of our products. Any legal action to protect proprietary information that we may bring or be engaged in with a strategic partner or vendor could adversely affect our ability to access software, operating system, and hardware platforms of such partner or vendor, or cause such partner or vendor to choose not to offer our products to their customers. In addition, any legal action to protect proprietary information that we may bring or be engaged in, could be costly, may distract management from day-to-day operations, and may lead to additional claims against us, which could adversely affect our operating results.
From time to time we are a party to lawsuits and investigations, which typically require significant management time and attention and result in significant legal expenses, and which could negatively impact our business, financial condition, results of operations, and cash flows.
We have initiated and been named as a party to lawsuits, including patent litigation, class actions, and governmental claims, and we may be named in additional litigation. The expense of initiating and defending, and in some cases settling, such litigation may be costly and divert management’s attention from the day-to-day operations of our business, which could adversely affect our business, results of operations, and cash flows. In addition, an unfavorable outcome in such litigation could result in significant fines, settlements, monetary damages, or injunctive relief that could negatively impact our ability to conduct our business, results of operations, and cash flows.
Third parties claiming that we infringe their proprietary rights could cause us to incur significant legal expenses and prevent us from selling our products.
From time to time, third parties may claim that we have infringed their intellectual property rights, including claims regarding patents, copyrights, and trademarks. Because of constant technological change in the segments in which we compete, the extensive patent coverage of existing technologies, and the rapid rate of issuance of new patents, it is possible that the number of these claims may grow. In addition, former employers of our former, current, or future employees may assert claims that such employees have improperly disclosed to us confidential or proprietary information of these former employers. Any such claim, with or without merit, could result in costly litigation and distract management from day-to-day operations. If we are not successful in defending such claims, we could be required to stop selling, delay shipments of, or redesign our products, pay monetary amounts as damages, enter into royalty or licensing arrangements, or satisfy indemnification obligations that we have with some of our customers. We cannot assure you that any royalty or licensing arrangements that we may seek in such circumstances will be available to us on commercially reasonable terms or at all. We have made and expect to continue making significant expenditures to investigate, defend, and settle claims related to the use of technology and intellectual property rights as part of our strategy to manage this risk.
In addition, we license and use software from third parties in our business. These third-party software licenses may not continue to be available to us on acceptable terms or at all and may expose us to additional liability. This liability, or our inability to use any of this third-party software, could result in delivery delays or other disruptions in our business that could materially and adversely affect our operating results.
Changes to our effective tax rate could increase our income tax expense and reduce (increase) our net income (loss).
Our effective tax rate could be adversely affected by several factors, many of which are outside of our control, including:
|
|
•
|
Changes to the U.S. federal income tax laws, including impacts of the Tax Cuts and Jobs Act (H.R.1) (the 2017 Tax Act) arising from future interpretations of the 2017 Tax Act;
|
|
|
•
|
Changes to other tax laws, regulations, and interpretations in multiple jurisdictions in which we operate, including actions resulting from the Organisation for Economic Co-operation and Development’s base erosion and profit shifting project, proposed actions by international bodies such as digital services taxation, as well as the requirements of certain tax rulings;
|
|
|
•
|
Changes in the relative proportions of revenues and income before taxes in the various jurisdictions in which we operate that have differing statutory tax rates;
|
|
|
•
|
The tax effects of purchase accounting for acquisitions and restructuring charges that may cause fluctuations between reporting periods; and
|
|
|
•
|
Tax assessments, or any related tax interest or penalties, that could significantly affect our income tax expense for the period in which the settlements take place.
|
We report our results of operations based on our determination of the aggregate amount of taxes owed in the tax jurisdictions in which we operate. From time to time, we receive notices that a tax authority in a particular jurisdiction believes that we owe a greater amount of tax than we have reported to such authority. We are regularly engaged in discussions and sometimes disputes with these tax authorities. If the ultimate determination of our taxes owed in any of these jurisdictions is for an amount in excess of the tax provision we have recorded or reserved for, our operating results, cash flows, and financial condition could be adversely affected.
We cannot predict our future capital needs, and we may be unable to obtain financing, which could have a material adverse effect on our business, results of operations, and financial condition.
Adverse economic conditions or a change in our business performance may make it more difficult to obtain financing for our operations, investing activities (including potential acquisitions or divestitures), or financing activities. Any required financing may not be available on terms acceptable to us, or at all. If we raise additional funds by obtaining loans from third parties, the terms of those financing arrangements may include negative covenants or other restrictions on our business that could impair our financial or operational flexibility and would also require us to fund additional interest expense. If additional financing is not available when required or is not available on acceptable terms, we may be unable to successfully develop or enhance our software and services through acquisitions in order to take advantage of business opportunities or respond to competitive pressures, which could have a material adverse effect on our software and services offerings, revenues, results of operations, and financial condition.
Failure to maintain our credit ratings could adversely affect our liquidity, capital position, ability to hedge certain financial risks, borrowing costs, and access to capital markets.
Our credit risk is evaluated by the major independent rating agencies, and such agencies have in the past and could in the future downgrade our ratings. We cannot assure you that we will be able to maintain our current credit ratings, and any additional actual or anticipated changes or downgrades in our credit ratings, including any announcement that our ratings are under further review for a downgrade, may have a negative impact on our liquidity, capital position, ability to hedge certain financial risks, and access to capital markets. In addition, changes by any rating agency to our outlook or credit rating could increase the interest we pay on outstanding or future debt.
There are risks associated with our outstanding and future indebtedness that could adversely affect our financial condition.
As of March 29, 2019, we had an aggregate of
$4.5 billion
of outstanding indebtedness that will mature in calendar years 2020 through 2025, including approximately $4.0 billion in aggregate principal amount of existing senior notes and
$0.5 billion
of outstanding term loans under our senior credit facilities, and we may incur additional indebtedness in the future and/or enter into new financing arrangements. In addition, as of March 29, 2019, we had $1.0 billion available for borrowing under our revolving credit facility. Our ability to meet expenses, to remain in compliance with the covenants under our debt instruments, and to pay interest and repay principal for our substantial level of indebtedness depends on, among other things, our operating performance, competitive developments, and financial market conditions, all of which are significantly affected by financial, business, economic, and other factors. We are not able to control many of these factors. Accordingly, our cash flow may not be sufficient to allow us to pay principal and interest on our debt, including the notes, and meet our other obligations.
Our level of indebtedness could have important consequences, including the following:
|
|
•
|
We must use a substantial portion of our cash flow from operations to pay interest and principal on the term loans and revolving credit facility, our existing senior notes, and other indebtedness, which reduces funds available to us for other purposes such as working capital, capital expenditures, other general corporate purposes, and potential acquisitions;
|
|
|
•
|
We may be unable to refinance our indebtedness or to obtain additional financing for working capital, capital expenditures, acquisitions, or general corporate purposes;
|
|
|
•
|
We are exposed to fluctuations in interest rates because borrowings under our senior credit facilities bear interest at variable rates;
|
|
|
•
|
Our leverage may be greater than that of some of our competitors, which may put us at a competitive disadvantage and reduce our flexibility in responding to current and changing industry and financial market conditions;
|
|
|
•
|
We may be more vulnerable to an economic downturn and adverse developments in our business;
|
|
|
•
|
We may be unable to comply with financial and other covenants in our debt agreements, which could result in an event of default that, if not cured or waived, may result in acceleration of certain of our debt and would have an adverse effect on our business and prospects and could force us into bankruptcy or liquidation; and
|
|
|
•
|
Changes by any rating agency to our outlook or credit rating could negatively affect the value of our debt and/or our common stock, adversely affect our access to debt markets, and increase the interest we pay on outstanding or future debt.
|
There can be no assurance that we will be able to manage any of these risks successfully.
In addition, we conduct a significant portion of our operations through our subsidiaries, which are generally not guarantors of our debt. Accordingly, repayment of our indebtedness will be dependent in part on the generation of cash flow by our subsidiaries and their ability to make such cash available to us by dividend, debt repayment, or otherwise. In general, our subsidiaries will not have any obligation to pay amounts due on our debt or to make funds available for that purpose. Our subsidiaries may not be able to, or may not be permitted to, make distributions to enable us to make payments in respect of our indebtedness. Each subsidiary is a distinct legal entity, and under certain circumstances legal and contractual restrictions may limit our ability to obtain cash from our subsidiaries. In the event that we do not receive distributions from our subsidiaries, we may be unable to make the
required principal and interest payments on our indebtedness.
Our existing credit agreements impose operating and financial restrictions on us.
The existing credit agreements contain covenants that limit our ability and the ability of our restricted subsidiaries to:
|
|
•
|
Create liens on certain assets to secure debt;
|
|
|
•
|
Enter into certain sale and leaseback transactions;
|
|
|
•
|
Pay dividends on or make other distributions in respect of our capital stock or make other restricted payments; and
|
|
|
•
|
Consolidate, merge, sell or otherwise dispose of all or substantially all of our assets.
|
All of these covenants may adversely affect our ability to finance our operations, meet or otherwise address our capital needs, pursue business opportunities, react to market conditions, or otherwise restrict activities or business plans. A breach of any of these covenants could result in a default in respect of the related indebtedness. If a default occurs, the relevant lenders could elect to declare the indebtedness, together with accrued interest and other fees, to be immediately due and payable and, to the extent such indebtedness is secured in the future, proceed against any collateral securing that indebtedness.
Some of our products contain “open source” software, and any failure to comply with the terms of one or more of these open source licenses could negatively affect our business.
Certain of our products are distributed with software licensed by its authors or other third parties under so-called “open source” licenses, which may include, by way of example, the GNU General Public License, GNU Lesser General Public License, the Mozilla Public License, the BSD License, and the Apache License.
Some of these licenses contain requirements that we make available source code for modifications or derivative works we create based upon the open source software and that we license such modifications or derivative works under the terms of a particular open source license or other license granting third parties certain rights of further use. By the terms of certain open source licenses, we could be required to release the source code of our proprietary software if we combine our proprietary software with open source software in a certain manner. In addition to risks related to license requirements, usage of open source software can lead to greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or controls on origin of the software. We have established processes to help alleviate these risks, including a review process for screening requests from our development organizations for the use of open source, but we cannot be sure that all open source is submitted for approval prior to use in our products. In addition, many of the risks associated with usage of open source cannot be eliminated and could, if not properly addressed, negatively affect our business.
Our contracts with the U.S. government include compliance, audit, and review obligations. Any failure to meet these obligations could result in civil damages and/or penalties being assessed against us by the government.
We sell products and services through government contracting programs directly and via partners, though we no longer hold a GSA contract. In the ordinary course of business, sales under these government contracting programs may be subject to audit or investigation by the U.S. government. Noncompliance identified as a result of such reviews (as well as noncompliance identified on our own) could subject us to damages and other penalties, which could adversely affect our operating results and financial condition.
Item 1B.
Unresolved Staff Comments
There are no unresolved issues with respect to any Commission staff’s written comments that were received at least 180 days before the end of our fiscal year to which this report relates and that relate to our periodic or current reports under the Exchange Act.