Due to the expansion of our international business activities, any changes in the U.S. taxation of such activities may increase our worldwide effective tax rate, and adversely affect our financial position and results of operations. Further, other foreign governments may enact tax laws in response to the TCJA that could result in further changes to global taxation and materially affect our financial position and results of operations. The impact of the TCJA on holders of our securities remains uncertain. We therefore recommend our shareholders consult with their legal and tax advisors with respect to such legislation and the potential tax consequences.
If we are unable to realize our investment objectives, our financial condition and results of operations may be adversely affected.
We maintain substantial balances of cash and liquid investments as strategic assets for purposes of acquisitions and general corporate purposes, including share repurchases. Our cash, cash equivalents, short- and long-term bank deposits and marketable securities totaled $432.0 million as of December 31, 2022, compared to $465.8 million as of December 31, 2021, compared with $448.8 million as of December 31, 2020.2021. The performance of the capital markets is the primary factor that affects the values of funds that are held in marketable securities. While we believe we have taken a conservative approach in our investments, by investing the majority of our debt marketable securities portfolio at securities that are rated A- or higher, these assets are subject to market fluctuations and various developments, including, without limitation, rating agency downgrades that may impair their value. We expect that market conditions will continue to fluctuate and that the fair value of our investments may be affected accordingly, including, without limitation, by the economic effects of the COVID-19 pandemic.
Financial income is a component of our net income and the outlook for our financial income is dependent, in part, on the future direction of interest rates, exchange rates, the amount of any share repurchases or acquisitions that we make and the amount of cash flows from operations that are available for investment. For example, for the years ended December 31, 20212022 and 2020,2021, we had $4.4$8.1 million and $7.8$4.4 million, respectively, of net financial income, that was primarily derived from the value of our investments. The performance of the capital markets affects the values of our funds that are held in marketable securities. These assets are subject to market fluctuations and will yield uncertain returns. Due to certain market developments, including investments’ rating downgrades, the fair value of these investments may decline. If market conditions continue to fluctuate, the fair value of our investments may be impacted accordingly. Although our investment guidelines stress diversification and capital preservation, our investments are subject to a variety of risks, including risks related to general economic conditions, interest rate fluctuations and market volatility.
In particular, our investment portfolios include a significant amount of interest rate-sensitive instruments, such as bonds, which, in addition to the inherent risk associated with the debt, may be adversely affected by changes in interest rates. Changes in interest rates and credit quality may also result in fluctuations in the income derived from, or the valuation of, our fixed income securities. Interest rates are highly sensitive to many factors, including governmental monetary policies, domestic and international economic and political conditions and other factors beyond our control. For example, benchmark interest rates, such as the U.S. Federal Funds Rate, are currently relatively low,high, which is likely to significantly impact our investment income. IncreasesAdditional increases in interest rates willmight decrease the value of our investments in fixed-income securities. If increases in interest rates occur during periods when we sell investments to satisfy liquidity needs, we may experience investment losses. Conversely, if interest rates decline, reinvested funds and our investment in bank deposits will earn less than expected.
In terms of credit risk, our investment portfolio policy is “buy and hold” while minimizing credit risk by setting maximum concentration limit per issuer and credit rating. Our investments consist primarily of government and corporate bonds and bank deposits. Although we believe that we generally adhere to conservative investment guidelines, if turmoil in the financial markets reoccurs in the future, it may result in impairments of the carrying value of our investment assets since we classify our investments in marketable securities as available-for-sale. Changes in the fair value of investments classified as available-for-sale are not recognized as income (loss) during the period, but rather are recognized as a separate component of equity until realized. Realized losses in our investments portfolio may adversely affect our financial position and results. For example, if we had reported all the changes in the fair values of our investments into income (loss), our reported net loss would have increased by $4.4 million during the year ended December 31, 2022, and our net income would have decreased by $0.5 million during the year ended December 31, 2021 and would have increased by $1.5 million during the year ended December 31, 2020.2021. Any significant decline in our financial income or the value of our investments as a result of continued lowhigh interest rates, deterioration in the credit worthiness of the securities in which we have invested, general market conditions or other factors could have an adverse effect on our results of operations and financial condition.
We rely on information systems to conduct our businesses, and failure to protect these systems against security breaches and otherwise to implement, integrate, upgrade and maintain such systems in working order could have a material adverse effect on our results of operations, cash flows or financial condition.
The efficient operation of our businesses depends on our computer hardware and software systems. For instance, we rely on information systems to process customer orders, manage accounts receivable collections, manage accounts payable processes, track costs and operations, maintain client relationships and accumulate financial results. Despite our implementation of industry-accepted security measures and technology, our information systems are vulnerable to, and have been in the past subject to, computer viruses, attempts to insert malicious codes, unauthorized access, phishing efforts, denial-of-service attacks and other cyber-attacks, and we expect to be subject to similar attacks in the future as such attacks become more sophisticated and frequent. A breach of our information systems could result in decreased performance, operational difficulties and increased costs, any of which could have a material adverse effect on our business and operating results.
Major disruptions or deficiencies of our information systems could disrupt our operations and cause unanticipated increases in our costs.
We have invested, and intend to continue to invest, significant capital and human resources in our information systems, including in a project for company-wide sales, operations and services support systems. Any major disruptions or deficiencies in the design and implementation of our information systems, particularly those that impact our operations, could adversely affect our ability to process customer orders, ship products, provide services and support to our customers, bill and track our customers, timely report our financial results and otherwise run our business.
Our business may be affected by sanctions, export controls and similar measures targeting Russia and other countries and territories as well as other responses to Russia’s military conflict in Ukraine, including indefinite suspension of operations in Russia and dealings with Russian entities by many multi-national businesses across a variety of industries.
As a result of Russia’s military conflict in Ukraine, governmental authorities in the United States, the European Union and the United Kingdom, among others, launched an expansion of coordinated sanctions and export control measures, including:
blocking sanctions on some of the largest state-owned and private Russian financial institutions (and their subsequent removal from SWIFT);
| • | blocking sanctions against Russian and Belarusian individuals, including the Russian President, other politicians and those with government connections or involved in Russian military activities; |
blocking sanctions against Russian and Belarusian individuals, including the Russian President, other politicians and those with government connections or involved in Russian military activities;- 30 -
blocking sanctions against certain Russian businessmen and their businesses, some of which have significant financial and trade ties to the European Union;
blocking of Russia’s foreign currency reserves and prohibition on secondary trading in Russian sovereign debt and certain transactions with the Russian Central Bank, National Wealth Fund and the Ministry of Finance of the Russian Federation;
expansion of sectoral sanctions in various sectors of the Russian and Belarusian economies and the defense sector;
United Kingdom sanctions introducing restrictions on providing loans to, and dealing in securities issued by, persons connected with Russia;
restrictions on access to the financial and capital markets in the European Union, as well as prohibitions on aircraft leasing operations;
sanctions prohibiting most commercial activities of U.S. and EU persons in Crimea and Sevastopol;
enhanced export controls and trade sanctions targeting Russia’s imports of technological goods as a whole, including tighter controls on exports and reexportsre-exports of dual-use items, stricter licensing policy with respect to issuing export licenses, and/or increased use of “end-use” controls to block or impose licensing requirements on exports, as well as higher import tariffs and a prohibition on exporting luxury goods to Russia and Belarus;
closure of airspace to Russian aircraft; and
ban on imports of Russian oil, liquefied natural gas and coal to the United States.
As the conflict in Ukraine continues, there can be no certainty regarding whether the governmental authorities in the United States, the European Union, the United Kingdom or other counties will impose additional sanctions, export controls or other measures targeting Russia, Belarus or other territories. Furthermore, in retaliation against new international sanctions and as part of measures to stabilize and support the volatile Russian financial and currency markets, the Russian authorities also imposed significant currency control measures aimed at restricting the outflow of foreign currency and capital from Russia, imposed various restrictions on transacting with non-Russian parties, banned exports of various products and other economic and financial restrictions.
Our business must be conducted in compliance with applicable economic and trade sanctions laws and regulations, including those administered and enforced by the U.S. Department of Treasury’s Office of Foreign Assets Control, the U.S. Department of State, the U.S. Department of Commerce, the United Nations Security Council and other relevant governmental authorities. We must be ready to comply with the existing and any other potential additional measures imposed in connection with the conflict in Ukraine. The imposition of such measures could adversely impact our business, including preventing us from performing existing contracts, recognizing revenue, pursuing new business opportunities or receiving payment for products already supplied or services already performed with customers.
In 2022 and 2021, 7% and 2020, 5% and 3%, respectively, of our total revenues were from sales to customers located in Russia. We continuously review and monitor our contractual relationships with suppliers and customers to establish whether any of them are the target of the applicable sanctions. In the event that we identify a party with which we have a business relationship that is the target of applicable sanctions, we would immediately activate a legal analysis of what gives rise to the business relationship, including any contract, to estimate the most appropriate course of action to comply with the sanction regulations, together with the impact of a contractual termination according to the applicable law, and then proceed as required by the regulatory authorities. However, given the range of possible outcomes, the full costs, burdens, and limitations on our and our customer’s and business partners’ businesses are currently unknown and may become significant.
Furthermore, even if an entity is not formally subject to sanctions, customers and business partners of such entity may decide to reevaluate or cancel projects with such entity for reputational or other reasons. As result of the ongoing conflict in Ukraine, many U.S. and other multi-national businesses across a variety of industries, including consumer goods and retail, food, energy, finance, media and entertainment, tech, travel and logistics, manufacturing and others, have indefinitely suspended their operations and paused all commercial activities in Russia and Belarus. Depending on the extent and breadth of sanctions, export controls and other measures that may be imposed in connection with the conflict in Ukraine, it is possible that our business, financial condition and results of operations could be materially and adversely affected.
Climate change may have an adverse impact on our business.
Global climate change may result in certain natural disasters occurring more frequently or with greater intensity, such as drought, wildfires, storms, sea-level rise, and flooding and many believe that the risks related to climate change are increasing in both impact and type of risk. While we do not believe there will be significant near-term impacts to our business and operations due to climate change, long-term impacts remain unknown. These include operational risks impacting, among other things, our supply chain, our personnel or electrical power availability from climate changed-related weather events as well as business and regulatory risks. For example, regulatory risks resulting from changes in laws and regulations on climate change may increase our compliance costs and limit our ability to operate. Similarly, the evolving customer and other stakeholder expectations and regulatory requirements to reduce carbon emissions could present a risk of loss of business if we are not able to meet those expectations or requirements.
Our disclosures and initiatives related to environmental, social and governance (ESG) matters expose us to numerous risks, including risks to our reputation, business, financial performance and growth.
There has been increasing public focus by investors, customers, environmental activists, the media and governmental and nongovernmental organizations on a variety of ESG matters, which may result in increased costs (including but not limited to increased costs related to compliance, stakeholder engagement, and contracting), impact our reputation, or otherwise affect our business performance. As we identify ESG topics for voluntary disclosure, we have expanded and, in the future, may continue to expand, our voluntary disclosures in these areas. Statements about our ESG initiatives and goals, and progress against those goals, may be based on standards for measuring progress that are still developing, internal controls and processes that continue to evolve, and assumptions that are subject to change in the future. If our ESG-related data, processes and reporting are incomplete or inaccurate, or if we fail to achieve progress with respect to our ESG goals on a timely basis, or at all, our reputation, business, financial performance and growth could be adversely affected. In addition, this emphasis on ESG matters has resulted and may result in the adoption of new laws and regulations, including new reporting requirements. If we fail to comply with new laws, regulations or reporting requirements, our reputation and business could be adversely impacted.
Risks Related to Operations in Israel
• | Political, economic and military instabilityin the Middle East or Israel may harm our business. |
The tax benefits we may receive in connection with our preferred enterprise program require us to satisfy prescribed conditions and may be terminated or reduced in the Market for Our Ordinary Sharesfuture. This would increase taxes and decrease our net profit.
Yehuda Zisapel,We have obtained benefits from the Israeli Innovation Authority that subject us to ongoing restrictions.
It may be difficult to enforce a U.S. judgment against us or our chairman of the board, Nava Zisapel,officers and Roy Zisapel, our President, Chief Executive Officer and director, may exert significant influence in the election of our directors and over the outcome of other matters requiring shareholder approval.to assert U.S. securities laws claims in Israel.
AsYour rights and responsibilities as a shareholder will be governed by Israeli law, which may differ in some respects from the rights and responsibilities of April 4, 2022, Yehuda Zisapel, the Chairmanshareholders of our Board of Directors, beneficially owned approximately 3.95% of our outstanding ordinary shares; Nava Zisapel, beneficially owned approximately 6.76% of our outstanding ordinary shares; and their son, Roy Zisapel, our President, Chief Executive Officer and director, beneficially owned approximately 3.21% of our outstanding ordinary shares (see Item 6.E “Share Ownership”). As a result, if these shareholders act together, they could exert significant influence on the election of our directors and on decisions by our shareholders on matters submitted to shareholder vote, including mergers, consolidations and the sale of all or substantially all of our assets. This concentration of ownership of our ordinary shares could delay or prevent proxy contests, mergers, tender offers, or other purchases of our ordinary shares that might otherwise give our shareholders the opportunity to realize a premium over the then-prevailing market price for our ordinary shares. This concentration of ownership may also adversely affect our share price.U.S. companies.
Provisions of our Articles of AssociationRisks Related to Our Business and Israeli law as well as the terms of our equity incentive plan could delay, prevent or make a change of control of us more difficult or costly, which could depress the price of our ordinary shares.Our Industry
The provisions inChanging or severe global economic conditions could have a material adverse effect on our Articlesresults of Association relating to the election of our directors in three staggered classes, the submission of shareholder proposals for shareholders meetingsoperations.
Our business is affected by global economic conditions, uncertainties and the quorum requirement for adjourned shareholder meetings may have the effect of delaying or making an unsolicited acquisition of our Company more difficult. Israeli corporate and tax laws,downturns, including the ability of our Board of Directors to adopt a shareholder rights plan without further shareholder approval, may also have the effect of delaying, preventing or making an acquisition of us more difficult. For example, under the Companies Law, upon the request of a creditor of either party to a proposed merger, an Israeli court may delay or prevent the merger if it concludes that there is a reasonable concern that, as a result of the merger,war in Ukraine (see the surviving companyrisk factor below titled “Our business may be affected by sanctions, export controls and similar measures targeting Russia and other countries and territories as well as other responses to Russia’s military conflict in Ukraine, including indefinite suspension of operations in Russia and dealings with Russian entities by many multi-national businesses across a variety of industries”), the tensions between China and Taiwan, the COVID-19 pandemic and record levels of inflation that have resulted in significant volatility and disruptions in the global economy, including central banks in the markets in which we operate that have tightened their monetary policies and raised interest rates, which may impact current and anticipated market demand for our solutions. Uncertainties about current global economic conditions continue to pose a risk as our current or prospective customers may postpone or reduce demand and spending priorities in response to such uncertainties. This could result in, among other things, a reduction in our revenues or a failure to achieve anticipated revenue growth, longer sales cycles, and slower adoption of new technologies as well as downward pressure on the price of our solutions. For example, the United States and Israel have recently experienced high levels of inflation. In the event inflation persists or continues to increase, as well as other macro conditions which may have other adverse effects on the economy, which are difficult to predict, such as instability of any bank with which we maintain a commercial relationship with, each of the above events could have a material adverse effect on our business, operating results and financial condition.
We depend upon independent distributors to sell our solutions to customers. If our distributors do not succeed in selling our products and services, we may not be able to operate profitably.
Our growth strategy depends upon, among other things, increasing sales of our solutions, both directly and indirectly through our different distribution channels. We sell our solutions primarily to independent distributors, including value added resellers (VARs), original equipment manufacturers (OEMs) and global system integrators (GSIs), and are highly dependent upon these distributors’ active marketing and sales efforts. Our distribution agreements with our distributors generally are non-exclusive, ranging in duration with no renewal obligation on the part of our distributors. Our distribution agreements also typically do not prevent our distributors from selling products and services of our competitors and do not contain minimum sales or marketing performance requirements. As a result, our distributors may give higher priority to products and services of our competitors or their own products, thereby reducing their efforts to sell our products and services. In addition, we may not be able to maintain our existing distribution relationships, and we may not be successful in replacing them on a timely basis, or at all. We may also need to develop new distribution channels for new products and services, and we may not succeed in doing so. Any changes in our distributor relationships or distribution channels, including a termination or other disruption of our commercial relationship with our distributors or our inability to establish distribution channels for new products and services, could impair our ability to sell our products and services and have a material adverse effect on our business, financial condition and results of operations.
We must manage our anticipated growth effectively in order to remain profitable.
We have actively expanded our operations in the past and may continue to expand them in the future in order to gain market share in the evolving market for cyber security and application delivery solutions. This expansion has required, and may continue to require, managerial, operational and financial resources.
In some cases, we may choose to increase our cost of operations at the expense of our short-term profitability in order to support future expansion and growth. We cannot assure you that we will continue to expand our operations successfully. If we are unable to manage our expanding operations effectively, our revenues may not increase or may decline, our cost of operations may increase, and we may not be profitable.
A shortage of components or manufacturing capacity could cause a delay in our ability to fulfill orders or increase our manufacturing costs, and any disruption in our supply chain could have a material adverse effect on our results of operations.
Our ability to meet customer demands depends in part on our ability to obtain timely deliveries of parts from our suppliers and contract manufacturers. We cannot assure you that we will not encounter supply and fulfilment issues in the future and certain components are presently available to us only from limited sources (see the risk factor below titled “We rely on a few vendors to provide our hardware platforms and components for the manufacture of our products”and the discussion under Item 4.B "Business Overview—Manufacturing and Suppliers"). We may not be able to diversify sources in a timely and cost-effective manner, which could harm our ability to deliver products to customers and adversely impact present and future sales and profitability.
We may experience a shortage of certain component parts as a result of our own manufacturing issues, manufacturing issues at our suppliers or contract manufacturers, capacity problems or transportation and freight carriers issues experienced by our suppliers or contract manufacturers, or strong demand in the industry for those parts, especially if there is growth in the overall economy. If there is growth in the economy, such growth is likely to create greater pressures on us and our suppliers to accurately project overall component demand and component demands within specific product categories and to establish optimal component levels. If shortages or delays persist, such as due to the worldwide chipset shortage, the price of these components may increase, or the components may not be available at all.
We may also encounter shortages if we do not accurately anticipate our needs. We may not be able to secure enough components at reasonable prices or of acceptable quality to build new products in a timely manner in the quantities or configurations needed. Accordingly, our revenues and gross margins could be materially and adversely affected until other sources can be developed.
In addition, our operating results could be materially and adversely affected if we anticipate greater demand than what transpires, and we commit to purchasing more components than we actually need. We see this specifically with respect to dated components, which we need to order in large quantities due to manufacturing stoppage. Due to technology advancements, we are required from time to time to make “last buy” type of stock purchases of such dated components for our legacy products.
Any disruption in our supply chain, such as disruptions resulting from failure in telecommunication systems; acts of war, terrorism, cyber-attacks or natural disasters, including major environmental or public health concerns, such as the COVID-19 pandemic (see the risk factor below titled “The COVID-19 pandemic has impacted and may continue to impact our business, operating results and financial condition”and the discussion under Item 4.B "Business Overview—Manufacturing and Suppliers"); lack of skilled labor; the disruption of transportation networks; and adverse weather conditions, could have a material adverse effect on our business, financial condition and results of operations.
The COVID-19 pandemic has impacted and may continue to impact our business, operating results and financial condition.
The COVID-19 pandemic has resulted in a widespread health crisis that has adversely affected businesses, economies and financial markets worldwide, placed constraints on the operations of businesses, caused disruptions in global supply chains, and decreased consumer mobility and activity. Our business has been affected in various ways, including in our sales and marketing, our supply chain and our employees.
At the same time, the COVID-19 pandemic has negatively impacted our business by causing some delays in purchasing decisions by some of our customers, and some difficulties in acquiring new customers given travel limitations and limits on in-person interactions with our customers and prospective customers, as well as some disruptions in our supply chain and delivery of products to customers. For example, circumstances related to the COVID-19 pandemic have triggered disruptions in global supply chains and interruptions and delays involving freight carriers that, in turn, have caused difficulties in timely obtaining components from our suppliers, as well as transportation of our products after manufacture to our customers.
The extent to which COVID-19 will continue to impact our business, financial condition or results of operations, will depend on future developments, which are uncertain and cannot be predicted.
We rely on a few vendors to provide our hardware platforms and components for the manufacture of our products.
We primarily rely on a few original design manufacturers, or ODMs, for the manufacture and supply of our hardware platforms, with approximately 88% of our direct product costs in 2022 related to these vendors. If we are unable to continue to acquire from these ODMs and/or other components vendors on acceptable terms or should any of these ODMs and/or components vendors cease to supply us with such platforms or components for any reason, we may not be able to identify and integrate an alternative source of supply in a timely fashion or at the same costs. Any transition to one or more alternate manufacturers could result in delays, operational problems and increased costs, and may limit our ability to deliver our products to our customers on time during such a transition period, any of which could have a material adverse effect on our business, financial condition and results of operations.
Our success depends on our ability to attract, train and retain highly qualified personnel.
Our products and services require sophisticated technology, marketing and sales expertise. Accordingly, we need highly trained research and development, sales, marketing, technical, customer support, operations and IT personnel. Competition for such qualified personnel, especially in the cyber security domain, is intense. In particular, while there has been intense competition for such qualified personnel in the Israeli high-tech industry historically, the industry experienced record growth and activity in 2021 and 2022, which contributed to significant levels of employee attrition and is currently facing a severe shortage of skilled human capital, including qualified personnel in the cyber security domain. In addition, while we utilize non-competition agreements with our employees as a means of improving our employee retention, we may be unable to satisfyenforce these agreements under applicable laws. In light of the obligationsforegoing, we may not be able to hire or retain sufficient personnel to support our business operations or, if we do, we may be required to offer increased compensation to attract such employees, which could have a material adverse effect on our business, financial condition and results of operations.
Competition in the market for cyber security and application delivery solutions and in our industry, in general, is intense. If we are unable to compete effectively, we may lose market share, and we may be unable to maintain profitability.
The cyber security and application delivery solutions marketplace is highly competitive and has very few barriers to entry, particularly in our focus areas. We expect competition to intensify in the future, and we may lose market share if we are unable to compete effectively.
Most of our competitors have greater financial, personnel and other resources than we have, which may limit our ability to effectively compete with them. We expect to continue to face additional competition as new participants enter the market or extend their portfolios into related technologies. Current and future participants may also be able to respond more quickly to new or emerging technologies and changes in customer demands and to devote greater resources to the development, promotion and sale of their products than we can. Larger companies with substantial resources, brand recognition and sales channels may form consolidation and alliances with or acquire competing cyber security and application delivery solutions and emerge as significant competitors.
Competition may result in lower prices or reduced demand for our solutions and a corresponding reduction in our ability to recover our costs, which may impair our ability to achieve, maintain and increase profitability. Furthermore, the dynamic market environment poses a challenge in predicting market trends and expected growth. We cannot assure you that we will be able to implement our business strategy in a manner that will allow us to be competitive. If any of our competitors offer products or services that are more competitive than ours, we could lose market share and our business, financial condition and results of operations could be materially and adversely affected as a result.
We must develop new solutions and enhance existing solutions to remain competitive.
The market for cyber security and application delivery solutions is characterized by rapid technological changes, driven primarily by accelerated digital transformation including a dramatic increase in work from home initiatives, a rapid shift to online business activity, and increased migration to cloud environments. Such technological changes and transformations are accompanied by, in addition to a rapidly evolving and active cyber threat landscape, changes in application infrastructure tools and increasingly demanding compliance mandates. The challenges we face include:
increasing throughput, capacity, performance and efficiency of our core products, to cope with growing velocity and complexity of attacks;
adapting to fundamental changes in our customers’ data centers’ infrastructure and changes in the partieslocations of applications and data by offering relevant solutions for multi-clouds and hybrid cloud environments;
offering new solutions to adapt to the merger.changes in applications’ deployment frameworks, workflows and architectures, massive usage of Application Programming Interface (API) stacks and new edge delivery technologies in response to the rise of modern applications buildup and delivery requirements;
adapting to changes in the cyber threat landscape, by extending our security coverage to include cloud-native attacks (cloud access management and workloads), application level attacks, usage of open source third-party libraries, encrypted attacks, automated attacks and edge/client delivery related attacks;
developing and enhancing our cloud and virtual offerings and expanding our managed security services capabilities to address the industry trend of providing services for the cloud and through the cloud – organically and inorganically; and
increasing our support offerings to address the industry trend of increased customer reliance on third-party provided or managed information technology services.
In order to meet these challenges and remain competitive in the market, we have introduced, and must continue to introduce, new solutions and enhancements to our existing solutions. Accordingly, our future success will depend, to a substantial extent, on our ability to accurately and timely identify market trends and anticipate changing market requirements and needs; to invest (including through acquisition of complimentary solutions) in research and development and timely develop, introduce and support relevant and desired new solutions and enhancements; and to gain market acceptance of our offerings. There can be no assurances that our continued investment in research and development, including associated capital expenditures, will ultimately allow us to remain competitive in our industry or otherwise result in successful solutions that generate expected sales and support our growth. In addition, diversifying our Key Employee Share Incentive Plan (1997), as amended,solution portfolio might expose us to direct competition with new players and might require additional investments in the associated sales and marketing practices.
If our research and development efforts do not lead to a corresponding increase in our revenues, if we fail to timely develop and deploy new solutions and enhancements to our existing solutions, or the Share Incentive Plan provides that,if we fail to gain market acceptance of our new solutions or enhanced solutions, our business, operating results and financial condition could be materially adversely affected.
Our reputation and business could be harmed based on real or perceived shortcomings, defects or vulnerabilities in our solutions or if our end-users experience security breaches, which could have a material adverse effect on our business, reputation and operating results.
Any errors, defects, or misconfigurations could cause our solutions to not meet specifications, be vulnerable to security attacks or fail to secure networks or applications which could negatively impact customer operations and consequently harm our business and reputation. In addition, we may suffer significant adverse publicity and reputational harm and become subject to regulatory and litigation claims if our solutions are associated, or are believed to be associated with, or fail to reasonably protect against, a security attack or a breach at a high-profile customer, a significant customer base or a significant business partner. Many of our customers and business partners are themselves highly regulated entities, which may result in enhanced scrutiny of our security program and controls in the event of a “Hostile Takeover” (whichsignificant cybersecurity incident. Moreover, any actual or perceived cyber-attack, other security breach, exposure or theft of our or our customers’ data, regardless of whether the breach or theft is definedattributable to the failure of our solutions, could:
adversely affect the market’s perception of our security solutions,
cause current or potential customers to look to our competitors for alternatives,
require us to expend significant financial resources to analyze, correct or eliminate any vulnerabilities, and
lead to investigations, litigation, fines and penalties, any of which could have a material adverse effect on our operations, financial condition and reputation.
Cyber-attackers or other malicious actors are increasingly sophisticated, may be state actors or affiliated with organized crime, and may operate large-scale and complex automated attacks. In addition, the techniques they use to access or sabotage networks or applications or to disrupt operations (for example, via ransomware) change frequently and generally are not recognized until launched against a target. As a result, our solutions may be unable to anticipate these techniques and provide timely or effective protection to our end-users’ networks or applications, particularly due to the increased use by attackers of tools and techniques that are designed to circumvent security controls, to avoid detection and to remove or obfuscate evidence. The global marketplace also expects actors to increasingly develop innovative attack methodologies utilizing artificial intelligence to identify and exploit vulnerabilities from both technical and social engineering perspectives. In addition, the COVID-19 pandemic significantly impact online behavior and the continued remote and hybrid working arrangements may affect the security of businesses and individuals (for example, due to the prevalence of vulnerabilities inherent in non-corporate and home networks), and we have observed a significant increase in cyberattack activity since the beginning of the pandemic that has also continued. If we fail to identify and respond to new and increasingly complex methods of attack or to update our solutions to detect or prevent such threats in time to protect our end-users’ critical business data, the integrity of our solutions and reputation, as well as our business and operating results, could suffer.
Furthermore, security breaches or defects in our solutions could result in loss or alteration of, or unauthorized access to, customers’ data and compromise our customers’ networks and applications that are secured by our physical and cloud solutions. If such a security breach results in the disruption or loss of availability, integrity or confidentiality of customers’ data, we could incur significant liability to our customers and to businesses or individuals whose information was being handled by our customers, in addition to regulatory agencies. There can be no assurance that limitation of liability, indemnification or other protective provisions that we attempt to include in our contracts would be applicable, enforceable or adequate in connection with a security breach, or would otherwise protect us from any such liabilities or damages with respect to any particular claim.
There is no guarantee that our solutions will be free of flaws or vulnerabilities. Our end-users may also misuse our solutions, which could result in vulnerabilities to a breach or theft of business data.
As a security provider, if our internal network system is compromised by cyber-attackers or other malicious actors, or by a critical system failure, our reputation, financial condition and operating results could be materially adversely affected.
We will not succeed with our application and network security solutions unless the marketplace is confident that we provide effective cyber security protection. We provide security solutions, and as a result, we have been, and continue to be, an attractive target of cyber-attacks and other security incidents, which we have experienced from time to time, that are aimed at our own internal systems and network environment. We are subject to many different types of attacks, including, among others, malware, viruses and attachments to e-mails, web application attacks, e-mails, web application attacks, Distributed Denial of Service (DDoS) attacks and other disruptive activities of individuals or groups, all of which are designed to impede the performance of our solutions, penetrate our network security or the security of our cloud platform or our internal systems, misappropriate proprietary and other information and/or cause other interruptions to our services. Furthermore, third parties may attempt to illegally induce employees or customers into disclosing our proprietary information or otherwise compromising the security of our internal networks, systems or physical facilities in order to gain access to our data or our customers’ data. An actual or perceived breach of security in our internal systems could adversely affect the integrity and market perception of our solutions. Furthermore, the costs to eliminate or address security threats and vulnerabilities before or after a cyber-security incident and any resulting regulatory or litigation actions could be significant.
We rely on third-party service providers to supply physical hosting, cloud environments and specific support technologies in order to deliver and support our security solutions, in addition to internal functions, such as human resources, finance, and electronic communications, all of which are designed to enable us to conduct, monitor and/or protect our business, operations, systems and data assets. Such third-party service providers have from time to time been subject to, and continue to be subject to, cyber-attacks, malicious actors and other security incidents. While we periodically evaluate the internal security posture of each third-party service provider to determine their level of compliance, we may not be able to detect any breach in the first instance it occurs. These risks may impact the integrity and availability of our solutions and may expose us to legal and reputational liability.
Remediation efforts or system redundancy or other continuity measures may be ineffective or inadequate and could result in interruptions, delays or cessation of service and loss of existing or potential customers. There can be no assurance that limitation of liability, indemnification or other protective provisions in our contracts would be applicable, enforceable or adequate in connection with a security breach, or would otherwise protect us from any such liabilities or damages with respect to any particular claim. Additionally, our professional, product and cyber liability insurance coverages may only cover certain liabilities in connection with a security breach or other security incident and may not adequately cover all liabilities actually incurred, and we cannot assure you that insurance will continue to be available to us on commercially reasonable terms, if at all, or that any insurer will not deny coverage as to any future claim.
In addition, any such security breach could disrupt or impair our ability to operate our business, including our ability to provide maintenance and support services to our customers. If this happens, our revenues could decline and our reputation and business could suffer.
Outages, interruptions or delays in hosting services could impair the delivery of our cloud-based security services and harm our business.
We offer infrastructure that supports our DDoS Protection services, web application firewall (WAF) and bot management cloud-based services. In addition, we provide other services through the cloud, such as Content Delivery Network (CDN). Despite precautions taken within our own internal network and at these third-party facilities, the occurrence of a natural disaster or an act of terrorism or other unanticipated problems could result in lengthy interruptions in our services.
The cloud-based security services that we provide are operated from a network of third-party facilities that host the software and systems that operate these security services. Any damage to, failure of, or significant disruptions (for example, due to ransomware) to, our internal systems or systems at third-party hosting facilities could result in outages or interruptions in our cloud-based services. Outages or interruptions in our cloud-based security services, whether as a result of impacts to our or our third-party hosting facilities or otherwise, may cause our customers to experience cyber-attacks and to believe that our cloud-based security services are unreliable, cause us to issue credits or pay penalties or damages, cause customers to terminate their subscriptions and adversely affect our reputation and renewal rates and our ability to attract new customers, ultimately harming our business and results of operations.
Our global operations may expose us to additional risks.
We currently offer our solutions in over 80 countries. For the years ended December 31, 2022 and 2021, our sales outside North, Central and South America represented approximately 58% and 55%, respectively, of our total sales. We also rely on third-party service providers around the world to supply physical hosting and cloud environments in order to deliver and support our cloud-based services. Our global business operations involve varying degrees of risk and uncertainty inherent in doing business in so many different jurisdictions. Such risks include, among others, an unsolicited acquisitiondifficulties and costs of more than 20%staffing and managing foreign operations; the possibility of our outstanding shares),unfavorable circumstances and additional compliance costs arising from host country laws or regulations, including unexpected changes in the vesting of allinterpretations thereof and reduced protection for intellectual property rights in some countries; partial or a portion of our outstanding equity awards,total expropriation; export duties and quotas; local tax exposure; economic or political instability, including stock options, will accelerate, unless otherwise determined by our Board of Directors (or a committee thereof). Asas a result an acquisition of insurrection, war, natural disasters, and major environmental, climate or public health concerns, such as the COVID-19 pandemic; differences in business practices; recessionary environments in multiple foreign markets; and damage to, or failure of, systems at third-party hosting facilities around the word resulting in outages or interruptions in our Companycloud-based services. We cannot be certain that triggers the said accelerationforegoing factors will be more costly tonot have a potential acquirer. These provisions could causematerial adverse effect on our ordinary shares to trade at prices below the price for which third parties might be willing to pay to gain control over us. Third parties who are otherwise willing to payfuture revenues and, as a premium over prevailing market prices to gain control of us may be unwilling to do so because of these provisions.result, on our business, operating results and financial condition.
Our share price has been volatileWe have incurred net losses in the past and may be subject to volatilityincur losses in the future.
Although we have been profitable in the past several years, we incurred net losses during 2022.Our ability to maintain or increase profitability in the future depends in part on the following factors: the economic health of the global economy, including geopolitical tensions, the potential effects of the COVID-19 pandemic, record levels of inflation and rising interest rates; the rate of growth of, and changes in technology trends in our market and other industries in which we currently or may in the future operate; our ability to develop and manufacture new products and technologies and deliver new solutions in a timely manner; the competitive position of our products and services; the continued acceptance of our solutions by our customers and in the industries that we serve; and our ability to manage expenses. In the future, it may be necessary to undertake cost reduction initiatives to remain profitable, which could lead to a deterioration of our competitive position. Any difficulties that we encounter as we reduce our costs could negatively impact our results of operations and cash flows.Our revenues may not continue to increase or may grow at a lower rate than we have experienced in the past several years or may even decline, which would negatively impact our results of operations and cash flows. We cannot assure you that we will remain profitable.
We may increase our operating expenses in future periods. Our decision to increase operating expenses and the scope of such increases depends upon several factors, including the market situation and the effectiveness of our past expenditures. We may continue to make additional expenditures in anticipation of generating higher revenues, which we may not realize, if at all, until sometime in the future. This could cause reductions in our profitability or lead to losses. Additionally, a failure of any acquisition or product development initiative to produce increased revenues could have a material adverse effect on our operations and profitability.
A slowdown in the growth of the cyber security and application delivery solutions market would reduce our addressable market and solutions sales.
The cyber security and application delivery market pricein which we operate is rapidly evolving, and we cannot assure you that it will continue to develop and grow. In addition, we cannot assure you that our solutions and technology will keep pace with the changes to this market. Market acceptance of cyber security and application delivery solutions may be inhibited by, among other factors, a lack of anticipated congestion and strain on existing network infrastructures and the availability of alternative solutions. If demand for cyber security and application delivery solutions does not continue to grow, or grows at a slower pace than expected, we may not be able to sell enough of our solutions to maintain or increase our profitability.
If the market for our ordinary shares, as well as the prices of shares of other technology companies, has been volatile. For example, during 2021 the lowest closing pricecloud-based solutions does not continue to develop and grow, we may incur capital and operating losses.
As we continue to expand our cloud-based solution offerings, our investments, both capital and operational, in our cloud business increase. We cannot assure you that sales of our share was $25.15, comparedcloud-based solutions will continue to develop and grow. In addition, we cannot assure you that our services and technology will keep pace with the changes in this market. Specifically, the emergence of alternative solutions, such as those offered by Amazon Web Services, Inc. (AWS), Microsoft Azure or Google’s public cloud, may negatively affect sales of our solutions.
Our solutions may have long sales cycles, which may reduce the predictability of our financial performance.
Our solutions are technologically complex and are typically intended for use in applications that may be critical to the highest closing pricebusiness of our share of $41.74 during the same year.customers. As a result, our pre-sales process can be subject to delays associated with customers’ budgetary constraints and lengthy approval and procurement processes. The volatilitysales cycles of our share pricesolutions to new customers can last for as long as twelve months (and in some cases even longer, for example, with carrier customers) from initial presentation to sale. Long sales cycles result in a delay to our generation of revenue. Long sales cycles also subject us to risks not usually encountered in short sales cycles, including our customers’ budgetary constraints and internal acceptance reviews and processes prior to purchase. In addition, orders expected in one quarter could shift to another because of the timing of our customers’ procurement decisions. Furthermore, customers may have a negative impact ondefer orders in anticipation of new solutions or product enhancements introduced by us or by our competitors. These factors complicate our planning processes and reduce the predictability of our financial performance as a resultperformance.
We may pursue acquisitions or other investments that could disrupt our business and harm our financial condition.
As part of its negative impactour business strategy, we may invest in or acquire complimentary businesses, technologies or assets or enter into joint ventures or other strategic relationships with third parties. Past acquisitions have caused, and future acquisitions may cause, us to assume liabilities, incur acquisition-related costs, incur amortization expenses or realize write-offs on employee retention. Numerous factors, manyassets no longer being used or phased out. In addition, the future valuation of which are beyond our control,these acquisitions may causedecrease from the market price and trading volumepaid by us, which could result in the impairment of our ordinary shares to fluctuate significantlygoodwill and decrease further,other intangible assets associated with the relevant acquired assets. Moreover, our operation of any acquired or merged businesses, technologies or assets could involve numerous risks, including:
operating results that do not meet forecasts by securities analysts;post-merger integration problems resulting from the combination of any acquired operations with our own operations or from the combination of two or more operations into a new unified entity;
announcements concerning us ordiversion of management’s attention from our competitors;core business;
the introduction of new products and new industry standards;substantial expenditures, which could divert funds from other corporate uses;
general market conditions and changesentering markets in market conditions in our industry;which we have little or no experience;
loss of key employees of the general state of securities markets (particularly the technology sector);
political, economic and other developments in the State of Israel, the U.S. and worldwide, including, for example, the recent military conflict in Ukraine and the COVID-19 pandemic;acquired operations; and
any of the events underlying any of the other risksknown or uncertainties set forth elsewhere in this annual report actually occurs.unknown contingent liabilities, including, but not limited to, tax and litigation costs.
We cannot be certain that any past or future acquisitions or mergers will be successful. If the operation of the business of any future acquisitions or mergers disrupts our operations, our results of operations may be adversely affected, and even if we successfully integrate the acquired business with our own, we may not receive the intended benefits of the acquisition. In addition, our pursuit of potential acquisitions may divert our management’s attention from our core business and require considerable cash outlays at the expense of our existing operations, whether or not such transactions are consummated. A failure of any acquisitions or product developments to produce increased revenues could have a material adverse effect on our operations and profitability.
Our business in countries with a history of corruption and transactions with foreign governments increases the risks associated with our international activities.
As we operate and sell internationally, we are characterizedsubject to the Foreign Corrupt Practices Act of 1977, as amended (the “FCPA”), the U.K. Bribery Act of 2010 (the “UK Bribery Act”) and other laws that prohibit improper payments or offers of payments to foreign governments and their officials and political parties for the purpose of obtaining or retaining business. We have operations, deal with and make sales to governmental customers in countries known to experience corruption, particularly certain emerging countries in Eastern Europe, South and Central America, East Asia, Africa and the Middle East. Our activities in these countries create the risk of unauthorized payments or offers of payments by one of our employees, consultants, channel partners or sales agents that could be in violation of various anti-corruption laws, even though these parties may not be under our control. While we have implemented safeguards to prevent these practices by our employees, consultants, channel partners and sales agents, our existing safeguards and any future improvements may prove to be less than effective, and our employees, consultants, channel partners or sales agents may engage in conduct for which we might be held responsible. Violations of the FCPA, the UK Bribery Act or other anti-corruption laws may result in severe criminal or civil sanctions, including suspension or debarment from government contracting, and we may be subject to other liabilities, which could negatively affect our business, operating results and financial condition.
Currency exchange rates and fluctuations of exchange rates could have a passive foreign investment company,material adverse effect on our U.S. shareholders may suffer adverse tax consequences.results of operations.
Generally, if for any taxable year, after applying certain "look through" tax rules, (i) 75% or moreWe are impacted by exchange rates and fluctuations thereof in a number of ways, including:
A large portion of our gross incomeexpenses in Israel, principally salaries and related personnel expenses, are paid in NIS, whereas most of our revenues are generated in U.S. dollars. When the U.S. dollar is passive income, or (ii) at least 50% ofweak, our foreign currency-denominated expenses will be higher, whereas if the fair marketU.S. dollar is strong, our foreign currency-denominated expenses will be lower. If the NIS strengthens against the U.S. dollar, the dollar value of our assets, averaged quarterly overIsraeli expenses will increase and may have a material adverse effect on our taxable year, are held for the production of, or produce, passive income, we would be characterized as a passive foreign investment company, or PFIC, for U.S. federal income tax purposes. If we are classified as a PFIC, our U.S. shareholders could suffer adverse U.S. tax consequences, including having gain realized on the sale of our ordinary shares treated as ordinary income, as opposed to capital gain income,business, operating results and having potentially punitive interest charges apply to such gain. Similar rules apply to certain “excess distributions” made with respect to our ordinary shares.financial condition;
A portion of our international sales are denominated in currencies other than U.S. dollars, such as Euros, thereby exposing us to currency fluctuations in such international sales transactions;
We incur expenses in several other currencies in connection with our operations in Europe and Asia. Devaluation of the U.S. dollar relative to such local currencies causes our operational expenses to increase; and
The majority of our international sales are denominated in U.S. dollars. Accordingly, devaluation in the local currencies of our customers relative to the U.S. dollar could cause our customers to decrease orders or default on payment.
ForCommencing in 2022, although we engaged in foreign currency hedging transactions intended to reduce the effect of fluctuations in foreign currency exchange rates on our taxable year ended December 31, 2021, we dofinancial position and results of operations, not believe that we should be classified as a PFIC. There can be no assurance, however, that the IRS will not challenge this treatment, and it is possible that the IRS could attempt to treat us as a PFIC for 2021 and prior taxable years. The tests for determining PFIC status are applied annually, and require a factual determination that depends on, among other things, the compositionall of our income, assetspotential exposure is covered and, activities in each taxable year, and can only be made annually after the close of each taxable year. Furthermore, the aggregate value of our gross assets is likely to be determined in part by reference to the trading price of our ordinary shares, which could fluctuate significantly. We have a substantial balance of cash and other liquid investments, which are passive assets for purposes of the PFIC determination. Accordingly, if our market capitalization declines significantly, it may make our classification as a PFIC more likely for the current or future taxable years. Accordingly, regardless, there can be no assurance that any such hedging transactions will materially reduce the effect of fluctuations in foreign currency exchange rates on such results. For a further discussion of the impact on currency exchange rates on our business, see Item 11 “Quantitative and Qualitative Disclosures About Market Risk.”
Undetected defects and errors may increase our costs and impair the market acceptance of our products.
Our products have occasionally contained, and may in the future contain, undetected defects or errors, especially when first introduced or when new versions are released, due to defects or errors that we fail to detect, including in components supplied to us by third parties. These defects or errors may be found after the commencement of commercial shipments. In addition, because our customers integrate our products into their networks with products from other vendors, it may be difficult to identify the product that has caused the problem in the network. Regardless of the source of these defects or errors, we will then need to divert the attention of our engineering personnel from our product development efforts to detect and correct these errors and defects. We cannot assure you whether we will incur significant warranty or repair costs, be subject to liability claims for material damages related to product errors or defects or experience any material lags or delays as a result thereof in the future. Any insurance coverage that we maintain may also not becomeprovide sufficient protection should a PFICclaim be asserted. Moreover, the occurrence of errors and defects, whether caused by our products or the components supplied by another vendor, may result in future taxable years.significant customer relations problems and injure our reputation, thereby impairing the market acceptance of our products.
Our business and operating results could suffer if third parties infringe upon our proprietary technology.
Our success depends, in part, upon the protection of our proprietary software installed in our products, our trade secrets and trademarks. We seek to protect our intellectual property rights through a combination of trademark and patent law, trade secret protection, confidentiality agreements and other contractual arrangements with our employees, affiliates, distributors and others. In the United States and several other countries, we have registered or acquired trademarks. In addition, we have registered patents in the U.S. shareholders should consultand other jurisdictions and have pending patent applications and provisional patents in connection with their U.S. tax advisorsseveral of our products’ features.
The protective steps we have taken may be inadequate to deter infringement upon our intellectual property rights or misappropriation of our proprietary information. We may be unable to detect the unauthorized use of our proprietary technology or take appropriate steps to enforce our intellectual property rights. Effective trademark, patent and trade secret protection may not be available in every country in which we offer, or intend to offer, our products. In addition, our competitors may independently develop technologies that are substantially equivalent or superior to our technology. Any licenses for intellectual property that might be required for our services or products may not be available on reasonable terms. Failure to adequately protect our intellectual property rights could devalue our proprietary content, impair our ability to compete effectively and eventually harm our operating results. Furthermore, defending our intellectual property rights, either by way of initiating intellectual property litigation or defending such, could result in the expenditure of significant financial and managerial resources. Moreover, any adverse outcome of litigation proceedings could impact the value of our proprietary technology and have additional significant financial impacts, which may harm our operating results.
Our products may infringe on the intellectual property rights of others.
Third parties may assert claims that we have violated a patent, trademark, copyright or other proprietary intellectual property right belonging to them. As is characteristic of our industry, there can be no assurance that our products do not or will not infringe the proprietary rights of third parties, that third parties will not claim infringement by us with respect to patents or other proprietary rights, or that we would prevail in any such proceedings. We have received in the U.S. tax consequencespast, and may receive in the future, communications asserting that the technology used in some of investingour products requires third-party licenses. Any infringement claims, whether or not meritorious, could result in significant costly litigation or arbitration and divert the attention of technical and management personnel. Any adverse outcome in litigation alleging infringement could require us to develop non-infringing technology or enter into royalty or licensing agreements. If, in such situations, we are unable to obtain licenses on acceptable terms, we may be prevented from manufacturing or selling products that infringe such intellectual property of a third party. An unfavorable outcome or settlement regarding one or more of these matters could have a material adverse effect on our ordinary shares. Forbusiness, reputation and operating results.
Laws, regulations and industry standards affecting our business are evolving, and unfavorable changes could harm our business.
Laws, regulations and industry standards that apply to our business are becoming more prevalent and constantly evolving, particularly in the area of data privacy and cyber security. We may be impacted by changes in privacy-related and cyber security-related regulations governing the collection, use, retention, sharing and security of personal data that we collect, utilize, or otherwise process from our customers and/or visitors to their websites and others. Complying with a more detailed discussiondiverse range of the rules relatingprivacy and cyber security requirements could cause us to PFICs and related tax consequences, please see the section of this annual report titled Item 10.E “Taxation—United States Federal Income Tax Considerations.”incur substantial costs or require us to change our business practices in a manner adverse to our business. Any failure, or perceived failure, by us to comply with any privacy or cyber security-related laws, government regulations or directives, or industry self-regulatory principles could result in damage to our reputation or proceedings or actions against us by governmental entities or others, which could potentially have an adverse effect on our business.
For example, in the European Economic Area (EEA), we are subject to the General Data Protection Regulation 2016/679 (GDPR) and in the United Kingdom we are subject to the United Kingdom data protection regime consisting primarily of the UK General Data Protection Regulation and the UK Data Protection Act 2018 (UK DP Laws), in each case in relation to our collection, control, processing, sharing, disclosure and other use of data relating to an identifiable living individual (personal data). The GDPR, and national implementing legislation in EEA member states and the United Kingdom, impose a strict data protection compliance regime. Our compliance with GDPR and UK DP Laws, as well as other data privacy and cyber security laws around the world, evolving regulations of cloud computing, cross-border data transfer restrictions and other domestic or foreign regulations, has required and will continue to require us to invest significant resources in compliance and compliance-related areas.
Furthermore, laws, regulations and industry standards are subject to constant and, at times, drastic changes that, particularly in the case of industry standards, may arrive with little or no notice, and these could either help or hurt the demand for our solutions. If we are unable to adapt our solutions to changing laws, regulations and industry standards in a timely manner, or if our solutions fail to assist our customers with their compliance initiatives, our customers may lose confidence in our solutions and could switch to competing solutions. Recent legal developments in Europe have created complexity and uncertainty regarding transfers of personal data from the EEA and the United Kingdom to the United States. These recent developments may require us to review and amend the legal mechanisms by which we make and/or receive personal data transfers to or in the U.S. personSuch legal developments also cause us to look at our operations and review our data flows to ensure we can continue to meet clients’ increasing requests for data to remain in-country or in-region. At the same time, if, contrary to this trend, regulations and standards related to cyber security are changed in a manner that makes them less onerous, our customers may view government and industry regulatory compliance as less critical to their businesses, and our customers may purchase fewer of our solutions, or none at all. In either case, our sales and financial results would be negatively impacted and could be materially adversely affected.
Some of our solutions contain “open source” and third-party software, and any failure to comply with the terms of one or more of these open source and third-party software licenses could negatively affect our business.
Some of our products utilize open source technologies. Some open source software licenses require users who distribute or make available as a service open source software as part of their own software product to publicly disclose all or part of the source code of the users’ software product or to make available any derivative works of the open source code on unfavorable terms or at no cost. We have established processes to help alleviate these risks, including a review process for screening requests from our development organization for the use of open source software, but we cannot be sure that all open source software is treatedsubmitted for approval prior to use in our products. In addition, open source license terms may be ambiguous and many of the risks associated with use of open source software cannot be eliminated, and could, if not properly addressed, negatively affect our business. We may face ownership claims from third parties over, or seeking to enforce the license terms applicable to, such open source software, including by demanding the release of the open source software, derivative works or our proprietary source code. Any such requirement to disclose our source code or other confidential information related to our products could materially and adversely affect our competitive position and may adversely impact our business, results of operations and financial condition. In addition, if the license terms for the open source code change, we may be forced to re-engineer our software or incur additional costs.
In addition, some of our solutions include other software or intellectual property licensed from third parties. This exposes us to risks over which we may have little or no control. There can be no assurance that the licenses from such third-party licensors will continue to be available to us on acceptable terms, if at all. In addition, while we believe we are compliant with the terms of our third-party licenses, such licensors may still assert that we are in breach of the terms of a license, which could give such licensors the right to terminate a license or seek damages from us, or both. Our inability to maintain such licenses or the need to engage in litigation regarding these matters, could result in delays in releases of new products, and could otherwise disrupt our business, unless and until equivalent technology can be identified, licensed or developed at substantially the same costs to us.
An increasing amount of intangible assets and goodwill on our books may in the future lead to significant impairment charges.
The amount of goodwill and intangible assets on our consolidated balance sheets was, as owningof December 31, 2022, approximately $87.7 million, compared to $51.9 million as of December 31, 2021. We regularly review our intangible and tangible assets, including goodwill, for impairment. Goodwill is subject to impairment review at least 10%annually, and other intangible assets are reviewed for impairment when there is an indication that impairment may have occurred. Impairment testing has led to, and may in the future lead to, significant additional impairment charges.
Additional tax liabilities, including due to tax positions we have taken, could materially adversely affect our results of operations and financial condition.
We operate our business in various countries, and we attempt to utilize an efficient operating model to optimize our tax payments based on the laws in the countries in which we operate. This can cause disputes between us and various tax authorities in the countries in which we operate, whether due to tax positions that we have taken in various tax returns we have filed or due to determinations we have made not to file tax returns in certain jurisdictions. In particular, not all of our ordinary shares, such holdertax returns are final and may be subject to further audit and assessment by applicable tax authorities. There can be no assurance that the applicable tax authorities will accept our tax positions, and, if they do not, we may be required to pay additional taxes. In the past few years, certain tax authorities who have audited our tax returns have rejected our tax positions, and, while we intend to vigorously maintain our positions, we cannot be sure that our positions will be accepted, and we may end up paying additional taxes, whether as a result of litigation, if instituted, or settlement negotiations. While we have established reserves based on assumptions and estimates that we believe are reasonable to cover such positions, these reserves may prove to be insufficient and as such, our future results may be adversely affected.
In recent years, we have seen changes in tax laws resulting in an increase in applicable tax rates, especially increased liabilities of corporations and limitations on the ability to benefit from strategic tax planning, with these laws particularly focused on international corporations. Such legislative changes in one or more jurisdictions in which we operate may have implications on our tax liability and have a material adverse effect on our results of operations and financial condition. For example, the Organization for Economic Cooperation and Development, or the OECD, an intergovernmental organization that aims to promote the economic and social well-being of people around the world, introduced the base erosion and profit shifting (BEPS) project. The BEPS project contemplates changes to numerous international tax principles, as well as national tax incentives, and these changes, if adopted by individual countries, could adversely affect our provision for income taxes. Countries have only recently begun to translate the BEPS recommendations into specific national tax laws, and it remains difficult to predict with accuracy the magnitude of any impact that such new rules may have on our financial results. The U.S. and Israel, among other countries in which we have operations, are members of the OECD.
The enactment of legislation changing the United States’ taxation of international business activities could materially impact our financial position and results of operations.
Due to the expansion of our international business activities, any changes in the U.S. taxation of such activities may increase our worldwide effective tax rate, and adversely affect our financial position and results of operations. The U.S. presidential administration and members of the U.S. Congress have proposed significant changes in U.S. federal income tax consequences.law, regulation and government policy within the United States, which could affect us and our business. For example, the recent Inflation Reduction Act enacted in the United States introduced, among other changes, a 15% corporate minimum tax on certain United States corporations and a 1% excise tax on certain stock redemptions by United States corporations (which the U.S. Treasury indicated may also apply to certain stock redemptions by a foreign corporation funded by certain United States affiliates). Further, other foreign governments may enact tax laws in response to any changes in the U.S. taxation of international business activities that could result in further changes to global taxation and materially affect our financial position and results of operations. We are currently unable to predict whether these or other changes will occur and, if so, the ultimate impact on our business. To the extent that such changes have a negative impact on us, our suppliers or our consumers, including as a result of related uncertainty, these changes may materially and adversely impact our business, financial condition, results of operations and cash flow.
If we are unable to realize our investment objectives, our financial condition and results of operations may be adversely affected.
Depending uponWe maintain substantial balances of cash and liquid investments as strategic assets for purposes of acquisitions and general corporate purposes, including share repurchases. Our cash, cash equivalents, short- and long-term bank deposits and marketable securities totaled $432.0 million as of December 31, 2022, compared to $465.8 million as of December 31, 2021. The performance of the aggregate value and voting powercapital markets is the primary factor that affects the values of funds that are held in marketable securities. While we believe we have taken a conservative approach in our investments, by investing the majority of our ordinary sharesdebt marketable securities portfolio at securities that are rated A- or higher, these assets are subject to market fluctuations and various developments, including, without limitation, rating agency downgrades that may impair their value. We expect that market conditions will continue to fluctuate and that the fair value of our investments may be affected accordingly, including, without limitation, by the economic effects of the COVID-19 pandemic and the rising levels of inflation and interest rates.
Financial income is a component of our net income and the outlook for our financial income is dependent, in part, on the future direction of interest rates, exchange rates, the amount of any share repurchases or acquisitions that we make and the amount of cash flows from operations that are available for investment. For example, for the years ended December 31, 2022 and 2021, we had $8.1 million and $4.4 million, respectively, of net financial income, that was primarily derived from the value of our investments. The performance of the capital markets affects the values of our funds that are held in marketable securities. These assets are subject to market fluctuations and will yield uncertain returns. Due to certain market developments, including investments’ rating downgrades, the fair value of these investments may decline. If market conditions continue to fluctuate, the fair value of our investments may be impacted accordingly. Although our investment guidelines stress diversification and capital preservation, our investments are subject to a variety of risks, including risks related to general economic conditions, interest rate fluctuations and market volatility.
In particular, our investment portfolios include a significant amount of interest rate-sensitive instruments, such as bonds, which, in addition to the inherent risk associated with the debt, may be adversely affected by changes in interest rates. Changes in interest rates and credit quality may also result in fluctuations in the income derived from, or the valuation of, our fixed income securities. Interest rates are highly sensitive to many factors, including governmental monetary policies, domestic and international economic and political conditions and other factors beyond our control. For example, benchmark interest rates, such as the U.S. personsFederal Funds Rate, are treatedcurrently relatively high, which is likely to significantly impact our investment income. Additional increases in interest rates might decrease the value of our investments in fixed-income securities. If increases in interest rates occur during periods when we sell investments to satisfy liquidity needs, we may experience investment losses. Conversely, if interest rates decline, reinvested funds and our investment in bank deposits will earn less than expected.
In terms of credit risk, our investment portfolio policy is “buy and hold” while minimizing credit risk by setting maximum concentration limit per issuer and credit rating. Our investments consist primarily of government and corporate bonds and bank deposits. Although we believe that we generally adhere to conservative investment guidelines, if turmoil in the financial markets reoccurs in the future, it may result in impairments of the carrying value of our investment assets since we classify our investments in marketable securities as owning (directly, indirectly, or constructively), we could be treatedavailable-for-sale. Changes in the fair value of investments classified as available-for-sale are not recognized as income (loss) during the period, but rather are recognized as a controlled foreign corporation (CFC). Additionally, becauseseparate component of equity until realized. Realized losses in our group consists of one or more U.S. subsidiaries, certaininvestments portfolio may adversely affect our financial position and results. For example, if we had reported all the changes in the fair values of our non-U.S. subsidiaries will be treated as CFCs, regardlessinvestments into income (loss), our reported net loss would have increased by $4.4 million during the year ended December 31, 2022, and our net income would have decreased by $0.5 million during the year ended December 31, 2021. Any significant decline in our financial income or the value of whether or not we are treatedour investments as a CFC (although there is currently a pending legislative proposal to significantly limitresult of continued high interest rates, deterioration in the application of these rules). If a U.S. person is treated as owning (directly, indirectly or constructively) at least 10%credit worthiness of the valuesecurities in which we have invested, general market conditions or voting powerother factors could have an adverse effect on our results of operations and financial condition.
We rely on information systems to conduct our businesses, and failure to protect these systems against security breaches and otherwise to implement, integrate, upgrade and maintain such systems in working order could have a material adverse effect on our results of operations, cash flows or financial condition.
The efficient operation of our ordinary shares,businesses depends on our computer hardware and software systems. For instance, we rely on information systems to process customer orders, manage accounts receivable collections, manage accounts payable processes, track costs and operations, maintain client relationships and accumulate financial results. Despite our implementation of industry-accepted security measures and technology, our information systems are vulnerable to, and have been in the past subject to, computer viruses, attempts to insert malicious codes, unauthorized access, phishing efforts, denial-of-service attacks and other cyber-attacks, and we expect to be subject to similar attacks in the future as such personattacks become more sophisticated and frequent. A breach of our information systems could result in decreased performance, operational difficulties and increased costs, any of which could have a material adverse effect on our business and operating results.
Major disruptions or deficiencies of our information systems could disrupt our operations and cause unanticipated increases in our costs.
We have invested, and intend to continue to invest, significant capital and human resources in our information systems, including in a project for company-wide sales, operations and services support systems. Any major disruptions or deficiencies in the design and implementation of our information systems, particularly those that impact our operations, could adversely affect our ability to process customer orders, ship products, provide services and support to our customers, bill and track our customers, timely report our financial results and otherwise run our business.
Our business may be treatedaffected by sanctions, export controls and similar measures targeting Russia and other countries and territories as well as other responses to Russia’s military conflict in Ukraine, including indefinite suspension of operations in Russia and dealings with Russian entities by many multi-national businesses across a variety of industries.
As a result of Russia’s military conflict in Ukraine, governmental authorities in the United States, the European Union and the United Kingdom, among others, launched an expansion of coordinated sanctions and export control measures, including:
blocking sanctions on some of the largest state-owned and private Russian financial institutions (and their subsequent removal from SWIFT);
| • | blocking sanctions against Russian and Belarusian individuals, including the Russian President, other politicians and those with government connections or involved in Russian military activities; |
blocking sanctions against certain Russian businessmen and their businesses, some of which have significant financial and trade ties to the European Union;
blocking of Russia’s foreign currency reserves and prohibition on secondary trading in Russian sovereign debt and certain transactions with the Russian Central Bank, National Wealth Fund and the Ministry of Finance of the Russian Federation;
expansion of sectoral sanctions in various sectors of the Russian and Belarusian economies and the defense sector;
United Kingdom sanctions introducing restrictions on providing loans to, and dealing in securities issued by, persons connected with Russia;
restrictions on access to the financial and capital markets in the European Union, as well as prohibitions on aircraft leasing operations;
sanctions prohibiting most commercial activities of U.S. and EU persons in Crimea and Sevastopol;
enhanced export controls and trade sanctions targeting Russia’s imports of technological goods as a “U.S. shareholder”whole, including tighter controls on exports and re-exports of dual-use items, stricter licensing policy with respect to each CFCissuing export licenses, and/or increased use of “end-use” controls to block or impose licensing requirements on exports, as well as higher import tariffs and a prohibition on exporting luxury goods to Russia and Belarus;
closure of airspace to Russian aircraft; and
ban on imports of Russian oil, liquefied natural gas and coal to the United States.
As the conflict in our group (if any), which may subject such personUkraine continues, there can be no certainty regarding whether the governmental authorities in the United States, the European Union, the United Kingdom or other counties will impose additional sanctions, export controls or other measures targeting Russia, Belarus or other territories. Furthermore, in retaliation against new international sanctions and as part of measures to adversestabilize and support the volatile Russian financial and currency markets, the Russian authorities also imposed significant currency control measures aimed at restricting the outflow of foreign currency and capital from Russia, imposed various restrictions on transacting with non-Russian parties, banned exports of various products and other economic and financial restrictions.
Our business must be conducted in compliance with applicable economic and trade sanctions laws and regulations, including those administered and enforced by the U.S. federal income tax consequences. Specifically, aDepartment of Treasury’s Office of Foreign Assets Control, the U.S. shareholderDepartment of a CFC mayState, the U.S. Department of Commerce, the United Nations Security Council and other relevant governmental authorities. We must be required to annually report and include in its U.S. taxable income its pro rata share of each CFC’s “Subpart F income,” “global intangible low-taxed income” and investments in U.S. property, whether or not we make any distributions of profits or income of a CFC to such U.S. shareholder. If you are treated as a U.S. shareholder of a CFC, failure to comply with these reporting obligations may subject you to significant monetary penalties and may prevent the statute of limitations with respect to your U.S. federal income tax return for the year for which reporting was due from starting. Additionally, a U.S. shareholder that is an individual would generally be denied certain tax deductions or indirect foreign tax credits that may otherwise be allowable to a U.S. shareholder that is a U.S. corporation. We cannot provide any assurances that we will assist investors in determining whether we or any of our non-U.S. subsidiaries are treated as CFCs or whether any investor is treated as a U.S. shareholder with respect to any of such CFC, nor do we expect to furnish to any U.S. shareholders information that may be necessaryready to comply with the aforementioned reportingexisting and tax paying obligations.any other potential additional measures imposed in connection with the conflict in Ukraine. The United States Internal Revenue Service provided limited guidance on situations in which investors may rely on publicly available alternative information to complyimposition of such measures could adversely impact our business, including preventing us from performing existing contracts, recognizing revenue, pursuing new business opportunities or receiving payment for products already supplied or services already performed with their reporting and tax paying obligations with respect to foreign-controlled CFCs. U.S. investors should consult their advisors regarding the potential application of these rules to their investment in our ordinary shares.
customers.
In 2022 and 2021, 7% and 5%, respectively, of our total revenues were from sales to customers located in Russia. We continuously review and monitor our contractual relationships with suppliers and customers to establish whether any of them are the target of the applicable sanctions. In the event that we identify a party with which we have a business relationship that is the target of applicable sanctions, we would immediately activate a legal analysis of what gives rise to the business relationship, including any contract, to estimate the most appropriate course of action to comply with the sanction regulations, together with the impact of a contractual termination according to the applicable law, and then proceed as required by the regulatory authorities. However, given the range of possible outcomes, the full costs, burdens, and limitations on our and our customer’s and business partners’ businesses are currently unknown and may become significant.
Furthermore, even if an entity is not formally subject to sanctions, customers and business partners of such entity may decide to reevaluate or cancel projects with such entity for reputational or other reasons. As result of the ongoing conflict in Ukraine, many U.S. and other multi-national businesses across a variety of industries, including consumer goods and retail, food, energy, finance, media and entertainment, tech, travel and logistics, manufacturing and others, have indefinitely suspended their operations and paused all commercial activities in Russia and Belarus. Depending on the extent and breadth of sanctions, export controls and other measures that may be imposed in connection with the conflict in Ukraine, it is possible that our business, financial condition and results of operations could be materially and adversely affected.
Climate change may have an adverse impact on our business.
Global climate change may result in certain natural disasters occurring more frequently or with greater intensity, such as drought, wildfires, storms, sea-level rise, and flooding and many believe that the risks related to climate change are increasing in both impact and type of risk. While we do not believe there will be significant near-term impacts to our business and operations due to climate change, long-term impacts remain unknown. These include operational risks impacting, among other things, our supply chain, our personnel or electrical power availability from climate changed-related weather events as well as business and regulatory risks. For example, regulatory risks resulting from changes in laws and regulations on climate change may increase our compliance costs and limit our ability to operate. Similarly, the evolving customer and other stakeholder expectations and regulatory requirements to reduce carbon emissions could present a risk of loss of business if we are not able to meet those expectations or requirements.
Our disclosures and initiatives related to environmental, social and governance (ESG) matters expose us to numerous risks, including risks to our reputation, business, financial performance and growth.
There has been increasing public focus by investors, customers, environmental activists, the media and governmental and nongovernmental organizations on a variety of ESG matters, which may result in increased costs (including but not limited to increased costs related to compliance, stakeholder engagement, and contracting), impact our reputation, or otherwise affect our business performance. As we identify ESG topics for voluntary disclosure, we have expanded and, in the future, may continue to expand, our voluntary disclosures in these areas. Statements about our ESG initiatives and goals, and progress against those goals, may be based on standards for measuring progress that are still developing, internal controls and processes that continue to evolve, and assumptions that are subject to change in the future. If our ESG-related data, processes and reporting are incomplete or inaccurate, or if we fail to achieve progress with respect to our ESG goals on a timely basis, or at all, our reputation, business, financial performance and growth could be adversely affected. In addition, this emphasis on ESG matters has resulted and may result in the adoption of new laws and regulations, including new reporting requirements. If we fail to comply with new laws, regulations or reporting requirements, our reputation and business could be adversely impacted.
Risks Related to Operations in Israel
• | Political, economic and military instabilityin the Middle East or Israel may harm our business. |
The tax benefits we may receive in connection with our preferred enterprise program require us to satisfy prescribed conditions and may be terminated or reduced in the future. This would increase taxes and decrease our net profit.
We have obtained benefits from the Israeli Innovation Authority that subject us to ongoing restrictions.
It may be difficult to enforce a U.S. judgment against us or our officers and directors and to assert U.S. securities laws claims in Israel.
Your rights and responsibilities as a shareholder will be governed by Israeli law, which may differ in some respects from the rights and responsibilities of shareholders of U.S. companies.
Risks Related to Our Business and Our Industry
Changing or severe global economic conditions could have a material adverse effect on our results of operations.
Our business is affected by global economic conditions, uncertainties and downturns, including as a result of the war in Ukraine (see the risk factor below titled “Our business may be affected by sanctions, export controls and similar measures targeting Russia and other countries and territories as well as other responses to Russia’s military conflict in Ukraine, including indefinite suspension of operations in Russia and dealings with Russian entities by many multi-national businesses across a variety of industries”), the tensions between China and Taiwan, the COVID-19 pandemic and record levels of inflation that have resulted in significant volatility and disruptions in the global economy, including central banks in the markets in which we operate that have tightened their monetary policies and raised interest rates, which may impact current and anticipated market demand for our solutions. Uncertainties about current global economic conditions continue to pose a risk as our current or prospective customers may postpone or reduce demand and spending priorities in response to such uncertainties. This could result in, among other things, a reduction in our revenues or a failure to achieve anticipated revenue growth, longer sales cycles, and slower adoption of new technologies as well as downward pressure on the price of our solutions. For example, the United States and Israel have recently experienced high levels of inflation. In the event inflation persists or continues to increase, as well as other macro conditions which may have other adverse effects on the economy, which are difficult to predict, such as instability of any bank with which we maintain a commercial relationship with, each of the above events could have a material adverse effect on our business, operating results and financial condition.
We depend upon independent distributors to sell our solutions to customers. If our distributors do not succeed in selling our products and services, we may not be able to operate profitably.
Our growth strategy depends upon, among other things, increasing sales of our solutions, both directly and indirectly through our different distribution channels. We sell our solutions primarily to independent distributors, including value added resellers (VARs), original equipment manufacturers (OEMs) and global system integrators (GSIs), and are highly dependent upon these distributors’ active marketing and sales efforts. Our distribution agreements with our distributors generally are non-exclusive, ranging in duration with no renewal obligation on the part of our distributors. Our distribution agreements also typically do not prevent our distributors from selling products and services of our competitors and do not contain minimum sales or marketing performance requirements. As a result, our distributors may give higher priority to products and services of our competitors or their own products, thereby reducing their efforts to sell our products and services. In addition, we may not be able to maintain our existing distribution relationships, and we may not be successful in replacing them on a timely basis, or at all. We may also need to develop new distribution channels for new products and services, and we may not succeed in doing so. Any changes in our distributor relationships or distribution channels, including a termination or other disruption of our commercial relationship with our distributors or our inability to establish distribution channels for new products and services, could impair our ability to sell our products and services and have a material adverse effect on our business, financial condition and results of operations.
We must manage our anticipated growth effectively in order to remain profitable.
We have actively expanded our operations in the past and may continue to expand them in the future in order to gain market share in the evolving market for cyber security and application delivery solutions. This expansion has required, and may continue to require, managerial, operational and financial resources.
In some cases, we may choose to increase our cost of operations at the expense of our short-term profitability in order to support future expansion and growth. We cannot assure you that we will continue to expand our operations successfully. If we are unable to manage our expanding operations effectively, our revenues may not increase or may decline, our cost of operations may increase, and we may not be profitable.
A shortage of components or manufacturing capacity could cause a delay in our ability to fulfill orders or increase our manufacturing costs, and any disruption in our supply chain could have a material adverse effect on our results of operations.
Our ability to meet customer demands depends in part on our ability to obtain timely deliveries of parts from our suppliers and contract manufacturers. We cannot assure you that we will not encounter supply and fulfilment issues in the future and certain components are presently available to us only from limited sources (see the risk factor below titled “We rely on a few vendors to provide our hardware platforms and components for the manufacture of our products”and the discussion under Item 4.B "Business Overview—Manufacturing and Suppliers"). We may not be able to diversify sources in a timely and cost-effective manner, which could harm our ability to deliver products to customers and adversely impact present and future sales and profitability.
We may experience a shortage of certain component parts as a result of our own manufacturing issues, manufacturing issues at our suppliers or contract manufacturers, capacity problems or transportation and freight carriers issues experienced by our suppliers or contract manufacturers, or strong demand in the industry for those parts, especially if there is growth in the overall economy. If there is growth in the economy, such growth is likely to create greater pressures on us and our suppliers to accurately project overall component demand and component demands within specific product categories and to establish optimal component levels. If shortages or delays persist, such as due to the worldwide chipset shortage, the price of these components may increase, or the components may not be available at all.
We may also encounter shortages if we do not accurately anticipate our needs. We may not be able to secure enough components at reasonable prices or of acceptable quality to build new products in a timely manner in the quantities or configurations needed. Accordingly, our revenues and gross margins could be materially and adversely affected until other sources can be developed.
In addition, our operating results could be materially and adversely affected if we anticipate greater demand than what transpires, and we commit to purchasing more components than we actually need. We see this specifically with respect to dated components, which we need to order in large quantities due to manufacturing stoppage. Due to technology advancements, we are required from time to time to make “last buy” type of stock purchases of such dated components for our legacy products.
Any disruption in our supply chain, such as disruptions resulting from failure in telecommunication systems; acts of war, terrorism, cyber-attacks or natural disasters, including major environmental or public health concerns, such as the COVID-19 pandemic (see the risk factor below titled “The COVID-19 pandemic has impacted and may continue to impact our business, operating results and financial condition”and the discussion under Item 4.B "Business Overview—Manufacturing and Suppliers"); lack of skilled labor; the disruption of transportation networks; and adverse weather conditions, could have a material adverse effect on our business, financial condition and results of operations.
The COVID-19 pandemic has impacted and may continue to impact our business, operating results and financial condition.
The COVID-19 pandemic has resulted in a widespread health crisis that has adversely affected businesses, economies and financial markets worldwide, placed constraints on the operations of businesses, caused disruptions in global supply chains, and decreased consumer mobility and activity. Our business has been affected in various ways, including in our sales and marketing, our supply chain and our employees.
At the same time, the COVID-19 pandemic has negatively impacted our business by causing some delays in purchasing decisions by some of our customers, and some difficulties in acquiring new customers given travel limitations and limits on in-person interactions with our customers and prospective customers, as well as some disruptions in our supply chain and delivery of products to customers. For example, circumstances related to the COVID-19 pandemic have triggered disruptions in global supply chains and interruptions and delays involving freight carriers that, in turn, have caused difficulties in timely obtaining components from our suppliers, as well as transportation of our products after manufacture to our customers.
The extent to which COVID-19 will continue to impact our business, financial condition or results of operations, will depend on future developments, which are uncertain and cannot be predicted.
We rely on a few vendors to provide our hardware platforms and components for the manufacture of our products.
We primarily rely on a few original design manufacturers, or ODMs, for the manufacture and supply of our hardware platforms, with approximately 88% of our direct product costs in 2022 related to these vendors. If we are unable to continue to acquire from these ODMs and/or other components vendors on acceptable terms or should any of these ODMs and/or components vendors cease to supply us with such platforms or components for any reason, we may not be able to identify and integrate an alternative source of supply in a timely fashion or at the same costs. Any transition to one or more alternate manufacturers could result in delays, operational problems and increased costs, and may limit our ability to deliver our products to our customers on time during such a transition period, any of which could have a material adverse effect on our business, financial condition and results of operations.
Our success depends on our ability to attract, train and retain highly qualified personnel.
Our products and services require sophisticated technology, marketing and sales expertise. Accordingly, we need highly trained research and development, sales, marketing, technical, customer support, operations and IT personnel. Competition for such qualified personnel, especially in the cyber security domain, is intense. In particular, while there has been intense competition for such qualified personnel in the Israeli high-tech industry historically, the industry experienced record growth and activity in 2021 and 2022, which contributed to significant levels of employee attrition and is currently facing a severe shortage of skilled human capital, including qualified personnel in the cyber security domain. In addition, while we utilize non-competition agreements with our employees as a means of improving our employee retention, we may be unable to enforce these agreements under applicable laws. In light of the foregoing, we may not be able to hire or retain sufficient personnel to support our business operations or, if we do, we may be required to offer increased compensation to attract such employees, which could have a material adverse effect on our business, financial condition and results of operations.
Competition in the market for cyber security and application delivery solutions and in our industry, in general, is intense. If we are unable to compete effectively, we may lose market share, and we may be unable to maintain profitability.
The cyber security and application delivery solutions marketplace is highly competitive and has very few barriers to entry, particularly in our focus areas. We expect competition to intensify in the future, and we may lose market share if we are unable to compete effectively.
Most of our competitors have greater financial, personnel and other resources than we have, which may limit our ability to effectively compete with them. We expect to continue to face additional competition as new participants enter the market or extend their portfolios into related technologies. Current and future participants may also be able to respond more quickly to new or emerging technologies and changes in customer demands and to devote greater resources to the development, promotion and sale of their products than we can. Larger companies with substantial resources, brand recognition and sales channels may form consolidation and alliances with or acquire competing cyber security and application delivery solutions and emerge as significant competitors.
Competition may result in lower prices or reduced demand for our solutions and a corresponding reduction in our ability to recover our costs, which may impair our ability to achieve, maintain and increase profitability. Furthermore, the dynamic market environment poses a challenge in predicting market trends and expected growth. We cannot assure you that we will be able to implement our business strategy in a manner that will allow us to be competitive. If any of our competitors offer products or services that are more competitive than ours, we could lose market share and our business, financial condition and results of operations could be materially and adversely affected as a result.
We must develop new solutions and enhance existing solutions to remain competitive.
The market for cyber security and application delivery solutions is characterized by rapid technological changes, driven primarily by accelerated digital transformation including a dramatic increase in work from home initiatives, a rapid shift to online business activity, and increased migration to cloud environments. Such technological changes and transformations are accompanied by, in addition to a rapidly evolving and active cyber threat landscape, changes in application infrastructure tools and increasingly demanding compliance mandates. The challenges we face include:
increasing throughput, capacity, performance and efficiency of our core products, to cope with growing velocity and complexity of attacks;
adapting to fundamental changes in our customers’ data centers’ infrastructure and changes in the locations of applications and data by offering relevant solutions for multi-clouds and hybrid cloud environments;
offering new solutions to adapt to the changes in applications’ deployment frameworks, workflows and architectures, massive usage of Application Programming Interface (API) stacks and new edge delivery technologies in response to the rise of modern applications buildup and delivery requirements;
adapting to changes in the cyber threat landscape, by extending our security coverage to include cloud-native attacks (cloud access management and workloads), application level attacks, usage of open source third-party libraries, encrypted attacks, automated attacks and edge/client delivery related attacks;
developing and enhancing our cloud and virtual offerings and expanding our managed security services capabilities to address the industry trend of providing services for the cloud and through the cloud – organically and inorganically; and
increasing our support offerings to address the industry trend of increased customer reliance on third-party provided or managed information technology services.
In order to meet these challenges and remain competitive in the market, we have introduced, and must continue to introduce, new solutions and enhancements to our existing solutions. Accordingly, our future success will depend, to a substantial extent, on our ability to accurately and timely identify market trends and anticipate changing market requirements and needs; to invest (including through acquisition of complimentary solutions) in research and development and timely develop, introduce and support relevant and desired new solutions and enhancements; and to gain market acceptance of our offerings. There can be no assurances that our continued investment in research and development, including associated capital expenditures, will ultimately allow us to remain competitive in our industry or otherwise result in successful solutions that generate expected sales and support our growth. In addition, diversifying our solution portfolio might expose us to direct competition with new players and might require additional investments in the associated sales and marketing practices.
If our research and development efforts do not lead to a corresponding increase in our revenues, if we fail to timely develop and deploy new solutions and enhancements to our existing solutions, or if we fail to gain market acceptance of our new solutions or enhanced solutions, our business, operating results and financial condition could be materially adversely affected.
Our reputation and business could be harmed based on real or perceived shortcomings, defects or vulnerabilities in our solutions or if our end-users experience security breaches, which could have a material adverse effect on our business, reputation and operating results.
Any errors, defects, or misconfigurations could cause our solutions to not meet specifications, be vulnerable to security attacks or fail to secure networks or applications which could negatively impact customer operations and consequently harm our business and reputation. In addition, we may suffer significant adverse publicity and reputational harm and become subject to regulatory and litigation claims if our solutions are associated, or are believed to be associated with, or fail to reasonably protect against, a security attack or a breach at a high-profile customer, a significant customer base or a significant business partner. Many of our customers and business partners are themselves highly regulated entities, which may result in enhanced scrutiny of our security program and controls in the event of a significant cybersecurity incident. Moreover, any actual or perceived cyber-attack, other security breach, exposure or theft of our or our customers’ data, regardless of whether the breach or theft is attributable to the failure of our solutions, could:
adversely affect the market’s perception of our security solutions,
cause current or potential customers to look to our competitors for alternatives,
require us to expend significant financial resources to analyze, correct or eliminate any vulnerabilities, and
lead to investigations, litigation, fines and penalties, any of which could have a material adverse effect on our operations, financial condition and reputation.
Cyber-attackers or other malicious actors are increasingly sophisticated, may be state actors or affiliated with organized crime, and may operate large-scale and complex automated attacks. In addition, the techniques they use to access or sabotage networks or applications or to disrupt operations (for example, via ransomware) change frequently and generally are not recognized until launched against a target. As a result, our solutions may be unable to anticipate these techniques and provide timely or effective protection to our end-users’ networks or applications, particularly due to the increased use by attackers of tools and techniques that are designed to circumvent security controls, to avoid detection and to remove or obfuscate evidence. The global marketplace also expects actors to increasingly develop innovative attack methodologies utilizing artificial intelligence to identify and exploit vulnerabilities from both technical and social engineering perspectives. In addition, the COVID-19 pandemic significantly impact online behavior and the continued remote and hybrid working arrangements may affect the security of businesses and individuals (for example, due to the prevalence of vulnerabilities inherent in non-corporate and home networks), and we have observed a significant increase in cyberattack activity since the beginning of the pandemic that has also continued. If we fail to identify and respond to new and increasingly complex methods of attack or to update our solutions to detect or prevent such threats in time to protect our end-users’ critical business data, the integrity of our solutions and reputation, as well as our business and operating results, could suffer.
Furthermore, security breaches or defects in our solutions could result in loss or alteration of, or unauthorized access to, customers’ data and compromise our customers’ networks and applications that are secured by our physical and cloud solutions. If such a security breach results in the disruption or loss of availability, integrity or confidentiality of customers’ data, we could incur significant liability to our customers and to businesses or individuals whose information was being handled by our customers, in addition to regulatory agencies. There can be no assurance that limitation of liability, indemnification or other protective provisions that we attempt to include in our contracts would be applicable, enforceable or adequate in connection with a security breach, or would otherwise protect us from any such liabilities or damages with respect to any particular claim.
There is no guarantee that our solutions will be free of flaws or vulnerabilities. Our end-users may also misuse our solutions, which could result in vulnerabilities to a breach or theft of business data.
As a security provider, if our internal network system is compromised by cyber-attackers or other malicious actors, or by a critical system failure, our reputation, financial condition and operating results could be materially adversely affected.
We will not succeed with our application and network security solutions unless the marketplace is confident that we provide effective cyber security protection. We provide security solutions, and as a result, we have been, and continue to be, an attractive target of cyber-attacks and other security incidents, which we have experienced from time to time, that are aimed at our own internal systems and network environment. We are subject to many different types of attacks, including, among others, malware, viruses and attachments to e-mails, web application attacks, e-mails, web application attacks, Distributed Denial of Service (DDoS) attacks and other disruptive activities of individuals or groups, all of which are designed to impede the performance of our solutions, penetrate our network security or the security of our cloud platform or our internal systems, misappropriate proprietary and other information and/or cause other interruptions to our services. Furthermore, third parties may attempt to illegally induce employees or customers into disclosing our proprietary information or otherwise compromising the security of our internal networks, systems or physical facilities in order to gain access to our data or our customers’ data. An actual or perceived breach of security in our internal systems could adversely affect the integrity and market perception of our solutions. Furthermore, the costs to eliminate or address security threats and vulnerabilities before or after a cyber-security incident and any resulting regulatory or litigation actions could be significant.
We rely on third-party service providers to supply physical hosting, cloud environments and specific support technologies in order to deliver and support our security solutions, in addition to internal functions, such as human resources, finance, and electronic communications, all of which are designed to enable us to conduct, monitor and/or protect our business, operations, systems and data assets. Such third-party service providers have from time to time been subject to, and continue to be subject to, cyber-attacks, malicious actors and other security incidents. While we periodically evaluate the internal security posture of each third-party service provider to determine their level of compliance, we may not be able to detect any breach in the first instance it occurs. These risks may impact the integrity and availability of our solutions and may expose us to legal and reputational liability.
Remediation efforts or system redundancy or other continuity measures may be ineffective or inadequate and could result in interruptions, delays or cessation of service and loss of existing or potential customers. There can be no assurance that limitation of liability, indemnification or other protective provisions in our contracts would be applicable, enforceable or adequate in connection with a security breach, or would otherwise protect us from any such liabilities or damages with respect to any particular claim. Additionally, our professional, product and cyber liability insurance coverages may only cover certain liabilities in connection with a security breach or other security incident and may not adequately cover all liabilities actually incurred, and we cannot assure you that insurance will continue to be available to us on commercially reasonable terms, if at all, or that any insurer will not deny coverage as to any future claim.
In addition, any such security breach could disrupt or impair our ability to operate our business, including our ability to provide maintenance and support services to our customers. If this happens, our revenues could decline and our reputation and business could suffer.
Outages, interruptions or delays in hosting services could impair the delivery of our cloud-based security services and harm our business.
We offer infrastructure that supports our DDoS Protection services, web application firewall (WAF) and bot management cloud-based services. In addition, we provide other services through the cloud, such as Content Delivery Network (CDN). Despite precautions taken within our own internal network and at these third-party facilities, the occurrence of a natural disaster or an act of terrorism or other unanticipated problems could result in lengthy interruptions in our services.
The cloud-based security services that we provide are operated from a network of third-party facilities that host the software and systems that operate these security services. Any damage to, failure of, or significant disruptions (for example, due to ransomware) to, our internal systems or systems at third-party hosting facilities could result in outages or interruptions in our cloud-based services. Outages or interruptions in our cloud-based security services, whether as a result of impacts to our or our third-party hosting facilities or otherwise, may cause our customers to experience cyber-attacks and to believe that our cloud-based security services are unreliable, cause us to issue credits or pay penalties or damages, cause customers to terminate their subscriptions and adversely affect our reputation and renewal rates and our ability to attract new customers, ultimately harming our business and results of operations.
Our global operations may expose us to additional risks.
We currently offer our solutions in over 80 countries. For the years ended December 31, 2022 and 2021, our sales outside North, Central and South America represented approximately 58% and 55%, respectively, of our total sales. We also rely on third-party service providers around the world to supply physical hosting and cloud environments in order to deliver and support our cloud-based services. Our global business operations involve varying degrees of risk and uncertainty inherent in doing business in so many different jurisdictions. Such risks include, among others, difficulties and costs of staffing and managing foreign operations; the possibility of unfavorable circumstances and additional compliance costs arising from host country laws or regulations, including unexpected changes in the interpretations thereof and reduced protection for intellectual property rights in some countries; partial or total expropriation; export duties and quotas; local tax exposure; economic or political instability, including as a result of insurrection, war, natural disasters, and major environmental, climate or public health concerns, such as the COVID-19 pandemic; differences in business practices; recessionary environments in multiple foreign markets; and damage to, or failure of, systems at third-party hosting facilities around the word resulting in outages or interruptions in our cloud-based services. We cannot be certain that the foregoing factors will not have a material adverse effect on our future revenues and, as a result, on our business, operating results and financial condition.
We have incurred net losses in the past and may incur losses in the future.
Although we have been profitable in the past several years, we incurred net losses during 2022.Our ability to maintain or increase profitability in the future depends in part on the following factors: the economic health of the global economy, including geopolitical tensions, the potential effects of the COVID-19 pandemic, record levels of inflation and rising interest rates; the rate of growth of, and changes in technology trends in our market and other industries in which we currently or may in the future operate; our ability to develop and manufacture new products and technologies and deliver new solutions in a timely manner; the competitive position of our products and services; the continued acceptance of our solutions by our customers and in the industries that we serve; and our ability to manage expenses. In the future, it may be necessary to undertake cost reduction initiatives to remain profitable, which could lead to a deterioration of our competitive position. Any difficulties that we encounter as we reduce our costs could negatively impact our results of operations and cash flows.Our revenues may not continue to increase or may grow at a lower rate than we have experienced in the past several years or may even decline, which would negatively impact our results of operations and cash flows. We cannot assure you that we will remain profitable.
We may increase our operating expenses in future periods. Our decision to increase operating expenses and the scope of such increases depends upon several factors, including the market situation and the effectiveness of our past expenditures. We may continue to make additional expenditures in anticipation of generating higher revenues, which we may not realize, if at all, until sometime in the future. This could cause reductions in our profitability or lead to losses. Additionally, a failure of any acquisition or product development initiative to produce increased revenues could have a material adverse effect on our operations and profitability.
A slowdown in the growth of the cyber security and application delivery solutions market would reduce our addressable market and solutions sales.
The cyber security and application delivery market in which we operate is rapidly evolving, and we cannot assure you that it will continue to develop and grow. In addition, we cannot assure you that our solutions and technology will keep pace with the changes to this market. Market acceptance of cyber security and application delivery solutions may be inhibited by, among other factors, a lack of anticipated congestion and strain on existing network infrastructures and the availability of alternative solutions. If demand for cyber security and application delivery solutions does not continue to grow, or grows at a slower pace than expected, we may not be able to sell enough of our solutions to maintain or increase our profitability.
If the market for our cloud-based solutions does not continue to develop and grow, we may incur capital and operating losses.
As we continue to expand our cloud-based solution offerings, our investments, both capital and operational, in our cloud business increase. We cannot assure you that sales of our cloud-based solutions will continue to develop and grow. In addition, we cannot assure you that our services and technology will keep pace with the changes in this market. Specifically, the emergence of alternative solutions, such as those offered by Amazon Web Services, Inc. (AWS), Microsoft Azure or Google’s public cloud, may negatively affect sales of our solutions.
Our solutions may have long sales cycles, which may reduce the predictability of our financial performance.
Our solutions are technologically complex and are typically intended for use in applications that may be critical to the business of our customers. As a result, our pre-sales process can be subject to delays associated with customers’ budgetary constraints and lengthy approval and procurement processes. The sales cycles of our solutions to new customers can last for as long as twelve months (and in some cases even longer, for example, with carrier customers) from initial presentation to sale. Long sales cycles result in a delay to our generation of revenue. Long sales cycles also subject us to risks not usually encountered in short sales cycles, including our customers’ budgetary constraints and internal acceptance reviews and processes prior to purchase. In addition, orders expected in one quarter could shift to another because of the timing of our customers’ procurement decisions. Furthermore, customers may defer orders in anticipation of new solutions or product enhancements introduced by us or by our competitors. These factors complicate our planning processes and reduce the predictability of our financial performance.
We may pursue acquisitions or other investments that could disrupt our business and harm our financial condition.
As part of our business strategy, we may invest in or acquire complimentary businesses, technologies or assets or enter into joint ventures or other strategic relationships with third parties. Past acquisitions have caused, and future acquisitions may cause, us to assume liabilities, incur acquisition-related costs, incur amortization expenses or realize write-offs on assets no longer being used or phased out. In addition, the future valuation of these acquisitions may decrease from the market price paid by us, which could result in the impairment of our goodwill and other intangible assets associated with the relevant acquired assets. Moreover, our operation of any acquired or merged businesses, technologies or assets could involve numerous risks, including:
post-merger integration problems resulting from the combination of any acquired operations with our own operations or from the combination of two or more operations into a new unified entity;
diversion of management’s attention from our core business;
substantial expenditures, which could divert funds from other corporate uses;
entering markets in which we have little or no experience;
loss of key employees of the acquired operations; and
known or unknown contingent liabilities, including, but not limited to, tax and litigation costs.
We cannot be certain that any past or future acquisitions or mergers will be successful. If the operation of the business of any future acquisitions or mergers disrupts our operations, our results of operations may be adversely affected, and even if we successfully integrate the acquired business with our own, we may not receive the intended benefits of the acquisition. In addition, our pursuit of potential acquisitions may divert our management’s attention from our core business and require considerable cash outlays at the expense of our existing operations, whether or not such transactions are consummated. A failure of any acquisitions or product developments to produce increased revenues could have a material adverse effect on our operations and profitability.
Our business in countries with a history of corruption and transactions with foreign governments increases the risks associated with our international activities.
As we operate and sell internationally, we are subject to the Foreign Corrupt Practices Act of 1977, as amended (the “FCPA”), the U.K. Bribery Act of 2010 (the “UK Bribery Act”) and other laws that prohibit improper payments or offers of payments to foreign governments and their officials and political parties for the purpose of obtaining or retaining business. We have operations, deal with and make sales to governmental customers in countries known to experience corruption, particularly certain emerging countries in Eastern Europe, South and Central America, East Asia, Africa and the Middle East. Our activities in these countries create the risk of unauthorized payments or offers of payments by one of our employees, consultants, channel partners or sales agents that could be in violation of various anti-corruption laws, even though these parties may not be under our control. While we have implemented safeguards to prevent these practices by our employees, consultants, channel partners and sales agents, our existing safeguards and any future improvements may prove to be less than effective, and our employees, consultants, channel partners or sales agents may engage in conduct for which we might be held responsible. Violations of the FCPA, the UK Bribery Act or other anti-corruption laws may result in severe criminal or civil sanctions, including suspension or debarment from government contracting, and we may be subject to other liabilities, which could negatively affect our business, operating results and financial condition.
Currency exchange rates and fluctuations of exchange rates could have a material adverse effect on our results of operations.
We are impacted by exchange rates and fluctuations thereof in a number of ways, including:
A large portion of our expenses in Israel, principally salaries and related personnel expenses, are paid in NIS, whereas most of our revenues are generated in U.S. dollars. When the U.S. dollar is weak, our foreign currency-denominated expenses will be higher, whereas if the U.S. dollar is strong, our foreign currency-denominated expenses will be lower. If the NIS strengthens against the U.S. dollar, the dollar value of our Israeli expenses will increase and may have a material adverse effect on our business, operating results and financial condition;
A portion of our international sales are denominated in currencies other than U.S. dollars, such as Euros, thereby exposing us to currency fluctuations in such international sales transactions;
We incur expenses in several other currencies in connection with our operations in Europe and Asia. Devaluation of the U.S. dollar relative to such local currencies causes our operational expenses to increase; and
The majority of our international sales are denominated in U.S. dollars. Accordingly, devaluation in the local currencies of our customers relative to the U.S. dollar could cause our customers to decrease orders or default on payment.
Commencing in 2022, although we engaged in foreign currency hedging transactions intended to reduce the effect of fluctuations in foreign currency exchange rates on our financial position and results of operations, not all of our potential exposure is covered and, regardless, there can be no assurance that any such hedging transactions will materially reduce the effect of fluctuations in foreign currency exchange rates on such results. For a further discussion of the impact on currency exchange rates on our business, see Item 11 “Quantitative and Qualitative Disclosures About Market Risk.”
Undetected defects and errors may increase our costs and impair the market acceptance of our products.
Our products have occasionally contained, and may in the future contain, undetected defects or errors, especially when first introduced or when new versions are released, due to defects or errors that we fail to detect, including in components supplied to us by third parties. These defects or errors may be found after the commencement of commercial shipments. In addition, because our customers integrate our products into their networks with products from other vendors, it may be difficult to identify the product that has caused the problem in the network. Regardless of the source of these defects or errors, we will then need to divert the attention of our engineering personnel from our product development efforts to detect and correct these errors and defects. We cannot assure you whether we will incur significant warranty or repair costs, be subject to liability claims for material damages related to product errors or defects or experience any material lags or delays as a result thereof in the future. Any insurance coverage that we maintain may also not provide sufficient protection should a claim be asserted. Moreover, the occurrence of errors and defects, whether caused by our products or the components supplied by another vendor, may result in significant customer relations problems and injure our reputation, thereby impairing the market acceptance of our products.
Our business and operating results could suffer if third parties infringe upon our proprietary technology.
Our success depends, in part, upon the protection of our proprietary software installed in our products, our trade secrets and trademarks. We seek to protect our intellectual property rights through a combination of trademark and patent law, trade secret protection, confidentiality agreements and other contractual arrangements with our employees, affiliates, distributors and others. In the United States and several other countries, we have registered or acquired trademarks. In addition, we have registered patents in the U.S. and other jurisdictions and have pending patent applications and provisional patents in connection with several of our products’ features.
The protective steps we have taken may be inadequate to deter infringement upon our intellectual property rights or misappropriation of our proprietary information. We may be unable to detect the unauthorized use of our proprietary technology or take appropriate steps to enforce our intellectual property rights. Effective trademark, patent and trade secret protection may not be available in every country in which we offer, or intend to offer, our products. In addition, our competitors may independently develop technologies that are substantially equivalent or superior to our technology. Any licenses for intellectual property that might be required for our services or products may not be available on reasonable terms. Failure to adequately protect our intellectual property rights could devalue our proprietary content, impair our ability to compete effectively and eventually harm our operating results. Furthermore, defending our intellectual property rights, either by way of initiating intellectual property litigation or defending such, could result in the expenditure of significant financial and managerial resources. Moreover, any adverse outcome of litigation proceedings could impact the value of our proprietary technology and have additional significant financial impacts, which may harm our operating results.
Our products may infringe on the intellectual property rights of others.
Third parties may assert claims that we have violated a patent, trademark, copyright or other proprietary intellectual property right belonging to them. As is characteristic of our industry, there can be no assurance that our products do not or will not infringe the proprietary rights of third parties, that third parties will not claim infringement by us with respect to patents or other proprietary rights, or that we would prevail in any such proceedings. We have received in the past, and may receive in the future, communications asserting that the technology used in some of our products requires third-party licenses. Any infringement claims, whether or not meritorious, could result in significant costly litigation or arbitration and divert the attention of technical and management personnel. Any adverse outcome in litigation alleging infringement could require us to develop non-infringing technology or enter into royalty or licensing agreements. If, in such situations, we are unable to obtain licenses on acceptable terms, we may be prevented from manufacturing or selling products that infringe such intellectual property of a third party. An unfavorable outcome or settlement regarding one or more of these matters could have a material adverse effect on our business, reputation and operating results.
Laws, regulations and industry standards affecting our business are evolving, and unfavorable changes could harm our business.
Laws, regulations and industry standards that apply to our business are becoming more prevalent and constantly evolving, particularly in the area of data privacy and cyber security. We may be impacted by changes in privacy-related and cyber security-related regulations governing the collection, use, retention, sharing and security of personal data that we collect, utilize, or otherwise process from our customers and/or visitors to their websites and others. Complying with a diverse range of privacy and cyber security requirements could cause us to incur substantial costs or require us to change our business practices in a manner adverse to our business. Any failure, or perceived failure, by us to comply with any privacy or cyber security-related laws, government regulations or directives, or industry self-regulatory principles could result in damage to our reputation or proceedings or actions against us by governmental entities or others, which could potentially have an adverse effect on our business.
For example, in the European Economic Area (EEA), we are subject to the General Data Protection Regulation 2016/679 (GDPR) and in the United Kingdom we are subject to the United Kingdom data protection regime consisting primarily of the UK General Data Protection Regulation and the UK Data Protection Act 2018 (UK DP Laws), in each case in relation to our collection, control, processing, sharing, disclosure and other use of data relating to an identifiable living individual (personal data). The GDPR, and national implementing legislation in EEA member states and the United Kingdom, impose a strict data protection compliance regime. Our compliance with GDPR and UK DP Laws, as well as other data privacy and cyber security laws around the world, evolving regulations of cloud computing, cross-border data transfer restrictions and other domestic or foreign regulations, has required and will continue to require us to invest significant resources in compliance and compliance-related areas.
Furthermore, laws, regulations and industry standards are subject to constant and, at times, drastic changes that, particularly in the case of industry standards, may arrive with little or no notice, and these could either help or hurt the demand for our solutions. If we are unable to adapt our solutions to changing laws, regulations and industry standards in a timely manner, or if our solutions fail to assist our customers with their compliance initiatives, our customers may lose confidence in our solutions and could switch to competing solutions. Recent legal developments in Europe have created complexity and uncertainty regarding transfers of personal data from the EEA and the United Kingdom to the United States. These recent developments may require us to review and amend the legal mechanisms by which we make and/or receive personal data transfers to or in the U.S. Such legal developments also cause us to look at our operations and review our data flows to ensure we can continue to meet clients’ increasing requests for data to remain in-country or in-region. At the same time, if, contrary to this trend, regulations and standards related to cyber security are changed in a manner that makes them less onerous, our customers may view government and industry regulatory compliance as less critical to their businesses, and our customers may purchase fewer of our solutions, or none at all. In either case, our sales and financial results would be negatively impacted and could be materially adversely affected.
Some of our solutions contain “open source” and third-party software, and any failure to comply with the terms of one or more of these open source and third-party software licenses could negatively affect our business.
Some of our products utilize open source technologies. Some open source software licenses require users who distribute or make available as a service open source software as part of their own software product to publicly disclose all or part of the source code of the users’ software product or to make available any derivative works of the open source code on unfavorable terms or at no cost. We have established processes to help alleviate these risks, including a review process for screening requests from our development organization for the use of open source software, but we cannot be sure that all open source software is submitted for approval prior to use in our products. In addition, open source license terms may be ambiguous and many of the risks associated with use of open source software cannot be eliminated, and could, if not properly addressed, negatively affect our business. We may face ownership claims from third parties over, or seeking to enforce the license terms applicable to, such open source software, including by demanding the release of the open source software, derivative works or our proprietary source code. Any such requirement to disclose our source code or other confidential information related to our products could materially and adversely affect our competitive position and may adversely impact our business, results of operations and financial condition. In addition, if the license terms for the open source code change, we may be forced to re-engineer our software or incur additional costs.
In addition, some of our solutions include other software or intellectual property licensed from third parties. This exposes us to risks over which we may have little or no control. There can be no assurance that the licenses from such third-party licensors will continue to be available to us on acceptable terms, if at all. In addition, while we believe we are compliant with the terms of our third-party licenses, such licensors may still assert that we are in breach of the terms of a license, which could give such licensors the right to terminate a license or seek damages from us, or both. Our inability to maintain such licenses or the need to engage in litigation regarding these matters, could result in delays in releases of new products, and could otherwise disrupt our business, unless and until equivalent technology can be identified, licensed or developed at substantially the same costs to us.
An increasing amount of intangible assets and goodwill on our books may in the future lead to significant impairment charges.
The amount of goodwill and intangible assets on our consolidated balance sheets was, as of December 31, 2022, approximately $87.7 million, compared to $51.9 million as of December 31, 2021. We regularly review our intangible and tangible assets, including goodwill, for impairment. Goodwill is subject to impairment review at least annually, and other intangible assets are reviewed for impairment when there is an indication that impairment may have occurred. Impairment testing has led to, and may in the future lead to, significant additional impairment charges.
Additional tax liabilities, including due to tax positions we have taken, could materially adversely affect our results of operations and financial condition.
We operate our business in various countries, and we attempt to utilize an efficient operating model to optimize our tax payments based on the laws in the countries in which we operate. This can cause disputes between us and various tax authorities in the countries in which we operate, whether due to tax positions that we have taken in various tax returns we have filed or due to determinations we have made not to file tax returns in certain jurisdictions. In particular, not all of our tax returns are final and may be subject to further audit and assessment by applicable tax authorities. There can be no assurance that the applicable tax authorities will accept our tax positions, and, if they do not, we may be required to pay additional taxes. In the past few years, certain tax authorities who have audited our tax returns have rejected our tax positions, and, while we intend to vigorously maintain our positions, we cannot be sure that our positions will be accepted, and we may end up paying additional taxes, whether as a result of litigation, if instituted, or settlement negotiations. While we have established reserves based on assumptions and estimates that we believe are reasonable to cover such positions, these reserves may prove to be insufficient and as such, our future results may be adversely affected.
In recent years, we have seen changes in tax laws resulting in an increase in applicable tax rates, especially increased liabilities of corporations and limitations on the ability to benefit from strategic tax planning, with these laws particularly focused on international corporations. Such legislative changes in one or more jurisdictions in which we operate may have implications on our tax liability and have a material adverse effect on our results of operations and financial condition. For example, the Organization for Economic Cooperation and Development, or the OECD, an intergovernmental organization that aims to promote the economic and social well-being of people around the world, introduced the base erosion and profit shifting (BEPS) project. The BEPS project contemplates changes to numerous international tax principles, as well as national tax incentives, and these changes, if adopted by individual countries, could adversely affect our provision for income taxes. Countries have only recently begun to translate the BEPS recommendations into specific national tax laws, and it remains difficult to predict with accuracy the magnitude of any impact that such new rules may have on our financial results. The U.S. and Israel, among other countries in which we have operations, are members of the OECD.
The enactment of legislation changing the United States’ taxation of international business activities could materially impact our financial position and results of operations.
Due to the expansion of our international business activities, any changes in the U.S. taxation of such activities may increase our worldwide effective tax rate, and adversely affect our financial position and results of operations. The U.S. presidential administration and members of the U.S. Congress have proposed significant changes in U.S. federal income tax law, regulation and government policy within the United States, which could affect us and our business. For example, the recent Inflation Reduction Act enacted in the United States introduced, among other changes, a 15% corporate minimum tax on certain United States corporations and a 1% excise tax on certain stock redemptions by United States corporations (which the U.S. Treasury indicated may also apply to certain stock redemptions by a foreign corporation funded by certain United States affiliates). Further, other foreign governments may enact tax laws in response to any changes in the U.S. taxation of international business activities that could result in further changes to global taxation and materially affect our financial position and results of operations. We are currently unable to predict whether these or other changes will occur and, if so, the ultimate impact on our business. To the extent that such changes have a negative impact on us, our suppliers or our consumers, including as a result of related uncertainty, these changes may materially and adversely impact our business, financial condition, results of operations and cash flow.
If we are unable to realize our investment objectives, our financial condition and results of operations may be adversely affected.
We maintain substantial balances of cash and liquid investments as strategic assets for purposes of acquisitions and general corporate purposes, including share repurchases. Our cash, cash equivalents, short- and long-term bank deposits and marketable securities totaled $432.0 million as of December 31, 2022, compared to $465.8 million as of December 31, 2021. The performance of the capital markets is the primary factor that affects the values of funds that are held in marketable securities. While we believe we have taken a conservative approach in our investments, by investing the majority of our debt marketable securities portfolio at securities that are rated A- or higher, these assets are subject to market fluctuations and various developments, including, without limitation, rating agency downgrades that may impair their value. We expect that market conditions will continue to fluctuate and that the fair value of our investments may be affected accordingly, including, without limitation, by the economic effects of the COVID-19 pandemic and the rising levels of inflation and interest rates.
Financial income is a component of our net income and the outlook for our financial income is dependent, in part, on the future direction of interest rates, exchange rates, the amount of any share repurchases or acquisitions that we make and the amount of cash flows from operations that are available for investment. For example, for the years ended December 31, 2022 and 2021, we had $8.1 million and $4.4 million, respectively, of net financial income, that was primarily derived from the value of our investments. The performance of the capital markets affects the values of our funds that are held in marketable securities. These assets are subject to market fluctuations and will yield uncertain returns. Due to certain market developments, including investments’ rating downgrades, the fair value of these investments may decline. If market conditions continue to fluctuate, the fair value of our investments may be impacted accordingly. Although our investment guidelines stress diversification and capital preservation, our investments are subject to a variety of risks, including risks related to general economic conditions, interest rate fluctuations and market volatility.
In particular, our investment portfolios include a significant amount of interest rate-sensitive instruments, such as bonds, which, in addition to the inherent risk associated with the debt, may be adversely affected by changes in interest rates. Changes in interest rates and credit quality may also result in fluctuations in the income derived from, or the valuation of, our fixed income securities. Interest rates are highly sensitive to many factors, including governmental monetary policies, domestic and international economic and political conditions and other factors beyond our control. For example, benchmark interest rates, such as the U.S. Federal Funds Rate, are currently relatively high, which is likely to significantly impact our investment income. Additional increases in interest rates might decrease the value of our investments in fixed-income securities. If increases in interest rates occur during periods when we sell investments to satisfy liquidity needs, we may experience investment losses. Conversely, if interest rates decline, reinvested funds and our investment in bank deposits will earn less than expected.
In terms of credit risk, our investment portfolio policy is “buy and hold” while minimizing credit risk by setting maximum concentration limit per issuer and credit rating. Our investments consist primarily of government and corporate bonds and bank deposits. Although we believe that we generally adhere to conservative investment guidelines, if turmoil in the financial markets reoccurs in the future, it may result in impairments of the carrying value of our investment assets since we classify our investments in marketable securities as available-for-sale. Changes in the fair value of investments classified as available-for-sale are not recognized as income (loss) during the period, but rather are recognized as a separate component of equity until realized. Realized losses in our investments portfolio may adversely affect our financial position and results. For example, if we had reported all the changes in the fair values of our investments into income (loss), our reported net loss would have increased by $4.4 million during the year ended December 31, 2022, and our net income would have decreased by $0.5 million during the year ended December 31, 2021. Any significant decline in our financial income or the value of our investments as a result of continued high interest rates, deterioration in the credit worthiness of the securities in which we have invested, general market conditions or other factors could have an adverse effect on our results of operations and financial condition.
We rely on information systems to conduct our businesses, and failure to protect these systems against security breaches and otherwise to implement, integrate, upgrade and maintain such systems in working order could have a material adverse effect on our results of operations, cash flows or financial condition.
The efficient operation of our businesses depends on our computer hardware and software systems. For instance, we rely on information systems to process customer orders, manage accounts receivable collections, manage accounts payable processes, track costs and operations, maintain client relationships and accumulate financial results. Despite our implementation of industry-accepted security measures and technology, our information systems are vulnerable to, and have been in the past subject to, computer viruses, attempts to insert malicious codes, unauthorized access, phishing efforts, denial-of-service attacks and other cyber-attacks, and we expect to be subject to similar attacks in the future as such attacks become more sophisticated and frequent. A breach of our information systems could result in decreased performance, operational difficulties and increased costs, any of which could have a material adverse effect on our business and operating results.
Major disruptions or deficiencies of our information systems could disrupt our operations and cause unanticipated increases in our costs.
We have invested, and intend to continue to invest, significant capital and human resources in our information systems, including in a project for company-wide sales, operations and services support systems. Any major disruptions or deficiencies in the design and implementation of our information systems, particularly those that impact our operations, could adversely affect our ability to process customer orders, ship products, provide services and support to our customers, bill and track our customers, timely report our financial results and otherwise run our business.
Our business may be affected by sanctions, export controls and similar measures targeting Russia and other countries and territories as well as other responses to Russia’s military conflict in Ukraine, including indefinite suspension of operations in Russia and dealings with Russian entities by many multi-national businesses across a variety of industries.
As a result of Russia’s military conflict in Ukraine, governmental authorities in the United States, the European Union and the United Kingdom, among others, launched an expansion of coordinated sanctions and export control measures, including:
blocking sanctions on some of the largest state-owned and private Russian financial institutions (and their subsequent removal from SWIFT);
| • | blocking sanctions against Russian and Belarusian individuals, including the Russian President, other politicians and those with government connections or involved in Russian military activities; |
blocking sanctions against certain Russian businessmen and their businesses, some of which have significant financial and trade ties to the European Union;
blocking of Russia’s foreign currency reserves and prohibition on secondary trading in Russian sovereign debt and certain transactions with the Russian Central Bank, National Wealth Fund and the Ministry of Finance of the Russian Federation;
expansion of sectoral sanctions in various sectors of the Russian and Belarusian economies and the defense sector;
United Kingdom sanctions introducing restrictions on providing loans to, and dealing in securities issued by, persons connected with Russia;
restrictions on access to the financial and capital markets in the European Union, as well as prohibitions on aircraft leasing operations;
sanctions prohibiting most commercial activities of U.S. and EU persons in Crimea and Sevastopol;
enhanced export controls and trade sanctions targeting Russia’s imports of technological goods as a whole, including tighter controls on exports and re-exports of dual-use items, stricter licensing policy with respect to issuing export licenses, and/or increased use of “end-use” controls to block or impose licensing requirements on exports, as well as higher import tariffs and a prohibition on exporting luxury goods to Russia and Belarus;
closure of airspace to Russian aircraft; and
ban on imports of Russian oil, liquefied natural gas and coal to the United States.
As the conflict in Ukraine continues, there can be no certainty regarding whether the governmental authorities in the United States, the European Union, the United Kingdom or other counties will impose additional sanctions, export controls or other measures targeting Russia, Belarus or other territories. Furthermore, in retaliation against new international sanctions and as part of measures to stabilize and support the volatile Russian financial and currency markets, the Russian authorities also imposed significant currency control measures aimed at restricting the outflow of foreign currency and capital from Russia, imposed various restrictions on transacting with non-Russian parties, banned exports of various products and other economic and financial restrictions.
Our business must be conducted in compliance with applicable economic and trade sanctions laws and regulations, including those administered and enforced by the U.S. Department of Treasury’s Office of Foreign Assets Control, the U.S. Department of State, the U.S. Department of Commerce, the United Nations Security Council and other relevant governmental authorities. We must be ready to comply with the existing and any other potential additional measures imposed in connection with the conflict in Ukraine. The imposition of such measures could adversely impact our business, including preventing us from performing existing contracts, recognizing revenue, pursuing new business opportunities or receiving payment for products already supplied or services already performed with customers.
In 2022 and 2021, 7% and 5%, respectively, of our total revenues were from sales to customers located in Russia. We continuously review and monitor our contractual relationships with suppliers and customers to establish whether any of them are the target of the applicable sanctions. In the event that we identify a party with which we have a business relationship that is the target of applicable sanctions, we would immediately activate a legal analysis of what gives rise to the business relationship, including any contract, to estimate the most appropriate course of action to comply with the sanction regulations, together with the impact of a contractual termination according to the applicable law, and then proceed as required by the regulatory authorities. However, given the range of possible outcomes, the full costs, burdens, and limitations on our and our customer’s and business partners’ businesses are currently unknown and may become significant.
Furthermore, even if an entity is not formally subject to sanctions, customers and business partners of such entity may decide to reevaluate or cancel projects with such entity for reputational or other reasons. As result of the ongoing conflict in Ukraine, many U.S. and other multi-national businesses across a variety of industries, including consumer goods and retail, food, energy, finance, media and entertainment, tech, travel and logistics, manufacturing and others, have indefinitely suspended their operations and paused all commercial activities in Russia and Belarus. Depending on the extent and breadth of sanctions, export controls and other measures that may be imposed in connection with the conflict in Ukraine, it is possible that our business, financial condition and results of operations could be materially and adversely affected.
Climate change may have an adverse impact on our business.
Global climate change may result in certain natural disasters occurring more frequently or with greater intensity, such as drought, wildfires, storms, sea-level rise, and flooding and many believe that the risks related to climate change are increasing in both impact and type of risk. While we do not believe there will be significant near-term impacts to our business and operations due to climate change, long-term impacts remain unknown. These include operational risks impacting, among other things, our supply chain, our personnel or electrical power availability from climate changed-related weather events as well as business and regulatory risks. For example, regulatory risks resulting from changes in laws and regulations on climate change may increase our compliance costs and limit our ability to operate. Similarly, the evolving customer and other stakeholder expectations and regulatory requirements to reduce carbon emissions could present a risk of loss of business if we are not able to meet those expectations or requirements.
Our disclosures and initiatives related to environmental, social and governance (ESG) matters expose us to numerous risks, including risks to our reputation, business, financial performance and growth.
There has been increasing public focus by investors, customers, environmental activists, the media and governmental and nongovernmental organizations on a variety of ESG matters, which may result in increased costs (including but not limited to increased costs related to compliance, stakeholder engagement, and contracting), impact our reputation, or otherwise affect our business performance. As we identify ESG topics for voluntary disclosure, we have expanded and, in the future, may continue to expand, our voluntary disclosures in these areas. Statements about our ESG initiatives and goals, and progress against those goals, may be based on standards for measuring progress that are still developing, internal controls and processes that continue to evolve, and assumptions that are subject to change in the future. If our ESG-related data, processes and reporting are incomplete or inaccurate, or if we fail to achieve progress with respect to our ESG goals on a timely basis, or at all, our reputation, business, financial performance and growth could be adversely affected. In addition, this emphasis on ESG matters has resulted and may result in the adoption of new laws and regulations, including new reporting requirements. If we fail to comply with new laws, regulations or reporting requirements, our reputation and business could be adversely impacted.
Risks Related to the Market for Our Ordinary Shares
Yehuda Zisapel, our chairman of the board, Nava Zisapel, and Roy Zisapel, our President, Chief Executive Officer and director, may exert significant influence in the election of our directors and over the outcome of other matters requiring shareholder approval.
As of March 26, 2023, Yehuda Zisapel, the Chairman of our Board of Directors, beneficially owned approximately 4.44% of our outstanding ordinary shares; Nava Zisapel, beneficially owned approximately 6.98% of our outstanding ordinary shares; and their son, Roy Zisapel, our President, Chief Executive Officer and director, beneficially owned approximately 3.40% of our outstanding ordinary shares (see Item 6.E “Share Ownership”). As a result, if these shareholders act together, they could exert significant influence on the election of our directors and on decisions by our shareholders on matters submitted to shareholder vote, including mergers, consolidations and the sale of all or substantially all of our assets. This concentration of ownership of our ordinary shares could delay or prevent proxy contests, mergers, tender offers, or other purchases of our ordinary shares that might otherwise give our shareholders the opportunity to realize a premium over the then-prevailing market price for our ordinary shares. This concentration of ownership may also adversely affect our share price.
Provisions of our Articles of Association and Israeli law as well as the terms of our equity incentive plan could delay, prevent or make a change of control of us more difficult or costly, which could depress the price of our ordinary shares.
The provisions in our Articles of Association relating to the election of our directors in three staggered classes, the submission of shareholder proposals for shareholders meetings and the quorum requirement for adjourned shareholder meetings may have the effect of delaying or making an unsolicited acquisition of our Company more difficult. Israeli corporate and tax laws, including the ability of our Board of Directors to adopt a shareholder rights plan without further shareholder approval, may also have the effect of delaying, preventing or making an acquisition of us more difficult. For example, under the Companies Law, upon the request of a creditor of either party to a proposed merger, an Israeli court may delay or prevent the merger if it concludes that there is a reasonable concern that, as a result of the merger, the surviving company will be unable to satisfy the obligations of any of the parties to the merger. In addition, our Key Employee Share Incentive Plan (1997), as amended, or the Share Incentive Plan provides that, in the event of a “Hostile Takeover” (which is defined to include, among others, an unsolicited acquisition of more than 20% of our outstanding shares), the vesting of all or a portion of our outstanding equity awards will accelerate, unless otherwise determined by our Board of Directors (or a committee thereof). As a result, an acquisition of our Company that triggers the said acceleration will be more costly to a potential acquirer. These provisions could cause our ordinary shares to trade at prices below the price for which third parties might be willing to pay to gain control over us. Third parties who are otherwise willing to pay a premium over prevailing market prices to gain control of us may be unwilling to do so because of these provisions.
Our share price has been volatile in the past and may be subject to volatility in the future.
The market price for our ordinary shares, as well as the prices of shares of other technology companies, has been volatile. For example, during 2022 the lowest closing price of our share was $17.42, compared to the highest closing price of our share of $41.67 during the same year. The volatility of our share price may have a negative impact on our financial performance as a result of its negative impact on employee retention. Numerous factors, many of which are beyond our control, may cause the market price and trading volume of our ordinary shares to fluctuate significantly and decrease further, including:
operating results that do not meet forecasts by securities analysts;
announcements concerning us or our competitors;
the introduction of new products and new industry standards;
general market conditions and changes in market conditions in our industry;
the general state of securities markets (particularly the technology sector);
| • | political, economic and other developments in the State of Israel, the U.S. and worldwide, including, for example, the recent military conflict in Ukraine; and |
any of the events underlying any of the other risks or uncertainties set forth elsewhere in this annual report actually occurs.
If we are characterized as a passive foreign investment company, our U.S. shareholders may suffer adverse tax consequences.
Generally, if for any taxable year, after applying certain “look through” tax rules, (i) 75% or more of our gross income is passive income, or (ii) at least 50% of the fair market value of our assets, averaged quarterly over our taxable year, are held for the production of, or produce, passive income, we would be characterized as a passive foreign investment company, or PFIC, for U.S. federal income tax purposes. If we are classified as a PFIC, our U.S. shareholders could suffer adverse U.S. tax consequences, including having gain realized on the sale of our ordinary shares treated as ordinary income, as opposed to capital gain income, and having potentially punitive interest charges apply to such gain. Similar rules would apply to certain “excess distributions” made with respect to our ordinary shares.
For our taxable year ended December 31, 2022, we do not believe that we should be classified as a PFIC. There can be no assurance, however, that the IRS will not challenge this treatment, and it is possible that the IRS could attempt to treat us as a PFIC for 2022 and prior taxable years. The tests for determining PFIC status are applied annually, and require a factual determination that depends on, among other things, the composition of our income, assets and activities in each taxable year, and can only be made annually after the close of each taxable year. Furthermore, the aggregate value of our gross assets is likely to be determined in part by reference to the trading price of our ordinary shares, which could fluctuate significantly. We have a substantial balance of cash and other liquid investments, which are passive assets for purposes of the PFIC determination. Accordingly, if our market capitalization declines significantly, it may make our classification as a PFIC more likely for the current or future taxable years. Accordingly, there can be no assurance that we will not become a PFIC in future taxable years. U.S. shareholders should consult with their U.S. tax advisors with respect to the U.S. tax consequences of investing in our ordinary shares. For a more detailed discussion of the rules relating to PFICs and related tax consequences, please see the section of this annual report titled Item 10.E “Taxation—United States Federal Income Tax Considerations.”
If a U.S. person is treated as owning at least 10% of our ordinary shares, such holder may be subject to adverse U.S. federal income tax consequences.
Depending upon the aggregate value and voting power of our ordinary shares that U.S. persons are treated as owning (directly, indirectly, or constructively), we could be treated as a controlled foreign corporation (a “CFC”). Additionally, because our group consists of one or more U.S. subsidiaries, certain of our non-U.S. subsidiaries will be treated as CFCs, regardless of whether or not we are treated as a CFC. If a U.S. person is treated as owning (directly, indirectly or constructively) at least 10% of the value or voting power of our ordinary shares, such person may be treated as a “U.S. shareholder” with respect to each CFC in our group (if any), which may subject such person to adverse U.S. federal income tax consequences. Specifically, a U.S. shareholder of a CFC may be required to annually report and include in its U.S. taxable income its pro rata share of each CFC’s “Subpart F income,” “global intangible low-taxed income” and investments in U.S. property, whether or not we make any distributions of profits or income of a CFC to such U.S. shareholder. If you are treated as a U.S. shareholder of a CFC, failure to comply with these reporting obligations may subject you to significant monetary penalties and may prevent the statute of limitations with respect to your U.S. federal income tax return for the year for which reporting was due from starting. Additionally, a U.S. shareholder that is an individual would generally be denied certain tax deductions or indirect foreign tax credits that may otherwise be allowable to a U.S. shareholder that is a U.S. corporation. We cannot provide any assurances that we will assist investors in determining whether we or any of our non-U.S. subsidiaries are treated as CFCs or whether any investor is treated as a U.S. shareholder with respect to any of such CFC, nor do we expect to furnish to any U.S. shareholders information that may be necessary to comply with the aforementioned reporting and tax paying obligations. The United States Internal Revenue Service provided limited guidance on situations in which investors may rely on publicly available alternative information to comply with their reporting and tax paying obligations with respect to foreign-controlled CFCs. U.S. investors should consult their advisors regarding the potential application of these rules to their investment in our ordinary shares.
Risks Related to Operations in Israel
Political, economic and military instability in the Middle East or Israel may harm our business.
We are incorporated under Israeli law, and our principal offices and manufacturing and research and development facilities are located in Israel. In addition, the majority of our key employees, officers and directors are residents of Israel. Accordingly, political, economic and security conditions in Israel and the surrounding region could directly affect our business and our operations and financial results could be adversely affected ifin the event of any political, economicinstability, terrorism, armed conflicts, or military events curtailed or interrupted trade between Israel and its present trading partners or if majorother hostilities involving Israel should occur in the Middle East.
Over the past several decades, a number of armed conflicts have taken place between Israel and its Arab neighbors, and a state of hostility and violence, varying in degree and intensity, has existed between Israel and certain other countries or militant groups in the region as well as, since late 2000, between Israel and the Palestinians. These conflicts have strained Israel’s relationship with its Arab citizens, Arab countries and, to some extent, with other countries around the world. In addition, Israel faces threats, including cyber threats, from more distant neighbors, such as Iran (which has previously threatened to attack Israel and is believed to have a presence in Syria as well as influence over Hamas in Gaza and Hezbollah, a militia and political group operating in Lebanon). This situation may potentially escalate in the future and this instability in the region may affect the global economy and marketplace. We do not believeThere can be no assurance that the political and security situation has had awill not have any material impact on our business to date; however, there can be no assurance that this will bein the case for future operations.future.
Furthermore, some of our directors, officers and employees are, unless exempt, obligated to perform annual military reserve duty, depending upon their age and prior position in the army. They may also be subject to being called to active duty at any time under emergency circumstances.Our operations could be disrupted by the absence, for a significant period, of one or more of these officers or other key employees due to military service, and any disruption in our operations could harm our business. The full impact on our workforce or business if some of our officers and employees are called upon to perform military service, especially in times of national emergency, is difficult to predict.
Our commercial insurance does not cover losses that may occur as a result of events associated with the security situation in the Middle East, such as damages to our facilities resulting in the disruption of our operations. Although the Israeli government currently covers the reinstatement value of direct damages that are caused by terrorist attacks or acts of war, we cannot be assured that this government coverage will be maintained or will be adequate in the event we submit a claim. We could be adversely affected by any major hostilities, including acts of terrorism as well as cyber-attacks or any other hostilities involving or threatening Israel, the interruption or curtailment of trade between Israel and its trading partners, a significant downturn in the economic or financial condition of Israel, or a significant increase in the rate of inflation.
Furthermore, some neighboring countries, as well as certain companies, organizations and movements, continue to participate in a boycott of Israeli firms and others doing business with Israel or with Israeli companies. In the past several years, there have been increased efforts by activists to cause companies and consumers to boycott Israeli goods based on Israeli government policies. Similarly, Israeli companies are limited in conducting business with entities from several countries. Restrictive laws, policies or practices directed towards Israel or Israeli businesses could have an adverse impact on our operating results, financial condition or the expansion of our business.
Furthermore, the Israeli government is currently pursuing extensive changes to Israel’s judicial system. In response to the foregoing developments, certain leading international financial institutions, including investment banks, investors and key economists, have indicated several causes for concern, including that such proposed changes, if adopted, may cause a downgrade to Israel’s sovereign credit rating and Israel’s international standing, which would adversely affect the macroeconomic condition in which we operate, and also potentially deter foreign investment into Israel or Israeli companies, which may, among other things, hinder our ability to raise additional funds, if deemed necessary by our management and board of directors.
The tax benefits we may receive in connection with our preferred enterprise program require us to satisfy prescribed conditions and may be terminated or reduced in the future. This would increase taxes and decrease our net profit.
We have in the past benefited, and currently benefit, from certain government programs and tax benefits in Israel, including in connection with our preferred enterprise program (see under Item 10.E “Taxation—Israeli Tax Considerations”). To remain eligible to obtain such tax benefits, we must continue to meet certain conditions. If we fail to comply with these conditions in the future, the benefits we receive could be cancelled, and we may have to pay certain taxes. We cannot guarantee that these programs and tax benefits will be continued in the future, at their current levels or at all. If these programs and tax benefits are ended, our tax expenses and the resulting effective tax rate reflected in our financial statements may increase and as such our business, financial condition and results of operations could be materially and adversely affected.
We have obtained benefits from the Israeli Innovation Authority that subject us to ongoing restrictions.
We have in the past received, and in the future may apply for, royalty-bearing or non-royalty bearing grants from the Israeli Innovation Authority (formerly known as the Office of the Chief Scientist of the Israeli Ministry of Economy and Industry), or the IIA, for research and development programs that meet specified criteria pursuant to the Law for the Encouragement of Research, Development and Technological Innovation in Industry, 1984 (formerly known as the Law for Encouragement of Research and Development in Industry, 1984), and the regulations promulgated thereunder, or the Innovation Law. The terms of the IIA grants limit our ability to manufacture products outside of Israel or to transfer technologies in or outside Israel if such products or technologies were developed using know-how developed with or based upon IIA grants. In addition, a change of control in us and the acquisition of 5% or more of our ordinary shares by a non-Israeli may require notification to the IIA and the provision of an undertaking to comply with the Innovation Law, some of the principal restrictions and penalties of which are the transferability limits described above and elsewhere in this annual report.
It may be difficult to enforce a U.S. judgment against us or our officers and directors and to assert U.S. securities laws claims in Israel.
We are incorporated under the laws of the State of Israel, our corporate headquarters is located in Israel and several of our current officers and directors reside in Israel. Service of process upon us, our Israeli subsidiary, our directors and officers and the Israeli experts, if any, named in this annual report, substantially all of whom reside outside the United States, may be difficult to obtain within the United States. Furthermore, because a majority of our assets and investments, and substantially all of our directors, officers and such Israeli experts are located outside the United States, any judgment obtained in the United States against us or any of them may be difficult to collect within the United States and may not be enforced by an Israeli court.
We have been informed by our legal counsel in Israel that it may also be difficult to assert U.S. securities law claims in original actions instituted in Israel. Israeli courts may refuse to hear a claim based on an alleged violation of U.S. securities laws if they determine that Israel is not the most appropriate forum to bring such a claim. In addition, even if an Israeli court agrees to hear a claim, it may determine that Israeli law and not U.S. law is applicable to the claim. There is little binding case law in Israel addressing these matters. If U.S. law is found to be applicable, the content of applicable U.S. law must be proven as a fact, which can be a time-consuming and costly process. Certain matters of procedure will also be governed by Israeli law.
Subject to specified time limitations and legal procedures, under the rules of private international law currently prevailing in Israel, Israeli courts may enforce a U.S. judgment in a civil matter, including a judgment based upon the civil liability provisions of the U.S. securities laws as well as a monetary or compensatory judgment in a non-civil matter, provided that only if the following key conditions are met:met:
subject to limited exceptions, the judgment is final and non-appealable;
the judgment was given by a court competent under the laws of the state of the court and is otherwise enforceable in such state;
the judgment was rendered by a court competent under the rules of private international law applicable in Israel;
the laws of the state in which the judgment was given provide for the enforcement of judgments of Israeli courts;
adequate service of process has been effected and the defendant has had a reasonable opportunity to present his arguments and evidence;
the judgment is enforceable under the laws of State of Israel and its enforcement is not contrary to the law, public policy, security or sovereignty of the State of Israel;
the judgment was not obtained by fraud and does not conflict with any other valid judgment in the same matter between the same parties; and
an action between the same parties in the same matter was not pending in any Israeli court at the time the lawsuit was instituted in the U.S. court.
Your rights and responsibilities as a shareholder will be governed by Israeli law, which may differ in some respects from the rights and responsibilities of shareholders of U.S. companies.
The rights and responsibilities of the holders of our ordinary shares are governed by our amended and restated articlesArticles of associationAssociation and Israeli law. These rights and responsibilities differ in some respects from the rights and responsibilities of shareholders in typical U.S.-based corporations. For example, a shareholder of an Israeli company has a duty to act in good faith toward the company and other shareholders and to refrain from abusing its power in the company, including, among other things, in voting at the general meeting of shareholders on matters such as amendments to a company’s articles of association, increases in a company’s authorized share capital, mergers and acquisitions and interested party transactions requiring shareholder approval. In addition, a shareholder who knows that it possesses the power to determine the outcome of a shareholder vote or to appoint or prevent the appointment of a director or executive officer in the company has a duty of fairness toward the company. There is limited case law available to assist us in understanding the implications of these provisions that govern shareholders’ actions. These provisions may be interpreted to impose additional obligations and liabilities on holders of our ordinary shares that are not typically imposed on shareholders of U.S. corporations.
ITEM 4.4. | INFORMATION ON THE COMPANY |
A.History and Development of the Company
Corporate History and Details
Radware Ltd. was organized in May 1996 as a corporation under the laws of the State of Israel and commenced operations in 1997. Our principal executive offices are located at 22 Raoul Wallenberg Street, Tel-AvivTel Aviv 6971917, Israel and our telephone number is 972-3-766-8666. Our website address is www.radware.com (information contained on our website is not incorporated herein by reference and shall not constitute part of this annual report).In addition, the SEC maintains a website that contains reports, proxy and information statements, and other information regarding issuers that file electronically with the SEC: http://www.sec.gov.
As of September 1, 1998, we established Radware Inc., our wholly owned subsidiary in the United States (Radware US), which conducts the sales and marketing of our products and services in the Americas and is our authorized representative and agent in the United States. The principal offices of Radware US are located at 575 Corporate Dr., Lobby 2, Mahwah, New Jersey 07430 and its telephone number is 201-512-9771. We also have several other wholly owned subsidiaries world-wideworldwide handling primarily local support and promotion activities.
In September 1999, we conducted the initial public offering of our ordinary shares that commenced trading on the Nasdaq.Nasdaq.
In the past decade we have made several acquisitions, including, most recently (February 2022), the acquisition of the technology and operations of DC Security Ltd. (previously known as SecurityDAM Ltd. (SecurityDAM)), a related party and a cloud DDoS network operator that supplied us with scrubbing center services used for the provision of our cloud DDoS Protection Service.
Recent Major Business Developments
In February 2022, we announced a strategic initiative to accelerate the growth of our cloud security business, which entails, among other things, the acquisition of the technology and operations of SecurityDAM, growing our innovation center in India, and expanding our cloud service capacity and delivery network. For additional details, see also Item 7.B “Related Party Transactions”.Transactions.”
In May 2022, we announced the launch of SkyHawk (CNP) Security Ltd., or SkyHawk Security, a spinoff of our Cloud Native Protector business with a strategic external investment of an affiliate of Tiger Global Management.
For recent major product activities, see Item 4.B “Business Overview—Our Solutions” under the captions “Recent Solution Offering Activities” and “Recent Technology Partnerships Activity.”
For a discussion of our capital expenditures and divestitures, see Item 5.B “Liquidity and Capital Resources - Principal Capital Expenditures and Divestitures.”
B.Business Overview
Overview
We are a provider of cyber security and application delivery solutions for cloud, physical,on-premise, and software defined data centers (SDDC). Our solutions securessecure the digital experience by providing infrastructure, application, and corporate ITnetwork protection and availability services to enterprises globally. Our solutions are deployed by, among others, enterprises, carriers and cloud service providers.
Our solutions are offered in two main categories:
| • | Products – We offer a range of physicalcloud-based subscriptions, on-premise products, software products product subscriptions and cloud-basedproduct subscriptions (or a combination of these) for enterprise and carrier data centers, as part of their IT and application infrastructure.to our customers. |
| • | Customer Services (Services) – We offer technical support, professional services, managed services and training and certification to our customers.
|
The sections below provide an overview of our key solutions and services according to the above GTM targets.
Our Products
Our cloud-based subscription offering consists of the following key cloud-based subscriptions:
o | Cloud DDoS Protection Service. Our Cloud DDoS Protection Service provides a full range of enterprise-grade DDoS protection services in the cloud. Based on our DDoS protection technology, it aims to offer organizations wide security coverage, accurate detection and short time to protect from today’s dynamic and evolving DDoS attacks. We offer a multi-vector DDoS attack detection and mitigation service, handling network-layer attacks, server-based attacks and application-layer DDoS attacks. |
Our Cloud DDoS Protection Service is offered in multiple deployment options to meet an organization’s specific needs:
| ◾ | Always-On Cloud DDoS Protection Service. This service provides always-on protection where traffic is always routed through Radware’s cloud security scrubbing centers with no on-premise device required for detection and mitigation. This service is recommended for organizations that have applications hosted in the cloud or those that are not able to deploy an on-premise attack mitigation device in their data center. |
| ◾ | Always-On Hybrid Cloud DDoS Protection Service. This service integrates with our on-premise DDoS Protection device. The traffic is mitigated in the on-premise device and diverted through Radware’s cloud security scrubbing centers upon a large volumetric DDoS attack that aims to saturate the internet pipe. This service is recommended for organizations that place a high premium on the user experience and wish to avoid even the slightest possible downtime as a result of DDoS attacks. |
| ◾ | On-Demand Cloud DDoS Protection Service. This service protects against internet pipe saturation and is activated when the attack threatens to saturate the organization’s internet pipe. This service is recommended for organizations that are looking for the lowest cost solution and are less sensitive to real-time detection of DDoS attacks. |
| ◾ | On-Demand Cloud Hybrid DDoS Protection Service. The on-premise DefensePro device detects and mitigates all types of DDoS attacks in real-time, while volumetric DDoS attacks are diverted and mitigated in the cloud. This service is recommended for organizations that can deploy an on-premise device in their data centers. |
o | Cloud WAF Service.Our Cloud WAF Service provides enterprise-grade, continuously adaptive web application and API protection. Based on our ICSA Labs certified web application firewall, it provides full coverage of OWASP Top-10 threats and automatically adapts protections to evolving threats and protected assets. Cloud WAF service includes built-in DDoS protection, integrated bot mitigation and application analytics to simplify security event management by taking massive amounts of alerts and consolidating them into a small, manageable set of user activities. With our SecurePath™ architecture, Cloud WAF Service can be easily deployed as an API-based, out-of-path service across any hybrid or cloud environment, securing applications with centralized visibility and management console. Our Cloud WAF is available in two packages: |
| o | Enterprise Package: Includes a comprehensive web security coverage, including OWASP Top-10, advanced attacks and zero-day attack protection, that is fully managed and monitored 24x7 and designed to guarantee service availability at any given time with protection against today’s emerging web application and DDoS attacks. |
| o | Enterprise Premium Package: Includes all web security and managed services offered in the Enterprise package, in addition to a dedicated technical account manager and ERT expert as well as pre and post attack alerts and reports and ongoing updates from Radware’s security experts. |
o | Bot Manager. Our Bot Manager provides comprehensive protection of web applications, mobile apps and APIs from automated threats like bots. Bot Manager provides precise bot management across all channels by combining behavioral modeling for granular intent analysis, collective bot intelligence and fingerprinting of browsers, devices and machines. It is designed to protect against all forms of account takeover (credential stuffing, brute force, etc.), denial of inventory, DDoS, ad and payment fraud and web scraping to help organizations safeguard and grow their online operations. |
o | Cloud Native Protector (CNP) Service. The CNP service provides an agentless cloud-native security solution for applications, workloads and infrastructure hosted on AWS and Microsoft Azure. The CNP service offers multi-layered protection to reduce risk by continuously verifying compliance against multiple security standards, identifying publicly exposed assets, keeping track of asset inventory with prioritized cross-cloud visibility, fortifying the cloud threat surface with context-aware smart hardening, and providing advanced attack detection and remediation capabilities to stop data theft attempts. |
o | Cloud Application Protection Services. Our Cloud Application Protection Services secures business applications through a single platform, including WAF, bot management, API protection and application DDoS protection. Our Cloud Application Protection Services offers the following application security capabilities: |
| ◾ | Protect Digital Assets and Data. Our Cloud Application Protection Services protects digital assets and customer data in multiple environments, such as on-premise, virtual clouds, private clouds, public clouds, hybrid environments, or Kubernetes. |
| ◾ | Protect Against OWASP Vulnerabilities. Our solution protects against various known attack vectors, including the OWASP Top 10 Web Application Security Risks, Top 10 API Security Vulnerabilities and Top 21 Automated Threats to Web Applications. |
| ◾ | Protect Against Zero-Day Attacks. Our positive security model assists in stopping unknown threats in their tracks. Our machine-learning analysis engine continuously studies application traffic and end-user behavior to build and enhances security policies that reduce exposure to zero-day attacks. |
| ◾ | Detect, Manage, and Mitigate Bots. Our solution detects and distinguishes between “good” bots and “bad” bots to protect websites, mobile apps and APIs against a wide range of application attacks such as account takeover credential, denial of inventory, ad and payment fraud, web scraping and more. |
| ◾ | Protect APIs. API attacks are a rapidly growing threat to business applications and customer data. Our solution combines behavioral analysis and policy automation to protect evolving API matrix from increasingly sophisticated API assaults. |
| ◾ | Mitigate Application-Level DDoS Assaults. Our DDoS protection technologies detect and mitigate HTTP-based DDoS assaults. Utilizing a patented keyless SSL protection technology, it keeps applications protected while maintaining user data confidentiality and compliance with privacy regulations. |
Our physical and software products currently consist of the following key products:
o | DefensePro Attack Mitigation Device. DefensePro® is a real-time network attack mitigation device that protects the data center and application infrastructure against network and application denial of service, application vulnerability exploitation, network anomalies and other emerging network attacks. |
o | AppWall Web Application Firewall. AppWall® is our Web Application Firewall (WAF) that is designed to secure the delivery of mission-critical Web applications and APIs for corporate networks and in the cloud. AppWall is an ICSA Labs certified WAF that combines positive and negative security models designed to prevent data theft, manipulation of sensitive corporate and customer information and help achieve Payment Card Industry (PCI) compliance.
|
o | Radware Kubernetes WAF. Radware Kubernetes WAF is a Web Application Firewall solution for CI/CD environments orchestrated by Kubernetes. Our Kubernetes WAF integrates with common software provisioning, testing and visibility tools in the CI/CD pipeline offering both IT security and DevOps personnel detailed insight down to the pod and container levels, and enables organizations to implement application and data security in on-premise and cloud-based implementations. |
o | DefenseFlow Cyber Command and Control Application. Controller.DefenseFlow® Our Cyber Controller is a network-wide cyber commandunified solution for management, configuration and control application that helps service providers to scaleattack lifecycle. The Cyber Controller provides enhanced security, increased visibility and automatean improved user experience via multiple security operation dashboards for a unified view into attack lifecycle and mitigation analysis for both inline and out-of-path DDoS deployments. Cyber Controller provides network DDoS attacks response. DefenseFlow acts as a cyber-defense control-plane that collectsanalytics with comprehensive visibility of traffic statistics during peacetime and analyzes multiple sources of security telemetriesattack, simplified management and based on this information, applies designated intelligent security actions. DefenseFlow enables service providers to handle large amounts of customers efficientlyconfiguration with unified visibility and with minimal errors.control.
|
o | Alteon® Application Delivery Controller/Load BalancerController (ADC). Alteon is our Application Delivery Controller (ADC).application delivery and security solution that manages application traffic across cloud and data center locations, optimizing availability and performance. It provides advanced, end-to-end local and global load balancing capabilities for web, cloud and mobile-based applications. DesignedAlteon integrates multiple application protection services to provide protection against an array of cyberthreats. Alteon’s analytics also provides insightful visibility so that IT managers can manage and guarantee application service level agreement (SLA), Alteon ADC incorporates a set and stay ahead of next-generation services including secure sockets layer (SSL) offloading, HTTP/2.0 Gateway, vision analytics for application performance monitoring Application Performance Monitoring (APM), AppWall Web Application Firewall (WAF), Authentication Gateway, bandwidth management, and SSL inspection security.cyberattacks. |
We offer Alteon ADC in three different packages (available on each of its models and throughput levels) to address different deployment scenarios and needs:
| • | Alteon Deliver.Deliver Package. For applications that require high performance ADCs with advanced layer 4-7 ADC functionality. |
| • | Alteon Perform Package. For deployments requiring performance optimization, advanced application performance monitoring, global server load balancing, link load balancing and automated/optimized ADC service operation. |
| • | Alteon Secure Package. For applications that require our most advanced protections, including an embedded Web Application and API Protection (WAAP)Firewall (WAF) module, authentication gateway, bot management, threat intelligence feeds (ERT Security Updates Service, ERT Active Attackers Feed and ERT Location-based Mitigation) and SSL processing from perimeter security devices (with its embedded SSL inspection module). |
o | LinkProof NG. LinkProof® NG is a multi-homing and enterprise gateway solution that allows service level availability and continuous connectivity of enterprise and cloud-based applications. It is an application-aware multi-homing and link load balancing module that delivers 24/7 continuous connectivity and service level assurance, improved performance and cost-effective scalability of bandwidth for corporate and cloud-based applications. |
Our product subscriptions currently consist-basedsubscription offering consists of the following key subscription-based productsproduct-based subscriptions:
o | ERT Security Updates Subscription (SUS). Our Security Update Subscription is a security advisory signature servicesecurity-advisory and managed monitoring and detection system dedicated to protecting network elements, hosts and applications against the latest security vulnerabilities and threats. The Security Update Subscription delivers weekly,periodic, emergency and custom attack signature updates to current subscribers to protect against known attack patterns. The service is available for DefensePro and AppWall products, including AppWall for Alteon.Alteon Integrated WAF. |
o | ERT Active Attackers Feed. Our Emergency Response Team (ERT)ERT Active Attackers Feed (EAAF) is available on topa threat intelligence feed designed to protect against emerging DDoS threats, including those involving Internet of Things (IoT) botnets and new DNS attack vectors. The EAAF subscription enhances our security product offering. EAAF offers real-time detectionattack mitigation solution by identifying and mitigation of active attacks and infections as they occur. EAAF correlates data from multiple sources — Radware’s Global Deception Network, Cloud Security Services customers and the Company’s ERT researchers — and automatically generates continuous, validated lists of IPs currentlyblocking IP addresses involved in malicious activity relatedmajor attacks in real time to distributed denial-of-service (DDoS)offer preemptive protection from known attackers. This subscription is available for DefensePro, Alteon ADC and web attacks.Cloud Application Protection Services. |
o | ERT Protection Packages. Our ERT Protection packages bundle our ERT services into two packages: ERT Silver Protection Package and ERT Gold Protection Package. ERT Silver Protection Package consolidates ERT Security Update Subscription, (SUS), ERT Active Attackers (EAAF),Feed, and Geolocation Protection (GEO) subscriptions.Location-based Mitigation. ERT Gold Protection Package includes ERT under Attack Service on top of the ERT Silver Package. |
o | Alteon Global Elastic License (GEL). Alteon GEL is a purchasing and deployment subscription that enables a high level of flexibility for ADC services across datacenters, private and public clouds. GEL enables dynamic ADC capacity allocation and the ability to move that capacity across environments, without having to invest separately in a dedicated ADC infrastructure for each and every location where organization’s applications are deployed (e.g. on premise, public cloud etc.). This application delivery licensing model helps to eliminate planning risks in the purchase and deployment of ADC services, enabling continuous investment protection of the ADC infrastructure throughout its lifecycle duration. |
o | APSolute Vision. APSolute Vision is the network management tool and network monitoring tool for the Radware family of cyber security and application delivery solutions. It provides our customers immediate visibility to health, real-time status, performance and security of our products from one central, unified console (even if the customer has multiple data centers). A vision analytics module provides an intuitive, customizable GUI with granular forensic insights into application performance, denial-of-service and web application attacks. |
o | MSSP Portal. The Managed Security Service Provider (MSSP) Portal is a turnkey, multi-tenant DDoS detection and mitigation service portal. The Portal collects and aggregates security attack measurement and events (including traffic utilization, attack distribution and alerts) and displays them in real-time and historical reports. Our MSSP Portal enables service providers to resell cyber security mitigation services to their customers as a managed service. |
Our cloud-based subscriptions offerings currently consist of the following key cloud-based subscriptions:
o | Cloud DDoS Protection Service. Our Cloud DDoS Protection Services provide a full range of enterprise-grade DDoS protection services in the cloud. Based on our DDoS protection technology, it aims to offer organizations wide security coverage, accurate detection and short time to protect from today’s dynamic and evolving DDoS attacks. We offer a multi-vector DDoS attack detection and mitigation service, handling network-layer attacks, server-based attacks and application-layer DDoS attacks.
|
Our Cloud DDoS Service is offered in multiple deployment options to meet an organization’s specific needs:
| ◾ | Always-On Cloud DDoS Protection Service. This service provides always-on protection where traffic is always routed through Radware's cloud security POPs (Points of Presence) with no on-premises device required for detection and mitigation. This service is mostly suitable for organizations that have applications hosted in the cloud or those that are not able to deploy an on-premise attack mitigation device in their data center.
|
| ◾ | Always-On Hybrid Cloud DDoS Protection Service. For companies that place a high premium on the user experience and wish to avoid even the slightest possible downtime as a result of DDoS attacks, this solution enables them to deploy an always-on cloud DDoS protection service together with an on-premise hardware appliance. This helps ensure that services are protected against any type of attack, at all times.
|
| ◾ | On-Demand Cloud DDoS Protection Service. This service protects against Internet pipe saturation and is activated when the attack threatens to saturate the organization’s Internet pipe. This service is mostly suitable for organizations that are looking for the lowest cost solution and are less sensitive to real-time detection of DDoS attacks.
|
| ◾ | On-Demand Cloud Hybrid DDoS Protection Service. This DDoS mitigation solution is mostly suitable for organizations who can deploy our on-premise attack mitigation device DefensePro in their data center. The On-premise DefensePro device detects and mitigates all type on DDoS attacks in real-time. Volumetric DDoS attacks are mitigated in the cloud.
|
o | Cloud WAF Service.Location-based Mitigation. Our Cloud WAF Service provides enterprise-grade, continuously adaptive web applicationlocation-based mitigation solution is a subscription offering that enables network traffic filtering by countries and API protection and isregions based on our ICSA Labs certified web application firewall. Cloud WAF includes full coveragethe geolocation mapping of OWASP Top-10 threats, advanced attacksIP subnets. The subscription also supports per-policy block and zero-day attack protection. It offers dynamic security policiesallow lists, making it a beneficial solution for carriers and service providers that wish to protect multitenant networks. The subscription helps organizations comply with automatic false positive correction, built-in DDoS protection, integrated bot mitigationglobal and application analytics to simplify security event management by taking massive amountsindustry regulation requirements such as the Office of alertsForeign Assets Control and consolidating them into a small, manageable set of user activities.others. This subscription is available for DefensePro and Alteon ADC.
|
o | Bot Manager. Our Bot Manager is designed to protect web applications, mobile applications and APIs from emerging generations of automated threats (bots) targeting applications and systems, including account takeover, denial of inventory, DDoS, card fraud, web scraping and other OWASP automated threats, and also helps organizations reduce expenses and increase revenue.
|
o | Cloud Native Protector (CNP) Service. Our CNP service provides an agentless cloud-native security solution for applications, workloads and infrastructure hosted on AWS and Microsoft Azure. Our CNP service offers multi-layered protection to reduce risk by continuously verifying compliance against multiple security standards, identifying publicly exposed assets, keeping track of asset inventory with prioritized cross-cloud visibility, fortifying the cloud threat surface with context-aware smart hardening, and providing advanced attack detection and remediation capabilities to stop data theft attempts.
|
Customer Services
We offer technical support, professional services, managed services and training and certification to our customers. Our key customer services currently consist of the following:
o | Certainty Support Program. We offer technical support for all our products through our Certainty Support Program. Certainty support levels include: |
| o | Basic. This level provides business day access, including weekends from 9 a.m. to 5 p.m. (local time) to technical support center services, and technical documentation, either via the Web, e-mail or direct phone support during working days. New software releases are available for units covered under the certainty support program. |
| o | Standard. This level increases access to the technical support center 24/7/365 and adds next business day replacement of failed hardware and waives customer shipping costs. |
| o | Advanced. This level increases the certainty support level standard to four hours' replacement of failed hardware advanced replacement. |
o | Professional Services. Our professional services group is staffed by a global team of experts possessing extensive knowledge and experience in security and application delivery both in data centers and the cloud. The group offers a full range of services to design, implement, automate and optimize our customer solutions. We offer the following key professional services: |
| o | Design and Planning. This service plans and designs applications for future growth with Radware engineers. The service starts with a review of business goals, network optimization assessment and an overview of application architecture and security requirements to help create a comprehensive deployment plan that is tailored to organizational IT requirements. |
| o | Application and Security Optimization Services. This service analyzes and reviews the current implementation and design and provideprovides recommendations to help optimize the system and achieve business goals. |
| o | Resident Engineer. Our Resident Engineer service is a proactive on-site engineer who performs operations, design and automation activities. From initial deployment to ongoing management and day-to-day operation, our resident engineerResident Engineer service decreases the time demands on our customers’ staff, allowing them to focus on their core business. |
| o | Technical Account Manager. Our technical account manager (TAM) is a proactive consultant that implements best practices, provides guidance and optimizes networking and application resources. |
o | ERT Service. Our Emergency Response Team (ERT) is a group of security experts available 24x7 for proactive security support services for customers facing an array of application- and network-layer attacks. These services include: |
| o | ERT Managed Security Service. Our ERT offers a fully managed application- and network-security service. The service covers a broad range of attack types from different forms of DoSDDoS to a variety of application attacks against our customers’ servers or data centers. It includes immediate response, onboarding, consulting, remote management and reporting. |
| o | ERT Under AttackUnder-Attack Service. OurThe ERT under-attack service provides almost immediate response by ouroffers 24x7 access to a security expert.expert within 10 minutes. The ERT engineer will take the lead, in fightingfight off attacks and provide postmortem analysis of security events to the customer.events. The ERT under-attack service is designed to letlets organizations know there is someone they canto rely on, in an emergency situation, guaranteeing support throughout the attack life cycle from the moment it begins. The ERT experts are available 24x7 and assist large enterprises worldwide with complex multi-vector attacks against their networks, data centers and application services. |
Recent Solution Offering Activities
During 2021, our key activities regarding our solution offerings consisted2022, we announced a strategic initiative that focuses on cloud and application security. This initiative consists of the following:
We added new capabilities into our DefensePro Attack Mitigator device, including the following:
| o | Keyless SSL Protection, which provides SSL attack detection, characterization, and mitigation without requiring SSL decryption. In addition to Keyless SSL Protection, we began delivering during 2021 additional user options, including Selective Full SSL Protection, which minimizes latency and interruptions to legitimate user sessions by applying decryption only when under attack and only to suspicious sessions. These new capabilities are available on DefensePro and Cloud DDoS Protection services.
|
| o | Quantiles DoS Protection capability that enables service providers and carriers to surgically and automatically mitigate phantom flood attacks and traffic anomalies that historically have gone undetected. The solution automatically divides incoming traffic into segments or quantiles. With this new granular level of detection, service providers and carriers can intercept “lower volume” DDoS flood attacks — also known as phantom floods — that would otherwise escape notice within dynamic high bandwidth networks. For organizations, this automated capability is designed to eliminate the costly and often complex process of extensive manual configuration and ongoing threshold tuning.
|
In response to the ever-increasing volume of attacks and strong business demand, we have upgradedcontinued to expand our Cloud DDoS ProtectionSecurity Services network:
| o | We have acquired the assets and operation of SecurityDAM, our DDoS scrubbing centers provider, including its scrubbing centers infrastructure, India innovation center, cloud services division and technology, operations, and headcount. |
We have expanded our Cloud Security Service capacity to absorbmitigate DDoS attacks of up to 8Tbps.12Tbps. We alsohave announced the opening of an additional new cloud scrubbing centerCloud Security centers in Amsterdam, expanding the number ofMilan, Italy, Dubai, UAE, Taipei, Taiwan and Santiago, Chile. We have continued our scrubbing centersinvestment to 14, deployed globally.extend our Application Security services portfolio to enhance protection against emerging attacks and adapt our solutions to multi-cloud and hybrid-cloud environments:
| o | We have introduced SecurePath™, a new cloud-based application security architecture for our Cloud Application Protection Services. The SecurePath architecture helps organizations protect applications deployed in multi- and hybrid-cloud environments. Built with a dual deployment model that departs from traditional industry paradigms, SecurePath addresses the need for security that delivers full application visibility and centralized security management regardless of where applications are deployed. |
| o | We extended our cloud application security offering, adding fully automated API Discovery capabilities. These capabilities, combined with newly automated security policy optimization, are part of our integrated Cloud Application Protection Services, which includes WAF, Bot Management, API security, and DDoS protection. |
| o | We have added an automated security policy refinement capability to our Cloud Application Protection Services. A primary challenge of application protection is keeping pace with application development and new threats while maintaining accurate security policies with minimal false-positives. The automated policy refinement capability continuously reviews log files in predefined intervals, identifies anomalies with a high level of accuracy and automatically suggests policy refinements for the ERT team to examine and prioritize, and for customers to review and approve. The result is a more accurate, tighter protection with fewer false positives. |
| o | We have added to our cloud security services (Cloud DDoS protection and Cloud Application Protection Services) protection against Application DDoS flood attacks. HTTP and HTTPS attacks have become prevalent, and attackers use sophisticated dynamic techniques to bypass standard detection methods. The new capability detects and mitigates a variety of application attacks, including HTTP DDoS Tsunamis, HTTP bombs, low-and-slow assaults, Brute Force attacks, as well as new, unknown and zero-day attacks. |
| o | We have enhanced our Bot Manager with a new set of crypto mitigation algorithms. Based on blockchain methodologies, the algorithms help close security gaps that let sophisticated bots evade traditional CAPTCHA solutions to harm a website or application. At the same time, they enable genuine website visitors to enjoy a CAPTCHA-free user experience. |
We have added new capabilities to our Cloud WAFDDoS Protection service including: OpenAPI protections, API schema discovery and schema enforcement, help GDPR compliance through source IP encryption, IPv6 based access control lists (ACLs) and rules and integrated a new content deliverymodule of Cloud Network Analytics. The Network Analytics service provides users with detailed, granular insight into network (CDN)traffic, network services in use, and much more. The Network Analytics service that enables self-service onboarding, cache managementallows administrators to eliminate errors when planning network deployments and embeds dashboard widgets. We have also continued to expand our Cloud WAFstay ahead of DDoS threats via early detection of network adding new Cloud WAF PoPs in Amsterdamabuse and Moskow and upgraded our Chennai and Hong Kong PoPs infrastructure.intrusion.
We have continuedannounced a new terabit DDoS mitigation platform, DefensePro® 800. The new evolution in our DefensePro product series offers Tier-1 service providers and large enterprises the complete set of protection capabilities and performance needed to integrate additional application security features into our Alteon line of ADCsmeet new network requirements related to provide protection5G, edge computing, and network virtualization, as well as the significant increase in one platform across all environments. Alteon’s new Integrated Application Protection includesbandwidth demand. DefensePro 800 is equipped with 400G interfaces and delivers an attack prevention rate up to 1.2 billion packets per second (PPS) and a WAFmitigation capacity up to protect from web-based attacks, Bot Manager to block malicious automated threats, API protection to secure APIs and provide full visibility on API targeted threats, and ERT Active Attackers Feed – real-time data feed of known attackers, identified by Radware’s global network, to allow Alteon to block potential attacks before they occur.800 gigabits per second (Gbps).
We have announced the spinoff of our Cloud Native Protector (CNP) business to form SkyHawk Security. With this spinoff, we are creating a company focused solely on the CNP market. This will enable us to add more R&D, sales, and marketing personnel to cover the market opportunity faster and in a more dedicated fashion. Forming a new company allows us to invest more in the business while at the same time not to limit Radware’s investments in our critical areas of Application Protection, DDoS Protection and Application Delivery. This spinoff does not change our sales go-to-market strategy and approach. Radware will continue to sell CNP as part of our portfolio, and our support and services for existing customers will remain the same.
We continued to add capabilities to our Alteon ADC including:
ADC automation in private cloud environment: To enable simplified management of application delivery services, we have integrated Alteon with orchestration systems such as VMware, vRealize Orchestrator and OpenStack, as well as automation tools such as Ansible and REST API. This allows IT administrators and DevOps teams to automate all ADC solution lifecycle tasks, including support for high availability (HA)spinning up Alteon VA instances (Day 0), L2-L3 instance configuration (Day 1), application delivery service deployment (Day 2) and maintenance (Day 3).
Alteon integration with our Cloud WAF solution: As part of our SecurePath architecture, customers can protect on-premise applications through our Cloud WAF, without the hassle of diverting traffic, sharing SSL keys or adding latency, while providing application protection consistency in AWS cloudmulti- and Azure cloud, server load balancing for HTTP/3 protocol.hybrid-cloud environments.
Recent Technology Partnerships ActivityActivities
During 2021,2022, our key activities regarding our offerings through technology partners and solution providers consisted of the following:
We continued our investment in the OEM agreement with Israeli-based Check Point Software Technologies Ltd. (Check Point) by opening a demo lab foradding API protection to the Check Point powered by Radware solutions: Cloud DDoS Protection and SSL Protection.offering. Check Point sales engineersnow offers their customers a full suite of managed cloud security- as-a-service, including WAF, API protection, Bot Manager and Check Point channel partners can demonstrate these solutions to prospects as part of the sales process.DDoS Protection.
We partneredannounced our entry into a multi-year agreement to expand our partnership with Toronto-based Oncore Cloud Services,Presidio, Inc. (Presidio), a professional serviceglobal digital services and solutions provider to resell ourthat accelerates business transformation through security technology modernization. To protect its customers’ on-premise, cloud, security portfolio, with a focus on Radware'sand hybrid environments, Presidio is adding Radware’s Cloud Native Protector.
We partnered with Netsync Network Solutions, a Houston-based technologyApplication Protection Services and DDoS protection solutions, and services provider, to help Netsync’s enterprise and public sector customers safeguard their AWS workloads with our Cloud Native Protector service. This partnership joins an earlier partnership in 2021 to resell our Cloud DDoS Protection service to State, Local and Education (SLED) agencies in the U.S. as part of Netsync’s offerings.
its cyber security suite.
We partnered with Azion Technologies, Inc. a provider of edge computing in Brazil, to resell our Bot Manager solution into Azion customer base.
We partnered with Internap Holdings, LLC (INAP), a Virginia-based Radware premier partner and a provider of performance-driven, secure hybrid infrastructure solutions to deploy our Cloud WAF and Cloud DDoS Protection Services to organizations worldwide.
We extended our partnership with Acantho S.p.A, a telecommunications subsidiary of Italy-based Hera Spa (Hera Group), to provide cloud web application security protection to enterprise customers in Italy. Acantho offers our Cloud WAF service, including Bot Manager, to enterprise customers for enhanced quality of service and application security.
Our Competitive Strengths and Growth Strategies
Our Competitive Strengths
Our solutions incorporate proprietary and innovative cyber security and application delivery technologies that help our customers to secure the digital experience for users of business-critical applications. We believe our competitive strengths are based on several elements, including the following:
| • | Innovation, Proprietary Technologies and Thought Leadership. We are offering innovative solutions in our domain. We were one of the first companies to offer hybrid attack mitigation solutions; behavioral DDoS attacks detection with automated real-time signature creation for attack mitigation; device fingerprinting technology implementation for Bot-based attacks detection; auto-policy generation for our WAF solution; protection against encrypted attacks without opening the sessions for DDOSDDoS protection; and artificial intelligence (AI) to detect attacks targeting workloads in public clouds. We believe this has given us significant expertise, know-how and leadership in the market for cyber-attack mitigation solutions, and we take part in many technology communities, standard organizations and open source projects. At the same time, we continue to invest in research and development of cyber security and application delivery technologies in order to introduce new and innovative solutions, which are supported and protected by multiple patents and proprietary rights. |
| • | Automation. We are offering automated attack detection and mitigation solutions that reduce the total cost of ownership of cyber security solutions, including behavioral analysis technology to detect zero-day DDoS attacks; automated real-time signature creation for DDoS attacks mitigation; intent-based behavioral analysis and machine learning models to detect automated botBot attacks; and machine learning (positive security model) to detect zero-day web application attacks. |
| • | Wide attacks coverage. Our solutions offer a wide coverage against attacks, including mitigation of all four generations of Bot attacks; negative and positive security models to defend against known (OWASP top-10) and zero-day web application attacks (standard solutions typically cover OWASP top-10 attacks only); and advanced DDoS attacks protection such as DNS flood attacks, burst floods, SSL flood attacks and IoT botnets. |
| • | Industry Awards. We gained multiple industry awards during 2021,2022, including the following: |
| o | Forrester research - The Forrester Wave™: DDoS Mitigation Solutions, Q1 2021 – Leader;
|
| o | Quadrant Knowledge Solutions - 2021 DoS– 2022 DDoS Mitigation SPARK Matrix - TechnologyMatrix™, June 2022 -- Leader June 2021; |
| o | Quadrant Knowledge Solutions – 2022 WAF SPARK Matrix™, December 2022 -- Leader |
| o | Quadrant Knowledge Solutions – 2022 Bot Management SPARK Matrix™, October 2022 -- Leader |
| o | Gartner Magic Quadrant for Web Application and API Protection (WAAP) -– August 2022, Visionary September 2021; and |
| o | Gartner Peer Insights: “Voice of the Customer”,Critical Capabilities for Cloud Web Aplication Firewalls - Customers’ Choice, January 2021.Application and API Protection (WAAP) – September 2022, #2 in API & High Security |
| o | Forrester Research – The Forrester Wave™: Cloud Workload Security, Q1 2022 – March 2022, Contender |
| o | Kuppinger Cole Analysts – WAF Leadership Compass: July 2022, Overall Leader, Market Champion, Innovation Product, and Technology Leader |
| o | GigaOm Research – GigaOm Radar for Application and API Protection: March 2022, Leader and Outperformer |
| o | Aite-Novarica Group – Aite Matrix™ Leading Bot Detection and Management Providers, August 2022, Best-In-Class |
We are not responsible for any of these awards or the entities or publications that award them.
Our Growth Strategy
Our growth strategy is based on several key elements:
| • | Focus on data center solutions. We focus on developing and selling holistic cyber securitycloud and application delivery solutions for physical, cloud and hybrid data centers and cloud applications. |
| • | Continue investing in cloud and cyber security. We aim to offer superior and innovative cyber security solutions and cloud-based solutions and expand our portfolio in these two dimensions. We also invest in go-to-market efforts related to cloud security services and public cloud solutions.
|
| • | Invest in data center solutions. We continue to develop and sell holistic cyber security and application delivery solutions for physical, cloud and hybrid data centers and cloud applications. |
| • | Increase our market footprint. We believe that a significant market opportunity exists to sell our solutions with the complementary products and services provided by other organizations with whom we wish to collaborate. To that end, we have already established strategic relationships with various third parties, including leading global-class partners, such as Cisco, Check Point and Nokia, thatwhich provide critical access to certain large customers allowing us to sell our solutions. We intend to further increase our market footprint through collaboration with leading partners. |
| • | Expand our footprint in the medium sized enterprise market. The needs of the mid-market enterprises regarding the management of cyber security risks are substantially similar to the needs of the large enterprise market, but their capacity and access to skilled talent are more limited. We believe that our fully managed cloud security services can be a great fit for this market, and we intend to further expand our market footprint in this segment. |
| • | Pursue acquisitions and investments. In order to achieve our business objectives, we may evaluate and pursue the acquisition of, or significant investments in, other complementary companies, technologies, products and/or businesses that enable us to enhance and increase our technological capabilities and expand our product and service offerings. |
Sales and Marketing
Sales. We market and sell our products and services primarily through indirect sales channels that consist of distributors and resellers located in North, Central and South America, Europe, Africa, Asia and Australia. In addition, we generate direct sales to selectselected customers mainly in the United States. Our direct sales channels are supported by our sales and marketing managers who are also responsible for recruiting potential distributors and resellers and for initiating and managing marketing projects in their assigned regions. The sales managers are supported by our internal sales support staff that help generate and qualify leads for the sales managers. As of December 31, 2021, we had a total of 243 sales and marketing personnel. We have subsidiaries and representative offices and branches in severalmultiple countries to cover the above mentioned regions (see Item 4.C “Organizational Structure”), to promote and market our products and services and provide customer support in their respective regions.
Marketing. Our marketing strategy is to enhance brand recognition and maintain our reputation as a provider of technologically advanced, quality cyber security and application delivery solutions to help drive demand for our products and services. We seek to build upon our marketing and branding efforts globally to achieve greater worldwide sales and leverage sophisticated digital platforms and activity to scale our presence globally. Our marketing initiatives are principally directed at developing brand awareness, optimizing our digital presence, searchability and awareness, generating qualified leads and providing sales and marketing tools to our distributors/resellers to promote sales. We participate in major trade shows and virtual events, regionally based events/seminars and offer support to our distributors and resellers who participate in these events. We also participate in our partners’ events, such as Cisco Live and Checkpoint Experience, to promote our solutions within their audiences. Additionally, we focus on our customer base to deliver an integrated Customer 360 experience including regular communications, facilitating support and training needs, maximizemaximizing customer lifetime value and developing customer advocacy. We also invest in online and search engine advertising campaigns, global public relations and regionalized field marketing campaigns. In addition to our independent marketing efforts, we invest in joint marketing efforts with our distributors, OEMs, VARs, GSIs and other companies that have formed strategic alliances with us.
Customers and End-Users
With the exception of our limited direct sales to selected customers, we sell our products and services through distributors or resellers who then sell our products and services to end users.end-users.
We have a globally diversified end-user base, consisting of corporate enterprises, including banks, insurance companies, manufacturing, retail companies, media companies, government agencies and utilities, and service providers, such as telecommunication carriers, internet service providers, cloud service providers and application service providers. Customers in these different vertical markets deploy Radware products for availability, performance and security of their applications.
In 2021,2022, approximately 45%42% of our revenues were in the North, Central and South America (principally in the United States), 34%36% were in Europe, Middle East and Africa (EMEA) and 21%22% in Asia-Pacific, compared to 45%, 34% and 21%, respectively, in 2021, and 46%, 31% and 23%, respectively, in 2020, and 42%, 30% and 28%, respectively, in 2019.2020. Other than the United States, which accounted for 35%32% of our total revenues in 2021,2022, no other single country accounted for more than 10% of our revenues for 2022, 2021 2020 and 2019.2020.
In 2021,2022, approximately 58%59% of our revenues derived from product sales and 42%41% derived from service sales, compared to 59% and 41%, respectively, in 2021 and 53% and 47%, respectively, in each of 2020 and 2019. This reflects an increase in our cloud and product subscriptions as well as in our hardware-based products in 2021 as compared to 2020.
In 2021,2022, approximately 73%74% of our revenues derived from the enterprise market and 27%26% derived from the carrier market, compared to approximately 73% and 27%, respectively, in 2021 and 71% and 29%, respectively, in 2020 and 68% and 32%, respectively, in 2019.2020.
As of December 31, 2022, 2021 2020 and 2019,2020, no single customer accounted for more than 10% of our revenues.
For additional details regarding the breakdown of our revenues by geographical distribution and by activity, see “Item 5.A–Item 5.A – “Operating Results.”
Seasonality
Our quarterly operating results have been, and are likely to continue to be, influenced by seasonal fluctuations in our sales and by seasonal purchasing patterns of some of our customers. In addition, our Our operating results in the fourth quarter tend to be higher than other quarters as some of our customers tend to make greater capital and operational expenditures as well as expenditures relating to service renewals towards the end of their own fiscal years, thereby increasing orders for our products, support and subscription services in the fourth quarter.
Customer Support Services
Our technical support team, which consisted of 302364 employees worldwide as of December 31, 2021,2022, supports our sales force during the sales process, assists our customers, resellers and distributors with the initial installation, set-up and ongoing support of our products, and trains them on how to best use our solutions. The technical support team also assists with service onboarding processes and provides training to end usersend-users of our services. In addition, our technical team trains and certifies our distributors and resellers to provide limited technical support in each of the geographical areas in which our products are sold and is directly responsible for remote support. Our Certainty Support Program offerings allow customers to automatically obtain new software versions of their products and obtain optimized performance by purchasing any of the following optional offerings: extended warranty, software updates, 24x7 help-desk (directly to our customers and through our distributors), on-site support and unit replacement. Some of our on-site services are provided by third-party contractors.
Research and Development
We invest in research and development to expand and enhance the features of our existing solutions, to develop new solutions and features and to improve our existing technologies and features. We believe that our future success will dependis dependent upon our ability to maintain our technological expertise, enhance our existing solutions and introduce, on a timely basis, new commercially viable solutions that will continue to address the needs of our customers. Accordingly, we intend to continue devoting a significant portion of our personnel and financial resources to research and development. In order to identify market needs and to define appropriate product specifications, as part of the product development process we seek to maintain close relationships with current and potential distributors, customers and vendors in related industry sectors.
As of December 31, 2021,2022, our research and development staff consisted of 365419 employees and 6875 subcontractors. Research and development activities take place mainly at our facilities in Israel; Bangalore, India; Vancouver, Canada; and North Carolina, United States as well as by our sub-contractor in Bangalore, India.States. We employ established procedures for the required management, development and quality assurance of our new product developments. Our research and development organization is divided into Application Security, Infrastructure Security, Application Delivery, Management and Control, Cloud Servicesand Chief Technology Officer group.groups. Within those groups the organization is divided according to our existing product solutions. Each product group is headed by a group leader and includes team leaders and engineers. Each group has a dedicated quality assurance team. In addition, we have an infrastructure department responsible for the development of our platforms whichthat are the basis for all products, serving all product groups, which consist of a senior group leader, group leaders, team leaders, and engineers. The heads of all research and development divisions report to either the Chief Operating Officer or the Chief Technology Officer.
See also below under "Government Regulations – Israeli Innovation Authority.”
Manufacturing and Suppliers
Our quality assurance testing, final integration, packaging and shipping operations as well as part of our final assembly activities are primarily performed at our facility in Jerusalem, Israel. All of our products are Underwriters Laboratories (UL) and ISO 9001:2008 compliant and some of them have also achieved industry certifications.
We rely to a large extent on third-party manufacturing vendors to provide our finished products. In this respect, these vendors primarily provide us with manufacturing assembly services in order to deliver the finished goods while we perform the final integration of the products. All components and subassemblies included in our products are supplied to the manufacturing vendors by several suppliers and subcontractors. Each of the manufacturing vendors monitors each stage of the components production process, including the selection of components and subassembly suppliers. Thereafter, each of the manufacturing vendors makes the final assembly in their own facility. Our primary manufacturing vendors are ISO 9001 certified, indicating that each of their manufacturing processes adhereadheres to established quality standards.
We primarily rely on two ODMs to manufacture and to supply our hardware platforms, whereby, in 2021,2022, approximately 62% of our direct product costs were from one of these vendors and 17% were from the other vendor.
We conduct a business continuity plan (BCP) with all our vendors to ensure an immediate recovery in case of crisis that might jeopardize the supply of our products and services. For example, in order to overcome the risk of not meeting the committed SLA to our customers due to importation blocking in different countries associated with the outbreak of the COVID-19 pandemic, we had allocated sufficient inventory that was sent directly from the ODM vendors to worldwide warehouses to be shipped to customers, when needed, at the destination country, rather than being shipped from Israel. In this respect, we have been certified during 2021 for ISO 22301 (Business Continuity Management System). Furthermore, in order to minimize potential delays in product supplies by certain of our ODMs whose lead time had been significantly extended due to the worldwide chipset shortage, we had paid expedite fees to several components manufacturers. However, if we are unable to continue to acquire those platforms or components from these platform manufacturers and vendors on acceptable terms, or should any of these suppliers cease to supply us, on a timely basis, with such platforms or components for any reason, we may not be able to identify and integrate an alternative source of supply in a timely fashion or at the same costs. Any transition to one or more alternate suppliers would likely result in delays, operational problems and increased costs, and may limit our ability to deliver our products to our customers on time for such transition period, although we believe we have levels of inventory that will assist us to transition to alternate suppliers smoothly.
Proprietary Rights
We rely on patent, trademark and trade secret laws, as well as confidentiality agreements and other contractual arrangements with our employees, distributors and others to protect our technology. We have a policy that requires our employees to execute employment agreements, including confidentiality and non-competition provisions.
We have registered trademarks for, among others, Radware®;, Radware Logo:
![](/files/20-F/0001178913-23-001195/image1.jpg)
®
;, OnDemand Switch®
;, Alteon®
;, APSolute®
;, LinkProof®
;, DefensePro®
;, CID®
;, SIPDirector®
;, AppDirector®
;, AppXcel®
;, AppXML®
;, AppWall®
;, APSolute Insite®
;, StringMatch Engine®
;, Web Server Director®
;, APSolute Vision®
;, vDirect®
;, Alteon VA®
;, AppShape®
;, FastView®
;, DefenseFlow®
; CyberStack®;, Virtual DefensePro®; VADI® (Virtual Application Delivery Infrastructure)
;, ShieldSquare® and the ShieldSquare Logo:
![](/files/20-F/0001178913-23-001195/image2.jpg)
®
;, and we have
non registerednon-registered trademarks for, among others, ADC-VX™
, Inflight™, CyberStack™ and
Inflight™SecurePath™. We own registered U.S. copyrights in all of our primary software product lines.
We have registered patents in the United States, Canada and other jurisdictions for, among others, our triangle redirection method used for the global load balancing in our AppDirector product; our mechanism for efficient management and optimization of multiple links used in our LinkProof product; our method for load balancing by global proximity used in our AppDirector product; our method for controlling traffic on links between autonomous Border Gateway Protocol (BGP) systems; the stateful distribution of copied SSL traffic; the transparent inspection of encrypted client traffic; the activation of multiple virtual services on a switching platform; the behavioral analysis and detection of zero-day and DoSDDoS network attack patterns; a new method based on Quantiles for network edge DDoS and network anomalies protection in our DefensePro product; our new paraphrase-based algorithm for hypertext transfer protocol (HTTP) and keyless HTTPS attack mitigation behavioral mechanisms in our DefensePro; our domain name service floods behavioral protection; our web and API application protection, including our Bot Manager augmented by the new block-chain based methods for addressing automated threats (for public-facing services) and advanced threats (for private or authenticated services); new AI/ML methods to address and automate analysis of our CWAF customer’s applications for proactive false-positive and false-negative service tuning, a geographically based traffic distribution; a generic proximity based site selection for global load balancing; an internal hardware connectivity plane architecture; a specific proximity based site selection for global load balancing of HTTP transactions implemented in our Alteon products; and additional patents in the software-defined networking (SDN) field, around a new concept of cyber control and automation for our DefenseFlow product.
We have pending patent applications and provisional patents in connection with several methods and features used in our products or that we plan to implement in the future. These applications may not result in any patent being issued, and, even if issued, the patents may not provide adequate protection against competitive technology and may not be held valid and enforceable if challenged. In addition, other parties may assert rights as inventors of the underlying technologies, which could limit our ability to fully exploit the rights conferred by any patent that we receive. Our competitors may be able to design around a patent we receive, and other parties may obtain patents that we would need to license or circumvent in order to exploit our patents.
The protective steps we have taken may be inadequate to deter misappropriation of our technology and information. We may be unable to detect the unauthorized use of, or take appropriate steps to enforce, our intellectual property rights. Some of the countries in which we sell our products do not protect intellectual property to the same extent as the United States and Israel. In addition, our competitors may independently develop technologies that are substantially equivalent or superior to our technology. Any licenses for intellectual property that might be required for our services or products may not be available on reasonable terms.
Competition
The cyber security and application delivery market is highly fragmented and competitive, and we expect competition to intensify in the future. We may lose market share if we are unable to compete effectively with our competitors, which include equipment manufacturers and service providers.
Our principal competitors are:
DDoS Mitigation: Akamai Technologies, Inc., or Akamai, Imperva Inc., or Imperva, and Netscout Systems, Inc., and Cloudflare, Inc.
Web Application Firewalls and Bot Management: Akamai, Imperva, Cloudflare, Inc., F5 Networks, Inc., or F5, and AWS
Application Delivery: F5, A10 Networks, Inc. and Citrix Systems, Inc.
Public Cloud Security: Palo Alto Networks, Inc., AWS, Microsoft Azure
We expect to continue to face additional competition as new participants enter the market or extend their portfolios into related technologies. Larger companies with substantial resources, brand recognition and sales channels may also form consolidation and alliances with or acquire competing providers of application delivery or application and network security solutions and emerge as significant competitors.
We are seeing new types of competitors from within the public cloud providers – as more companies rely on these environments to host their services and applications, these vendors start providing cyber security solutions that are typically fairly basic and customized for their own environment. As we see more and more companies relying on more than one public cloud vendor, we expect to see additional competitors and rapid evolution of solutions and offerings.
An increase in competition may lower prices and reduce demand and margins as well as increase costs associated with sales and marketing to maintain or increase market share; which, in turn, may impair our ability to increase profitability. Furthermore, the dynamic market environment, as illustrated by the above acquisitions, poses a challenge in predicting market trends and expected growth. We believe that our products and services have several competitive advantages in performance and accuracy and that our future success will depend primarily on our continued ability to provide more technologically advanced and cost-effective application delivery and cyber security solutions;solutions, and more responsive customer service and support, than our competitors. However, we cannot assure you that all of the products and services we offer in our portfolio will compete successfully with similar competitor solutions. Furthermore, should competition intensify, we may have to reduce the prices of some of our products and services and, where possible, accelerate investments in delivering advanced innovative solutions which will negatively impact our business and financial condition. See also above under “Business Overview–Our Competitive Strengths and Strategies.”
Overview”.
Government Regulations
Data Privacy and Data Protection Laws
Our activities in the cyber security market require that we comply with lawslaws and regulations in the area of data privacy and data protection governing the collection, use, retention, sharing and security of personal data. For example, the GDPR and UK DP Laws (each as referenced above), include operational requirements for companies that receive or process personal data of residents of the European Union and the UK, and non-compliance will result in significant penalties. Many other countries in which we operate have their own data protection and data security laws that we need to comply with in collecting, utilizing, or otherwise processing personal data from our customers and/or visitors to their websites and others.
Environmental and Security Management Regulations
Our activities in Europe require that we comply with European Union Directives with respect to product quality assurance standards and environmental standards. The “RoHs” and RoHs II Directives require products sold in Europe to meet certain design specifications, which exclude the use of hazardous substances. Directive 2002/96/EC on Waste Electrical and Electronic Equipment (known as the “WEEE” Directive) requires producers of electrical and electronic equipment to register in different European countries and to provide collection and recycling facilities for used products. We believe we are currently in compliance with the RoHs and WEEE regulations, ISO 14001 standards (regrading Environmental Management Systems), ISO/IEC 27001:2013 and ISO 27032: 2012 standards (both in regard to Information Security Management System), ISO 28000 (Supply Chain Security management) and OHSAS 18001:2007 (Occupational Health and Safety Management).
Israeli Innovation Authority
From time to time, eligible participants may receive grants under programs of the IIA. This governmental support is conditioned upon the participant’s ability to comply with certain applicable requirements and conditions specified in the IIA’s programs and the Innovation Law.
Under the Innovation Law, research and development programs that meet specified criteria and are approved by the Research Committee of the IIA are eligible for grants usually of up to 50%55% of certain approved expenditures of such programs, as determined by said committee.
The Innovation Law provides that know-how developed under an approved research and development program or rights associated with such know-how (1) may not be transferred to third parties in Israel without the approval of the IIA (such approval is not required for the sale or export of any products resulting from such research or development) and (2) may not be transferred to any third parties outside Israel, except in certain special circumstances and subject to the IIA’s prior approval, which approval, if any, may generally be obtained, subject to payment of a transfer fee pursuant to which the grant recipient pays to the IIA a portion of the sale price paid in consideration for such IIA-funded know-how; or a portion of the consideration paid in respect of licensing the IIA-funded know-how, as the case may be (according to certain formulas, which may result in repayment of up to 600% of the grant amounts plus interest). Under certain circumstances, such as in the event that the grant recipient receives know-how from a third party in exchange for its IIA-funded know-how, such transfer fee may not apply.
The Innovation Law imposes reporting requirements with respect to certain changes in the ownership of a grant recipient. The law requires the grant recipient and its controlling shareholders and foreign interested parties to notify the IIA of any change in control of the recipient or a change in the holdings of the means of control of the recipient and requires a non-Israel interested party to undertake to the IIA to comply with the Innovation Law. In addition, the rules of the IIA may require additional information or representations in respect of certain of such events. For this purpose, “control” is defined as the ability to direct the activities of a company other than any ability arising solely from serving as an officer or director of the company. A person is presumed to have control if such person holds 50% or more of the means of control of a company. “Means of control” refers to voting rights or the right to appoint directors or the chief executive officer. An “interested party” of a company includes a holder of 5% or more of its outstanding share capital or voting rights, its chief executive officer and directors, someone who has the right to appoint its chief executive officer or at least one director, and a company with respect to which any of the foregoing interested parties owns 25% or more of the outstanding share capital or voting rights or has the right to appoint 25% or more of the directors. Accordingly, any non-Israeli who acquires 5% or more of our ordinary shares will be required to notify us that it has become an interested party and needs to sign an undertaking to comply with the Innovation Law.
The Israeli authorities have indicated in the past that the government may further reduce or abolish the IIA grants in the future. Even if these grants are maintained, we cannot presently predict what would be the amounts of future grants, if any, that we might receive.
In 2022, 2021 2020 and 20192020 we were qualified to participate in three projects funded by the IIA to develop generic technology relevant to the development of our products. We were eligible to receive grants constituting between 30% and 50%55% of certain research and development expenses relating to these projects. The grants under these projects are not required to be repaid by way of royalties. Research and development grants deducted from research and development expenses, net amounted to $1.0$1.3 million, $0.9$1.0 million and $0.9 million for the years ended December 31, 2022, 2021 2020 and 2019,2020, respectively.
In addition, during 2021, one of our Israeli subsidiaries received royalty-bearing grants from the IIA for an approved research and development project. The grants under this project are required to be repaid based on revenues from the sale of products incorporating know-how developed, in whole or in part with the grants. These grants amounted to $0.3 million for the year ended December 31, 2021.2022.
Environmental, Social and Governance Matters
At Radware, we aim to help customers protect their critical applications and secure their digital experiences. As we pursue this goal, we recognize our responsibility to ensure our business practices promote socially and environmentally responsible economic growth.growth through our business practices. In order to promote this corporate responsibility and sustainability approach, we have implemented, and will continue to implement, various Environmental, Social and Governance (ESG) principles and activities into our daily business practices, including, but not limited to, those summarized below.
Most recently, in December 2021, we have also released our inaugural ESG Report available at www.radware.com/corporategovernance (information contained on our website, including in our ESG report, is not incorporated herein by reference and shall not constitute part of this annual report) so as to expand our ESG-related disclosures onregarding what we have accomplished thus far on this front and what we strive to achieve.
Environmental
We are committedaim to buildingbuild a more sustainable world through the products, services and solutions we offer and the way we operate. This means, among other things, that we aim to operate our business in a manner which meets or exceeds all environmental laws and compliance guidelines and strivingstrive to improve our environmental performance across theour entire supply chain.
While we continue to develop a comprehensive program that recognizes our environmental impact, we have already implemented various activities to measure and foster our environmental commitment,focus, including the following:following highlights:
We have implemented key performance indicators (KPIs), which set quantitative reduction goals for the use of water, power and paper;
| • | We work with our suppliers to maintain compliance with various environmental laws and guidelines, such as RoHS and WEEE in the EU, and adopted our Conflict Minerals Policy available at www.radware.com/corporategovernance/conflictminerals (information contained on our website, including in our Conflict Minerals Policy, is not incorporated herein by reference and shall not constitute part of this annual report) which outlines our practices and procedures with respect to responsible sourcing of minerals from conflict-affected and high-risk areas; and |
Our corporate headquarters in Tel Aviv, Israel, as well as our Trainingtraining rooms in Tel Aviv are designed in the “TED” style to serve as multifunctional work spaces while the operations room utilizes NVX video technology in order to minimize the amount of copper wiring required to function and travels.travel. At our headquarters, we offer EV charging stations to our employees and visitors, and where applicable according to local requirements, we offer recycling and we properly dispose of e-waste.
Social
We believe that the foundation of our success lies in our diverse, engaged and motivated workforce, and we continuously advocate for our team by creating a work environment in which our employees can thrive in the spirit of productivity and development. This means, among other things, that we aim to operate our business in a manner which promotes a work environment that is free of discrimination and harassment and otherwise attendattends to our employees’ wellbeing.
While we continue to develop a comprehensive program that recognizes our social impact, we have already implemented various activities to measure and foster our focus on social commitment,impact, including the following:following highlights:
We are an equal-opportunity employer and make employment decisions based on the basis of a person’s qualifications and our business needs. This is demonstrated by our Human Rights and Labor Standards Policy;
Our corporate policy maintains zero tolerance for harassment, sexual harassment and discrimination, and it imposes significant consequences for behavior deemed to create a hostile work environment. This is demonstrated by our Code of Conduct and Ethics as well as our Human Rights and Labor Standards Policy;
We offer what we believe is an attractive mix of compensation and benefit plans to support our employees and their families’ physical, mental, and financial well-being. This includes allowing the majority of our employees to have a direct ownership interest in Radware by participating in our equity-based incentive plans; and
We are committed tofocused on maintaining a healthy, safe, and secure work environment that protects our employees and the public from harm. This is demonstrated by the measures we implemented in order to overcome the challenges presented by the COVID-19 pandemic,pandemic. We implemented hybrid work model whereby we implemented a program of global engagement activities that consists of, among other things, improving virtual communication channels; our “going virtual” activities, including new virtual onboarding, virtual learning ramp up, global hackathon, and virtual branding; and wellbeing and employee care activities, in which we supported the wellbeing of each ofenable our employees to work partly from remote and their families by providing quarantine packages, holiday deliveries, virtual activities, live shows, talent competitions,partly from the office. We believe that this flexibility drives increased job satisfaction while addressing the major challenges of remote work, such as isolation and family meal vouchers.lack of community.
Governance
As part of our sustainable and other ESG operations policies, we aim thatto conduct our corporate governance and build corporate behavior mechanisms to align with the interest of all our stakeholders. This means, among other things, that we developed and strive to maintain a strong set of corporate values that will inspire ethical behavior across all decision-making processes, and a management and control system to ensureso that ethics and security issues are given their due weight.
While we continue to develop a comprehensive program that recognizes our corporate governance and ethical conduct, we have already implemented various activities to measure and foster this commitment,focus, including the following:following highlights:
Corporate Governance and Board Practices: Our corporate governance policies and practices are designed to foster effective board oversight in service of the long-term interests of our shareholders. Our Board of Directors consists of seven (7)eight (8) members, of whom five (5)six (6) qualify as “independent directors” under the Nasdaq rules and one (1) is a woman. The Audit and Compensation Committees of our Board of Directors, which are charged with significant functions in our risk oversight and compensation philosophy, respectively, both currently consist of four (4) members, all of whom qualify as “independent directors” under the Nasdaq rules and one (1) of whom is a woman.rules. For further details on our corporate governance as well as our boardBoard of directorsDirectors and its committees’ roles and practices, see Items 6.C (“Board“Board Practices”) and 16.G (“Corporate“Corporate Governance”).
| • | Ethical Business Conduct: All of our directors, officers, service providers and employees must conduct themselves in accordance with our Code of Conduct and Ethics available at Ethical Business Conduct: All our directors, officers, consultants, service providers and employees are expected to conduct themselves in accordance with our Code of Conduct and Ethics available at http://www.radware.com/corporategovernance/ (information contained on our website, is not incorporated herein by reference and shall not constitute part of this annual report). Our Code of Conduct and Ethics is intended to promote various elements of ethical business conduct, including in our Code of Conduct and Ethics, is not incorporated herein by reference and shall not constitute part of this annual report). Our Code of Conduct and Ethics is intended to promote various elements of ethical business conduct, such as compliance with laws; avoiding conflict of interests and personal exploitation of corporate opportunities; fair dealing; confidentiality of information; and other policies and guidelines in connection with insider trading and anti-corruption laws and policies. |
C.Organizational Structure
We have a wholly owned subsidiary in the United States, Radware Inc., which conducts the sales and marketing of our products and services in the United States. We also have subsidiaries in other countries, most of which typically conduct sales and marketing of our products and services in their respective locations. We have also established representative offices in Taiwan. Our subsidiaries include:include (unless otherwise indicated, all subsidiaries are wholly owned):
Name of Subsidiary | Place of Incorporation |
Radware Inc. | New Jersey, United States |
Radware UK Limited | United Kingdom |
Radware France | France |
Radware Srl | Italy |
Radware GmbH | Germany |
Nihon Radware KK | Japan |
Radware Australia Pty. Ltd. | Australia |
Radware Singapore Pte. Ltd. | Singapore |
Radware Korea Ltd. | Korea |
Radware Canada Inc. | Canada |
Radware India Pvt. Ltd. | India |
Kaalbi Technologies Limited Ltd. | India |
Radware (India) Cyber Security Solutions Private Limited | India |
Radware China Ltd. 睿伟网络科技(上海)有限公司 | China |
Radware (Hong Kong) Limited | Hong Kong |
Radyoos Media Ltd.* | Israel |
Radware Canada Holdings Inc. | Canada |
Radware Iberia, S.L.U. | Spain |
Edgehawk Security Ltd. | Israel |
CNPSkyHawk (CNP) Security Ltd.** | Israel |
CSR Cloud Security Ltd. | Israel |
* We own 91%approximately 91.0% of this subsidiary, which ceased its activities sincein 2017. All other listed subsidiaries are wholly owned.
** We own approximately 76.2% of this subsidiary.
Yehuda Zisapel, one of our co-founders and shareholders, is the Chairman of our Board of Directors and the father of Roy Zisapel, our President, Chief Executive Officer and director. Either Yehuda Zisapel, his brother, Zohar Zisapel, and Nava Zisapel (or all of them together) are founders, directors and/or shareholders of several other companies which, together with our Company and our subsidiaries listed above, are known as the RAD-Bynet Group. These companies include, among others:
AB-NET Communications Ltd. Binat Business Ltd. BYNET Data Communications Ltd.* CloudRide Ltd.* BYNET Electronics Ltd.* BYNET SEMECH (outsourcing) Ltd.* Bynet Software Systems Ltd. Bynet System Applications Ltd.* | Ceragon Networks Ltd. Internet Binat Ltd.* Nuance Hearing Ltd. Packetlight Networks Ltd. RAD-Bynet Properties and Services (1981) Ltd.* Radbit Computers, Inc. RADCOM Ltd. RAD Data Communications Ltd.* Radiflow Ltd. | RADWIN Ltd. DC SecurityProtection Ltd. (previously known as SecurityDAM Ltd.)
|
*Denotes a RAD-Bynet Group company with whomwhich we currently transact business
The RAD-Bynet Group also includes several other holdings, real estate companies, biotech and pharmaceutical companies and the above list does not constitute a complete list of all entities within the RAD-Bynet Group or of all the holdings of Messrs. Yehuda and Zohar Zisapel and Ms. Nava Zisapel.
Members of the RAD-Bynet Group are actively engaged in designing, manufacturing, marketing and supporting data communications products, none of which currently compete with our products. Some of the products of members of the RAD-Bynet Group are complementary to, and may be used in connection with, our products and services. See also Item 7.B “Related Party Transactions.”
D.Property, Plants and Equipment
General. We operate from leased premises mainly in Tel Aviv and Jerusalem in Israel and New Jersey in the United States. We also lease premises in several locations in Europe, South America and Asia-Pacific for the activities of our subsidiaries, representative offices and branches. Our aggregate annual rent expenses under these leases were approximately $6.2$6.9 million in 2021.2022.
We believe that the following offices and facilities are suitable and adequate for our operations as currently conducted and as currently foreseen. In the event that additional or substitute offices and facilities are required, we believe that we could obtain such offices and facilities at commercially reasonable rates.
Israel. Our headquarters and principal administrative, finance, research and development and marketing operations are located in approximately 108,000 square feet of leased office space in Tel Aviv, Israel, in two buildings: one building, consisting of approximately 40,000 square feet, plus storage and parking space, and the second building, consisting of approximately 68,000 square feet, plus parking spaces. Both buildings have leases that expire in June 2030 (with one of the two buildings having a termination option by us in June 2025 by way of prior notice) and are leased from, among others, affiliated companies owned by Yehuda, Nava and/or Zohar Zisapel, as applicable. For more information, see Item 7.B “Related Party Transactions.”
In addition, we lease approximately 3,600 square feet of space in Jerusalem, Israel, for development facilities from an affiliated company owned by Yehuda and Nava Zisapel. The lease expires in July 2025. We also subleaselease approximately 15,000 square feet for manufacturing facilities in Jerusalem, Israel, from an affiliated company owned by Yehuda, Nava and Zohar Zisapel. The lease expires in July 2022.August 2028. For more information, see Item 7.B “Related Party Transactions.”
Other locations. In the United States, we lease approximately 16,900 square feet of property in Mahwah, New Jersey, consisting of approximately 12,700 square feet of office space and 4,200 square feet of warehouse space from a company controlled by Yehuda, Nava and Zohar Zisapel. The lease expires in December 2025. For more information, see Item 7.B “Major Shareholders and Related Party Transactions – Related“Related Party Transactions.”
We lease approximately 3,850 square feet of property for our research and development facilities in North Carolina, the lease for which will expire in March 2026. In addition, we lease approximately 5,700 square feet of property in Sunnyvale, California, the lease for which will expire in February 2022.
We also lease facilities for the operation of our subsidiaries and representative offices in several locations in Europe, South America and Asia-Pacific, all from unrelated third parties.
ITEM 4A. UNRESOLVED STAFF COMMENTS
None.
ITEM 5.5.
| OPERATING AND FINANCIAL REVIEW AND PROSPECTS |
Our discussion and analysis of our financial condition and results of operation are based upon our consolidated financial statements, which have been prepared in accordance with generally accepted accounting principles in the United States.U.S. GAAP. Our operating and financial review and prospects should be read in conjunction with our financial statements, accompanying notes thereto and other financial information appearing elsewhere in this annual report.
A.Operating Results
Overview
We are a provider of cyber security and application delivery solutions for physical, cloud, and software defined data centers (SDDC). Our solutions portfolio secures the digital experience by providing infrastructure, application, and corporate ITnetwork protection and availability services to enterprises globally. Our solutions are deployed by, among others, enterprises, carriers and cloud service providers.providers worldwide.
We began sales in 1997, and currently have nearly 30 local offices, subsidiaries or branches globally across Asia-Pacific, Europe and North, Central and South America.
We sell through sales channels such as resellers and distributors whereas most of our direct sales are to strategic customers.
Most of our revenues are generated in dollars or are dollar-linked, and the majority of our expenses are incurred in dollars. As such, the dollar is our functional currency. Our consolidated financial statements are prepared in dollars and in accordance with U.S. GAAP.
Our revenues are derived from sales of our solutions:
We recognize physical and software product revenues when control of the product is transferred to the customer (i.e., when our performance obligation is satisfied), which typically occurs at shipment, and we recognize revenues from product and cloud subscriptions, as part of the product revenues, ratably over the subscription period.
Revenues from post-contract customer support (PCS), which mainly represents help-desk support and unit repairs or replacements, professional services and ERT services, are recognized ratably over the contract or subscription period, which is typically between one year and three years.
We operate in one reportable market segment, and our revenues are attributed to geographic areas based on the location of the end-users.
In the years ended December 31, 2022, 2021 2020 and 2019,2020, revenues derived from sales of the Company’s products and product subscriptions constituted approximately 58%59%, 53%59% and 53%, respectively, of our total revenues, with the remaining revenues being derived from services.
Results of Operations
The following discussion of our results of operations for the years ended December 31, 2022, 2021 2020 and 2019,2020, including the following tables, which present selected financial information in dollars and as a percentage of total revenues, are based upon our statements of operations contained in our financial statements for those periods, and the related notes, included in this annual report.
The following table sets forth, for the periods indicated, certain financial data concerning our operating results:
| | 2021 | | | 2020 | | | 2019 | | | 2022 | | | 2021 | | | 2020 | |
| | (US $ in thousands) | | | (US $ in thousands) | |
Revenues: | | | | | | | | | | | | | | $ | 172,161 | | | $ | 170,438 | | | $ | 132,934 | |
Products | | $ | 170,438 | | | $ | 132,934 | | | $ | 133,605 | | | | 121,265 | | | | 116,058 | | | | 117,093 | |
| | | 116,058 | | | | 117,093 | | | | 118,467 | | | | 293,426 | | | | 286,496 | | | | 250,027 | |
| | | 286,496 | | | | 250,027 | | | | 252,072 | | | | | | | | | | | | | |
Cost of revenues: | | | | | | | | | | | | | | | 43,014 | | | | 42,191 | | | | 34,645 | |
Products | | | 42,191 | | | | 34,645 | | | | 35,056 | | | | 10,870 | | | | 10,255 | | | | 10,439 | |
Services | | | 10,255 | | | | 10,439 | | | | 10,118 | | | | 53,884 | | | | 52,446 | | | | | |
| | | 52,446 | | | | 45,084 | | | | 45,174 | | | | | | | | | | | | | |
Gross profit | | | 234,050 | | | | 204,943 | | | | 206,898 | | | | 239,542 | | | | 234,050 | | | | 204,943 | |
Operating expenses, net: | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | |
Research and development, net | | | 74,098 | | | | 66,836 | | | | 61,841 | | | | 86,562 | | | | 74,098 | | | | 66,836 | |
Sales and marketing | | | 119,842 | | | | 113,015 | | | | 109,556 | | | | 126,533 | | | | 119,842 | | | | 113,015 | |
General and administrative | | | 21,885 | | | | 18,924 | | | | 18,584 | | | | 29,786 | | | | 21,885 | | | | 18,924 | |
Total operating expenses | | | 215,825 | | | | 198,775 | | | | 189,981 | | | | 242,881 | | | | 215,825 | | | | 198,775 | |
Operating income | | | 18,225 | | | | 6,168 | | | | 16,917 | | |
Operating income (loss) | | | | (3,339 | ) | | | 18,225 | | | | 6,168 | |
Financial income, net | | | 4,407 | | | | 7,796 | | | | 8,792 | | | | 8,052 | | | | 4,407 | | | | 7,796 | |
Income before taxes on Income | | | 22,632 | | | | 13,964 | | | | 25,709 | | | | 4,713 | | | | 22,632 | | | | 13,964 | |
Taxes on income | | | 14,821 | | | | 4,328 | | | | 3,143 | | | | 4,879 | | | | 14,821 | | | | 4,328 | |
Net income | | | 7,811 | | | | 9,636 | | | | 22,566 | | |
Net income (loss)
| | | | (166 | ) | | | 7,811 | | | | 9,636 | |
The following table sets forth, for the periods indicated, certain financial data expressed as a percentage of our total revenues:
| | | | | | | | | | | | | | | | | | |
Revenues: | | | | | | | | | | | | 59 | % | | | 59 | % | | | 53 | % |
Products | | | 59 | % | | | 53 | % | | | 53 | % | | | 41 | | | | 41 | | | | 47 | |
Services | | | 41 | | | | 47 | | | | 47 | | | | 100 | | | | 100 | | | | 100 | |
| | | 100 | | | | 100 | | | | 100 | | | | | | | | | | | | | |
Cost of Revenues: | | | | | | | | | | | | | | | | | | | | | | | | |
Products | | | 15 | | | | 14 | | | | 14
| | | | 15 | | | | 15 | | | | 14 | |
Services | | | 3 | | | | 4
| | | | 4
| | | | 4 | | | | 3 | | | | 4 | |
| | | 18
| | | | 18
| | | | 18
| | | | 19 | | | | 18 | | | | 18 | |
Gross profit | | | 82 | | | | 82 | | | | 82 | | | | 81 | | | | 82 | | | | 82 | |
Operating expenses, net: | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | |
Research and development, net | | | 26 | | | | 27 | | | | 25 | | | | 30 | | | | 26 | | | | 27 | |
Sales and marketing | | | 42 | | | | 45 | | | | 43 | | | | 43 | | | | 42 | | | | 45 | |
General and administrative | | | 7 | | | | 8 | | | | 7 | | | | 10 | | | | 7 | | | | 8 | |
Total operating expenses | | | 75 | | | | 80 | | | | 75 | | | | 83 | | | | 75 | | | | 80 | |
Operating income | | | 6 | | | | 2 | | | | 7 | | |
Operating income (loss) | | | | (1 | ) | | | 6 | | | | 2 | |
Financial income, net | | | 2 | | | | 3 | | | | 3 | | | | 3 | | | | 2 | | | | 3 | |
Income before taxes on Income | | | 8 | | | | 6 | | | | 10 | | |
Income before taxes on income | | | | 2 | | | | 8 | | | | 6 | |
Taxes on income | | | (5 | ) | | | (2 | ) | | | (1 | ) | | | (2 | ) | | | (5 | ) | | | (2 | ) |
Net income | | | 3 | % | | | 4 | % | | | 9 | % | |
Net income (loss) | | | | 0 | % | | | 3 | % | | | 4 | % |
Comparison of Years Ended December 31, 2022, 2021 2020 and 20192020
Revenues.
Our revenues are derived from sales of our solutions. Revenues from physical products and software-based products are recognized when control of the promised goods is transferred to the customer, either upon shipment or when the product is delivered, depending on the commercial terms of each transaction. Revenues from product subscriptions and cloud subscriptions are recognized ratably over the subscription period. Revenues from post-contract customer support, which represent mainly help-desk support, unit repairs or replacements, professional services and ERT services are recognized ratably over the contract period. For additional details regarding the manner in which we recognize revenues, see the discussion under the caption “Critical Accounting PoliciesEstimates – Revenue Recognition” above.below.
The following table provides a breakdown of our revenues by type of revenues both in dollars and as a percentage of total revenues for the past three fiscal years, as well as the percentage change between such periods:
(US$ in thousands, except percentages) | | 2022 | | | 2021 | | | | | | % Change 2022 vs. 2021 | | | % Change 2021 vs. 2020 | |
Products | | | 172,161 | | | | 59 | % | | | 170,438 | | | | 59 | % | | | 132,934 | | | | 53 | % | | | 1 | % | | | 28 | % |
Services | | | 121,265 | | | | 41 | % | | | 116,058 | | | | 41 | % | | | 117,093 | | | | 47 | % | | | 4 | % | | | (1 | )% |
Total | | | 293,426 | | | | 100 | % | | | 286,496 | | | | 100 | % | | | 250,027 | | | | 100 | % | | | 2 | % | | | 15 | % |
(US$ in thousands) | |
2021 | | |
2020 | | | | | | % Change 2021 vs. 2020 | | | % Change 2020 vs. 2019 | |
Products | | | 170,438 | | | | 59 | % | | | 132,934 | | | | 53 | % | | | 133,605 | | | | 53 | % | | | 28 | % | | | (1 | )% |
Services | | | 116,058 | | | | 41 | % | | | 117,093 | | | | 47 | % | | | 118,467 | | | | 47 | % | | | (1 | )% | | | (1 | )% |
Total | | | 286,496 | | | | 100 | % | | | 250,027 | | | | 100 | % | | | 252,072 | | | | 100 | % | | | 15 | % | | | (1 | )% |
The following table shows a breakdown of our total revenues by geographical distribution both in dollars and as a percentage of total revenues for the past three fiscal years, as well as the percentage change between such periods:
(US$ in thousands) | |
2021 | | |
2020 | | |
2019 | | | % Change 2021 vs. 2020 | | | % Change 2020 vs. 2019 | | |
(US$ in thousands, except percentages) | | | 2022 | | | 2021 | | | 2020 | | | % Change 2022 vs. 2021 | | | % Change 2021 vs. 2020 | |
North, Central and South America (principally the United States)(*) | | | 128,770 | | | | 45 | % | | | 114,413 | | | | 46 | % | | | 106,429 | | | | 42 | % | | | 13 | % | | | 8 | % | | | 123,947 | | | | 42 | % | | | 128,770 | | | | 45 | % | | | 114,413 | | | | 46 | % | | | (4 | )% | | | 13 | % |
EMEA (Europe, the Middle East and Africa) | | | 98,388 | | | | 34 | % | | | 78,362 | | | | 31 | % | | | 75,275 | | | | 30 | % | | | 26 | % | | | 4 | % | | | 104,219 | | | | 36 | % | | | 98,388 | | | | 34 | % | | | 78,362 | | | | 31 | % | | | 6 | % | | | 26 | % |
Asia-Pacific | | | 59,338 | | | | 21 | % | | | 57,252 | | | | 23 | % | | | 70,368 | | | | 28 | % | | | 4 | % | | | (19 | )% | | | 65,260 | | | | 22 | % | | | 59,338 | | | | 21 | % | | | 57,252 | | | | 23 | % | | | 10 | % | | | 4 | % |
Total | | | 286,496 | | | | 100 | % | | | 250,027 | | | | 100 | % | | | 252,072 | | | | 100 | % | | | 15 | % | | | (1 | )% | | | 293,426 | | | | 100 | % | | | 286,496 | | | | 100 | % | | | 250,027 | | | | 100 | % | | | 2 | % | | | 15 | % |
(*) For the years ended December 31, 2022, 2021 2020 and 2019,2020, our revenues from the United States were $94.0 million, $98.9 million $93.7 million and $85.4$93.7 million, respectively, representing 35%32%, 37%35% and 34%37% of total revenues for these years, respectively.
Revenues in 2022 were $293.4 million compared with revenues of $286.5 million in 2021, an increase of 2%. The increase in revenues was primarily due to an increase in both product subscriptions revenues and service subscriptions revenues as described in more detail below.
Revenues in 2021 were $286.5 million compared with revenues of $250.0 million in 2020, an increase of 15%. The increase in revenues was due to an increase in product revenue, in all geographic regions, primarily in EMEA as described below.
Revenues in 2020In 2022, our product revenues were $250.0$172.2 million, an increase of 1% compared with revenues of $252.1to $170.4 million in 2019, a decrease of 1%. The decrease2021, reflecting an increase in revenues was primarily due toproduct subscriptions, partially offset by a decrease in maintenance revenues as described in more detail below.
our hardware-based products. In 2021, our product revenues were $170.4 million, an increase of 28% compared to $132.9 million in 2020, reflecting an increase in cloud services,subscriptions, product subscriptions and in appliance products.
In 2020,2022, our productservice revenues were $132.9$121.3 million, approximately the same level as in 2019, reflecting an increase of 4% compared to $116.1 million in product subscriptions, offset by a decrease2021. The increase in our hardware-based products.
service revenues is due to the increase in service subscriptions. In 2021, our service revenues were $116.1 million, compared to $117.1 million in 2020, and $118.5 million in 2019. Thethe decrease in service revenues in both 2021 and 2020 iswas due to the decrease in maintenance revenues, partially offset by an increase in service subscriptions.
During 2022, our revenues from the enterprise market increased by 5% to $218 million from $208.2 million in 2021, whereas, in 2022, revenues from the carrier market decreased by 4% to $75.4 million from $78.3 million in 2021. During 2021, our revenues from the enterprise market increased by 18% to $208.2 million from $176.9 million in 2020, and revenues from the carrier market increased by 7% to $78.3 million from $73.1 million in 2020. During 2020, our
Our revenues in North, Central and South America decreased in 2022 by 4% compared to 2021. Revenues from the enterprise marketEMEA region increased in 2022 by 2%6% compared to $176.9 million from $172.6 million2021. Revenues in 2019, whereasthe Asia-Pacific region increased in 2022 by 10% compared to 2021. The growth in EMEA and Asia-Pacific is attributed mainly to our cloud and subscription business and to new logos we added to our cloud security offering; many of them are mid-sized enterprises. The decrease in revenues fromin North, Central and South America is attributed mainly to elongated sales cycles influenced by the carrier market decreased by 8% to $73.1 million from $79.5 million in 2019.macro-economic downturn.
Our revenues in North, Central and South America increased in 2021 by 13% compared to 2020. Revenues from the EMEA region increased in 2021 by 26% compared to 2020. Revenues in the Asia-Pacific region decreasedincreased in 2021 by 4% compared to 2020. The growth in North, Central and South America and in EMEA is attributed to high demand for our cloud security solutions in those regions.
Our revenues in North, Central and South America increased in 2020 by 8% compared to 2019, mainly due to greater demand for cloud-based security solutions in those regions. Revenues from the EMEA region increased in 2020 by 4% compared to 2019. Revenues in the Asia-Pacific region decreased in 2020 by 19% compared to 2019 mainly due to recognition of large appliance deals in 2019.
Other than the United States, no other single country accounted for more than 10% of our revenues for each of the years ended December 31, 2022, 2021 2020 and 2019.2020.
Cost of Revenues.
Cost of revenues refers to both products and serviceservices revenues and consists primarily of the cost of circuit boards and other components required for the assembly of our products, salaries and related personnel expenses for those engaged in the final assembly, and in providing support and maintenance service of our products, license and hosting fees paid to third parties, fees paid to managed security service providers (related parties), inventory write-offs, amortization of acquired technology and other overhead costs.
The following table sets forth a breakdown of our cost of revenues between products and services for the periods indicated, in absolute figures and as a percentage of the relative product and services revenues:
(US$ in thousands) | | 2021 | | | 2020 | | | 2019 | | |
(US$ in thousands, except percentages) | | | 2022 | | | 2021 | | | 2020 | |
Cost of Products | | | 42,191 | | | | 24.8 | % | | | 34,645 | | | | 26.1 | % | | | 35,056 | | | | 26.2 | % | | | 43,014 | | | | 25.0 | % | | | 42,191 | | | | 24.8 | % | | | 34,645 | | | | 26.1 | % |
Cost of Services | | | 10,255 | | | | 8.8 | % | | | 10,439 | | | | 8.9 | % | | | 10,118 | | | | 8.5 | % | | | 10,870 | | | | 9.0 | % | | | 10,255 | | | | 8.8 | % | | | 10,439 | | | | 8.9 | % |
Total | | | 52,446 | | | | 18.3 | % | | | 45,084 | | | | 18.0 | % | | | 45,174 | | | | 17.9 | % | | | 53,884 | | | | 18.4 | % | | | 52,446 | | | | 18.3 | % | | | 45,084 | | | | 18.0 | % |
Cost of products as a percentage of product revenues in 2022 was 25.0%, compared to 24.8% in 2021. Cost of products in 2022 and 2021 included amortization of intangible assets in the amount of $3.7 million and $1.9 million, respectively. Our cost of products as a percentage of product revenues, excluding amortization of intangible assets, represented approximately 22.8% of product revenues in 2022, compared to 23.7% in 2021. Excluding amortization of intangible assets, the decrease in cost of products as a percentage of product revenues is mainly due to a different mix of sales of our products and product subscriptions, whereby there was an increase in product subscriptions and a decrease in hardware-based products.
Cost of services as a percentage of service revenues in 2022 was 9.0% compared to 8.8% in 2021.
Cost of products as a percentage of product revenues in 2021 was 24.8%, compared to 26.1% in 2020. Cost of products in 2021 and 2020 included amortization of intangible assets in the amount of $1.9 million for both 2021 and 2020. Our cost of products as a percentage of product revenues, excluding amortization of intangible assets, represented approximately 23.7% of product revenues in 2021, compared to 24.6% in 2020. The decrease in cost of products as a percentage of product revenues is mainly due to a different mix of sales of our products and product subscriptions.
Cost of services as a percentage of service revenues in 2021 was 8.8% compared to 8.9% in 2020.
Cost of products as a percentage of product revenues in 2020 was 26.1%, approximately the same as 2019. Cost of products in 2020 and 2019 included amortization of intangible assets in the amount of $1.9 million and $2.3 million, respectively. Our cost of products as a percentage of product revenues, excluding amortization of intangible assets, represented approximately 24.6% of product revenues in 2020, compared to 24.5% in 2019.
Cost of services as a percentage of service revenues in 2020 was 8.9% compared to 8.5% in 2019.
Operating Expenses.
The following table sets forth a breakdown of our operating expenses for the periods indicated as well as the percentage change between such periods:
(US$ in thousands) | |
2021 | | |
2020 | | |
2019 | | | % Change 2021 vs. 2020 | | | % Change 2020 vs. 2019 | | |
(US$ in thousands, except percentages) | | | 2022 | | | 2021 | | | 2020 | | | % Change 2022 vs. 2021 | | | % Change 2021 vs. 2020 | |
Research and development, net | | $ | 74,098 | | | $ | 66,836 | | | $ | 61,841 | | | | 11 | % | | | 8 | % | | $ | 86,562 | | | $ | 74,098 | | | $ | 66,836 | | | | 17 | % | | | 11 | % |
Selling and marketing | | | 119,842 | | | | 113,015 | | | | 109,556 | | | | 6 | % | | | 3 | % | | | 126,533 | | | | 119,842 | | | | 113,015 | | | | 6 | % | | | 6 | % |
General and administrative | | | 21,885 | | | | 18,924 | | | | 18,584 | | | | 16 | % | | | 2 | % | | | 29,786 | | | | 21,885 | | | | 18,924 | | | | 36 | % | | | 16 | % |
Total | | $ | 215,825 | | | $ | 198,775 | | | $ | 189,981 | | | | 9 | % | | | 5 | % | | $ | 242,881 | | | $ | 215,825 | | | $ | 198,775 | | | | 13 | % | | | 9 | % |
Our operating expenses increased by 13% in 2022 to $242.9 million from $215.8 million in 2021. The increase is primarily attributed to increased personnel costs and related expenses, additional operating costs following the acquisition of SecurityDAM in February 2022, increased share-based compensation expenses, increased travel expenses and increased fees paid for hosting services and subcontractors.
Our operating expenses increased by 9% in 2021 to $215.8 million from $198.8 million in 2020. The increase is primarily attributed to increased personnel costs and related expenses, the impact of the weakening of the dollar mainly against the NIS and increased fees paid to subcontractors and consultants.
Our operating expenses increased by 5% in 2020 to $198.8 million from $190.0 million in 2019. The increase is primarily attributed to personnel costs and related expenses as well as stock-based compensation expenses. Such increase was partially offset by the decrease in travel and marketing expenses related to the COVID-19 pandemic.
Research and Development Expenses.Expenses, Net.
Research and development, or R&D, expenses, net consist primarily of salaries and related personnel expenses, costs of subcontractors and prototype expenses related to the design, development, quality assurance and enhancement of our solutions, and depreciation of equipment purchased for the development and testing processes. All R&D costs are expensed as incurred. We believe that continued investment in R&D is critical to attaining our strategic product objectives.
R&D expenses, net were $86.6 million in 2022, an increase of $12.5 million, or 17%, compared with R&D expenses, net of $74.1 million in 2021. This increase is primarily a result of: (1) $7.8 million due to an increase in personnel costs, including salary raises awarded and increases in average headcount compared to the previous year and additional personnel costs as part of the acquisition of SecurityDAM in February 2022, (2) $0.8 million related to additional rent and maintenance expenses due to SecurityDAM office spaces, (3) a $1.5 million increase in amounts paid to subcontractors, and (4) a $1.9 million increase in share-based compensation expenses (see also “Share-based compensation expenses” below). There was no significant impact due to the strengthening of the dollar against the NIS since the Company hedged most of its salary related expenses.
R&D expenses, net were $74.1 million in 2021, an increase of $7.3 million, or 11%, compared with R&D expenses, net of $66.8 million in 2020. This increase is primarily a result of: (1) $1.4 million due to an increase in personnel costs, including salary raises awarded and other salaries relatedsalary-related expenses, partially offset by lower average headcount compared to the previous year, (2) a $3.4 million increase related to the impact of the weakening of the dollar mainly against the NIS, (3) a $1.3 million increase in amounts paid to subcontractors, and (4) a $1.0 million increase in stock-basedshare-based compensation expenses (see also “Stock-based“Share-based compensation expenses” below).
R&D expenses were $66.8 million in 2020, an increase of $5.0 million, or 8%, compared with R&D expenses of $61.8 million in 2019. This increase is primarily a result of: (1) $3.1 million due to an increase in personnel costs compared to previous year, driven by the growth in average headcount during 2020, as well as salary raises awarded and other salary related expenses, (2) $1.0 million related to the impact of the weakening of the dollar mainly against the NIS, and (3) $1.6 million increase in stock-based compensation expenses (see also “Stock-based compensation expenses” below). This was partially offset by a $0.6 million decrease in expenses due to reductions in travel caused by the COVID-19 pandemic. Sales and Marketing Expenses.
Sales and Marketing Expenses.
Sales and marketing expenses consist primarily of salaries, commissions and related personnel expenses for those engaged in the sales and marketing of our products and services, operational costs of our offices whichthat are located outside Israel and are engaged in the promotion, marketing and support of our solutions, in addition to the related trade shows, advertising, promotions, web sitewebsite maintenance and public relations expenses, and amortization of intangible assets.
Sales and marketing expenses were $126.5 million in 2022, an increase of $6.7 million, or 6%, compared with sales and marketing expenses of $119.8 million in 2021. This increase is mainly related to (1) an increase of $2.3 million in marketing-related expenses, (2) $2.0 million related to an increase in travel expenses, and (3) a $2.4 million increase in share-based compensation expenses (see also “Share-based compensation expenses” below).
Sales and marketing expenses were $119.8 million in 2021, an increase of $6.8 million, or 6%, compared with sales and marketing expenses of $113.0 million in 2020. This increase is mainly related to (1) an increase of (1) $3.9 million due to a headcount increase, as well as salary raises and other salary relatedsalary-related expenses such as sales incentive commissions, (2) an increase of $2.6 million related to the impact of the weakening of the dollar, mainly against the NIS, and (3) a $0.5 million increase in stock-basedshare-based compensation expenses (see also “Stock-based“Share-based compensation expenses” below).
Sales and marketing expenses were $113.0 million in 2020, an increase of $3.5 million, or 3%, compared with sales and marketing expenses of $109.6 million in 2019. This increase is mainly related to an increase of $10.6 million due to a headcount increase, as well as salary raises and other salary related expenses, such as sales incentive commissions. This increase was partially offset by a $ 5.7 million reduction in travel expenses and $1.9 million of lower marketing expenses, each as a result of the COVID-19 pandemic.
General and Administrative Expenses.
General and administrative expenses consist primarily of salaries and related personnel expenses for executive, accounting and administrative personnel, professional fees (which include legal, audit and additional consulting fees), bad debt expenses, acquisition related costs and other general corporate expenses.
General and administrative expenses were $29.8 million in 2022, an increase of $7.9 million, or 36%, compared with general and administrative expenses of $21.9 million in 2021. The increase in general and administrative expenses in 2022 was primarily due to (1) a $5.3 million increase in share-based compensation expenses (see also “Share-based compensation expenses” below), (2) a $0.9 million increase related to personnel costs and related expenses, (3) a $1.0 million increase related to transaction costs as part of the acquisition of SecurityDAM in February 2022, and (4) a $0.8 million increase related to revaluation of contingent consideration recorded as part of the acquisition of SecurityDAM.
General and administrative expenses were $21.9 million in 2021, an increase of $3.0 million, or 16%, compared with general and administrative expenses of $18.9 million in 2020. The increase in general and administrative expenses in 2021 was primarily due to (1) an increase of $0.2 million related to personnel costs and related expenses, (2) an increase of $0.9 million related to the impact of the weakening of the USD against the NIS, (3) $0.7 million related to increased fees paid to outside consultants for tax, financial and legal services, ,and (4) $1.4 million related to an increase in insurance premiums, mainly due to directors and officers liability insurance. Such increase was partially offset by $0.5 million related to lower stock-basedshare-based compensation expenses (see also “Stock-based“Share-based compensation expenses” below).
General and administrative expenses were $18.9 million in 2020, an increase of $0.3 million, or 2%, compared with general and administrative expenses of $18.6 million in 2019. The increase in general and administrative expenses in 2020 was primarily due to an increase of $0.2 million related to personnel costs and related expenses, an increase of $0.2 million related to the impact of the weakening of the USD against the NIS and an increase of $0.6 million related to higher stock-based compensation expenses (see also “Stock-based compensation expenses” below). Such increase was partially offset by a $0.6 million decrease related to fees paid last year to outside consultants primarily related to our acquisition in 2019 of Kaalbi Technologies Private Ltd., formerly known as ShieldSquare, an India-based provider of bot mitigation and bot management space, and the intellectual property litigation that settled in 2019.
For a discussion of the impact of foreign currency fluctuations on our business, see Item 11 “Quantitative and Qualitative Disclosures about Market Risk.”
Stock-basedShare-based compensation expenses.
Our expenses also include the recognition of stock-basedshare-based compensation, which is allocated among cost of sales, research and development expenses, marketing and selling expenses and general and administrative expenses, based on the division in which the recipient of the option grant is employed. The stock-basedshare-based compensation is amortized to operating expenses over the requisite service period of the individual options.
The following tables summarize the stockshare options and restricted share units (RSUs) that were granted during the years 2022, 2021 2020 and 2019,2020, and their weighted average grant-date fair value:
StockShare options:
| | 2021 | | | 2020 | | | 2019 | | | 2022 | | | 2021 | | | 2020 | |
Grants | | | 248,233 | | | | 1,037,444 | | | | 1,167,458 | | | | | | | | 248,233 | | | | 1,037,444 | |
Weighted average grant-date fair value | | | 6.87 | | | | 4.74 | | | | 5.54 | | | | 6.77 | | | | 6.87 | | | | 4.74 | |
RSUs:
| | 2021 | | | 2020 | | | 2019 | | | 2022 | | | 2021 | | | 2020 | |
Grants | | | 1,143,097 | | | | 995,419 | | | | 776,788 | | | | | | | | 1,143,097 | | | | 995,419 | |
Weighted average grant-date fair value | | | 32.57 | | | | 22.54 | | | | 23.41 | | | | 21.31 | | | | 32.57 | | | | 22.54 | |
Stock-basedShare-based compensation expenses in 2022 totaled $27.4 million, an increase of $9.8 million, or 56%, compared with expenses of $17.6 million in 2021. The increase in our share-based compensation expenses in 2022 was primarily due to equity-based grants made to our CEO during 2022 and higher weighted average grant date fair value of RSUs granted towards the end of 2021, which resulted in recording higher expenses in 2022.
Share-based compensation expenses in 2021 totaled $17.6 million, an increase of $1.1 million, or 7%, compared with expenses of $16.5 million in 2020. The reason for the increase in our stock-basedshare-based compensation expenses in 2021 iswas primarily due to the significant increase in our weighted average grant date fair value of RSUs granted throughout 2021.
Stock-based compensation expenses in 2020 totaled $16.5 million, an increase of $3.5 million, or 27%, compared with expenses of $13.1 million in 2019. The reason for the increase in our stock-based compensation expenses in 2020 is primarily due to the increase in the quantity of RSUs granted throughout 2019 and specifically in the end of the year and therefore the related expense was recorded mainly in 2020.
Financial Income, Net.
Financial income, net consists primarily of interest earned on short- and long-term bank deposits, amortization of premiums, accretion of discounts, interest and dividends earned on investments in marketable securities, gain from the sale of marketable securities and from income and expenses from the translation of monetary balance sheet items denominated in non-dollar currencies.
Financial income, net was $8.1 million in 2022, compared with $4.4 million in 2021. The net increase of $3.7 million was primarily due to a $3.1 million increase in foreign currency exchange gains, mainly due to revaluation of liabilities stated in NIS and $0.6 million increase in interest income and gains from our investments and bank deposits.
Financial income, net was $4.4 million in 2021, compared with $7.8 million in 2020. The net decrease of $3.4 million iswas primarily attributeddue to a $3.8 million decrease in interest from our investments, partially offset by a $0.5 million decrease in foreign currency exchange losses.
Financial income, net was $7.8 million in 2020, compared with $8.8 million in 2019. The net decrease of $1.0 million is primarily attributed to a decrease in interest from our investments due to lower market yield.
Income Taxes.
Israeli companies are generally subject to corporate tax on their taxable income at the rate of 23% for the 2022, 2021 and 2020 tax years. We elected to apply the Preferred Enterprise regime under the Law for the Encouragement of Capital Investment, 1959 (the “Investments Law”) as of the 2014 tax year. The election is irrevocable. Under the Preferred Enterprise regime, a preferred income of an enterprise located in the center of Israel is subject to a tax rate of 16%. Pursuant to Amendment 73 to the Investments Law adopted in 2017, a company located in the center of Israel that meets the conditions for “Preferred Technological Enterprises”, is subject to a tax rate of 12%. We believe we meet those conditions.
We operate our business in various countries and attempt to utilize an efficient operating model to optimize our tax payments based on the laws in the countries in which we operate. This can cause disputes between us and various tax authorities in different parts of the world.
Our effective tax rate in 2022 was 104% compared with an effective tax rate of 65% in 2021. The increase in the effective tax rate in 2022 as compared to 2021 was primarily due to an additional provision for unrecognized tax benefit and carryforward losses of which valuation allowance was recorded.
Our effective tax rate in 2021 was 65% compared with an effective tax rate of 31% in 2020. The increase in the effective tax rate in 2021 as compared to 2020 iswas primarily due to a settlement we reached with the Israeli Tax Authority during November 2021 in relation to our corporate tax returns for the years 2015-2018 and the release of Trapped Earnings as described in Item 10.E “Taxation—Israeli Tax Considerations.”
Our effective tax rate in 2020 was 31% compared with an effective tax rate of 12% in 2019. The increase in the effective tax rate in 2020 as compared to 2019 is primarily due to the release of a valuation allowance we made in 2019 and the write-off of unused withholding tax balances.
For additional disclosure and explanations regarding our income taxes, including the Preferred Technology Enterprise program, see Note 14 to our consolidated financial statements included elsewhere in this annual report and Item 10.E “Taxation—Israeli Tax Considerations.”
Impact of Currency Fluctuations and Inflation
Our financial results may be negatively impacted by foreign currency fluctuations and inflation. Information required by this section is set forth in Item 11 “Quantitative and Qualitative Disclosures about Market Risk” and in Item 3.D “Risk Factors—Factors—Currency exchange rates and fluctuations of exchange rates could have a material adverse effect on our results of operations,operations.” each of which are incorporated herein by reference.
Impact of Governmental Policies
For information on the impact of governmental policies on our operations, see Item 4.B “Business Overview—Government Regulations” and, Item 3.D “Risk Factors—GovernmentLaws, regulations and industry standards affecting our business are evolving, and unfavorable changes could harm our business” and “—“Item 3.D “Risk Factors—Risks Related to Operations in Israel.”
Impact of Russia-Ukraine Conflict
Following Russia’s military conflict in Ukraine, the United States and other countries launched economic sanctions and severe export control restrictions against Russia and Belarus, and the United States and other countries could launch wider sanctions and export restrictions and take other actions should the conflict further escalate. For information on the possible impact of the Russia-Ukraine Conflict, see Item 3.D “Risk Factors – Factors—Our business may be affected by sanctions, export controls and similar measures targeting Russia and other countries and territories as well as other responses to Russia’s military conflict in Ukraine, including indefinite suspension of operations in Russia and dealings with Russian entities by many multi-national businesses across a variety of industries – Risk Related to Our Business and Our Industry”.industries.”
Impact of COVID-19
For information on the impact of the COVID-19 pandemic, see Item 5.B3.D “Risk Factors – The COVID-19 pandemic has impacted and may continue to impact our business, operating results and financial condition” and Item 5.D “Trend Information—COVID-19 Update.”
Related Parties
We have entered into a number of agreements for the lease of real property and the purchase of certain products and services from certain companies, of which Yehuda Zisapel, Zohar Zisapel and/or Nava Zisapel are co-founders, directors and/or shareholders, that form part of the RAD-Bynet Group. In February 2022, we have also acquired the technology and operations of one of these RAD-Bynet Group entities, SecurityDAM. Mr. Yehuda Zisapel, the Chairman of our Board of Directors, and Mr. Roy Zisapel, our President and Chief Executive Officer and a director, hold a majority stake and a minority stake, respectively, in SecurityDAM. Mr. Roy Zisapel also serves as a director of RAD Data Communications Ltd., a company in the RAD-Bynet Group.
We believe that the terms of the transactions in which we have entered with these member entities of the RAD-Bynet Group are not different in any material respect from terms we could obtain from unaffiliated third parties and are beneficial to us and no less favorable to us than terms that might be available to us from unaffiliated third parties. The pricing of the transactions was arrived at based on negotiations between the parties. Members of our management reviewed the pricing of the agreements and confirmed that they were not different in any material respect than that which could have been obtained from unaffiliated third parties.
For more details about these transactions, see below under Item 7.B “Related Party Transactions.”
B.Liquidity and Capital Resources
General
Since our inception, we have financed our operations through a combination of issuing equity securities, including two public offerings in October 1999 and February 2000, research and development and marketing grants from the Government of Israel, and cash generated by operations.
The Company’stotal Radware Ltd. shareholders' equity as a percentage of its total assets was 52% on December 31, 2022, compared with 58% on December 31, 2021 compared withand 62% aton December 31, 2020 and 66% at December 31, 2019.2020.
Cash and cash equivalents, short- and long-term bank deposits and short- and long-term marketable securities were $432.0 million on December 31, 2022, compared with $465.8 million atand $448.8 million on December 31, 2021 compared with $448.8 million and $427.7 million at December 31, 2020, and 2019, respectively.
Principal Capital Expenditures and Divestitures
Capital expenditures were $8.8 million, $5.6 million $8.7 million and $8.2$8.7 million for the years ended December 31, 2022, 2021 2020 and 2019,2020, respectively. These expenditures were mainly comprised of investments in cloud infrastructure, enterprise resource planning (ERP) modules, leasehold improvements, machinery and equipment, computers, lab equipment and testing tools.
We expect to engage in additional capital spending to support possible growth in our operations, infrastructure and personnel. In 2022,2023, we anticipate that the majority of our capital expenditures will be primarily for additional infrastructure to support our cloud-based solutions and for R&D testing, lab equipment and additional investments in new modules for our ERP system.
We did not have any principal divestitures in the past three years.
Working Capital and Cash Flows
The following table presents the major components of net cash flows used in and provided by operating, investing and financing activities for the periods presented (dollars in thousands)thousands(:
| | 2021 | | | 2020 | | | 2019 | | | 2022 | | | 2021 | | | 2020 | |
Net cash provided by operating activities | | $ | 71,774 | | | $ | 63,865 | | | $ | 52,852 | | | $ | 32,148 | | | $ | 71,774 | | | $ | 63,865 | |
Net cash provided by (used in) investing activities | | | 7,849 | | | | (14,368 | ) | | | (50,793 | ) | | | (56,018 | ) | | | 7,849 | | | | (14,368 | ) |
Net cash used in financing activities | | | (41,881 | ) | | | (35,477 | ) | | | (6,511 | ) | | | (22,458 | ) | | | (41,881 | ) | | | (35,477 | ) |
Net cash provided by operating activities for 2022, 2021 and 2020 and 2019 was $32.1 million, $71.8 million $63.9 million and $52.9$63.9 million, respectively. Our net income (loss) in 2022, 2021 and 2020 and 2019 was $(0.2) million, $7.8 million and $9.6 million, respectively.
Net cash provided by operating activities was $32.1 million for the year ended December 31, 2022, compared to $71.8 million for the year ended December 31, 2021. The change resulted primarily from a decrease in our net income of $8.0 million, a decrease of $4.9 million in accrued interest on bank deposits, a decrease of $6.6 million in deferred revenues, a decrease of $2.2 million in inventories, a decrease of $1.9 million in operating lease liabilities, net, a decrease of $8.2 million in trade receivables, net, and $22.6a decrease in other payables of $26.3 million respectively.mainly related to $15.4 million cash paid during the first quarter of 2022 for a settlement we reached with the Israeli Tax Authority during November 2021. These decreases were partially offset by an increase of $1.5 million in depreciation and amortization, an increase of $9.8 million in share-based compensation, an increase of $4.3 million in other assets and prepaid expenses and a $1.7 million increase in trade payables.
Net cash provided by operating activities was $71.8 million for the year ended December 31, 2021, compared to $63.9 million net cash provided in operating activities for the year ended December 31, 2020. The change resulted primarily from an increase of $3.6 million in accrued interest on bank deposits, an increase of $3.2$3.3 million in deferred revenues, an increase of $2.4 million in inventories, an increase of $1.0 million in share-based compensation, an increase of $1.8 million in accrued interest on marketable securities, an increase of $1.0 million in other receivablesassets and prepaid expenses and an increase of $2.9 million in trade payables. This increase wasThese increases were partially offset by a decrease of $2.1 million in trade receivables, net, a decrease of $1.8 million in our net income, and a $4.2$3.8 million change in deferred income taxes, net.
Net cash provided by operatingused in investing activities was $63.9$56.0 million for the year ended December 31, 20202022, a change of $63.9 million compared to $52.9 million net cash provided in operatingby investing activities of $7.8 million for the year ended December 31, 2019.2021. The change resultedwas primarily from an increasedue to a net decrease of $14.5$30.6 million in deferred revenues, increase of $8.5 million in other payablesproceeds from short- and accrued expenses,long-term deposits and marketable securities, a decrease of $8.2$30.0 million in trade receivables, net, increasedue to the acquisition payment of $3.5 million in stock-based compensationSecurityDAM and $1.5 million change in deferred income taxes, net. This increase was partially offset by a decrease of $12.9$3.2 million in our net income, decrease of $4.5 million in inventories, decrease of $4.2 million in trade payables and decrease of $3.3 million in accrued interest on bank deposits. capital expenditures.
Net cash provided by investing activities was $7.8 million for the year ended December 31, 2021, an increasea change of $22.2 million compared to net cash used in investing activities of $14.4 million for the year ended December 31, 2020. The increasechange was primarily due to a net increase of $19.0 million in proceeds from short- and long-term deposits and marketable securities and an increase of $3.1 million due to lower capital expenditures.
Net cash used in investingfinancing activities was $14.4$22.5 million for the year ended December 31, 2020,2022, a decrease of $36.4$19.4 million compared to net cash used in investingfinancing activities of $50.8$41.9 million for the year ended December 31, 2019. The decrease2021. Net cash used in financing activities was dueattributed primarily to a net decreasethe repurchase of $24.8our ordinary shares. In 2022 and 2021, we repurchased ordinary shares in the amount of $59.5 million and $52.5 million, respectively. In addition, proceeds from the exercise of share options decreased by $8.6 million, and in 2022, we received $35.0 million in investmentsproceeds from the issuance of Preferred A shares in short- and long-term deposits and marketable securities, a decrease of $12.2 million in payment for the acquisition of aour subsidiary offset by an increase of $0.5 million in capital expenditures and $0.1 million investment in other long-term assets.SkyHawk Security.
Net cash used in financing activities was $41.9 million for the year ended December 31, 2021, an increase of $6.4 million compared to net cash used in financing activities of $35.4$35.5 million for the year ended December 31, 2020. Net cash used in financing activities was attributed primarily to the repurchase of our ordinary shares. In 2021 and 2020, we repurchased ordinary shares in the amount of $52.5 million and $45.3 million, respectively. In addition, proceeds from exercise of stockshare options decreased by $1.3 million and there was a decrease of $2.1 million in payment of deferred consideration related to the acquisition of ShieldSquare, which was paid in 2020.
Net cash used in financing activities was $35.4 million for the year ended December 31, 2020, an increase of $28.9 million compared to net cash used in financing activities of $6.5 million for the year ended December 31, 2019. Net cash used in financing activities was attributed primarily to the repurchase of our ordinary shares. In 2020 and 2019, we repurchased ordinary shares in the amount of $45.3 million and $24.5 million, respectively. In addition, proceeds from exercise of stock options decreased by $6.1 million in 2020 and $2.1 million payment of deferred consideration related to the acquisition of ShieldSquare.
Cash and Cash Equivalents
As of December 31, 2021,2022, we had cash and cash equivalents, including short- and long-term bank deposits and short- and long-term marketable securities, of $465.8$432.0 million, compared to $465.8 million as of December 31, 2021 and $448.8 million as of December 31, 2020 and $427.7 million as of December 31, 2019.2020. As of December 31, 2021,2022, approximately 42%39%, 6%27% and 31%34% of our short- and long-term bank deposits were deposited in Israel with major Israeli banks which are rated AAA, A and BBB+, respectively, as determined by S&P’s Maalot, and the balance of 21% was deposited in the U.S. branch of another major Israeli bank which is rated A, as determined by S&P’s Maalot. As of December 31, 2021,2022, the longest contractual duration of any of our bank deposits was 2.0 years, the weighted average duration of our deposits was 1.51.36 years, and the weighted average time to maturity was 0.80.62 years.
Our marketable securities portfolio includes investments in foreign banks and government debentures and in debt securities of corporations. The financial institutions that hold our marketable securities are major U.S. financial institutions, located in the United States. As of December 31, 2021, 38%2022, 25% of our marketable securities portfolio was invested in debt securities of financial institutions and 62%75% in debt securities of corporations. From a geographic perspective, 53%64% of our marketable securities portfolio was invested in debt securities of U.S. issuers, 7%6% was invested in debt securities of European issuers and 40%30% was invested in debt securities of other geographic-located issuers. As of December 31, 2021, 92%2022, 95% of our marketable securities portfolio was rated A- or higher and 8%5% was rated BBB or BBB+, as determined by S&P.
There are no material legal restrictions, taxes or other costs associated with transferring our funds held in U.S. financial institutions to Israeli financial institutions, and we have access to all of our cash as needed for our operations. Although we have various subsidiaries throughout the world, there are no material legal, tax or other cost impediments to our transferring cash to these subsidiaries for operations as and when needed or to such subsidiaries transferring cash to us to meet our own cash obligations. Further, we believe we generate sufficient cash from our Israeli operations to fund our operating and capital requirements and, therefore, do not need or intend to repatriate any of the earnings of our foreign subsidiaries.
Other Material Contractual Obligations
The following table summarizes our material contractual obligations as of December 31, 20212022 and the effect those commitments are expected to have on our liquidity and cash flow.
| Payments Due by Period (US $ in thousands) | Payments Due by Period (US $ in thousands) |
| | | | | | | | | | |
| 30,215 | 5,545 | 8,446 | 6,274 | 9,950 | 26,290 | 3,987 | 9,353 | 6,237 | 6,713 |
Total contractual cash obligations (3)(2) | 30,215 | 5,545 | 8,446 | 6,274 | 9,950 | 26,290 | 3,987 | 9,353 | 6,237 | 6,713 |
* Become due during 2022.2023.
(1) Consists of outstanding operating leases for the Company’s facilities. The lease agreements expire in the years 20222023 to 2030, although certain of our leases have renewal options.
(2) Payments for uncertain income tax positions of $5.3 million under Accounting Standards Codification (ASC) 740 are due upon settlement. Since we are unable to reasonably estimate the timing of settlement, such payments are not included in the table. See also Notes 2(t) and 14(a) of our consolidated financial statements.
(3) Severance payments of $4.8$4.7 million are payable only upon termination, retirement or death of the respective employee and there is no obligation for benefits accrued prior to 2007 if the employee voluntarily resigns. Since we are unable to reasonably estimate the timing of settlement, such payments are not included in the table. See also Note 2(v)2(w) of our consolidated financial statements.
Market Risk
We are exposed to market risk, including fluctuations in interest rates and foreign currency exchange rates. Additional information about market risk is set forth in Item 11 “Quantitative and Qualitative Disclosures about Market Risk” and incorporated herein by reference.Risk.”
Outlook
Our capital requirements depend on numerous factors, including market acceptance of our products and services and the resources we allocate to our operating expenses. Since our inception, we have experienced substantial increases in our expenditures consistent with growth in our operations and personnel, and we may increase our expenditures in the foreseeable future in order to execute our strategy.
We anticipate that operating activities as well as capital expenditures will demand the use of our cash resources. We believe that our cash balances will provide sufficient cash resources to finance our operations and the projected marketing and sales activities and research and development efforts and other elements of our strategy for a period of no less than the next 12 months.
C.Research and Development, Patents and Licenses, etc.
In order to accommodate the rapidly changing needs of our markets, we place considerable emphasis on research and development projects designed to improve our existing product lines, develop new product lines and customize our products to meet our customers’ needs. As of December 31, 2021,2022, we had 365419 employees and 6875 subcontractors engaged primarily in research and development activities, compared to 361365 employees and 5568 subcontractors at the end of 2020.2021. For a further discussion of research and development, see Item 5.A “Operating Results.”
For a discussion regarding the benefits provided under programs of the IIA, see Item 4.B “Business Overview—Overview—Israeli Innovation Authority.”
D.Trend Information
General
We have identified the following key trends and uncertainties that we believe will materially influence our market, financial condition and the demand for our solutions:
| • | Applications are migrating to the public cloud. The migration to public cloud exposes organizations to new threats that require consistent security across all cloud environments. Organizations also prefer to purchase security services as a subscription, to match the subscription-based consumption of hosting services. |
| • | Datacenter architecture is changing. Datacenter architecture is changing to include various models such as a physical datacenter, a virtual datacenter, a software defined datacenter, and private or public cloud. New emerging edge clouds coupled with the emerging 5G breakouts and SD-WAN will enable enterprises to leverage their IoT strategy effectively. Many organizations use a mixed infrastructure that includes a combination of one or more of the above and therefore require broader overarching protection that encompasses both the datacenter and cloud-based applications that can be built and delivered as “lift and shift” and “born-in-the cloud” modes. In addition, this mixed environment often involves multiple vendors and creates challenges in IT staffing and operational costs, which increase the needs for hybrid cloud services, managed services and modern automated data center technologies. |
| • | Application modernization requires new security tools. Application infrastructure is changing, from monolithic applications to modern applications and web siteswebsites in which deployment workflows, front-end built-tools and API-centric architectures are used. The rise of cloud-native ecosystems, increasingly adapting cloud-direct and micro-services architecture packaged as containers, is providing a built-in ’on-demand’“on-demand” elasticity and availability application infrastructure. This enables introducing and running the new generation of cloud-native applications, in a fast, adaptive and more efficient way by interacting with DevOps CICD tools and methods. As such, the AppSec blast radius is expanded and requires injection of security controls within the application lifecycle generation at early stages, to avoid slowdown in development, to sanitize, for example, usage of opensource software used by developers and might leak in malicious code (recent Log4J library). Various “shift-left” methods are used and specifically adapted for various target deployment environments. |
| • | The above-mentioned cloud-native application delivery opens the door for leakage through the open cloud interface. A new family of attack surfaces manifested by the fact that the cloud APIs are publicly published, and DevOps processes are done from the outside of the cloud “perimeter” (the insider becomes the outsider). “Cloud-native” infiltrations are enabled by the usage of cloud-IAM (identify and access) misconfigurations or account take over techniques and by various vulnerabilities of publicly exposed web and API interfaces. This creates a need for a new protection posture for compliance, permissions hardening, vulnerabilities detection as well as cloud-native detection (infiltrations and exfiltration) and response tools under new industry categories: CIEM (“Cloud(Cloud Infrastructure Entitlement Management”)Management), CSPM (“Cloud(Cloud Security Posture Management”)Management) and CWPP (“Cloud(Cloud Workload Protector Platform”)Platform) and CTDR (Cloud Threat Detection and Response). |
| • | Organizations’ attack surfaces are increasing due to a changing economy. This was caused by a combination of two forces. First, working from home due to COVID-19 required organizations to enable remote access to applications and services that were previously not exposed. This eliminated the traditional network perimeter, , and now every home computer or mobile device has become the new perimeter. Second, an increase in the online consumption of goods has accelerated organizations’ digital transformation and migration to the cloud. The result is more opportunities for attackers to leverage the increased attack surface. |
| • | Increasing complexity and intensity of security threats. The increasing complexity and intensity of the security threats landscape requirerequires expertise in identifying the attacks and state-of-the-art security to mitigate the attacks and safeguard the assets. Attack delivery is aided by the growing presence of connected devices (IoT), which increases the threat surface against any kind of infrastructure, as well as traffic encryption (dark data) assisting hiding attacks. Furthermore, attack tools are increasingly available to all through the dark net and becoming more sophisticated as hackers use automation and weaponize artificial intelligence. This leads to ever morphing and scalable attack vectors at all levels, from volumetric botnets through web and API-centric attacks, as well as new attack surfaces that utilize Kubernetes-platforms (container orchestration platform of choice). The mass amount of uncontrolled IoT devices and cloud hosting opens the door for a new generation of botnets and automated bots that are hard to classify and block. Most organizations are not able to keep up with these developments with their internal cyber security resources and seek managed security services. |
| • | Increasing expectations for applications availability and frictionless performance, due to the increasing dependence on applications in today’s business world. Businesses are sensitive to the resilience and availability of their applications, given their customers’ expectations of flawless experience and optimal performance. As such, exposed web and API based applications are the target for attackers that utilize both the server side as well as the client/browser side platforms for spreading their malicious code. New security controls utilize the power of artificial intelligence (AI) and machine learning (ML) to control the delivery of AppSec services (false positives) as well as detection of zero-day. |
| • | COVID-19 and Russia-Ukraine War. The potential effects of the COVID-19 pandemic (see below under “COVID-19 Update”). and the Russia-Ukraine war. |
We believe that our business, comprised of application security and delivery solutions, is positioned to benefiteffectively navigate the headwinds resulting from the above-mentioned industry dynamics due to the following key factors:
We have developed a broad portfolio of solutions to address the challenges and meet the requirements arising from these trends.
We continuously focus on innovation and believe that our solutions have, in many instances, a technological advantage over competing solutions.
We offer our solutions in a wide array of deployment models (on-premise solutions, managed services, cloud-based solutions, etc.), in order to support various customers’ business models. We believe this flexibility addresses the complexity and diversity of the current application and infrastructure ecosystem.
We believe that the advantages of our offerings, coupled with the above-mentioned industry dynamics and trends, place us in a good position to meet our business plans. Nevertheless, meeting our business plans and implementing our growth strategy, as more fully described under Item 4.B “Business Overview–Our Growth Strategy” above, may not convert into revenues growth in a given period, due to our shift towards subscription-based product sales, where revenues are recognized throughout the subscription period.
In addition, while we believe that the above trends willmay present significantsome opportunities for us, they also pose significant challenges, risks and uncertainties, including the following:
We operate in a highly competitive environment, and some of our competitors have larger internal resources, and a larger installed base.
While we believe that the shift towards a subscription-based business model is a strategic transition towards higher growth and profitability in the long term, we may not be successful in its execution, including an inability to maintain a high subscription renewal rate.
In addition, our customers’ purchasing decisions are related to the conditions in our industry and in the various regions and geographical markets in which we operate and are tied to the overall IT spending climate. Uncertainty about current global economic conditions continues to pose a risk as customers may postpone or reduce spending in response to such uncertainties. In particular, the recent COVID-19 pandemic and the Russia-Ukraine war may negatively affect economic conditions regionally as well as globally, disrupt operations situated in countries particularly exposed to the contagion, affect supply chains or otherwise negatively impact our business.
The other risks and uncertainties we face, as described under Item 3.D “Risk Factors.”
The COVID-19 pandemic has resulted in a widespread health crisis that has adversely affected businesses, economies and financial markets worldwide, placed constraints on the operations of businesses, and decreased consumer mobility and activity. Our business has been affected in various ways from the COVID-19 pandemic, including the following:
| • | Manufacturing and Supplies: During 2021,2022, we experienced some slowdowns in our supply chain. Such slowdowns were mainly associated with the need to deliver appliances to customers’ locations around the world. We have undertaken various measures in order to overcome these disruptions, primarily in order to mitigate the risk of failing to timely respond to our customers’ delivery requirements in the face of importation blocking in different countries. As a result, the overall impact of COVID-19 on our manufacturing and supply chain was immaterial. |
| • | Human Resources: At the outset of the COVID-19 pandemic, we shifted our operations to enable work from home and, in compliance with constantly developing regulations enacted in Israel and abroad, we continue to allow our office employees to work, partially or primarily, from their homes. |
While, taken as a whole, we do not believe COVID-19 had a significant impact on our business in 2021,2022, the impacts of the global pandemic on our business and financial outlook remain unknown. In particular, there is no guaranty that any increased investments in cyber protection solutions by our customers as described above will continue after the COVID-19 pandemic subsides and the extent to which COVID-19 will impact our business, financial condition or results of operations will depend on future developments, which are uncertain and cannot be predicted. We intend to continue to actively monitor the situation and may take further actions as may be required by applicable regulations or that we deem are necessary or desirable to address the needs of our employees, customers, partners and suppliers.
E.Critical AccountingEstimates
In many cases, the accounting treatment of a particular transaction is specifically dictated in U.S. GAAP and does not require management’s judgment in its application. There are also areas in which management’s judgment in selecting among available alternatives would produce a materially different result. Our management has reviewed these critical accounting policies and related disclosures with the Audit Committee of our Audit Committee.Board of Directors. See Note 2 to our consolidated financial statements included elsewhere in this annual report, which contains additional information regarding our accounting policies and other disclosures required by U.S. GAAP.
Our management believes that the significant accounting policies whichthat affect its more significant judgments and estimates used in the preparation of its consolidated financial statements and whichthat are the most critical to aid in fully understanding and evaluating our reported financial results include the following:
Investment in marketable securities;
Goodwill;Business combinations;
Stock-basedGoodwill and impairment of long-lived assets.
Share-based compensation; and
Revenue Recognition. We recognize revenues in accordance with the Financial Accounting Standards Board (FASB) Accounting Standards Update (ASU) No. 2014-09, “Revenue from Contracts with Customers (Topic 606)” (ASC 606). As such, we identify a contract with a customer, identify the performance obligations in the contract, determine the transaction price, allocate the transaction price to each performance obligation in the contract and recognize revenues when (or as) we satisfy a performance obligation.
Our solutions are sold primarily through distributors and resellers, all of which are considered end-users.
Our arrangements typically contain various combinations of our products and subscriptions and PCS, which are distinct and are accounted for as separate performance obligations. We allocate the transaction price to each performance obligation based on its relative standalone selling price (SSP). If the SSP is not observable, we estimate the SSP taking into account available information such as geographic specific factors, customer grouping and internally approved pricing guidelines related to the performance obligation. For PCS, we determine the standalone selling price based on observable renewals prices. For subscriptions, we determine the standalone selling price based on standalone new subscription transactions and renewals. For products, the SSP is not observable, and therefore, we estimate the product SSP taking into account available information such as geographic specific factors, customer grouping and internally approved historical pricing guidelines.
Deferred revenues include unearned amounts received under post-contract customer support and subscription agreements and are classified as short- and long-term based on their contractual term. Deferred revenue amounts which represent uncollected amounts are offset against trade receivables.
We record a provision for estimated sale returns credits and stock rotation grantedcredits to customers on our products in the same period that the related revenues are recorded in accordance with ASC 606. TheseThose estimates are based on historical sales returns stock rotations and other factors known to us. Such provisions amounted to $2.5$1.0 million and $2.7$2.5 million as of December 31, 20212022 and 2020,2021, respectively.
Deferred Contract Costs. We capitalize sales commission as costs of obtaining a contract when they are incremental and if they are expected to be recovered. Our contracts include performance obligations related to various goods and services, some of which are satisfied at a point in time and others over time. Commission costs related to performance obligations satisfied at a point in time are expensed at the time of sale, which is when revenue is recognized. Commission costs related to long-term service contracts and performance obligations satisfied over time are deferred and recognized on a systematic basis that is consistent with the transfer of the goods or services to which the asset relates. Sales commissions paid for new contracts, which are not commensurate with sales commissions paid for renewal contracts, are capitalized and amortized over an expected period of benefit. We apply judgment in estimating the amortization period, by taking into consideration our customer contract terms, history of renewals, expected length of customer relationship, as well as the useful life of the underlying technology and products. Accordingly, we determined the expected period of benefit to be approximately 3.37 years. Amortization expense is included in Sales and Marketing expenses in the accompanying consolidated statements of income. Deferred sales commission costs capitalized are periodically reviewed for impairment.
As of December 31, 2021, and 2020, the amount of deferred sales commission was approximately $23.9 million and $20.9 million, respectively, and is included in other long-term assets on the balance sheets.
As of December 31, 2021, and 2020, we recorded amortization expenses in connection with deferred sales commissions in the amount of approximately $10.1 million and $9.9 million, respectively.
Investment in Marketable Securities. We account for investments in debt marketable securities in accordance with Accounting Standards Codification, or ASC 320, “Investments – Debt and equity Securities.” Management determines the appropriate classification of our investments at the time of purchase and reevaluates such determinations at each balance sheet date.
We classified our debt securities as available-for-sale securities. Available-for-sale securities are carried at fair value, with the unrealized gains and losses reported in “accumulated other comprehensive income (loss)”loss, net of tax” in shareholders’ equity. Realized gains and losses on sales of investments are included in financial income, net and are derived using the specific identification method for determining the cost of securities.
The amortized cost of debt securities is adjusted for amortization of premiums and accretion of discounts to maturity. Such amortization together with interest on securities are included in financial income, net.
In 2020, we adopted ASU 2016-13, Topic 326 "Financial Instruments – Credit Losses: Measurement of Credit Losses on Financial Instruments"Instruments," which modified the other than temporary impairment model for available for sale debt securities. Available-for-sale securities are periodically evaluated for unrealized losses. For unrealized losses in securities that we intend to hold and will not more likely than not be required to sell before recovery, we further evaluate whether declines in fair value below amortized cost are due to credit or non-credit related factors. We consider credit relatedcredit-related impairments to be changes in value that are driven by a change in the creditor's ability to meet its payment obligations and record an allowance and recognize a corresponding loss in financial income, net when the impairment is incurred. Unrealized non-credit related losses and unrealized gains are reported as a separate component of accumulated other comprehensive income in our consolidated balance sheets until realized. The amortized cost of marketable securities is adjusted for amortization of premiums and accretion of discounts to maturity. Such amortization together with interest on securities is included in financial income, net. Credit loss impairments for the years ended December 31, 2021,2022, and 20202021 were immaterial.
ASC 350 allows an entity to first assess qualitative factors to determine whether it is necessary to perform a quantitative goodwill impairment test. If the entity elects not to use this option, or if the entity determines that it is more likely than not that the fair value of a reporting unit is less than its carrying value, then the entity prepares a quantitative analysis to determine whether the carrying value of a reporting unit exceeds its estimated fair value. If the carrying value of a reporting unit exceeds its estimated fair value, the entity recognizes an impairment of goodwill for the amount of this excess.
We recognize compensation expenses for the value of our awards based on the accelerated attribution method over the requisite service period of each of the awards, net of estimated forfeitures. Forfeitures are estimated at the time of grant and revised, if necessary, in subsequent periods if actual forfeitures differ from those estimates. Estimated forfeitures are based on actual historical pre-vesting forfeitures.
We selected the Black-Scholes-Merton option pricing model to account for the fair value of our stock-optionsshare-options awards with only service conditions and whereas the fair value of the restricted share awards is based on the market value of the underlying shares at the date of grant.