We support our channel partners with a dedicated team of experienced channel account managers, sales professionals and sales engineers who provide business planning, joint marketing strategy, and pre-sales and operational sales support. Additionally, our sales teams help drive and support large enterprise and service provider sales through a direct touch model. Our sales professionals and engineers typically work closely with our channel partners and directly engage with large end-customers to address their unique security and deployment requirements. To support our broadly dispersed global channel and end-customer base, we have sales professionals in over 80 countries around the world.
We outsource the manufacturing of our security appliance products to a variety of contract manufacturers and original design manufacturers. Our current manufacturing partners include ADLINK Technology, Inc. (“ADLINK”), IBASE Technology, Inc. (“IBASE”), Micro-Star International Co. (“Micro-Star”), Senao Networks, Inc. (“Senao”), Wistron Corporation Flextronics International Ltd, Senao Networks, Inc., Adlink Technology, Inc.(“Wistron”) and a number of manufacturers locatedother manufacturers. Approximately 85% of our hardware is manufactured in Taiwan and other countries outside the United States.Taiwan. We submit purchase orders to our contract manufacturers that describe the type and quantities of our products to be manufactured, the delivery date and other delivery terms. Once our products are manufactured, they are sent to either our warehouse in California or to our logistics partner in Taoyuan City, Taiwan, where accessory packaging and quality-control testing are performed. We believe that outsourcing our manufacturing and a substantial portion of our logistics enables us to focus resources on our core competencies. Our proprietary SPUs, which are the key to the performance of our appliances, are built by contract manufacturers including Faraday Technology CorporationToshiba America Electronic Components, Inc. (“Faraday”Toshiba”), Kawasaki Microelectronics America, Inc. and Renesas Electronics CorporationAmerica, Inc. (“Renesas”). These contract manufacturers use foundries in Taiwan and Japan operated by either United Microelectronics Corporation (“UMC”) or Taiwan Semiconductor Manufacturing Company Limited (“TSMC”), or their own foundry, such as Renesas’ fab.by the contract manufacturer itself.
The components included in our products are sourced from various suppliers by us or, more frequently, by our contract manufacturers. Some of the components important to our business, including specific types ofcertain CPUs from Intel Corporation (“Intel”), network chips from Broadcom CorporationInc. (“Broadcom”), Marvell Technology Group Ltd. (“Marvell”) and Intel, and solid-state drives (silicon-based storage devices)memory devices from Intel, ADATA Technology Co., Ltd. (“ADATA”), OCZ Technology Group, Inc. (“OCZ”), Samsung Electronics Co., Ltd. (“Samsung”), and Western Digital Technologies, Inc. (“Western Digital”), are available from a limited or sole sourcesources of supply.
We have no long-term contracts related to the manufacturing of our ASICs or other components that guarantee any capacity or pricing terms.
Despite our efforts to protect our rights in our technology, unauthorized parties may attempt to copy aspects of our products or obtain and use information and technology that we regard as proprietary. We generally enter into confidentiality agreements with our employees, consultants, vendors and customers, and generally limit access to and distribution of our proprietary information. However, we cannot provide assurance that the steps we take will prevent misappropriation of our technology. In addition, the laws of some foreign countries do not protect our proprietary rights to as great an extent as the laws of the United States, and many foreign countries do not enforce these laws as diligently as government agencies and private parties in the United States.
Our industry is characterized by the existence of a large number of patents and frequent claims and related litigation regarding patent and other intellectual propertyIP rights. Third parties have asserted, are currently asserting and may in the future assert patent, copyright, trademark or other intellectual propertyIP rights against us, our channel partners or our end-customers. Successful claims of infringement by a third partythird-party could prevent us from distributing certain products or performing certain services or require us to pay substantial damages (including treble damages if we are found to have willfully infringed patents or copyrights), royalties or other fees. Even if third parties may offer a license to their technology, the terms of any offered license may not be acceptable and the failure to obtain a license or the costs associated with any license could cause our business, operating results or financial condition to be materially and adversely affected. We typicallyIn certain instances, we indemnify our end-customers, distributors and certain resellers against claims that our products infringe the intellectual propertyIP of third parties.
For information regarding seasonality in our sales, see the section entitled “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Unaudited Quarterly Results of Operations—Seasonality, Cyclicality and Quarterly Revenue Trends” in Part II, Item 7 of this Annual Report on Form 10-K.
The markets for our products are extremely competitive and are characterized by rapid technological change. The principal competitive factors in our markets include the following:
Conditions in our markets could change rapidly and significantly as a result of technological advancements or continuing market consolidation. The development and market acceptance of alternative technologies could decrease the demand for our products or render them obsolete. Our competitors may introduce products that are less costly, provide superior performance, market their productsare better marketed, or achieve greater market acceptance than us. In addition,our products. Additionally, our larger competitors often have broader product lines and are in a better positionpositioned to withstand anya significant reduction in capital spending by end-customers, in these markets, and will therefore not be as susceptible to downturns in a particular market. The above competitive pressures are likely to continue to impact our business. We may not be able to compete successfully in the future, and competition may harm our business.
None of our U.S. employees are represented by a labor union; however, ourunion. Our employees in certain European and Latin American countries, however, have the right to be represented by external labor organizations if they maintain up-to-date union membership. We have not experienced any work stoppages, and we consider our relations with our employees to be good.
We webcast our earnings calls and certain events we participate in or host with members of the investment community on our investor relations web site. Additionally, we provide notifications of news or announcements regarding our financial performance, including SEC filings, investor events and press and earnings releases, as part of our investor relations web site. The contents of these web sites are not intended to be incorporated by reference into this report or in any other report or document we file.
ITEM 1A. Risk Factors
Investing in our common stock involves a high degree of risk. Investors should carefully consider the following risks and all other information contained in this Annual Report on Form 10-K, including our consolidated financial statements and the related notes, before investing in our common stock. The risks and uncertainties described below are not the only ones we face. Additional risks and uncertainties that we are unaware of, or that we currently believe are not material, also may become important factors that affect us. If any of the following risks materialize, our business, financial condition and results of operations could be materially harmed. In that case, the trading price of our common stock could decline substantially, and investors may lose some or all of their investment. We have summarized risks immediately below and encourage investors to carefully read the entirety of this Risk Factors section.
Our operating results are likely to vary significantly and be unpredictable.
Our operating results have historically varied from period to period, and we expect that they will continue to do so as a result of a number of factors, many of which are outside of our control or may be difficult to predict, including:
Any one of the factors above or the cumulative effect of some of the factors referred to above may result in significant fluctuations in our quarterly financial and other operating results. This variability and unpredictability could result in our failing to meet our internal operating plan or the expectations of securities analysts or investors for any period. If we fail to meet or exceed such expectations for these or any other reasons, the market price of our shares could fall substantially and we could face costly lawsuits, including securities class action suits. In addition, a significant percentage of our operating expenses are fixed in nature over the near term. Accordingly, in the event of revenue shortfalls, we are generally unable to mitigate the negative impact on margins in the short term.
Adverse economic conditions or reduced information technology spending may adversely impact our business.
Our business depends on the overall demand for information technology and on the economic health of our current and prospective customers. In addition, the purchase of our products is often discretionary and may involve a significant commitment of capital and other resources. Weak global and regional economic conditions and spending environments, geopolitical instability and uncertainty, weak economic conditions in certain regions or a reduction in information technology spending regardless of macro-economic conditions, including the effects of the COVID-19 pandemic on the foregoing issues, could have adverse impacts on our business, financial condition and results of operations, including longer sales cycles, lower prices for our products and services, higher default rates among our channel partners, reduced unit sales and slower or declining growth.
Our billings, revenue, operating margin and free cash flow growth may slow or may not continue.
We may experience slowing growth, or a decrease, in billings, revenue, operating margin and free cash flow for a number of reasons, including as a result of the COVID-19 pandemic, a slowdown in demand for our products or services, a shift in demand from products to services, increased competition, a decrease in the growth of our overall market or softness in demand in certain geographies or industry verticals, such as the service provider industry, changes in our strategic opportunities, execution risks and our failure for any reason to continue to capitalize on sales and growth opportunities and due to other risks identified in the risk factors described in this periodic report. Our expenses as a percentage of total revenue may be higher than expected if our revenue is lower than expected and, ifexpected. If our investments in sales and marketing and other functional areas do not result in expected billings and revenue growth, we may experience margin declines anddeclines. In addition, we may not be able to sustain profitability in future periods if we fail to increase billings, revenue or deferred revenue, and do not appropriately manage our cost structure, and free cash flow, or encounter unanticipated liabilities. AnyAs a result, any failure by us to maintain profitability maintain ourand margins and continue our billings, revenue and free cash flow growth could cause the price of our common stock to materially decline.
We generate a majority of revenue from sales to distributors, resellers and end-customers outside of the United States, and we are therefore subject to a number of risks associated with international sales and operations.
We market and sell our products throughout the world and have established sales offices in many parts of the world. Our international sales have represented a majority of our total revenue in recent periods. Therefore, we are subject to risks associated with having worldwide operations. We are also subject to a number of risks typically associated with international sales and operations, including:
Product and service sales and employee and contractor matters may be subject to foreign governmental regulations, which vary substantially from country to country. Further, we may be unable to keep up-to-dateup to date with changes in government requirements as they change over time. Failure to comply with these regulations could result in adverse effects to our business. In many foreign countries, it is common for others to engage in business practices that are prohibited by our internal policies and procedures or U.S. regulations applicable to us. Although we implemented policies and procedures designed to ensure compliance with these laws and policies, there can be no assurance that all of our employees, contractors, channel partners and agents will comply with these laws and policies. Violations of laws or key control policies by our employees, contractors, channel partners or agents could result in litigation, regulatory action, costs of investigation, delays in revenue recognition, delays in financial reporting, financial reporting misstatements, fines, penalties or the prohibition of the importation or exportation of our products and services, any of which could have a material adverse effect on our business and results of operations.
If we are not successful in continuing to execute our strategy to increase our sales to large and medium-sized end-customers, our results of operations may suffer.
An important part of our growth strategy is to increase sales of our products to large and medium-sized businesses, service providers and government organizations. While we have increased sales in recent periods to large and medium-sized businesses, our sales volume varies by quarter.quarter and there is risk as to our level of success selling to these target customers. Such sales involve unique sales skillsets, processes and structures, are often formore complex and feature a longer contract term and may be at higher discount levels. We also have experienced uneven traction selling to certain government organizations and service providers and MSSPs, and there can be no assurance that we will be successful selling to these customers. Sales to these organizations involve risks that may not be present, or that are present to a lesser extent, with sales to smaller entities. These risks include:
If we do not increase the effectiveness of our sales organization, we may have difficulty adding new end-customers or increasing sales to our existing end-customers and our business may be adversely affected.
Reliance on a concentration of shipments at the end of the quarter could cause our billings and revenue to fall below expected levels.
As a result of customer-buying patterns and the efforts of our sales force and channel partners to meet or exceed quarterly quotas, we have historically received a substantial portion of each quarter’s sales orders and generated a substantial portion of each quarter’s billings and revenue during the last two weeks of the quarter. If expected orders at the end of any quarter are delayed for any reason, including the failure of anticipated purchase orders to materialize, our logistics partners’ inability to ship products prior to quarter-end to fulfill purchase orders received near the end of the quarter, our failure to accurately forecast our inventory requirements and to appropriately manage inventory to meet demand, our inability to release new products on schedule, any failure of our systems related to order review and processing, any delays in shipments due to trade compliance requirements, labor disputes or logistics changes at shipping ports or otherwise, our billings and revenue for that quarter could fall below our expectations or those of securities analysts and investors, resulting in a decline in our stock price.
Unless we continue to develop better market awareness of our company and our products, and to improve lead generation and sales enablement, our revenue may not continue to grow.
Increased market awareness of our capabilities and products and increased lead generation are essential to our continued growth and our success in all of our markets, particularly the market for thesales to large businesses, service providerproviders and government organization market. We have historically had relatively low spending on marketing activities.organizations. While we have increased our investments in sales and marketing, it is not clear that these investments will continue to result in increased revenue. If our investments in additional sales personnel or if our marketing programs are not successful in continuing to create market awareness of our company and products or increasing lead generation, or if we experience turnover and disruption in our sales and marketing teams, we willmay not be able to achieve sustained growth, and our business, financial condition and results of operations willmay be adversely affected.
We rely on third-party channel partners to generate substantially all of our revenue. If our partners fail to perform, our ability to sell our products and services will beare also limited and if we fail to optimize our channel partner model going forward, our operating results will be harmed.
A significant portion of our sales is generated through a limited number of distributors, and substantially all of our revenue is generated through sales by our channel partners, including distributors and resellers. We depend on our channel partners to generate a significant portion of our sales opportunities and to manage our sales process. To the extent our channel partners are unsuccessful in selling our products, or we are unable to enter into arrangements with and retain a sufficient number of high-quality channel partners in each of the regions in which we sell products, or if we are unable to keep them motivated to sell our products, our ability to sell our products and operating results will be harmed. The termination of our relationship with any significant channel partner may adversely impact our sales and operating results.
We provide sales channel partners with specific programs to assist them in selling our products and incentivize them to sell our products, but there can be no assurance that these programs will be effective. In addition, our channel partners may be unsuccessful in marketing, selling and supporting our products and services and may purchase more inventory than they can sell. Our channel partners generally do not have minimum purchase requirements. Some of our channel partners may have insufficient financial resources to withstand changes and challenges in business conditions. In addition, if our channel partners’ financial condition or operations weaken it could negatively impact their ability to sell our product and services. Our channel partners may also market, sell and support products and services that are competitive with ours, and may devote more resources to the marketing, sales and support of such products. They may also have incentives to promote our competitors’ products to the detriment of our own, or they may cease selling our products altogether. We cannot ensure that we will retain these channel partners or that we will be able to secure additional or replacement partners or that existing channel partners will continue to perform. The loss of one or more of our significant channel partners or the failure to obtain and ship a number of large orders each quarter through them could harm our operating results.
In addition, we may be impacted by consolidation of our existing channel partners. In such instances, we may experience changes to our overall business and operational relationships due to dealing with a larger combined entity, and our ability to maintain such relationships on favorable contractual terms may be more limited. We may also become increasingly dependent on a more limited number of channel partners, as consolidation increases the relative proportion of our business for which each channel partner is responsible, which may magnify the risks described in the preceding paragraphs. In July 2017, Exclusive, which distributes our solutions to a large group of resellers and end-customers, acquired Fine Tec U.S. Since the acquisition of Fine Tec U.S., Exclusive’s business with us has increased and may continue to increase in the future. The two channel partners together accounted for 35% of our total net accounts receivable as of December 31, 2017 and 25% of our total revenue during 2017. In the fourth quarter of 2017, the combined Exclusive/Fine Tec U.S. entity accounted for 30% of our total revenue. During 2015 and 2016, Exclusive accounted for 18% and 20% of our total revenue, respectively.
In addition, any new sales channel partner will require extensive training and may take several months or more to achieve productivity. Our channel partner sales structure could subject us to lawsuits, potential liability and reputational harm if, for example, any of our channel partners misrepresent the functionality of our products or services to end-customers or our channel partners violate laws or our corporate policies. We depend on our global channel partners to comply with applicable legal and regulatory requirements. To the extent that they fail to do so, that could have a material adverse effect on our business, operating results and financial condition. If we fail to optimize our channel partner model or fail to manage existing sales channels, our business will be seriously harmed.
Actual, possible or perceived defects or vulnerabilities in our products or services, the failure of our products or services to prevent a virus or security breach or the misuse of our products could harm our reputation and divert resources.
Because our products and services are complex, they have contained and may contain defects or errors that are not detected until after their commercial release and deployment by our customers. Defects or vulnerabilities may impede or block network traffic, cause our products or services to be vulnerable to electronic break-ins or cause them to fail to help secure networks. Different customers deploy and use our products in different ways, and certain deployments and usages may subject our products to adverse conditions that may negatively impact the effectiveness and useful lifetime of our products. Our networks and products, including cloud-based technology and subscriptions, could be targeted by attacks specifically designed to disrupt our business and harm our reputation. We cannot ensure that our products will prevent all security threats. Because the techniques used by computer hackers to access or sabotage networks change frequently and generally are not recognized until launched against a target, we may be unable to anticipate these techniques. In addition, defects or errors in our FortiGuard security subscription updates or our FortiGate appliances could result in a failure of our FortiGuard security subscription services to effectively update end-customers’ FortiGate appliances and cloud-based products and thereby leave customers vulnerable to attacks. Furthermore, our solutions may also fail to detect or prevent viruses, worms or similar threats due to a number of reasons such as the evolving nature of such threats and the continual emergence of new threats that we may fail to add to our FortiGuard databases in time to protect our end-customers’ networks. Our FortiGuard or FortiCare data centers and networks may also experience technical failures and downtime, and may fail to distribute appropriate updates, or fail to meet the increased requirements of our customer base. Any such technical failure, downtime or failures in general may temporarily or permanently expose our end-customers’ networks, leaving their networks unprotected against the latest security threats.
An actual, possible or perceived security breach or infection of the network of one of our end-customers, regardless of whether the breach is attributable to the failure of our products or services to prevent the security breach, could adversely affect the market’s perception of our security products and services and, in some instances, subject us to potential liability that is not contractually limited. We may not be able to correct any security flaws or vulnerabilities promptly, or at all. Our products may also be misused by end-customers or third parties who obtain access to our products. For example, our products could be used to censor private access to certain information on the internet. Such use of our products for censorship could result in negative
press coverage and negatively affect our reputation, even if we take reasonable measures to prevent any improper shipment of our products or if our products are provided by an unauthorized third party. Any actual, possible or perceived defects, errors or vulnerabilities in our products, or misuse of our products, could result in:
the expenditure of significant financial and product development resources inmarketing efforts to analyze, correct, eliminate or work around errors or defects or to address and eliminate vulnerabilities;
the loss of existing or potential end-customers or channel partners;
delayed or lost revenue;
delay or failure to attain market acceptance;
negative publicity and harm to our reputation; and
litigation, regulatory inquiries or investigations that may be costly and harm our reputation and, in some instances, subject us to potential liability that is not contractually limited.
Our business and operations have experienced growth, and if we do not appropriately manage any future growth, including through the expansion of our real estate holdings, or are unable to improve our systems and processes, our operating results will be negatively affected.
Our business has grown over the last several years. We rely heavily on information technology and accounting systems to help manage critical functions such as order processing, revenue recognition, financial forecasts, inventory and supply chain management and trade compliance reviews. Certain of these systems were developed by us for our internal use and, as such, may have a higher risk of failure or not receive the same level of support as systems purchased from and supported by external technology companies. In addition, we have been slow to adopt and implement certain automated functions, which could have a negative impact on our business. For example, a large part of our order processing relies on manual data entryof customer purchase orders received through email and, to a lesser extent, through electronic data interchangefrom our customers. Combined with the fact that we may receive a large amount of our orders in the last few weeks of any given quarter, an interruption in our email service or other systems could result in delayed order fulfillment and decreased billings and revenue for that quarter.
To manage any future growth effectively, we must continue to improve and expand our information technology and financial, operating and administrative systems and controls, and continue to manage headcount, capital and processes in an efficient manner. We may not be able to successfully implement requisite improvements to these systems, controls and processes, such as system capacity, access and change management controls, in a timely or efficient manner. Our failure to improve our systems and processes, or their failure to operate in the intended manner, whether as a result of the significant growthCOVID-19 pandemic, as mitigation and containment measures adopted by government authorities to contain the spread of our business or otherwise, may result in our inability to manage the growth of our business and to accurately forecast our revenue, expenses and earnings, or to prevent certain losses. Moreover, the failure of our systems and processes could undermine our ability to provide accurate, timely and reliable reports on our financial and operating results and could impact the effectiveness of our internal control over financial reporting. In addition, our systems and processes may not prevent or detect all errors, omissions or fraud. Our productivity and the quality of our products and services may also be adversely affected if we do not integrate and train our new employees quickly and effectively. Any future growth would add complexity to our organization and require effective coordination throughout our organization. Failure to manage any future growth effectively could result in increased costs and harm our results of operations.
We have expanded our office real estate holdings to meet our projected growing need for office space. We purchased office buildings in Ottawa and Burnaby, Canada in 2017, and we have purchased various small buildings adjacent to our Sunnyvale headquarters as we expand our headquarters in Sunnyvale, California. These plans will require significant capital expenditure over the next several years and involve certain risks,COVID-19, including impairment charges and acceleration of depreciation, changes in future business strategy that may decrease the need for expansion (such as a decrease in headcount) and, risks related to construction. Future changes in growth or fluctuations in cash flow may also negatively impact our ability to pay for these projects or free cash flow. Additionally, inaccuracies in our projected capital expenditures could negatively impact our business, operating results and financial condition.
We may experience difficulties maintaining and expanding our ERP and CRM systems.
The maintenance of our ERP and CRM systems has required, and will continue to require, the investment of significant financial and human resources. In addition, we may choose to upgrade or expand the functionality of our ERP and CRM systems, leading to additional costs. We may also discover deficiencies in our design or maintenance of the ERP or CRM systems that could adversely affect our ability to process orders, ship products, provide services and customer support, send invoices and track payments, fulfill contractual obligations, accurately maintain books and records, provide accurate, timely and reliable reports on our financial and operating results, or otherwise operate our business. Additionally, if the system does not operate as intended, the effectiveness of our internal control over financial reporting could be adversely affected or our ability to assess it adequately could be delayed. Further, we recently implemented new systems to comply with the new revenue recognition standard and may further expand the scope of our ERP and CRM systems. Our operating results may be adversely affected if these upgrades or expansions are delayed or if the systems do not function as intended or are not sufficient to meet our revenue recognition accounting requirements.
If our estimates or judgments relating to our critical accounting policies are based on assumptions that change or prove to be incorrect, our operating results could fall below expectations of securities analysts and investors, resulting in a decline in our stock price.
The preparation of financial statements in conformity with generally accepted accounting principles requires management to make estimates and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, as provided in “Management’s Discussion and Analysis of Financial Condition and Results of Operations” in this Annual Report on Form 10-K, the results of which form the basis for making judgments about the carrying values of assets and liabilities that are not readily apparent from other sources. Additionally, in connection with adopting and implementing the new revenue accounting standard, management will make judgments and assumptions based on our interpretation of the new standard. The new revenue standard is principles based and interpretation of those principles may vary from company to company based on their unique circumstances. It is possible that interpretation, industry practice and guidance may evolve as we work toward implementing the new standard. Our operating results may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our operating results to fall below the expectations of securities analysts and investors, resulting in a decline in our stock price. Significant assumptions and estimates used in preparing our consolidated financial statements include those related to revenue recognition and sales return reserves, stock-based compensation expense, valuation of inventory, investments, accounting for business combination, goodwilltravel restrictions and other long-lived assets, restructuring, accounting for income taxes, and litigation and settlement costs.
We offer retroactive price protection to certain of our major distributors, and if we fail to balance their inventory with end-customer demand for our products, our allowance for price protection may be inadequate, which could adversely affect our results of operations.
We provide certain of our major distributors with price protection rights for inventories of our products held by them. If we reduce the list price of our products, certain distributors receive refunds or credits from us that reduce the price of such products held in their inventory based upon the new list price. Future credits for price protection will depend on the percentage of our price reductions for the products in inventory and our ability to manage the levels of our major distributors’ inventories. If future price protection adjustments are higher than expected, our future results of operations could be materially and adversely affected.
Because we depend on several third-party manufacturers to build our products, we are susceptible to manufacturing delays that could prevent us from shipping customer orders on time, if at all, and may result in the loss of sales and customers, and third-party manufacturing cost increases could result in lower gross margins and free cash flow.
We outsource the manufacturing of our security appliance products to contract manufacturing partners and original design manufacturing partners including Micro-Star International Co., Ltd., Wistron Corporation, Flex Ltd., Senao Networks, Inc., ADLINK Technology, Inc. and a number of manufacturers located in Taiwan and other countries outside the United States. Our reliance on our third-party manufacturers in Asia and elsewhere reduces our control over the manufacturing process, exposing us to risks, including reduced control over quality assurance and product costs, supply and timing. Any manufacturing disruption by our third-party manufacturers could impair our ability to fulfill orders. If we are unable to manage our relationships with these third-party manufacturers effectively, or if these third-party manufacturers experience delays, increased manufacturing lead-times, disruptions, capacity constraints or quality control problems in their manufacturing operations, or fail to meet our future requirements for timely delivery, our ability to ship products to our customers could be impaired and our business would be seriously harmed.
These manufacturers fulfill our supply requirements on the basis of individual purchase orders. We have no long-term contracts or arrangements with our third-party manufacturers that guarantee capacity, the continuation of particular payment terms or the extension of credit limits. Accordingly, they are not obligated to continue to fulfill our supply requirements, and the prices we are charged for manufacturing services could be increased on short notice. If we are required to change third-party manufacturers, our ability to meet our scheduled product deliveries to our customers would be adversely affected, which could cause the loss of sales and existing or potential customers, delayed revenue or an increase in our costs, which could adversely affect our gross margins. Our individual product lines are generally manufactured by only one manufacturing partner. Any production or shipping interruptions for any reason, such as a natural disaster, epidemic, capacity shortages, quality problems or strike or other labor disruption at one of our manufacturing partners or locations or at shipping ports or locations, would severely affect sales of our product lines manufactured by that manufacturing partner. Furthermore, manufacturing cost increases for any reason could result in lower gross margins.
Our proprietary SPU, which is the key to the performance of our appliances, is built by contract manufacturers including Faraday, MegaChips Corporation and Renesas. These contract manufacturers use foundries operated by UMC, TSMC or Renesas on a purchase-order basis, and these foundries do not guarantee their capacity and could reject orders or increase their pricing. Accordingly, the foundries are not obligated to continue to fulfill our supply requirements, and due to the long lead time that a new foundry would require, we could suffer temporary or long-term inventory shortages of our SPU as well as increased costs. In addition to our proprietary SPU, we also purchase off-the-shelf ASICs from vendors for which we have experienced, and may continue to experience, long lead times. Our suppliers may also prioritize orders by other companies that order higher volumes or more profitable products. If any of these manufacturers materially delays its supply of ASICs or specific product models to us, or requires us to find an alternate supplier and we are not able to do so on a timely and reasonable basis, or if these foundries materially increase their prices for fabrication of our ASICs, our business would be harmed.
In addition, our reliance on third-party manufacturers and foundries limits our control over environmental regulatory requirements such as the hazardous substance content of our products and therefore our ability to ensure compliance with the Restriction of Hazardous Substances Directive (the “EU RoHS”) adopted in the European Union (the “EU”) and other similar laws. It also exposes us to the risk that certain minerals and metals, known as “conflict minerals,” that are contained in our products have originated in the Democratic Republic of the Congo or an adjoining country. As a result of the passage of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (“Dodd-Frank”), the SEC adopted disclosure requirements for public companies whose products contain conflict minerals that are necessary to the functionality or production of such products. Under these rules, we are required to obtain sourcing data from suppliers, perform supply chain due diligence, and file annually with the SEC a specialized disclosure report on Form SD covering the prior calendar year. Although the SEC has provided guidance with respect to a portion of the conflict minerals filing requirements that somewhat reduced the reporting required, we have incurred and expect to incur additional costs to comply with the rules, including costs related to efforts to determine the origin, source and chain of custody of the conflict minerals used in our products and the adoption of conflict minerals-related governance policies, processes and controls. Moreover, the implementation of these compliance measures could adversely affect the sourcing, availability and pricing of materials used in the manufacture of our products to the extent that there may be only a limited number of suppliers that are able to meet our sourcing requirements. There can be no assurance that we will be able to obtain such materials in sufficient quantities or at competitive prices. We may also encounter customers who require that all of the components of our products be certified as conflict-free. If we are not able to meet customer requirements, such customers may choose to not purchase our products, which could impact our sales and the value of portions of our inventory.
Because some of the key components in our products come from limited sources of supply, we are susceptible to supply shortages, long lead times for components, and supply changes, each of which could disrupt or delay our scheduled product deliveries to our customers, result in inventory shortage, cause loss of sales and customers or increase component costs resulting in lower gross margins and free cash flow.
We and our contract manufacturers currently purchase several key parts and components used in the manufacture of our products from limited sources of supply. We are therefore subject to the risk of shortages and long lead times in the supply of these components and the risk that component suppliers discontinue or modify components used in our products. We have in the past experienced, and are currently experiencing, shortages and long lead times for certain components. Certain of our limited source components for particular appliances and suppliers of those components include: specific types of CPUs from Intel, network chips from Broadcom, Marvell and Intel, and memory devices from Intel, ADATA, OCZ, Samsung and Western Digital. We also may face shortages in the supply of the capacitors and resistors that are used in the manufacturing of our products. The introduction by component suppliers of new versions of their products, particularly if not anticipated by us or our contract manufacturers, could require us to expend significant resources to incorporate these new components into our products. In addition, if these suppliers were to discontinue production of a necessary part or component, we would be required to expend significant resources and time in locating and integrating replacement parts or components from another vendor. Qualifying additional suppliers for limited source parts or components can be time-consuming and expensive.
Our manufacturing partners have experienced long lead times for the purchase of components incorporated into our products. Lead times for components may be adversely impacted by factors outside of our control, such as natural disasters and other factors. Our reliance on a limited number of suppliers involves several additional risks, including:
a potential inability to obtain an adequate supply of required parts or components when required;
financial or other difficulties faced by our suppliers;
infringement or misappropriation of our intellectual property;
price increases;
failure of a component to meet environmental or other regulatory requirements;
failure to meet delivery obligations in a timely fashion; and
failure in component quality.
The occurrence of any of these events would be disruptive to us and could seriously harm our business. Any interruption or delay in the supply of any of these parts or components, or the inability to obtain these parts or components from alternate sources at acceptable prices and within a reasonable amount of time, would harm our ability to meet our scheduled product deliveries to our distributors, resellers and end-customers. This could harm our relationships with our channel partners and end-customers and could cause delays in shipment of our products and adversely affect our results of operations. In addition, increased component costs could result in lower gross margins.
We are exposed to fluctuations in currency exchange rates, which could negatively affect our financial condition and results of operations.
A significant portion of our operating expenses are incurred outside the United States. These expenses are denominated in foreign currencies and are subject to fluctuations due to changes in foreign currency exchange rates, particularly changes in the Euro and Canadian dollar and, to a lesser extent, the British pound. Additionally, fluctuations in the exchange rate of the Canadian dollar may negatively impact our development plans in Burnaby, Canada. While we are not currently engaged in material hedging activities, we have been hedging currency exposures relating to certain balance sheet accounts through the use of forward exchange contracts. If we stop hedging against any of these risks or if our attempts to hedge against these currency exposures are not successful, our financial condition and results of operations could be adversely affected. Our sales contracts are primarily denominated in U.S. dollars and therefore, while substantially all of our revenue is not subject to foreign currency risk, it does not serve as a hedge to our foreign currency-denominated operating expenses. In addition, a strengthening of the U.S. dollar may increase the real cost of our products to our customers outside of the United States, which may also adversely affect our financial condition and results of operations.
Failure to comply with laws and regulations applicable to our business could subject us to fines and penalties and could also cause us to lose end-customers in the public sector or negatively impact our ability to contract with the public sector.
Our business is subject to regulation by various federal, state, local and foreign governmental agencies, including agencies responsible for monitoring and enforcing employment and labor laws, workplace safety, product safety, product labeling, environmental laws, consumer protection laws, anti-bribery laws, data privacy laws, import and export controls, federal securities laws and tax laws and regulations. In certain jurisdictions, these regulatory requirements may be more stringent than in the United States. Noncompliance with applicable regulations or requirements could subject us to investigations, sanctions, enforcement actions, disgorgement of profits, fines, damages and civil and criminal penalties or injunctions. If any governmental sanctions are imposed, or if we do not prevail in any possible civil or criminal litigation, our business, operating results and financial condition could be adversely affected. In addition, responding to any action will likely result in a significant diversion of management’s attention and resources and an increase in professional fees. Enforcement actions and sanctions could harm our business, operating results and financial condition.
For example, with respect to data privacy, in April 2016, the European Parliament approved the General Data Protection Regulation (the “GDPR”), which will come into effect in May 2018 and supersede current EU data protection regulations. The GDPR will impose stringent data handling requirements on companies that receive or process personal data of residents of the EU, and non-compliance with the GDPR could result in significant penalties, including data protection audits and heavy fines. Compliance with, and the other burdens imposed by, the GDPR may limit our ability to operate or expand our business in Europe and could adversely impact our operating results. Any noncompliance with the GDPR, whether perceived or actual, could also adversely impact our operating results.
Selling our solutions to the U.S. government, whether directly or through channel partners, also subjects us to certain regulatory and contractual requirements. Failure to comply with these requirements by either us or our channel partners could subject us to investigations, fines, other penalties and damages, which could have an adverse effect on our business, operating results, financial condition and prospects. As an example, the U.S. Department of Justice (the “DOJ”), on its own behalf or on behalf of the General Services Administration (the “GSA”), as well as individuals, has in the past pursued claims against, reached financial settlements with or otherwise obtained damages from companies that sell electronic equipment and from IT vendors under the False Claims Act and other statutes related to pricing, discount practices and compliance with laws related to sales to the federal government, such as the Trade Agreements Act. The DOJ continues to actively pursue such claims. Violations of certain regulatory and contractual requirements could also result in us being suspended or debarred fromfuture government contracting. Any of these outcomes could have an adverse effect on our revenue, operating results, financial condition and prospects. See Part I, Item 3 of this Annual Report on Form 10-K for more information on our legal proceedings.
These laws and regulations impose added costs on our business, and failure to comply with these or other applicable regulations and requirements, including non-compliance in the past, could lead to claims for damages from our channel partners, penalties, termination of contracts, loss of exclusive rights in our intellectual property and temporary suspension or permanent debarment from government contracting. Any such damages, penalties, disruptions or limitations in our ability to do business with the public sector could have an adverse effect on our business and operating results.
We are subject to governmental export and import controls that could subject us to liability or restrictions on sales, and could impair our ability to compete in international markets.
Because we incorporate encryption technology into our products, certain of our products are subject to U.S. export controls and may be exported outside the United States only with the required export license or through an export license exception, and may be prohibited altogether from export to certain countries. If we were to fail to comply with U.S. export laws, U.S. Customs regulations and import regulations, U.S. economic sanctions and other countries’ import and export laws, we could be subject to substantial civil and criminal penalties, including fines for the company and incarceration for responsible employees and managers, and the possible loss of export or import privileges. In addition, if our channel partners fail to obtain appropriate import, export or re-export licenses or permits (e.g. for stocking orders placed by our partners), we may also be adversely affected through reputational harm and penalties and we may not be able to provide support related to appliances shipped pursuant to such orders. Obtaining the necessary export license for a particular sale may be time-consuming and may result in the delay or loss of sales opportunities.
Furthermore, U.S. export control laws and economic sanctions prohibit the shipment of certain products to U.S. embargoed or sanctioned countries, governments and persons. Even though we take precautions to prevent our product from being shipped to U.S. sanctions targets, our products could be shipped to those targets by our channel partners, despite such precautions. Any such shipment could have negative consequences including government investigations and penalties and reputational harm. In addition, various countries regulate the import of certain encryption technology, including import permitting and licensing requirements, and have enacted laws thatin-person meetings, could limit our ability to distribute our products or could limit our customers’ ability to implement our products in those countries. Changes in our products or changes in exportestablish and import regulations may create delays in the introduction of our products in international markets, prevent ourmaintain relationships with new and existing customers with international operations from deploying our products globally or, in some cases, prevent the export or import of our products to certain countries, governments or persons altogether. Any change in export or import regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential customers with international operations. Any decreased use of our products or limitation on our ability to export or sell our products would likely adverselyand negatively affect our business, financial conditionsales and results of operations.marketing efforts.
Efforts to withdraw from or materially modify NAFTA or other international trade agreements, to change tax provisions related to global manufacturing and sales or to impose new tariffs, economic sanctions or related legislation, any of which could our adversely affect our financial condition and results of operations.
Our business benefits from free trade agreements, such as the North American Free Trade Agreement (“NAFTA”), and we also rely on various U.S. corporate tax provisions related to international commerce, as we develop, market and sell our products and services globally. Efforts to withdraw from or materially modify NAFTA or other international trade agreements, or to change corporate tax policy related to international commerce, could adversely affect our financial condition and results of operations as could the continuing uncertainty regarding whether such actions will be taken. Moreover, efforts to implement changes related to export or import regulations (including the imposition of new border taxes or tariffs on foreign imports), economic sanctions or related policies. Any modification in these areas, any shift in the enforcement or scope of existing regulations or any change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential end-customers with international operations and could result in increased costs. Any decreased use of our products or limitation on our ability to export or sell our products would likely adversely affect our business, financial condition and results of operations.
If we fail to comply with environmental requirements, our business, financial condition, operating results and reputation could be adversely affected.
We are subject to various environmental laws and regulations, including laws governing the hazardous material content of our products, laws relating to our real property and future expansion plans and laws concerning the recycling of electrical and electronic equipment. The laws and regulations to which we are subject include the EU RoHS and the EU Waste Electrical and Electronic Equipment Directive (the “WEEE Directive”), as well as the implementing legislation of the EU member states. Similar laws and regulations have been passed or are pending in China, South Korea, Norway and Japan and may be enacted in other regions, including in the United States, and we are, or may in the future be, subject to these laws and regulations.
The EU RoHS and the similar laws of other jurisdictions ban the use of certain hazardous materials such as lead, mercury, cadmium and certain plastic additives in the manufacture of electrical equipment, including our products. We have incurred costs to comply with these laws, including research and development costs, costs associated with assuring the supply of compliant components and costs associated with writing off noncompliant inventory. We expect to continue to incur costs related to environmental laws and regulations in the future. With respect to the EU RoHS, we and our competitors rely on exemptions for lead and other substances in network infrastructure equipment. It is possible this exemption will be revoked in the future. Additionally, although we have filed for an extension, it is possible that this exemption may expire in the future without being extended. If this exemption is revoked or expires without extension, if there are other changes to these laws (or their interpretation) or if new similar laws are passed in other jurisdictions, we may be required to reengineer our products to use components compatible with these regulations. This reengineering and component substitution could result in additional costs to us or disrupt our operations or logistics.
The EU has also adopted the WEEE Directive, which requires electronic goods producers to be responsible for the collection, recycling and treatment of such products. Although currently our EU international channel partners are responsible for the requirements of this directive as the importer of record in most of the European countries in which we sell our products, changes in interpretation of the regulations may cause us to incur costs or have additional regulatory requirements in the future to meet in order to comply with this directive, or with any similar laws adopted in other jurisdictions.
Our failure to comply with these and future environmental rules and regulations could result in reduced sales of our products, increased costs, substantial product inventory write-offs, reputational damage, penalties and other sanctions.
A portion of our revenue is generated by sales to government organizations, which are subject to a number of challenges and risks.
Sales to U.S. and foreign federal, state and local governmental agency end-customers have accounted for a portion of our revenue in past periods, and we may in the future increase sales to government organizations.periods. Sales to government organizations are subject to a number of risks. Selling to government organizations can be highly competitive, expensive and time consuming, often requiring significant upfront time and expense, with long sales cycles and without any assurance of winning a sale.
Government demand, sales and payment for our products and services may be negatively impacted by numerous factors and requirements unique to selling to government agencies, such as:
•public sector budgetary cycles;
•funding authorizations and requirements unique to government agencies, with funding or purchasing reductions or delays adversely affecting public sector demand for our products;
•geopolitical matters;matters, including tariff and trade disputes, government shutdowns and trade protectionism and other political dynamics that may adversely affect our ability to sell in certain locations or obtain the requisite permits and clearances required for certain purchases by government organizations of our products and services; and
•rules and regulations applicable to certain government sales, including GSA regulations.
Government spending may also be negatively impacted by the COVID-19 pandemic.
The rules and regulations applicable to sales to government organizations may also negatively impact sales to other organizations. To date, we have had limited traction in sales to U.S. federal government agencies, and any future sales to government organizations is uncertain. Government organizations may have contractual or other legal rights to terminate contracts with our distributors and resellers for convenience or due to a default, and any such termination may adversely impact our future results of operations. For example, if the distributor receives a significant portion of its revenue from sales to such government organization, the financial health of the distributor could be substantially harmed, which could negatively affect our future sales to such distributor. Governments routinely investigate, review and audit government vendors’ administrative and other processes, and any unfavorable investigation, audit, or other review or unfavorable determination related to any government clearance of certification could result in the government’s refusing to continue buying our products and services, a limitation and reduction of government purchases of our products and services, a reduction of revenue or fines, or civil or criminal liability if the investigation, audit or other review uncovers improper, illegal or otherwise concerning activities. Any such penalties could adversely impact our results of operations in a material way. Further, any refusal to grant certain certifications or clearances by one government agency, or decision by one government agency that our products do not meet certain standards, may cause reputational harm and cause concern with other government agencies, governments and businesses and cause them to not buy our products and services and/or lead to a decrease in demand for our products generally. Finally, purchases by the U.S. government may require certain products to be manufactured in the United States and other high cost manufacturing locations, and we may not manufacture all products in locations that meet the requirements of the U.S. government.government and may not successfully obtain all certifications or clearances required for certain U.S. government purchases.
Risks Related to Our Industry, Customers, Products and Services
We face intense competition in our business.
Our FortiGuard security subscription servicesmarket and we may falsely detect, report and act on viruseslack sufficient financial or other threats that do not actually exist. This risk is heightened by the inclusion of a “heuristics” feature in our products, which attempts to identify viruses and other threats not based on any known signatures but based on characteristics or anomalies that may indicate that a particular item is a threat. When our end-customers enable the heuristics feature in our products, the risk of falsely identifying viruses and other threats significantly increases. These false positives, while typical in the industry, may impair the perceived reliability of our products and may therefore adversely impact market acceptance of our products. Also, our FortiGuard security subscription services may falsely identify emails or programs as unwanted spam or potentially unwanted programs, or alternatively fail to properly identify unwanted emails or programs, particularly as spam emails or spyware are often designed to circumvent anti-spam or spyware products. Parties whose emails or programs are blocked by our products may seek redress against us for labeling them as spammers or spyware, or for interfering with their business. In addition, false identification of emails or programs as unwanted spam or potentially unwanted programs may reduce the adoption of our products. If our system restricts important files or applications based on falsely identifying them as malware or some other item that should be restricted, this could adversely affect end-customers’ systems and cause material system failures. In addition, our threat researchers periodically identify vulnerabilities in various third-party products, and, if these identifications are perceived to be incorrect or are in fact incorrect, this could harm our business. Any such false identification or perceived false identification of important files, applications or vulnerabilities could result in negative publicity, loss of end-customers and sales, increased costs to remedy any problem and costly litigation.
If our internal network system or our website is compromised, public perception of our products and services will be harmed, we may become subject to liability, and our business, operating results and stock price may be adversely impacted.
Our success depends on the market’s confidence in our ability to provide effective network security protection. Despite our efforts and processes to prevent breaches of our internal network system and website, we are still vulnerable to computer viruses, break-ins, phishing attacks, attempts to overload our servers with denial-of-service and other cyber-attacks and similar disruptions from unauthorized access to our internal network system or our website. Our security measures may also be breached due to employee error, malfeasance or otherwise, and third parties may attempt to fraudulently induce our employees to transfer funds or disclose information in order to gain access to our network and confidential information. We cannot guarantee that the measures we have taken to protect our network and website will provide absolute security. Moreover, because we provide network security products, we may be a more attractive target for attacks by computer hackers. Although we have not yet experienced significant damages from unauthorized access by a third party of our internal network or website, an actual or perceived breach of network security occurs in our internal systems or website could adversely affect the market perception of our products and services and investor confidence in our company. Any breach of our network system or website could impair our ability to operate our business, including our ability to provide FortiGuard security subscription and FortiCare technical support services to our end-customers, lead to interruptions or system slowdowns, cause loss of critical data or lead to the unauthorized disclosure or use of confidential, proprietary or sensitive information. We could also be subject to liability and litigation and reputational harm and our channel partners and end-customers may be harmed, lose confidence in us and decrease or cease using our products and services. Any breach of our internal network system or our website could have an adverse effect on our business, operating results and stock price.
Our ability to sell our products is dependent on the quality of our technical support services, and our failure to offer high quality technical support services would have a material adverse effect on our sales and results of operations.
Once our products are deployed within our end-customers’ networks, our end-customers depend on our technical support services, as well as the support of our channel partners and other third parties, to resolve any issues relating to our products. If we, our channel partners or other third parties do not effectively assist our customers in deploying our products, succeed in helping our customers quickly resolve post-deployment issues and provide effective ongoing support, our ability to sell additional products and services to existing customers would be adversely affected and our reputation with potential customers could be damaged. Many large end-customers, and service provider or government organization end-customers, require higher levels of support than smaller end-customers because of their more complex deployments and more demanding environments and business models. If we, our channel partners or other third parties fail to meet the requirements of our larger end-customers, it may be more difficult to execute on our strategy to increase our penetration with large businesses, service providers and government organizations. As a result, our failureresources to maintain high quality support services would have a material adverse effect on our business, financial condition and results of operations.
We could be subject to changes in our tax rates, the adoption of new U.S. or international tax legislation or exposure to additional tax liabilities.
We are subject to taxes in the United States and numerous foreign jurisdictions, where a number of our subsidiaries are organized. Our provision for income taxes is subject to volatility and could be adversely affected by several factors, many of which are outside of our control, including:
earnings being lower than anticipated in countries that have lower tax rates or higher than anticipated in countries that have higher tax rates;
the mix of earnings in countries with differing statutory tax rates or withholding taxes;
changes in the valuation of our deferred tax assets and liabilities;
transfer pricing adjustments;
an increase in non-deductible expenses for tax purposes, including certain stock-based compensation expense, write-offs of acquired in-process research and development and impairment of goodwill;
tax costs related to intercompany realignments;
tax assessments resulting from income tax audits or any related tax interest or penalties that could significantly affect our provision for income taxes for the period in which the settlement takes place;
a change in our decision to indefinitely reinvest foreign earnings;
changes in accounting principles;
court decisions, tax rulings and interpretations of tax laws, and regulations by international, federal or local governmental authorities; or
changes in tax laws and regulations.
Significant judgment is required to determine the recognition and measurement attribute prescribed in the Financial Accounting Standards Board standard. In addition, the standard applies to all income tax positions, including the potential recovery of previously paid taxes, which, if settled unfavorably, could adversely impact our provision for income taxes or additional paid-in capital. Further, as a result of certain of our ongoing employment and capital investment actions and commitments, our income in certain foreign countries is subject to reduced tax rates. Our failure to meet these commitments could adversely impact our provision for income taxes.
In addition, we have open tax years that could be subject to the examination by the Internal Revenue Service (the “IRS”) and other tax authorities. Tax authorities in France are currently examining the inter-company relationship between Fortinet, Inc., Fortinet France and Fortinet Singapore. In April 2017, we received a notice from the French tax authorities that an audit was officially opened for tax years from 2007 to 2015. We regularly assess the likelihood of adverse outcomes resulting from such examinations to determine the adequacy of our provision for income taxes.
Although we believe that our estimates are reasonable, the ultimate tax outcome may differ from the amounts recorded in our consolidated financial statements and may materially affect our financial results in the period or periods for which such determination is made.
In December 2017, the U.S. federal government enacted the Tax Cuts and Jobs Act (the “2017 Tax Act”). The 2017 Tax Act significantly changed the existing U.S. corporate income tax laws by, among other things, lowering the corporate tax rate, implementing a territorial tax system and imposing a one-time deemed repatriation tax on cumulative undistributed foreign earnings, for which we have not previously recognized U.S. income taxes. Given the timing, scope and magnitude of the changes enacted by the 2017 Tax Act, along with ongoing implementation efforts, guidance and other developments from U.S. regulatory and standard-setting bodies, the completion of the accounting for certain tax items included in Note 12 to the consolidated financial statements that have been reported as provisional, or where no estimate of the impact was provided as a result of us not having the necessary information, may be subject to material change. Any significant changes to our future effective tax rate, including final resolution of provisional amounts relating to effects of the 2017 Tax Act, may result in a material adverse effect on our business, financial condition, results of operations or cash flows. For example, in the fourth quarter of 2017, we provisionally recorded a $47.9 million expense on the remeasurement of deferred tax assets due to the reduction of the federal corporate income tax rate, and a $15.2 million expense for the one-time transition tax on the deemed repatriation related to the 2017 Tax Act. We will continue to monitor and assess the impact of the 2017 Tax Act and the ongoing guidance and accounting interpretations issued in response to the 2017 Tax Act.
Although we currently do not have a valuation allowance, we may in the future be required to establish one. We will continue to assess the need for a valuation allowance on the deferred tax assets by evaluating both positive and negative evidence that may exist.
Forecasting our estimated annual effective tax rate is complex and subject to uncertainty, and there may be material differences between our forecasted and actual tax rates.
Forecasts of our income tax position and effective tax rate are complex, subject to uncertainty and periodic updates because our income tax position for each year combines the effects of a mix of profits earned and losses incurred by us in various tax jurisdictions with a broad range of income tax rates, as well as changes in the valuation of deferred tax assets and liabilities, the impact of various accounting rules and changes to these rules and tax laws, the results of examinations by various tax authorities, and the impact of any acquisition, business combination or other reorganization or financing transaction. To forecast our global tax rate, we estimate our pre-tax profits and losses by jurisdiction and forecast our tax expense by jurisdiction. If the mix of profits and losses, our ability to use tax credits or effective tax rates in a given jurisdiction differs from our estimate, our actual tax rate could be materially different than forecasted, which could have a material impact on our results of business, financial condition and results of operations. Additionally, our actual tax rate may be subject to further uncertainty due to potential changes in U.S. and foreign tax rules.
As a multinational corporation, we conduct our business in many countries and are subject to taxation in many jurisdictions. The taxation of our business is subject to the application of multiple and sometimes conflicting tax laws and regulations, as well as multinational tax conventions. Our effective tax rate is highly dependent upon the geographic distribution of our worldwide earnings or losses, the tax regulations and tax holidays in each geographic region, the availability of tax credits and carryforwards and the effectiveness of our tax planning strategies. The application of tax laws and regulations is subject to legal and factual interpretation, judgment and uncertainty. Tax laws themselves are subject to change as a result of changes in fiscal policy, changes in legislation and the evolution of regulations and court rulings. Consequently, taxing authorities may impose tax assessments or judgments against us that could materially impact our tax liability and/or our effective income tax rate.
The Organisation for Economic Co-operation and Development (the “OECD”) has been working on a Base Erosion and Profit Sharing Project, commonly known as BEPS. As part of this project, the OECD has issued and continues to issue guidelines and proposals that change various aspects of the existing framework under which our tax obligations are determined in many of the countries in which we do business. Due to our extensive international business activities, any changes in the taxation of such activities could increase our tax obligations in many countries and may increase our worldwide effective tax rate.
Our inability to acquire and integrate other businesses, products or technologies could seriously harmimprove our competitive position.
In orderThe market for network security products is intensely competitive and we expect competition to remain competitive, we may seek to acquire additional businesses, products, technologies or intellectual property,intensify in the future. We face many competitors across the different cybersecurity markets. Our competitors include companies such as patents. ForBarracuda, Check Point, Cisco, CrowdStrike, F5 Networks, FireEye, Forcepoint, Imperva, Juniper, McAfee, Palo Alto Networks, Proofpoint, SonicWALL, Sophos, Trend Micro and Zscaler.
Some of our existing and potential competitors enjoy competitive advantages such as:
•greater name recognition and/or longer operating histories;
•larger sales and marketing budgets and resources;
•broader distribution and established relationships with distribution partners and end-customers;
•access to larger customer bases;
•greater customer support resources;
•greater resources to make acquisitions;
•stronger U.S. government relationships;
•lower labor and development costs; and
•substantially greater financial, technical and other resources.
In addition, certain of our larger competitors have broader product offerings, and leverage their relationships based on other products or incorporate functionality into existing products in a manner that discourages customers from purchasing our products. These larger competitors often have broader product lines and market focus, and are in a better position to withstand any possible future acquisition, we maysignificant reduction in capital spending by end-customers in these markets. Therefore, these competitors will not be successfulas susceptible to downturns in negotiating the termsa particular market. Also, many of the acquisition, financing the acquisition, or effectively integrating the acquired business, product, technology or intellectual property and sales force into our existing business and operations. We may have difficulty incorporating acquired technologies, intellectual property or products with our existing product lines, integrating reporting systems and procedures, and maintaining uniform standards, controls, procedures and policies. For example, we may experience difficulties integrating an acquired company’s ERP or CRM systems, sales support and other processes and systems, with our current systems and processes. Our due diligence may fail to identify allsmaller competitors that specialize in providing protection from a single type of the problems, liabilities or other shortcomings or challenges of an acquired business, product or technology, including issues with intellectual property, product quality or product architecture, regulatory compliance practices, revenue recognition or other accounting practices or employee or customer issues, and we may not accurately forecast the financial impact of an acquisition. In addition, any acquisitions wesecurity threat are often able to complete may be dilutive to revenue growth and earnings and may not result in any synergies or other benefits we had expected to achieve, which could result in impairment charges that could be substantial. We may have to pay cash, incur debt or issue equity securities to pay for any acquisition, each of which could affect our financial condition or the value of our capital stock and could result in dilution to our stockholders. Acquisitions during a quarter may result in increased operating expenses and adversely affect our results of operations for that period or future periods compareddeliver these specialized security products to the results thatmarket more quickly than we have previously forecasted or achieved. Further, completing a potential acquisition and integrating acquired businesses, products, technologies or intellectual property could significantly divert management time and resources.can.
Our business is subject to the risks of warranty claims, product returns, product liability and product defects.
Our products are very complex and, despite testing prior to their release, have contained and may contain undetected defects or errors, especially when first introduced or when new versions are released. Product errors have affected the performance of our products and could delay the development or release of new products or new versions of products, adversely affect our reputation and our end-customers’ willingness to buy products from us and adversely affect market acceptance or perception of our products. Any such errors or delays in releasing new products or new versions of products or allegations of unsatisfactory performance could cause us to lose revenue or market share, increase our service costs, cause us to incur substantial costs in redesigning the products, cause us to lose significant end-customers, subject us to liability for damages and divert our resources from other tasks, any one of which could materially and adversely affect our business, results of operations and financial condition. Our products must successfully interoperate with products from other vendors. As a result, when problems occur in a network, it may be difficult to identify the sources of these problems. The occurrence of hardware and software errors, whether or not caused by our products, could delay or reduce market acceptance of our products and have an adverse effect on our business and financial performance, and any necessary revisions may cause us to incur significant expenses. The occurrence of any such problems could harm our business, financial condition and results of operations.
Although we generally have limitation of liability provisionsConditions in our standard termsmarkets could change rapidly and conditions of sale, they may not fully or effectively protect us from claimssignificantly as a result of federal, statetechnological advancements or local lawscontinuing market consolidation. Our competitors and potential competitors may also be able to develop products or ordinances or unfavorable judicial decisions in the United States or other countries,services, and in some circumstances we may be required to indemnify a customer in full, without a limitation on liability, for certain liabilities, including potential liabilitiesleverage new business models, that are not contractually limited. The sale and supportequal or superior to ours, achieve greater market acceptance of our products also entail the risk of product liability claims. We maintain insurance to protect against certain claims associated with the use of our products, but our insurance coverage may not cover such claim at all or may not adequately cover any claim asserted against us, and in some instances may subject us to potential liability that is not contractually limited. In addition, even claims that ultimately are unsuccessful could result in our expenditure of funds in litigation and divert management’s time and other resources.
Our business is subject to the risks of earthquakes, fire, power outages, floods and other catastrophic events, and to interruption by manmade problems such as civil unrest, labor disruption and terrorism.
A significant natural disaster, such as an earthquake, fire, power outage, flood or other catastrophic event, could have a material adverse impact on our business, operating results and financial condition. Our corporate headquarters are located in the San Francisco Bay Area, a region known for seismic activity, and our research and development and data center in Burnaby, Canada, from which we deliver customers our FortiGuard security subscription updates, is subject to the risk of flooding and is also in a region known for seismic activity. In addition, natural disasters could affect our manufacturing vendors, suppliers or logistics providers’ ability to perform services, such as obtaining product components and manufacturing products, or assisting with shipments, on a timely basis, as well as our customers’ ability to order from us and our employees’ ability to perform their duties. In the event our or our service providers’ information technology systems or manufacturing or logistics abilities are hindered by any of the events discussed above, shipments could be delayed, resulting in our missing financial targets, such as revenue and shipment targets, for a particular quarter. In addition, regional instability, civil unrest, labor disruptions, acts of terrorism and other geo-political unrest could cause disruptions in our business or the business of our manufacturers, logistics providers, partners or end-customers, or of the economy as a whole. Given our typical concentration of sales at the end of each quarter, any disruption in the business of our manufacturers, logistics providers, partners or end-customers that impacts sales at the end of our quarter could have a significant adverse impact on our quarterly results. To the extent that any of the above results in security risks to our customers, delays or cancellations of customer orders or the delay of the manufacture, deployment or shipment of our products, our business, financial condition and results of operations would be adversely affected.
Risks Related to Our Industry
The network security market is rapidly evolving and the complex technology incorporated in our products makes them difficult to develop. If we do not accurately predict, prepare for and respond promptly to technological and market developments and changing end-customer needs, our competitive position and prospects will be harmed.
The network security market is expected to continue to evolve rapidly. Moreover, many of our end-customers operate in markets characterized by rapidly changing technologies and business plans, which require them to add numerous network access points and adapt increasingly complex networks, incorporating a variety of hardware, software applications, operating systems and networking protocols. In addition, computer hackers and others who try to attack networks employ increasingly sophisticated techniques to gain access to and attack systems and networks. The technology in our products is especially complex because it needs to effectively identify and respond to new and increasingly sophisticated methods of attack, while minimizing the impact on network performance. Additionally, some of our new products and enhancements may require us to develop new hardware architectures and ASICs that involve complex, expensive and time consuming research and development processes. For example, we enter into development agreements with third parties. If our contract development projects are not successfully completed, or are not completed in a timely fashion, our product development could be delayed and our business generally could suffer. Costs for contract development can be substantial and our profitability may be harmed if we are unable to recover these costs. Although the market expects rapid introduction of new products or product enhancements to respond to new threats, the development of these products is difficult and the timetable for commercial release and availability is uncertain and there can be long time periods between releases and availability of new products. We have in the past and may in the future experience unanticipated delays in the availability of new products and services, and failincrease sales by utilizing different distribution channels than we do. For example, certain of our competitors are focusing on delivering security services from the cloud. In addition, current or potential competitors may be acquired by third parties with greater available resources, and new competitors may arise pursuant to meet previously announced timetables foracquisitions of network security companies or divisions. As a result of such availability. If we do notacquisitions, competition in our market may continue to increase and our current or potential competitors might be able to adapt more quickly respondto new technologies and customer needs, devote greater resources to the rapidly changing and rigorous needspromotion or sale of our end-customers by developing and releasing and making available on a timely basis newtheir products and services, initiate or enhancements that can respond adequately to new security threats,withstand substantial price competition, take advantage of acquisition or other opportunities more readily, or develop and expand their product and service offerings more quickly than we do. In addition, our competitive position and business prospects will be harmed.
Moreover, business models based on software-as-a-service (“SaaS”) and infrastructure-as-a-service (“IaaS”), both of which are hosted or cloud-based services, have become increasingly in-demand by our end-customers and adopted by other providers, including our competitors. While we have introduced additional cloud-basedcompetitors may bundle products and services competitive with ours with other products and will continueservices. Customers may accept these bundled products and services rather than separately purchasing our products and services. As our customers refresh the security products bought in prior years, they may seek to do so, most ofconsolidate vendors, which may result in current customers choosing to purchase products from our platform is currently deployedcompetitors on premise, and therefore, if customers demand thatan ongoing basis. Due to budget constraints or economic downturns, organizations may be more willing to incrementally add solutions to their existing network security infrastructure from competitors than to replace it with our platform be provided through a SaaS or IaaS business model, we would be required to make additional investmentssolutions. These competitive pressures in our infrastructure and personnelmarket or our failure to be able to more fully provide our platform through a SaaS or IaaS model in order to maintain the competitiveness of our platform. Such investmentscompete effectively may involve expanding our data centers, servers and networks, and increasing our technical operations and engineering teams. These risks are compounded by the uncertainty concerning the future viability of SaaS and IaaS business models and the future demand for such models by customers. Additionally, if we are unable to meet the demand to provide our services through a SaaS or IaaS model, we may lose customers to competitors.
Our uniform resource locator (“URL”) database for our web filtering service may fail to keep pace with the rapid growth of URLs and may not categorize websites in accordance with our end-customers’ expectations.
The success of our web filtering service depends on the breadth and accuracy of our URL database. Although our URL database currently catalogs millions of unique URLs, it contains only a portion of the URLs for all of the websites that are available on the internet. In addition, the total number of URLs and software applications is growing rapidly, and we expect this rapid growth to continue in the future. Accordingly, we must identify and categorize content for our security risk categories at an extremely rapid rate. Our database and technologies may not be able to keep pace with the growth in the number of websites, especially the growing amount of content utilizing foreign languages and the increasing sophistication of malicious code and the delivery mechanisms associated with spyware, phishing and other hazards associated with the internet. Further, the ongoing evolution of the internet and computing environments will require us to continually improve the functionality, features and reliability of our web filtering function. Any failure of our databases to keep pace with the rapid growth and technological change of the internet could impair the market acceptance of our products, which in turn could harm our business, financial condition and results of operations.
In addition, our web filtering service may not be successful in accurately categorizing internet and application content to meet our end-customers’ expectations. We rely upon a combination of automated filtering technology and human review to categorize websites and software applications in our proprietary databases. Our end-customers may not agree with our determinations that particular URLs should be included or not included in specific categories of our databases. In addition, it is possible that our filtering processes may place material that is objectionable or that presents a security risk in categories that are generally unrestricted by our customers’ internet and computer access policies, which could result in such material not being blocked from the network. Conversely, we may miscategorize websites such that access is denied to websites containing information that is important or valuable to our customers. Any miscategorization could result inprice reductions, fewer customer dissatisfactionorders, reduced revenue and harm our reputation. Any failure to effectively categorizegross margins and filter websites according to our end-customers’ and channel partners’ expectations could impair the growthloss of our business.market share.
If our new products and product enhancements do not achieve sufficient market acceptance, our results of operations and competitive position will suffer.
We spend substantial amounts of time and money to researchacquire and develop internally new products and enhanced versions of our existing products in order to incorporate additional features, improved functionality or other enhancements in order to meet our customers’ rapidly evolving demands for network security in our highly competitive industry. When we develop a new product or an enhanced version of an existing product, we typically incur expenses and expend resources upfront to market, promote and sell the new offering. Therefore, when we develop and introduce new or enhanced products, they must achieve high levels of market acceptance in order to justify the amount of our investment in developing and bringing them to market.
Our new products or product enhancements could fail to attain sufficient market acceptance for many reasons, including:
•delays in releasing our new products or enhancements to the market;
•failure to accurately predict market demand in terms of product functionality and to supply products that meet this demand in a timely fashion;
•failure to have the appropriate research and development expertise and focus to make our top strategic fabric products successful;
•failure of our sales force and partners to focus on selling new products;
•inability to interoperate effectively with the networks or applications of our prospective end-customers;
•inability to protect against new types of attacks or techniques used by hackers;
•actual or perceived defects, vulnerabilities, errors or failures;
•negative publicity about their performance or effectiveness;
•introduction or anticipated introduction of competing products by our competitors;
•poor business conditions for our end-customers, causing them to delay IT purchases;
•changes to the regulatory requirements around security; and
•reluctance of customers to purchase products incorporating open source software.
If our new products or enhancements do not achieve adequate acceptance in the market, our competitive position will be impaired, our revenue will be diminished and the effect on our operating results may be particularly acute because of the significant research, development, marketing, sales and other expenses we incurred in connection with the new product or enhancement.
Demand for our products may be limited by market perception that individual products from one vendor that provide multiple layers of security protection in one product are inferior to point solution network security solutions from multiple vendors.
Sales of many of our products depend on increased demand for incorporating broad security functionality into one appliance. If the market for these products fails to grow as we anticipate, our business will be seriously harmed. Target customers may view “all-in-one” network security solutions as inferior to security solutions from multiple vendors because of, among other things, their perception that such products of ours provide security functions from only a single vendor and do not allow users to choose “best-of-breed” defenses from among the wide range of dedicated security applications available. Target customers might also perceive that, by combining multiple security functions into a single platform, our solutions create a “single point of failure” in their networks, which means that an error, vulnerability or failure of our product may place the entire network at risk. In addition, the market perception that “all-in-one” solutions may be suitable only for small and medium-sized businesses because such solution lacks the performance capabilities and functionality of other solutions may harm our sales to large businesses, service provider and government organization end-customers. If the foregoing concerns and perceptions
become prevalent, even if there is no factual basis for these concerns and perceptions, or if other issues arise with our market in general, demand for multi-security functionality products could be severely limited, which would limit our growth and harm our business, financial condition and results of operations. Further, a successful and publicized targeted attack against us, exposing a “single point of failure,” could significantly increase these concerns and perceptions and may harm our business and results of operations.
We face intense competition in our market and we may lack sufficient financial or other resources to maintain or improve our competitive position.
The market for network security products is intensely competitive and we expect competition to intensify in the future. Our competitors include companies such as Check Point, Cisco, F5 Networks, FireEye, Forcepoint, Imperva, Juniper, McAfee, Palo Alto Networks, Proofpoint, SonicWALL, Sophos, Symantec and Trend Micro.
Many of our existing and potential competitors enjoy substantial competitive advantages such as:
greater name recognition and longer operating histories;
larger sales and marketing budgets and resources;
broader distribution and established relationships with distribution partners and end-customers;
access to larger customer bases;
greater customer support resources;
greater resources to make acquisitions;
lower labor and development costs; and
substantially greater financial, technical and other resources.
In addition, some of our larger competitors have substantially broader product offerings, and leverage their relationships based on other products or incorporate functionality into existing products in a manner that discourages customers from purchasing our products. These larger competitors often have broader product lines and market focus, and are in a better position to withstand any significant reduction in capital spending by end-customers in these markets. Therefore, these competitors will not be as susceptible to downturns in a particular market. Also, many of our smaller competitors that specialize in providing protection from a single type of network security threat are often able to deliver these specialized network security products to the market more quickly than we can. Some of our smaller competitors are using third-party chips designed to accelerate performance. Conditions in our markets could change rapidly and significantly as a result of technological advancements or continuing market consolidation. Our competitors and potential competitors may also be able to develop products or services that are equal or superior to ours, achieve greater market acceptance of their products and services, and increase sales by utilizing different distribution channels than we do. Our current and potential competitors may also offer point solutions, fabric and/or cloud security services that compete with some of the features present in our platform. They may also establish cooperative relationships among themselves or with third parties that may further enhance their resources. In addition, current or potential competitors may be acquired by third parties with greater available resources, and new competitors may arise pursuant to acquisitions of network security companies or divisions. As a result of such acquisitions, competition in our market may continue to increase and our current or potential competitors might be able to adapt more quickly to new technologies and customer needs, devote greater resources to the promotion or sale of their products and services, initiate or withstand substantial price competition, take advantage of acquisition or other opportunities more readily, or develop and expand their product and service offerings more quickly than we do. In addition, our competitors may bundle products and services competitive with ours with other products and services. Customers may accept these bundled products and services rather than separately purchasing our products and services. Due to budget constraints or economic downturns, organizations may be more willing to incrementally add solutions to their existing network security infrastructure from competitors than to replace it with our solutions. These competitive pressures in our market or our failure to compete effectively may result in price reductions, fewer customer orders, reduced revenue and gross margins and loss of market share.
If functionality similar to that offered by our products is incorporated into existing network infrastructure products, organizations may decide against adding our appliances to their network, which would have an adverse effect on our business.
Large, well-established providers of networking equipment, such as Cisco, F5 Networks and Juniper, offer, and may continue to introduce, network security features that compete with our products, either in standalone security products or as additional features in their network infrastructure products. The inclusion of, or the announcement of an intent to include, functionality perceived to be similar to that offered by our security solutions in networking products that are already generally accepted as necessary components of network architecture may have an adverse effect on our ability to market and sell our products. Furthermore, even if the functionality offered by network infrastructure providers is more limited than our products, a significant number of customers may elect to accept such limited functionality in lieu of adding appliances from an additional vendor such as us. Many organizations have invested substantial personnel and financial resources to design and operate their networks and have established deep relationships with other providers of networking products, which may make them reluctant to add new components to their networks, particularly from other vendors such as us. In addition, an organization’s existing vendors or new vendors with a broad product offering may be able to offer concessions that we are not able to match because we currently offer only network security products and have fewer resources than many of our competitors. If organizations are reluctant to add additional network infrastructure from new vendors or otherwise decide to work with their existing vendors, our business, financial condition and results of operations will be adversely affected.
Managing inventory of our products and product components is complex. Insufficient inventory or components may result in lost sales opportunities or delayed revenue, while excess inventory may harm our gross margins.
Managing our inventory is complex. Our channel partners may increase orders during periods of product shortages, cancel orders or not place orders commensurate with our expectations if their inventory is too high, return products or take advantage of price protection (if any is available to the particular partner) or delay orders in anticipation of new products, and accurately forecasting inventory requirements and demand can be challenging. Our channel partners also may adjust their orders in response to the supply of our products and the products of our competitors that are available to them and in response to seasonal fluctuations in end-customer demand. Furthermore, if the time required to source components, manufacture or ship certain products increases for any reason, inventory shortfalls could result. If we cannot manufacture and ship our products due to, for example, natural disasters and health emergencies such as earthquakes, fires, power outages, typhoons, floods, pandemics and epidemics such as the COVID-19 pandemic or manmade events such as civil unrest, labor disruption, international trade disputes, international conflicts, terrorism, wars and critical infrastructure attacks, our business and financial results could be materially and adversely impacted. Management of our inventory is further complicated by the significant number of different products and models that we sell which may impact our billings, revenue, margins and free cash flow. Mismanagement of our inventory, whether due to imprecise forecasting, employee errors or malfeasance, inaccurate information or otherwise, may adversely affect our results of operations. The COVID-19 pandemic has resulted in challenges to obtaining components and inventory, as well as increases to freight and shipping costs, and may result in a material adverse effect on our results of operations. In order to mitigate supply chain risk from COVID-19, we have increased our on-hand stock of certain products. If we are unable to sell these products, we would be required to write-off excess inventory, which would have an adverse impact on our results of operations.
Inventory management remains an area of focus as we balance the need to maintain inventory levels that are sufficient to ensure competitive lead times against the risk of inventory obsolescence because of rapidly changing technology, product transitions, customer requirements or excess inventory levels. If we ultimately determine that we have excess inventory, we may have to reduce our prices and write-down inventory, which in turn could result in lower gross margins. Alternatively, insufficient inventory levels may lead to shortages that result in delayed billings and revenue or loss of sales opportunities altogether as potential end-customers turn to competitors’ products that are readily available. For example, we have in the past experienced inventory shortages and excesses due to the variance in demand for certain products from forecasted amounts. Our inventory management systems and related supply chain visibility tools may be inadequate to enable us to effectively manage inventory. If we are unable to effectively manage our inventory and that of our channel partners, our results of operations could be adversely affected.
Because we depend on several third-party manufacturers to build our products, we are susceptible to manufacturing delays that could prevent us from shipping customer orders on time, if at all, and may result in the loss of sales and customers, and third-party manufacturing cost increases could result in lower gross margins and free cash flow.
We outsource the manufacturing of our security appliance products to contract manufacturing partners and original design manufacturing partners, including manufacturers with facilities located in Taiwan, China and other countries outside the United States such as Micro-Star, Wistron, Senao, ADLINK and IBASE. Our reliance on our third-party manufacturers in Asia and elsewhere reduces our control over the manufacturing process, exposing us to risks, including reduced control over quality assurance, costs, supply and timing and possible tariffs. Any manufacturing disruption related to our third-party manufacturers or their component suppliers for any reason, including natural disasters and health emergencies such as earthquakes, fires, power outages, typhoons, floods, health pandemics and epidemics such as the COVID-19 pandemic and manmade events such as civil unrest, labor disruption, international trade disputes, international conflicts, terrorism, wars and critical infrastructure attacks, could impair our ability to fulfill orders. If we are unable to manage our relationships with these third-party manufacturers effectively, or if these third-party manufacturers experience delays, increased manufacturing lead-times, disruptions, capacity constraints or quality control problems in their manufacturing operations, or fail to meet our future requirements for timely delivery, our ability to ship products to our customers could be impaired and our business would be seriously harmed. Further, approximately 85% of our hardware is manufactured in Taiwan. Any increase in tensions between China and Taiwan, including threats of military actions or escalation of military activities, could adversely affect our manufacturing operations in Taiwan.
These manufacturers fulfill our supply requirements on the basis of individual purchase orders. We have no long-term contracts or arrangements with our third-party manufacturers that guarantee capacity, the continuation of particular payment terms or the extension of credit limits. Accordingly, they are not obligated to continue to fulfill our supply requirements, and the prices we are charged for manufacturing services could be increased on short notice. If we are required to change third-party manufacturers, our ability to meet our scheduled product deliveries to our customers would be adversely affected, which could cause the loss of sales and existing or potential customers, delayed revenue or an increase in our costs, which could adversely affect our gross margins. Our individual product lines are generally manufactured by only one manufacturing partner. Any production or shipping interruptions for any reason, such as a natural disaster, epidemic, capacity shortages, quality problems or strike or other labor disruption at one of our manufacturing partners or locations or at shipping ports or locations, would severely affect sales of our product lines manufactured by that manufacturing partner. Furthermore, manufacturing cost increases for any reason could result in lower gross margins.
Our proprietary SPUs, which are key to the performance of our appliances, are built by contract manufacturers including Renesas and Toshiba. These contract manufacturers use foundries operated by TSMC or Renesas on a purchase-order basis, and these foundries do not guarantee their capacity and could delay orders or increase their pricing. Accordingly, the foundries are not obligated to continue to fulfill our supply requirements, and due to the long lead time that a new foundry would require, we could suffer inventory shortages of our SPU as well as increased costs. In addition to our proprietary SPU, we also purchase off-the-shelf ASICs or integrated circuits from vendors for which we have experienced, and may continue to experience, long lead times. Our suppliers may also prioritize orders by other companies that order higher volumes or more profitable products. If any of these manufacturers materially delays its supply of ASICs or specific product models to us, or requires us to find an alternate supplier and we are not able to do so on a timely and reasonable basis, or if these foundries materially increase their prices for fabrication of our SPU or ASICs, our business would be harmed.
In addition, our reliance on third-party manufacturers and foundries limits our control over environmental regulatory requirements such as the hazardous substance content of our products and therefore our ability to ensure compliance with the Restriction of Hazardous Substances Directive (the “EU RoHS”) adopted in the European Union (the “EU”) and other similar laws. It also exposes us to the risk that certain minerals and metals, known as “conflict minerals,” that are contained in our products have originated in the Democratic Republic of the Congo or an adjoining country. As a result of the passage of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (“Dodd-Frank”), the Securities and Exchange Commission (the “SEC”) adopted disclosure requirements for public companies whose products contain conflict minerals that are necessary to the functionality or production of such products. Under these rules, we are required to obtain sourcing data from suppliers, perform supply chain due diligence, and file annually with the SEC a specialized disclosure report on Form SD covering the prior calendar year. We have incurred and expect to incur additional costs to comply with the rules, including costs related to efforts to determine the origin, source and chain of custody of the conflict minerals used in our products and the adoption of conflict minerals-related governance policies, processes and controls. Moreover, the implementation of these compliance measures could adversely affect the sourcing, availability and pricing of materials used in the manufacture of our products to the extent that there may be only a limited number of suppliers that are able to meet our sourcing requirements, which would make it more difficult to obtain such materials in sufficient quantities or at competitive prices. We may also encounter customers who require that all of the components of our products be certified as conflict-free. If we are not able to
meet customer requirements, such customers may choose to not purchase our products, which could impact our sales and the value of portions of our inventory.
Because some of the key components in our products come from limited sources of supply, we are susceptible to supply shortages, long lead times for components, and supply changes, each of which could disrupt or delay our scheduled product deliveries to our customers, result in inventory shortage, cause loss of sales and customers or increase component costs resulting in lower gross margins and free cash flow.
We and our contract manufacturers currently purchase several key parts and components used in the manufacture of our products from limited sources of supply. We are therefore subject to the risk of shortages and long lead times in the supply of these components and the risk that component suppliers may discontinue or modify components used in our products. We have in the past experienced, and are currently experiencing, shortages and long lead times for certain components. Our limited source components for particular appliances and suppliers of those components include specific types of CPUs from Intel, network chips from Broadcom, Marvell and Intel, and memory devices from Intel, ADATA, Toshiba, Samsung and Western Digital. We also may face shortages in the supply of the capacitors and resistors that are used in the manufacturing of our products. The introduction by component suppliers of new versions of their products, particularly if not anticipated by us or our contract manufacturers, could require us to expend significant resources to incorporate these new components into our products. In addition, if these suppliers were to discontinue production of a necessary part or component, we would be required to expend significant resources and time in locating and integrating replacement parts or components from another vendor. Qualifying additional suppliers for limited source parts or components can be time-consuming and expensive.
Our manufacturing partners have experienced long lead times for the purchase of components incorporated into our products. Lead times for components may be adversely impacted by factors outside of our control such as natural disasters and health emergencies such as earthquakes, fires, power outages, typhoons, floods, health pandemics and epidemics such as the COVID-19 pandemic, and manmade events such as civil unrest, labor disruption, international trade disputes, international conflicts, terrorism, wars, critical infrastructure attacks and other factors. Our reliance on a limited number of suppliers involves several additional risks, including:
•a potential inability to obtain an adequate supply of required parts or components when required;
•financial or other difficulties faced by our suppliers;
•infringement or misappropriation of our IP;
•price increases;
•failure of a component to meet environmental or other regulatory requirements;
•failure to meet delivery obligations in a timely fashion;
•failure in component quality; and
•inability to ship products on a timely basis.
The occurrence of any of these events would be disruptive to us and could seriously harm our business. Any interruption or delay in the supply of any of these parts or components, or the inability to obtain these parts or components from alternate sources at acceptable prices and within a reasonable amount of time, would harm our ability to meet our scheduled product deliveries to our distributors, resellers and end-customers. This could harm our relationships with our channel partners and end-customers and could cause delays in shipment of our products and adversely affect our results of operations. In addition, increased component costs could result in lower gross margins.
We offer retroactive price protection to certain of our major distributors, and if we fail to balance their inventory with end-customer demand for our products, our allowance for price protection may be inadequate, which could adversely affect our results of operations.
We provide certain of our major distributors with price protection rights for inventories of our products held by them. If we reduce the list price of our products, certain distributors receive refunds or credits from us that reduce the price of such products held in their inventory based upon the new list price. Future credits for price protection will depend on the percentage of our price reductions for the products in inventory and our ability to manage the levels of our major distributors’ inventories. If future price protection adjustments are higher than expected, our future results of operations could be materially and adversely affected.
The sales prices of our products and services may decrease, which may reduce our gross profits and operating margin, and which may adversely impact our financial results and the trading price of our common stock.
The sales prices for our products and services may decline for a variety of reasons or our product mix may change, resulting in lower growth and margins based on a number of factors, including competitive pricing pressures, discounts or promotional programs we offer, a change in our mix of products and services and anticipation of the introduction of new products and services. Competition continues to increase in the market segments in which we participate, and we expect competition to further increase in the future, thereby leading to increased pricing pressures. Larger competitors with more diverse product offerings may reduce the price of products and services that compete with ours in order to promote the sale of other products or services or may bundle them with other products or services. Additionally, although we price our products and services worldwide in U.S. dollars, currency fluctuations in certain countries and regions have in the past, and may in the future, negatively impact actual prices that partners and customers are willing to pay in those countries and regions. Furthermore, we anticipate that the sales prices and gross profits for our products or services will decrease over product life cycles. We cannot ensure that we will be successful in developing and introducing new offerings with enhanced functionality on a timely basis, or that our product and service offerings, if introduced, will enable us to maintain our prices, gross profits and operating margin at levels that will allow us to maintain profitability.
Actual, possible or perceived defects or vulnerabilities in our products or services, the failure of our products or services to detect or prevent a security breach or the misuse of our products could harm our reputation and divert resources.
Because our products and services are complex, they have contained and may contain defects or errors that are not detected until after their commercial release and deployment by our customers. Defects or vulnerabilities may impede or block network traffic, cause our products or services to be vulnerable to electronic break-ins, cause them to fail to help secure our customers or cause our products or services to allow unauthorized access to our customers’ networks. Additionally, any perception that our products have product vulnerabilities, whether or not accurate, may cause reputation harm. Our products are also susceptible to errors, defects, logic flaws, vulnerabilities and inserted vulnerabilities that may arise in, or be included in our products in, different stages of our supply chain, manufacturing and shipment processes, and a threat actor’s exploitation of these weaknesses may be difficult to anticipate, prevent, and detect. If we are unable to maintain an effective supply chain security risk management program, then the security and integrity of our products and the updates to those products that our customers receive could be exploited by third parties or insiders. Different customers deploy and use our products in different ways, and certain deployments and usages may subject our products to adverse conditions that may negatively impact the effectiveness and useful lifetime of our products. Our networks and products, including cloud-based technology, could be targeted by attacks specifically designed to disrupt our business and harm our reputation. We cannot ensure that our products will prevent all adverse security events. Because the techniques used by malicious adversaries to access or sabotage networks change frequently and generally are not recognized until launched against a target, we may be unable to anticipate these techniques. In addition, defects or errors in our FortiGuard and other security subscription or FortiCare updates or our Fortinet appliances and operating systems could result in a failure of our FortiGuard and other security subscription services to effectively update end-customers’ Fortinet appliances and cloud-based products and thereby leave customers vulnerable to attacks. Furthermore, our solutions may also fail to detect or prevent viruses, worms or similar threats due to a number of reasons such as the evolving nature of such threats and the continual emergence of new threats that we may fail to add to our FortiGuard databases in time to protect our end-customers’ networks. Our data centers and networks and those of our hosting vendors and cloud service providers, may also experience technical failures and downtime, and may fail to distribute appropriate updates, or fail to meet the increased requirements of our customer base. Any such technical failure, downtime or failures in general may temporarily or permanently expose our end-customers’ networks, leaving their networks unprotected against the latest security threats.
An actual, possible or perceived security breach or infection of the network of one of our end-customers, regardless of whether the breach is attributable to the failure of our products or services to prevent the security breach, or any actual or perceived security risk in our supply chain, could adversely affect the market’s perception of our security products and services, cause customers and customer prospects not to buy from us and, in some instances, subject us to potential liability that is not contractually limited. We may not be able to correct any security flaws or vulnerabilities promptly, or at all. Our products may also be misused by end-customers or third parties who obtain access to our products. For example, our products could be used to censor private access to certain information on the internet. Such use of our products for censorship could result in negative press coverage and negatively affect our reputation, even if we take reasonable measures to prevent any improper shipment of our products or if our products are provided by an unauthorized third party. Any actual, possible or perceived defects, errors or vulnerabilities in our products, or misuse of our products, could result in:
•the expenditure of significant financial and product development resources in efforts to analyze, correct, eliminate or work around errors or defects or to address and eliminate vulnerabilities;
•the loss of existing or potential end-customers or channel partners;
•delayed or lost revenue;
•delay or failure to attain market acceptance;
•negative publicity and harm to our reputation; and
•litigation, regulatory inquiries or investigations that may be costly and harm our reputation and, in some instances, subject us to potential liability that is not contractually limited.
The network security market is rapidly evolving and the complex technology incorporated in our products makes them difficult to develop. If we do not accurately predict, prepare for and respond promptly to technological and market developments and changing end-customer needs, our competitive position and prospects may be harmed.
The network security market is expected to continue to evolve rapidly. Moreover, many of our end-customers operate in markets characterized by rapidly changing technologies and business plans, which require them to add numerous network access points and adapt increasingly complex networks, incorporating a variety of hardware, software applications, operating systems and networking protocols. In addition, computer hackers and others who try to attack networks employ increasingly sophisticated techniques to gain access to and attack systems and networks. The technology in our products is especially complex because it needs to effectively identify and respond to new and increasingly sophisticated methods of attack, while minimizing the impact on network performance. Additionally, some of our new products and enhancements may require us to develop new hardware architectures and ASICs that involve complex, expensive and time-consuming research and development processes. For example, we enter into development agreements with third parties. If our contract development projects are not successfully completed, or are not completed in a timely fashion, our product development could be delayed and our business generally could suffer. Costs for contract development can be substantial and our profitability may be harmed if we are unable to recover these costs. Although the market expects rapid introduction of new products or product enhancements to respond to new threats, the development of these products is difficult and the timetable for commercial release and availability is uncertain and there can be long time periods between releases and availability of new products. We have in the past and may in the future experience unanticipated delays in the availability of new products and services and fail to meet previously announced timetables for such availability. If we do not quickly respond to the rapidly changing and rigorous needs of our end-customers by developing and releasing and making available on a timely basis new products and services or enhancements that can respond adequately to new security threats, our competitive position and business prospects may be harmed.
Moreover, business models based on SaaS, either hosted or cloud-based services, have become increasingly in-demand by our end-customers and adopted by other providers, including our competitors. While we have introduced additional cloud-based products and services and will continue to do so, most of our platform is currently deployed on premise, and therefore, if customers demand that our platform be provided through a SaaS business model, we would be required to make additional investments in our infrastructure and personnel to be able to more fully provide our platform through a SaaS model in order to maintain the competitiveness of our platform. Such investments may involve expanding our data centers, servers and networks, and increasing our technical operations and engineering teams. These risks are compounded by the uncertainty concerning the future viability of SaaS business models and the future demand for such models by customers. Additionally, if we are unable to meet the demand to provide our services through a SaaS model, we may lose customers to competitors.
Our uniform resource locator (“URL”) database for our web filtering service may fail to keep pace with the rapid growth of URLs and may not categorize websites in accordance with our end-customers’ expectations.
The success of our web filtering service depends on the breadth and accuracy of our URL database. Although our URL database currently catalogs millions of unique URLs, it contains only a portion of the URLs for all of the websites that are available on the internet. In addition, the total number of URLs and software applications is growing rapidly, and we expect this rapid growth to continue in the future. Accordingly, we must identify and categorize content for our security risk categories at an extremely rapid rate. Our database and technologies may not be able to keep pace with the growth in the number of websites, especially the growing amount of content utilizing foreign languages and the increasing sophistication of malicious code and the delivery mechanisms associated with spyware, phishing and other hazards associated with the internet. Further, the ongoing evolution of the internet and computing environments will require us to continually improve the functionality, features and reliability of our web filtering function. Any failure of our databases to keep pace with the rapid growth and technological change of the internet could impair the market acceptance of our products, which in turn could harm our business, financial condition and results of operations.
In addition, our web filtering service may not be successful in accurately categorizing internet and application content to meet our end-customers’ expectations. We rely upon a combination of automated filtering technology and human review to categorize websites and software applications in our proprietary databases. Our end-customers may not agree with our determinations that particular URLs should be included or not included in specific categories of our databases. In addition, it is possible that our filtering processes may place material that is objectionable or that presents a security risk in categories that are generally unrestricted by our customers’ internet and computer access policies, which could result in such material not being blocked from the network. Conversely, we may miscategorize websites such that access is denied to websites containing information that is important or valuable to our customers. Any miscategorization could result in customer dissatisfaction and harm our reputation. Any failure to effectively categorize and filter websites according to our end-customers’ and channel partners’ expectations could impair the growth of our business.
False detection of vulnerabilities, viruses or security breaches or false identification of spam or spyware could adversely affect our business.
Our FortiGuard and other security subscription services may falsely detect, report and act on viruses or other threats that do not actually exist. This risk is heightened by the inclusion of a “heuristics” feature in our products, which attempts to identify viruses and other threats not based on any known signatures but based on characteristics or anomalies that may indicate that a particular item is a threat. When our end-customers enable the heuristics feature in our products, the risk of falsely identifying viruses and other threats significantly increases. These false positives, while typical in the industry, may impair the perceived reliability of our products and may therefore adversely impact market acceptance of our products. Also, our FortiGuard and other security subscription services may falsely identify emails or programs as unwanted spam or potentially unwanted programs, or alternatively fail to properly identify unwanted emails or programs, particularly as spam emails or spyware are often designed to circumvent anti-spam or spyware products. Parties whose emails or programs are blocked by our products may seek redress against us for labeling them as spammers or spyware, or for interfering with their business. In addition, false identification of emails or programs as unwanted spam or potentially unwanted programs may reduce the adoption of our products. If our system restricts important files or applications based on falsely identifying them as malware or some other item that should be restricted, this could adversely affect end-customers’ systems and cause material system failures. In addition, our threat researchers periodically identify vulnerabilities in various third-party products, and, if these identifications are perceived to be incorrect or are in fact incorrect, this could harm our business. Any such false identification or perceived false identification of important files, applications or vulnerabilities could result in negative publicity, loss of end-customers and sales, increased costs to remedy any problem and costly litigation.
Our ability to sell our products is dependent on the quality of our technical support services, and our failure to offer high-quality technical support services would have a material adverse effect on our sales and results of operations.
Once our products are deployed within our end-customers’ networks, our end-customers depend on our technical support services, as well as the support of our channel partners and other third parties, to resolve any issues relating to our products. If we, our channel partners or other third parties do not effectively assist our customers in planning, deploying and operational proficiency for our products, succeed in helping our customers quickly resolve post-deployment issues and provide effective ongoing support, our ability to sell additional products and services to existing customers would be adversely affected and our reputation with potential customers could be damaged. Many large end-customers, and service provider or government organization end-customers, require higher levels of support than smaller end-customers because of their more complex deployments and more demanding environments and business models. If we, our channel partners or other third parties fail to meet the requirements of our larger end-customers, it may be more difficult to execute on our strategy to increase our
penetration with large businesses, service providers and government organizations. Our failure to maintain high-quality support services would have a material adverse effect on our business, financial condition and results of operations and may subject us to litigation, reputational damage, loss of customers and additional costs.
Our business is subject to the risks of warranty claims, product returns, product liability and product defects.
Our products are very complex and, despite testing prior to their release, have contained and may contain undetected defects or errors, especially when first introduced or when new versions are released. Product errors have affected the performance and effectiveness of our products and could delay the development or release of new products or new versions of products, adversely affect our reputation and our end-customers’ willingness to buy products from us, result in litigation and disputes with customers and adversely affect market acceptance or perception of our products. Any such errors or delays in releasing new products or new versions of products or allegations of unsatisfactory performance could cause us to lose revenue or market share, increase our service costs, cause us to incur substantial costs in redesigning the products, cause us to lose significant end-customers, subject us to litigation, litigation costs and liability for damages and divert our resources from other tasks, any one of which could materially and adversely affect our business, results of operations and financial condition. Our products must successfully interoperate with products from other vendors. As a result, when problems occur in a network, it may be difficult to identify the sources of these problems. The occurrence of hardware and software errors, whether or not caused by our products, could delay or reduce market acceptance of our products and have an adverse effect on our business and financial performance, and any necessary revisions may cause us to incur significant expenses. The occurrence of any such problems could harm our business, financial condition and results of operations.
Although we generally have limitation of liability provisions in our standard terms and conditions of sale, they may not fully or effectively protect us from claims if exceptions apply or if the provisions are deemed unenforceable, and in some circumstances we may be required to indemnify a customer in full, without limitation, for certain liabilities, including liabilities that are not contractually limited. The sale and support of our products also entail the risk of product liability claims. We maintain insurance to protect against certain claims associated with the use of our products, but our insurance coverage may not adequately cover any claim asserted against us, if at all, and in some instances may subject us to potential liability that is not contractually limited. In addition, even claims that ultimately are unsuccessful could result in our expenditure of funds in litigation and divert management’s time and other resources.
Risks Related to our Systems and Technology
If our internal enterprise IT networks, on which we conduct internal business and interface externally, our operational networks, through which we connect to customer systems and provide services, or our research and development networks, our back-end labs and cloud stacks through which we research and develop products and services, are compromised, public perception of our products and services may be harmed, our customers may be breached and harmed, we may become subject to liability, and our business, operating results and stock price may be adversely impacted.
Our success depends on the market’s confidence in our ability to provide effective network security protection. Despite our efforts and processes to prevent breaches of our internal networks, systems and websites, we are still vulnerable to computer viruses, break-ins, phishing attacks, attempts to overload our servers with denial-of-service and other cyber-attacks and similar disruptions from unauthorized access to our internal networks, systems or websites. Our security measures may also be breached due to employee error, malfeasance or otherwise, which breaches may be more difficult to detect than outsider threats, and the existing programs and trainings we have in place to prevent such insider threats may not be effective or sufficient. Third parties may also attempt to fraudulently induce our employees to transfer funds or disclose information in order to gain access to our networks and confidential information. Third parties may also send our customers or others malware or malicious emails that falsely indicate that we are the source, potentially causing lost confidence in us and reputational harm. We cannot guarantee that the measures we have taken to protect our networks, systems and websites will provide adequate security. Moreover, because we provide network security products, we may be a more attractive target for attacks by computer hackers and any security breaches and other security incidents involving us may result in more harm to our reputation and brand than companies that do not sell network security solutions. Hackers and malicious parties may be able to develop and deploy viruses, worms, ransomware and other malicious software programs that attack our products and customers, that impersonate our update servers in an effort to access customer networks and negatively impact customers, or otherwise exploit any security vulnerabilities of our products, or attempt to fraudulently induce our employees, customers or others to disclose passwords or other sensitive information or unwittingly provide access to our internal networks, systems or data.
For example, from time to time, we have discovered that unauthorized parties have targeted us using sophisticated techniques, including by stealing technical data and attempting to steal private encryption keys, in an effort to both impersonate our products and threat intelligence update services and possibly attempt other attack methodologies. Using these techniques, these unauthorized parties have tried, and may in the future try, to gain access to certain of our and our customers’ systems. We have also, for example, discovered that unauthorized parties have targeted vulnerabilities in our product software in an effort to gain entry into our customers’ networks. These and other hacking efforts against us and our customers may be ongoing and may recur in the future. Although we take numerous measures and implement multiple layers of security to protect our networks and our customers’ networks, we cannot guarantee that our security products, processes and services will secure against all threats. Further, we cannot be sure that third parties have not been, or will not in the future be, successful in improperly accessing our systems and our customers’ systems, which could negatively impact us and our customers. An actual breach could significantly harm us and our customers, and an actual or perceived breach, or any other actual or perceived data security incident, threat or vulnerability, that involves our supply chains, networks, systems or websites and/or our customers’ supply chains, networks, systems or websites could adversely affect the market perception of our products and services and investor confidence in our company. Any breach of our networks, systems or websites could impair our ability to operate our business, including our ability to provide FortiGuard and other security subscription and FortiCare technical support services to our end-customers, lead to interruptions or system slowdowns, cause loss of critical data or lead to the unauthorized disclosure or use of confidential, proprietary or sensitive information. We could also be subject to liability and litigation and reputational harm and our channel partners and end-customers may be harmed, lose confidence in us and decrease or cease using our products and services. Any breach of our internal networks, systems or websites could have an adverse effect on our business, operating results and stock price.
In addition, due to the COVID-19 pandemic, a substantial majority of our employees are temporarily working remotely, which may pose additional data security risks. For example, there has been an increase in phishing attempts and spam emails as well as social engineering attempts from hackers hoping to use the recent COVID-19 pandemic to their advantage. The risks described above could therefore be exacerbated by the COVID-19 pandemic.
If we do not appropriately manage any future growth, including through the expansion of our real estate facilities, or are unable to improve our systems, processes and controls, our operating results will be negatively affected.
We rely heavily on information technology to help manage critical functions such as order configuration, pricing and quoting, revenue recognition, financial forecasts, inventory and supply chain management and trade compliance reviews. In addition, we have been slow to adopt and implement certain automated functions, which could have a negative impact on our business. For example, a large part of our order processing relies on manual data entryof customer purchase orders received through email and, to a lesser extent, through electronic data interchange from our customers. Due to the use of manual processes and the fact that we may receive a large amount of our orders in the last few weeks of any given quarter, an interruption in our email service or other systems could result in delayed order fulfillment and decreased billings and revenue for that quarter.
To manage any future growth effectively, we must continue to improve and expand our information technology and financial, operating, security and administrative systems and controls, and our business continuity and disaster recovery plans and processes. We must also continue to manage headcount, capital and processes in an efficient manner. We may not be able to successfully implement requisite improvements to these systems, controls and processes, such as system capacity, access, security and change management controls, in a timely or efficient manner. Our failure to improve our systems and processes, or their failure to operate in the intended manner, whether as a result of the significant growth of our business or otherwise, may result in our inability to manage the growth of our business and to accurately forecast our revenue, expenses and earnings, or to prevent certain losses. Moreover, the failure of our systems and processes could undermine our ability to provide accurate, timely and reliable reports on our financial and operating results and could impact the effectiveness of our internal control over financial reporting.
In addition, our systems, processes and controls may not prevent or detect all errors, omissions, malfeasance or fraud, such as corruption and improper “side agreements” that may impact revenue recognition or result in financial liability. Our productivity and the quality of our products and services may also be adversely affected if we do not integrate and train our new employees quickly and effectively. Any future growth would add complexity to our organization and require effective coordination throughout our organization. Failure to ensure appropriate systems, processes and controls and to manage any future growth effectively could result in increased costs and harm our reputation and results of operations.
We have expanded our office real estate holdings to meet our projected growing need for office space. We have started construction on a second building adjacent to our headquarters as we expand our campus in Sunnyvale, California. These plans will require significant capital expenditure over the next several years and involve certain risks, including impairment charges and acceleration of depreciation, changes in future business strategy that may decrease the need for expansion (such as a decrease in headcount or increase in work from home) and risks related to construction. Future changes in growth or fluctuations in cash flow may also negatively impact our ability to pay for these projects or free cash flow. Additionally, inaccuracies in our projected capital expenditures could negatively impact our business, operating results and financial condition.
We may experience difficulties maintaining and expanding our internal business management systems.
The maintenance of our internal business management systems, such as our Enterprise Resource Planning (“ERP”) and Customer Relationship Management (“CRM”) systems, has required, and will continue to require, the investment of significant financial and human resources. In addition, we may choose to upgrade or expand the functionality of our internal systems, leading to additional costs. We may also discover deficiencies in our design or maintenance of our internal systems that could adversely affect our ability to forecast orders, process orders, ship products, provide services and customer support, send invoices and track payments, fulfill contractual obligations, accurately maintain books and records, provide accurate, timely and reliable reports on our financial and operating results or otherwise operate our business. Additionally, if any of our internal systems does not operate as intended, the effectiveness of our internal control over financial reporting could be adversely affected or our ability to assess it adequately could be delayed. Further, we may expand the scope of our ERP and CRM systems. Our operating results may be adversely affected if these upgrades or expansions are delayed or if the systems do not function as intended or are not sufficient to meet our operating requirements.
Risks Related to our Intellectual Property
Our proprietary rights may be difficult to enforce, which could enable others to copy or use aspects of our products without compensating us.
We rely primarily on patent, trademark, copyright and trade secrets laws and confidentiality procedures and contractual provisions to protect our technology. Valid patents may not issue from our pending applications, and the claims eventually allowed on any patents may not be sufficiently broad to protect our technology or products. Any issued patents may be challenged, invalidated or circumvented, and any rights granted under these patents may not actually provide adequate defensive protection or competitive advantages to us. Patent applications in the United States are typically not published until at least 18 months after filing, or, in some cases, not at all, and publications of discoveries in industry-related literature lag behind actual discoveries. We cannot be certain that we were the first to make the inventions claimed in our pending patent applications or that we were the first to file for patent protection. Additionally, the process of obtaining patent protection is expensive and time-consuming, and we may not be able to prosecute all necessary or desirable patent applications at a reasonable cost or in a timely manner. In addition, recent changes to the patent laws in the United States may bring into question the validity of certain software patents and may make it more difficult and costly to prosecute patent applications. As a result, we may not be able to obtain adequate patent protection or effectively enforce our issued patents.
Despite our efforts to protect our proprietary rights, unauthorized parties may attempt to copy aspects of our products or obtain and use information that we regard as proprietary. We generally enter into confidentiality or license agreements with our employees, consultants, vendors and customers, and generally limit access to and distribution of our proprietary information. However, we cannot guarantee that the steps taken by us will prevent misappropriation of our technology. Policing unauthorized use of our technology or products is difficult. In addition, the laws of some foreign countries do not protect our proprietary rights to as great an extent as the laws of the United States, and many foreign countries do not enforce these laws as diligently as government agencies and private parties in the United States. From time to time, legal action by us may be necessary to enforce our patents and other intellectual propertyIP rights, to protect our trade secrets, to determine the validity and scope of the proprietary rights of others or to defend against claims of infringement or invalidity. Such litigation could result in substantial costs and diversion of resources and could negatively affect our business, operating results and financial condition. If we are unable to protect our proprietary rights (including aspects of our software and products protected other than by patent rights), we may find ourselves at a competitive disadvantage to others who need not incur the additional expense, time and effort required to create the innovative products that have enabled us to be successful to date.
Our products contain third-party open source software components, and failure to comply with the terms of the underlying open source software licenses could restrict our ability to sell our products.
Our products contain software modules licensed to us by third-party authors under “open source” licenses, including the GNU Public License, the GNU Lesser Public License, the BSD License, the Apache License, the MIT X License and the Mozilla Public License. From time to time, there have been claims against companies that distribute or use open source software in their products and services, asserting that open source software infringes the claimants’ intellectual propertyIP rights. We could be subject to suits by parties claiming infringement of intellectual propertyIP rights in what we believe to be licensed open source software. Use and distribution of open source software may entail greater risks than use of third-party commercial software, as, for example, open source licensors generally do not provide warranties or other contractual protections regarding infringement claims or the quality of the code. Some open source licenses contain requirements that we make available source code for modifications or derivative works we create based upon the type of open source software we use. If we combine our proprietary software with open source software in a certain manner, we could, under certain open source licenses, be required to release the source code of our proprietary software to the public. This would allow our competitors to create similar products with lower development effort and time and ultimately could result in a loss of product sales for us.
Although we monitor our use of open source software to avoid subjecting our products to conditions we do not intend, the terms of many open source licenses have not been interpreted by U.S. courts, and there is a risk that these licenses could be construed in a way that, for example, could impose unanticipated conditions or restrictions on our ability to commercialize our products. In this event, we could be required to seek licenses from third parties to continue offering our products, to make our proprietary code generally available in source code form, to re-engineer our products or to discontinue the sale of our products if re-engineering could not be accomplished on a timely basis, any of which requirements could adversely affect our business, operating results and financial condition.
Claims by others that we infringe their proprietary technology or other litigation matters could harm our business.
Patent and other intellectual propertyIP disputes are common in the network security industry. Third parties are currently asserting, have asserted and may in the future assert claims of infringement of intellectual propertyIP rights against us. TheyThird parties have also asserted such claims against our end-customers or channel partners whom we may indemnify against claims that our products infringe the intellectual propertyIP rights of third parties. As the number of products and competitors in our market increases and overlaps occur, infringement claims may increase. Any claim of infringement by a third party, even those without merit, could cause us to incur substantial costs defending against the claim and could distract our management from our business. In addition, litigation may involve patent holding companies, non-practicing entities or other adverse patent owners who have no relevant product revenue and against whom our own patents may therefore provide little or no deterrence or protection.
Although third parties may offer a license to their technology, the terms of any offered license may not be acceptable, and the failure to obtain a license or the costs associated with any license could cause our business, financial condition and results of operations to be materially and adversely affected. In addition, some licenses may be non-exclusive and, therefore, our competitors may have access to the same technology licensed to us.
Alternatively, we may be required to develop non-infringing technology, which could require significant time, effort and expense, and may ultimately not be successful. Furthermore, a successful claimant could secure a judgment or we may agree to a settlement that prevents us from distributing certain products or performing certain services or that requires us to pay substantial damages (including treble damages if we are found to have willfully infringed such claimant’s patents or copyrights), royalties or other fees. Any of these events could seriously harm our business, financial condition and results of operations.
From time to time we are subject to lawsuits claiming patent infringement. We are also subject to other litigation in addition to patent infringement claims, such as employment-related litigation and disputes, as well as general commercial litigation, and could become subject to other forms of litigation and disputes, including stockholder litigation. If we are unsuccessful in defending any such claims, our operating results and financial condition and results may be materially and adversely affected. For example, we may be required to pay substantial damages and could be prevented from selling certain of our products. Litigation, with or without merit, could negatively impact our business, reputation and sales in a material fashion.
We have several ongoing patent lawsuits, several non-practicing entity patent holdingcertain companies have sent us demand letters proposing that we license certain of their patents, and organizations have sent letters demanding that we provide indemnification for patent claims. As two examples of the ongoing patent lawsuits against us, one such patent lawsuit by British Telecommunications plc was filed in federal court in Delaware in July 2018, and a second such lawsuit by Finjan, Inc. was filed in federal court in California in October 2018, and additional patent lawsuits have been filed against us since. Given this and the proliferation of lawsuits in our
industry and other similar industries by both non-practicing entities and operating entities, and recent non-practicing entity and operating entity patent litigation against other companies in the security space, we expect that we will be sued for patent infringement in the future, regardless of the merits of any such lawsuits. The cost to defend such lawsuits and any settlement payment or adverse result in such lawsuits could have a material adverse effect on our results of operations and financial condition.
We rely on the availability of third-party licenses.
Many of our products include software or other intellectual propertyIP licensed from third parties. It may be necessary in the future to renew licenses relating to various aspects of these products or to seek new licenses for existing or new products. Licensors may claim we owe them additional license fees for past and future use of their software and other IP or that we cannot utilize such software or IP in our products going forward. There can be no assurance that the necessary licenses would be available on acceptable terms, if at all. The inability to obtain certain licenses or other rights or to obtain such licenses or rights on favorable terms or for reasonable pricing, or the need to engage in litigation regarding these matters, could result in delays in product releases until equivalent technology can be identified, licensed or developed, if at all, and integrated into our products and may result in significant license fees and have a material adverse effect on our business, operating results, and financial condition. Moreover, the inclusion in our products of software or other intellectual propertyIP licensed from third parties on a nonexclusivenon-exclusive basis could limit our ability to differentiate our products from those of our competitors.
We also rely on technologies licensed from third parties in order to operate functions of our business. If any of these third parties allege that we have not properly paid for such licenses or that we have improperly used the technologies under such licenses, we may need to pay additional fees or obtain new licenses, and such licenses may not be available on terms acceptable to us or at all.all or may be costly. In eitherany such case, or if we were required to redesign our internal operations to function with new technologies, our business, results of operations and financial condition could be harmed.
Other Risks Related to Our Business and Financial Position
Failure to comply with laws and regulations applicable to our business could subject us to fines and penalties and could also cause us to lose end-customers in the public sector or negatively impact our ability to contract with the public sector.
Our business is subject to regulation by various federal, state, regional, local and foreign governmental agencies, including agencies responsible for monitoring and enforcing employment and labor laws, workplace safety, product safety, product labeling, environmental laws, consumer protection laws, anti-bribery laws, data privacy laws, import and export controls, federal securities laws and tax laws and regulations. In certain jurisdictions, these regulatory requirements may be more stringent than in the United States. Non-compliance with applicable regulations or requirements could subject us to investigations, sanctions, enforcement actions, disgorgement of profits, fines, damages and civil and criminal penalties or injunctions. If any governmental sanctions are imposed, or if we do not prevail in any possible civil or criminal litigation, our business, operating results and financial condition could be adversely affected. In addition, responding to any action will likely result in a significant diversion of management’s attention and resources and an increase in professional fees. Enforcement actions and sanctions could harm our business, operating results and financial condition.
For example, the GDPR, which became effective in May 2018 and superseded current EU data protection regulations, imposes stringent data handling requirements on companies that receive or process personal data of residents of the EU. Non-compliance with the GDPR could result in significant penalties, including data protection audits and heavy fines. Compliance with, and the other burdens imposed by, the GDPR may limit our ability to operate or expand our business in Europe and could adversely impact our operating results, as could delays or shortcomings in the implementation of our GDPR compliance program. In July 2020, the European Court of Justice issued a judgment declaring invalid the EU-U.S. Privacy Shield Framework (the “Privacy Shield”) as a mechanism for exportation of personal data from the European Economic Area to the United States. Though we are not participants of the Privacy Shield, and instead employ alternative mechanisms for personal data transfers, the ruling raises questions as to GDPR implications and adequate data protection in the United States, and may have an impact on our European customers and related business operations.
Additionally, we may be subject to other legal regimes throughout the world governing data handling, protection and privacy. For example, in June 2018, California passed the California Consumer Privacy Act (the “CCPA”), which provides new data privacy rights for consumers and new operational requirements for companies and became effective on January 1, 2020. The costs of compliance with and the penalties for violations of the GDPR and CCPA, along with other burdens imposed by these regulations, may limit the use and adoption of our products and services and could have an adverse impact on our business.
Selling our solutions to the U.S. government, whether directly or through channel partners, also subjects us to certain regulatory and contractual requirements, government permit and clearance requirements and other risks. Failure to comply with these requirements or to obtain and maintain government permits and clearances required to do certain business, by either us or our channel partners, could subject us to investigations, fines, suspension, limitations on business or debarment from doing business with the U.S. government or one of its divisions, as well as other penalties and damages, which could have an adverse effect on our business, operating results, financial condition and prospects. Any violations of regulatory and contractual requirements could result in us being suspended or debarred fromfuture government contracting. Any of these outcomes could have an adverse effect on our revenue, operating results, financial condition and prospects.
These laws, regulations and other requirementsimpose added costs on our business, and failure to comply with these or other applicable regulations and requirements, including non-compliance in the past, could lead to claims for damages from our channel partners, penalties, termination of contracts, loss of exclusive rights in our IP and temporary suspension, permanent debarment from government contracting, or other limitations on doing business. Any such damages, penalties, disruptions or limitations in our ability to do business with the public sector could have an adverse effect on our business and operating results.
We are subject to governmental export and import controls that could subject us to liability or restrictions on sales, and that could impair our ability to compete in international markets.
Because we incorporate encryption technology into our products, certain of our products are subject to U.S. export controls and may be exported outside the United States only with the required export license or through an export license exception, or may be prohibited altogether from export to certain countries. If we were to fail to comply with U.S. export laws, U.S. Customs regulations and import regulations, U.S. economic sanctions and other countries’ import and export laws, we could be subject to substantial civil and criminal penalties, including fines for the company and incarceration for responsible employees and managers, and the possible loss of export or import privileges. In addition, if our channel partners fail to obtain appropriate import, export or re-export licenses or permits (e.g. for stocking orders placed by our partners), we may also be adversely affected through reputational harm and penalties and we may not be able to provide support related to appliances shipped pursuant to such orders. Obtaining the necessary export license for a particular sale may be time-consuming and may result in the delay or loss of sales opportunities.
Furthermore, U.S. export control laws and economic sanctions prohibit the shipment of certain products to U.S. embargoed or sanctioned countries, governments and persons. Even though we take precautions to prevent our product from being shipped to U.S. sanctions targets, our products could be shipped to those targets by our channel partners, despite such precautions. Any such shipment could have negative consequences including government investigations and penalties and reputational harm. In addition, various countries regulate the import of certain encryption technology, including import permitting and licensing requirements, and have enacted laws that could limit our ability to distribute our products or could limit our customers’ ability to implement our products in those countries. Changes in our products or changes in export and import regulations may create delays in the introduction of our products in international markets, prevent our customers with international operations from deploying our products globally or, in some cases, prevent the export or import of our products to certain countries, governments or persons altogether. Any change in export or import regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential customers with international operations. Any decreased use of our products or limitation on our ability to export or sell our products would likely adversely affect our business, financial condition and results of operations.
Efforts to withdraw from or materially modify international trade agreements, to change tax provisions related to global manufacturing and sales or to impose new tariffs, economic sanctions or related legislation, any of which could adversely affect our financial condition and results of operations.
Our business benefits directly and indirectly from free trade agreements, and we also rely on various U.S. corporate tax provisions related to international commerce, as we develop, market and sell our products and services globally. Efforts to withdraw from or materially modify international trade agreements, or to change corporate tax policy related to international commerce, could adversely affect our financial condition and results of operations as could the continuing uncertainty regarding whether such actions will be taken.
Moreover, efforts to implement changes related to export or import regulations (including the imposition of new border taxes or tariffs on foreign imports), trade barriers, economic sanctions and other related policies could harm our results of operations. For example, in recent years, the United States has imposed additional import tariffs on certain goods from different countries and on most of Chinese imported goods. As a result, China and other countries imposed retaliatory tariffs on goods exported from the United States and both the United States and foreign countries have threatened to alter or leave current trade agreements. While we do not currently expect these tariffs to have a significant effect on our raw material and product import costs, if the United States expands increased tariffs, or retaliatory trade measures are taken by China or other countries in response to the tariffs, the cost of our products could increase, our operations could be disrupted or we could be required to raise our prices, which may result in the loss of customers and harm to our reputation and operating performance.
Any modification in these areas, any shift in the enforcement or scope of existing regulations or any change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential end-customers with international operations and could result in increased costs. Any decreased use of our products or limitation on our ability to export or sell our products would likely adversely affect our business, financial condition and results of operations.
If we fail to comply with environmental requirements, our business, financial condition, operating results and reputation could be adversely affected.
We are subject to various environmental laws and regulations, including laws governing the hazardous material content of our products, laws relating to our real property and future expansion plans and laws concerning the recycling of electrical and electronic equipment. The laws and regulations to which we are subject include the EU RoHS Directive, EU Regulation 1907/2006 – Registration, Evaluation, Authorization and Restriction of Chemicals (the “REACH” Regulation) and the EU Waste Electrical and Electronic Equipment Directive (the “WEEE Directive”), as well as the implementing legislation of the EU member states. Similar laws and regulations have been passed or are pending in China, South Korea, Norway and Japan and may be enacted in other regions, including in the United States, and we are, or may in the future be, subject to these laws and regulations.
The EU RoHS Directive and the similar laws of other jurisdictions ban or restrict the presence of certain hazardous substances such as lead, mercury, cadmium, hexavalent chromium and certain fire-retardant plastic additives in electrical equipment, including our products. We have incurred costs to comply with these laws, including research and development costs, costs associated with assuring the supply of compliant components and costs associated with writing off scrapped noncompliant inventory. We expect to continue to incur costs related to environmental laws and regulations in the future. With respect to the EU RoHS, we and our competitors rely on exemptions for lead and other substances in network infrastructure equipment. It is possible one or more of these use exemptions will be revoked in the future. Additionally, although some of the EU RoHS exemptions have been extended, it is possible that some of these exemptions may expire in the future without being extended. If this exemption is revoked or expires without extension, if there are other changes to these laws (or their interpretation) or if new similar laws are passed in other jurisdictions, we may be required to re-engineer our products to use components compatible with these regulations. This re-engineering and component substitution could result in additional costs to us and/or disrupt our operations or logistics.
As part of the Circular Economy Action Plan, the European Commission amended the EU Waste Framework Directive (“WFD”) to include a number of measures related to waste prevention and recycling. Starting on January 5, 2021, we will be responsible for submitting product data to a database of hazardous substances known as the Substances of Concern In articles, as such and in complex objects (Products) database (the “SCIP database”). The SCIP database was established under the WFD and will be managed by the European Chemicals Agency. We expect to incur costs in order to comply with this new requirement.
The EU has also adopted the WEEE Directive, which requires electronic goods producers to be responsible for the collection, recycling and treatment of such products. Although currently our EU international channel partners are responsible for the requirements of this directive as the importer of record in most of the European countries in which we sell our products, changes in interpretation of the regulations may cause us to incur costs or have additional regulatory requirements in the future to meet in order to comply with this directive, or with any similar laws adopted in other jurisdictions.
Our failure to comply with these and future environmental rules and regulations could result in reduced sales of our products, increased costs, substantial product inventory write-offs, reputational damage, penalties and other sanctions.
Our inability to successfully acquire and integrate other businesses, products or technologies could seriously harm our competitive position.
In order to remain competitive, we may seek to acquire additional businesses, products, technologies or IP, such as patents. For example, we acquired OPAQ in July 2020 and Panopta in December 2020. For any possible future acquisitions, we may not be successful in negotiating the terms of the acquisition or financing the acquisition. For both our prior and future acquisitions, we may not be successful in effectively integrating the acquired business, product, technology or IP and sales force into our existing business and operations. We may have difficulty incorporating acquired technologies, IP or products with our existing product lines, integrating reporting systems and procedures, and maintaining uniform standards, controls, procedures and policies. For example, we may experience difficulties integrating an acquired company’s ERP or CRM systems, sales support and other processes and systems, with our current systems and processes. Our due diligence may fail to identify all of the problems, liabilities or other shortcomings or challenges of an acquired business, product or technology, including issues with IP, product quality or product architecture, regulatory compliance practices, revenue recognition or other accounting practices or employee or customer issues, and we may not accurately forecast the financial impact of an acquisition. In addition, any acquisitions we are able to complete may be dilutive to revenue growth and earnings and may not result in any synergies or other benefits we had expected to achieve, which could result in impairment charges that could be substantial. We may have to pay cash, incur debt or issue equity securities to pay for any acquisition, each of which could affect our financial condition or the value of our capital stock and could result in dilution to our stockholders. Acquisitions during a quarter may result in increased operating expenses and adversely affect our results of operations for that period or future periods compared to the results that we have previously forecasted or achieved. Further, completing a potential acquisition and integrating acquired businesses, products, technologies or IP could significantly divert management time and resources.
Risks Related to Finance, Accounting and Tax Matters
If our estimates or judgments relating to our critical accounting policies are based on assumptions that change or prove to be incorrect, our operating results could fall below expectations of securities analysts and investors, resulting in a decline in our stock price.
The preparation of financial statements in conformity with generally accepted accounting principles requires management to make estimates and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, as provided in “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Critical Accounting Policies and Estimates” in this Annual Report on Form 10-K, the results of which form the basis for making judgments about the carrying values of assets and liabilities that are not readily apparent from other sources. Our operating results may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our operating results to fall below the expectations of securities analysts and investors, resulting in a decline in our stock price. Significant assumptions and estimates used in preparing our consolidated financial statements include those related to revenue recognition, deferred contract costs and commission expense, valuation of inventory, accounting for business combination, contingent liabilities and accounting for income taxes.
We are exposed to fluctuations in currency exchange rates, which could negatively affect our financial condition and results of operations.
A significant portion of our operating expenses are incurred outside the United States. These expenses are denominated in foreign currencies and are subject to fluctuations due to changes in foreign currency exchange rates, particularly changes in the Euro, Canadian dollar and British pound. Additionally, fluctuations in the exchange rate of the Canadian dollar may negatively impact our development plans in Burnaby, Canada. While we are not currently engaged in material hedging activities, we have been hedging currency exposures relating to certain balance sheet accounts through the use of forward exchange contracts. If we stop hedging against any of these risks or if our attempts to hedge against these currency exposures are not successful, our financial condition and results of operations could be adversely affected. Our sales contracts are primarily denominated in U.S. dollars and therefore, while substantially all of our revenue is not subject to foreign currency risk, it does not serve as a hedge to our foreign currency-denominated operating expenses. In addition, a strengthening of the U.S. dollar may increase the real cost of our products to our customers outside of the United States, which may also adversely affect our financial condition and results of operations.
We could be subject to changes in our tax rates, the adoption of new U.S. or international tax legislation or exposure to additional tax liabilities.
We are subject to taxes in the United States and numerous foreign jurisdictions, where a number of our subsidiaries are organized. Our provision for income taxes is subject to volatility and could be adversely affected by several factors, many of which are outside of our control. These include:
•the mix of earnings in countries with differing statutory tax rates or withholding taxes;
•changes in the valuation of our deferred tax assets and liabilities;
•transfer pricing adjustments;
•an increase in non-deductible expenses for tax purposes, including certain stock-based compensation expense;
•changes in availability of tax credits and/or tax deductions;
•tax costs related to intercompany realignments;
•tax assessments resulting from income tax audits or any related tax interest or penalties that could significantly affect our provision for income taxes for the period in which the settlement takes place; and
•changes in accounting principles, court decisions, tax rulings, and interpretations of or changes to tax laws, and regulations by international, federal or local governmental authorities.
We have open tax years that could be subject to the examination by the Internal Revenue Service (the “IRS”) and other tax authorities. We currently have ongoing tax audits in the United Kingdom, Canada and several other foreign jurisdictions. The focus of all of these audits is the allocation of profit between our legal entities. We regularly assess the likelihood of adverse outcomes resulting from such examinations to determine the adequacy of our provision for income taxes. Although we believe that our estimates are reasonable, the ultimate tax outcome may differ from the amounts recorded in our consolidated financial statements and may materially affect our financial results.
We may undertake corporate operating restructurings or transfers of assets that involve our group of foreign country subsidiaries through which we do business abroad, in order to maximize the operational and tax efficiency of our group structure. If ineffectual, such restructurings or transfers could increase our income tax liabilities, and in turn, increase our global effective tax rate. Moreover, our existing corporate structure and intercompany arrangements have been implemented in a manner that we believe is in compliance with current prevailing tax laws. However, the tax authorities of the jurisdictions in which we operate may challenge our methodologies for valuing developed technology or intercompany arrangements, which could impact our worldwide effective tax rate and harm our financial position and operating results.
Significant judgment is required in determining any valuation allowance recorded against deferred tax assets. In assessing the need for a valuation allowance, we consider all available evidence, including past operating results, estimates of future taxable income and the feasibility of tax planning strategies. In the event that we change our determination as to the amount of deferred tax assets that can be realized, we will adjust our valuation allowance with a corresponding impact to the provision for income taxes in the period in which such determination is made.
Forecasting our estimated annual effective tax rate is complex and subject to uncertainty, and there may be material differences between our forecasted and actual tax rates.
Forecasts of our income tax position and effective tax rate are complex, subject to uncertainty and periodic updates because our income tax position for each year combines the effects of a mix of profits earned and losses incurred by us in various tax jurisdictions with a broad range of income tax rates, as well as changes in the valuation of deferred tax assets and liabilities, the impact of various accounting rules and changes to these rules and tax laws, the results of examinations by various tax authorities, and the impact of any acquisition, business combination or other reorganization or financing transaction. To forecast our global tax rate, we estimate our pre-tax profits and losses by jurisdiction and forecast our tax expense by jurisdiction. If the mix of profits and losses, our ability to use tax credits or effective tax rates in a given jurisdiction differs from our estimate, our actual tax rate could be materially different than forecasted, which could have a material impact on our results of business, financial condition and results of operations. Additionally, our actual tax rate may be subject to further uncertainty due to potential changes in U.S. and foreign tax rules.
As a multinational corporation, we conduct our business in many countries and are subject to taxation in many jurisdictions. The taxation of our business is subject to the application of multiple and sometimes conflicting tax laws and regulations, as well as multinational tax conventions. Our effective tax rate is highly dependent upon the geographic distribution of our worldwide earnings or losses, the tax regulations and tax holidays in each geographic region, the availability of tax credits and carryforwards and the effectiveness of our tax planning strategies. The application of tax laws and regulations is subject to legal and factual interpretation, judgment and uncertainty. Tax laws themselves are subject to change as a result of changes in fiscal policy, changes in legislation and the evolution of regulations and court rulings. Consequently, tax authorities may impose tax assessments or judgments against us that could materially impact our tax liability and/or our effective income tax rate.
The Organisation for Economic Co-operation and Development (the “OECD”), an international association comprised of 37 countries, including the United States, has issued and continues to issue guidelines and proposals that change various aspects of the existing framework under which our tax obligations are determined in many of the countries in which we do business. Due to our extensive international business activities, any changes in the taxation of such activities could increase our tax obligations in many countries and may increase our worldwide effective tax rate.
Risks Related to Ownership of ourOur Common Stock
As a public company, we are subject to compliance initiatives that will require substantial time from our management and result in significantly increased costs that may adversely affect our operating results and financial condition.
The Sarbanes-Oxley Act of 2002 (“Sarbanes-Oxley”), Dodd-Frank and other rules implemented by the SEC and The Nasdaq Stock Market impose various requirements on public companies, including requiring changes in corporate governance practices. These requirements, as well as proposed corporate governance laws and regulations under consideration, may further increase our compliance costs. If compliance with these various legal and regulatory requirements diverts our management’s attention from other business concerns, it could have a material adverse effect on our business, financial condition and results of operations. Sarbanes-Oxley requires, among other things, that we assess the effectiveness of our internal control over financial reporting annually, and of our disclosure controls and procedures quarterly. Although our most recent assessment, testing and evaluation resulted in our conclusion that, as of December 31, 2017,2020, our internal controls over financial reporting were effective, we cannot predict the outcome of our testing in 20182021 or future periods. We may incur additional expenses and commitment of management’s time in connection with further evaluations, both of which could materially increase our operating expenses and accordingly reduce our operating results.
Changes in financial accounting standards may cause adverse unexpected fluctuations and affect our reported results of operations.
A change in accounting standards or practices, and varying interpretations of existing or new accounting pronouncements, such as changes to standards related to revenue recognition, equity investment valuation (which became effective for us beginning on January 1, 2018) and accounting for leases (which will become effective for us on January 1, 2019), as well as the significant costs incurred that may be incurred to adopt and to comply with these new pronouncements, could have a significant effect on our reported financial results or the way we conduct our business. If we do not ensure that our systems and processes are aligned with the new standards, we could encounter difficulties generating quarterly and annual financial statements in a timely manner, which would have an adverse effect on our business, our ability to meet our reporting obligations and compliance with internal control requirements.
As a result of adopting and implementing the new revenue recognition standard, we will be required to change our accounting for commission expense. We will capitalize and amortize certain direct costs, such as commissions, over the expected period of benefit rather than expensing them as incurred. While the adoption of the new revenue recognition standard does not change the cash flows received from our contracts with customers, its adoption could have a material effect on our financial position or results of operations. Refer to Note 1 in the notes to our consolidated financial statements included in this Annual Report on Form 10-K for additional information on the new standard and its potential impact on us. The new revenue standard is principles based and interpretation of those principles may vary from company to company based on their unique circumstances. Management will make judgments and assumptions based on our interpretation of the new standard. It is possible that interpretation, industry practice and guidance may evolve as we work toward implementing the new revenue recognition standard. If our circumstances change or if actual circumstances differ from our assumptions, our operating result may be adversely affected and could fall below our publicly announced guidance or the expectations of securities analysts and investors, resulting in a decline in the market price of our common stock. Further, the new equity investment valuation standard, which requires most equity investments to be measured at fair value (with subsequent changes in fair value recognized in net income), may increase the volatility of our earnings.
If securities or industry analysts stop publishing research or publish inaccurate or unfavorable research about our business, our stock price and trading volume could decline.
The trading market for our common stock will depend in part on the research and reports that securities or industry analysts publish about us or our business. If we do not maintain adequate research coverage or if one or more of the analysts who cover us downgrades our stock or publishes inaccurate or unfavorable research about our business, our stock price could decline. If one or more of these analysts ceases coverage of our company or fails to publish reports on us regularly, demand for our stock could decrease, which could cause our stock price and trading volume to decline.
The trading price of our common stock may be volatile.
The market price of our common stock may be subject to wide fluctuations in response to, among other things, the risk factors described in this periodic report, news about us and our financial results, the impact of the COVID-19 pandemic, news about our competitors and their results, and other factors such as rumors or fluctuations in the valuation of companies perceived by investors to be comparable to us. For example, during 2017,2020, the closing price of our common stock ranged from $30.12$75.70 to $45.09$152.15 per share.
Furthermore, the stock markets have experienced price and volume fluctuations that have affected and continue to affect the market prices of equity securities of many companies. These fluctuations often have been unrelated or disproportionate to the operating performance of those companies. These broad market and industry fluctuations, as well as general economic, political and market conditions, such as recessions, interest rate changes or international currency fluctuations, may negatively affect the market price of our common stock.
In the past, many companies that have experienced volatility in the market price of their stock have been subject to securities class action litigation. We may be the target of this type of litigation in the future. Securities litigation against us could result in substantial costs and divert our management’s attention from other business concerns, which could seriously harm our business. In addition, the market price of our common stock and the market price of the common stock of many other companies have fallen significantly since the outbreak of the COVID-19 pandemic. The extent to which the COVID-19 pandemic may impact the market price of our common stock is unclear, and the market price of our common stock may fluctuate significantly as a result of the COVID-19 pandemic.
Share repurchases under our share repurchase programRepurchase Program (the “Repurchase Program”) could increase the volatility of the trading price of our common stock, and could diminish our cash reserves.reserves, could occur at non-optimal prices and may not result in the most effective use of our capital.
In 2017,July 2020, our board of directors approved thea $500.0 million increase in the aggregate authorized stock repurchase amount under our share repurchase program by $700.0 million,the Repurchase Program and extended the term of the Repurchase Program to February 28, 2022, bringing the total authorizationaggregate amount authorized to $1.0be repurchased to $3.0 billion. As of December 31, 2020, $1.01 billion remained available for future share repurchases under the Repurchase Program. Share repurchases under our share repurchase programthe Repurchase Program could affect the price of our common stock, increase stock price volatility and diminish our cash reserves. In addition, an announcement of the reduction, suspension or termination of our share repurchase programthe Repurchase Program could result in a decrease in the trading price of our common stock. Moreover, our stock price could decline, resulting in repurchases made at non-optimal prices. Our failure to repurchase our stock at optimal prices may be perceived by investors as an inefficient use of our cash and cash equivalents, which could result in litigation that may have an adverse effect on our business, operating results and financial condition. In addition, while our board of directors carefully considers various alternative uses of our cash and cash equivalents in determining whether to authorize stock repurchases, there can be no assurance that the decision by our board of directors to repurchase stock would result in the most effective uses of our cash and cash equivalents, and there may be alternative uses of our cash and cash equivalents that would be more effective, such as investing in growing our business organically or through acquisitions.
Anti-takeover provisions contained in our certificate of incorporation and bylaws, as well as provisions of Delaware law, could impair a takeover attempt.
Our certificate of incorporation, bylaws and Delaware law contain provisions that could have the effect of rendering more difficult, delaying or preventing an acquisition deemed undesirable by our board of directors. Our corporate governance documents include provisions:
providing for a classified board of directors whose members serve staggered three-year terms;
•authorizing “blank check” preferred stock, which could be issued by the board without stockholder approval and may contain voting, liquidation, dividend and other rights superior to our common stock;
•limiting the liability of, and providing indemnification to, our directors and officers;
limiting the ability of our stockholders to call and bring business before special meetings;
•requiring advance notice of stockholder proposals for business to be conducted at meetings of our stockholders and for nominations of candidates for election to our board of directors;
•providing that certain litigation matters may only be brought against us in state or federal courts in the State of Delaware;
•controlling the procedures for the conduct and scheduling of board and stockholder meetings; and
•providing the board of directors with the express power to postpone previously scheduled annual meetings and to cancel previously scheduled special meetings.
These provisions, alone or together, could delay or prevent hostile takeovers and changes in control or changes in our management.
In addition, our amended and restated bylaws provide that unless we consent in writing to the selection of an alternative forum, to the fullest extent permitted by law, the federal district courts of the United States shall be the exclusive forum for the resolution of any complaint asserting a cause of action arising under the Securities Act of 1933, as amended. Any person or entity purchasing or otherwise acquiring any interest in any of our securities shall be deemed to have notice of and consented to this provision. This provision, as well as provisions providing that certain litigation matters may only be brought against us in state or federal courts in the State of Delaware, may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or any of our directors, officers or other employees, which may discourage lawsuits against us and our directors, officers and other employees.
As a Delaware corporation, we are also subject to provisions of Delaware law, including Section 203 of the Delaware General Corporation law,Law, which prevents some stockholders holding more than 15% of our outstanding common stock from engaging in certain business combinations without approval of the holders of a substantial majority of all of our outstanding common stock.
Any provision of our certificate of incorporation, or bylaws or Delaware law that has the effect of delaying or deterring a change in control could limit the opportunity for our stockholders to receive a premium for their shares of our common stock, and could also affect the price that some investors are willing to pay for our common stock.
However, these anti-takeover provisions will not have the effect of preventing activist stockholders from seeking to increase short-term stockholder value through actions such as nominating board candidates and requesting that we pursue strategic combinations or other transactions. These actions could disrupt our operations, be costly and time-consuming and divert the attention of our management and employees. In addition, perceived uncertainties as to our future direction as a result of activist stockholder actions could result in the loss of potential business opportunities, as well as other negative business consequences. Actions of an activist stockholder may also cause fluctuations in our stock price based on speculative market perceptions or other factors that do not necessarily reflect our business. Further, we may incur significant expenses in retaining professionals to advise and assist us on activist stockholder matters, including legal, financial, communications advisors and solicitation experts, which may negatively impact our future financial results.
General Risks
Global economic uncertainty and weakening product demand caused by political instability and conflict could adversely affect our business and financial performance.
Economic uncertainty in various global markets caused by political instability and conflict and economic challenges caused by the COVID-19 pandemic has resulted, and may continue to result, in weakened demand for our products and services and difficulty in forecasting our financial results and managing inventory levels. Political developments impacting government spending and international trade, including potential government shutdowns and election year instability in the United States and trade disputes and tariffs, may negatively impact markets and cause weaker macro-economic conditions. The effects of these events may continue due to potential U.S. government shutdowns and the transition in administrations, and the United States’ ongoing trade disputes with China and other countries. The continuing effect of any or all of these events could adversely impact demand for our products, harm our operations and weaken our financial results.
Our business is subject to the risks of earthquakes, fire, power outages, typhoon, floods, virus outbreaks and other broad health-related challenges and other catastrophic events, and to interruption by manmade problems such as civil unrest, labor disruption, critical infrastructure attack and terrorism.
A significant natural disaster, such as an earthquake, fire, power outage, flood, viral outbreak or other catastrophic event, could have a material adverse impact on our business, operating results and financial condition. Our corporate headquarters are located in the San Francisco Bay Area, a region known for seismic activity, and our research and development and data center in Burnaby, Canada, from which we deliver to customers our FortiGuard and other security subscription updates, is subject to the risk of flooding and is also in a region known for seismic activity. Any earthquake in the Bay Area or Burnaby, or flooding in Burnaby, could materially negatively impact our ability to provide products and services, such as FortiCare support and FortiGuard subscription services and could otherwise materially negatively impact our business. In addition, natural disasters could affect our manufacturing vendors, suppliers or logistics providers’ ability to perform services, such as obtaining product components and manufacturing products, or performing or assisting with shipments, on a timely basis, as well as our customers’ ability to order from us and our employees’ ability to perform their duties. For example, a typhoon in Taiwan could materially negatively impact our ability to ship products and could result in delays and reductions in billings and revenues, and the COVID-19 pandemic will negatively impact our ability to manufacture and ship products,
possibly in a material way, and could result in delays and reductions in billings and revenues, also possibly in a material way. In the event our or our service providers’ information technology systems or manufacturing or logistics abilities are hindered by any of the events discussed above, shipments could be delayed, resulting in our missing financial targets, such as revenue and shipment targets, for a particular quarter. In addition, regional instability, civil unrest, labor disruptions, acts of terrorism and other geo-political unrest could cause disruptions in our business or the business of our manufacturers, logistics providers, partners or end-customers, or of the economy as a whole. Given our typical concentration of sales at the end of each quarter, any disruption in the business of our manufacturers, logistics providers, partners or end-customers that impacts sales at the end of our quarter could have a significant adverse impact on our quarterly results. To the extent that any of the above results in security risks to our customers, delays or cancellations of customer orders, the delay of the manufacture, deployment or shipment of our products or interruption or downtime of our services, our business, financial condition and results of operations would be adversely affected.
Changes in financial accounting standards may cause adverse unexpected fluctuations and affect our reported results of operations.
A change in accounting standards or practices, and varying interpretations of existing or new accounting pronouncements, such as changes to standards related to accounting for credit losses on financial instruments (which became effective for us on January 1, 2020), as well as significant costs incurred or that may be incurred to adopt and to comply with these new pronouncements, could have a significant effect on our reported financial results or the way we conduct our business. If we do not ensure that our systems and processes are aligned with the new standards, we could encounter difficulties generating quarterly and annual financial statements in a timely manner, which could have an adverse effect on our business, our ability to meet our reporting obligations and compliance with internal control requirements.
Management will continue to make judgments and assumptions based on our interpretation of new standards. If our circumstances change or if actual circumstances differ from our assumptions, our operating results may be adversely affected and could fall below our publicly announced guidance or the expectations of securities analysts and investors, resulting in a decline in the market price of our common stock. Further, equity investments are required to be measured at fair value (with subsequent changes in fair value recognized in net income), which may increase the volatility of our earnings.
ITEM 1B. Unresolved Staff Comments
Not applicable.
ITEM 2. Properties
Our corporate headquarters is located in Sunnyvale, California and comprises approximately 162,000160,000 square feet of office and building space.space on ten acres of land. In 2019, we began construction on a second building of approximately 170,000 square feet that will serve as the cornerstone of our headquarters campus. Along with our corporate headquarters, as of December 31, 2017,2020, we also ownedown approximately 200,000 square feet in Union City, California used as a distribution facility;manufacturing assembly and operations center; approximately 135,000 square feet of buildings adjacent to our corporate headquarters intended to support growth in our business operations; approximately 340,000375,000 square feet of office and building space in Burnaby and Ottawa, Canada used for operations, support and research and development work; and 40,000 square feet of office space in Sophia,Valbonne, France predominantly used as a sales and support office.
We maintain additional leased offices throughout the United Statesworld, predominantly used as sales and various international locations, including Singapore, Japan, France, India, China, the United Kingdom, Mexico and Germany.support offices. We believe that our existing properties are sufficient and suitable to meet our current needs. We intend to expand our facilities or add new facilities as we add employees and enter new geographic markets, and we believe that suitable additional or alternative space will be available as needed to accommodate ongoing operations and any such growth. However, we expect to incur additional operating expenses and capital expenditures in connection with such new or expanded facilities.
For information regarding the geographical location of our property and equipment, see Note 1417 to our consolidated financial statements in Part II, Item 8 of this Annual Report on Form 10-K.
ITEM 3. Legal Proceedings
We are subject to various claims, complaints and legal actions that arise from time to time in the normal course of business. We accrue for contingencies when we believe that a loss is probable and that we can reasonably estimate the amount of any such loss. There can be no assurance that existing or future legal proceedings arising in the ordinary course of business or otherwise will not have a material adverse effect on our business, consolidated financial position, results of operations or cash flows.
In October 2016, we received a letter from the United States Attorney's Office for the Northern District of California requesting information relating to our compliance with the Trade Agreements Act. We have been fully cooperating with this ongoing inquiry and have periodically met and spoken with the United States Attorney’s Office in connection with this matter.
ITEM 4. Mine Safety Disclosure
Not applicable.
Part II
| |
ITEM 5. | Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities |
ITEM 5. Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities
Common Stock
Our common stock is traded on The Nasdaq Global Select Market under the symbol “FTNT.” The following table sets forth, for the time periods indicated, the high and low closing sales price of our common stock, as reported on the Nasdaq Global Select Market.
|
| | | | | | | | | | | | | | | |
| 2017 | | 2016 |
| High | | Low | | High | | Low |
Fourth Quarter | $ | 45.09 |
| | $ | 36.35 |
| | $ | 36.94 |
| | $ | 28.61 |
|
Third Quarter | $ | 41.10 |
| | $ | 35.84 |
| | $ | 37.17 |
| | $ | 31.57 |
|
Second Quarter | $ | 40.97 |
| | $ | 37.20 |
| | $ | 34.78 |
| | $ | 28.79 |
|
First Quarter | $ | 38.35 |
| | $ | 30.12 |
| | $ | 30.63 |
| | $ | 23.83 |
|
Holders of Record
As of February 16, 2018,12, 2021, there were 5743 holders of record of our common stock. A substantially greater number of holders of our common stock are “street name” or beneficial holders, whose shares are held by banks, brokers and other financial institutions.
Dividends
We have never declared or paid cash dividends on our capital stock. We do not anticipate paying any cash dividends in the foreseeable future. Any future determination to declare cash dividends will be made at the discretion of our board of directors and will depend on our financial condition, operating results, capital requirements, general business conditions and other factors that our board of directors may deem relevant.
Securities Authorized for Issuance Under Equity Compensation Plans
Information responsive to this item is incorporated herein by reference to our definitive proxy statement with respect to our 2021 Annual Meeting of Stockholders to be filed with the Securities and Exchange Commission (the “SEC”) within 120 days after the end of the fiscal year covered by this Annual Report on Form 10-K.
Stock Performance Graph
This performance graph shall not be deemed “filed” for purposes of Section 18 of the Securities and Exchange Act of 1934 (the “Exchange Act”), or incorporated by reference into any filing of Fortinet under the Securities Act of 1933, as amended (the “Securities Act”Act”), or the Exchange Act, except as shall be expressly set forth by specific reference in such filing.
The following graph compares the cumulative five-year total return for our common stock, the NASDAQ CompositeStandard & Poor’s 500 Stock Index (the “S&P 500 Index”) and the NASDAQ Computer Index. Such returns are based on historical results and are not intended to suggest future performance. Data for the NASDAQ CompositeS&P 500 Index and the NASDAQ Computer Index assume reinvestment of dividends. We have never declared or paid cash dividends on our capital stock, nor do we anticipate paying any such cash dividends in the foreseeable future.
COMPARISON OF CUMULATIVE TOTAL RETURN*
Among Fortinet, Inc., The NASDAQ Compositethe S&P 500 Index and
Thethe NASDAQ Computer Index
|
| | | | | | | | | | | | | | | | | | | | | | | | |
| | December 2012 * | | December 2013 | | December 2014 | | December 2015 | | December 2016 | | December 2017 |
Fortinet, Inc. | | $ | 100 |
| | $ | 91 |
| | $ | 146 |
| | $ | 148 |
| | $ | 143 |
| | $ | 208 |
|
NASDAQ Composite | | $ | 100 |
| | $ | 138 |
| | $ | 157 |
| | $ | 166 |
| | $ | 178 |
| | $ | 229 |
|
NASDAQ Computer | | $ | 100 |
| | $ | 132 |
| | $ | 158 |
| | $ | 168 |
| | $ | 189 |
| | $ | 262 |
|
________________
* Assumes that $100 was invested on December 31, 2012 in stock or index, including reinvestment of dividends. Stockholder returns over the indicated period should not be considered indicative of future stockholder returns. | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| | December 2015 * | | December 2016 | | December 2017 | | December 2018 | | December 2019 | | December 2020 |
Fortinet, Inc. | | $ | 100 | | | $ | 97 | | | $ | 140 | | | $ | 226 | | | $ | 343 | | | $ | 477 | |
S&P 500 Index | | $ | 100 | | | $ | 110 | | | $ | 131 | | | $ | 123 | | | $ | 158 | | | $ | 184 | |
NASDAQ Computer | | $ | 100 | | | $ | 112 | | | $ | 156 | | | $ | 150 | | | $ | 226 | | | $ | 338 | |
* Assumes that $100 was invested on December 31, 2015 in stock or index, including reinvestment of dividends. Stockholder returns over the indicated period should not be considered indicative of future stockholder returns. |
Sales of Unregistered Securities
None.
Purchases of Equity Securities by the Issuer and Affiliated Purchasers
Share Repurchase Program
In January 2016, our board of directors approved aour Share Repurchase Program (the “Repurchase Program”), which authorized the repurchase of up to $200.0 million of our outstanding common stock through December 31, 2017. InFrom 2016 and 2017,through 2019, our board of directors approved the increases in the aggregateauthorized repurchase amount under theto our Repurchase Program by $100.0 million and $700.0 million, respectively,various amounts, bringing the totalaggregated amount authorized to $1.0 billion through January 31, 2019.$2.5 billion. In July 2020, our board of directors approved a $500.0 million increase and extended the term to February 28, 2022, bringing the aggregate amount authorized to be repurchased to $3.0 billion. Under the Repurchase Program, share repurchases may be made by us from time to time in privately negotiated transactions or in open market transactions. The Repurchase Program does not require us to purchase a minimum number of shares, and may be suspended, modified or discontinued at any time without prior notice. Since its inception, we have repurchased 32.5 million shares of our common stock under the Repurchase Program for an aggregate purchase price of $2.0 billion.
The following table provides information with respect to the shares of common stock we repurchased during the three months ended December 31, 20172020 (in thousands,millions, except share and per share amounts):
| | | | | | | | | | | | | | | | | | | | | | | | | | |
| | Total Number of Shares Purchased | | Average Price Paid per Share | | Total Number of Shares Purchased as Part of Publicly Announced Plans or Programs | | Approximate Dollar Value of Shares that May Yet Be Purchased Under the Plans or Programs |
October 1 - October 31, 2020 | | — | | | $ | — | | | — | | | $ | 1,046.8 | |
November 1 - November 30, 2020 | | 0.3 | | | 115.33 | | | 0.3 | | | 1,012.7 | |
December 1 - December 31, 2020 | | — | | | $ | — | | | — | | | $ | 1,012.7 | |
Total | | 0.3 | | | | | 0.3 | | | |
ITEM 6. Selected Financial Data