ITEM 1. BUSINESS
General
Our Mission
Our mission is to create enterprise-grade technology for small and medium businesses ("SMBs") delivered through our growing, global network of managed service provider ("MSP") partners.
Overview
Datto Holding Corp. ("Datto Holding", "Datto", “we,” “us,” “our” and “the Company”) is the leading provider of cloud-based software and technology solutions purpose-built for delivery through the MSP channel to SMBs. MSPs represent the future of information technology ("IT") management for SMBs. Digital transformation is driving SMB adoption of modern software and technology, while regulatory and data protection requirements and proliferating security threats are increasing the complexity and risk of IT for SMBs. These trends have created an inflection point in SMB outsourcing to MSPs for IT management. MSPs are equipped with the IT resources and expertise SMBs lack, serving as a single provider to meet all of an SMB’s IT needs. MSPs are trusted to select, procure, implement and manage software and technology stacks that support their SMB customers’ business needs. The number of MSPs continues to grow, with approximately 125,000 MSPs providing this critical function to millions of SMBs worldwide today.
We are committed to the success of MSPs. It is the foundation of our strategy and culture. We empower our MSP partner channel, creating enormous sales and support leverage for us to efficiently address the large but fragmented SMB IT market. Our MSP-centric platform enables our partners to generate recurring revenue through the sale of our solutions to SMBs and to scale and effectively manage their own businesses. Our relationships are directly with our MSP partners. We are the leading pure-play vendor serving the MSP market, and believe our MSP-centric approach is highly differentiating as it aligns our mutual incentives, creates a motivated and engaged sales channel and reinforces our position as an integral component of our MSP partners’ businesses.
Our cloud-based offerings include Unified Continuity, Networking and Business Management software solutions. Our Unified Continuity and Networking offerings ensure the ongoing availability and security of mission-critical IT systems for SMBs on-premise, in private clouds and in the public cloud. These solutions are simple for MSPs to deploy, configure and manage across their SMB customers through a single portal. Our Business Management software provides critical operational tools to MSPs for efficient workflow management and delivery of end-to-end managed services. Our platform also includes a host of business development tools, training and content to help MSPs address the challenges of marketing and selling to SMB customers.
We employ a land-and-expand business model and grow as our MSP partners grow. We seek to deliver tools and resources that are easy to adopt and enable recurring revenue growth and margin efficiency for our MSP partners. Our partners can expand their footprint with us on a frictionless basis as they increase the number of SMB customers they serve and the number of Datto products that they sell through to their SMB customers. As of December 31, 2020 and 2019, our dollar-based net retention rate was 111% and 119%, respectively. See “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Key Performance Metrics” for additional information regarding our dollar-based net retention rate.
We have a highly efficient go-to-market model, in which we leverage our sales force and the power of our brand to attract, retain and grow our MSP partners. As of December 31, 2020, we had over 17,000 MSP partners, of which over 1,100 accounted for annual run-rate revenue, or ARR, of $100,000 or more each. MSP partners with over $100,000 of ARR accounted for 47% of our total ARR as of December 31, 2020. As of December 31, 2020 our 10 largest partners represented approximately 3% of our ARR and no single partner represented more than 0.8% of our ARR. See “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Key Performance Metrics” for additional information regarding ARR.
Our business has experienced rapid growth since inception and generates revenue that is highly recurring. As of December 31, 2020, our ARR was $542.8 million and our revenue for the year ended December 31, 2020 was $518.8 million, of which approximately 94% was recurring subscription revenue. As of December 31, 2019, our ARR was $474.8 million and our revenue for the year ended December 31, 2019 was $458.8 million, of which approximately 90% was recurring subscription revenue. For the year ended December 31, 2020, our net income was $22.5 million and our adjusted earnings before interest, taxes, depreciation and amortization ("Adjusted EBITDA") was $150.5 million. For the year ended December 31, 2019, our net loss was $31.2 million and our Adjusted EBITDA was $84.6 million. See “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Non-GAAP Financial Measures—Adjusted EBITDA” for additional information regarding Adjusted EBITDA.
Industry Background
Significant industry trends are impacting the market for MSP-delivered IT, including:
•MSPs represent the future of IT management for SMBs. As dedicated technology experts, MSPs are equipped with the IT resources and expertise SMBs lack, providing a single source to meet all of an SMB’s IT needs. MSPs are trusted to select, procure and implement software and technology stacks for their SMB customers. After implementation, MSPs provide ongoing value to SMBs through strategic guidance, technical support, monitoring and maintenance of their full IT environments.
• IT providers are transitioning to a recurring managed services model. Globally, the number of MSPs continues to grow as organizations across the broader IT services landscape, including professional services providers, IT consultants, systems integrators and value-added resellers, transition to a managed services model.
A number of technology trends have created an inflection point in SMBs’ outsourcing to MSPs for IT management. These trends are greatly increasing the complexity of the IT challenges faced by SMBs and include:
•SMBs are increasingly adopting digital and cloud-based technologies. In response to competitive pressures and the demands of customers and employees, businesses are increasingly adopting digital and cloud-based technologies to help them transform their operations and compete in the marketplace. Even traditionally offline businesses are increasingly embracing technology to help them more efficiently market to, transact with and support customers, as well as to run their own operations. With the democratization of technology, SMBs are under pressure to adopt digital solutions with enterprise-grade capabilities or risk being disrupted by their competitors. We believe that new business challenges arising from the novel Coronavirus Disease 2019 ("COVID-19") pandemic are accelerating the digital transformation of SMBs. According to the International Data Corporation, a global research firm, by 2023, 67% of SMBs will have digital transformation as a key part of their IT strategy.
•Modern technologies are driving complexity in IT. The accelerating pace of technological advancement and proliferation of software and technology offerings are increasing the difficulty for businesses to evaluate, select and implement an optimal IT environment. With the adoption of modern technologies, IT systems have become increasingly linked to business operations and to each other through complex integrations, greatly heightening the importance of effective IT management.
•SMB exposure to security and regulatory risk is increasing. SMBs are increasingly collecting, generating and storing data to perform mission-critical functions. Recognizing the criticality and potential value of this data, bad actors are increasingly targeting SMBs to exploit their perceived security vulnerabilities. According to a survey of our MSP partners during 2020, 78% of MSPs reported ransomware attacks against their SMB customers over the last two years, including 60% reporting attacks in just the first six months of 2020. Cybersecurity Ventures, an IT research firm, predicts that ransomware attacks will cause nearly $20 billion in damage globally by 2021. Moreover, SMB data is potentially subject to various and ever-evolving regulatory regimes, creating the additional challenge of ensuring ongoing compliance.
•SMBs are not equipped to meet the expanding challenges of IT management. Despite requiring certain capabilities of enterprise-grade technology solutions, SMBs lack the time, resources and expertise to deploy, manage and maintain an enterprise-grade IT stack. Grappling with the day-to-day management of IT also takes time and resources away from advancing core business goals.
•The costs of downtime or data loss are meaningful and expanding. With increasingly digital operations, system downtime or data loss results in lost revenue, customer churn, negative brand perception and reduced employee productivity. For SMBs, these losses can be catastrophic, with the potential to result in significant business disruptions or even bankruptcy, driving the need for comprehensive and effective enterprise-grade continuity solutions.
Our Differentiated Approach
We are committed to the success of MSPs. It is the foundation of our strategy and culture. We believe our MSP-centric approach is highly differentiating because it aligns our mutual incentives, creates a motivated and engaged sales channel and ensures we become an integral component of our MSP partners’ businesses. Our approach, combined with our expansive platform, has helped to establish us as the leading pure-play vendor serving the MSP market, with an extensive network of more than 17,000 MSP partners. We empower our MSP partner channel, creating enormous sales and support leverage for us to efficiently address the large, but fragmented, SMB IT market.
Our Unified Continuity and Networking solutions generate recurring revenue for MSPs as part of their managed services for SMBs. MSPs integrate these solutions into managed services that they offer to their SMB customers on their own terms, including pricing, packaging, billing and solution-bundling giving MSPs greater control over growth and profitability of their managed services. We also provide visibility and predictability to our MSP partners by delivering our solutions on a subscription basis.
Our Business Management offerings further this overall value proposition, enabling MSPs to scale and optimize the workflows and business processes associated with managed services delivery. Our solutions are purpose-built to address the specific needs of MSPs, enabling them to improve customer satisfaction, increase productivity, decrease response times and reduce costs, enhancing the overall profitability of their businesses.
Our platform also features business development tools and content to help MSPs address the challenges of marketing and selling to SMBs. We do not directly market or sell to SMBs to avoid competing with our MSP partners. Instead, we offer MSPs tools for marketing automation and content for marketing programs, as well as training and certifications. We further cultivate the broader MSP ecosystem through our thought leadership efforts and industry-leading events. Our open ecosystem events, such as DattoCon, DattoCon EMEA and MSP Technology Days, are among the largest MSP events in the world.
Our singular dedication to our partners has enabled us to create a network of more than 17,000 MSPs that rely upon Datto solutions to serve over 1.5 million SMBs. Our model of distribution through this network of MSPs mitigates the challenges of addressing the SMB market and provides us with the following benefits:
•Sales leverage. The MSP channel creates enormous sales leverage for us to address the large but fragmented SMB IT market. With each of our sales representatives capable of reaching dozens of MSPs, who in turn can serve hundreds of SMBs, the reach of our sales force is greatly amplified.
•Recurring revenue durability. Our direct contractual relationships with MSP partners insulate us from SMB churn from bankruptcy, consolidation or other adverse events. In the event of SMB customer loss, the associated MSP will often maintain their revenue stream by migrating that customer’s Datto stack to a different customer.
•Natural revenue expansion. Once we are engaged with an MSP, our revenue expands naturally as that MSP adds existing and new SMB customers to our platform, upgrades service tiers or purchases more of our solutions to meet growing data protection or networking needs and cross-sells additional solutions into its customer base.
•Support and service leverage. We provide 24/7 direct-to-tech support to our MSP partners, who are responsible for providing higher touch implementation and ongoing support services to their SMB customers. This approach allows us to avoid the significant cost associated with providing support and service activities to over 1.5 million SMBs.
Key Strengths of Our Solutions
Datto is the largest pure-play vendor serving the MSP market with a unified, cloud-based platform that enables the end-to-end delivery of managed IT services to SMBs. Our platform combines mission-critical software, technologies and security solutions that MSPs sell to SMBs with business management software to help MSPs scale and grow their own businesses. Our solutions include Unified Continuity, Networking and Business Management.
Unified Continuity Solutions
Unified Continuity constitutes a suite of cloud-managed products and security solutions, including business continuity and disaster recovery, or BCDR, and SaaS protection. These products provide enterprise-grade data protection, ensure business uptime and establish a last line of defense against security threats by enabling the full image backup, virtualization, cloud replication and restoration of entire physical or virtual servers and PCs, whether on-premise at an SMB, remotely in a data center or in the cloud. The key differentiators of our Unified Continuity solutions include:
•Built for MSPs. We provide turnkey solutions that are remotely configurable out-of-the-box and are fast and easy to deploy. Once deployed, data automatically begins flowing into the private Datto cloud platform, or the Datto Cloud, and can be managed through the Datto partner portal, which provides MSPs with a multi-tenant view of all their SMB customers.
•Comprehensive protection for the full IT environment. Our solutions provide comprehensive protection of data and applications to efficiently prevent data loss, mitigate ransomware attacks and minimize downtime for MSPs’ SMB customers. This includes the ability to protect and quickly restore full physical, virtual or cloud environments to any point in time, in a hardware-agnostic manner, as well as the ability to seamlessly protect and recover data from public cloud SaaS applications. Our solutions are often a last line of defense when an SMB's firewalls are breached or a network is compromised through an employee clicking on a phishing email.
•Highly reliable and performant. Our solutions replicate environments across multiple locations to create redundancy and ensure partner-managed environments are fully protected. Our solutions continually validate that these environments can be fully restored through multiple layers of verification, including automated ransomware scanning, disk and service integrity checks and testing of the virtual machine. In an adverse event, our solutions are capable of providing near-instantaneous virtualization in our cloud, temporary failover and high-performance recovery to the local network to ensure ongoing continuity of the SMB’s systems, minimizing costly downtime.
Networking Solutions
Networking refers to our collection of integrated WiFi access points and connectivity offerings that enable MSPs to efficiently offer highly performant and reliable cloud-managed networking to their SMB customers. The key differentiators of our Networking solutions include:
•Built for MSPs. Our networking solutions are purpose-built to align with the needs of MSPs in delivering managed networking. Our solutions enable remote monitoring and management from the cloud, providing MSPs with a multi-tenant view of all networks and connected devices, with automated event alerts and visual indicators of each device’s status. They also enable efficient management through seamless native integration with critical MSP tools.
•Efficient deployment. Our solutions allow MSPs to preconfigure customer network settings, enabling the plug-and-play self-formation of entire networks. Configurations can be cloned from similar existing networks, enabling MSPs to quickly and easily deploy new customer networks in a standardized and pre-defined manner.
•Highly reliable and performant. Our solutions are specifically designed to provide highly reliable and performant networking to help MSPs maximize uptime for SMB customers. Our networking solutions feature automatic failover and failback, self-healing mesh and channel scanning mechanisms to ensure customer networks maintain and optimize performance, even in the event of a disruption to primary connections or hardwired network lines.
Business Management Solutions
Business Management refers to our suite of integrated SaaS products for MSPs, including Autotask Professional Services Automation, or PSA, and Remote Monitoring and Management, or RMM, that provide critical operational tools to manage workflows and the delivery of end-to-end IT services. Built from inception to run in the cloud, these offerings allow MSPs to manage their businesses through a centralized hub and to increase operational efficiency. The key differentiators of our Business Management solutions include:
•Built for MSPs. Our business management solutions provide a fully integrated solution for single pane of glass management of the critical operational workflows and business processes of MSPs, including device management, ticketing, project management, customer relationship management, invoicing, inventory management and resource management. Our solutions offer embedded integrations with over a hundred other MSP tools and technologies for the seamless and efficient delivery of managed services.
•Cloud and mobile enabled. Our business management solutions are built for the cloud and include mobile device support, enabling the efficient and effective management of IT service delivery. With mobile-enabled solutions, technicians can access critical tools and systems from the field, increasing productivity and reducing costs.
•Complete visibility and control. Our business management solutions provide MSPs with full visibility into SMB customer environments with complete control to remotely remediate IT issues. Through our unified PSA and RMM offerings, our solutions provide dashboards, alerts, actionable insights, analytics and automation to help MSPs drive operational efficiency.
Key Benefits to Our MSP Partners
MSPs choose Datto and develop longstanding relationships with us not only for our innovative solutions but also for our comprehensive platform, which delivers the following key benefits to our MSP partners:
•Enable shift to managed IT services. By providing solutions specifically designed for delivery in a bundled suite of critical managed services, we facilitate the shift of IT services organizations to a recurring managed services model. With our platform, MSPs generate recurring revenue through the sale of our software and technology to SMBs on a subscription basis and thereby gain clear visibility into and predictability of revenue. Our suite of products provides our MSP partners with multiple avenues to land new customers and expand recurring revenue over time.
•Increase retention of SMB customers. Any time an SMB experiences a security downtime or data loss event, an MSP runs the risk of losing that customer. For this reason, MSPs seek reliable solutions that reduce the risk of SMB downtime and data loss. With our solutions, MSPs gain a last line of defense against security threats that ensures ongoing availability and comprehensive data protection, providing their SMB customers with peace of mind. Datto solutions have proven to be very reliable for MSP partners in enabling the efficient management of their customer base, preventing downtime and recovering from cyberattacks and data loss events. As a result, the MSP’s role in securing SMBs’ mission-critical systems solidifies the MSP’s importance as a trusted partner to SMBs.
•Increase profit generation from SMB customers. Our solutions are competitively priced to enable our MSP partners to generate attractive profit margins. The pricing of our solutions for MSPs is generally based on a predetermined tier for a given solution, ensuring our MSP partners have visibility into delivery cost. The pricing of our solutions is not available to SMBs and our MSP partners have latitude to set the pricing, packaging and bundling of our solutions as a managed offering to their customers. As a result, our MSP partners can leverage our solutions to create reliable profit centers for their businesses.
•Avoid channel conflict. Unlike most technology and software vendors who sell to both MSPs and SMB customers, Datto does not compete with MSPs. Datto’s MSP-centric approach enables us to focus solely on the needs of MSPs, designing our platform and solutions for this market. We provide MSPs with the tools and support they need to create and sell managed services to their SMB customers and the assurance we will not compete directly for the business of SMBs.
•Reduce the cost of managing SMB customer IT environments. Our remote monitoring and management product enables the delivery of end-to-end managed IT services by allowing MSPs to perform proactive monitoring, preventative maintenance and remote remediation of customer systems, applications and devices in real-time with intelligent alerting, auto-response and auto-resolution. Our cloud-based solutions help MSPs achieve better resource utilization by reducing costly truck rolls for on-site service and freeing up resources to pursue higher value activities.
•Enable operational efficiency. Our business management tools are easy to implement and use, enabling MSPs to operate their own businesses more efficiently through centralized operations from a single pane of glass. These software solutions are optimized for the business needs of MSPs to enable workflow automation and deliver actionable insights, providing full visibility into customer IT environments. Our solutions have embedded integrations with other Datto products and other services and technologies to make it easier for an MSP to manage a heterogeneous technology stack.
•Drive business growth. In addition to our products, our platform also includes a range of sales and marketing content, training and other programs as well as technical certifications tailored to our MSP partners to help them more effectively grow their businesses, alleviating a major pain-point for IT professionals with limited sales and marketing experience.
Our Growth Strategy
We pursue numerous actions to drive our growth in subscription revenue. Key elements of our growth strategy include:
•Expand our partner base by adding new MSPs. We believe that there is substantial opportunity to increase our penetration among MSPs. We intend to continue leveraging the strong awareness of our brand as a trusted partner to the MSP community to add new MSPs in the markets we serve. Since December 31, 2018, we expanded our MSP partner base from approximately 14,400 to over 17,000 at December 31, 2020.
•Standardize MSP partners on our platform. Once an MSP partner joins our platform, our goal is to increase the penetration of our solutions across its existing SMB customer base. Typically, MSPs initially deploy our solutions to only a limited number of their SMB customers. Over time, MSPs often continue to migrate additional existing end-customers to our platform for the benefit of managing a single integrated solution stack. Our goal is to aid in this migration in order to increase our overall penetration into our MSP partners’ existing SMB customer base.
•Empower our MSP partners to attract more SMBs. As SMBs increasingly rely on MSPs for IT management, we seek to grow our revenue by helping our existing MSP partners attract additional SMB customers that may ultimately adopt our solutions. We plan to continue developing marketing automation tools and content for marketing, as well as offering training and certifications, in order to facilitate our MSP partners’ growth.
•Facilitate upsell and cross-sell activity with our MSP partners and their SMB customers. We intend to grow our sales teams in order to increase our sales with our MSP partners. Our sales teams upsell our MSP partners to higher service tier subscriptions as the data retention and bandwidth needs of their SMB customers grow. In addition, our sales teams upsell our MSP partners to increase their Business Management subscriptions as they grow. Our sales teams also actively cross-sell our products to our MSP partners, leveraging their positive experiences with our platform. Our dollar-based net retention rate, which was 111% as of December 31, 2020 and 119% as of December 31, 2019, demonstrates our ability to expand within existing MSP partners.
•Extend our product leadership and introduce new platform solutions. We continue to invest in new purpose-built product and service offerings to anticipate and meet the evolving demands of our MSP partners and their SMB customers. We will also continue to pursue opportunistic mergers and acquisitions to complement and enhance our current solution set.
•Expand our international footprint. We believe there is significant opportunity to expand into new international geographies, with approximately 73% of our revenue coming from the United States ("U.S.") in 2020. The maturity of the international SMB IT landscape varies; more mature markets represent growth opportunities in the near term, while less mature markets present a longer-term opportunity as MSPs develop within those markets.
Our Products
Our products include offerings in Unified Continuity, Networking and Business Management.
Unified Continuity Products
Datto Unified Continuity is a complete line of products that protect workloads — data, applications and configurations — located on laptops, workstations, physical and virtual servers and in the public cloud. There are five cloud-based products that together protect and restore workloads, reduce SMB downtime resulting from data or system loss and provide a last line of defense against security threats. These products include:
Business Continuity and Disaster Recovery. MSPs use our all-in-one BCDR products to efficiently protect servers and workstations and minimize downtime for SMBs. SIRIS, Datto’s flagship cloud-managed BCDR product, consists of a state-of-the-art physical or virtual device deployed by MSPs at a customer location or in a private data center, the agent software installed on protected servers and workstations and a cloud-based storage, virtualization and management system. SIRIS is available in service tiers ranging from one to 100 terabytes with a variety of data retention options.
Once an MSP deploys SIRIS, the agent software automatically transfers disk images of the protected machines to the SIRIS device at configurable intervals, as frequently as every five minutes. SIRIS verifies the integrity of every image, transfers a copy of that image to the secure Datto Cloud at selected intervals and can replicate that to a second geographically distributed data center if desired. In this manner, SIRIS establishes a last line of defense for all protected servers and workstations. In the event of a server or workstation security incident or outage, users can initiate a boot of the virtual image of the affected machines either in the SIRIS device or in the Datto Cloud in as little as six seconds.
In addition to SIRIS, BCDR products also include ALTO, a smaller capacity BCDR solution. Available in a 2 terabyte model, ALTO provides many of the same capabilities of SIRIS without local virtualization on the device. The same agents are used to collect server or workstation images and ALTO is managed from the same management portal in the Datto Cloud, but with ALTO all failover virtualization occurs only in the Datto Cloud.
Cloud Continuity. Cloud Continuity is the innovative all-in-one, image-based continuity solution for Windows-based PCs (laptops and desktops). Cloud Continuity takes an image of a protected PC and replicates it directly to the Datto Cloud without the need for a local device. Backup images include all PC files and data, as well as the configuration, settings and software. In the event of a ransomware attack, device loss or theft, or other event that renders the PC unusable, Cloud Continuity allows MSPs to quickly and easily restore to any PC hardware.
SaaS Protection. SaaS Protection is a reliable, automated and secure backup and restoration product for Microsoft 365 and Google Workspace data. Microsoft and Google currently recommend the use of a third-party backup service because Microsoft 365 and Google Workspace do not backup user data. MSPs deploy SaaS Protection seamlessly for their SMB customers in a few simple steps, and can quickly start to take regular backups of user emails, files and sites, storing these backups in the Datto Cloud. MSPs help end-users easily recover from data loss, including ransomware attacks, accidental or malicious deletion and cancelled employee accounts—all from our cloud management portal.
Workplace. Datto Workplace is a complete cloud-hosted file sync and share solution enabling end-users to synchronize files across platforms, including mobile devices. Workplace also serves as a collaboration platform allowing users to share and work together on any type of document in its native file format. Centralized cloud management and sophisticated administrative controls at the end-user and group levels give MSPs and their SMB customers control over file governance. Critical business files are also protected via the ransomware detection and management feature, which gives users the ability to immediately revert back to safe file copies from before an infection, undoing the ransomware encryption of user data.
File Protection. Datto File Protection is an MSP-managed, secure and scalable backup product that enables MSPs to efficiently protect and recover files and folders on workstations and laptops of all types. File and folder backups protect unstructured data from ever-present threats such as human error, hardware failure, ransomware and lost or stolen devices. Users can quickly and easily access
and restore their own files from the Datto Cloud, enabling them to recover from common data-loss scenarios without raising a support request, or MSPs can securely access customer accounts and restore data on their behalf.
Networking Products
Datto Networking delivers a suite of cloud-managed networking products for MSPs to efficiently deploy to their SMB customers.
Networking products currently include:
Access Points. Our WiFi access points deliver high-powered wireless mesh networks with seamless roaming. These 802.11AC Wave 2 access points include a quad-core processor to ensure all of the Wave 2 features have the necessary processing power to deliver the performance required by SMBs.
Switches. We offer switches with 8, 24 and 48 port options, switching capacity ranging from 20 Gbps to 104 Gbps, and mounting options ranging from fanless desktop to rack mounted. MSPs can choose the form factor, performance and mounting options most appropriate for a particular SMB customer.
Edge Routers. Our Edge Routers provide core functionality including intrusion detection and prevention and a firewall with stateful packet inspection, layer 7 DPI, port forwarding, DMZ host and VLAN segregation.
Business Management Products
Business Management consists of integrated SaaS offerings that enable MSPs to be more efficient at scale, including:
Autotask Professional Services Automation. Autotask PSA is a complete IT business management product that is purpose-built for MSPs and delivers the mission-critical tools an MSP needs to run its business. Continuing to deliver 99.99% uptime in 2020, Autotask PSA pioneered cloud-delivered PSA and provides dashboards that help MSPs turn data into actionable business insights. It enables partners to monitor their sales pipeline, track technician productivity and evaluate customer profitability. It includes device management, ticketing, project management, customer relationship management, invoicing, inventory management and resource management. In addition, our open architecture application programming interface ("API") has enabled more than 100 industry-leading vendors to integrate their business-critical applications with Autotask PSA to further simplify workflows for MSPs. Autotask PSA centralizes business operations and enables quick, data-driven decisions through rich dashboards, customizable alerts and business intelligence tools.
Remote Monitoring and Management. A key component of an MSP’s security best practices, Datto RMM is a remote monitoring and management product designed to assist MSPs with their IT service delivery. Built for MSPs as a multi-tenant solution to manage millions of SMB customer endpoints in an efficient manner, Datto RMM is a fully cloud-managed, scalable SaaS product with integrated endpoint ransomware detection. The underlying architecture provides MSPs with the ability to remotely audit, patch, manage, monitor, support and report on SMB customers’ local and public-cloud deployed endpoints. The platform offers a collection of tools for securely supporting thousands of devices without the need for extensive training. MSPs can use Datto RMM tools to create their own scripts, or easily plug in hundreds of pre-made scripts, to automate repetitive tasks like software patching or rapidly respond to security incidents with pre-defined actions. Integrations with Autotask PSA and other frequently-used solutions allow MSPs to seamlessly report on device status, issues and events. Using configurable dashboards, a simple menu system, remote takeover capability and the flexibility to operate from any internet-connected device, Datto RMM helps MSPs deliver better service and increase responsiveness for their SMB customers.
Our Technology
Unified Continuity, Networking and Business Management products are based on a two-level, multi-tenant, private, hybrid cloud architecture. Designed to provide ease of deployment and a high degree of flexibility, our technology enables MSP partners to deliver managed services across a broad range of scenarios at scale.
Key features of our technologies include:
•Easy to use enterprise-grade technology. Our products are designed to be simple to deploy and easy to manage and are built on the latest enterprise-grade technology. This technology includes Type 1 hypervisors, industry-standard scalable monitoring, converged infrastructure and extensive security features. We abstract this complex technology from our MSPs with simple graphical user interfaces. Further, smart defaults and pre-configuration capabilities in our cloud enable MSPs to configure our products, ship them to end-customers and deploy them with minimal effort. Once deployed and configured, our products then connect to the Datto Cloud and begin uploading data. In this way, MSPs can provide secure enterprise-grade technology to their SMB customers without the hassles of deploying, integrating and managing enterprise products.
•Datto product integrations. We pioneered an integrated product portfolio tailored uniquely for MSPs. While Autotask PSA and Datto RMM can be offered as stand-alone products, they are also integrated with each other, allowing technicians to move seamlessly between our PSA and RMM. Integration between Datto RMM and our Networking solutions allows rapid troubleshooting and problem resolution of network issues. Integration between BCDR and PSA allows the PSA to collect and report on deployed devices and manage related support tickets. These integrations encourage MSPs to standardize across our solutions.
•Third-party product integrations. Datto supports an open technology ecosystem for MSPs. MSPs value using different tools from multiple vendors to deliver their managed services, creating unique and often differentiating technology stacks. Datto products are externally integrated with other products to make it easier for an MSP to manage a heterogeneous technology stack. Leveraging open APIs, third party vendors have built more than 200 integrations with our business management products. This includes everything from security tools to competitive remote monitoring and management and professional services automation vendors.
•Two-level multi-tenant architecture. All of our products share a two-tier multi-tenant design, which facilitates MSP management of both their own and the SMBs’ environments. The first tier provides secure resource sharing among MSP partner accounts hosted on the Datto Cloud, while the second tier sits below each MSP account and provides a tenant-centric view of SMB customers for the MSP partner. Most other multi-tenant systems provide only a single level of tenant management.
•Private virtualization and storage cloud. Datto operates its own exabyte scale private cloud which provides us with control over the environment, efficient operating costs and flexibility to best support our partners. The Datto Cloud provides both compute and storage tiers at multiple geographically distributed data centers. This includes the option to replicate a second copy of SMB customer data to an alternative data center in region. We have developed a differentiated virtual machine ("VM") orchestration layer which allows shared management between our MSP partner and the Datto support organization.
•Proprietary work-flow engine. Autotask PSA incorporates a field-configurable business logic engine that allows the implementation of business processes without costly code customization. A single multi-tenant cloud architecture delivers scalable efficient deployment of custom workflows for each MSP partner, and enables partners to trigger actions and alerts based on real time internal data as well as data from third party products. This allows MSPs to deploy PSA to meet the needs of their business, rather than redesigning their business to meet the requirements of their chosen management software.
•Proprietary agent and agentless technology. We have developed several proprietary agents across our product lines, specifically BCDR, RMM and Cloud Continuity. Our Unified Continuity agents protect servers, workstations and PCs by deploying an endpoint resident software package or using an agentless approach for virtual machines and private clouds. We have developed both a robust agent and an agentless plugin that support virtual machine backup on Hyper-V and VMware. We have also developed RMM agents and API integrations that enable MSPs to monitor and manage SMB customer endpoints on premise and in the public cloud. By developing this proprietary technology, we can avoid reliance on third-party licensed backup agents.
•Proprietary remote access technology. Datto RMM incorporates near-instantaneous access to managed endpoints using 100% HTML5 technology with no local plugin required on the managed device. Not only is this technology secure and fast, it delivers cross browser compatibility. This enables technicians to address customer tickets from nearly any browser, including mobile devices and tablets. With better performance than third-party licensed options, Datto RMM also enables MSPs to deliver faster, more responsive service to their SMB customers.
•Proprietary virtual machine image verification technology. Our verification technology provides evidence that backups produced by our BCDR products are viable. This technology performs automated tests on every image for ransomware and disk integrity. “Screenshot” verification boots the virtual machine either on the device or in the cloud and performs additional automated testing for viability. This running instance of the protected virtual machine further allows the MSP partner to utilize our scripting API to run custom test scripts that validate functionality and data integrity beyond what can be normally evaluated through the built-in testing. This functionally is linked back through the multi-tenant portal and alerting system to provide the MSP partner with confirmation that their managed systems are protected.
•Cloud to cloud API-level connectivity. In addition to devices deployed on-premises, the Datto Cloud is designed to ingest data directly from SaaS applications hosted in public clouds. This API-level connectivity brokered through our multi-tenant portal provides the same level of management that our MSP partners expect from the hybrid cloud continuity products. We have worked with Microsoft and Google to make efficient use of Microsoft 365 and Google Workspace APIs and achieve efficient data ingest and restore services.
•Proprietary remote synchronization technology. Datto has developed proprietary synchronization technology across a wide range of use cases to allow SMB PCs and devices to efficiently and securely send data to the Datto Cloud without saturating local internet connections. This includes multi-pass synchronization technology that enables local workloads to continue to operate while a backup is taken and transmitted. It also includes file synchronization software, as well as differential assessment, transmission and verification capabilities to enable an MSP to control the transmission and verification of large data sets to the Datto Cloud.
•RMM integrated cloud-managed networking devices. By combining the network cloud API with RMM management dashboards, the Datto RMM engine is able to provide access to network configuration and runtime data that greatly exceeds off-the-shelf solutions reliant on SNMP for device connectivity. This cloud-level integration provides much greater control of Datto Networking devices than can be achieved by combining products from different networking and remote monitoring and management vendors. As a result, MSP technicians solving SMB customer tickets experience a seamless environment, increasing productivity and responsiveness.
•Proprietary embedded RMM Ransomware Detection. One of the largest security threats for MSPs and their SMB customers is ransomware, and Datto RMM now incorporates the first embedded ransomware detection algorithm into deployed RMM agents. On all Datto RMM managed devices, the agent now observes the local system for signs of crypto ransomware. When identified, the agent attempts to stop the encryption process and automatically isolates the system from the network, alerting the MSP to the infection. This allows MSPs to prevent the spread of ransomware, and proactively restore infected systems.
•Hyper-converged hybrid cloud connected edge device. Datto is differentiated in that it deploys a true hyper-converged continuity appliance that combines data storage with local compute capabilities. Alternative continuity systems generally only provide gateway functionality with virtualization occurring either exclusively in the cloud or on other equipment furnished by end-customers on-premises. Datto allows very flexible orchestration of VM instances in either the cloud or on the edge device.
Our Partners
Datto creates technology for MSPs, enabling them to deliver managed services to their SMB customers and also enabling MSPs to efficiently operate their own businesses. MSPs represent substantially all of our revenue and are referred to as our “partners.” Our MSP partners purchase our products on a subscription basis for their own use or for inclusion in managed services sold to their end-customers in a recurring revenue model. Our MSP partners range in size from very small to mid-sized, and primarily serve small and medium-sized businesses, often managing an SMB customer’s entire IT environment. In smaller MSPs, the business owner or CEO is typically the purchaser of Datto products, and in larger MSPs, the purchaser is often the Vice President of Product or CTO.
Our Business Management products are purchased by an MSP for their own use, with subscription fees based on their number of seats or by number of managed SMB devices. Our Unified Continuity and Networking products are purchased by an MSP for resale to their SMB customers, with subscription fees based on service tier and device count or the number of Microsoft 365 or Google Workspace employee accounts at the SMB domains that our MSP partners protect through our SaaS Protection products. Generally, an MSP first purchases a device or seats to assess our products and include them in their managed services. Following a successful initial assessment, the MSP typically purchases and deploys additional devices and seats for its customers over time.
As of December 31, 2020, we partnered with more than 17,000 MSPs serving over 1.5 million SMBs across more than 25 countries. We count partners as MSPs with active subscriptions for one or more of our products at the end of the measured period. Our revenue is highly diversified across our entire partner base, with no single partner making up more than 0.8% of our ARR. As of December 31, 2020, we had over 1,100 MSP partners that each contributed more than $100,000 of ARR.
Examples of use cases of MSP partners leveraging our solutions to deliver value to their SMB customers include:
•utilizing our BCDR solutions to help an SMB roll back its IT environment after a phishing e-mail and ransomware has compromised that SMB’s systems;
•upon a server failure, helping an SMB to switch over to our local device until that SMB’s environment has been restored;
•enabling an SMB to operate its environment in our cloud in the event of a natural disaster, such as a hurricane or earthquake;
•after an end-customer accidentally misplaces a laptop, helping the customer restore the lost environment onto new hardware;
•recovering data and files from our cloud when a customer accidentally deletes a file from Microsoft 365 or Google Workspace;
•utilizing Datto Networking solutions to provide production, point of sale, network connectivity and guest Wi-Fi services for a conference or event; and
•using the Datto partner portal to remotely diagnose and fix an SMB’s laptop issues.
Competition
We operate in a dynamic industry driven by the technology needs of SMBs and MSPs. Our competition is generally comprised of enterprise IT vendors and emerging innovators with niche point solutions. These competitors include:
•Continuity vendors that provide image-based backup solutions with on-premise only, cloud-only or hybrid infrastructure. The level of continuity provided by image-based backup vendors varies widely, from simple image copy to complex image orchestration, copy, failover and failback. Many vendors providing continuity solutions are not exclusively focused on serving MSPs.
•Networking vendors that sell a mix of edge routers, WiFi access points and switches to small, medium and large businesses. Typically, these vendors deliver either enterprise scale products at a high price point, or commodity products at a low price point. Enterprise scale products are designed for the many unique demands of large-scale enterprises and are complex to configure and manage. Commodity hardware vendors provide performant products with fewer features at a lower price point, often not designed for MSP deployment and management.
•Business management software vendors that focus a significant portion of their business on the MSP market provide vertically integrated service management platforms and tools to MSPs to help them operate more efficiently. Many of these vendors are not solely focused on the MSP market, and sell directly to end customers to augment their revenue.
Key competitive factors in our market include:
•reliability and performance of solutions that protect workloads — data, applications and configurations — and ensure uptime for SMBs;
•MSP-centric, turnkey product capabilities including reliability, multi-tenant cloud management, ease of deployment and manageability at scale;
•ability to provide recurring revenue and margin for MSPs;
•quality and availability of service and support;
•brand awareness, reputation and influence among MSPs; and
•programs, tools and content that help MSPs grow their businesses.
We believe that we compete favorably on these factors.
Marketing and Sales
Our marketing and sales approach begins with our leading content marketing programs that attract MSPs, nurturing these contacts and then efficiently delivering qualified leads to our sales team to close. Once a new MSP is added to our platform, our sales team works with them to help them grow. Using our go-to-market enablement programs, MSPs add new SMBs and sell additional Datto products to their existing SMB customers. Post-sales engagement with our service and success teams ensures partners are either effectively using or are enabled to resell our products, and ongoing relationship management at scale allows our partners to sell and cross-sell more of our products.
Marketing
Our marketing engine delivers industry-leading content, which drives our target audience—MSP business owners and decision makers—to request a demo or become a partner. We distribute our content through a number of digital marketing platforms (social, pay-per-click, search engine optimization, syndication, webinars), and we leverage demos to nurture and further qualify leads. Analytics of this process enable us to fine tune programs and content to drive more successful and qualified lead generation.
We categorize our leads based on propensity to buy using a real-time analytical model. We leverage high touch tactics to attract the higher scoring leads and rely on self-service at the low end. We market Datto as the MSP technology company, creating technology for SMBs delivered by MSPs. Once an MSP becomes a Datto partner, we help it grow with a variety of programs to ensure they are optimally using the products they purchased and are enabled to resell our products through to SMB customers. Our marketing programs
also help our partners attract new SMB customers. We leverage our in-depth knowledge and understanding of MSPs to design these free programs, which include a marketing automation tool, robust marketing content, sales training and certifications.
We also foster one of the largest MSP communities in the world through our numerous events. DattoCon, DattoCon EMEA and MSP Technology Days are among the largest MSP events in the world. Our dedicated community development team hosts over 100 Datto virtual and in-person events annually for our partners and prospects around the globe, educating them on best practices, refreshing them on the latest technology and providing insights they can use to grow their businesses. We also exhibit at third-party in person and virtual tradeshows where we continue to engage with MSPs and expand the Datto brand. We believe that fostering a cohesive MSP community and serving as a trusted thought leader for MSPs around the world helps drive MSP growth, which in turn drives Datto growth. These events, combined with our content and digital marketing strategies, help ensure that our partners stay in touch with our brand, maintaining our lead in the MSP market.
Sales
We believe that leveraging the MSP channel creates high levels of sales productivity at low customer acquisition costs, allowing us to efficiently reach SMBs. We add MSP partners to our platform primarily through our sales team. There are three sales teams pursuing new MSP partners and covering our existing partner base: Sales Development Representatives ("SDRs"), Territory Sales Representatives ("Hunters") and Channel Growth Representatives ("Farmers"). SDRs review leads from our marketing team and qualify new partner opportunities, and Hunters are responsible for pursuing and closing these opportunities, leading to a new MSP partner adopting one or more of our products. Farmers work with our partners after their first purchase and build relationships, focusing on upsell and cross-sell opportunities. Our sales teams are organized by geography, consisting of the Americas, EMEA and APAC.
Our MSP partners become multipliers to our sales team with our Unified Continuity and Networking products. With aligned incentives, our Farmers and our partners’ own sales teams work together at scale using a range of “sell with” tactics to help such partners grow their base of SMB customers purchasing managed services powered by Datto solutions and expand their footprint within those customers. Further, our Farmers support MSPs with the enablement and training resources available on our marketing platform to help new and existing partners grow their installed base across our products.
Services, Success and Support
Services and Success
Our services team onboards MSP partners, helps them properly configure and implement our solutions and trains them to use our products to their fullest potential. Our success team provides cross-functional support for partners to drive increased adoption, product usage and subscription renewals and is responsible for relationship and escalation management.
Support
Our support team includes experienced, trained resources located around the world to provide 24x7x365 technical support for all our products. Support is included in all our offerings as long as an MSP partner’s subscription is active. All support tiers offer maintenance releases, patches and access to our support services and portal, including a documentation and knowledge repository, how-to guides, videos and a community where our partners can ask questions and find answers. Our support is distinguished by our “direct to tech” support model whereby our expert technicians immediately answer support calls and speak directly with partners to resolve issues. This includes “code red” support where we work with an MSP partner during a disaster or other incident to minimize disruption to their customer’s business.
Similar to the sales leverage we gain through the MSP channel, our partners also are a multiplier for our support team because they perform first-level technical support with SMBs, only calling Datto when they are unable to resolve an issue. In complex situations such as multiple or repeat issues affecting an MSP, our success team may get involved in an escalation. Our executive leaders also regularly speak with partners as part of our commitment to openness and accessibility.
Product Development
Product development and innovation are at the core of our business. We not only invent technology, but we also reinvent it for MSPs. Our research and development teams are composed of product management, software development and infrastructure engineering functions. These groups are responsible for the design, development, testing and delivery of our solutions. We build our products from inception to serve the needs of MSPs and their SMB customers and continually seek to improve those products.
We have designed our development processes to be highly responsive and cost-efficient. Our diversified global footprint allows us to source from a large pool of talented resources by participating in multiple labor markets. We utilize an Agile development process and small Scrum teams, each dedicated to specific product modules that follow a standard set of best practices and a common set of development values.
Intellectual Property
We rely on a combination of patent, copyright, trademark and trade secret laws in the United States and other jurisdictions, as well as confidentiality and other contractual restrictions to protect our proprietary rights, including our proprietary technology, software, know-how and brands. As of December 31, 2020, we owned 20 issued U.S. patents, with expiration dates ranging from September 2025 to May 2039. We have also filed approximately 21 currently pending patent applications. We do not believe that we are materially dependent on any one of our patents, issued or pending.
We require our employees, consultants and other third parties to enter into confidentiality and proprietary rights agreements and we control and monitor access to our software, proprietary technology and documents and other confidential information. Our policy is to require all employees and independent contractors to sign agreements assigning to us any inventions, trade secrets, developments, processes and other intellectual property generated by them on our behalf and under which they agree to protect our confidential information.
Although we rely on intellectual property rights as well as contractual protections to establish and protect our proprietary rights, we believe that factors such as the technological and creative skills of our personnel, creation of new services, features and functionality and frequent enhancements to our platform are more essential to establishing and maintaining our technology leadership position.
Human Capital
As of December 31, 2020, we had 1,743 employees, of which 1,327 (76%) were employed in the United States and 416 (24%) were employed outside of the United States. We consider our current relationship with our employees to be good. We are not party to any collective bargaining agreements. However, for one of our foreign subsidiaries, a works council represents our employees. We believe that our ability to recruit, retain and develop highly skilled talent is critical to our future success and growth. We provide our employees with competitive compensation and benefits, including opportunities for equity ownership, a 401(k) plan with company matching contributions, healthcare and insurance benefits, health savings and flexible spending accounts, parental and family leave, and paid time off.
We strive to maintain an inclusive environment free from discrimination of any kind. We believe that fostering this environment builds a foundation on which our employees are empowered to do their life's work. Our employee resource groups ("ERGs") are company-sponsored groups of employees that promote and support certain objectives including inclusion and diversity, career development and networking. As of December 31, 2020, we had four ERGs including those supporting Women in Technology, the LGBTQ community, people of color and LatinX. We aim to ensure our employees are aware of different ways to notify management of inappropriate behavior, including through a confidential hotline. Any and all reports of inappropriate behavior are taken very seriously and thoroughly investigated and remediated.
In addition, we offer high-quality learning experiences across our global business. This includes an extensive onboarding program, robust sales, product and technical training, as well as a comprehensive professional skills curriculum focused on managerial and leadership skills. We also launched an internal networking and mentoring program intended to connect employees across Datto to foster relationships, development and exchange professional and personal experiences, skills, and career paths.
General Corporate Information
We were incorporated in 2017 as Merritt Topco, Inc., a Delaware corporation, and changed our name to Datto Holding Corp. in connection with our initial public offering in 2020. We are a holding company and all of our business operations are conducted through our subsidiaries. Our principal executive offices are located at 101 Merritt 7, Norwalk, Connecticut 06851. Our telephone number is 888-995-1431. Our website address is www.datto.com. The information contained on, or that can be accessed through, our website is not incorporated by reference into this Annual Report, and you should not consider any information contained on, or that can be accessed through, our website as part of this Annual Report on Form 10-K.
Other Available Information
Please note that in addition to filing our periodic and current reports, we may announce material business and financial information to our investors using filings we make with the Securities and Exchange Commission ("SEC"), webcasts, press releases, conference calls, and our investor relations website which can be found at www.investors.datto.com. The SEC maintains an internet site that contains reports, proxy and information statements, and other information regarding issuers that file electronically with the SEC at http://www.sec.gov. We use these mediums, including our website, to communicate with our stockholders and the public about our company. It is possible that the information that we make available through these mediums may be deemed to be material information. We therefore encourage investors and others interested in our company to review all such mediums.
Implications of Being an Emerging Growth Company
We qualify as an “emerging growth company” as defined in the Jumpstart Our Business Startups Act of 2012, or the JOBS Act. We will remain an emerging growth company until the earliest of (1) December 31, 2025, (2) the last day of the fiscal year in which we have total annual gross revenue of at least $1.07 billion, (3) the last day of the fiscal year in which we are deemed to be a large accelerated filer (this means the market value of common that is held by non-affiliates exceeds $700.0 million as of the end of the second quarter of that fiscal year) or (4) the date on which we have issued more than $1.0 billion in non-convertible debt securities during the prior three-year period.
An emerging growth company may take advantage of reduced reporting requirements that are otherwise applicable to public companies. These provisions include, but are not limited to:
•not being required to comply with the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act of 2002, as amended, or the Sarbanes-Oxley Act;
•reduced disclosure obligations regarding executive compensation in periodic reports, proxy statements and registration statements; and
•exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and shareholder approval of any golden parachute payments not previously approved.
We have elected to take advantage of certain of the reduced disclosure obligations regarding financial statements and executive compensation in this Annual Report on Form 10-K and expect to elect to take advantage of other reduced burdens in future filings. As a result, the information that we provide to our shareholders may be different than you might receive from other public reporting companies in which you hold equity interests.
The JOBS Act also permits an emerging growth company like us to take advantage of an extended transition period to comply with new or revised accounting standards applicable to public companies. We have elected to opt-in to this extended transition period for complying with new or revised accounting standards and, therefore, we will not be subject to the same new or revised accounting standards as other public companies that comply with such new or revised accounting standards on a non-delayed basis.
ITEM 1A. RISK FACTORS
Our business, financial condition and operating results can be affected by a number of factors, whether currently known or unknown, including but not limited to those described below, any one or more of which could, directly or indirectly, cause our actual financial condition and operating results to vary materially from past, or from anticipated future, financial condition and operating results. Any of these factors, in whole or in part, could materially and adversely affect our business, financial condition, operating results and stock price.
Because of the following factors, as well as other factors affecting our financial condition and operating results, past financial performance should not be considered to be a reliable indicator of future performance, and investors should not use historical trends to anticipate results or trends in future periods.
Risk Factors Summary
The following is a summary of the principal risks that could adversely affect our business, operations and financial results:
Risks Related to the COVID-19 Pandemic
•our business could experience an adverse impact as a result of the COVID-19 pandemic;
Risks Related to Our Brand and Industry
•we face intense competition in our market;
•our competitive position will be harmed if we do not respond promptly to end-user needs in the rapidly evolving SMB IT market;
•we depend on growth in the SMB IT market;
Risks Related to our Operating Results
•our operating results may vary significantly from period to period and be unpredictable;
•we may not be able to achieve or sustain the same level of cash flows in the future;
•if we do not attract new MSP partners, our future results of operations could be harmed;
•we may be unable to sell additional products and subscriptions to our MSP partners;
•we may fail to manage our growth effectively;
•our business is susceptible to risks associated with international operations;
•volatility in the global economy could adversely impact our continued growth, operations and forecasts;
•our ability to sell our products and subscriptions will be very limited if our MSP partners fail to perform;
•our success depends on our ability to recruit, retain and develop key employees and management personnel;
•our operating results could be harmed if Microsoft or Google restrict access to the application programming interfaces we rely on in order to back up Microsoft 365 and Google Workspace;
•we invest in research and development activities which may achieve delayed, or lower than expected, benefits;
•manufacturing delays and pricing fluctuations could prevent us from shipping orders on time or on a cost-effective basis;
•insufficient inventory may cause lost sales opportunities, while excess inventory may harm our gross margins;
•some of the key components in our products come from limited sources of supply;
•our sales are dependent on the quality of our technical support services and those of our MSP partners;
•we could be obligated to provide credits for future service if we fail to meet contractual commitments related to response time governing our business management solutions;
•indemnity provisions in agreements potentially expose us to substantial liability for intellectual property infringement and other similar claims and losses;
•our software, website, hardware, hosted and internal systems may be subject to intentional or accidental disruption or penetration from external attackers or insiders;
•interruptions in services provided by our data centers or third parties could impair the delivery of our service;
•our products may become less competitive or obsolete if we fail to integrate our products with a variety of operating systems, software applications, platforms and hardware;
•intellectual property infringement or other similar claims asserted against us, could result in significant costs;
•the success of our business depends in part on our ability to protect and enforce our intellectual property rights;
•we could lose partners or fail to increase the number of our partners if we are unable to sustain our brand recognition or our reputation is harmed;
•our ability to effectively acquire or invest in companies and to successfully integrate acquired businesses;
•foreign currency exchange rate fluctuations could harm our financial results;
•we are subject to fluctuations in interest rates;
•we may not be able to accurately or timely report our financial condition or results of operations if we are unable to remediate a material weakness in our internal control over financial reporting;
•changes in tax laws or regulations could increase the costs of our solutions and harm our business;
•our ability to utilize our net operating loss carryforwards may be limited;
Risks Related to Regulatory Compliance
•our failure to comply with legal requirements, contractual obligations and industry standards regarding security, data protection and privacy could have an adverse effect on our reputation and business;
•we function as a HIPAA “business associate” for certain of our MSP partners and, as such, are subject to strict privacy and data security requirements;
•we could be subject to penalties and sanctions if we fail to comply with anti-corruption laws;
Risks Related to Our Indebtedness
•we could incur substantially more indebtedness or make certain restricted payments, which could further exacerbate the risks associated with our substantial indebtedness;
•we may not be able to generate sufficient cash flow to service all of our indebtedness;
•our 2020 Credit Agreement may restrict our ability to respond to changes or to take certain actions;
•a lowering or withdrawal of the ratings assigned to our debt securities by rating agencies may increase our future borrowing costs and reduce our access to capital;
Risks Related to Ownership of Our Common Stock
•Vista Equity Partners, or Vista, controls us, and its interests may conflict with ours or yours in the future;
•we are a “controlled company” and you do not have the same protections as those afforded to stockholders of companies that are subject to certain governance requirements;
•we are an “emerging growth company” and have reduced public company reporting requirements;
•we have no plans to pay regular cash dividends, and you may not receive any return on investment unless you sell your common stock for a price greater than that which you paid for it; and
•we may issue shares of preferred stock in the future, which could make it difficult for another company to acquire us or could depress the price of our common stock.
Risks Related to the COVID-19 Pandemic
The impact of the ongoing COVID-19 pandemic, including the resulting global economic downturn, is highly uncertain and difficult to predict at this time, but it may have a material adverse impact on our business, prospects, results of operations, financial condition, liquidity and cash flows.
In March 2020, the World Health Organization categorized COVID-19 as a pandemic, and the government of the United States declared the COVID-19 outbreak a national emergency. COVID-19 continues to spread throughout the United States and globally, and the duration, magnitude and severity of its effects and ultimate impact on the world’s population and the global economy are unknown. To attempt to mitigate the spread of the pandemic, many authorities, including state, local, and foreign governments, have put in place travel bans and restrictions, quarantines, shelter-in-place orders, shutdowns, and other government orders and restrictions. These restrictions and orders have resulted in business disruptions and closures, work stoppages, slowdowns and delays, supply chain disruptions, work-from-home policies, and cancellation or postponement of events, among other effects that could adversely impact our operations, including affecting the behavior and operations of our MSP partners, their SMB customers and our suppliers.
In response to these government actions and mandates, we have modified and may continue to modify our business practices, including, among others, directing almost all employees to work from home, substantially curtailing employee travel, cancelling or shifting events and conferences to virtual-only, increasing inventories of key device and cloud infrastructure components, and working with our network of suppliers to ensure future orders can be fulfilled. There is no certainty that the measures we or governmental authorities have taken will be sufficient to mitigate the risks posed by the pandemic, and our ability to operate normally could be harmed.
We are unable to predict the impact that the COVID-19 pandemic will ultimately have on our results of operations, financial condition, liquidity and cash flows because of numerous uncertainties, including the duration and severity of the pandemic and the impact of the various mitigation efforts. To date, we have experienced lower sales bookings, moderately slower ARR and subscription growth, and moderately slower and lower cash collections from existing MSP partners. The COVID-19 pandemic has caused a global economic downturn that could materially and adversely affect demand for our products and services as well as our results of operations and financial condition even after the pandemic is contained and global economic activity stabilizes. The COVID-19 pandemic, as well as intensified measures undertaken to contain the spread of COVID-19, could decrease the spending of our existing and potential new MSP partners or their SMB customers; cause our MSP partners to fail to renew, reduce, shorten, terminate, or renegotiate their subscriptions for our services; and continue to lengthen collection periods of accounts receivable. Some of our MSP partners or their SMB customers have experienced and may continue to experience financial hardships which could result in delayed or uncollectible payments. In particular, SMBs may be more susceptible to the adverse effects of economic fluctuations, including as a result of the COVID-19 pandemic. Any of these developments could adversely affect our business, results of operations, and financial condition. Additionally, concerns over the economic impact of the COVID-19 pandemic have caused extreme volatility in financial and other capital markets which may adversely impact our stock price.
While most of our operations can be performed remotely, there is no guarantee that we will be as effective while working remotely because our team is dispersed, many employees may have additional personal needs to attend to, and employees may become sick themselves and be unable to work. Decreased effectiveness of our team could adversely affect our results because of our inability to meet in person with potential MSP partners or customers, cancellation of and inability to participate in in-person conferences and other industry events that lead to sales generation, longer time periods to deploy software and support our products, or other decreases in productivity that could seriously harm our business. Significant management time and resources may be diverted from our ordinary business operations in order to develop, implement and manage workplace safety strategies and as we attempt to return to office workplaces, and to address other business issues related to the pandemic.
As a result of the COVID-19 pandemic, we may (1) decide to postpone or cancel planned investments in our business in response to changes in our business, or (2) experience difficulties in recruiting or retaining personnel, each of which may impact our ability to respond to our MSP partners’ needs and fulfill contractual obligations. In addition, as a result of financial or operational difficulties, our suppliers may experience delays or interruptions in their ability to provide services to us, if they are able to do so at all. Any disruptions to services provided to us by third parties that we rely upon to provide our solutions, including as a result of actions outside of our control, could significantly impact our continued performance.
Risks Related to Our Brand and Industry
We face intense competition in our market, especially from larger, well-established companies and vendors with an MSP focus, and we may not be able to maintain or improve our competitive position.
We operate in an intensely competitive and dynamic industry driven by the technology needs of SMBs and MSPs. We expect competition to increase in the future from established competitors and new market entrants. SMBs are increasingly turning to MSPs, to service their technology needs because of increasing complexity and enhanced regulatory and security risks. MSPs, as a result, are
constantly looking for the next service offering for their customers. Our competition is generally comprised of enterprise IT vendors and emerging innovators with niche point solutions, which include:
•Continuity vendors that provide image-based backup solutions with on-premise only, cloud-only or hybrid infrastructure. The level of continuity provided by image-based backup vendors varies widely, from simple image copy to complex image orchestration, copy, failover and failback. Many vendors providing continuity solutions are not exclusively focused on serving MSPs. Vendors in the continuity space include Barracuda, StorageCraft, Acronis and Veeam.
•Networking vendors that sell a mix of edge routers, WiFi access points and switches to small, medium and large businesses. Typically, these vendors deliver either enterprise scale products at a high price point, or commodity products at a low price point. Vendors in this space include Cisco Meraki, Ubiquiti and Aruba.
•Business management software vendors that focus a significant portion of their business on the MSP market, providing vertically integrated service management platforms and tools to MSPs to help them operate more efficiently. Many of these vendors are not solely focused on the MSP market, and sell directly to end customers to augment their revenue. ConnectWise, Kaseya and Solarwinds are examples of such vendors.
Many of our existing competitors have, and some of our potential competitors could have, substantial competitive advantages such as:
•greater name recognition and longer operating histories;
•broader distribution and established relationships with MSPs;
•larger sales and marketing budgets and resources;
•greater customer support resources;
•greater resources to make strategic acquisitions or enter into strategic partnerships;
•lower labor and development costs;
•larger and more mature intellectual property portfolios; and
•substantially greater financial, technical and other resources.
In addition, some of our larger competitors have substantially broader and more diverse product and services offerings, which may make them less susceptible to downturns in a particular market and allow them to leverage their relationships based on other products or incorporate functionality into existing products to grow their business in a manner that discourages users from purchasing our products and subscriptions, including through selling at zero or negative margins, offering concessions, product bundling or closed technology platforms. Many of our smaller competitors that specialize in one particular offering designed specifically for MSPs, such as network assessment utilities, documentation tools, management dashboards, monitoring agents, security solutions or cloud migration capabilities, are often able to deliver these specialized products to the market more quickly and cheaply than we can.
MSPs or SMBs that use legacy products and services of our competitors may believe that these products and services are sufficient to meet their IT needs or that our platform only serves the needs of a portion of the SMB IT market. Accordingly, these organizations may continue allocating their IT budgets for such legacy products and services and may not adopt our Unified Continuity, Networking and Business Management software, solutions and hardware. Further, many organizations have invested substantial personnel and financial resources to design and operate their networks and have established deep relationships with other providers of the products we offer. As a result, these organizations may prefer to purchase from their existing suppliers rather than to add or switch to a new supplier using our products and services, regardless of product performance, features or greater service offerings, or may be more willing to incrementally add solutions to their existing IT infrastructure from existing suppliers than to replace it wholesale with our solutions.
Conditions in our market could change rapidly and significantly as a result of technological advancements, partnering or acquisitions by our competitors, or continuing market consolidation. New start-up companies that innovate and large competitors that make significant investments in research and development may invent similar or superior products and technologies that compete with our products and subscriptions. Some of our competitors have made or could make acquisitions of businesses that may allow them to offer more directly competitive and comprehensive products than they had previously offered and adapt more quickly to new technologies and MSP or SMB needs. Our current and potential competitors may also establish cooperative relationships among themselves or with third parties that may further enhance their resources and better compete with our MSP partner network.
These competitive pressures in our market or our failure to compete effectively may result in price reductions, fewer orders, reduced revenue and gross margins and loss of market share. Any failure to meet and address these factors could seriously harm our business and operating results.
We depend on growth in the SMB IT market, and lack of growth or contraction in this market could have a material adverse effect on our sales and financial condition.
Demand for SMB IT is linked to growth in the amount of data generated and stored, demand for data retention and management (whether as a result of regulatory requirements or otherwise) and demand for and adoption of new storage devices and networking technologies. Because our software, solutions and hardware are concentrated within SMB IT, if the demand for unified continuity, networking or business management solutions declines or develops more slowly than we expect, our sales, results of operations and financial condition would be materially adversely affected. Segments of the IT services industry have in the past experienced significant economic downturns. The occurrence of any of these factors in the data and information management software market could materially adversely affect our sales, results of operations and financial condition.
Furthermore, the SMB IT market is dynamic and evolving. Our future financial performance will depend in large part on continued growth in the number of SMBs adopting IT management software for their computing environments through our MSP partners. The SMB IT market may not continue to grow at historic rates, or at all. If this market fails to grow or grows more slowly than we currently anticipate, our sales and results of operations could be adversely affected.
If we do not accurately predict, prepare for and respond promptly to rapidly evolving technological and market developments to meet changing end-user needs in the SMB IT market and the corresponding needs of MSPs, our competitive position and prospects will be harmed.
The SMB IT market has grown quickly and is expected to continue to evolve rapidly. Moreover, many of our users operate in markets characterized by rapidly changing technologies and business plans, which require them to adopt increasingly complex networks, incorporating a variety of hardware, software applications, operating systems and networking protocols. Our long-term growth depends on our ability to continually enhance and improve our existing products and develop or acquire new products that address the common problems encountered by technology professionals on a daily basis in an evolving IT services market. If we fail to accurately predict the changing needs of SMBs or MSPs and emerging technological trends in the SMB IT market, including in the areas of unified continuity, networking and business management, our business and operating results could be harmed. In particular, our continuity solutions represent a significant source of our revenue and any decrease in demand for these solutions due to competitors’ technologies or changing SMB needs would adversely impact our revenue and operating results.
The technology in our software solutions and hardware is especially complex because it needs to effectively enable MSPs to address and solve critical workflow and operational challenges of SMBs and to do so remotely and quickly with multiple SMB customers. Additionally, some of our new products’ features and related enhancements may require us to develop new hardware architectures that involve complex, expensive and time-consuming research and development processes. The development of our software, solutions and hardware is difficult and the timetable for commercial release and availability is uncertain as there can be long time periods between releases and availability of new features. If we experience unanticipated delays in the availability of new products, features and subscriptions, and fail to meet partner expectations for such availability, our competitive position and business prospects will be harmed.
Additionally, we must commit significant resources to developing new features before knowing whether our investments will result in products, subscriptions and features the market will accept. The development and introduction of new solutions involves a significant commitment of time and resources and are subject to a number of risks and challenges including but not limited to lengthy development cycles, evolving industry standards and technological developments by our competitors and partners, evolving platforms, operating systems and hardware products, related product and service interoperability challenges, entering into new or unproven markets, trade compliance difficulties and obtaining sufficient licenses to technology and technical access to operating system software. The success of new features depends on several factors, including appropriate new product definition, differentiation of new products, subscriptions and features from those of our competitors, and market acceptance of these products, subscriptions and features. Moreover, successful new product introduction and transition depends on a number of factors including our ability to manage the risks associated with new product production ramp-up issues, the availability of application software for new products, the effective management of purchase commitments and inventory, the availability of products in appropriate quantities and costs to meet anticipated demand and the risk that new products may have quality or other defects or deficiencies, especially in the early stages of introduction.
There can be no assurance that we will successfully identify opportunities for new products and subscriptions, develop and bring new products and subscriptions to market in a timely manner or achieve market acceptance of our products and subscriptions, or that products, subscriptions and features developed by others will not render our products, subscriptions, features or technologies obsolete or noncompetitive. The increasing prevalence of cloud and SaaS delivery models offered by us and our competitors may unfavorably impact pricing for both our on-premise and cloud-based offerings, as well as overall demand for our on-premise software and service offerings, which could reduce our revenues and harm our results of operations. Specifically, our Unified Continuity business line may be adversely affected by technological advances that allow similar services to be effectively provided through the public cloud, which could drastically reduce the demand for on-premise backup solutions. Currently, our on-premise offerings provide backup recovery services and response times that greatly exceed the offerings that can be provided by solely cloud-based providers. We are able to provide these
superior services in part due to the physical on-premise location of the devices that enable many of our business continuity and disaster recovery, or BCDR, solutions. Currently, the cloud technology cannot compete with our BCDR services due to transmission constraints and cost factors, as well as lack of control over data in the public cloud. However, if competitors were to develop affordable public cloud-based technologies that could provide similar BCDR response times and services, these competitors could replace the need for our hybrid on-premise offerings and solutions. If this public cloud-based technology were to develop and be offered to the market and we did not adequately adapt our own offerings, we would face the risk of MSPs and SMBs choosing our competitors’ cloud-based offerings in lieu of our offerings.
Risks Related to our Operating Results
Our operating results may vary significantly from period to period and be unpredictable, which could cause the market price of our common stock to decline.
While our operating results, in particular, our revenues, have historically been recurring and predictable from period to period, variation may occur as a result of a number of factors, many of which are outside of our control and may be difficult to predict, including:
•our ability to attract and retain new MSP partners or sell additional products and subscriptions to our existing MSP partners for internal use or resale to their SMB customers;
•our ability to expand our sales and marketing operations in order to achieve broader market penetration;
•a decline in subscription renewals;
•the budgeting cycles, seasonal buying patterns and purchasing practices of our MSP partners and their SMB customers;
•changes in MSPs’ and SMBs’ requirements or market needs;
•our ability to obtain, maintain, protect and enforce our intellectual property rights;
•price competition;
•the timing and success of new product and service introductions by us or our competitors or any other change in the competitive landscape of our industry, including consolidation among our competitors, MSP partners or SMBs and strategic partnerships entered into by and between our competitors;
•changes in the mix of our products and subscriptions, including changes in multi-year subscriptions;
•our ability to successfully and continuously expand our business domestically and internationally;
•changes in the growth rate of the enterprise-grade technology services market for SMBs;
•timing and amount of our investments to expand the capacity in our data center facilities;
•deferral of orders from MSP partners in anticipation of new products or product enhancements announced by us or our competitors;
•the timing, costs and effects related to the development or acquisition of technologies, businesses or strategic partnerships and their integration;
•decisions by potential SMBs to purchase software and technology from MSP partners other than those that offer our products and services;
•changes in SMB market penetration through MSP partners or renewal rates for our subscriptions;
•timing of revenue recognition and revenue deferrals;
•our ability to manage production and manufacturing related costs, global customer service organization costs, inventory excess and obsolescence costs and warranty costs;
•insolvency or credit difficulties confronting our MSP partners or their SMB customers, which could adversely affect our partners’ ability to purchase or pay for our products and subscription and support offerings;
•our inability to fulfill our MSP partners’ orders due to supply chain delays or events that impact our manufacturers or their suppliers;
•changes in regulatory or legal environments that may cause us to incur, among other elements, expenses associated with compliance;
•significant security breaches of, technical difficulties with, or interruptions to, the delivery and use of our products;
•future accounting pronouncements or changes in our accounting policies;
•future changes in tax rates in jurisdictions in which we operate;
•increases or decreases in our revenue and expenses caused by fluctuations in foreign currency exchange rates, as an increasing amount of our revenue and expenses is generated and incurred and paid in currencies other than the U.S. dollar;
•increases or decreases in our expenses caused by fluctuations in tariffs between the United States and countries in which we have supplier relationships;
•political, economic and social instability caused by the referendum in June 2016, in which voters in the United Kingdom, or U.K., approved an exit from the European Union, or E.U., and the U.K. government subsequently notified the E.U. of its withdrawal, which is commonly referred to as “Brexit,” continued hostilities in the Middle East, terrorist activities and any disruption these events may cause to the broader global industrial economy; and
•general macroeconomic conditions, both domestically and in our foreign markets that could impact some or all regions where we operate.
Any one of the factors above, or the cumulative effect of some of the factors referred to above, may result in significant fluctuations in our financial and other operating results. This variability and unpredictability could result in our failure to meet our revenue, margin or other operating result expectations or those of securities analysts or investors for a particular period. If we fail to meet or exceed such expectations for these or any other reasons, the market price of our common stock could fall substantially, and we could face costly lawsuits, including securities class action suits.
We may not be able to achieve or sustain the same level of cash flows in the future.
We expect our operating expenses may increase over the next several years as we hire additional personnel, expand our operations and infrastructure, both domestically and internationally, pursue business combinations and continue to develop our software, hardware and services. As a public company, we may incur additional legal, accounting and other expenses that we did not incur historically. If our revenue does not increase to offset these increases in our operating expenses, we will not be able to achieve or maintain profitability in future periods. While historically our total revenue has grown, not all components of our total revenue have grown consistently. Further, in future periods, our revenue growth could slow or our revenue could decline for a number of reasons, including slowing demand for our software, hardware or services, increasing competition, any failure to gain or retain or increase sales to MSP partners, a decrease in the growth of our overall market, our technology or services becoming obsolete due to technical advancements in the SMB IT market or our failure, for any reason, to continue to capitalize on growth opportunities. As a result, our past financial performance should not be considered indicative of our future performance. Any failure by us to achieve or sustain cash flows on a consistent basis could cause us to halt our expansion, not pursue strategic business combinations, default on payments due on existing contracts, fail to continue developing our software, hardware and services or result in other negative changes in our business.
If we are unable to attract new MSP partners, our future results of operations could be harmed.
To increase our revenue and achieve and maintain profitability, one important component is our ability to add new MSP partners to purchase our products both for their own use and for resale to their SMB customers. To do so, we must successfully convince MSP partners that, as they adopt and look to resell our software and technology, including Unified Continuity, Networking and Business Management products, our products provide significant advantages over legacy software and technology and are more marketable to SMBs. In addition, numerous other factors, many of which are out of our control, may now or in the future impact our ability to add new MSP partners, including potential MSP partners’ commitments to legacy software and technology providers and products, MSP preference for working with other providers of similar products, MSP partners’ and SMBs’ real or perceived switching costs, our failure to recruit, train, retain and motivate sufficient numbers of sales and marketing personnel, our failure to develop or expand relationships with our MSP partners or to attract new MSP partners, failure by us to help our MSP partners successfully deploy, troubleshoot and manage our solutions for their own use or on behalf of SMB customers, negative media or industry or financial analyst commentary regarding us or our solutions, litigation and deteriorating general economic conditions. If our efforts to attract new MSP partners are not successful, our revenue and rate of revenue growth may decline, we may not achieve profitability and our future results of operations could be materially harmed.
If we are unable to sell additional products and subscriptions to our MSP partners or they are unable to resell additional offerings to their SMB customers, our future revenue and operating results will be harmed.
Our future success depends, in part, on our ability to expand the deployment of our software and solutions with existing MSP partners, which are both the customers of our Business Management solutions and our primary channel for effectively reaching their SMB customers with our Unified Continuity and Networking solutions. Currently, all of our products are sold on a recurring subscription basis and we rely on SMB demand to drive MSP purchases of our Unified Continuity and Networking solutions. Therefore, our success may require increasingly sophisticated and costly sales efforts to collaborate with MSP partners that may not result in additional sales. The rate at which our MSP partners purchase additional products and subscriptions depends on a number of factors, including the perceived need of SMBs for additional or alternative software and technology, including our offerings, as well as general economic conditions.
We rely on revenue from subscription offerings, and because we recognize revenue from subscription over the term of the relevant service period, downturns or upturns in sales of these subscription offerings are not immediately reflected in full in our operating results.
All of our products are sold on a recurring subscription basis, with recurring revenue representing approximately 94% of total revenue for the year-ended December 31, 2020. Sales of new or renewal subscription contracts may decline and fluctuate as a result of a number of factors, including MSP partners’ and SMBs’ level of satisfaction with our products, subscriptions and customer support, the prices of our products and subscriptions, the prices of products and services offered by our competitors and reductions in our MSP partners’ and the SMBs’ spending levels. Accordingly, we must invest significant time and resources in providing ongoing value to our MSP partners and thereby indirectly to their SMB customers. If our sales of new or renewal subscription contracts decline, our total revenue and revenue growth rate may decline and our business will suffer. In addition, we recognize subscription revenue monthly over the term of the relevant service period, which is typically one to three years or monthly. As a result, a portion of the subscription revenue we report each fiscal quarter is the recognition of deferred revenue from subscription contracts entered into during previous fiscal quarters.
Further, existing MSP partners may opt not to renew their subscriptions after the completion of their initial contract period. Our MSP partners have no obligation to renew their subscriptions for our products after the expiration of their subscription period. Our MSP partners’ renewal rates may decline or fluctuate as a result of a number of factors, including their level of satisfaction and their SMB customers’ level of satisfaction with our subscriptions and our support offerings, the frequency and severity of subscription outages, our product uptime or latency and the pricing of our, or competing, subscriptions. Additionally, some MSP partners may renew their subscriptions for month-to-month terms or on other terms that are less economically beneficial to us. If our efforts to sell additional products and subscriptions to and through the MSP partners are not successful or our MSP partners do not renew their subscriptions or renew them on less favorable terms, our revenues may grow more slowly than expected or decline.
Consequently, a decline in new or renewed subscription contracts in any one fiscal quarter may not be fully or immediately reflected in revenue in that fiscal quarter and could negatively affect our revenue in future fiscal quarters. Also, it is difficult for us to rapidly increase our subscription revenue through additional subscription sales in any period, as revenue from new and renewal subscription contracts must be recognized over the applicable service period.
We have experienced substantial growth in recent years, and if we fail to manage our growth effectively, we may be unable to execute our business plan, maintain high levels of MSP partner satisfaction or adequately address competitive challenges, and our financial performance may be adversely affected.
Our business has rapidly grown, which has resulted in large increases in our number of employees, expansion of our infrastructure, new internal systems and other significant changes and additional complexities. We increased our total number of employees to 1,743 as of December 31, 2020, from 1,734 and 1,444 at December 31, 2019 and 2018, respectively. While we intend to further expand our overall business, partner base and number of employees, our historical growth rate is not necessarily indicative of the growth that we may achieve in the future. The growth in our business generally and our management of a growing workforce and MSP partner base geographically dispersed across the United States and internationally will require substantial management effort, infrastructure and operational capabilities. To support our growth, we must continue to improve our management resources and our operational and financial controls and systems, and these improvements may increase our expenses more than anticipated and result in a more complex business. We will also have to anticipate the necessary expansion of our relationship management, implementation, customer service and other personnel to support our growth and achieve high levels of customer service and satisfaction. Our success will depend on our ability to plan for and manage this growth effectively. If we fail to anticipate and manage our growth or are unable to provide high levels of customer service, our reputation, as well as our business, results of operations and financial condition, could be harmed.
Because our long-term success depends on our ability to operate our business internationally and increase sales of our products to MSP partners located outside of the United States, our business is susceptible to risks associated with international operations.
We have international operations in Australia, Canada, China, Denmark, Germany, the Netherlands, Singapore and the United Kingdom. We also expect to continue to expand our international operations for the foreseeable future. The continued international expansion of our operations requires significant management attention and financial resources and results in increased administrative and compliance costs. Although we continue to develop strategies to address international markets, our limited experience in operating our business in certain regions outside the United States increases the risk that our expansion efforts into those regions may not be successful. These risks include, but are not limited to:
•fluctuations in currency exchange rates;
•the complexity of, or changes in, foreign regulatory requirements, including more stringent regulations relating to privacy and data security and the unauthorized use of, or access to, commercial and personal information, particularly in Europe;
•difficulties in managing the staffing of international operations, including compliance with local labor and employment laws and regulations;
•potentially adverse tax consequences, including the complexities of foreign value added tax systems, overlapping tax regimes, restrictions on the repatriation of earnings and changes in tax rates, including the impact of Brexit;
•dependence on MSP partners to increase customer acquisition or drive localization efforts;
•the burdens of complying with a wide variety of foreign laws and different legal standards;
•the need to adapt and localize our products for specific countries;
•increased financial accounting and reporting burdens and complexities;
•longer payment cycles and difficulties in collecting accounts receivable;
•longer sales cycles;
•political, social and economic instability abroad;
•terrorist attacks and security concerns in general;
•reduced or varied protection for intellectual property rights in some countries; and
•the risk of U.S. regulation of foreign operations.
The occurrence of any one of these risks or other risks that we may not be able to anticipate could negatively affect our international business and, consequently, our operating results. We cannot be certain that the investment and additional resources required to establish, acquire or integrate operations in other countries will produce desired levels of revenue or profitability. If we are unable to effectively manage our expansion into additional geographic markets, our financial condition and results of operations could be harmed.
In particular, we operate a portion of our research and development activities internationally and outsource a portion of the coding and testing of our products and product enhancements to contract development vendors. These activities take place in a variety of locations, including China, the United Kingdom, Germany and Denmark. We believe that performing research and development in our international facilities and supplementing these activities with our contract development vendors enhances the efficiency and cost-effectiveness of our product development. If we experience problems with our workforce or facilities internationally, we may not be able to develop new products or enhance existing products in a cost-efficient and effective alternate manner.
We are monitoring developments related to the U.K.’s 2016 referendum in which U.K. voters approved Brexit. The United Kingdom officially exited the European Union on January 31, 2020 and the transition period during which most E.U. rules continued to apply expired on December 31, 2020. Although the U.K. and the European Union have reached an agreement on certain terms concerning the U.K.'s withdrawal, there remains substantial uncertainty regarding the details of the U.K.'s ongoing relationship with the European Union. The potential effects of Brexit on our business remain uncertain and will depend upon any agreements the United Kingdom makes to retain access to E.U. markets. Since we have operations in the United Kingdom and Europe, Brexit could potentially have corporate structural consequences, adversely change tax benefits or liabilities and disrupt some of the markets and jurisdictions in which we operate. In addition, Brexit could lead to legal uncertainty and potentially divergent national laws and regulations as the United Kingdom determines which E.U. laws to replace or replicate.
Volatility in the global economy could adversely impact our continued growth, results of operations and our ability to forecast future business.
As our business has expanded globally, we have become increasingly subject to the risks arising from adverse changes in domestic and global economic and political conditions. Uncertainty in the macroeconomic environment and associated global economic conditions have resulted in volatility in credit, equity, debt and foreign currency markets as well as government budgets worldwide.
These global economic conditions can result in slower economic activity, decreased consumer confidence, reduced corporate profits and capital spending, adverse business conditions and liquidity concerns. There has also been increased volatility in foreign exchange markets. These factors make it difficult for our MSP partners, our vendors and us to accurately forecast and plan future business activities. In addition, these factors could cause our MSP partners to slow or defer spending on our solutions, which would delay and lengthen sales cycles and negatively affect our results of operations. If such conditions deteriorate or if the pace of economic recovery is slower or more uneven, our results of operations could be adversely affected, we may not be able to sustain the growth rates we have experienced recently, and we could fail to meet the expectations of stock analysts and investors, which could cause the price of our common stock to decline.
We continue to invest in our business in the European and Asia-Pacific regions. There are significant risks with overseas investments and growth prospects in these regions. Increased volatility or declines in the credit, equity, debt and foreign currency markets in these regions could cause delays in or cancellations of orders. Deterioration of economic conditions in the countries in which we do business could also cause slower or impaired collections on accounts receivable. In addition, we could experience delays in the payment obligations of our MSP partners if they experience weakness in the SMB market, which would increase our credit risk exposure and harm our financial condition.
Most of our revenue is generated by sales through our MSP partners, and if these MSP partners fail to perform, our ability to sell and distribute our products and subscriptions will be very limited, and our operating results will be harmed.
Most of our revenue is generated by sales through our MSP partners. We provide our MSP partners with training materials and programs to assist them in selling our products and subscriptions, but there can be no assurance that these steps will be utilized or effective. Even following an effective onboarding of an MSP partner that understands our products and how to manage them on behalf of their SMB customers, it may take several months or more for a new MSP partner to achieve productivity. In addition, our MSP partners may be unsuccessful in marketing, selling and supporting our products and subscriptions and can cease marketing or reselling our solutions at any time with limited or no notice. We may not be able to incentivize these MSP partners to sell our products and subscriptions to SMBs. A substantial number of our agreements with our MSP partners are non-exclusive such that those MSP partners may offer customers the solutions of several different companies, including solutions that compete with ours. These MSP partners may also have incentives to promote our competitors’ products and may devote more resources to the marketing, sales and support of competitive products. Our agreements with our MSP partners may generally be terminated for any reason by either party upon the expiration of the applicable annual or monthly subscription period, subject to compliance with the notice requirements set forth in the applicable agreement.
We cannot be certain that we will retain these MSP partners or that we will be able to secure additional or replacement MSP partners. We also cannot be certain that our MSP partners will retain their SMB customers to which they resell our products. Our MSP partner sales structure could subject us to lawsuits, potential liability and reputational harm if, for example, any of our MSP partners misrepresent the functionality of our products, improperly market our products or subscriptions to SMB customers or violate laws or our corporate policies. Because our MSP partners market our products without our direct oversight, any misrepresentation or inappropriate marketing of our products or solutions by our MSP partners may cause SMB customers to be disappointed in our products or cause end-users to seek redress or assistance from us directly. If we fail to effectively manage our sales channels or MSP partners, our ability to sell our products and subscriptions and operating results will be harmed.
Our business could be materially and adversely affected as a result of natural disasters, terrorism or other catastrophic events.
Datto’s business relates to helping businesses recover in the wake of disaster by providing full image-based backup, virtualization and restore of a SMB’s full environment, as well as software as a service, or SaaS, application backup and restore and network monitoring and management. However, any economic failure or other material disruption caused by natural disasters, including fires, floods, hurricanes, earthquakes and tornadoes, power losses or shortages, environmental disasters, telecommunications or business information systems failures or break-ins and similar events could still adversely affect our ability to conduct business. If such disruptions result in cancellations of orders or contribute to a general decrease in economic activity or corporate spending on IT, or impair our ability to meet our MSP partner demands, our operating results and financial condition could be materially adversely affected. Additionally, if such disruptions were to occur within the Datto data centers and caused us to be unable to provide our continuity services, our business and operations would be materially adversely affected.
The ability to recruit, retain and develop key employees and management personnel is critical to our success and growth, and our inability to attract and retain qualified personnel could harm our business.
Our business requires certain expertise and intellectual capital, particularly within our management team. We rely on our management team in the areas of operations, research and development, information security, marketing, sales, support and general and administrative functions. We are also dependent on the continued service of our existing software engineers because of the complexity of our products. Our management team and other key personnel could terminate their employment with us at any time. The loss of one or more of our management team could have a material adverse effect on our business.
For us to compete successfully and grow, we must retain, recruit and develop key personnel who can provide the needed expertise for our industry, MSP partners and products, particularly with respect to engineering and sales. As we move into new geographic areas, we will need to attract, recruit and retain qualified personnel in those locations. In addition, acquisitions could cause us to lose key personnel of the acquired businesses. The market for qualified personnel is competitive and we may not succeed in recruiting additional key personnel or may fail to effectively replace current key personnel who depart with qualified or effective successors. We believe that replacing our key personnel with qualified successors is particularly challenging as we feel that our business model and approach to marketing and selling our products are different than those of our competitors. Any successors that we hire from outside of the Company, in particular, sales representatives, would likely be unfamiliar with our business model and may therefore require significant time to understand and appreciate the important aspects of our business or fail to do so altogether. Our effort to retain and develop personnel may also result in significant additional expenses, including stock-based compensation expenses, which could adversely affect our results of operations. New regulations and volatility or lack of performance in our stock price could also affect the value of our equity awards, which could affect our ability to attract and retain our key employees. We have made significant changes, and may make additional changes in the future, to our management team and other key personnel. We cannot provide assurances that key personnel will continue to be employed by us or that we will be able to attract and retain qualified personnel in the future. Failure to retain or attract key personnel could have a material adverse effect on our business.
If Microsoft or Google were to restrict access to the application programming interfaces, or APIs, we rely on in order to back up Microsoft 365 and Google Workspace, it could harm our operating results.
We work with Microsoft and Google to make efficient use of Microsoft 365 and Google Workspace APIs in order to efficiently consume data and restore services. If Microsoft or Google were to make these APIs (or similar APIs for successor products) unavailable to companies like Datto, we would not have an alternate solution to backup Microsoft 365 and Google Workspace. As a result, our operating results and revenue may be harmed if MSPs decline to renew their subscriptions with us due to our inability to backup Microsoft 365 and Google Workspace.
We invest in research and development activities in both the short and long term, and these investments may achieve delayed, or lower than expected, benefits which could harm our operating results.
While we continue to focus on managing our costs and expenses, we also continue to invest significantly in research and development activities, in both the short and long term, as we focus on organic growth through internal innovation across each of our product offerings. We believe that we must continue to dedicate a significant amount of resources to our research and development efforts to maintain our competitive position, and that the level of these investments will increase in future periods. We recognize the costs associated with these research and development investments earlier than the anticipated benefits, and the return on these investments may be lower, or may develop more slowly, than we expect. If we do not achieve the benefits anticipated from these investments, or if the achievement of these benefits is delayed, our operating results may be adversely affected.
Because we depend on manufacturing partners to build and ship components of our products, we are susceptible to manufacturing and logistics delays and pricing fluctuations that could prevent us from shipping orders on time, if at all, or on a cost-effective basis, which may result in the loss of sales and loss of our MSP partner relationships.
We depend on manufacturing partners as manufacturers for physical components of our product lines. Our reliance on these manufacturing partners for our hardware products and servers built for the Datto Cloud, reduces our control over the manufacturing process and exposes us to risks, including reduced control over quality assurance, product costs, product supply, timing and transportation risk. Our products are manufactured by our manufacturing partners at facilities located in, but not limited to, the United States, China, the Czech Republic, Japan, Taiwan and Thailand. Some of the components in our products are sourced either through a network of distributors or directly by us from component suppliers outside the United States. The portion of our products that are sourced outside the United States may subject us to additional logistical risks or risks associated with complying with local rules and regulations in foreign countries. Significant changes to existing international trade agreements could lead to sourcing or logistics disruption resulting from import delays or the imposition of increased tariffs on our sourcing partners. For example, the United States and Chinese governments have each enacted, and discussed potential, import tariffs. These tariffs, depending on their ultimate scope and how they are implemented, could negatively impact our business by increasing our costs. Each of these factors could severely impair our ability to fulfill orders.
In addition, we are subject to requirements under the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, or the Dodd-Frank Act, to diligence, disclose and report whether or not our products contain minerals originating from the Democratic Republic of the Congo and adjoining countries, or Conflict Minerals. Although the SEC has provided guidance with respect to a portion of the Conflict Minerals filing requirements that may somewhat reduce our reporting practices, we have incurred and expect to incur additional costs to comply with these disclosure requirements, including costs related to determining the source of any of the relevant minerals and metals used in our products. These requirements could adversely affect the sourcing, availability and pricing of minerals used in the manufacture of semiconductor devices or other components used in our products. We may also encounter MSPs or SMBs who require that all of the components of our products be certified as conflict free. If we are not able to meet this requirement, such parties may choose not to purchase our products.
Our manufacturing partners typically fulfill our supply requirements on the basis of individual purchase orders. We generally do not have long-term contracts with these manufacturers that guarantee capacity, the continuation of particular pricing terms or the extension of credit limits. Accordingly, they are not obligated to continue to fulfill our supply requirements and the prices we pay for manufacturing services could be increased on short notice. If we are required to change manufacturing partners, our ability to meet our scheduled product deliveries to our end-users could be adversely affected, which could cause the loss of sales to existing or potential end-users, delayed revenue, a strain upon our relationship or termination with the MSP partners who market our products, or an increase in our costs which could adversely affect our gross margins. Any production interruptions for any reason, such as a natural disaster, epidemic, capacity shortages or quality problems, at one of our manufacturing partners would negatively affect sales of our product lines manufactured by that manufacturing partner and adversely affect our business and operating results.
Managing the supply of our products and product components is complex. Insufficient supply and inventory may result in lost sales opportunities or delayed revenue, while excess inventory may harm our gross margins.
Our manufacturing partners procure components and build our products based on our purchase orders, and we generally do not hold inventory for a prolonged period of time. These forecasts are based on estimates of future demand for our products, which are in turn based on historical trends and analyses from our sales and product management organizations, adjusted for overall market conditions. In order to reduce manufacturing lead times and plan for adequate component supply, from time to time we may issue purchase orders for components and products that are non-cancelable and non-returnable.
Our inventory management systems and related supply chain visibility tools may be inadequate to enable us to forecast accurately and effectively manage supply of our products and product components. If we ultimately determine that we have excess supply, we may have to reduce our prices and write-down inventory, which in turn could result in lower gross margins. If our actual component usage and product demand are lower than the purchase order we provide to our manufacturing partners, we accrue for losses on manufacturing commitments in excess of forecasted demand. Alternatively, insufficient supply levels may lead to shortages that result in delayed product revenue or loss of sales opportunities altogether as potential MSP partners turn to competitors’ products that are readily available. If we are unable to effectively manage our supply and inventory, our operating results could be adversely affected.
Because some of the key components in our products come from limited sources of supply, we are susceptible to supply shortages or supply changes, which could disrupt or delay our scheduled product deliveries to our end-users and may result of in the loss of sales or a loss of MSP partner relationships.
Our products rely on key components, including our networking hardware such as access points, switches and routers, which our manufacturing partners purchase on our behalf from a limited number of component suppliers. The manufacturing operations of some of our component suppliers are geographically concentrated in Asia and elsewhere, which makes our supply chain vulnerable to regional disruptions, such as natural disasters, fire, political instability, civil unrest, a power outage or a localized health risk, and as a result could impair the volume of components that we are able to obtain.
Further, we do not have volume purchase contracts with any of our component suppliers, and they could cease selling to us at any time following the completion of an accepted purchase order. If we are unable to obtain a sufficient quantity of these components in a timely manner for any reason, sales of our products could be delayed or halted or we could be forced to expedite shipment of such components or our products at dramatically increased costs. Our component suppliers also change their selling prices frequently in response to market trends, including industry-wide increases in demand, and because we do not have volume purchase contracts with these component suppliers, we are susceptible to price fluctuations related to raw materials and components and may not be able to adjust our prices accordingly. Additionally, poor quality in any of the sole-sourced components in our products could result in lost sales or sales opportunities.
If we are unable to obtain a sufficient volume of the necessary components for our products on commercially reasonable terms or the quality of the components do not meet our requirements, we could also be forced to redesign our products and procure new components from alternate component suppliers. The resulting stoppage or delay in selling our products and the expense of redesigning our products could result in lost sales opportunities and damage to partner relationships, lawsuits and subject us to unclear liabilities and limits, which would adversely affect our business and operating results.
Our ability to sell our products and subscriptions is dependent on the quality of our technical support services and those of our MSP partners, and the failure to offer high-quality technical support services could have a material adverse effect on our MSP partners’ or their SMB customers’ satisfaction with our products and subscriptions, thereby causing MSP partners to purchase less of our products and subscriptions, which would adversely affect our business financial condition and operating results.
After our products and subscriptions are deployed within its network, an SMB depends on our MSP partners’ technical support services to resolve any issues relating to our products and realize the full benefits that our offerings provide. Although we make available to our MSP partners training materials in relation to our products, and we provide substantial customer support to our MSP partners to troubleshoot technical issues, SMB customers may not be satisfied with the service provided by our MSP partners. Our MSP partners often provide similar technical support for third-parties’ products, and may therefore have fewer resources to dedicate to the support of our products and subscriptions. If we or our MSP partners do not effectively assist our SMB customers in deploying our products and subscriptions, succeed in helping the SMB customers quickly resolve post-deployment issues or provide effective ongoing support, our ability to renew and expand our subscriptions with existing MSP partners would be adversely affected and our reputation with potential MSP partners could be damaged. Additionally, if our MSP partners do not effectively provide support to the satisfaction of their SMB customers, we may be required to provide direct support to such customers, which would require us to hire additional personnel and to invest in additional resources. It can take several months to recruit, hire and train qualified technical support employees. We may not be able to hire such resources fast enough to keep up with unexpected demand, particularly if the sales of our products exceed our internal forecasts. As a result, our ability and the ability of our MSP partners to provide adequate and timely support to their SMB customers will be negatively impacted, and customers’ satisfaction with our products and subscriptions will be adversely affected. Additionally, to the extent that we may need to rely on our sales engineers to provide post-sales support while we are ramping our support resources, our sales productivity will be negatively impacted, which would harm our revenues. Our failure or our MSP partners’ failure to provide and maintain high-quality support services could have a material adverse effect on our business, financial condition and operating results.
Our use of open source software in our products and subscriptions could negatively affect our ability to sell our products and subscriptions and subject us to possible litigation.
Our products and subscriptions contain software modules licensed to us by third-party authors under “open source” licenses. Some open source licenses contain requirements that we make available applicable source code for modifications or derivative works we create based upon the type of open source software we use. If we combine our proprietary software with open source software in a certain manner, we could, under certain open source licenses, be required to release the source code of our proprietary software to the public. This would allow our competitors to create similar products or subscriptions with lower development effort and time and ultimately could result in a loss of product sales for us.
Although we monitor and are mindful of our use of open source software to avoid subjecting our products and subscriptions to conditions we do not intend, the terms of many open source licenses have not been interpreted by United States courts, and there is a risk that these licenses could be construed in a way that could impose unanticipated conditions or restrictions on our ability to commercialize our products and subscriptions. From time to time, there have been claims against companies that distribute or use open source software in their products and subscriptions, asserting that open source software infringes the claimants’ intellectual property rights. We could be subject to suits by parties claiming infringement of intellectual property rights in what we believe to be licensed open source software. If we are held to have breached the terms of an open source software license, we could be required to seek licenses from third parties to continue offering our products and subscriptions on terms that are not economically feasible, to reengineer our products and subscriptions, to discontinue the sale of our products and subscriptions if reengineering could not be accomplished on a timely basis or to make generally available, in source code form, our proprietary code, any of which could adversely affect our business, operating results and financial condition.
In addition to risks related to license requirements, usage of open source software can lead to greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or assurance of title or controls on origin of the software. In addition, many of the risks associated with usage of open source software, such as the lack of warranties or assurances of title, cannot be eliminated, and could, if not properly addressed, negatively affect our business. We have established processes to help alleviate these risks, including a review process for screening requests from our development organizations for the use of open source software, but we cannot be sure that our processes for controlling our use of open source software in our products and subscriptions will be effective.
If we fail to meet contractual commitments related to response time, service level commitments relating to our business management tools or quality of professional services, we could be obligated to provide credits for future service, or face contract termination, which could adversely affect our business, operating results and financial condition.
Certain of our agreements contain service level agreements for our business management tools, under which we guarantee specified availability of our products and solutions. If we are unable to meet the stated service level commitments to our partners or suffer extended periods of unavailability of our products or solutions, we may be obligated to provide affected partners with service credits or
partners could elect to terminate and receive refunds for prepaid amounts. Any failure to meet these contractual commitments could adversely affect our revenue, operating results and financial condition and any failure to meet service level commitments or extended service outages of our product offerings could adversely affect our business and reputation as partners may elect not to renew and we could lose future sales.
Indemnity provisions in various agreements potentially expose us to substantial liability for intellectual property infringement and other similar claims and losses.
Our agreements with MSP partners and other third parties may include indemnification or other provisions under which we agree to indemnify or otherwise be liable to them for losses suffered or incurred as a result of claims of intellectual property infringement or similar intellectual property rights claims, damages caused by us to property or persons or other liabilities relating to or arising from the use of our hardware, software or services or other acts or omissions. The term of these contractual provisions often survives termination or expiration of the applicable agreement. As we continue to grow, the possibility of infringement claims and other intellectual property rights claims against us may increase. For any intellectual property indemnification claim against us or our partners, we may incur significant legal expenses and may have to pay damages, settlement fees, license fees and/or stop using technology found to be in violation of the third party’s rights. Large indemnity payments could harm our business, results of operations and financial condition. We may also have to seek a license for the infringing (or violative) or allegedly infringing (or violative) technology. Such license may not be available on reasonable terms, if at all, and may significantly increase our operating expenses or may require us to restrict our business activities and limit our ability to deliver certain products. As a result, we may also be required to develop alternative non-infringing (or non-violative) technology, which could require significant effort and expense and/or cause us to alter our hardware or software, which could negatively affect our business.
From time to time, MSP partners may require us to indemnify or otherwise be liable to them. Although we normally contractually limit our liability with respect to such obligations, the existence of such a dispute may have adverse effects on our partner relationship and reputation and we may still incur substantial liability related to them.
Any assertions by a third party, whether or not successful, with respect to such indemnification obligations could subject us to costly and time-consuming litigation, expensive remediation and licenses, divert management attention and financial resources, harm our relationship with that partner and other current and prospective partners, reduce demand for our platform and harm our brand, business, results of operations and financial condition.
Our relatively limited operating history makes it difficult to evaluate our current business and prospects and may increase the risk that we will not be successful.
Our relatively limited operating history makes it difficult to evaluate our current business and prospects and plan for our future growth. We were founded in 2007, with much of our growth occurring in recent years. As a result, our business model has not been fully proven, which subjects us to a number of uncertainties, including our ability to plan for and model future growth. We have encountered and will continue to encounter risks and uncertainties frequently experienced by rapidly growing companies in developing markets, including our ability to achieve broad market acceptance of our products and services, attract additional MSP partners, withstand increasing competition and manage increasing expenses as we continue to grow our business. If our assumptions regarding these risks and uncertainties are incorrect or change in response to changes in the market for our products and services, our operating and financial results could differ materially from our expectations and our business could suffer.
Acquisitions present many risks that could have a material adverse effect on our business and results of operations.
In order to expand our business, we have made several acquisitions and expect to continue acquiring or investing in businesses, joint ventures, products and platform capabilities or technologies that we believe could complement or expand our offerings, enhance our technical capabilities or otherwise offer growth opportunities. The success of our future growth strategy will depend on our ability to identify, negotiate, complete and integrate acquisitions and, if necessary, to obtain satisfactory debt or equity financing to fund those acquisitions. Acquisitions are inherently risky, and any acquisitions we complete may not be successful. Our past acquisitions and any mergers and acquisitions that we may undertake in the future involve numerous risks, including, but not limited to, the following:
•diversion of our management’s attention from normal daily operations of our business;
•our inability to maintain the key business relationships and the reputations of the businesses we acquire;
•uncertainty of entry into markets in which we have limited or no prior experience and in which competitors have stronger market positions;
•our dependence on unfamiliar affiliates, resellers, distributors and partners of the companies we acquire;
•our inability to increase revenue from an acquisition for a number of reasons, including our failure to drive demand in our existing partner base for acquired products and our failure to obtain renewals or upgrades and new product sales from customers of the acquired businesses;
•charges to our operating results from expenses incurred to effect the acquisition;
•increased costs related to acquired operations and continuing support and development of acquired products;
•changes in the fair value of any contingent consideration;
•charges to our operating results due to duplicative pre-merger activities;
•costs incurred to combine the operations of companies we acquire, such as transitional employee expenses and employee retention or relocation expenses;
•potential loss of key employees of the companies we acquire;
•our responsibility for the liabilities of the businesses we acquire;
•identification of, or changes to, assumed contingent liabilities;
•charges to our operating results due to the expensing of certain stock awards assumed in an acquisition;
•potential goodwill and intangible asset impairment charges, including a reduction in the useful lives of intangible assets acquired, and amortization associated with acquired businesses;
•long-lived asset impairment charges;
•adverse tax consequences associated with acquisitions;
•changes in how we are required to account for our acquisitions under U.S. generally accepted accounting principles, including arrangements that we assume from an acquisition;
•potential negative perceptions of our acquisitions by partners, financial markets or investors;
•failure to obtain required approvals from governmental authorities under competition and antitrust laws on a timely basis, if at all, which could, among other things, delay or prevent us from completing a transaction, or otherwise restrict our ability to realize the expected financial or strategic goals of an acquisition;
•potential increases in our interest expense, leverage and debt service requirements if we incur additional debt to pay for an acquisition; and
•our inability to apply and maintain our internal standards, controls, procedures and policies to acquired businesses.
Acquisitions or asset purchases made entirely or partially for cash may reduce our cash reserves or require us to incur additional debt under our credit agreements or otherwise. We may seek to obtain additional cash to fund an acquisition by selling equity or debt securities. We may be unable to secure the equity or debt funding necessary to finance future acquisitions on terms that are acceptable to us. If we finance acquisitions by issuing equity or convertible debt securities, our existing stockholders will experience ownership dilution.
Additionally, when we acquire businesses, we allocate the purchase price to tangible assets and liabilities and identifiable intangible assets acquired at their acquisition date fair values. Any residual purchase price is recorded as goodwill, which is also generally measured at fair value. We also estimate the fair value of any contingent consideration. Our estimates of fair value are based upon assumptions believed to be reasonable, but which are uncertain and involve significant judgments by management.
The occurrence of any of these risks could have a material adverse effect on our business, results of operations, financial condition or cash flows, particularly in the case of a larger acquisition or substantially concurrent acquisitions. Changes to our operating results in any given period could differ substantially from other periods based on the timing and size of our acquisitions and the extent of integration activities.
Our operating margins and cash flows from operations could fluctuate as we make further expenditures to expand our operations in order to support additional growth in our business.
We have made significant investments in our operations to support additional growth, such as hiring substantial numbers of new personnel, investing in new facilities, acquiring other companies or their assets and establishing and broadening our international
operations in order to expand our business. We have made substantial investments in recent years to increase our sales and marketing operations in Europe, the Middle East and Africa, or EMEA, and the Asia-Pacific, or APAC, regions and expect to continue to invest to grow our international sales and global brand awareness. We have made multiple acquisitions in past years and expect these acquisitions will continue to increase our operating expenses in future periods. These investments may not yield increased revenue, and even if they do, the increased revenue may not offset the amount of the investments. We also expect to continue to pursue acquisitions in order to expand our presence in current markets or new markets, many or all of which may increase our operating costs more than our revenue. As a result of any of these factors, our operating income could fluctuate and may decline as a percentage of revenue relative to our prior annual periods.
Our software, website, hardware, hosted and internal systems may be subject to intentional or accidental disruption or penetration from external attackers or insiders that could adversely impact our reputation and future sales. If our end-users or third-party service providers experience data losses, security incidents and breaches via our products or solutions, our brand, reputation and business could be harmed.
Our MSP partners rely on our archiving and other solutions to protect, transfer or store the corporate data of their SMB customers, which may include financial records, credit card information, business information, health information, other personally identifiable information or other sensitive personal information. Due to the nature of our business and our storage of this sensitive data, we have previously and could be in the future a target of, or subject to, a wide variety of attacks or security incidents. In addition to threats from traditional computer “hackers,” malicious code (such as malware, viruses, trojans, worms and ransomware), employee theft or misuse, password spraying, phishing, credential stuffing and denial-of-service attacks, we also face threats from sophisticated organized crime, nation-state and nation-state supported actors who engage in attacks (including advanced persistent threat intrusions) that add to the risks our internal systems and our MSP partners’ systems, as well as the virtualized systems of our MSP partners and the information that those systems store and process. We could also experience security incidents due to the non-malicious but incorrect actions (or inactions) of our employees or business partners that could affect our security.
Despite significant efforts to create barriers to such security threats, it is virtually impossible for us to entirely mitigate these risks, especially where they are attributable to the behavior of independent third parties beyond our control. The security measures we have implemented or integrated into our internal systems and networks, which are designed to detect unauthorized activity and prevent or minimize security breaches, may not function as expected or may not be sufficient to protect us against certain attacks. Furthermore, the relative cost and operational requirements associated with maintaining such barriers may increase in the future. We are also subject to additional data security requirements relating to our acceptance of credit card and debit card payments. If we fail to comply with the rules or requirements of any provider of a payment method we accept, if the volume of fraud in our transactions limits or terminates our rights to use payment methods we currently accept, or if a data breach occurs relating to our payment systems, we may, among other things, be subject to fines or higher transaction fees and may lose, or face restrictions placed upon, our ability to accept credit card and debit card payments from customers or facilitate other types of online payments.
Experienced computer hackers may attempt to penetrate our infrastructure or applications due to inadequate security posture or ineffective controls (i.e. missing patches, technology failures, etc.) or to trick our employees into taking actions that compromise our security (such as via phishing or business email compromise attacks) in order to misappropriate proprietary information and/or cause interruptions of our services and/or expose perceived security vulnerabilities. It is also possible that systems may be disrupted or our sensitive information or the information of our SMBs might be exposed due to malfeasance or errors by employees or contractors.
In addition, techniques used to sabotage or to obtain unauthorized access to systems and networks in which data is stored, or through which data is transmitted, change frequently and generally are not recognized until launched against a target. As a result, it may not be possible for us to anticipate these techniques or implement adequate preventative measures to prevent an electronic intrusion into our systems and networks and we may be required to expend significant capital and financial resources to protect against such threats or to alleviate problems caused by breaches in systems, network or data security. If an actual or perceived breach of network security occurs as a result of third-party action, including cyber-attacks or other intentional misconduct by computer hackers, error or malfeasance by insiders, or otherwise, it could adversely affect the market perception of our company and our solutions, reduce demand for our solutions, cause a significant number of our MSP partners to terminate their monthly subscriptions and thereby cause significant revenue loss and may expose us to data loss, litigation and possible liability including fines, penalties and damages. In addition, such a security breach could impair our ability to operate our business, including our ability to provide support services to our MSP partners.
Third parties may attempt to fraudulently induce employees, contractors or partners into disclosing sensitive information such as usernames, passwords or other information. Third parties may also compromise the security of our internal electronic systems, networks and/or physical facilities or those of our partners, in order to gain access to our data or the data of our MSP partners or their SMB customers. Our MSP partners may also disclose or lose control of their API keys, secrets or passwords, or use the same or similar secrets or passwords on third-parties’ systems, which could lead to unauthorized access to their accounts (arising from, for example, an independent third-party data security incident that compromises those API keys, secrets or passwords). Through such means, as well as others, our MSP partners or their SMB customers may experience a data loss and/or breach in their own IT infrastructure and a number
of our Unified Continuity partners do not adhere to security best practices (i.e. have secondary replication enabled, etc.) such that the data they back up could be destroyed or compromised if the physical device they possess is directly impacted by the loss and/or breach event.
Security breaches impacting us could result in a risk of loss, unavailability or unauthorized disclosure of sensitive SMB customer information, which, in turn, could lead to significant legal and financial exposure, regulatory or government audits and investigations and possible liability (including regulatory fines), a loss of confidence in our security, interruptions or malfunctions in our operations. Ultimately, any of these consequences could have a negative impact on our ability to attract new MSP partners and to grow or maintain our revenue. Specifically, loss of confidence in our operations and products may cause a significant portion of our MSP partners to terminate their monthly subscriptions, thereby causing a significant decrease in revenue. Furthermore, any such breach, including a breach of the systems or networks of our third-party suppliers or integrators, could compromise our systems or networks, creating system disruptions or slowdowns and exploiting security vulnerabilities of our networks, or the networks of our MSP partners, and the information stored on our network or the networks of our partners could be accessed, publicly disclosed, altered, lost or stolen, which could subject us to liability and cause us financial harm. These breaches, or any perceived breach, of our systems or networks or the systems of our partners, whether or not any such breach is due to our vulnerability, may also undermine confidence in us or our industry and result in damage to our reputation, negative publicity, loss of partners and sales, increased costs to remedy any problem and costly litigation or regulatory fines.
Our insurance coverage, covering certain security and privacy damages, may be inadequate or may not be available in the future on acceptable terms, or at all. In addition, our policy may not cover any claim against us for loss of data or other indirect or consequential damages. Defending a suit based on any data loss or system disruption, regardless of its merit, could be costly and divert management’s attention.
Defects, failures, vulnerabilities or lack of availability in our or our third-parties’ software, solutions, infrastructure and hardware could harm our reputation, reduce the sales of our solutions and expose us to liability for losses.
Because our software, solutions, infrastructure and hardware are complex, undetected errors, failures or bugs may occur, especially when new software, solutions, infrastructure and hardware are first introduced or when new versions or updates are released, or when we introduce an acquired company’s solutions or services, despite our efforts to test those solutions and enhancements prior to release. This includes not only vulnerabilities that are specific to our software, solutions, infrastructure and hardware, but also vulnerabilities that impact the third-party or open source software that we use or the hardware that we rely on. In addition, to the extent that we do not effectively address capacity constraints, upgrade our infrastructure and systems as needed, our business, financial condition and results of operations may be adversely affected. We may not be able to correct defects, errors, vulnerabilities or failures promptly, or at all.
Any defects, errors, vulnerabilities or failures in our software, solutions, infrastructure and hardware or in third-party software, solutions, infrastructure or hardware that we rely on could result in:
•expenditure of significant financial and development resources in efforts to analyze, correct, eliminate or work around errors or defects or to address and eliminate vulnerabilities;
•loss of existing or potential partners or loss of partner confidence, including a widespread loss of partners simultaneously;
•loss or disclosure of our SMB customers’ confidential information or the inability to access such information;
•loss of our proprietary technology;
•our solutions being susceptible to hacking or electronic break-ins or otherwise failing to secure data;
•delayed or lost revenue, particularly in relation our BCDR solutions, which comprise a significant portion of our revenue;
•delay or failure to attain market acceptance;
•lost market share;
•negative publicity, which could harm our reputation; or
•litigation, regulatory inquiries or investigations that would be costly and harm our reputation.
In particular, because we utilize various types of software and other technology, as well as intellectual property rights, licensed from unaffiliated third parties in order to provide and improve certain elements of our solutions, any errors or defects in any third-party technology could result in errors in our solutions that could harm our business. In addition, licensed technology and intellectual property rights may not continue to be available on commercially reasonable terms, or at all. While we believe that there are currently adequate replacements for the third-party technology we use, any loss of the right to use any of this technology on commercially reasonable terms, or at all, could result in delays in producing or delivering our solutions until equivalent technology is identified and integrated, which
delays could harm our business. In this situation we would be required to either redesign our solutions to function with software available from other parties or to develop these components ourselves, which would result in increased costs. Furthermore, we might be forced to limit the features available in our current or future solutions. If we fail to maintain or renegotiate any of these technology or intellectual property licenses, we could face significant delays and diversion of resources in attempting to develop similar or replacement technology, or to license and integrate a functional equivalent of the technology. Our ability to effectively manage our business depends significantly on our information systems and platforms provided by third parties, including Oracle and Amazon. If we are unable to maintain our current relationships with these service providers, there is no assurance that we will be able to locate replacements on a timely basis or on acceptable terms. The failure of our information systems to operate effectively, problems with transitioning to upgraded or replacement systems or expanding them, or a breach in security of these systems, could materially adversely affect the efficiency of our business and operations.
Limitation of liability provisions in our standard terms and conditions and our other agreements may not adequately or effectively protect us from any claims related to defects, errors, vulnerabilities or failures in our solutions or those of the third-parties we rely on, including as a result of federal, state or local laws or ordinances or unfavorable judicial decisions in the United States or other countries.
The material stored on our servers may subject us to negative publicity, legal liability and expenditures.
We are not aware of the contents of the data that MSP partners store using our solutions, including our BCDR products. Our BCDR products operate by taking a complete snapshot of operating systems, applications, emails and other content, which is then encrypted and transmitted to our servers. Our employees generally do not have access to view or monitor what is actually stored within this hybrid cloud solution. To the extent that sensitive, personally identifiable, illegal or controversial data is stored in our servers and that becomes known publicly, it may create negative publicity and cause us to incur legal expenses. In 2015, it was publicized that we had backed up a prominent federal government employee’s personal email account, which contained classified and sensitive emails. While we had no role in monitoring the content or source of data stored by the MSP partners, our involvement in the storage of the emails caused our executive officers and employees to divert time from running the day to day operations of the business in order to cooperate with federal agencies and resulted in some negative press. Furthermore, because we do not monitor the data, we cannot ensure that the usage of our solutions complies with the license terms of the end-users’ software. If their usage of our BCDR products causes them to violate these license terms, the software vendors make seek legal redress from us.
We have no intention to begin monitoring the contents or nature of the data that is being stored through our solutions. Accordingly, due to storage of sensitive, illegal or controversial material, we may face in the future reputational harm, or harm to our results of operations and financial condition loss of partners, legal proceedings or actions against us by government entities or others.
Interruptions or delays in services provided by our data centers or other third parties could impair the delivery of our service and harm our business.
Our continued growth depends on the ability of our partners to access our solutions 24 hours a day, seven days a week, without any meaningful interruption or degradation of service. We have in the past and may in the future experience disruptions, outages and other performance problems within our infrastructure and our third-party providers’ infrastructure, including:
•cooling system failures that lead to the shutdown of our systems or the overheating of our servers, increasing the likelihood of hardware failures;
•the physical relocation of servers to new facilities, which may cause infrastructure to be damaged, lost or stolen; or
•data centers maintaining inadequate diversity among internet service providers, leading to redundant pathing and possible total facility outages.
We currently lease spaces from data center service providers in the United States, Canada, the United Kingdom, Germany, Iceland, Singapore and Australia, and our servers that are stored at these data centers form the basis of the Datto Cloud. In addition to relying on our data center service providers, we also rely on other third parties to maintain our cloud infrastructure and deploy our solutions. Any damage to, or failure or disruption of, the systems of our data centers, including from cyber-attacks, natural disasters, fires, floods, telecommunications failures, power loss or other similar events beyond our control, could result in interruptions to our service or our ability to successfully restore an end-user’s data when needed. The failure of our data centers to meet our capacity requirements could result in interruptions in the availability of our solutions, impair the functionality of our solutions or impede our ability to scale our operations. Additionally, due to the uncertainty of Brexit, there may occur mass requests for data migrations or service cancellations relating to our data centers in the United Kingdom. Any failure to meet these service requests or a public mass cancellation of our data center services in the United Kingdom could cause reputational harm and harm to our business.
As we continue to add data centers, restructure our data management plans and increase capacity in existing and future data centers, we may move or transfer our data and our partners’ data. Despite precautions taken during such processes and procedures, any unsuccessful data transfers may impair the delivery of our service, and we may experience costs or downtime in connection with the
transfer of data to other facilities. Similarly, some of our solutions’ features run or depend on IT services run by third parties, such as data feeds or public clouds, and an extended failure of such services might materially and adversely impact our ability to provide our services to our partners. Furthermore, some of our sales and business operations depend in part on third-party IT service providers and if those services were to be unavailable for extended periods of time it might materially and adversely affect our ability to operate.
We also rely on bandwidth providers, Internet service providers, mobile networks and other third-party IT service providers to operate our business, and to deliver our solutions. If we lose the services of one or more of our bandwidth providers, or if these providers experience outages, for any reason, we could experience disruption in delivering our solutions or we could be required to retain the services of a replacement bandwidth provider. Our business also depends on our partners having high-speed access to the Internet in order to purchase our offerings online and obtain access to the Datto portal for MSP partners. Any Internet outages or delays could adversely affect our ability to provide our solutions to our partners.
Our operations rely heavily on the availability of electricity, which also comes from third-party providers. If we were to experience a major power outage or if the cost of electricity were to increase significantly, our operations and financial results could be harmed. If we or our data centers were to experience a major power outage, we or they would have to rely on back-up generators, which might not work properly or might not provide an adequate power supply during a major power outage. Such a power outage could result in a significant disruption of our business.
The occurrence of an extended interruption of our or third-party services for any reason could result in lengthy interruptions in our services or in the delivery of partners’ email and require us to provide service credits, refunds, indemnification payments or other payments to our partners, and could also result in the loss of partners.
If we fail to integrate our products with a variety of operating systems, software applications, platforms and hardware that are developed by others or ourselves, our products may become less competitive or obsolete and our results of operations would be harmed.
Our products must integrate with a variety of network, hardware and software platforms, including, specifically, new versions of Windows and new file systems such as ReFS, introduced by Microsoft, and we need to continuously modify and enhance our products to adapt to changes in hardware, software, networking, browser and database technologies. We believe a significant component of our value proposition to partners is the ability to optimize and configure our products to integrate with our systems and those of third parties. If we are not able to integrate our products in a meaningful and efficient manner, demand for our products could decrease and our business and results of operations would be harmed.
In addition, we have a large number of products, and maintaining and integrating them effectively requires extensive resources. Our continuing efforts to make our products more interoperative may not be successful. Failure of our products to operate effectively with future infrastructure platforms and technologies could reduce the demand for our products, resulting in partner dissatisfaction and harm to our business. If we are unable to respond to changes in a cost-effective manner, our products may become less marketable, less competitive or obsolete and our business and results of operations may be harmed.
Claims by others that we infringe or violate their proprietary technology or other rights, or other lawsuits asserted against us, could result in significant costs and substantially harm our business, financial condition, results of operations and prospects.
A number of companies in our industry hold a large number of patents and also protect their copyright, trade secret and other intellectual property rights, and companies in the networking and security industry frequently enter into litigation based on allegations of patent infringement or other violations of intellectual property rights. In addition, patent holding companies seek to monetize patents they previously developed, have purchased or otherwise obtained. Many companies, including our competitors, may now, and in the future, have significantly larger and more mature patent, copyright, trademark and trade secret portfolios than we have, which they may use to assert claims of infringement, misappropriation and other violations of intellectual property rights against us. In addition, future litigation may involve non-practicing entities (also known as patent trolls) or other patent owners who have no relevant product offerings or revenue and against whom our own patents may therefore provide little or no deterrence or protection. As we face increasing competition and gain an increasingly higher profile, including as a result of becoming a public company, the possibility of intellectual property rights claims against us grows. Third parties, including but not limited to patent trolls, have asserted in the past and may in the future assert claims of infringement of intellectual property rights against us and these claims, even without merit, could harm our business, including by increasing our costs, reducing our revenue, creating partner concerns that result in delayed or reduced sales, distracting our management and technical experts from the running of our business and requiring us to cease use of important intellectual property. While we have managed to enter into release and settlement agreements with respect to intellectual property infringement or similar lawsuits brought by and against us, we cannot be certain that the counterparties to these release and settlement agreements will abide by their obligations as set forth in these agreements. In addition, because patents can take years to issue and are often afforded confidentiality for some period of time, there may currently be pending applications, unknown to us, that later result in issued patents that could cover one or more of our services. Moreover, in a patent infringement claim against us, we may assert, as a defense, that we do not infringe the relevant patent claims, that the patent is invalid or both. The strength of our defenses will depend on the patents asserted, the
interpretation of these patents and our ability to invalidate the asserted patents. However, we could be unsuccessful in advancing non-infringement and/or invalidity arguments in our defense. In the United States, issued patents enjoy a presumption of validity, and the party challenging the validity of a patent claim must present clear and convincing evidence of invalidity, which is a high burden of proof. Conversely, the patent owner need only prove infringement by a preponderance of the evidence, which is a lower burden of proof. Furthermore, because of the substantial amount of discovery required in connection with patent and other intellectual property rights litigation, there is a risk that some of our confidential information could be compromised by the discovery process.
If we are not successful in defending against third-party claims that arise, we could be required to pay substantial damages for past and future sales and/or licensing of our services, enjoined from making, using, selling or otherwise offering our services if a license or other right to continue selling our services is not made available to us, and required to pay substantial ongoing royalties and comply with unfavorable terms even if such a license is made available to us. Any of these outcomes could result in a material adverse effect on our business. Even if we were to prevail, these lawsuits, and any other third-party infringement claims, could be costly and time-consuming, divert the attention of our management and key personnel from our business operations, deter MSP partners from selling or licensing our services and dissuade potential partners from purchasing our services, which would also materially harm our business. In addition, any public announcements of the results of any proceedings in these or other third-party infringement claims could be negatively perceived by industry or financial analysts and investors and could cause our stock price to experience volatility or decline. The expense of litigation and the timing of this expense from period to period are difficult to estimate, subject to change and could adversely affect our results of operations.
As the number of products and competitors in our market increases and overlaps occur, claims of infringement, misappropriation and other violations of intellectual property rights may increase. Our insurance may not cover intellectual property rights infringement claims or other claims related to violations of intellectual property rights. Third parties have in the past and may in the future also assert infringement or similar claims against our MSP partners, with whom our agreements may obligate us to indemnify against these claims. In addition, to the extent we hire personnel from competitors, we may be subject to allegations that such employees have divulged proprietary or other confidential information to us.
In the event that we fail to successfully defend ourselves against an infringement claim or similar intellectual property rights claim, a successful claimant could secure a judgment or otherwise require payment of legal fees, settlement payments, ongoing royalties or other costs or damages; or we may agree to a settlement that prevents us from offering certain services or features; or we may be required to obtain a license, which may not be available on reasonable terms, or at all, to use the relevant technology. If we are prevented from using certain technology or intellectual property, we may be required to develop alternative, non-infringing (or non-violative) technology, which could require significant time, during which we could be unable to continue to offer our affected services or features, effort and expense and may ultimately not be successful.
From time to time, the U.S. Supreme Court, other U.S. federal courts and the U.S. Patent and Trademark Appeals Board, and their foreign counterparts, have made and may continue to make changes to the interpretation of patent laws in their respective jurisdictions. We cannot predict future changes to the interpretation of existing patent laws or whether U.S. or foreign legislative bodies will amend such laws in the future. Any changes may lead to uncertainties or increased costs and risks surrounding the outcome of third-party intellectual property rights claims brought against us and the actual or enhanced damages, including treble damages, that may be awarded in connection with any such current or future claims and could have a material adverse effect on our business and financial condition.
Any of these events could materially and adversely harm our business, financial condition and results of operations.
We may become involved in other litigation that may materially adversely affect us.
From time to time, we may become involved in various legal proceedings relating to matters incidental to the ordinary course of our business, including patent and other intellectual property claims, commercial, product liability, employment, class action, whistleblower and other litigation and claims and governmental and other regulatory investigations and proceedings. Such matters can be time-consuming, divert management’s attention and resources, cause us to incur significant expenses or liability and/or require us to change our business practices. In addition, the expense of litigation and the timing of this expense from period to period are difficult to estimate, subject to change and could adversely affect our results of operations. Because of the potential risks, expenses and uncertainties of litigation, we may, from time to time, settle disputes, even where we have meritorious claims or defenses, by agreeing to settlement agreements. Because litigation is inherently unpredictable, we cannot assure you that the results of any of these actions will not have a material adverse effect on our business, financial condition, results of operations and prospects.
The success of our business depends in part on our ability to protect and enforce our intellectual property rights.
We believe our intellectual property is an essential asset of our business and our success and ability to compete depend in part upon protection of our intellectual property rights. We rely on a combination of patent, copyright, trademark and trade secret laws, as well as confidentiality procedures and contractual provisions, to establish and protect our intellectual property rights, all of which provide only limited protection. The efforts we have taken to protect our intellectual property rights may not be sufficient or effective, and our patents,
trademarks and copyrights may be held invalid or unenforceable. Moreover, we cannot assure you that any patents will be issued with respect to our currently pending patent applications in a manner that gives us adequate defensive protection or competitive advantages, or that any patents issued to us will not be challenged, invalidated or circumvented. We have filed for patents in the United States and in certain non-U.S. jurisdictions, but such protections may not be available in all countries in which we operate or in which we seek to enforce our intellectual property rights, or may be difficult to enforce in practice. For example, many foreign countries have compulsory licensing laws under which a patent owner must grant licenses to third parties. In addition, many countries limit the enforceability of patents against certain third parties, including government agencies or government contractors. In these countries, patents may provide limited or no benefit. Moreover, we may need to expend additional resources to defend our intellectual property rights in these countries, and our inability to do so could impair our business or adversely affect our international expansion. Our currently issued patents and any patents that may be issued in the future with respect to pending or future patent applications may not provide sufficiently broad protection or they may not prove to be enforceable in actions against alleged infringers. Additionally, the U.S. Patent and Trademark Office and various foreign governmental patent agencies require compliance with a number of procedural, documentary, fee payment and other similar provisions during the patent application process and to maintain issued patents. There are situations in which noncompliance can result in abandonment or lapse of the patent or patent application, resulting in partial or complete loss of patent rights in the relevant jurisdiction. If this occurs, it could materially harm our business, operating results, financial condition and prospects.
We believe that our trademarks are integral to our business and our success in building our brand image and customer loyalty. We rely on trademark registrations and common law trademark rights to protect the distinctiveness of our brand and have registered, or have applied to register, those trademarks that we believe are important to our business with the United States Patent and Trademark Office. We cannot assure you that our applications will be approved or that these registrations will prevent imitation of our name or the infringement or other violation of our other intellectual property rights by others. Third parties may also oppose our trademark applications or otherwise challenge our use of the trademarks. Imitation of our name or website design in a manner that projects lesser quality or carries a negative connotation of our brand image could have a material adverse effect on our business, financial condition and results of operations.
We may not be effective in policing unauthorized use of our intellectual property rights, and even if we do detect infringements or other violations, litigation may be necessary to enforce our intellectual property rights. In addition, our intellectual property may be stolen, including by cybercriminals, and we may not be able to identify the perpetrators or prevent the exploitation of our intellectual property by our competitors or others. Protecting against the unauthorized use of our intellectual property rights, technology and other proprietary rights is expensive and difficult, particularly outside of the United States. Any enforcement efforts we undertake, including litigation, could be time-consuming and expensive and could divert management’s attention, either of which could harm our business, operating results and financial condition. Further, attempts to enforce our rights against third parties could also provoke these third parties to assert their own intellectual property or other rights against us, or result in a holding that invalidates or narrows the scope of our rights, in whole or in part. The inability to adequately protect and enforce our intellectual property and other proprietary rights could seriously harm our business, operating results, financial condition and prospects. Even if we are able to secure our intellectual property rights, we cannot assure you that such rights will provide us with competitive advantages or distinguish our services from those of our competitors or that our competitors will not independently develop similar technology, duplicate any of our technology or design around our patents.
Our ability to provide services to our partners depends on our partners’ continued high-speed access to the internet and the continued reliability of the internet infrastructure.
Our business depends on our MSP partners’ continued high-speed access to the internet, as well as the continued maintenance and development of the internet infrastructure. The future delivery of our solutions will depend on third-party internet service providers to expand high-speed internet access, to maintain a reliable network with the necessary speed, data capacity and security and to develop complementary solutions and services, including high-speed modems, for providing reliable and timely internet access and services. All of these factors are out of our control. To the extent that the internet continues to experience an increased number of users, frequency of use or bandwidth requirements, the internet may become congested and be unable to support the demands placed on it, and its performance or reliability may decline. Any internet outages or delays could adversely affect our ability to provide services to our partners.
Currently, internet access is provided by telecommunications companies and internet access service providers that have significant and increasing market power in the broadband and internet access marketplace. In the absence of government regulation, these providers could take measures that affect their customers’ ability to use our products and services, such as attempting to charge their customers more for using our products and services. To the extent that internet service providers implement usage-based pricing, including meaningful bandwidth caps, or otherwise try to monetize access to their networks, we could incur greater operating expenses and partner acquisition and retention could be negatively impacted. Furthermore, to the extent network operators were to create tiers of internet access service and either charge us for or prohibit our services from being available to our partners through these tiers, our business could be negatively impacted. Some of these providers also offer products and services that directly compete with our own offerings, which could potentially give them a competitive advantage.
If we are unable to sustain market recognition of and loyalty to our brand, or if our reputation were to be harmed, we could lose partners or fail to increase the number of our partners, which could harm our business, financial condition and operating results.
Given our market focus, maintaining and enhancing the “Datto” brand among MSPs is critical to our success. We believe that the importance of brand recognition and loyalty among MSPs will increase in light of increasing competition in our markets. We plan to continue investing substantial resources to promote our brand to MSPs, both domestically and internationally, but there is no guarantee that our brand development strategies will enhance the recognition of our brand. Some of our existing and potential competitors have well-established brands with greater general recognition than we have. If our efforts to promote and maintain our brand are not successful, our operating results and our ability to attract and retain partners may be adversely affected. In addition, even if our brand recognition and loyalty increases, this may not result in increased use of our solutions or higher revenue. Additionally, if our MSP partners do not use or ineffectively use our solutions to serve their SMB customers, our reputation and ability to grow our business may be harmed.
Our solutions, as well as those of our competitors, are regularly reviewed in computer and business publications. Negative reviews, or reviews in which our competitors’ solutions and services are rated more highly than our solutions, could negatively affect our brand and reputation in the view of MSPs. From time-to-time, our partners express dissatisfaction with our solutions, including, among other things, dissatisfaction with our customer support, our billing policies and the way our solutions operate. If we do not handle partner complaints effectively, our brand and reputation may suffer, we may lose our partners’ confidence and they may choose not to renew their subscriptions. In addition, many of our MSP partners participate in online blogs about computers and internet services, and software and technology, including our solutions, and our success depends in part on our ability to generate positive feedback through such online channels where MSP partners seek and share information. If actions that we take or changes that we make to our solutions upset these MSP partners, their blogging could negatively affect our brand and reputation. Complaints or negative publicity about our solutions or billing practices could adversely impact our ability to attract and retain partners and our business, financial condition and operating results.
If we cannot maintain our corporate culture as we grow, our business may be harmed.
We believe that our corporate culture has been a critical component to our success and that our culture creates an environment that drives our employees and perpetuates our overall business strategy. We have invested substantial time and resources in building our team and we expect to continue to hire aggressively as we expand, including with respect to our international operations. As we grow and mature as a public company and grow internationally, we may find it difficult to maintain our corporate culture. We face additional challenges in maintaining our culture as most of our employees have worked remotely for an extended period of time during the COVID-19 pandemic, with a growing number of new employees only experiencing Datto culture while working from home. Any failure to preserve our culture could negatively affect our future success, including our ability to recruit and retain personnel and effectively focus on and pursue our business strategy.
Foreign currency exchange rate fluctuations could harm our financial results.
We conduct significant transactions, including revenue transactions and intercompany transactions, in currencies other than the U.S. Dollar or the functional operating currency of the transactional entities. In addition, our international subsidiaries maintain significant net assets that are denominated in currencies other than the functional operating currencies of these entities. Accordingly, changes in the value of currencies relative to the U.S. Dollar may impact our consolidated revenues and operating results due to transactional and translational remeasurement that is reflected in our earnings. It is particularly difficult to forecast any impact from exchange rate movements, so there is risk that unanticipated currency fluctuations could adversely affect our financial results or cause our results to differ from investor expectations or our own guidance in any future periods. In addition, the announcement of Brexit adversely impacted global markets, including currencies, and resulted in a decline in the value of the British pound, as compared to the U.S. Dollar and other currencies. Volatility in exchange rates and global financial markets is expected to continue due to a number of factors, including uncertainty surrounding Brexit and the recent political and economic uncertainty globally.
We are subject to fluctuations in interest rates.
Borrowings under our credit agreement are subject to variable rates of interest and expose us to interest rate risk. At present, we do not have any outstanding borrowings nor do we have any interest rate swap agreements, which involve the exchange of floating for fixed rate interest payments to reduce interest rate volatility. However, to the extent we incur borrowings, we may decide to enter into such swaps in the future. If we do, we may not maintain interest rate swaps with respect to all of our variable rate indebtedness and any swaps we enter into may not fully mitigate our interest rate risk, may prove disadvantageous or may create additional risks.
Our indemnification obligations and limitations of our director and officer liability insurance may have a material adverse effect on our financial condition, results of operations and cash flows.
Under Delaware law, our certificate of incorporation, our bylaws and certain indemnification agreements to which we are a party, we have an obligation to indemnify, or we have otherwise agreed to indemnify, certain of our current and former directors and officers with respect to past, current and future investigations and litigation.
The scope of our indemnification obligations may be broader than the coverage available under our directors’ and officers’ liability insurance, or there may be insufficient coverage available. Further, in the event the directors and officers are ultimately determined not to be entitled to indemnification, we may not be able to recover any amounts we previously advanced to them.
We cannot provide any assurances that future indemnification claims, including the cost of fees, penalties or other expenses, will not exceed the limits of our insurance policies, that such claims are covered by the terms of our insurance policies or that our insurance carrier will be able to cover such claims. Further, should a coverage dispute arise, we may also incur significant expenses in relation to litigating or attempting to resolve any such dispute. Accordingly, we may incur significant unreimbursed costs to satisfy our indemnification obligations, which may have a material adverse effect on our financial condition, results of operations or cash flows.
We have identified a material weakness in our internal control over financial reporting, resulting from control deficiencies identified in our IT general controls and process level controls. If we are unable to remediate this material weakness, we may not be able to accurately or timely report our financial condition or results of operations, which may adversely affect investor confidence in us and, as a result, the value of our common stock.
A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of a company’s annual or interim financial statements will not be prevented or detected on a timely basis. We have identified a material weakness in our internal control over the financial statement close process. Specifically:
•IT general controls
◦End-users are routinely making direct changes to data tables with limited logging/traceability;
◦Business process segregation of duties rule set has not been defined;
◦Segregation of duties conflicts are present in the IT processes (e.g. developer vs. production);
◦Documentation to evidence the performance of controls is not consistently retained;
◦Access to administrative roles and data is not restricted; and
◦System limitations may impair management’s ability to implement review/detective controls.
•Process level controls
◦Controls identified do not thoroughly document the nature and extent of procedures performed;
◦We have not identified appropriate controls to ensure system-generated reports are complete and accurate;
◦We have not identified appropriate controls for relevant applications and tools used to initiate, process, record, or report financial information; and
◦We do not have sufficient review controls in place to ensure that material transactions are properly recorded.
These control deficiencies could result in a misstatement of our accounts or disclosures that could result in a material misstatement of our financial results that would not be prevented or detected, and accordingly, we determined that these control deficiencies constitute a material weakness.
We are working to remediate this material weakness through the development and implementation of processes and controls over the financial reporting process. Specifically:
•Implementing IT general controls to manage access and program changes within our IT environment;
•Replacing certain legacy IT systems that have inherent control limitations with SaaS tools that will support enhanced access and application controls;
•Engaging external resources to assist with remediation efforts and internal control execution, as well as to provide additional training to existing personnel;
•Hiring additional internal resources with appropriate knowledge and expertise to effectively operate financial reporting processes and internal controls; and
•Implementing enhanced review procedures and analysis over the segregation of duties in IT systems.
While new controls are being designed and implemented, they have not operated for a sufficient period of time to demonstrate the material weakness has been remediated. We cannot assure you that the measures we have taken to date will be sufficient to remediate the material weakness we identified or avoid the identification of additional material weaknesses in the future. Although we plan to complete this remediation, if the steps we take do not remediate the material weakness in a timely manner, there could continue to be a reasonable possibility that this control deficiency or others could result in a material misstatement of our annual or interim financial statements that would not be prevented or detected on a timely basis.
As a result of becoming a public company, we are obligated to develop and maintain proper and effective internal control over financial reporting in order to comply with Section 404 of the Sarbanes-Oxley Act. We may not complete our analysis of our internal control over financial reporting in a timely manner, or these internal controls may not be determined to be effective, which may adversely affect investor confidence in us and, as a result, the value of our common stock.
Our management is responsible for establishing and maintaining adequate internal control over financial reporting. Internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements in accordance with accounting standards generally accepted in the United States ("GAAP"). We are in the early stages of the costly and challenging process of compiling the system and processing documentation necessary to perform the evaluation needed to comply with Section 404 of the Sarbanes-Oxley Act. We may not be able to complete our evaluation, testing and any required remediation in a timely manner. See “—We have identified a material weakness in our internal control over financial reporting, resulting from control deficiencies identified in our IT general controls and process level controls. If we are unable to remediate this material weakness, we may not be able to accurately or timely report our financial condition or results of operations, which may adversely affect investor confidence in us and, as a result, the value of our common stock.” If we are unable to assert that our internal control over financial reporting is effective, we could lose investor confidence in the accuracy and completeness of our financial reports, which would cause the price of our common stock to decline, and we may be subject to investigation or sanctions by the SEC.
We will be required, pursuant to Section 404 of the Sarbanes-Oxley Act, to furnish a report by management on, among other things, the effectiveness of our internal control over financial reporting as of the year-ended December 31, 2021. This assessment will need to include disclosure of any material weaknesses identified by our management in our internal control over financial reporting. We are also required to disclose changes made in our internal control and procedures on a quarterly basis. However, our independent registered public accounting firm will not be required to report on the effectiveness of our internal control over financial reporting pursuant to Section 404 of the Sarbanes-Oxley Act until the later of the year following our first Annual Report required to be filed with the SEC, or the date we are no longer an “emerging growth company” as defined in the JOBS Act if we take advantage of the exemptions contained in the JOBS Act. At such time, which could be as early as the year-ended December 31, 2021, our independent registered public accounting firm may issue a report that is adverse in the event it is not satisfied with the level at which our controls are documented, designed or operating.
Additionally, the existence of any material weakness or significant deficiency in internal controls over financial reporting, including our existing material weakness, would require management to devote significant time and incur significant expense to remediate any such material weaknesses or significant deficiencies and management may not be able to remediate any such material weaknesses or significant deficiencies in a timely manner. The existence of any material weakness in our internal control over financial reporting could also result in errors in our financial statements that could require us to restate our financial statements, cause us to fail to meet our reporting obligations and cause shareholders to lose confidence in our reported financial information, all of which could materially and adversely affect our business and stock price. To comply with the requirements of being a public company, we may need to undertake various costly and time-consuming actions, such as implementing new internal controls and procedures and hiring additional accounting or internal audit staff, which may adversely affect our business, financial condition and results of operations.
We may experience difficulties in continuing to implement our enterprise resource planning system over the next few years.
We are engaged in a multi-year implementation of an enterprise resource planning, or ERP, system. Such an implementation is a major undertaking from a financial, management and personnel perspective. The implementation of the ERP system may prove to be more difficult, costly or time consuming than expected, and there can be no assurance that this system will continue to be beneficial to the extent anticipated. Any disruptions, delays or deficiencies in the design and implementation of our ERP system could adversely affect our ability to process orders, ship products, send invoices and track payments, fulfill contractual obligations, produce financial reports or otherwise operate our business. As we continue to implement our ERP system, our exposure to system attacks may be elevated because
we will be running old and new processes in parallel and must simultaneously protect both the new system and legacy systems. If we are unable to implement the ERP system smoothly or successfully, or we otherwise do not capture anticipated benefits, our business, results of operations and financial condition for future periods could be negatively impacted. Additionally, our implementation of the ERP system involves greater utilization of third-party “cloud” computing services in connection with our business operations. Problems faced by us or our third-party “cloud” computing providers, including technological or business-related disruptions, as well as cybersecurity threats, could adversely impact our business, results of operations and financial condition for future periods.
Changes in financial accounting standards or practices may cause adverse, unexpected financial reporting fluctuations and affect our reported results of operations.
A change in accounting standards or practices can have a significant effect on our reported results and may even affect our reporting of transactions completed before the change is effective. New accounting pronouncements and varying interpretations of accounting pronouncements have occurred and may occur in the future. Changes to existing rules or the questioning of current practices may adversely affect our reported financial results or the way in which we conduct our business.
If our estimates or judgments relating to our critical accounting policies are based on assumptions that change or prove to be incorrect, our operating results could fall below expectations of securities analysts and investors.
The preparation of financial statements in conformity with GAAP requires management to make estimates and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes.
Additionally, we base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, as provided in the section entitled “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” the results of which form the basis for making judgments about the carrying values of assets, liabilities, equity, revenue and expenses that are not readily apparent from other sources. Our operating results may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our operating results to fall below the expectations of securities analysts and investors. Significant assumptions and estimates used in preparing our consolidated financial statements include those related to revenue recognition, stock-based compensation, allowance for doubtful accounts, allowance for excess or obsolete inventory, useful lives and recoverability of our long-lived assets, recoverability of our goodwill, and income taxes, including the realizability of deferred tax assets and uncertain tax positions.
Our international operations may give rise to potentially adverse tax consequences.
Our corporate structure and associated transfer pricing policies anticipate future growth into international markets. The amount of taxes we pay related to different jurisdictions may depend on the application of the tax laws of the various jurisdictions, including the United States, to our international business activities, changes in tax rates, new or revised tax laws or interpretations of existing tax laws and policies and our ability to operate our business in a manner consistent with our corporate structure and intercompany arrangements. The taxing authorities of the jurisdictions in which we operate may challenge our methodologies for pricing intercompany transactions, which are generally required to be computed on an arm’s-length basis pursuant to intercompany arrangements, or disagree with our determinations as to the income and expenses attributable to specific jurisdictions. If such a challenge or disagreement were to occur, and our position was not sustained, we could be required to pay additional taxes, interest and penalties, which could result in one-time tax charges, higher effective tax rates, reduced cash flows and harm to our results of operations and financial condition. Our financial statements could fail to reflect adequate reserves to cover such a contingency.
Changes in tax laws or regulations in the various tax jurisdictions we are subject to that are applied adversely to us or our partners could increase the costs of our solutions and harm our business.
New income, sales, use or other tax laws, statutes, rules, regulations or ordinances could be enacted at any time. Those enactments could harm our domestic and international business operations, and our business and financial performance. Further, existing tax laws, statutes, rules, regulations or ordinances could be interpreted, changed, modified or applied adversely to us. These events could require us or our partners to pay additional tax amounts on a prospective or retroactive basis, as well as require us or our partners to pay fines and/or penalties and interest for past amounts deemed to be due. If we raise our prices to offset the costs of these changes, existing and potential future partners may elect not to purchase our solutions in the future. Additionally, new, changed, modified or newly interpreted or applied tax laws could increase our partners’ and our compliance, operating and other costs, as well as the costs of our solutions. Further, these events could decrease the capital we have available to operate our business. Any or all of these events could harm our business and financial performance.
Comprehensive tax reform legislation could adversely affect our business and financial condition.
On December 22, 2017, President Trump signed into law the Tax Cuts and Jobs Act of 2017, or the Tax Act, that significantly reformed the Internal Revenue Code of 1986, as amended, or the Code. The Tax Act, among other things, includes changes to U.S.
federal tax rates, imposes significant additional limitations on the deductibility of interest and net operating loss carryforwards, allows for the expensing of capital expenditures on an accelerated basis, and puts into effect the migration from a “worldwide” system of taxation to a territorial system. While we have reflected the impact of the Tax Act in our financial statements in accordance with our understanding of the Tax Act and available guidance, the ultimate effects of the Tax Act remain uncertain. The U.S. Department of Treasury may issue regulations and guidance that may significantly impact how the Tax Act applies to us and components of the Tax Act could be repealed or modified in future legislation. In addition, it is uncertain if and to what extent various states will conform to the Tax Act. The foregoing items may result in changes that may have an adverse impact on our results of operations, cash flows and financial condition.
As part of Congress’ response to the COVID-19 pandemic, the Families First Coronavirus Response Act, or FFCR act, was enacted on March 18, 2020, and the Coronavirus Aid, Relief, and Economic Security Act, or CARES Act, was enacted on March 27, 2020. Both the FFCR Act and the CARES Act contain numerous tax provisions. Regulatory guidance under the FFCR Act and the CARES Act is and continues to be forthcoming, and such guidance could ultimately increase or lessen the impact of these laws on our business and financial condition. Congress may also enact additional legislation in connection with the COVID-19 pandemic, some of which could have an impact on our company. In addition, it is uncertain if and to what extent various states will conform to the FFCR Act or the CARES Act.
Our ability to utilize our net operating loss carryforwards may be limited.
As of December 31, 2020, we had U.S. federal and state net operating loss carryforwards of approximately $160.9 million and $76.7 million, respectively. Our ability to utilize our federal net operating loss carryforwards may be limited under Section 382 of the Code. The limitations apply if we experience an “ownership change,” which is generally defined as a greater than 50 percentage point change (by value) in the ownership of our equity by certain stockholders over a rolling three-year period. Similar provisions of state tax law may also apply to limit the use of our state net operating loss carryforwards. Future changes in our stock ownership, which may be outside of our control, may trigger an ownership change and, consequently, the limitations under Section 382 of the Code. As a result, our ability to use our pre-change net operating loss carryforwards to offset future taxable income may be subject to limitations, which could adversely affect our future cash flows.
In addition, our ability to use our federal and state net operating losses to offset potential future taxable income and related income taxes that would otherwise be due is dependent upon our generation of future taxable income before the expiration dates of the net operating losses, and we cannot predict with certainty when, or whether, we will generate sufficient taxable income to use all of our net operating losses. Federal net operating losses generated prior to 2018 will continue to be governed by the net operating loss carryforward rules as they existed prior to the adoption of the Tax Act, which means that generally they will expire 20 years after they were generated if not used prior thereto. Many states have similar laws. Accordingly, our federal and state net operating losses could expire unused and be unavailable to offset future income tax liabilities. Under the Tax Act as modified by the CARES Act, the federal net operating losses incurred in tax years beginning after December 31, 2017 and before January 1, 2021 may be carried back to each of the five tax years preceding such loss, and net operating losses arising in tax years beginning after December 31, 2020 may not be carried back. Moreover, federal net operating losses generated in tax years ending after December 31, 2017 may be carried forward indefinitely, but the deductibility of such federal net operating losses may be limited to 80% of current year taxable income for tax years beginning after December 31, 2020. Refer to Note 15. Income Taxes to the consolidated financial statements for further discussion of net operating loss carryforwards as of December 31, 2020.
Risks Related to Regulatory Compliance
We are subject to governmental export controls and economic sanctions laws that could impair our ability to compete in international markets and subject us to liability if we are not in full compliance with applicable laws.
Certain of our products are subject to U.S. export controls, including the U.S. Department of Commerce’s Export Administration Regulations and economic and trade sanctions regulations administered by the U.S. Treasury Department’s Office of Foreign Assets Control. These regulations may limit the export of our products and provision of our services outside of the United States, or may require export authorizations, including by a license exception or other appropriate government authorizations, including annual or semi-annual reporting and the filing of an encryption registration. Export control and economic sanctions laws may also include prohibitions on the sale or supply of certain of our products to embargoed or sanctioned countries, regions, governments, persons and entities. In addition, various countries regulate the importation of certain products, through import permitting and licensing requirements, and have enacted laws that could limit our ability to distribute our products. The exportation, re-exportation and importation of our products and the provision of services, including by our partners, must comply with these laws or else we may be adversely affected, through reputational harm, government investigations, penalties and a denial or curtailment of our ability to export our products or provide services. Complying with export control and sanctions laws may be time consuming and may result in the delay or loss of sales opportunities. If we are found to be in violation of U.S. sanctions or export control laws, it could result in substantial fines and penalties for us and for the individuals working for us. Changes in export or import laws or corresponding sanctions may delay the introduction and sale of our
products in international markets, or, in some cases, prevent the export or import of our products to certain countries, regions, governments, persons or entities altogether, which could adversely affect our business, financial condition and results of operations.
We are subject to a number of legal requirements, contractual obligations and industry standards regarding security, data protection and privacy and any failure to comply with these requirements, obligations or standards could have an adverse effect on our reputation, business, financial condition and operating results.
Data privacy and information security have become significant issues in the United States and in many other countries where we have employees and operations and where we offer licenses or cloud subscriptions to our offerings. The regulatory framework for privacy and information security issues worldwide is rapidly evolving and is likely to remain uncertain for the foreseeable future. The U.S. federal and various state and foreign government bodies and agencies have adopted or are considering adopting laws and regulations limiting, or laws and regulations regarding the collection, distribution, use, disclosure, storage and security of personal information. Laws in all 50 states require businesses to provide notice to customers whose personally identifiable information has been disclosed as a result of a data breach. The laws are not consistent, and compliance in the event of a widespread data breach is costly. States are also constantly amending existing laws, requiring attention to frequently changing regulatory environments. For example, in June 2018, California enacted the California Consumer Privacy Act, or CCPA, that, among other things, requires covered companies to provide new disclosures to California consumers, and afford such consumers new abilities to opt-out of certain sales of personal information. The CCPA provides for civil penalties for violations, as well as a private right of action for certain data breaches that may increase data breach litigation. The CCPA was amended in September 2018 and September 2019 and went into effect on January 1, 2020. While these amendments have helped with understanding certain aspects of the law, we cannot yet predict the impact of the CCPA on our business or operations, but it may require us to modify our data processing practices and policies and to incur substantial costs and expenses in an effort to comply.
Internationally, virtually every jurisdiction in which we operate has established its own data security and privacy or data protection legal framework with which we or our MSP partners must comply. Laws and regulations in these jurisdictions apply broadly to the collection, use, storage, disclosure and security of data that is associated with an identifiable or which identifies or may be used to identify or locate an individual. Examples include identifiers such as names, email addresses and, in some jurisdictions, Internet Protocol, or IP, addresses and data that may be associated with identifiers, including items such as marketing records, sales records, financial records, content and correspondence. These laws and regulations often are more restrictive than those in the United States and are rapidly evolving. For example, the E.U. General Data Protection Regulation, or GDPR, became effective on May 25, 2018, and, in addition to imposing stringent obligations relating to data protection and information security, authorizes fines up to 4% of global annual revenue or €20 million, whichever is greater, for some types of violations. The GDPR restricts the transfer of personal data outside of the European Economic Area (“EEA”). We transfer personal data outside of the EEA for our own internal business purposes and in order to provide our products and services to our MSP partners. The requirements on such transfers are constantly evolving. In Schrems II (C-311/18), the Court of Justice of the European Union (CJEU) invalidated the EU-U.S. Privacy Shield data transfer mechanism, which many companies had relied as an acceptable mechanism for transferring such data from the EU to the U.S. Other data transfer mechanisms such as the standard contractual clauses approved by the European Commission, which we use in our business to address certain cross-border data transfers, have faced challenges in European courts (including being called into question in Schrems II), and may be challenged, suspended or invalidated. Such developments may cause us to have to make further expenditures on local infrastructure, change internal business processes, change customer facing products, or otherwise affect or restrict sales and operations. It is further unclear how future decisions related to cross-border transfer restrictions may affect related data transfer mechanisms in other jurisdictions such as the Swiss-US Privacy Shield Framework. Further, Brexit has created some uncertainty with regard to the regulation of data protection in the United Kingdom.
Some countries also are considering or have passed legislation requiring local storage and processing of data, or similar requirements, which could increase the cost and complexity of delivering our services. We may be or become subject to data localization laws mandating that data collected in a foreign country be processed and stored only within that country. If any country in which we have partners were to adopt a data localization law, we could be required to expand our data storage facilities there or build new ones in order to comply. The expenditure this would require, as well as costs of compliance generally, could harm our financial condition. Currently, our EMEA headquarters is in the United Kingdom and much of our European data is stored within the United Kingdom. Therefore, any disruption in data transfers or uncertainty in regards to data migration resulting from Brexit would be particularly significant to our operations. While we currently have data storage locations built in Germany and Iceland, our ability to migrate data to these alternate locations in the event of complications due to Brexit may be significantly affected by the resulting transfer restrictions or uncertainty surrounding transfer mechanics. Despite having these alternate data storage centers available, we may not be able to migrate data sets at all or may only be able to migrate certain types or amounts of data, thereby causing us not to meet the needs of our partners and resulting in harm to our reputation and business.
Because many of the features of our solutions use, store and report on SMB customer data which may contain personal information from SMB customers, any inability to adequately address privacy concerns, to delete stored data at the correct times, or comply with applicable privacy laws, regulations and policies could, even if unfounded, result in liability to us and, damage to our reputation, loss of
sales and harm to our business. Furthermore, the costs of compliance with, and other burdens imposed by, such laws, regulations and policies that are applicable to the businesses of our partners may limit the use and adoption of our solutions and reduce overall demand for them. Complying with the GDPR, CCPA or other laws, regulations or other obligations relating to privacy, data protection, data localization or information security may cause us to incur substantial operational costs or require us to modify our data handling practices. Non-compliance could result in proceedings against us by governmental entities or others, could result in substantial fines or other liability, and may otherwise adversely impact our business, financial condition and operating results. Privacy concerns, whether or not valid, may inhibit market adoption of our solutions.
Some statutory requirements, both in the United States and abroad, include obligations of companies to notify individuals of security breaches involving particular personal information, which could result from breaches experienced by us or our service providers. Even though we may have contractual protections with our service providers, any actual or perceived security breach could impact our reputation, harm our MSP partners’ confidence, hurt our sales and expansion into new markets or cause us to lose existing MSP partners, and could expose us to potential liability or require us to expend significant resources on data security and in responding to any such actual or perceived breach.
In addition to government regulation, privacy advocates and industry groups may propose self-regulatory standards from time to time. These and other industry standards may legally or contractually apply to us, or we may elect to comply with such standards or to facilitate our MSP partners’ compliance with such standards. Because privacy, data protection and data security are critical competitive factors in our industry, we may make statements on our website, in marketing materials, or in other settings about our data security measures and our compliance with, or our ability to facilitate our MSP partners’ compliance with, these standards. We also expect that there will continue to be new proposed laws and regulations concerning privacy, data protection and information security, and we cannot yet determine the impact such future laws, regulations and standards may have on our business. New laws, amendments to or re-interpretations of existing laws and regulations, industry standards, contractual obligations and other obligations may require us to incur additional costs and restrict our business operations. Because the interpretation and application of laws, standards, contractual obligations and other obligations relating to privacy and data protection are still uncertain, it is possible that these laws, standards, contractual obligations and other obligations may be interpreted and applied in a manner that is inconsistent with our data management practices, our privacy, data protection or data security policies or procedures or the features of our offerings. If so, in addition to the possibility of fines, lawsuits and other claims, we could be required to fundamentally change our business activities and practices or modify our offerings, which could have an adverse effect on our business. We may be unable to make such changes and modifications in a commercially reasonable manner or at all, and our ability to develop new offerings and features could be limited. Furthermore, the costs of compliance with, and other burdens imposed by, the laws, regulations and policies that are applicable to the businesses of our partners may limit the use and adoption of, and reduce the overall demand for, our offerings. Any inability to adequately address privacy, data protection or information security-related concerns, even if unfounded, or to successfully negotiate privacy, data protection or information security-related contractual terms with partners, or to comply with applicable laws, regulations and policies relating to privacy, data protection and information security, could result in additional cost and liability to us, damage our reputation, inhibit sales, slow our sales cycles and adversely affect our business. Privacy and personal information security concerns, whether valid or not valid, may inhibit market adoption of our offerings particularly in certain industries and foreign countries.
We function as a HIPAA “business associate” for certain of our MSP partners and, as such, are subject to strict privacy and data security requirements. If we fail to comply with any of these requirements, we could be subject to significant liability, all of which can adversely affect our business as well as our ability to attract and retain new MSP partners.
HIPAA, as amended by the Health Information Technology for Economic and Clinical Health Act, or HITECH, and their respective implementing regulations impose specific requirements relating to the privacy, security and transmission of individually identifiable health information. Among other things, HITECH makes HIPAA’s security standards directly applicable to “business associates.” We function as a business associate for certain of our partners that are HIPAA business associates and service providers, and in that context we are regulated as a business associate for the purposes of HIPAA. If we are unable to comply with our obligations as a HIPAA business associate, we could face substantial civil and even criminal liability. HITECH imposes four tiers of civil monetary penalties and gives state attorneys general authority to file civil actions for damages or injunctions in federal courts to enforce the federal HIPAA laws and seek attorneys’ fees and costs associated with pursuing federal civil actions. In addition, many state laws govern the privacy and security of health information in certain circumstances, many of which differ from HIPAA and each other in significant ways and may not have the same effect.
As a business associate, we are required by HIPAA to maintain HIPAA-compliant business associate agreements with our MSP partners for which we, as a service provider, access, maintain, create or transmit individually identifiable health information to render services to our MSP partners. These agreements impose stringent data security and other obligations on us. If we or our subcontractors are unable to meet the requirements of any of these business associate agreements, we could face contractual liability under the applicable business associate agreement as well as possible civil and criminal liability under HIPAA, all of which can have an adverse impact on our business and generate negative publicity, which, in turn, can have an adverse impact on our ability to attract and retain MSP partners.
If we fail to comply with anti-corruption laws, including the FCPA and similar laws associated with our activities outside of the United States, we could be subject to penalties and we could be subject to civil and/or criminal sanctions, and our business could be materially adversely affected.
We are subject to the U.S. Foreign Corrupt Practices Act of 1977, as amended (the "FCPA"), the U.S. domestic bribery statute contained in 18 U.S.C. §201, the U.K. Bribery Act, and possibly other anti-bribery laws in countries in which we conduct activities. We face significant risks if we fail to comply with the FCPA and other anti-corruption laws that prohibit companies and their employees and third-party intermediaries from promising, authorizing, offering or providing, directly or indirectly, improper payments or benefits to foreign government officials, political parties and private-sector recipients for the purpose of obtaining or retaining business, directing business to any person, or securing any advantage. This risk is particularly significant for us given that we rely so heavily on MSP partners, distributors and other third parties to sell our solutions and conduct our business abroad. We or our third-party intermediaries may have direct or indirect interactions with officials and employees of government agencies or state-owned or affiliated entities and we can be held liable for the corrupt or other illegal activities of these third-party intermediaries, our employees, representatives, contractors, partners and agents, even if we do not explicitly authorize such activities. We have implemented and continue to update an anti-corruption compliance program but cannot assure you that all of our employees, agents and MSP partners, as well as those companies to which we outsource certain of our business operations, will not take actions in violation of our policies and applicable law, for which we may be ultimately held responsible.
As we continue to expand our business internationally, we will inevitably do more business in countries that are perceived to have heightened levels of public sector corruption. Increased business in countries perceived to have heightened levels of corruption could subject us and our officers and directors to increased scrutiny and increased liability from our business operations. Any violation of the FCPA or other applicable anti-corruption laws by our own employees or our third-party intermediaries, could result in regulatory investigations, whistleblower complaints, adverse media coverage and/or severe criminal or civil sanctions, which could have a materially adverse effect on our reputation, business, operating results and prospects. In addition, responding to any enforcement action may result in a significant diversion of management’s attention and resources and significant defense costs.
Failure to comply with governmental laws and regulations could harm our business.
Our business is subject to regulation by various federal, state, local and foreign governmental agencies, including agencies responsible for monitoring and enforcing employment and labor laws, workplace safety, product safety, environmental laws, consumer protection laws, anti-bribery laws (including the FCPA and the U.K. Anti-Bribery Act), import/export controls, federal securities laws and tax laws and regulations. In certain jurisdictions, these regulatory requirements may be more stringent than those in the United States. Noncompliance with applicable regulations or requirements could subject us to investigations, sanctions, mandatory product recalls, enforcement actions, disgorgement of profits, fines, damages, civil and criminal penalties or injunctions. If any governmental sanctions are imposed, or if we do not prevail in any possible civil or criminal litigation resulting from any alleged noncompliance, our business, operating results and financial condition could be materially adversely affected. In addition, responding to any action will likely result in a significant diversion of management’s attention and resources and an increase in professional fees. Enforcement actions, litigation and sanctions could harm our business, operating results and financial condition.
Risks Related to Our Indebtedness
Our existing indebtedness could adversely affect our business and growth prospects.
On October 23, 2020, Datto, Inc., as borrower (the “Borrower”), and certain direct and indirect wholly-owned subsidiaries of Datto Holding Corp., entered into the 2020 Credit Agreement with the lenders party thereto and Morgan Stanley Senior Funding, Inc., as administrative agent. The 2020 Credit Agreement provides for an initial $200.0 million in commitments for revolving credit loans, which amount may be increased or decreased under specific circumstances, with a $40.0 million letter of credit sublimit and a $100.0 million alternative currency sublimit. As of December 31, 2020, the 2020 Credit Agreement has no outstanding borrowings and $1.9 million of outstanding letters of credit under the revolving credit facility.
Our 2020 Credit Agreement, or any additional indebtedness we may incur, could require us to divert funds identified for other purposes for debt service and impair our liquidity position. If we cannot generate sufficient cash flow from operations to service our debt, we may need to refinance our debt, dispose of assets or issue equity to obtain necessary funds. We do not know whether we will be able to take any of these actions on a timely basis, on terms satisfactory to us or at all.
The covenants contained in our 2020 Credit Agreement have important consequences, including:
•limiting funds otherwise available for financing our capital expenditures by requiring us to dedicate a portion of our cash flows from operations to the repayment of debt and the interest on this debt;
•limiting our ability to incur additional indebtedness;
•limiting our ability to capitalize on significant business opportunities;
•making us more vulnerable to rising interest rates; and
•making us more vulnerable in the event of a downturn in our business.
We may incur additional debt under our 2020 Credit Agreement or pursuant to new arrangements, and our future levels of indebtedness may place us at a competitive disadvantage to our competitors that may not be as highly leveraged. Fluctuations in interest rates can increase borrowing costs and may directly impact the amount of interest we are required to pay and reduce earnings accordingly. In addition, developments in tax policy, such as the disallowance of tax deductions for interest paid on outstanding indebtedness, could have an adverse effect on our liquidity and our business, financial condition and results of operations. Further, our 2020 Credit Agreement contains customary affirmative and negative covenants and certain restrictions on operations that could impose operating and financial limitations and restrictions on us, including restrictions on our ability to enter into particular transactions and to engage in other actions that we may believe are advisable or necessary for our business. Amounts outstanding under our 2020 Credit Agreement may also subject us to mandatory prepayments in certain circumstances and this mandatory prepayment, and future required prepayments, would reduce our cash available for investment in our business.
We expect to use cash flow from operations to meet current and future financial obligations, including funding our operations, debt service requirements and capital expenditures. The ability to make these payments depends on our financial and operating performance, which is subject to prevailing economic, industry and competitive conditions and to certain financial, business, economic and other factors beyond our control.
Despite restrictive covenants, we may still be able to incur substantially more indebtedness or make certain restricted payments, which could further exacerbate the risks associated with our indebtedness.
We may be able to incur significant additional indebtedness in the future. The 2020 Credit Agreement provides for the ability of the Borrower to request incremental term loan facilities, in a minimum amount of $5.0 million for each facility. In addition, although the financing documents governing our 2020 Credit Agreement contain restrictions on the incurrence of additional indebtedness and liens, these restrictions are subject to a number of important qualifications and exceptions, and the additional indebtedness and liens incurred in compliance with these restrictions could be substantial.
The financing documents governing our 2020 Credit Agreement permit us to incur certain additional types of indebtedness, including liabilities that do not constitute indebtedness as defined in the financing documents. We may also consider investments in joint ventures or acquisitions, which may increase our indebtedness. In addition, financing documents governing our 2020 Credit Agreement do not restrict Vista from creating new holding companies that may be able to incur indebtedness without regard to the restrictions set forth in the financing documents governing our 2020 Credit Agreement. If new debt is added to our currently anticipated indebtedness levels, the related risks that we face could intensify.
We may not be able to generate sufficient cash flow to service all of our indebtedness, and may be forced to take other actions to satisfy our obligations under such indebtedness, which may not be successful.
To the extent we incur indebtedness, our ability to make scheduled payments or to refinance outstanding debt obligations depends on our financial and operating performance, which will be affected by prevailing economic, industry and competitive conditions and by financial, business and other factors beyond our control. We may not be able to maintain a sufficient level of cash flow from operating activities to permit us to pay the principal, premium, if any, and interest on our indebtedness. Any failure to make payments of interest and principal on our outstanding indebtedness on a timely basis would likely result in a reduction of our credit rating, which would also harm our ability to incur additional indebtedness.
If our cash flows and capital resources are insufficient to fund our debt service obligations, we may be forced to reduce or delay capital expenditures, sell assets, seek additional capital or seek to restructure or refinance our indebtedness. Any refinancing of our indebtedness could be at higher interest rates and may require us to comply with more onerous covenants. These alternative measures may not be successful and may not permit us to meet our scheduled debt service obligations. In the absence of such cash flows and resources, we could face substantial liquidity problems and might be required to sell material assets or operations to attempt to meet our debt service obligations. The financing documents governing our 2020 Credit Agreement restricts our ability to conduct asset sales and/or use the proceeds from asset sales. We may not be able to consummate these asset sales to raise capital or sell assets at prices and on terms that we believe are fair and any proceeds that we do receive may not be adequate to meet any debt service obligations then due. If we cannot meet our debt service obligations, the holders of our indebtedness may accelerate such indebtedness and, to the extent such indebtedness is secured, foreclose on our assets. In such an event, we may not have sufficient assets to repay all of our indebtedness.
The terms of the financing documents governing our 2020 Credit Agreement restricts our current and future operations, particularly our ability to respond to changes or to take certain actions.
The financing documents governing our 2020 Credit Agreement contain a number of restrictive covenants that impose significant operating and financial restrictions on us and may limit our ability to engage in acts that may be in our long-term best interests, including restrictions on our ability to:
•incur additional indebtedness;
•pay dividends on or make distributions in respect of capital stock or repurchase or redeem capital stock;
•repay, redeem or repurchase certain indebtedness;
•make loans and investments;
•sell or otherwise dispose of assets, including capital stock of restricted subsidiaries;
•incur liens;
•enter into transactions with affiliates;
•enter into agreements restricting the ability of our subsidiaries to pay dividends; and
•consolidate, merge or sell all or substantially all of our assets.
The restrictive covenants in the financing documents governing our 2020 Credit Agreement requires us to maintain specified financial ratios and satisfy other financial condition tests to the extent applicable. Our ability to meet those financial ratios and tests can be affected by events beyond our control.
A breach of the covenants or restrictions under the financing documents governing our 2020 Credit Agreement could result in an event of default under such document. Such a default may allow the creditors to accelerate the related debt, to the extent amounts are outstanding, which may result in the acceleration of any other debt to which a cross-acceleration or cross-default provision applies. In the event the holders of our indebtedness accelerate the repayment, we may not have sufficient assets to repay that indebtedness or be able to borrow sufficient funds to refinance it. Even if we are able to obtain new financing, it may not be on commercially reasonable terms or on terms acceptable to us. As a result of these restrictions, we may be:
•limited in how we conduct our business;
•unable to raise additional debt or equity financing to operate during general economic or business downturns; or
•unable to compete effectively or to take advantage of new business opportunities.
These restrictions, along with restrictions that may be contained in agreements evidencing or governing other future indebtedness, may affect our ability to grow in accordance with our growth strategy.
We may be unable to refinance our indebtedness.
We may need to refinance all or a portion of our indebtedness before maturity. We cannot assure you that we will be able to refinance any of our indebtedness on commercially reasonable terms or at all. There can be no assurance that we will be able to obtain sufficient funds to enable us to repay or refinance our debt obligations on commercially reasonable terms, or at all.
A lowering or withdrawal of the ratings assigned to our debt securities by rating agencies may increase our future borrowing costs and reduce our access to capital.
Our debt currently has a non-investment grade rating. Any rating assigned could be lowered or withdrawn entirely by a rating agency if, in that rating agency’s judgment, future circumstances relating to the basis of the rating, such as adverse changes, so warrant. Any future lowering of our ratings likely would make it more difficult or more expensive for us to obtain additional debt financing.
Our failure to raise additional capital or generate cash flows necessary to expand our operations and invest in new technologies in the future could reduce our ability to compete successfully and harm our results of operations.
We may need to raise additional funds, and we may not be able to obtain additional debt or equity financing on favorable terms or at all. If we raise additional equity financing, our security holders may experience significant dilution of their ownership interests. If we engage in additional debt financing, we may be required to accept terms that restrict our ability to incur additional indebtedness, force us
to maintain specified liquidity or other ratios or restrict our ability to pay dividends or make acquisitions. If we need additional capital and cannot raise it on acceptable terms, or at all, we may not be able to, among other things:
•develop and enhance our solutions;
•continue to expand our research and development and sales and marketing organizations;
•hire, train and retain employees;
•respond to competitive pressures or unanticipated working capital requirements; or
•pursue acquisition opportunities.
In addition, our 2020 Credit Agreement also limits our ability to incur additional debt and therefore we may have to amend our 2020 Credit Agreement or issue additional equity to raise capital. If we issue additional equity, your interest in us will be diluted.
Risks Related to Ownership of Our Common Stock
Vista controls us, and its interests may conflict with ours or yours in the future.
At December 31, 2020, Vista beneficially owned approximately 70.6% of our common stock, which means that, based on its percentage voting power, Vista controlled the vote of all matters submitted to a vote of our board of directors, or our Board, or shareholders, which enables it to control the election of the members of the Board and all other corporate decisions. In addition, our bylaws provide that Vista has the right to designate the Chairman of the Board for so long as Vista beneficially owns at least 30% or more of the voting power of the then outstanding shares of our capital stock then entitled to vote generally in the election of directors. Even when Vista ceases to own shares of our stock representing a majority of the total voting power, for so long as Vista continues to own a significant percentage of our stock, Vista will still be able to significantly influence the composition of our Board, including the right to designate the Chairman of our Board, and the approval of actions requiring shareholder approval. Accordingly, for such period of time, Vista will have significant influence with respect to our management, business plans and policies, including the appointment and removal of our officers, decisions on whether to raise future capital and amending our charter and bylaws, which govern the rights attached to our common stock. In particular, for so long as Vista continues to own a significant percentage of our stock, Vista will be able to cause or prevent a change of control of us or a change in the composition of our Board, including the selection of the Chairman of our Board, and could preclude any unsolicited acquisition of us. The concentration of ownership could deprive you of an opportunity to receive a premium for your shares of common stock as part of a sale of us and ultimately might affect the market price of our common stock.
In addition, in connection with our IPO, we entered into a Director Nomination Agreement with Vista that provides Vista the right to designate: (i) all of the nominees for election to our Board for so long as Vista beneficially owns 40% or more of the total number of shares of our common stock it owned on the date of the IPO; (ii) a number of directors (rounded up to the nearest whole number) equal to 40% of the total directors for so long as Vista beneficially owns at least 30% and less than 40% of the total number of shares of our common stock it owned on the date of the IPO; (iii) a number of directors (rounded up to the nearest whole number) equal to 30% of the total directors for so long as Vista beneficially owns at least 20% and less than 30% of the total number of shares of our common stock it owned on the date of our IPO; (iv) a number of directors (rounded up to the nearest whole number) equal to 20% of the total directors for so long as Vista beneficially owns at least 10% and less than 20% of the total number of shares of our common stock it owned on the date of the IPO; and (v) one director for so long as Vista beneficially owns at least 5% and less than 10% of the total number of shares of our common stock it owned on the date of the IPO, in each case minus the number of designees, if any, Mr. McChord and certain entities affiliated with him are entitled to nominate. The Director Nomination Agreement also provides that Vista may assign such right to a Vista affiliate. The Director Nomination Agreement prohibits us from increasing or decreasing the size of our Board without the prior written consent of Vista.
Vista and its affiliates engage in a broad spectrum of activities, including investments in the information and business services industry generally. In the ordinary course of their business activities, Vista and its affiliates may engage in activities where their interests conflict with our interests or those of our other shareholders, such as investing in or advising businesses that directly or indirectly compete with certain portions of our business or are suppliers or partners of ours. Our certificate of incorporation provides that none of Vista, any of its affiliates or any director who is not employed by us (including any non-employee director who serves as one of our officers in both his director and officer capacities) or its affiliates has any duty to refrain from engaging, directly or indirectly, in the same business activities or similar business activities or lines of business in which we operate. Vista also may pursue acquisition opportunities that may be complementary to our business, and, as a result, those acquisition opportunities may not be available to us. In addition, Vista may have an interest in pursuing acquisitions, divestitures and other transactions that, in its judgment, could enhance its investment, even though such transactions might involve risks to you.
We are a “controlled company” within the meaning of the rules of the New York Stock Exchange, and, as a result, we will qualify for, and intend to rely on, exemptions from certain corporate governance requirements. You will not have the same protections as those afforded to stockholders of companies that are subject to such governance requirements.
Vista Funds control a majority of the voting power of our outstanding common stock. As a result, we are a “controlled company” within the meaning of the corporate governance standards of the New York Stock Exchange. Under these rules, a company of which more than 50% of the voting power for the election of directors is held by an individual, group or another company is a “controlled company” and may elect not to comply with certain corporate governance requirements, including:
•the requirement that a majority of our Board consist of independent directors;
•the requirement that we have a nominating and corporate governance committee that is composed entirely of independent directors with a written charter addressing the committee’s purpose and responsibilities;
•the requirement that we have a compensation committee that is composed entirely of independent directors with a written charter addressing the committee’s purpose and responsibilities; and
•the requirement for an annual performance evaluation of the nominating and corporate governance and compensation committees.
We intend to continue to utilize these exemptions. As a result, currently we do not have a majority of independent directors on our Board, our Compensation and Nominating Committee does not consist entirely of independent directors and our Compensation and Nominating Committee is not subject to annual performance evaluations. Accordingly, you will not have the same protections afforded to stockholders of companies that are subject to all of the corporate governance requirements of the New York Stock Exchange.
For so long as we are an “emerging growth company,” we will not be required to elect to comply with certain public company reporting requirements, which could make our common stock less attractive to investors.
We are an “emerging growth company,” as defined in the JOBS Act. For as long as we continue to be an emerging growth company, we are eligible for certain exemptions from various public company reporting requirements. These exemptions include, but are not limited to, (i) not being required to comply with the auditor attestation requirements of Section 404 of Sarbanes-Oxley, (ii) reduced disclosure obligations regarding executive compensation in our periodic reports, proxy statements and registration statements, (iii) exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and shareholder approval of any golden parachute payments not previously approved and (iv) not being required to provide five years of Selected Financial Data in this Annual Report on Form 10-K. We could be an emerging growth company for up to five years after the first sale of our common stock in our IPO, which fifth anniversary will occur in 2025. However, if certain events occur prior to the end of such five-year period, including if we become a “large accelerated filer”, our annual gross revenue exceeds $1.07 billion or we issue more than $1.0 billion of non-convertible debt in any three-year period, we would cease to be an emerging growth company prior to the end of such five-year period. We made certain elections with regard to the reduced disclosure obligations regarding executive compensation in this Annual Report on Form 10-K and may elect to take advantage of other reduced disclosure obligations in future filings. As a result, the information that we provide to holders of our common stock may be different than you might receive from other public reporting companies in which you hold equity interests. We cannot predict if investors will find our common stock less attractive as a result of our reliance on these exemptions. If some investors find our common stock less attractive as a result of any choice we make to reduce disclosure, there may be a less active trading market for our common stock and the market price for our common stock may be more volatile.
Under the JOBS Act, emerging growth companies may also elect to delay adoption of new or revised accounting standards until such time as those standards apply to private companies. We have elected to “opt-in” to this extended transition period for complying with new or revised accounting standards and, therefore, we will not be subject to the same new or revised accounting standards as other public companies that comply with such new or revised accounting standards on a non-delayed basis. As a result, our financial statements may not be comparable to companies that comply with public company effective dates, and thus investors may have difficulty evaluating or comparing our business, performance or prospects in comparison to other public companies, which may have a negative impact on the value and liquidity of our common stock.
The requirements of being a public company may strain our resources and distract our management, which could make it difficult to manage our business, particularly after we are no longer an “emerging growth company.”
As a public company, we incur legal, accounting and other expenses that we did not previously incur. We are subject to the reporting requirements of the Securities Exchange Act of 1934, as amended, or the Exchange Act, and the Sarbanes-Oxley Act, the listing requirements of the and other applicable securities rules and regulations. Compliance with these rules and regulations will continue to increase our legal and financial compliance costs, make some activities more difficult, time-consuming or costly and increase demand on our systems and resources, particularly after we are no longer an “emerging growth company.” The Exchange Act requires
that we file annual, quarterly and current reports with respect to our business, financial condition and results of operations. The Sarbanes-Oxley Act requires, among other things, that we establish and maintain effective internal controls and procedures for financial reporting. Furthermore, the need to establish the corporate infrastructure demanded of a public company may divert our management’s attention from implementing our growth strategy, which could prevent us from improving our business, financial condition and results of operations. We have made, and will continue to make, changes to our internal controls and procedures for financial reporting and accounting systems to meet our reporting obligations as a public company. However, the measures we take may not be sufficient to satisfy our obligations as a public company. In addition, these rules and regulations will increase our legal and financial compliance costs and will make some activities more time-consuming and costly. For example, we expect these rules and regulations to make it more difficult and more expensive for us to obtain director and officer liability insurance, and we may be required to incur substantial costs to maintain the same or similar coverage. These additional obligations could have a material adverse effect on our business, financial condition and results of operations.
In addition, changing laws, regulations and standards relating to corporate governance and public disclosure are creating uncertainty for public companies, increasing legal and financial compliance costs and making some activities more time consuming. These laws, regulations and standards are subject to varying interpretations, in many cases due to their lack of specificity, and, as a result, their application in practice may evolve over time as new guidance is provided by regulatory and governing bodies. This could result in continuing uncertainty regarding compliance matters and higher costs necessitated by ongoing revisions to disclosure and governance practices. We intend to invest resources to comply with evolving laws, regulations and standards, and this investment may result in increased general and administrative expenses and a diversion of our management’s time and attention from sales-generating activities to compliance activities. If our efforts to comply with new laws, regulations and standards differ from the activities intended by regulatory or governing bodies due to ambiguities related to their application and practice, regulatory authorities may initiate legal proceedings against us and could have a material adversely effect on our business, financial condition and results of operations.
Provisions of our corporate governance documents could make an acquisition of us more difficult and may prevent attempts by our shareholders to replace or remove our current management, even if beneficial to our shareholders.
In addition to Vista’s beneficial ownership of 70.6% of our common stock as of December 31, 2020, our certificate of incorporation and bylaws, and the Delaware General Corporation Law, or the DGCL, contain provisions that could make it more difficult for a third-party to acquire us, even if doing so might be beneficial to our shareholders. In certain instances outlined below, these provisions do not take effect until Vista’s beneficial ownership of our common stock drops below a certain percentage. As a result, the anti-takeover effect of these provisions is expected to increase over time as Vista’s beneficial ownership decreases. In each instance, these changes will occur automatically pursuant to the terms of our certificate of incorporation and bylaws and without further action by our board or stockholders upon Vista’s ownership crossing the applicable thresholds. Among other things:
•these provisions allow us to authorize the issuance of undesignated preferred stock, the terms of which may be established and the shares of which may be issued without shareholder approval, and which may include supermajority voting, special approval, dividend, or other rights or preferences superior to the rights of shareholders;
•these provisions provide for a classified board of directors with staggered three-year terms;
•these provisions provide that, at any time when Vista beneficially owns, in the aggregate, less than 40% in voting power of the our stock entitled to vote generally in the election of directors, directors may only be removed for cause, and only by the affirmative vote of holders of at least 66 2/3% in voting power of all the then-outstanding shares of our stock entitled to vote thereon, voting together as a single class;
•these provisions prohibit shareholder action by written consent from and after the date on which Vista beneficially owns, in the aggregate, less than 35% in voting power of our stock entitled to vote generally in the election of directors;
•these provisions provide that for as long as Vista beneficially owns, in the aggregate, at least 50% in voting power of our stock entitled to vote generally in the election of directors, any amendment, alteration, rescission or repeal of our bylaws by our shareholders will require the affirmative vote of a majority in voting power of the outstanding shares of our stock and at any time when Vista beneficially owns, in the aggregate, less than 50% in voting power of all outstanding shares of our stock entitled to vote generally in the election of directors, any amendment, alteration, rescission or repeal of our bylaws by our shareholders will require the affirmative vote of the holders of at least 66 2/3% in voting power of all the then-outstanding shares of our stock entitled to vote thereon, voting together as a single class; and
•these provisions establish advance notice requirements for nominations for elections to our Board or for proposing matters that can be acted upon by shareholders at shareholder meetings; provided, however, at any time when Vista beneficially owns, in the aggregate, at least 10% in voting power of our stock entitled to vote generally in the election of directors, such advance notice procedure will not apply to it.
Our certificate of incorporation contains a provision that provides us with protections similar to Section 203 of the DGCL, and prevents us from engaging in a business combination with a person (excluding Vista and any of its direct or indirect transferees and any
group as to which such persons are a party) who acquires at least 15% of our common stock for a period of three years from the date such person acquired such common stock, unless Board or shareholder approval is obtained prior to the acquisition. These provisions could discourage, delay or prevent a transaction involving a change in control of our company. These provisions could also discourage proxy contests and make it more difficult for you and other shareholders to elect directors of your choosing and cause us to take other corporate actions you desire, including actions that you may deem advantageous, or negatively affect the trading price of our common stock. In addition, because our Board is responsible for appointing the members of our management team, these provisions could in turn affect any attempt by our shareholders to replace current members of our management team.
These and other provisions in our certificate of incorporation, bylaws and Delaware law could make it more difficult for shareholders or potential acquirers to obtain control of our Board or initiate actions that are opposed by our then-current Board, including delay or impede a merger, tender offer or proxy contest involving our company. The existence of these provisions could negatively affect the price of our common stock and limit opportunities for you to realize value in a corporate transaction.
Our certificate of incorporation designates the Court of Chancery of the State of Delaware as the exclusive forum for certain litigation that may be initiated by our shareholders, which could limit our shareholders’ ability to obtain a favorable judicial forum for disputes with us.
Pursuant to our certificate of incorporation, unless we consent in writing to the selection of an alternative forum, the Court of Chancery of the State of Delaware is the sole and exclusive forum for (1) any derivative action or proceeding brought on our behalf, (2) any action asserting a claim of breach of a fiduciary duty owed by any of our directors, officers or other employees to us or our shareholders, (3) any action asserting a claim against us arising pursuant to any provision of the DGCL, our certificate of incorporation or our bylaws or (4) any other action asserting a claim against us that is governed by the internal affairs doctrine; provided that for the avoidance of doubt, the forum selection provision that identifies the Court of Chancery of the State of Delaware as the exclusive forum for certain litigation, including any “derivative action”, will not apply to suits to enforce a duty or liability created by Securities Act, the Exchange Act or any other claim for which the federal courts have exclusive jurisdiction. Our certificate of incorporation will further provide that any person or entity purchasing or otherwise acquiring any interest in shares of our capital stock is deemed to have notice of and consented to the provisions of our certificate of incorporation described above. The forum selection clause in our certificate of incorporation may have the effect of discouraging lawsuits against us or our directors and officers and may limit our shareholders’ ability to obtain a favorable judicial forum for disputes with us.
Our operating results and stock price may be volatile, and the market price of our common stock may drop below the price you pay.
Our quarterly operating results are likely to fluctuate in the future. In addition, securities markets worldwide have experienced, and are likely to continue to experience, significant price and volume fluctuations. This market volatility, as well as general economic, market or political conditions, could subject the market price of our shares to wide price fluctuations regardless of our operating performance. Our operating results and the trading price of our shares may fluctuate in response to various factors, including:
•market conditions in our industry or the broader stock market;
•actual or anticipated fluctuations in our quarterly financial and operating results;
•introduction of new solutions or services by us or our competitors;
•issuance of new or changed securities analysts’ reports or recommendations;
•sales, or anticipated sales, of large blocks of our stock;
•additions or departures of key personnel;
•regulatory or political developments;
•litigation and governmental investigations;
•changing economic conditions;
•investors’ perception of us;
•events beyond our control such as weather and war; and
•any default on our indebtedness.
These and other factors, many of which are beyond our control, may cause our operating results and the market price and demand for our shares to fluctuate substantially. Fluctuations in our quarterly operating results could limit or prevent investors from readily
selling their shares and may otherwise negatively affect the market price and liquidity of our shares. In addition, in the past, when the market price of a stock has been volatile, holders of that stock have sometimes instituted securities class action litigation against the company that issued the stock. If any of our shareholders brought a lawsuit against us, we could incur substantial costs defending the lawsuit. Such a lawsuit could also divert the time and attention of our management from our business, which could significantly harm our results of operations and reputation.
A significant portion of our total outstanding shares are restricted from immediate resale but may be sold into the market in the near future. This could cause the market price of our common stock to drop significantly, even if our business is doing well.
Sales of a substantial number of shares of our common stock in the public market could occur at any time. These sales, or the perception in the market that the holders of a large number of shares intend to sell shares, could reduce the market price of our common stock. Following our IPO, shares that were not sold in our IPO are subject to a 180-day lock-up period provided under lock-up agreements executed in connection with the IPO and restricted from immediate resale under the federal securities laws. All of these shares will, however, be able to be resold after the expiration of the lock-up period, as well as pursuant to customary exceptions thereto or upon the waiver of the lock-up agreement by Morgan Stanley & Co. LLC on behalf of the underwriters of our IPO. We have registered 34,934,110 shares of our common stock that we can issue pursuant to our various equity plans. As restrictions on resale end, the market price of our stock could decline if the holders of currently restricted shares sell them or are perceived by the market as intending to sell them. A decline in the market price of our stock may also impair our ability to raise capital to continue to fund operations by issuing shares and may impair our ability to acquire other companies or technologies by using our shares as consideration.
As described in our IPO Prospectus, we entered into a registration rights agreement with Vista, which requires us to affect the registration of Vista's shares in certain circumstances following the expiration of the 180-day lock-up period. If Vista exercises its rights under this agreement to resell a significant amount of its shares of our common stock, we will not receive any proceeds from those offerings.
Because we have no current plans to pay regular cash dividends on our common stock for the foreseeable future, you may not receive any return on investment unless you sell your common stock for a price greater than that which you paid for it.
We do not anticipate paying any regular cash dividends on our common stock for the foreseeable future. Any decision to declare and pay dividends in the future will be made at the discretion of our Board and will depend on, among other things, our results of operations, financial condition, cash requirements, contractual restrictions and other factors that our Board may deem relevant. In addition, our ability to pay dividends is, and may be, limited by covenants of existing and any future outstanding indebtedness we or our subsidiaries incur, including under our 2020 Credit Agreement. Therefore, any return on investment in our common stock is solely dependent upon the appreciation of the price of our common stock on the open market, which may not occur.
If securities or industry analysts do not publish research or reports about our business, if they adversely change their recommendations regarding our shares or if our results of operations do not meet their expectations, our stock price and trading volume could decline.
The trading market for our shares is influenced by the research and reports that industry or securities analysts publish about us or our business. We do not have any control over these analysts. If one or more of these analysts cease coverage of us or fail to publish reports on us regularly, we could lose visibility in the financial markets, which in turn could cause our stock price or trading volume to decline. Moreover, if one or more of the analysts who cover us downgrade our stock, or if our results of operations do not meet their expectations, our stock price could decline.
We may issue shares of preferred stock in the future, which could make it difficult for another company to acquire us or could otherwise adversely affect holders of our common stock, which could depress the price of our common stock.
Our certificate of incorporation authorizes us to issue one or more series of preferred stock. Our Board has the authority to determine the preferences, limitations and relative rights of the shares of preferred stock and to fix the number of shares constituting any series and the designation of such series, without any further vote or action by our shareholders. Our preferred stock could be issued with voting, liquidation, dividend and other rights superior to the rights of our common stock. The potential issuance of preferred stock may delay or prevent a change in control of us, discouraging bids for our common stock at a premium to the market price, and materially adversely affect the market price and the voting and other rights of the holders of our common stock.