UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
WASHINGTON, D.C. 20549
FORM 10-K
☒ ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES
EXCHANGE ACT OF 1934
For the Fiscal Year Ended September 30, 2024
OR
☐ TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES
EXCHANGE ACT OF 1934
For the transition period from ____ to ____
Commission File Number: 000-28745
SideChannel, Inc.
(Exact name of registrant as specified in its charter)
| Delaware | | 86-0837077 |
State or other jurisdiction of incorporation or organization) | | I.R.S. Employer Identification No. |
146 Main Street, Suite 405, Worcester, MA 01608
(Address of principal executive offices) (Zip Code)
(508) 925-0114
(Registrant’s telephone number, including area code)
Securities registered pursuant to Section 12(b) of the Act:
| Title of each class | | Trading Symbol(s) | | Name of each exchange on which registered |
| N/A | | N/A | | N/A |
Securities registered pursuant to Section 12(g) of the Act:
Common Stock, par value $0.001
(Title of Class)
Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act.☐ Yes ☒ No
Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act.☐ Yes ☒ No
Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes☒ No ☐
Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). Yes☒ No ☐
Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company or an emerging growth company. See definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.
| Large accelerated filer | ☐ | Accelerated filer | ☐ |
| Non-accelerated filer | ☒ | Small reporting company | ☒ |
| | | Emerging growth company | ☐ |
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐
Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report. ☐
If securities are registered pursuant to Section 12(b) of the Act, indicate by check mark whether the financial statements of the registrant included in the filing reflect the correction of an error to previously issued financial statements. ☐
Indicate by check mark whether any of those error corrections are restatements that required a recovery analysis of incentive-based compensation received by any of the registrant’s executive officers during the relevant recovery period pursuant to §240.10D-1(b). ☐
Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Act). Yes ☐ No ☒
On March 28, 2024, the last business day of the registrant’s most recently completed second fiscal quarter, the aggregate market value of the common equity held by non-affiliates of the registrant was approximately $16.2 million based upon the closing price of the common stock on that date on the OTCQB Venture Market of approximately $0.07.
As of December 12, 2024, there were 225,975,331 shares of the issuer’s common stock, par value $0.001 per share, outstanding.
Documents Incorporated by Reference: Portions of the Registrant’s Definitive Proxy Statement to be filed for its 2024 Annual Meeting of Stockholders are incorporated by reference into Part II, Item 5 and Part III of this Annual Report on Form 10-K.
SIDECHANNEL, INC.
FORM 10-K ANNUAL REPORT
FOR THE FISCAL YEAR ENDED SEPTEMBER 30, 2024
TABLE OF CONTENTS
Except as otherwise required by the context, references to “SideChannel,” “SideChannel, Inc.,” the “Company,” “we,” “us” and “our” are to (i) Cipherloc Corporation, a Texas corporation, and its subsidiaries, for all periods prior to September 30, 2021, and to (ii) Cipherloc Corporation, a Delaware corporation, and its subsidiaries, for all periods after September 30, 2021, the date of the completion of the merger of the Texas corporation into the Delaware corporation, and to (iii) SideChannel, Inc., a Delaware corporation and its subsidiaries, for all periods after July 5, 2022, the date of the name change of Cipherloc Corporation’s name to SideChannel, Inc.
Forward-Looking Statements
This Annual Report on Form 10-K, including estimates, projections, statements relating to our business plans, objectives and expected operating results, and the assumptions upon which those statements are based, contains “forward-looking statements.” These forward-looking statements generally are identified by the words “believe,” “project,” “expect,” “anticipate,” “estimate,” “intend,” “strategy,” “plan,” “may,” “should,” “will,” “would,” “will be,” “will continue,” “will likely result,” and similar expressions. Forward-looking statements are based on current expectations and assumptions that are subject to risks and uncertainties which may cause actual results to differ materially from the forward-looking statements. A detailed discussion of risks and uncertainties that could cause actual results and events to differ materially from such forward-looking statements is included in the section entitled “Item 1A. Risk Factors” (“Risk Factors”) and elsewhere in this Annual Report on Form 10-K. We undertake no obligation to update or revise publicly any forward-looking statements, whether as a result of new information, future events, or otherwise.
These forward-looking statements are based on management’s current expectations. These statements are neither promises nor guarantees, but involve known and unknown risks, uncertainties, and other important factors that may cause our actual results, performance, or achievements to be materially different from any future results, performance, or achievements expressed or implied by the forward-looking statements.
Although we believe that the assumptions underlying our forward-looking statements are reasonable, any of the assumptions could be inaccurate; therefore, we cannot assure you that the forward-looking statements included in this Annual Report on Form 10-K will prove to be accurate. In light of the significant uncertainties inherent in our forward-looking statements, the inclusion of such information should not be regarded as a representation by us or any other person that our objectives and plans will be achieved. Some of these and other risks and uncertainties that could cause actual results to differ materially from such forward-looking statements are more fully described in Risk Factors and elsewhere in this Annual Report on Form 10-K, or those discussed in other documents we filed with the Securities and Exchange Commission (“SEC”). Except as may be required by applicable law, we undertake no obligation to publicly update or advise of any change in any forward-looking statement, whether as a result of new information, future events, or otherwise. In making these statements, we disclaim any obligation to address or update each factor in future filings with the SEC or communications regarding our business or results, and we do not undertake to address how any of these factors may have caused changes to discussions or information contained in previous filings or communications. In addition, any of the matters discussed above may have affected our past results and may affect future results, so that our actual results may differ materially from those expressed in this Annual Report on Form 10-K and in prior or subsequent communications.
This information should be read in conjunction with the audited financial statements and the notes thereto included in this Annual Report on Form 10-K, and “Part II. Other Information - Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations”, contained in this Annual Report on Form 10-K.
We are not aware of any misstatements regarding any third-party information presented in this Annual Report on Form 10-K; however, these estimates, in particular, as they relate to projections, involve numerous assumptions, are subject to risks and uncertainties, and are subject to change based on various factors, including those discussed under, and incorporated by reference in, Risk Factors of this Annual Report on Form 10-K. These and other factors could cause our future performance to differ materially from our assumptions and estimates. Some market and other data included herein, as well as the data of competitors as they relate to SideChannel, is also based on our good faith estimates.
PART I
ITEM 1. BUSINESS
Business Overview & Strategy
SideChannel is a cybersecurity advisory services and software company. Our mission is to simplify cybersecurity for mid-market and emerging companies, a market we believe is underserved. Our products and services offer comprehensive cybersecurity and privacy risk management solutions. We anticipate ongoing demand for cost-effective cybersecurity solutions, driven by continued remote and hybrid work environments, increased data breaches, and a heightened focus of Chief Information Officers (CIOs) on information security. To meet these needs, we aim to provide tech-enabled services, including virtual Chief Information Security Officer (vCISO) services, zero trust solutions, third-party risk management, due diligence, privacy, threat intelligence, and managed end-point security solutions.
Market Opportunity
According to the Cantor’s Cybersecurity Q3’24 Market Updater released by Cantor Technology Investment Banking on October 29, 2024 (“Cantor 2024 Q3 Update”), security spending is forecasted to reach $190 billion in calendar year (“CY”) 2024, reflecting significant growth in the cybersecurity market. Information security spending is expected to have grown 12.4% for CY 2023 on a constant currency basis from $141.4 billion in CY 2022 to $158.9 billion in CY 2023. This growth is driven by continued remote and hybrid work, increased incidences of data breaches, and a continued focus of CIOs on information security.
The Cantor 2024 Q3 Update also noted:
| | ● | The number of reported data compromises increased by 78% in 2023, affecting over 350 million victims. |
| | ● | Cybercrime adversaries are utilizing social engineering to circumvent multi-factor authentication (“MFA”), and phishing, stolen or compromised credentials, and cloud misconfiguration were the most frequent attack vectors. |
| | ● | Intrusions through cloud environments have increased by 75% year-over-year from 2022 to 2023. As a result, 51% of organizations are planning to increase security investments following a breach. |
The Cantor 2024 Q3 Update projects that by the end of 2026, the democratization of technology, digitization, and automation of work are expected to increase the total addressable market of fully remote and hybrid workers to 64% of all employees, up from 52% in 2021. This shift increases demand for remote worker technologies such as Identity and Access Management (“IAM”), Endpoint Protection Platforms (“EPP”), and Secure Web Gateways (“SWG”). Organizations are also investing in application and data security to support the rise in volume and velocity of data, with the prevalence of Internet of Things (“IoT”) expanding the attack surface.
Transformational technologies in data security, application security, network security, security operations, and risk management are gaining traction. These include data security posture management (“DSPM”), homomorphic encryption, cyber-physical system (“CPS”) security, generative AI (“GenAI”), and application security posture management (“ASPM”). AI is the top emerging technology to be deployed, with 71% of organizations planning deployment within two to three years, and 34% within the next 12 months, according to the Cantor 2024 Q3 Update.
Our Solutions
Enclave, our proprietary SaaS platform, streamlines critical cybersecurity tasks such as asset inventory and microsegmentation. Enclave integrates access control, microsegmentation, encryption, machine identity management, and secure networking concepts into a unified solution, enabling IT professionals to efficiently segment networks, assign staff, and manage traffic. This aligns with the industry’s shift towards zero trust frameworks, which have been adopted fully or partially by 63% of organizations worldwide, according to the Gartner State of Zero Trust Strategy Adoption Survey dated April 22, 2024 (“Gartner 2024 Zero Trust Report”).
Our efforts are focused on protecting and enabling the critical business functions of our clients and customers through comprehensive cybersecurity programs. This specifically includes:
| ● | Embedding vCISOs as a fractional resource into the leadership teams of our clients. The role of vCISOs is becoming increasingly pivotal, especially among small and cloud-enabled companies. The flexibility and expertise offered by vCISOs make them an attractive option for companies facing budget constraints and needing to establish a robust security posture quickly. |
| ● | Deploying Enclave to simplify the segmentation and security of digital networks, addressing the increased demand for remote worker technologies and zero trust strategies. |
| ● | Assessing, identifying, and mitigating cybersecurity and privacy risks through tech-enabled security engineering processes. We leverage AI-based security operations for post-detection actions, including alert prioritization, augmented threat detection/hunting, playbook creation, and automation of incident response processes. |
| ● | Reselling third-party cybersecurity services and software when appropriate, expanding our offerings to include a full range of cybersecurity products and services delivered through our team of security engineers and a network of third-party service providers and value-added resellers (VARs). |
Revenue Categories
We internally report our revenue using two categories:
vCISO Services: This category captures the revenue from the Chief Information Security Officer services that we provide to our clients on a “virtual” or outsourced basis. Services delivered by SideChannel through our team of vCISOs include assessing the cybersecurity risk profile, implementing policies and programs to mitigate risks, and managing the day-to-day tasks to ensure compliance with the adopted cybersecurity framework. Most of our clients use our vCISO services.
vCISO engagements typically include a fixed monthly subscription fee and contract duration typically exceeds 12 months. Hourly rates for vCISO time and material projects range from $350 to $450. Each of our vCISOs is generally embedded into the C-suite executive teams of two to four of our clients.
According to the 2023 vCISO Service Provider Survey by Hitch Partners, the adoption of vCISO services is on the rise, particularly among small and cloud-enabled companies. Key services provided by vCISOs include Governance, Risk, and Compliance (GRC), strategic planning, and mentoring security teams. Many vCISO engagements extend beyond initial expectations, indicating a sustained need for their expertise.
Cybersecurity Software and Services: This category encompasses an array of cybersecurity software and services that our clients deem necessary to protect their digital assets. These augment our vCISO offering and include a full range of other cybersecurity products and services delivered through a team of security engineers along with a network of third-party service providers and VARs. Commercial relationships with third-party service providers and VARs provide SideChannel with additional internal capabilities to mitigate cybersecurity risks. We earn licensing revenue from software contracts and commissions from third-party service provider partnerships which are included in this revenue category.
In response to evolving threats highlighted in the 2024 Data Breach Investigations Report released by Verizon, SideChannel offers solutions designed to address financial and espionage-driven breaches effectively, minimize end-user errors, and ensure rapid incident response. With the increase in data transmission and connected intelligent devices through the prevalence of IoT, the scale of security risks and the attack surface are much larger. Our offerings in data security, application security, network security, security operations, and risk management position us to meet these challenges.
Growth Strategy
Our growth strategy focuses on these three initiatives:
| ● | Securing new vCISO clients: As organizations plan to increase security investments due to breaches and the rising complexity of cyber threats, we aim to expand our client base by offering flexible, expert vCISO services that address budget constraints and the need for rapid security posture establishment. |
| ● | Adding new cybersecurity software and services offerings: We plan to enhance our portfolio by incorporating transformational technologies such as AI-based security operations, data security posture management (DSPM), polymorphic encryption, cyber-physical system (CPS) security, and application security posture management (ASPM). This aligns with industry trends and the anticipated incremental spend on application and data security due to generative AI. |
| ● | Increasing adoption of cybersecurity software, including Enclave, and services offerings at vCISO clients: By promoting Enclave and our other cybersecurity solutions to our existing vCISO clients, we aim to deepen our relationships and provide comprehensive, integrated security solutions. This supports the increased demand for zero trust strategies and remote worker technologies. |
Enclave: A SideChannel Proprietary Software Product
Incorporating insights from the Gartner 2024 Zero Trust Report, implementing a zero-trust strategy has become a priority for a majority of organizations worldwide. The survey revealed that 63% of organizations have fully or partially adopted zero-trust frameworks. For 78% of these organizations, the investment in zero trust constitutes less than 25% of their overall cybersecurity budget. This strategic approach typically covers about half of an organization’s environment, addressing approximately a quarter of overall enterprise risk.
In the Gartner 2024 Zero Trust Report, Gartner emphasized the importance of defining the scope early in the zero-trust strategy. Organizations must identify which domains are in scope and understand the extent of risk mitigation achievable through zero-trust controls. Despite broad adoption, many enterprises struggle with best practices for implementation. Gartner suggests three key practices: establishing a clear scope, communicating success through strategic and operational metrics, and anticipating increases in staffing and costs without delays.
In the context of SideChannel’s offerings, our proprietary software, Enclave, is well-positioned to address these challenges. Enclave simplifies crucial cybersecurity tasks such as asset inventory, vulnerability management, and microsegmentation. By integrating access control, microsegmentation, encryption, machine identity management, and secure networking concepts into a unified solution, Enclave provides a comprehensive solution for managing cybersecurity controls effectively. It allows IT professionals to segment enterprise networks efficiently, allocate the right personnel to those segments, and direct traffic seamlessly. This alignment with zero-trust principles ensures that organizations can enhance their security posture and achieve measurable risk reduction.
By leveraging Enclave, SideChannel not only addresses the immediate cybersecurity needs of our clients but also aligns with industry best practices as highlighted by the Gartner 2024 Zero Trust Report and market trends identified in the Cantor 2024 Q3 Update. With the rise in remote and hybrid work models, and the increased demand for remote worker technologies such as Identity and Access Management, Endpoint Protection Platform, and Secure Web Gateway, Enclave offers a solution that simplifies the segmentation and security of digital networks.
Industry Standards and Compliance
Industry-standard cybersecurity and risk management frameworks, such as the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) and Center for Internet Security Controls (CIS), prioritize inventory of assets and access control as top requirements for a sustainable and compliant cybersecurity program. CIS version 8 controls call for organizations to:
| ● | Critical Control 1: “Establish and maintain an accurate, detailed, and up-to-date inventory of all enterprise assets with the potential to store or process data.” |
| ● | Critical Control 2: “Actively manage (inventory, track, and correct) all software (operating systems and applications) on the network so that only authorized software is installed and can execute, and that unauthorized and unmanaged software is found and prevented from installation or execution.” |
| ● | Critical Control 3: “Configure data access control lists based on a user’s need to know. Apply data access control lists, also known as access permissions, to local and remote file systems, databases, and applications.” |
We built Enclave to address these extremely critical cybersecurity controls along with many others. Enclave seamlessly combines access control, microsegmentation, encryption, and other secure networking concepts to create a comprehensive solution. Through software, it allows IT professionals to easily segment the enterprise network, place the right staff in those segments, and direct traffic. Unlike open, traditional models, Enclave allows for near-limitless micro-segmented networks to operate insulated from one another.
Further information about Enclave is available on our website.
Summary
By aligning our services and solutions with the key trends and growth projections highlighted in the Cantor 2024 Q3 Update, SideChannel is well-positioned to capitalize on the expanding cybersecurity market. Our focus on providing cost-effective, tech-enabled services addresses the needs of mid-market and emerging companies facing increasing cyber threats. Through our vCISO services, proprietary Enclave platform, and a comprehensive suite of cybersecurity offerings, we aim to drive growth and deliver value to our clients in line with industry expectations.
Company History
The Company was originally incorporated in the State of Texas on June 22, 1953, as American Mortgage Company. During 1996, the Company acquired the operations of Eden Systems, Inc. (“Eden”), which became a wholly owned subsidiary of the Company. Eden was engaged in water treatment and the retailing of cleaning products. Eden’s operations were sold on October 1, 1997. On May 16, 1996, the Company changed its name to National Scientific Corporation. From September 30, 1997, through the year ended September 30, 2001, the company aimed its efforts in the research and development of semiconductor proprietary technology and processes and in raising capital to fund its operations and research. Effective August 27, 2014, the Company changed its name to Cipherloc Corporation (“Cipherloc”) after it began engaging in cybersecurity software development. The Company redomiciled and became a Delaware corporation on September 30, 2021. A reverse merger, completed on July 1, 2022, between SCS, Inc., f.k.a. SideChannel, Inc., a provider of cybersecurity services and technology to middle market companies, was acquired by Cipherloc Corporation. The combined entity changed its name to SideChannel, Inc., on July 5, 2022, and the acquiree is now named SCS, Inc. (“SCS”) and for accounting purposes, is a subsidiary of the Company.
Research and Development
Since Enclave is a proprietary software product, we classify all of our software development activities to be research and development. The success of our software product, Enclave, depends on our ability to provide our customers with reliable, innovative features and benefits that are delivered before, or at least no later than, our competitors. When the demands of product development exceed the capacity or knowledge of our in-house staff, we retain temporary third-party consultants to assist us.
Our research and development expenditures for the fiscal years ended September 30, 2024, and September 30, 2023, were $546 thousand and $669 thousand, respectively. These costs were incurred to develop Enclave.
Selling and Marketing
We use four primary sources to identify prospective clients for our services and products including Enclave.
| | ● | Digital Marketing |
| | ● | Industry Events and Conferences |
| | ● | Direct Outreach |
| | ● | Referral Partners |
We continue enhancing our digital marketing tactics and expanding our online presence. A growing list of referral partners recommend SideChannel to their clients as the primary option to identify, assess, and mitigate cybersecurity risks. Certain referral partners receive a commission upon a referral becoming a SideChannel client.
During fiscal year 2024, we began emphasizing our assessment product when it was premature for the prospective client to engage in a traditional vCISO subscription. Certain clients acquired during 2024 entered into a recurring service or product agreement following the completion of the assessment. We intend to enhance our assessment product to expand the adoption of this offering to prospective clients.
As of September 30, 2024, we had three (3) employees dedicated to selling and marketing activities. Our selling and marketing expenditures for the fiscal years ended September 30, 2024, and September 30, 2023, were $771 thousand and $1.4 million, respectively.
Competition
The cybersecurity software and services market is highly competitive, subject to rapid change, and significantly affected by new product introductions and other activities of market participants.
Some of our competitors have greater financial, technical, sales, marketing, and other resources than we do. Because of these and other factors, competitive conditions in the markets we operate in are likely to continue to intensify in the future, as participants compete for market share. Increased competition could result in price reductions for our products and services, possibly reducing our net revenue and profit margins and resulting in a loss of our market share, any of which would likely harm our business.
We believe that our future results depend largely upon our ability to serve our clients and customers with the products and services described earlier better than our competitors, and by offering new services and product enhancements, whether such product and service offerings are developed internally or through acquisition. We also believe that we must provide product and service offerings that compete favorably against those of our competitors with respect to ease of use, reliability, performance, range of useful features, reputation and price.
We anticipate that we will face increasing pricing pressures from our competitors in the future. Since there are low barriers to entry into the cybersecurity services and software markets, we believe competition in these markets will persist and intensify in the future.
Our chief services competitors include companies such as Optiv, NCC, Coalfire, PwC, EY, Deloitte, and GuidePoint. Our primary software competitors are companies such as Perimeter 81, Zscaler, Palo Alto, and Illumio.
Intellectual Property
Protective Measures
We believe that our intellectual property is an important and vital asset, which enables us to develop, market, and sell our products and services and enhance our competitive position. Our intellectual property includes our proprietary business and technical know-how, inventions, works of authorship, and confidential information. To protect our intellectual property, we rely primarily upon legal rights in trade secrets, patents, copyrights, and trademarks, in addition to our policies and procedures, security practices, contracts, and relevant operational measures.
We protect the confidentiality of our proprietary information by entering into non-disclosure agreements with our employees, contractors, and other entities with which we do business. In addition, our license agreements related to our software and proprietary information include confidentiality terms. These agreements are generally non-transferable. We also employ access controls and associated security measures to protect our facilities, equipment, and networks.
Patents, Copyrights, Trademarks, and Licenses
Our products, particularly our software and related documentation, are protected under domestic and international copyright laws and other laws related to the protection of intellectual property and proprietary rights. Currently, we have six active patents registered with the U.S. Patent and Trademark Office. We employ procedures to label copyrightable works with the appropriate proprietary rights notices, and we actively enforce our rights in the United States and abroad. However, these measures may not provide us with adequate protection from infringement, and our intellectual property rights may be challenged.
Our SideChannel Logo is registered with the U.S. Patent and Trademark Office (“USPTO”). We recently applied for registration of the Enclave Logo in the USPTO and also have common law rights in the Enclave Logo based on our prior use of the Logo in commerce. In the United States, we can maintain our trademark rights and renew trademark registrations for as long as the trademarks are in use.
Government Regulation
Export Control Regulations. We expect that all of our products will be subject to U.S. export control laws and applicable foreign government import, export and/or use requirements. The level of such control generally depends on the nature of the products in question. Often, the level of export control is impacted by the nature of the software and cybersecurity incorporated into our products. In those countries where such controls apply, the export of our products may require an export license or authorization. However, even if a transaction qualifies for a license exception or the equivalent, it may still be subject to corresponding reporting requirements. For the export of some of our products, we may be subject to various post-shipment reporting requirements. Minimal U.S. export restrictions apply to all our products, whether or not they perform cybersecurity functions. If we become a Department of Defense contractor in the future, certain registration requirements may be triggered by our sales. In addition, certain of our products and related services may be subject to the International Traffic in Arms Regulations (ITAR) if our software or services are specifically designed or modified for defense purposes. If we become engaged in manufacturing or exporting ITAR-controlled goods and services (even if we do not export such items), we will be required to register with the U.S. State Department.
To date, Export Control Regulations have had no material impact on our business.
Enhancements to our existing products may be subject to review under the Export Administration Act to determine what export classification they will receive. In addition, any new products that we release in the future will also be subject to such review before we can export them. The U.S. Congress continues to discuss the correct level of export control in possible anti-terrorism legislation. Such export regulations may be modified at any time. Modifications to these export regulations could reduce or eliminate our ability to export some or all of our products from the United States in the future, which could put us at a disadvantage in competing with companies located outside of the U.S. Modifications to U.S. export regulations could restrict us from exporting our existing and future products. Any such modifications to export regulations may put us at a competitive disadvantage with respect to selling our products internationally.
Privacy Laws. We may be subject to various international, federal and state regulations regarding the treatment and protection of personally identifying and other regulated information. Applicable laws may include U.S. federal laws and implementing regulations, such as the GLBA and HIPAA, as well as state and international laws and regulations, including the California Consumer Privacy Act (CCPA) and the European Union General Data Protection Regulation (GDPR). Some of these laws have requirements on the transmittal of data from one jurisdiction to another. In the event our systems are compromised, many of these privacy laws require that we provide notices to our customers whose personally identifiable data may have been compromised. Additionally, if we transfer data in violation of these laws, we could be subjected to substantial fines. To mitigate the risk of having such data compromised, we use cybersecurity, software and other security procedures to protect our databases.
Personnel
As of September 30, 2024, we had 20 full-time employees. We also had approximately 11 independent contractors that provide services to us. We anticipate that we will need to increase our staffing in the foreseeable future.
ITEM 1A. RISK FACTORS
Our business, financial condition and results of operations and the market price for our common stock are subject to numerous risks, many of which are driven by factors that we cannot control or predict. An investment in our common stock involves a high degree of risk. You should carefully consider the following information about these risks, together with the other information contained in this Annual Report on Form 10-K, including the information regarding “Forward-Looking Statements” earlier in this Form 10-K immediately prior to Part I, Item 1 and “Part II, Item 7, Management’s Discussion and Analysis of Financial Condition and Results of Operations,” before investing in our common stock. If any of the events anticipated by the risks described below occur, our results of operations and financial condition could be adversely affected, which could result in a decline in the market price of our common stock, causing you to lose all or part of your investment. Additional risks that we do not yet know of, or that we currently think are immaterial, may also affect our business and results of operations.
Summary of Risk Factors
The following list provides a summary of risk factors discussed in further detail below:
Risks Related to Our Business and Results of Operations
| | ● | Inflation and related geo-political events increase the risk that we are unable to achieve and maintain profitable operations. |
| | ● | We depend significantly upon the continued involvement of our present management and on our ability to attract and retain talented employees. |
| | ● | If we are unable to develop new and enhanced products and services, or if we are unable to continually improve the performance, features, and reliability of our existing products and services, our competitive position would weaken, and our business and operating results could be adversely affected. |
| | ● | Our operating results may vary significantly from period to period and have been unpredictable, which has and might continue to cause the market price of our common stock to be volatile. |
| | ● | Our future revenue and operating results will depend significantly on our ability to retain clients and customers and the ability to add new clients and customers. Any decline in our retention rates or failure to add new clients and customers will harm our business prospects and operating results. |
| | ● | We face intense competition, especially from larger, well-established companies, and we may lack sufficient financial or other resources to maintain or improve our competitive position. |
| | ● | A network or data security incident may allow unauthorized access to our or our end users’ network or data, harm our reputation, create additional liability and adversely impact our financial results. |
| | ● | Our services, products, systems, and website and the data on these sources may be subject to intentional disruption that could materially harm our reputation and future sales. |
| | ● | Our products are complex and operate in a wide variety of environments, systems and configurations, which could result in failures of our products to function as designed and negatively impact our brand recognition and reputation. |
| | ● | If our products and services do not work properly, our business, financial condition and financial results could be negatively affected, and we could experience negative publicity declining sales, and legal liability. |
| | ● | Outages or problems with systems and infrastructure supplied by third-parties could negatively affect our business, financial condition and financial results. |
| | ● | Current global financial conditions have been characterized by increased volatility, which could negatively impact our business, prospects, liquidity and financial condition. |
| | ● | If we experience delays and/or defaults in payments, we could be unable to recover all expenditures. |
| | ● | If we do not effectively manage our growth, our business resources and systems may become strained, and we may be unable to increase revenue growth. |
| | ● | Our growth depends in part on the success of our strategic relationships with third-parties. |
| | ● | Claims, litigation, government investigations, and other proceedings may adversely affect our business and results of operations. |
| | ● | The ability of our executive officers and directors to control our business may limit or eliminate other stockholders’ ability to influence corporate affairs. |
Risks Related to Our Industry
| | ● | We face intense competition. |
| | ● | Delays in product development schedules may adversely affect our revenues. |
| | ● | If we do not accurately predict, prepare for, and respond promptly to rapidly evolving technological and market developments and successfully manage product introductions and transitions to meet changing needs in the cybersecurity technology market, our competitive position, financial results, and prospects will be harmed. |
| | ● | Actual, possible, or perceived defects or vulnerabilities in our products or services, the failure of our products or services to detect or prevent a security breach, or the misuse of our products could harm our reputation and divert resources. |
Risks Related to Our Intellectual Property
| | ● | Our proprietary rights may be difficult to enforce, which could enable others to copy or use aspects of our products without compensating us. |
| | ● | Claims by others that we infringe their proprietary technology or other litigation matters could harm our business. |
| | ● | We rely on the availability of third-party licenses, and our inability to maintain those licenses could harm our business. |
| | ● | Our use of open-source software in our products could negatively affect our ability to sell our products and subject us to possible litigation. |
Risks Related to Cyberattacks
| | ● | Security of our information technology may be threatened. |
| | ● | Security of our products, services, devices, and customers’ data may be breached. |
| | ● | Development and deployment of defensive measures are ongoing. |
| | ● | Disclosure and misuse of personal data could result in liability and harm our reputation. |
| | ● | If our end users experience data losses, our brand, reputation and business could be harmed. |
Risks Related to Regulations and Our Compliance with Such Regulations
| | ● | We previously identified material weaknesses in our disclosure controls and procedures and internal control over financial reporting. If not remediated, our failure to establish and maintain effective disclosure controls and procedures and internal control over financial reporting could result in material misstatements in our financial statements and a failure to meet our reporting and financial obligations, each of which could have a material adverse effect on our financial condition and the trading price of our common stock. |
| | ● | We are subject to changing laws and regulations. |
| | ● | Our failure to comply with laws and regulations applicable to our business could subject us to fines and penalties and could also cause us to lose potential customers, clients, licensees, resellers and/or for licensees and resellers to lose potential customers in the public sector or negatively impact our ability to contract with the public sector. |
| | ● | Governmental restrictions on the sale of our products and services in non-U.S. markets could negatively affect our business, financial condition, and financial results. |
Risks Related to Our Financial Position and Need for Capital
| | ● | We have incurred net losses and may never achieve profitability. |
| | ● | Our ability to continue as a going concern may depend upon our ability to raise additional capital and such capital may not be available on acceptable terms, or at all. |
| | ● | If we can raise additional funding, we may be required to do so on terms that are dilutive to our stockholders. |
| | ● | We will continue to incur increased costs as a result of being a reporting company and, given our limited capital resources, such additional costs may have an adverse impact on our profitability. |
| | ● | We may apply working capital and future funding to uses that ultimately do not improve our operating results or increase the market price of our securities. |
Risks Related to Our Common Stock
| | ● | The market price for our common stock has been volatile, and you may not be able to sell our stock at a favorable price, or at all. |
| | ● | Substantial sales of our common stock, or the perception that such sales might occur, could depress the market price of our common stock. |
| | ● | Holders of our common stock have a risk of potential dilution if we issue additional shares of common stock in the future. |
| | ● | The anti-dilutive rights of certain warrants could result in significant dilution to our existing stockholders and/or require us to issue a substantially greater number of shares, which may adversely affect the market price of our common stock. |
| | ● | Certain warrants issued in 2021 inhibit our access to equity capital, if we should need it, which may limit our ability to grow and maintain our competitiveness. |
| | ● | The purchase agreement related to our 2021 private placement includes covenants that we must comply with, or we may suffer potential monetary and other penalties. |
| | ● | Our common shares are thinly traded, and in the future may continue to be thinly traded, and you may be unable to sell your shares at or near ask prices or at all, if you need to sell your shares to raise money or otherwise desire to liquidate such shares. |
| | ● | A significant number of our shares have been registered for resale, and their sale or potential sale may depress the market price of our common stock. |
| | ● | Future sales and issuances of our securities could result in additional dilution of the percentage ownership of our stockholders and could cause our share price to fall. |
| | ● | Our common stock is subject to restrictions on sales by broker-dealers and penny stock rules, which may be detrimental to investors. |
| | ● | Because our common stock is quoted on the OTCQB instead of a national exchange, our investors may have difficulty selling their stock or may experience negative volatility on the market price of our common stock. |
| | ● | Our charter allows us to issue “blank check” preferred stock and establish its terms, conditions, rights, powers and preferences without stockholder approval. |
| | ● | We have never paid or declared any dividends on our common stock. |
| | ● | If securities or industry analysts do not initiate research coverage on us and, if initiated, fail to publish research or reports, or publish unfavorable research or reports, about our business, our stock price and trading volume may decline. |
| | ● | The sale of shares of our common stock by our directors and officers may adversely affect the market price for our common stock. |
Risks Related to Our Business and Results of Operations
Inflation and related geo-political events increase the risk that we are unable to achieve and maintain profitable operations.
Our business may be affected by general economic, political, and market conditions, including any resulting negative impact on spending by our clients and customers. Some of our clients may view our services as a discretionary purchase and may in the future reduce their spending on our services during an economic downturn, especially in the event of a prolonged recessionary period. Concerns about inflation, rising interest rates, unemployment trends, geopolitical issues, including wars and other armed conflicts, global health epidemics and other highly communicable diseases, bank insolvency and related uncertainty and volatility in the financial services industry, or a widespread economic slowdown or recession (in the United States or internationally) have led to, and could continue to lead to, increased market volatility and economic uncertainty, which could cause current and prospective customers and clients to delay, decrease, or cancel purchases of our services, or delay or default on their payment obligations. As a result, our business, results of operations, and financial condition may be significantly affected by changes in the economy generally.
We depend significantly upon the continued involvement of our present management and on our ability to attract and retain talented employees.
Our success depends significantly upon our present management, most notable our Chief Executive Officer, Brian Haugli, and our Chief Financial Officer, Ryan Polk, who are involved in the development of our products as well as in our strategic planning and operations. All of our officers and key personnel are at-will employees. In addition, many of our key technologies and systems are custom-made for our business by our key personnel. The loss of key personnel, including key members of our management team, as well as certain of our key marketing, sales, product development, or technology personnel, could disrupt our operations and have an adverse effect on our ability to grow our business. Additionally, we will need to adapt and respond to frequently changing circumstances that may impact our workforce, such as natural disasters or pandemics, or our ability to maintain an effective workforce may be impacted.
To execute our business plan, we must attract and retain highly qualified personnel. Competition for these employees is intense, and we may not be successful in attracting and retaining qualified personnel. We have experienced, and we may continue to experience, difficulty in hiring and retaining highly skilled employees with appropriate qualifications.
If we are less successful in our recruiting efforts, or if we are unable to retain key existing employees, our ability to develop and deliver successful products and services will be adversely affected. Effective succession planning is also important to our long-term success. Our failure to ensure effective transfer of knowledge and smooth transitions involving key employees could hinder our strategic planning and execution.
If we are unable to develop new and enhanced products and services, or if we are unable to continually improve the performance, features, and reliability of our existing products and services, our competitive position would weaken, and our business and operating results could be adversely affected.
Our future success depends on our ability to effectively respond to evolving threats to consumers and potential customers, as well as competitive technological developments and industry changes, by developing or introducing new and enhanced products and services on a timely basis. In the past, Cipherloc incurred significant research and development expenses. As a result of the Business Combination, we expect to continue to incur research and development expenses as we strive to remain competitive and as we focus on organic growth through internal innovation. If we are unable to anticipate or react to competitive challenges or if existing or new competitors gain market share in any of our markets, our competitive position would weaken, and we could experience a decline in our revenues and net income, which could adversely affect our business and operating results. Additionally, we must continually address the challenges of dynamic and accelerating market trends, increasingly sophisticated cyber-attacks and intrusions and competitive developments. Customers may require features and capabilities that our current products do not have. Our failure to develop new products and improve our existing products to satisfy customer preferences and needs and effectively compete with other market offerings in a timely and cost-effective manner will harm our ability to retain our customers (if any) and the ability of our licensees or resellers to retain their customers, and to create or increase demand for our products, which may adversely impact our operating results. The development and introduction of our new or enhanced products will involve a significant commitment of time and resources and will be subject to a number of risks and challenges, including but not limited to:
| | ● | Lengthy development cycles; |
| | ● | Evolving industry and regulatory standards and technological developments by our competitors and customers (if any) and the customers of our licensees and resellers; |
| | ● | Rapidly changing customer preferences and needs; |
| | ● | Evolving platforms, operating systems, and hardware products, such as mobile devices, and related product and service interoperability challenges; |
| | ● | Entering new or unproven markets; and |
| | ● | Executing new product and service strategies. |
If we are not successful in managing these risks and challenges, or if our new or improved products and services are not technologically competitive in the market, or do not achieve market acceptance, our business and operating results would be adversely affected, our market share would decline, and our margins would contract.
Our operating results may vary significantly from period to period and have been unpredictable, which has and might continue to cause the market price of our common stock to be volatile.
Our operating results, in particular, our revenues, gross margins, operating margins, and operating expenses, have historically varied significantly from period to period, and we expect such variation to continue as a result of a number of factors, many of which are outside of our control and may be difficult to predict, including:
| | ● | our ability to attract and retain customers (if any) and/or the ability of our licensees and resellers to retain customers or sell products and services; |
| | ● | the budgeting cycles, seasonal buying patterns, and purchasing practices of potential customers and customers of our licensees and resellers; |
| | ● | price competition; |
| | ● | the timing and success of our new product and service introductions by us or our competitors or any other change in the competitive landscape of our industry, including consolidation among our competitors, licensees, resellers, clients, or customers, and strategic relationships entered into by and between our competitors; |
| | ● | changes in the mix of our services, products, and support; |
| | ● | changes in the growth rate of the cybersecurity technology market; |
| | ● | the timing and costs related to the development or acquisition of technologies or businesses or strategic partnerships; |
| | ● | lack of synergy, or the inability to realize expected synergies, resulting from any acquisitions or strategic partnerships; |
| | ● | our inability to execute, complete or integrate efficiently any acquisitions that we have or may hereafter undertake; |
| | ● | increased expenses, unforeseen liabilities, or write-downs and any impact on our operating results from any acquisitions we may consummate; |
| | ● | our ability to create sizeable and productive distribution channels for our proprietary software; |
| | ● | decisions by potential customers, or the customers of our licensees and resellers, to purchase cybersecurity solutions from larger, more established cybersecurity software and service vendors, or from their sales channel partners; |
| | ● | timing of revenue recognition from the delivery of existing and future statements of work; |
| | ● | Insolvency or credit difficulties confronting customers (if any), our licensees and resellers, or the customers of our licensees and resellers, which could adversely affect their ability to purchase or pay for our products and services and offerings; |
| | ● | the cost and potential outcomes of any litigation, which could have a material adverse effect on our business; |
| | ● | seasonality or cyclical fluctuations in our markets due to holiday schedules, industry events, or customer funding policies that may impact our ability to secure new clients or deliver services to existing clients; |
| | ● | future accounting pronouncements or changes in our accounting policies; and |
| | ● | general macroeconomic conditions including interest rates, inflation and increasing labor costs, in some or all regions in which we operate. |
Any one of the factors above, or the cumulative effect of some of the factors referred to above, may result in significant fluctuations in our operating results including our revenue and net income. This variability and unpredictability could result in our failure to meet our revenue, margin, or other operating result expectations, or those of securities analysts or investors for a particular period. If we fail to meet or exceed such expectations for these or any other reasons, the market price of our common stock could decline substantially, and we could face costly lawsuits, including securities class action suits.
Our future revenue and operating results will depend significantly on our ability to retain clients and customers and the ability to add new clients and customers. Any decline in our retention rates or failure to add new clients and customers will harm our business prospects and operating results.
We anticipate that our future revenue and operating results will depend significantly on our ability to retain clients and customers and our ability add new clients and customers. In addition, we may not be able to predict or anticipate accurately future trends in retention or effectively respond to such trends. Our retention rates may decline or fluctuate due to a variety of factors, including the following:
| | ● | our clients’ and customers’ levels of satisfaction or dissatisfaction with our products and services; |
| | ● | the quality, breadth, and prices of our products and services; |
| | ● | our general reputation and events impacting that reputation; |
| | ● | the products and services and related pricing offered by our competitors; |
| | ● | disruption by new services or changes in law or regulations that impact the need for or efficacy of our products and services; |
| | ● | our customer service activities and responsiveness to any customer issues; |
| | ● | customer dissatisfaction if they do not receive the full benefit of our services due to their failure to provide all relevant data; |
| | ● | customer dissatisfaction with the methods or sufficiency of our remediation services; and |
| | ● | changes in target customers’ planned spending levels as a result of general economic conditions or other factors such as inflation. |
If we do not retain our existing clients and customers, or add new clients and customers, we may not generate revenue and/or our revenue may grow more slowly than expected, or decline, and our operating results and gross margins will be negatively impacted. In addition, our business and operating results may be harmed if we are unable to increase our retention rates or if they decline.
We also must continually add new clients and customers, both to replace those who cancel or elect not to renew their agreements with us and to grow our business beyond our current level. If we are unable to attract new clients and customers in numbers greater than the number that cancel or elect not to renew their agreements with us, our client base will decrease, and our business, operating results, and financial condition would be adversely affected.
We face intense competition, especially from larger, well-established companies, and we may lack sufficient financial or other resources to maintain or improve our competitive position.
The market for cybersecurity technologies is intensely competitive, and we expect competition to increase in the future from established competitors and new market entrants. Our main competitors fall into three categories:
| | ● | large companies that incorporate security or encryption features in their services and products, such as Google’s Cloud Platform, Amazon’s AWS services, and Microsoft’s Azure, or those that have acquired, or may acquire, cybersecurity services, products, or technologies and have the technical and financial resources to bring competitive solutions to the market; |
| | ● | independent security vendors, such as Optiv and Coalfire, that offer cybersecurity products; and |
| | ● | small and large companies that offer cybersecurity services and technologies that compete with our services and products. |
Our current and proposed products and services face, and will continue to face, intense competition from larger and smaller companies, as well as from academic and research institutions. We compete in an industry that is characterized by: (i) rapid technological change, (ii) evolving industry standards, (iii) emerging competition, and (iv) new service and product introductions. Our competitors have existing products and technologies that will compete with our products and technologies and may develop and commercialize additional products and technologies that will compete with our products and technologies. Some of these new products and services may have functionality that ours do not have. Because many competing companies and institutions have greater financial resources than us, they may be able to: (i) provide broader services and product lines, and (ii) fully develop and deploy new products faster than we can with their larger and broader resources. Our competitors also generally have greater development capabilities than we do and have greater experience in undertaking testing of products, obtaining regulatory approvals, and manufacturing and marketing their products. They may also have greater name recognition and better access to customers, clients, licensees, and resellers than we do. Our chief services competitors include companies such as Optiv, NCC, Coalfire, PwC, EY, Deloitte, and GuidePoint. Our primary product competitors for Enclave are companies such as Perimeter 81, Zscaler, Palo Alto, and Illumio.
Many of our existing competitors have, and some of our potential competitors may have, substantial competitive advantages such as:
| | ● | greater name recognition and longer operating histories; |
| | ● | larger sales and marketing budgets and resources; |
| | ● | broader distribution and established relationships with distributors and customers (if any), or the customers of our licensees and resellers; |
| | ● | greater customer support resources; |
| | ● | greater resources to make strategic acquisitions or enter strategic partnerships; and |
| | ● | greater financial, technical, and other resources. |
In addition, some of our larger competitors have substantially broader and more diverse product and service offerings, which may make them less susceptible to downturns in a particular market and allow them to leverage their relationships based on other services and products or incorporate functionality into existing services and products to gain business in a manner that discourages users from purchasing our services, products and subscriptions, including through selling at zero or negative margins, offering concessions, product bundling, or closed technology platforms. Many of our smaller competitors that specialize in providing protection from a single type of security threat are often able to deliver these specialized cybersecurity or security products to the market more quickly than we can.
Organizations that use legacy products and services may believe that these products and services are sufficient to meet their security needs, or that our platform only serves the needs of a portion of the cybersecurity technology market. Accordingly, many organizations have invested substantial personnel and financial resources to design and operate their networks and have established deep relationships with other providers of cybersecurity services and products. As a result, these organizations may prefer to purchase from their existing suppliers rather than add or switch to a new supplier such as us, regardless of product performance, features, or greater services offerings, or may be more willing to incrementally add solutions to their cybersecurity infrastructure from existing suppliers than to replace it wholesale with our solutions.
Conditions in our market could change rapidly and significantly because of technological advancements, partnering or acquisitions by our competitors, or continuing market consolidation. New start-up companies that innovate and large competitors that are making significant investments in research and development may invent similar or superior services, products, and technologies that compete with our services and products. Some of our competitors have made or could make acquisitions of businesses that may allow them to offer more directly competitive and comprehensive solutions than they had previously offered and adapt more quickly to innovative technologies and changing needs. Our current and potential competitors may also establish cooperative relationships among themselves or with third-parties that may further enhance their resources and reduce their expenses. These competitive pressures in our market or our failure to compete effectively may result in price reductions, fewer orders, reduced revenue and gross margins, and loss of market share. Any failure to meet and address these factors could materially harm our business and operating results.
A network or data security incident may allow unauthorized access to our or our end users’ network or data, harm our reputation, create additional liability and adversely impact our financial results.
Increasingly, companies are subject to a wide variety of attacks on their networks on an ongoing basis. In addition to traditional computer “hackers” malicious code (such as viruses and worms), phishing attempts, employee theft or misuse, and denial of service attacks, sophisticated nation-state and nation-state supported actors engage in intrusions and attacks (including advanced persistent threat intrusions) and add to the risks to internal networks, cloud deployed enterprise and customer-facing environments and the information they store and process. Despite significant efforts to create security barriers to such threats, it is virtually impossible for us to entirely mitigate these risks. We, and our third-party software and service providers, may face security threats and attacks from a variety of sources. Our data, corporate systems, third-party systems and security measures and/or those of our licensees, resellers, clients, customers, software providers, independent contractors, employees, end users may be breached due to the actions of outside parties, employee error, malfeasance, a combination of these, or otherwise, and, as a result, an unauthorized party may obtain access to our or our customers’ data. Furthermore, as a provider of cybersecurity technologies, we may be a more attractive target for such attacks. A breach in our data security or an attack against our service availability, or that of our third-party service providers, could impact our networks or networks secured by our services, products and subscriptions, creating system disruptions or slowdowns and exploiting security vulnerabilities of our services, products, and the information stored on our networks or those of our third-party service providers could be accessed, publicly disclosed, altered, lost, or stolen, which could subject us to liability and cause us financial harm. Any actual or perceived breach of network security in our systems or networks, or any other actual or perceived data security incident we or our third-party service providers suffer, could result in damage to our reputation, negative publicity, loss of channel partners, licensees, resellers, clients, customers, and sales, loss of competitive advantages over our competitors, increased costs to remedy any problems and otherwise respond to any incident, regulatory investigations and enforcement actions, costly litigation, and other liability. In addition, we may incur significant costs and operational consequences of investigating, remediating, eliminating, and putting in place additional tools and devices designed to prevent actual or perceived security incidents, as well as the costs to comply with any notification obligations resulting from any security incidents. Any of these negative outcomes could adversely impact the market perception of our services, products and customer and investor confidence in our company and, moreover, could seriously harm our business or operating results.
It is essential to our business strategy that our technology and network infrastructure remain secure and are perceived by any clients and customers we have, and others, to be secure. Despite security measures, however, any network infrastructure may be vulnerable to cyber-attacks by hackers and other security threats. We may face cyber-attacks that attempt to penetrate our network security, sabotage or otherwise disable our research, products and services, misappropriate our proprietary information, or that of our licensees and resellers, or their or our customers and partners, which may include personally identifiable information, or cause interruptions of our internal systems and services. Any cyber-attacks could negatively affect our reputation, damage our network infrastructure and our ability to deploy our products and services, harm our business relationships, and expose us to financial liability.
Our services, products, systems, and website and the data on these sources may be subject to intentional disruption that could materially harm our reputation and future sales.
Despite our precautions and ongoing investments to protect against security risks, data protection breaches, cyber-attacks, and other intentional disruptions of our products and services, we expect to be an ongoing target of attacks specifically designed to impede the performance and availability of our offerings and harm our reputation as a company. Similarly, experienced computer programmers or other sophisticated individuals or entities, including malicious hackers, state-sponsored organizations, and insider threats including actions by employees and third-party service providers, may attempt to penetrate our network security or the security of our systems and websites and misappropriate proprietary information or cause interruptions of our services. This risk has increased as more individuals are working from home and utilize home networks for the transmission of sensitive information. Such attempts are increasing in number and in technical sophistication, and if successful could expose us and the affected parties to risk of loss or misuse of proprietary or confidential information or disruptions of our business operations. While we engage in a number of measures aimed to protect against security breaches and to minimize problems if a data breach were to occur, our information technology systems and infrastructure may be vulnerable to damage, compromise, disruption, and shutdown due to attacks or breaches by hackers or due to other circumstances, such as error or malfeasance by employees or third-party service providers or technology malfunction. The occurrence of any of these events, as well as a failure to promptly remedy these events should they occur, could compromise our systems, and the information stored in our systems could be accessed, publicly disclosed, lost, stolen, or damaged. Any such circumstance could adversely affect our ability to attract and maintain licensees and resellers, and/or for us or our licensees and resellers to retain customers, as well as strategic partners, cause us to suffer negative publicity, and subject us to legal claims and liabilities or regulatory penalties. In addition, unauthorized parties might alter information in our databases, which would adversely affect both the reliability of that information and our ability to market and perform our services. Techniques used to obtain unauthorized access or to sabotage systems change frequently, are constantly evolving and generally are difficult to recognize and react to effectively. We may be unable to anticipate these techniques or to implement adequate preventive or reactive measures. Several recent, highly publicized data security breaches at other companies have heightened consumer awareness of this issue and may embolden individuals or groups to target our systems or those of our licensees, resellers, or strategic partners, or our or their customers.
Our products are complex and operate in a wide variety of environments, systems and configurations, which could result in failures of our products to function as designed and negatively impact our brand recognition and reputation.
Because we offer very complex products, errors, defects, disruptions, or other performance problems with our products may and have occurred. For example, we may experience disruptions, outages, and other performance problems due to a variety of factors, including infrastructure changes, human or software errors, capacity constraints due to an overwhelming number of users accessing our websites simultaneously, fraud, or security attacks. In some instances, we may not be able to identify the cause or causes of these performance problems within an acceptable period of time. Interruptions in our products could impact our revenues or cause licensees, resellers, clients, and customers to cease doing business with us. Our operations are dependent upon our ability to protect our technology infrastructure against damage from business continuity events that could have a significant disruptive effect on our operations. We could potentially lose end user/customer data or experience material adverse interruptions to our operations or delivery of products and services to our clients in a disaster recovery scenario. Further, our business would be harmed if any of these types of events caused our licensees, resellers, or customers, or our licensees’ and resellers’ customers or potential customers, to believe that our products are unreliable. We believe that our brand recognition and reputation are critical to retaining existing licensees, resellers, clients and customers, and attracting new licensees, resellers, clients, and customers. Furthermore, negative publicity, whether or not justified, relating to events or activities attributed to us, our employees, our strategic partners, our affiliates, or others associated with any of these parties, may tarnish our reputation and reduce the value of our brands. Damage to our reputation may reduce demand for our products and have an adverse effect on our business, operating results, and financial condition. Moreover, any attempts to rebuild our reputation and restore the value of our brands after such an event may be costly and time-consuming, and such efforts may not ultimately be successful.
If our products and services do not work properly, our business, financial condition and financial results could be negatively affected, and we could experience negative publicity, declining sales, and legal liability.
We produce complex products that incorporate leading-edge technology that must operate in a wide variety of technology environments. Software may contain defects or “bugs” that can interfere with expected operations in these varying technological environments. There can be no assurance that our testing programs will be adequate to detect all defects prior to the product being introduced, which might decrease customer satisfaction with our products and services. The product reengineering cost to remedy a product defect could be material to our operating results. Our inability to cure a product defect could result in the temporary or permanent withdrawal of a product or service, negative publicity, damage to our reputation, failure to achieve market acceptance, lost revenue and increased expense, any of which could have a material adverse effect on our business, financial condition and financial results.
Outages or problems with systems and infrastructure supplied by third-parties could negatively affect our business, financial condition and financial results.
Our business relies on third-party suppliers of the telecommunications infrastructure. We, our clients and customers and our licensees and resellers, and their customers, will use various communications service suppliers and the global internet to provide network access between our data centers and our customers and end-users of our services. If those suppliers do not enable us to provide our clients and customers, or our licensees’ and resellers’ customers with reliable, real-time access to our systems (to the extent required), we may be unable to gain or retain clients, customers, licensees and resellers. These suppliers periodically experience outages or other operational problems as a result of internal system failures or external third-party actions. Supplier outages or other problems could materially adversely affect our business, financial results and financial condition.
Current global financial conditions have been characterized by increased volatility, which could negatively impact our business, prospects, liquidity and financial condition.
Current global financial conditions and recent market events have been characterized by increased volatility, and the resulting tightening of the credit and capital markets has reduced the amount of available liquidity and overall economic activity. We cannot guarantee that debt or equity financing, or the ability to generate cash from operations, will be available or sufficient to meet or satisfy our initiatives, objectives or requirements. Our inability to access sufficient amounts of capital on terms acceptable to us for our operations will negatively impact our business, prospects, liquidity and financial condition.
If we experience delays and/or defaults in payments, we could be unable to recover all expenditures.
Because of the nature of our contracts, at times we will commit resources to projects prior to receiving payments from the counterparty in amounts sufficient to cover our expenditures on projects as they are incurred. Delays in payments may require us to make a working capital investment. Defaults by any of our clients, customers, licensees, and resellers could have a significant adverse effect on our revenues, profitability and cash flow. Our clients, customers, licensees, and resellers may in the future default on their obligations to us or them due to bankruptcy, lack of liquidity, operational failure or other reasons deriving from the current general economic environment. If a client, customer, or licensee defaults on its obligations to us or our licensee, or a licensee or reseller defaults in its payments to us, it could have a material adverse effect on our business, financial condition, results of operations or cash flows.
If we do not effectively manage our growth, our business resources and systems may become strained, and we may be unable to increase revenue growth.
We plan to grow aggressively and, if successful, our future growth may provide challenges to our organization, requiring us to expand our personnel and our operations. Future growth may strain our infrastructure, operations and other managerial and operating resources. If our business resources become strained, our earnings may be adversely affected, and we may be unable to increase revenue growth. Further, we may undertake contractual commitments that exceed our labor resources, which could also adversely affect our earnings and our ability to increase revenue growth.
Our growth depends in part on the success of our strategic relationships with third-parties.
In order to grow our business, we anticipate that we will need to continue to depend on our relationships with third-parties, including our technology providers. Identifying such third-parties, and negotiating and documenting relationships with them, requires significant time and resources. Our competitors may be effective in providing incentives to third-parties to favor their products or services over utilization of our products and services. In addition, acquisitions of our business partners by our competitors could result in a decrease in the number of our current and potential clients, customers, licensees, resellers, and end users. If we are unsuccessful in establishing or maintaining our relationships with third-parties, our ability to compete in the marketplace or to grow our revenue could be impaired and our results of operations may suffer. Even if we are successful, we cannot assure you that these relationships will result in increased use of our products or increased revenue.
Claims, litigation, government investigations, and other proceedings may adversely affect our business and results of operations.
As a company offering a wide range of products and services, we are regularly subject to actual and threatened claims, litigation, reviews, investigations, and other proceedings, including proceedings relating to goods and services offered by us and by third-parties, and other matters. Any of these types of proceedings, including currently pending proceedings as discussed herein, may have an adverse effect on us because of legal costs, disruption of our operations, diversion of management resources, negative publicity, and other factors. The outcomes of these matters are inherently unpredictable and subject to significant uncertainties. Determining legal reserves and possible losses from such matters involves judgment and may not reflect the full range of uncertainties and unpredictable outcomes. Until the final resolution of such matters, we may be exposed to losses in excess of the amount recorded, and such amounts could be material. Should any of our estimates and assumptions change or prove to have been incorrect, it could have a material effect on our business, consolidated financial position, results of operations, or cash flows. In addition, it is possible that a resolution of one or more such proceedings, including as a result of a settlement, could require us to make substantial future payments, prevent us from offering certain products or services, require us to change our business practices in a manner materially adverse to our business, requiring development of non-infringing or otherwise altered products or technologies, damaging our reputation, or otherwise having a material adverse effect on our operations.
The ability of our executive officers and directors to control our business may limit or eliminate other stockholders’ ability to influence corporate affairs.
As of September 30, 2024, our executive officers and directors owned approximately 46.0% of the Company’s total issued and outstanding shares. Because of this voting control through share ownership by the executive officers and directors, these individuals, acting as a group, have significant influence over corporate actions requiring a shareholder vote, including the selection of our directors, who in turn approve all executive officers, authorizing change-in-control transactions, amendments to our Articles of Incorporation, and other significant corporate matters. The interests of our executive officers and directors may differ from the interests of other stockholders with respect to the issuance of shares, business transactions with or sales to other companies, selection of future officers and directors and other business decisions. The minority stockholders will have no way of overriding the decisions made by our executive officers and directors acting as a group.
Risks Related to Our Industry
We face intense competition.
We expect to experience intense competition across all markets for our products and services. Our competitors that are focused on narrower product lines may be more effective in devoting technical, marketing, and financial resources to compete with us. In addition, barriers to entry in our businesses generally are low, and products and services, once developed, can be distributed broadly and quickly at a relatively low cost. Open-source software vendors are devoting considerable efforts to developing software that mimics the features and functionality of our current and anticipated products. These competitive pressures may result in decreased sales volumes, price reductions, and/or increased operating costs, such as for marketing and sales incentives, resulting in lower revenue, gross margins, and operating income.
Delays in product development schedules may adversely affect our revenues.
The development of cybersecurity products and services is a complex and time-consuming process. New products and services can require long development and testing periods. Future revenues may include the sale of new products and services that may not yet be developed. Significant delays in product development, including quality assurance testing or significant problems in creating new products and services, could adversely affect our revenue recognition from new products and services. Revenue in certain reporting periods could be lower than anticipated because product development problems could cause the loss of a competitive sale transaction, a delay in invoicing a client, customer, licensee, or reseller or the renegotiation of terms to retain a sale transaction.
If we do not accurately predict, prepare for, and respond promptly to rapidly evolving technological and market developments and successfully manage product introductions and transitions to meet changing needs in the cybersecurity technology market, our competitive position, financial results, and prospects will be harmed.
The cybersecurity technologies market has grown quickly and is expected to continue to evolve rapidly. Moreover, many of our potential licensees and resellers and their customers operate in markets characterized by rapidly changing technologies and business plans, which require them to add numerous network access points and adapt increasingly complex enterprise networks, incorporating a variety of hardware, software applications, operating systems, and networking protocols. If we fail to accurately predict potential changing needs and emerging technological trends in the cybersecurity technology industry, including in the areas of mobility, virtualization, and cloud computing, our business could be harmed. If we experience unanticipated delays in the availability of new services, products, platform features, and subscriptions, or fail to meet expectations for such availability, our competitive position, financial results, and business prospects will be harmed.
Additionally, we must commit significant resources to developing new products and services before knowing whether our investments will result in services, products, subscriptions, and features that the market will accept. The success of new platform features depends on several factors, including appropriate new product definition, differentiation of new services, products, subscriptions, and platform features from those of our competitors, and market acceptance of these products, services and platform features. Moreover, successful new product introduction and transition depends on a number of factors including, our ability to manage the risks associated with new product production ramp-up issues, the availability of application software for new products, and the risk that new products may have quality or other defects or deficiencies, especially in the early stages of introduction. We cannot assure you that we will successfully identify opportunities for new products and services, develop and bring new products and subscriptions to market in a timely manner, or achieve market acceptance of our products and subscriptions, or that products, subscriptions, and technologies developed by others will not render our products, subscriptions, or technologies obsolete or noncompetitive.
Actual, possible, or perceived defects or vulnerabilities in our products or services, the failure of our products or services to detect or prevent a security breach, or the misuse of our products could harm our reputation and divert resources.
Because our products and services are complex, they may contain defects or errors that are not detected until after their commercial release and deployment. Defects or vulnerabilities may impede or block network traffic, cause our products or services to be vulnerable to electronic break-ins or cause them to fail to help secure networks. We are also susceptible to errors, defects, vulnerabilities, or attacks that may arise at, or be inserted into our products, which are out of our control. Different users deploy and use cybersecurity products in different ways, and certain deployments and usages may subject our products to adverse conditions that may negatively impact the effectiveness and useful lifetime of our products. Our networks and products, including any cloud-based technology we utilize, could be targeted by attacks specifically designed to disrupt our business and harm our reputation. Our products may not prevent all security threats. Because the techniques used by computer hackers to access or sabotage networks change frequently and generally are not recognized until launched against a target, we may be unable to anticipate these techniques. An actual, possible, or perceived security breach or infection of the network of one of the users of our products, regardless of whether the breach is attributable to the failure of our products or services to prevent the security breach, could adversely affect the market’s perception of our security products and services and, in some instances, subject us to potential liability that is not contractually limited. We may not be able to correct any security flaws or vulnerabilities promptly, or at all. Our products may also be misused by potential end users or third-parties who obtain access to our products. For example, our products could be used to censor private access to certain information on the internet. Such use of our products for censorship could result in negative press coverage and negatively affect our reputation, even if we take reasonable measures to prevent any improper shipment of our products or if our products are being used improperly or provided by an unauthorized third-party.
Any actual, possible, or perceived defects, errors or vulnerabilities in our products and services, or misuse of our products and services, could result in:
| | ● | the expenditure of significant financial and development resources in efforts to analyze, correct, eliminate or work around errors or defects or to address and eliminate vulnerabilities; |
| | ● | the loss of potential clients, customers, licensees, resellers, or distribution partners; |
| | ● | delayed or lost revenue; |
| | ● | delay or failure to attain market acceptance; |
| | ● | negative publicity and harm to our reputation; and |
| | ● | litigation, regulatory inquiries, or investigations that may be costly and harm our reputation and, in some instances, subject us to potential liability that is not contractually limited. |
Risks Related to Our Intellectual Property
Our proprietary rights may be difficult to enforce, which could enable others to copy or use aspects of our products without compensating us.
We rely primarily on patent, trademark, copyright and trade secrets laws and confidentiality procedures and contractual provisions to protect our technology. The claims eventually allowed on any patents issued in the future may not be sufficiently broad to protect our technology or products. Any issued patents may be challenged, invalidated or circumvented, and any rights granted under these patents may not actually provide adequate offensive scope, defensive protection or competitive advantages to us. Patent applications in the United States are typically not published until at least eighteen (18) months after filing, or, in some cases, not at all, and publications of discoveries in industry-related literature lag behind actual discoveries. We cannot be certain that we were the first to make the inventions claimed in our pending patent applications, or that we were the first to file for patent protection. Additionally, the process of obtaining patent protection is expensive and time-consuming, and we may not be able to prosecute all necessary or desirable patent applications at a reasonable cost or in a timely manner. In addition, recent changes to the patent laws in the United States, including but not limited to “adversary proceedings,” “first to file,” and “post-grant review” provisions, may bring into question the validity of certain software patents and may make it more difficult and costly to prosecute patent applications. As a result, we may not be able to obtain adequate patent protection or effectively enforce our issued patents.
Despite our efforts to protect our proprietary rights, unauthorized parties may attempt to copy aspects of our products or obtain and use information that we regard as proprietary. We generally enter into confidentiality or non-solicitation agreements with our employees, consultants, and vendors, as the case may be, and generally limit access to and distribution of our proprietary information. However, we cannot guarantee that the steps taken by us will prevent misappropriation of our technology. Policing unauthorized use of our technology or products is difficult. In addition, the laws of some foreign countries do not protect our proprietary rights to as great an extent as the laws of the United States, and many foreign countries do not enforce these laws as diligently as government agencies and private parties in the United States. From time to time, legal action by us may be necessary to enforce our patents and other intellectual property rights, to protect our trade secrets, to determine the validity and scope of the proprietary rights of others or to defend against claims of infringement or invalidity. Such litigation could result in substantial costs and diversion of resources and could negatively affect our business, operating results and financial condition. If we are unable to protect our proprietary rights (including aspects of our software and products protected other than by patent rights), we may find ourselves at a competitive disadvantage to others who need not incur the additional expense, time and effort required to create the innovative products that would compete with our products.
Claims by others that we infringe their proprietary technology or other litigation matters could harm our business.
Patent and other intellectual property disputes are common in the cybersecurity and technology industries. Third-parties may in the future assert claims of infringement of intellectual property rights against us. They may also assert such claims against our licensees, resellers, end users or distribution partners whom we may have to indemnify against claims that our products infringe the intellectual property rights of third-parties. As the number of products and competitors in our market increases and overlaps in service and functionality occur, infringement claims may increase. Any claim of infringement by a third-party, even those without merit, could cause us to incur substantial costs defending against the claim and could distract our management from our business. In addition, litigation may involve patent holding companies, non-practicing entities, or other adverse patent owners who have no relevant product revenue and against whom our own patents may therefore provide little or no deterrence to such plaintiffs we will counter-claim for infringement and invalidation of their patent(s).
Although third-parties may offer a license to their technology, the terms of any offered license may not be acceptable, and the failure to obtain a license or the costs associated with any license could cause our business, financial condition and results of operations to be materially and adversely affected. In addition, some licenses may be non-exclusive and, therefore, our competitors may have access to the same technology licensed to us. Alternatively, we may be required to develop non-infringing technology, which could require significant time, effort, and expense, and may ultimately not be successful. Furthermore, a successful claimant could secure a judgment, or we may agree to a settlement that prevents us from distributing certain products or performing certain services or that requires us to pay substantial damages (including treble damages if we are found to have willfully infringed such claimant’s patents), royalties or other fees. Any of these events could seriously harm our business, financial condition and results of operations.
We may be subject to lawsuits claiming patent infringement. We may also be subject to other litigation in addition to patent infringement claims, such as employment-related litigation and disputes, as well as general commercial litigation, and could become subject to other forms of litigation and disputes, including stockholder litigation. If we are unsuccessful in defending any such claims, our operating results and financial condition and results may be materially and adversely affected. For example, we may be required to pay substantial damages and could be prevented from selling certain of our products. Litigation, with or without merit, could negatively impact our business, reputation and sales in a material adverse fashion.
We rely on the availability of third-party licenses, and our inability to maintain those licenses could harm our business.
Many of our products or products under development include software or other intellectual property licensed from third-parties. It may be necessary in the future to renew licenses relating to various aspects of these products or to seek new licenses for existing or new products. Licensors may claim we owe them additional license fees for past and future use of their software and other intellectual property or that we cannot utilize such software or intellectual property in our products going forward. There can be no assurance that the necessary licenses would be available on acceptable terms, if at all.
The inability to obtain certain licenses or other rights or to obtain such licenses or rights on favorable terms or for reasonable pricing, or the need to engage in litigation regarding these matters, could result in delays in product releases until equivalent technology can be identified, licensed or developed, if at all, and integrated into our products. Further such events may result in significant license fees and have a material adverse effect on our business, operating results, and financial condition. Moreover, the inclusion in our products or software or other intellectual property licensed from third-parties on a non-exclusive basis or the inclusion in our products of opensource software may limit our ability to differentiate our products from those of our competitors. Not differentiating our products from those of our competitors may adversely affect our results of operations, including reducing our revenue and net income.
We also rely on technologies licensed from third-parties in order to operate functions of our business. If any of these third-parties allege that we have not properly paid for such licenses or that we have improperly used the technologies under such licenses, we may need to pay additional fees or obtain new licenses, and such licenses may not be available on terms acceptable to us or at all or may be costly. In any such case, or if we were required to redesign our internal operations to function with new technologies, our business, results of operations and financial condition could be harmed.
Our use of open-source software in our products could negatively affect our ability to sell our products and subject us to possible litigation.
A portion of the technologies we use incorporates open source software, and we may incorporate open source software in the future. Open source software is generally licensed by its authors or other third parties under open source licenses. These licenses may subject us to certain unfavorable conditions, including requirements that we offer our platform that incorporates the open source software for no cost, that we make publicly available source code for modifications or derivative works we create based upon incorporating or using the open source software, or that we license such modifications or derivative works under the terms of the particular open source license. Additionally, if a third-party software provider has incorporated open source software into software that we license from such provider, we could be required to disclose any of our source code that incorporates or is a modification of our licensed software. If an author or other third party that distributes open source software that we use or license were to allege that we had not complied with the conditions of the applicable license, we could be required to incur significant legal expenses defending against those allegations and could be subject to significant damages, enjoined from offering or selling our solutions that contained the open source software, and required to comply with the foregoing conditions. Any of the foregoing could disrupt and harm our business, results of operations, and financial condition. We have established processes to help alleviate these risks, including a review process for screening requests from our development organizations for the use of open-source software, but we cannot be sure that our processes for controlling our use of open-source software in our products will be effective.
Risks Related to Cyberattacks
Security of our information technology may be threatened.
Threats to IT security can take a variety of forms. Individual and groups of hackers and sophisticated organizations, including state-sponsored organizations or nation-states, continuously undertake attacks that pose threats to our customers and our IT. These actors may use a wide variety of methods, which may include developing and deploying malicious software or exploiting vulnerabilities or intentionally designed processes in hardware, software, or other infrastructure in order to attack our products and services or gain access to our networks and datacenters, using social engineering techniques to induce our employees, users, partners, or customers to disclose passwords or other sensitive information or take other actions to gain access to our data or our users’ or customers’ data, or acting in a coordinated manner to launch distributed denial of service or other coordinated attacks. Nation-state and state-sponsored actors can deploy significant resources to plan and carry out attacks. Nation-state attacks against us, our customers, or our partners may intensify during periods of intense diplomatic or armed conflict, such as the ongoing conflict in Ukraine. Inadequate account security or organizational security practices may also result in unauthorized access to confidential data. For example, system administrators may fail to timely remove employee account access when no longer appropriate. Employees or third-parties may intentionally compromise our or our users’ security or systems or reveal confidential information. Malicious actors may employ the IT supply chain to introduce malware through software updates or compromised supplier accounts or hardware.
Cyberthreats are constantly evolving and becoming increasingly sophisticated and complex, increasing the difficulty of detecting and successfully defending against them. We may have no current capability to detect certain vulnerabilities or new attack methods, which may allow them to persist in the environment over long periods of time. Cyberthreats can have cascading impacts that unfold with increasing speed across our internal networks and systems and those of our partners and customers. Breaches of our facilities, network, or data security could disrupt the security of our systems and business applications, impair our ability to provide services to our customers and protect the privacy of their data, result in product development delays, compromise confidential or technical business information harming our reputation or competitive position, result in theft or misuse of our intellectual property or other assets, subject us to ransomware attacks, require us to allocate more resources to improve technologies or remediate the impacts of attacks, or otherwise adversely affect our business. We are also subject to supply chain cyberattacks where malware can be introduced to a software provider’s customers, including us, through software updates.
In addition, our internal IT environment continues to evolve. Often, we are early adopters of new devices and technologies. We embrace new ways of sharing data and communicating internally and with partners and customers using methods such as social networking and other consumer-oriented technologies. Increasing use of generative AI models in our internal systems may create new attack methods for adversaries. Our business policies and internal security controls may not keep pace with these changes as new threats emerge, or emerging cybersecurity regulations in jurisdictions worldwide.
Security of our products, services, devices, and customers’ data may be breached.
The security of our products and services is important in our customers’ decisions to purchase or use our products or services. Security threats are a significant challenge to companies like us whose business is providing technology products and services to others. Threats to our own IT infrastructure can also affect our customers. Customers using our cloud-based services rely on the security of our infrastructure, including hardware and other elements provided by third-parties, to ensure the reliability of our services and the protection of their data. Adversaries tend to focus their efforts on the most popular operating systems, programs, and services, including many of ours, and we expect that to continue. In addition, adversaries can attack our customers’ cloud environments, sometimes exploiting previously unknown vulnerabilities, Vulnerabilities in these or any product could persist if the attackers exploited the vulnerabilities with the installation of additional malware, to further compromise customers’ systems. Customers using our products will continue to get attacked as they move through their digital transformation projects. Inadequate account security practices may also result in unauthorized access, and user activity may result in ransomware or other malicious software impacting a customer’s use of our products or services. We are increasingly incorporating open-source software into our products. There may be vulnerabilities in open-source software that may make our products susceptible to cyberattacks.
Our customers operate complex IT systems with third-party hardware and software from multiple vendors that may include systems acquired over many years. They expect our products and services to support all these systems and products, including those that no longer incorporate the strongest current security advances or standards. As a result, we may not be able to discontinue support in our services for a product, service, standard, or feature solely because a more secure alternative is available. Failure to utilize the most current security advances and standards can increase our customers’ vulnerability to attack. Further, customers of widely varied size and technical sophistication use our technology, and consequently may still have limited capabilities and resources to help them adopt and implement state of the art cybersecurity practices and technologies. In addition, we must account for this wide variation of technical sophistication when defining default settings for our products and services, including security default settings, as these settings may limit or otherwise impact other aspects of IT operations and some customers may have limited capability to review and reset these defaults.
Cyberattacks may adversely impact our customers even if our product services are not directly compromised. We are committed to notifying our customers whose systems have been impacted as we become aware and have actionable information for customers to help protect themselves. We are also committed to providing guidance and support on detection, tracking, and remediation. We may not be able to detect the existence or extent of these attacks for all of our customers or have information on how to detect or track an attack, when we may have no or limited visibility into our customers’ computing environments.
Development and deployment of defensive measures are ongoing.
To defend against security threats to our internal IT systems, our cloud-based services, and our customers’ systems, we must continuously engineer more secure products and services, enhance security, threat detection, and reliability features, improve the deployment of software updates to address security vulnerabilities in our own products as well as those provided by others, develop mitigation technologies that help to secure customers from attacks even when software updates are not deployed, maintain the digital security infrastructure that protects the integrity of our network, products, and services, and provide security tools such as firewalls, anti-virus software, and advanced security and information about the need to deploy security measures and the impact of doing so. Customers in certain industries such as financial services, health care, and government may have enhanced or specialized requirements to which we must engineer our products and services.
The cost of measures to protect products and customer-facing services could reduce our operating margins. If we fail to do these things well, actual or perceived security vulnerabilities in our products and services, data corruption issues, or reduced performance could harm our reputation and lead customers to reduce or delay future purchases of products or subscriptions to services, or to use competing products or services. Customers may also spend more on protecting their existing computer systems from attack, which could delay adoption of additional products or services. Customers, and third-parties granted access to their systems, may fail to update their systems, continue to run software or operating systems we no longer support, or may fail timely to install or enable security patches, or may otherwise fail to adopt adequate security practices. Any of these could adversely affect our reputation and revenue. Actual or perceived vulnerabilities may lead to claims against us. Our license agreements typically contain provisions that eliminate or limit our exposure to liability, but there is no assurance these provisions will withstand legal challenges. At times, to achieve commercial objectives, we may enter into agreements with larger liability exposure to customers.
Our products operate in conjunction with and are dependent on products and components across a broad ecosystem of third-parties. If there is a security vulnerability in one of these components, and if there is a security exploit targeting it, we could face increased costs, liability claims, reduced revenue, or harm to our reputation or competitive position.
Disclosure and misuse of personal data could result in liability and harm our reputation.
As we continue to grow the number, breadth, and scale of our cloud-based offerings, we store and process increasingly large amounts of personal data of our customers and users. The continued occurrence of high-profile data breaches provides evidence of an external environment increasingly hostile to information security. Despite our efforts to improve the security controls across our business groups and geographies, it is possible our security controls over personal data, our training of employees and third-parties on data security, and other practices we follow may not prevent the improper disclosure or misuse of customer or user data we or our vendors store and manage. In addition, third-parties who have limited access to our customer or user data may use this data in unauthorized ways. Improper disclosure or misuse could harm our reputation, lead to legal exposure to customers or users, or subject us to liability under laws that protect personal data, resulting in increased costs or loss of revenue. Our software products and services also enable our customers and users to store and process personal data on-premises or, increasingly, in a cloud-based environment we host. Government authorities can sometimes require us to produce customer or user data in response to valid legal orders. In the U.S. and elsewhere, we advocate for transparency concerning these requests and appropriate limitations on government authority to compel disclosure. Despite our efforts to protect customer and user data, perceptions that the collection, use, and retention of personal information is not satisfactorily protected could inhibit sales of our products or services and could limit adoption of our cloud-based solutions by consumers, businesses, and government entities. Additional security measures we may take to address customer or user concerns, or constraints on our flexibility to determine where and how to operate datacenters in response to customer or user expectations or governmental rules or actions, may cause higher operating expenses or hinder growth of our products and services.
If our end users experience data losses, our brand, reputation and business could be harmed.
A breach of our end users’ network security and systems, or other events that cause the loss or public disclosure of, or access by third-parties to, our end users’ files or data, could have serious negative consequences for our business, including reduced demand for our services, an unwillingness of our clients and customers, and our licensees and resellers or their customers to use our products or services, harm to our brand and reputation. The techniques used to obtain unauthorized access, disable or degrade service, or sabotage systems change frequently, often are not recognized until launched against a target, and may originate from less regulated or remote areas around the world. As a result, our end users may be unable to proactively prevent these techniques, implement adequate preventative or remedial measures, or enforce the laws and regulations that govern such activities. If our end users experience any data loss, data disruption, or any data corruption or inaccuracies, whether caused by security breaches or otherwise, our brand, reputation and business could be harmed.
Our insurance may not be available now or in the future on acceptable terms, or at all. In addition, our policy may not cover claims against us for loss of data or other indirect or consequential damages. Defending a suit based on any data loss or system disruption, regardless of its merit, could be costly and divert our management’s attention.
Risks Related to Regulations and Our Compliance with Such Regulations
We previously identified material weaknesses in our disclosure controls and procedures and internal control over financial reporting. If not remediated, our failure to establish and maintain effective disclosure controls and procedures and internal control over financial reporting could result in material misstatements in our financial statements and a failure to meet our reporting and financial obligations, each of which could have a material adverse effect on our financial condition and the trading price of our common stock.
Maintaining effective internal control over financial reporting and effective disclosure controls and procedures are necessary for us to produce reliable financial statements. Our disclosure controls and procedures and internal controls over financial reporting are currently ineffective and have in the past been subject to material weaknesses. A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of a company’s annual or interim financial statements will not be prevented or detected on a timely basis. A control deficiency exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis.
We cannot assure you that additional material weaknesses will not arise in the future. The development of new material weaknesses in our internal control over financial reporting, could result in material misstatements in our financial statements and cause us to fail to meet our reporting and financial obligations, which in turn could have a material adverse effect on our financial condition and the trading price of our common stock, and/or result in litigation against us or our management.
We are subject to changing laws and regulations.
U.S. government agencies continue to implement extensive requirements on our industry. These regulations have both positive and negative impacts, with much remaining uncertainty as to how various provisions will ultimately affect our customers, clients, licensees, resellers, end users, and our business. As to prospective legislation and regulation concerning collection, transmission, storage and use of personal data, we cannot determine what effect additional state or federal governmental legislation, regulations, or administrative orders would have on our business in the future. New legislation or regulation may require the reformulation of our business to meet new standards, require us to cease operations, impose stricter qualification and/or registration standards, impose additional record keeping, or require expanded consumer protection measures (such as heightened notification procedures and data subject access rights).
Our failure to comply with laws and regulations applicable to our business could subject us to fines and penalties and could also cause us to lose potential customers, clients, licensees, resellers and/or for licensees and resellers to lose potential customers in the public sector or negatively impact our ability to contract with the public sector.
Our business is subject to regulation by various federal, state, regional, local and foreign governmental agencies, including agencies responsible for monitoring and enforcing employment and labor laws, workplace safety, product safety, product labeling, environmental laws, consumer protection laws, anti-bribery laws, data privacy laws, import and export controls, federal securities laws and tax laws and regulations. In certain jurisdictions, these regulatory requirements may be more stringent than in the United States. Noncompliance with applicable regulations or requirements could subject us to investigations, sanctions, enforcement actions, disgorgement of profits, fines, damages and civil and criminal penalties or injunctions. If any governmental sanctions are imposed, or if we do not prevail in any possible civil or criminal litigation, our business, operating results and financial condition could be adversely affected. In addition, responding to any legal action will likely result in a significant diversion of our management’s attention and resources and an increase in professional fees and expenses. Enforcement actions and sanctions could harm our business, operating results and financial condition.
Additionally, we may be subject to other laws and regulations throughout the world governing data handling, protection and privacy. For example, in June of 2018, California passed the California Consumer Privacy Act, or the “CCPA,” which provides new data privacy rights for consumers and new operational requirements for companies, became effective in 2021, and in March 2022, Virginia passed a consumer data protection law, the “VCDPA,” which includes similar rights as set forth in the CCPA. Fines for noncompliance may be up to $7,500 per violation. Additionally, many other states have passed differing privacy and data protection laws in recent years. Significantly, several bills are being worked on in the Senate and the House dealing with these issues, and while it is uncertain that any of them will reach the floor of either chamber, if they do so they will likely impose substantial additional burdens on companies. The costs of compliance with, and other burdens imposed by, the CCPA, the VCDPA and other state or foreign laws, may limit the use and adoption of our products and services and would have an adverse impact on our business. These laws and regulations impose added costs on our business, and failure to comply with these or other applicable regulations and requirements, including non-compliance in the past, could lead to claims for damages from our channel partners, penalties, termination of contracts, loss of exclusive rights in our intellectual property and temporary suspension or permanent debarment from government contracting. Any such damages, penalties, disruptions, or limitations in our ability to do business with the public sector could have an adverse effect on our business and operating results.
Governmental restrictions on the sale of our products and services in non-U.S. markets could negatively affect our business, financial condition, and financial results.
Exports of software products and services using cybersecurity technology such as ours are generally restricted by the U.S. government. In addition, some countries impose restrictions on the use of cybersecurity products and services such as ours. The cost of compliance with U.S. and other export laws, or our failure to obtain governmental approvals to offer our products and services in non-U.S. markets, could affect our ability to sell our products and services and could impair our international expansion. We face a variety of other legal and compliance risks. If we or our distributors fail to comply with applicable law and regulations, we may become subject to penalties, fines or restrictions that could materially adversely affect our business, financial condition and financial results.
Risks Related to Our Financial Position and Need for Capital
We have incurred net losses and may never achieve profitability.
Our likelihood of success must be considered in light of the problems, expenses, difficulties, complications and delays frequently encountered in connection with development of a new business enterprise. Our accumulated deficit as of September 30, 2024, was $19.8 million.
We cannot assure our current stockholders or future investors that that any of our new products and services currently under development will be successfully commercialized, and the extent of our future losses and the timing of any possible profitability, if ever achieved, are highly uncertain. If we are unable to achieve profitability, we may, at any time, be unable to continue our operations.
Our ability to continue as a going concern may depend upon our ability to raise additional capital and such capital may not be available on acceptable terms, or at all.
We currently believe that our available cash will allow us to fund our operations through at least December 2025. Nevertheless, we may need to raise additional capital to fund operating losses, support future expansion, develop new or enhanced products and services, hire employees, respond to competitive pressures, acquire technologies, or respond to unanticipated events or requirements before then. Our management’s plans include attempting to improve our profitability and our ability to generate sufficient cash flow from operations to meet our operating needs on a timely basis, obtaining additional working capital funds through equity and debt financing arrangements, and restructuring on-going operations to eliminate inefficiencies and reduce our expenses. However, we are not assured that these plans and arrangements will be sufficient to fund our ongoing capital expenditures, working capital, and other requirements. The outcome of these actions cannot be predicted at this time. There can be no assurance that any additional financings will be available to us on satisfactory terms and conditions, if at all. If adequate funds are not available on acceptable terms, we may be unable to develop or enhance our products and services, take advantage of future opportunities or respond to competitive pressures or unanticipated requirements, any of which could have a material adverse effect on our business, financial condition and operating results. If we raise additional funds through the issuance of equity securities, or convertible debt, the percentage ownership of our stockholders will be reduced, and holders may experience dilution in net book value per share.
The amount of capital we may need depends on many factors, including the progress, timing, scope and market acceptance of our product development programs; the time and cost required to obtain any necessary regulatory approvals; the possibility of litigation; our ability to enter into and maintain collaborative, licensing and other commercial relationships; and our ability to secure commitment of time and resources from third-parties to the development and commercialization of our products.
The capital markets have been unpredictable for unprofitable companies such as ours. The amount of capital that we may be able to raise depends on variables that are beyond our control. As a result, we may not be able to secure financing on terms acceptable to us, or at all. Even if we are able to consummate a financing arrangement, the amount raised may not be sufficient to meet our future needs. If adequate funds are not available on acceptable terms, or at all, our business, including our results of operations, financial condition and our continued viability will be materially adversely affected.
If we can raise additional funding, we may be required to do so on terms that are dilutive to our stockholders.
Our future issuances of new equity will dilute the ownership percentage of our existing stockholders. The extent of such dilution will depend on the number of shares issued. Neither the amount of funds that may be received in such equity financing, nor the price per share of our equity securities issued are known at this time.
We will continue to incur increased costs as a result of being a reporting company and, given our limited capital resources, such additional costs may have an adverse impact on our profitability.
We are a reporting company to the Securities and Exchange Commission, or SEC. The rules and regulations under the Exchange Act require reporting companies to provide periodic reports with interactive data files, which require that we engage legal, accounting and auditing professionals, and XBRL (eXtensible Business Reporting Language) and EDGAR (Electronic Data Gathering, Analysis, and Retrieval) service providers. The engagement of such services can be costly, and we may continue to incur additional financial losses, which may adversely affect our ability to continue as a going concern. In addition, the Sarbanes Oxley Act of 2002, as well as a variety of new related and unrelated rules implemented by the SEC, have required changes in corporate governance practices and generally increased the disclosure requirements of public companies. For example, as a result of being a reporting company, we are required to file periodic and current reports and other information with the SEC, and we are adopting and revising policies regarding disclosure controls and procedures, including internal controls over financial reporting.
The additional costs we continue to incur in connection with being a reporting company (expected to be approximately seven to eight hundred thousand dollars per year) will continue to further stretch our limited capital resources. Due to our limited resources, we have to allocate resources away from other productive uses in order to continue to comply with our obligations as an SEC reporting company. Further, there is no guarantee that we will have sufficient resources to continue to meet our reporting and filing obligations with the SEC as they come due.
We may apply working capital and future funding to uses that ultimately do not improve our operating results or increase the market price of our securities.
In general, we have complete discretion over the use of our working capital and any new investment capital we may obtain in the future that has no dedicated use of proceeds. Because of the number and variety of factors that could determine our use of funds, our ultimate expenditure of funds (and their uses) may vary substantially from our current intended operating plan for such funds.
We intend to use existing working capital and future funding to support the development of our products and services, the expansion of our marketing, or the support of operations to educate the end users of the software we sell. We will also use capital for market and network expansion, acquisitions, and general working capital purposes. However, we do not have more specific plans for the use and expenditure of our capital. Our management has broad discretion to use any or all of our available capital reserves. Our capital could be applied in ways that do not improve our operating results or otherwise increase the market value of a stockholder’s shares.
Risks Related to Our Common Stock
The market price for our common stock has been volatile, and you may not be able to sell our stock at a favorable price, or at all.
You should consider an investment in our common stock to be risky, and you should invest in our common stock and securities convertible into our common stock only if you can withstand a complete loss and wide fluctuations in the market value of your investment. Some factors that may cause the market price of our common stock to fluctuate, in addition to the other risks mentioned in this “Risk Factors” section and elsewhere are:
| | ● | sale of our common stock by our stockholders, executives, and directors; |
| | ● | volatility in price and level of trading volumes of our shares of common stock; |
| | ● | our ability to obtain financings to conduct and complete research and development activities and other business activities; |
| | ● | the timing and success of introductions of new products and services by us or our competitors or any other change in the competitive dynamics of our industry, including consolidation among competitors; |
| | ● | Our ability to attract new customers, clients, licensees, and resellers; |
| | ● | changes in the development status of our products and services; |
| | ● | changes in our capital structure, future issuances of securities, and sales of large blocks of common stock by our stockholders; |
| | ● | our cash position; |
| | ● | announcements and events surrounding financing efforts, including debt and equity securities; |
| | ● | our inability to enter into new markets or develop new products and services; |
| | ● | reputational issues; |
| | ● | announcements of acquisitions, partnerships, collaborations, joint ventures, new products and services, capital commitments, or other events by us or our competitors; |
| | ● | changes in industry conditions or perceptions; |
| | ● | our ability to attract analysts to initiate research coverage and once obtained, having such analysts issue research reports, recommendations and any changes in recommendations, price targets, and withdrawals of coverage; |
| | ● | departures and additions of key personnel; |
| | ● | disputes and litigations related to intellectual properties, proprietary rights, and contractual obligations; |
| | ● | changes in applicable laws, rules, regulations, or accounting practices and other dynamics; and |
| | ● | other events or factors, many of which may be out of our control. |
In addition, if the market for stock of companies in our industry or industries related to our industry, or the stock market in general, experiences a loss of investor confidence, the trading price of our common stock could decline for reasons unrelated to our business, financial condition and results of operations. If any of the foregoing occurs, it could cause our stock price to fall and may expose us to lawsuits that, even if unsuccessful, could be costly to defend and a distraction to management.
Substantial sales of our common stock, or the perception that such sales might occur, could depress the market price of our common stock.
We cannot predict whether future issuances of our common stock, or resale of shares in the open market, will decrease the market price of our common stock. The consequence of any such issuances or resale of our common stock on our market price may be increased as a result of the fact that our common stock is thinly, or infrequently, traded. The exercise of any outstanding options, or the vesting of any restricted stock, that we may grant to directors, executive officers and other employees in the future, or the issuance of common stock in connection with acquisitions and other issuances of our common stock, may decrease the market price of our common stock.
Holders of our common stock have a risk of potential dilution if we issue additional shares of common stock in the future.
The exercise or conversion of stock options, warrants, preferred stock, or convertible securities will dilute the ownership percentage of our then existing stockholders. The dilutive effect of the exercise or conversion of these securities may adversely affect our ability to obtain additional capital. The holders of these securities may be expected to exercise or convert their securities when we are able to obtain additional equity capital on terms more favorable than these securities. On September 13, 2021, our stockholders approved an equity incentive plan authorized by our Board of Directors under which we may issue equity awards that may increase the number of outstanding shares of common stock. In the future, we may grant additional stock options, warrants, preferred stock or convertible securities.
The anti-dilutive rights of certain warrants could result in significant dilution to our existing stockholders and/or require us to issue a substantially greater number of shares, which may adversely affect the market price of our common stock.
The warrants to purchase 12,011,114 shares of our common stock issued to investors in a private placement transaction that closed on April 16, 2021, contain anti-dilution rights such that if we issue, or are deemed to have issued, common stock or common stock equivalents at a price less than the then exercise price of those warrants, the exercise price of those warrants will automatically be reduced to such lower value, and the number of shares of common stock issuable upon exercise thereafter will be adjusted proportionately, so that the aggregate exercise price payable upon exercise of such warrants is the same prior to and after such reduction in exercise price. As a result, the effect of the anti-dilution right may cause significant dilution to our other stockholders.
The warrants to purchase 8,332,439 shares of our common stock issuable upon exercise of warrants issued to the placement agent in the private placement include a weighted average anti-dilution right in the event we issue any shares of common stock or equivalents with a value less than the then exercise price. As a result, the effect of the anti-dilution right may cause significant dilution to our other stockholders. The triggering of the anti-dilution rights in the warrants issued in the private placement may result in such securities being exercisable for a reduced exercise price.
As of September 30, 2024, no anti-dilution triggers had occurred.
Certain warrants issued in 2021 inhibit our access to equity capital, if we should need it, which may limit our ability to grow and maintain our competitiveness.
The warrants we issued in the 2021 private placement described in Part II, Item 8, Financial Statements, Note 11, contain various provisions including, but not limited to, various price reset and anti-dilution provisions when new equity is issued in certain transactions including stock issued for cash at a price less than the $0.36 exercise price stated in the 2021 private placement warrants. These provisions inhibit our access to cash for the issuance of common stock which may limit our ability to compete in a very dynamic market through new investments in research and development or selling and marketing. We cannot predict the financial impact of the issuance of the warrants on our financial statements, specifically our balance sheet. We also cannot predict the financial impact of the various provisions included in the warrant agreements.
The purchase agreement related to our 2021 private placement includes covenants that we must comply with, or we may suffer potential monetary and other penalties.
The securities purchase agreement we entered into in connection with the recent private placement contains certain customary covenants. If we do not comply with these covenants, we will be in breach of our obligations under the securities purchase agreement, which may lead to exercise by the investors of the remedies available to them under the securities purchase agreement, which may cause a material impact upon our financial condition.
Our common shares are thinly traded, and in the future may continue to be thinly traded, and you may be unable to sell your shares at or near ask prices or at all, if you need to sell your shares to raise money or otherwise desire to liquidate such shares.
We cannot predict the extent to which an active public market for our common stock will develop or be sustained due to a number of factors, including the fact that we are a small company that is relatively unknown to stock analysts, stock brokers, institutional investors and others in the investment community that generate or influence sales volume, and that even if we came to the attention of such persons, they tend to be risk-averse and would be reluctant to follow an unproven company such as ours or purchase or recommend the purchase of our shares until such time as we become more seasoned and viable. As a consequence, there may be periods of several days or more when trading activity in our shares is minimal or non-existent, as compared to a seasoned issuer that has a large and steady volume of trading activity that will generally support continuous sales without an adverse effect on its share price. We cannot give you any assurance that a broader or more active public trading market for our common stock will develop or be sustained, or that even current trading levels will be sustained. You may be unable to sell your common stock at or above your purchase price, if at all, which may result in substantial losses to you. As a consequence of this lack of liquidity, the trading of relatively small quantities of shares by our stockholders may disproportionately influence the price of those shares in either direction. The price for our shares could, for example, decline precipitously in the event that a large number of our common shares are sold on the market without commensurate demand, as compared to a seasoned issuer that could better absorb those sales without adverse impact on its share price. As a consequence of this enhanced risk, more risk-averse investors may, under the fear of losing all or most of their investment in the event of negative news or lack of progress, be more inclined to sell their shares on the market more quickly and at greater discounts than would be the case with the stock of a seasoned issuer.
A significant number of our shares have been registered for resale, and their sale or potential sale may depress the market price of our common stock.
As of September 30, 2024, we had 225,975,331 shares of common stock outstanding and total warrants issued for 43,157,956 shares of common stock. If all 43,157,956 warrants are exercised in full for cash, then they would represent 16.0% of the total shares outstanding after including the exercised warrants. Sales of a significant number of shares of our common stock in the public market, or the potential or expectation of such sales, could harm the market price of our common stock. If a large volume of our common stock was sold, it would increase the supply of our common stock, which could cause a decrease in its price.
Future sales and issuances of our securities could result in additional dilution of the percentage ownership of our stockholders and could cause our share price to fall.
We expect that we will need significant additional capital in the future to continue our planned operations, including research and development, increased marketing, hiring new personnel, commercializing our products, and continuing activities as an operating public company. To the extent that we raise additional capital by issuing equity securities, our existing stockholders may experience substantial dilution. We may sell common stock, convertible securities or other equity securities in one or more transactions, at prices and in a manner that we determine from time to time, in our discretion. If we sell common stock, convertible securities or other equity securities in more than one transaction, investors may be materially diluted by subsequent sales. Such sales may also result in material dilution to our existing stockholders, and new investors could gain rights superior to our existing stockholders.
Our common stock is subject to restrictions on sales by broker-dealers and penny stock rules, which may be detrimental to investors.
Our common stock is subject to Rules 15g-1 through 15g-9 under the Securities Exchange Act of 1934, as amended (the “Exchange Act”), which impose certain sales practice requirements on broker-dealers who sell our common stock to persons other than established customers and “accredited investors” (as defined in Rule 501(a) of the Securities Act of 1933, as amended (the “Securities Act”)). For transactions covered by this rule, a broker-dealer must make a special suitability determination for the purchaser and receive the purchaser’s written consent to the transaction prior to the sale. This rule adversely affects the ability of broker-dealers to sell our common stock and holders of our common stock to sell their shares of our common stock.
Additionally, our common stock is subject to SEC regulations applicable to “penny stocks.” Penny stocks include any non-Nasdaq equity security that has a market price of less than $5.00 per share, subject to certain exceptions. The regulations require that, prior to any non-exempt buy/sell transaction in a penny stock, a disclosure schedule proscribed by the SEC relating to the penny stock market must be delivered by a broker-dealer to the purchaser of such penny stock. This disclosure must include the amount of commissions payable and the current price quotations for our common stock. The regulations also require that monthly statements be sent to holders of a penny stock that disclose recent price information for the penny stock and information regarding the limited market for penny stocks. These requirements adversely affect the market liquidity of our common stock.
Because our common stock is quoted on the OTCQB instead of a national exchange, our investors may have difficulty selling their stock or may experience negative volatility on the market price of our common stock.
Our common stock is quoted on the OTCQB Market, operated by the OTC Markets Group. The OTCQB is often highly illiquid, in part because it does not have a national quotation system by which potential investors can follow the market price of shares, except through information received and generated by a limited number of broker-dealers that make markets in particular stocks. There is a greater chance of volatility for securities that trade on the OTCQB, as compared to a national exchange or quotation system. This volatility may be caused by a variety of factors, including the lack of readily available price quotations, the absence of consistent administrative supervision of bid and ask quotations, lower trading volume, and market conditions. Investors in our common stock may experience high fluctuations in the market price and volume of the trading market for our securities. These fluctuations, when they occur, have a negative effect on the market price for our securities. Accordingly, our stockholders may not be able to realize a fair price for their shares when they determine to sell them or may have to hold them for a substantial period of time until the liquidity of the market for our common stock improves.
Our charter allows us to issue “blank check” preferred stock and establish its terms, conditions, rights, powers and preferences without stockholder approval.
Pursuant to our certificate of incorporation, our Board of Directors has the authority to issue up to 10 million shares of “blank check” preferred stock and to determine the price, rights, preferences, privileges, and restrictions, including voting rights, of those shares without any additional vote or action by our stockholders. Because our Board of Directors is able to designate the terms, conditions, rights, powers, and preferences of the preferred stock without the vote of a majority of our stockholders, our stockholders will have no control over what designations and preferences our preferred stock will have. The issuance of shares of preferred stock, or the rights associated therewith, could cause substantial dilution to our existing stockholders. Additionally, the dilutive effect of any preferred stock that we may issue may be exacerbated given the fact that such preferred stock may have voting rights, liquidation and/or other rights or preferences that could provide the preferred stockholders with substantial voting control over us and/or give those holders the power to prevent or cause a change in our control. As a result, the issuance of shares of preferred stock may cause the value of our common stock to decrease.
We have never paid or declared any dividends on our common stock.
We do not anticipate paying, in the near future, dividends or distributions on our common stock. Any future dividends on our common stock will be declared at the discretion of our Board of Directors and will depend on, among other things, our earnings, our financial requirements for future operations and growth, and other facts as we may then deem appropriate. Since we do not anticipate paying cash dividends on our common stock, return on your investment, if any, will depend solely on an increase, if any, in the market value of our common stock.
If securities or industry analysts do not initiate research coverage on us and, if initiated, fail to publish research or reports, or publish unfavorable research or reports, about our business, our stock price and trading volume may decline.
The trading market for our common stock will rely in part on the research and reports that industry or financial analysts publish about us, our business, our markets, and our competitors. We do not currently have any securities or industry analysts that have initiated research coverage on our business. If and when any securities or industry analysts initiate research coverage on our business, we will not control these analysts. If securities analysts do not cover our common stock, the lack of research or other coverage may adversely affect the market price and decrease the trading volume of our common stock. Furthermore, if one or more of the analysts who do cover us downgrade our stock, or if those analysts issue other unfavorable commentary about us or our business, our stock price would likely decline. If one or more of these analysts cease coverage of us or fails to regularly publish reports on us, we could lose visibility in the market, and interest in our stock could decrease, which in turn could cause our stock price or trading volume to decline and may also impair our ability to expand our business and attract new clients and customers to purchase our cybersecurity products and services.
The sale of shares of our common stock by our directors and officers may adversely affect the market price for our common stock.
Sales of significant amounts of shares of common stock by our officers and directors, or the prospect of such sales, could adversely affect the market price of our common stock. Our management’s stock ownership may discourage a potential acquirer from making a tender offer or otherwise attempting to obtain control of us, which in turn could reduce our stock price or prevent our stockholders from realizing a premium over our stock’s market price.
ITEM 1B. UNRESOLVED STAFF COMMENTS
None.
ITEM 1C. CYBERSECURITY
Risk management and strategy
SideChannel, Inc. recognizes the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data.
Managing Material Risks & Integrated Overall Risk Management
SideChannel, Inc. has strategically integrated cybersecurity risk management into our broader risk management framework to promote a company-wide culture of cybersecurity risk management. This integration ensures that cybersecurity considerations are an integral part of our decision-making processes at every level. Our risk management team works closely with our IT department to continuously evaluate and address cybersecurity risks in alignment with our business objectives and operational needs.
Engage Third-parties on Risk Management
Recognizing the complexity and evolving nature of cybersecurity threats, SideChannel, Inc. has relationships with a range of external experts, including cybersecurity assessors, consultants, and auditors in evaluating and testing our risk management systems. These partnerships enable us to leverage specialized knowledge and insights as needed, to ensure our cybersecurity strategies and processes remain at the forefront of industry best practices. Our collaboration with these third-parties may include audits, threat assessments, and consultation on security enhancements.
Oversee Third-party Risk
Because we are aware of the risks associated with third-party service providers, SideChannel, Inc. implements stringent processes to oversee and manage these risks. We conduct thorough security assessments of all third-party providers before engagement and maintain ongoing monitoring to ensure compliance with our cybersecurity standards. The monitoring includes quarterly assessments by our Chief Information Security Officer (“CISO”) and on an ongoing basis by our security engineers. This approach is designed to mitigate risks related to data breaches or other security incidents originating from third-parties.
Risks from Cybersecurity Threats
We have not encountered cybersecurity challenges that have materially impaired our operations or financial standing.
Governance
The Board of Directors is acutely aware of the critical nature of managing risks associated with cybersecurity threats. The Board has established robust oversight mechanisms to ensure effective governance in managing risks associated with cybersecurity threats because we recognize the significance of these threats to our operational integrity and stakeholder confidence.
Board of Directors Oversight
The Audit Committee is central to the Board’s oversight of cybersecurity risks and bears the primary responsibility for this domain. The Audit Committee is composed of board members with diverse expertise including, risk management, technology, and finance, equipping them to oversee cybersecurity risks effectively.
Management’s Role Managing Risk
The Chief Information Security Officer (“CISO”) and the Chief Executive Officer (“CEO”) play a pivotal role in informing the Audit Committee on cybersecurity risks. They provide comprehensive briefings to the Audit Committee on a regular basis, with a minimum frequency of once per year. These briefings encompass a broad range of topics, including:
| | ● | Current cybersecurity landscape and emerging threats; |
| | ● | Status of ongoing cybersecurity initiatives and strategies; |
| | ● | Incident reports and learnings from any cybersecurity events; and |
| | ● | Compliance with regulatory requirements and industry standards. |
In addition to our scheduled meetings, the Audit Committee, CISO and CEO maintain an ongoing dialogue regarding emerging or potential cybersecurity risks. Together, they receive updates on any significant developments in the cybersecurity domain, ensuring the Board’s oversight is proactive and responsive. The Audit Committee actively participates in strategic decisions related to cybersecurity, offering guidance and approval for major initiatives. This involvement ensures that cybersecurity considerations are integrated into the broader strategic objectives of SideChannel, Inc. The Audit Committee conducts an annual review of the company’s cybersecurity posture and the effectiveness of its risk management strategies. This review helps in identifying areas for improvement and ensuring the alignment of cybersecurity efforts with the overall risk management framework.
Risk Management Personnel
Primary responsibility for assessing, monitoring and managing our cybersecurity risks rests with the CISO, Mr. Bill Roberts. With over 25 years of experience in the field of cybersecurity, Mr. Roberts brings a wealth of expertise to his role. His background includes extensive experience as an enterprise CISO and is well-recognized within the industry. His in-depth knowledge and experience are instrumental in developing and executing our cybersecurity strategies. Our CISO oversees our governance programs, tests our compliance with standards, remediates known risks, and leads our employee training program.
Monitor Cybersecurity Incidents
The CISO is continually informed about the latest developments in cybersecurity, including potential threats and innovative risk management techniques. This ongoing knowledge acquisition is crucial for the effective prevention, detection, mitigation, and remediation of cybersecurity incidents. The CISO implements and oversees processes for the regular monitoring of our information systems. This includes the deployment of advanced security measures and regular system audits to identify potential vulnerabilities. In the event of a cybersecurity incident, the CISO is equipped with a well-defined incident response plan. This plan includes immediate actions to mitigate the impact and long-term strategies for remediation and prevention of future incidents.
Reporting to Board of Directors
The CISO, in his capacity, regularly informs the CEO and the Chief Financial Officer (“CFO”) of all aspects related to cybersecurity risks and incidents. This ensures that the highest levels of management are kept abreast of the cybersecurity posture and potential risks facing SideChannel, Inc. Furthermore, significant cybersecurity matters, and strategic risk management decisions are escalated to the Board of Directors, ensuring that they have comprehensive oversight and can provide guidance on critical cybersecurity issues.
ITEM 2. PROPERTIES
On December 10, 2021, we entered into a lease for approximately 500 square feet of office space at 146 Main Street in Worcester, Massachusetts, with the option to renew annually for three (3) twelve (12) month periods through December 2025. The annual renewal date is January 1st. Our current lease payment is $967 per month. The lease allows for a two percent (2%) increase effective at the beginning of each renewal period. We anticipate the lease payment to be $986 per month during calendar year 2025.
ITEM 3. LEGAL PROCEEDINGS
As of the filing date of this Annual Report on Form 10-K, there are no material pending legal proceedings. From time to time, we may be involved in ordinary routine litigation incidental to our business, to which we are a party or which our property is the subject. In addition, none of our officers, directors, affiliates or 5% stockholders (or any associates thereof) is a party averse to us, or has a material interest adverse to us, in any material proceeding.
Currently Pending Litigation
In April 2021, Eric Marquez, the former Secretary/Treasurer and Chief Financial Officer of the Company, and certain other plaintiffs, filed a lawsuit against Cipherloc Corporation, our predecessor, and Michael De La Garza, Cipherloc’s former Chief Executive Officer and President, in the 20th Judicial District for Hays County, Texas (Case No. 20-0818). The lawsuit alleges causes of action for fraud against Mr. De La Garza (for misrepresentations allegedly made by Mr. De La Garza); breach of contract, for alleged breaches of Mr. Marquez’s alleged oral employment agreement, which Mr. Marquez claims required Cipherloc pay him cash and shares of stock; unjust enrichment; quantum meruit; and rescission of certain stock purchases made by certain of the plaintiffs, as well as declaratory relief and fraud. Damages sought exceeded $1 million. We reached a preliminary agreement with the plaintiffs on November 13, 2024. A formal settlement agreement was negotiated and circulated to the plaintiffs on November 25, 2024. The execution of the settlement agreement is in progress and, when complete, will trigger the formal dismissal of the lawsuit. The terms of the agreement require the Company to issue the plaintiffs a combined 356,400 shares of common stock and pay a total of $95 thousand in cash in six equal, quarterly installments of approximately $16 thousand beginning on January 1, 2025, and ending on April 1, 2026. We estimate the cost of the settlement fee paid as stock to be approximately $15 thousand using the closing price of our common stock at September 30, 2024. A total of $110 thousand of expense has been recognized in our results for the year ended September 30, 2024.
ITEM 4. MINE SAFETY DISCLOSURES
Not applicable.
PART II
ITEM 5. MARKET FOR REGISTRANT’S COMMON EQUITY, RELATED STOCKHOLDER MATTERS AND ISSUER PURCHASES OF EQUITY SECURITIES
Our common stock is traded on the over-the-counter market and is quoted on the OTCQB Venture Market run by OTC Markets Group under the symbol “SDCH.”
The OTC Markets Group is a network of security dealers who buy and sell stock. The dealers are connected by a computer network that provides information on current “bids” and “asks,” as well as volume information. The trading of securities on the OTC Markets is often sporadic and investors may have difficulty buying and selling our shares or obtaining market quotations for them, which may have a negative effect on the market price of our common stock.
The following table sets forth, for the periods indicated the high and low closing bid quotations for our common stock. These quotations represent inter-dealer quotations, without adjustment for retail markup, markdown, or commission and may not represent actual transactions.
| | | Low | | | High | |
| Fiscal 2023 | | | | | | |
| First Quarter (October 1, 2022 to December 31, 2022) | | $ | 0.09 | | | $ | 0.14 | |
| Second Quarter (January 1, 2023 to March 31, 2023) | | | 0.04 | | | | 0.12 | |
| Third Quarter (April 1, 2023 to June 30, 2023) | | | 0.04 | | | | 0.11 | |
| Fourth Quarter (July 1, 2023 to September 30, 2023) | | | 0.05 | | | | 0.10 | |
| | | | | | | | | |
| Fiscal 2024 | | | | | | | | |
| First Quarter (October 1, 2023 to December 31, 2023) | | $ | 0.01 | | | $ | 0.05 | |
| Second Quarter (January 1, 2024 to March 31, 2024) | | | 0.02 | | | | 0.06 | |
| Third Quarter (April 1, 2024 to June 30, 2024) | | | 0.03 | | | | 0.07 | |
| Fourth Quarter (July 1, 2024 to September 30, 2024) | | | 0.03 | | | | 0.05 | |
| | | | | | | | | |
| Fiscal 2025 | | | | | | | | |
| First Quarter (October 1, 2024 to December 31, 2024) (1) | | $ | 0.03 | | | $ | 0.05 | |
| (1) | Through December 6, 2024 |
As of September 30, 2024, there were 225,975,331 shares of our common stock issued and outstanding, and there were approximately 784 record holders of our common stock.
Also as of September 30, 2024, there were zero (0) shares of Series A Preferred Stock issued and outstanding.
Dividends
Our Board of Directors does not intend to declare dividends in the foreseeable future. The declaration, payment, and amount of any future dividends will be made at the discretion our Board of Directors, and will depend upon, among other things, the results of our operations, cash flows and financial condition, operating and capital requirements, and such other factors as our Board of Directors consider relevant at that time. We currently expect to use all available funds to finance the future development and expansion of our business, and we do not anticipate paying dividends on our common stock in the foreseeable future.
Transfer Agent
The Transfer Agent and Registrar for our common stock is Computershare Limited located in Canton, Massachusetts.
Recent Sales of Unregistered Securities
Except the 76 investors receiving, on a combined basis, approximately 7.3 million shares of common stock and 17.4 million new warrants in exchange for tendering 43.5 million 2021 warrants as previously announced via press release and disclosed in Form 8-K dated December 27, 2023, there have been no sales of unregistered securities during the year ended September 30, 2024.
ITEM 6. RESERVED
ITEM 7. MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS
This Management’s Discussion and Analysis of Financial Condition and Results of Operations should be read in conjunction with the accompanying consolidated financial statements and the notes thereto. In addition, please refer to the discussion of our business and markets contained in Part 1, Item 1 of this Annual Report on Form 10-K.
Overview
Our Business
Our mission is to make cybersecurity simple and accessible for mid-market and emerging companies, a market that we believe is currently underserved. We believe that our cybersecurity offerings will identify and develop cybersecurity, privacy, and risk management solutions for our customers. We anticipate that our target customers will continue to need cost-effective security solutions. We intend to provide more tech-enabled services to address the needs of our customers, including virtual Chief Information Security Officer (vCISO), zero trust, third-party risk management, due diligence, privacy, threat intelligence, and managed end-point security solutions.
Our growth strategy focuses on these three initiatives:
1. Securing new vCISO clients
2. Adding new Cybersecurity Software and Services offerings
3. Increasing adoption of Cybersecurity Software, including Enclave and Services offerings at vCISO clients
We internally report our revenue using two categories. The first, “vCISO Services,” captures the revenue the Chief Information Security Officer services that we provide to our clients on a “virtual” or outsourced basis, thus the acronym “vCISO.” Services delivered by SideChannel through our team of vCISOs include assessing the cybersecurity risk profile, implementing policies and programs to mitigate risks, and managing the day-to-day tasks to ensure compliance with the adopted cybersecurity framework. Most of our clients use our vCISO services.
vCISO engagements typically include a fixed monthly subscription fee with durations longer than twelve (12) months. Hourly rates for vCISO time and material projects range from $350 to $450. Each of our vCISOs is generally embedded into the C-suite executive teams of two (2) to four (4) of our clients.
Our second revenue category encompasses an array of Cybersecurity Software and Services that our clients deem necessary to protect their digital assets. These augment our vCISO offering and include a full range of other cybersecurity products and services delivered through a team of security engineers along with a network of third-party service providers and value-added resellers (“VARs”). Commercial relationships with third-party service providers and VARs provide SideChannel with additional internal capabilities to mitigate cybersecurity risks. We earn licensing revenue from software contracts and commissions from third-party service provider partnerships which are included in this revenue category.
During September 2022 we announced a proprietary product called Enclave which simplifies important cybersecurity tasks called “asset inventory,” and “microsegmentation.” Enclave seamlessly combines access control, microsegmentation, encryption and other secure networking concepts to create a comprehensive solution. It allows Information Technology to easily segment the enterprise network, place the right staff in those segments and direct traffic.
Revenue
The following revenue metrics are for the twelve months ended September 30, 2024, versus the same period in 2023. These summary metrics are accompanied by pie charts that reflect the revenue by category in fiscal years 2024 and 2023.
| | ● | Total revenue grew by $828 thousand or 12.6%. |
| | ● | vCISO Services category revenue grew by $223 thousand or 5.1%. |
| | ● | Cybersecurity Software and Services category revenue grew by $605 thousand or 27.6%. |
The growth in vCISO Services reflects both growth in clients served and an increase in revenue per client. Cybersecurity Software & Services revenue grew from 2023 to 2024 primarily because of an increase in the use of these services by existing Cybersecurity Software and Services clients and secondarily because of an expansion of the services and software offered.
We also monitor new and retained revenue. The revenue earned from clients during our first twelve months of working with them is classified as new; while the revenue earned with clients after our first twelve months of working with them is classified as retained. The following chart provides details on our new and retained revenue for fiscal years 2024 and 2023:
Further, we consider revenue retention a key performance indicator. Revenue retention is calculated by dividing retained revenue by the prior year total revenue. The following table shows the revenue retention for fiscal years 2024 and 2023 by revenue category.
| | | Trailing Twelve Months Ended | |
| | | September 30, 2024 | | | September 30, 2023 | |
| | | | | | | |
| vCISO Services | | | 67.7 | % | | | 60.8 | % |
| Cybersecurity Software & Services | | | 72.2 | % | | | 89.4 | % |
| Total | | | 69.2 | % | | | 71.0 | % |
Results of Operations
Fiscal Year Ended September 30, 2024, Compared to Fiscal Year Ended September 30, 2023
| | | Twelve Months Ended |
| | | September 30, |
| | | 2024 | | 2023 |
| Revenues | | $ | 7,400 | | | $ | 6,572 | |
| Cost of revenues | | | 3,868 | | | | 3,240 | |
| Gross profit | | | 3,532 | | | | 3,332 | |
| Gross margin | | | 47.7 | % | | | 50.7 | % |
| | | | | | | | | |
| Operating expenses | | | | | | | | |
| General and administrative | | | 3,155 | | | | 3,586 | |
| Selling and marketing | | | 771 | | | | 1,337 | |
| Research and development | | | 546 | | | | 669 | |
| Intangible asset impairment | | | - | | | | 4,940 | |
| Business Combination related costs | | | - | | | | 214 | |
| Total operating expenses | | | 4,472 | | | | 10,746 | |
| Operating loss | | | (940 | ) | | | (7,414 | ) |
| | | | | | | | | |
| Other income, net | | | 41 | | | | 29 | |
| Net loss before income tax expense | | | (899 | ) | | | (7,385 | ) |
| | | | | | | | | |
| Income tax expense (benefit) | | | 5 | | | | (379 | ) |
| Net loss | | $ | (904 | ) | | $ | (7,006 | ) |
Revenue. Our revenue was $7.4 million for the year ended September 30, 2024, compared to $6.6 million in the prior year, an increase of $0.8 million or 12.6%. We believe this increase reflects the factors previously discussed in the Overview section above.
Gross Margins. Gross margins decreased to 47.7% in fiscal year 2024 from 50.7% in fiscal year 2023, which we attribute to lower utilization of our service delivery team employees and an increase in revenue from third-party software and services which have a lower gross margin.
Operating Expenses. Total operating expenses during fiscal year 2024 were $4.5 million compared to fiscal year 2023 total operating expenses of $5.6 million excluding $214 thousand of prior year acquisition costs and intangible asset impairment of $4.9 million. In May 2023, we began eliminating operating expenses which, combined with our increase in gross profit, have enabled us to lower our breakeven revenue point and attain positive cash flow from operations during fiscal year 2024. The operating expense reductions were achieved by staff reductions in all areas of the business and the elimination of non-essential third-party supplier relationships.
General and Administrative Expenses. Our general and administrative expenses were $3.2 million for the year ended September 30, 2024, compared to $3.6 million for the prior year, a decrease of $0.4 million or 12.0%. The decrease in general and administrative expenses primarily resulted from decreased staff and related costs and lower professional fees and insurance related to the listed nature of the Company. These favorable variances were partially offset by an increase in stock-based compensation and costs incurred for the settlement of a litigation matter.
Selling and Marketing Expenses. Our selling and marketing expenses were $771 thousand for the year ended September 30, 2024, compared to $1,337 thousand for the prior year, a decrease of $566 thousand or 42.3% resulting from our decrease in sales and marketing staff and partially offset by increased spend on third-party marketing services.
Research and Development Expenses. Our research and development expenses were $546 thousand for the year ended September 30, 2024, compared to $669 thousand for the prior year, a decrease of $123 thousand or 18.4%. The decrease is the result of lower personnel related costs and reduction of software development expenses.
Intangible Asset Impairment. The intangible asset impairment was zero ($0) for the year ended September 30, 2024, and $4.9 million for the prior year. We recorded a finite-lived intangible asset of $4.9 million as a result of acquiring Enclave in the Business Combination. Our impairment testing indicated the full value of this finite-lived intangible asset should be impaired as of September 30, 2023. Incurring impairment neither indicated a decrease in our emphasis on Enclave as a key initiative nor did it suggest a lack of market interest in the product.
Business Combination related costs. Business Combination related costs were zero ($0) in fiscal year 2024 and $214 thousand for the year ended September 30, 2023, which are attributed to an increase in the Second Tranche shares due to the Closing Working Capital Adjustment from the Business Combination.
Other Income. Other Income was $41 thousand and $29 thousand for fiscal years 2024 and 2023 respectively, which reflect interest income from the cash on deposit at our bank.
Income Tax Expense (Benefit). We recorded income tax expense of $5 thousand in the fiscal year ended September 30, 2024, compared to an income tax benefit of $379 thousand for the year ended September 30, 2023. The fiscal year 2024 expense is attributed to accruals for state income taxes in the various jurisdictions where we have customers, employees, or property while the fiscal year 2023 benefit occurred because of a favorable difference between actual and projected tax accounting at the time of the Business Combination.
Liquidity and Capital Resources
During fiscal year 2024, we incurred a net loss of $904 thousand, and we had $307 thousand of cash provided by operations. Our primary source of liquidity and capital resources has been the $1.1 million of cash at the beginning of fiscal year 2024 supplemented with the cash provided by operations during the fiscal year. We had an accumulated deficit of $19.8 million as of September 30, 2024. Three (3) non-operational expenses related to the Business Combination totaling $16.8 million are included in our accumulated deficit. The non-operational expenses are $6.2 million for the contingent consideration and business combination related costs, $5.7 million for the impairment of goodwill recorded as a result of the Business Combination, and $4.9 million for the impairment of intangible assets.
The following table summarizes, for the periods indicated, selected items in our Statements of Cash Flows:
| (In thousands) | | 2024 | | | 2023 | |
| Net cash provided by (used in): | | | | | | | | |
| Operating activities | | $ | 307 | | | $ | (1,945 | ) |
| Investing activities | | | (265 | ) | | | (32 | ) |
| Financing activities | | | (50 | ) | | | - | |
| Total Cash Provided / (Used) | | $ | (8 | ) | | $ | (1,977 | ) |
Operating Activities. Net cash provided by operations for the year ended September 30, 2024, was $307 thousand as compared to $1.9 million used in operations for the year ended September 30, 2023. During fiscal year 2024, we recorded net, non-cash charges of $755 thousand for depreciation, amortization and stock-based compensation expense. Our net accounts receivable decreased by $102 thousand due to earlier payment of invoices by our clients and we experienced a $235 thousand increase in deferred revenue because of an increase in clients paying in advance of receiving software and services.
Investing Activities. We purchased short-term investments of $250 thousand in the form of time deposits and used $15 thousand on the purchase of fixed assets related to the upgrade of our website during the twelve months ended September 30, 2024.
Financing Activities. We paid a $50 thousand note to Akash Desai in December 2023. The note was related to a December 2021 agreement for the redemption of Mr. Desai’s interest in SideChannel LLC. The December 2023 payment completed our obligations to Mr. Desai.
As of September 30, 2024, we had $1.3 million in cash, cash equivalents, and short-term investments; and our working capital was $1.4 million. We believe that our existing cash balances are sufficient to fund our operations through at least December 31, 2025.
We expect to continue to generate cash flow from operations during fiscal year 2025; however, if this does not materialize, then our operations will be funded with our existing cash balance. We intend to manage our business such that our expenses will allow us to sustain positive cash flow from our operations, but we cannot assure this will occur. We don’t currently have any credit facilities available to us; however, we have had discussions with several lenders about establishing a line of credit secured by our accounts receivable.
Critical Accounting Estimates
The preparation of consolidated financial statements in conformity with accounting principles generally accepted in the United States of America requires us to make estimates and judgments that affect the reported amounts of assets, liabilities, revenues, expenses, and related disclosure of contingent assets and liabilities. On an on-going basis, we evaluate our estimates, including those related to long-lived assets, goodwill, identifiable intangibles and deferred income tax assets and liabilities including their related valuation allowances. We base our estimates on historical experience and on appropriate and customary assumptions that we believe to be reasonable under the circumstances, the results of which form the basis for making judgments about the carrying values of assets and liabilities that are not readily apparent from other sources. Some of these accounting estimates and assumptions are particularly sensitive because of their significance to our consolidated financial statements and because of the possibility that future events affecting them may differ markedly from what had been assumed when the financial statements were prepared.
Goodwill, Intangible and Long-Lived Assets
We account for goodwill and intangible assets in accordance with Accounting Standards Codification (“ASC”) Topic 350 (Intangibles- Goodwill and Other). Finite-lived intangible assets are amortized over their estimated useful economic life and are carried at cost less accumulated amortization. Goodwill is assessed for impairment at least annually in the fourth quarter, on a reporting unit basis, or more frequently when events and circumstances occur indicating that the recorded goodwill may be impaired. As a part of the goodwill impairment assessment, we have the option to perform a qualitative assessment to determine whether it is more-likely-than-not that the fair value of a reporting unit is less than its carrying amount. If, as a result of our qualitative assessment, we determine this is the case, we are required to perform a goodwill impairment test to identify potential goodwill impairment and measure the amount of goodwill impairment loss to be recognized. The test is discussed below. If, as a result of our qualitative assessment, we determine that it is more-likely-than-not that the fair value of the reporting unit is greater than its carrying amounts, the goodwill impairment test is not required.
The quantitative goodwill impairment test, used to identify both the existence of impairment and the amount of impairment loss, compares the fair value of a reporting unit with its carrying amount, including goodwill. If the fair value of a reporting unit exceeds its carrying amount, goodwill of the reporting unit is considered not impaired. If the carrying amount of a reporting unit exceeds its fair value, an impairment loss shall be recognized in an amount equal to that excess, limited to the total amount of goodwill allocated to that reporting unit. The goodwill impairment assessment is based upon the income approach, which estimates the fair value of our reporting units based upon a discounted cash flow approach. This fair value is then reconciled to our market capitalization at year end with an appropriate control premium. The determination of the fair value of our reporting units requires management to make significant estimates and assumptions including the selection of control premiums, discount rates, terminal growth rates, forecasts of revenue and expense growth rates, income tax rates, changes in working capital, depreciation, amortization and capital expenditures. Changes in assumptions concerning future financial results or other underlying assumptions could have a significant impact on either the fair value of the reporting unit or the amount of the goodwill impairment charge. Goodwill was $1.4 million at both September 30, 2024, and 2023. The fair value of the goodwill at September 30, 2024, as determined by our impairment analysis, was in excess of the carrying value; thus, we had no impairment of goodwill in fiscal year 2024.
We did not record indefinite-lived intangible assets in the fiscal years ended September 30, 2024, and 2023.
Long-lived assets, which consist of finite-lived intangible assets and property and equipment, are assessed for impairment whenever events or changes in business circumstances indicate that the carrying amount of the assets may not be fully recoverable or that the useful lives of these assets are no longer appropriate. Each impairment test is based on a comparison of the estimated undiscounted cash flows to the recorded value of the asset. If impairment is indicated, the asset is written down to its estimated fair value. The cash flow estimates used to determine the impairment, if any, contain management’s best estimates using appropriate assumptions and projections at that time. We have $33 thousand in property and equipment at September 30, 2024. At September 30, 2024, and 2023, finite-lived intangibles and long-lived assets were zero ($0) and zero ($0), respectively. The intangible impairment was $4.9 million for the year ended September 30, 2023. We recorded a finite-lived intangible asset of $4.9 million as a result of acquiring Enclave through the Business Combination. The difficulty of projecting the amount and timing of future revenues caused us to conclude a full impairment of the asset was appropriate. Incurring impairment in fiscal year 2023 neither indicated a decrease in our emphasis on Enclave as a key initiative nor did it suggest a lack of market interest in the product.
Off-Balance Sheet Arrangements
We did not have during the periods presented, nor do we currently have, any off-balance sheet arrangements as defined under applicable SEC rules.
ITEM 7A. QUANTITATIVE AND QUALITATIVE DISCLOSURES ABOUT MARKET RISK
The Company is not required to provide the information required by this Item as it is a “smaller reporting company,” as defined in Rule 229.10(f)(1) of Regulation S-K promulgated by the SEC.
ITEM 8. FINANCIAL STATEMENTS
SIDECHANNEL, INC.
REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM
To the Board of Directors and
Stockholders of SideChannel, Inc.
Opinion on the Financial Statements
We have audited the accompanying consolidated balance sheets of SideChannel, Inc., (the Company) as of September 30, 2024 and 2023, and the related consolidated statements of operations and comprehensive loss, stockholders’ equity, and cash flows for each of the years in the two-year period ended September 30, 2024, and the related notes (collectively referred to as the consolidated financial statements). In our opinion, the consolidated financial statements present fairly, in all material respects, the financial position of the Company as of September 30, 2024 and 2023, and the results of its operations and its cash flows for each of the years in the two-year period ended September 30, 2024, in conformity with accounting principles generally accepted in the United States of America.
Basis for Opinion
These consolidated financial statements are the responsibility of the Company’s management. Our responsibility is to express an opinion on the Company’s consolidated financial statements based on our audits. We are a public accounting firm registered with the Public Company Accounting Oversight Board (United States) (PCAOB) and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.
We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether due to error or fraud. The Company is not required to have, nor were we engaged to perform, an audit of its internal control over financial reporting. As part of our audits, we are required to obtain an understanding of internal control over financial reporting, but not for the purpose of expressing an opinion on the effectiveness of the Company’s internal control over financial reporting. Accordingly, we express no such opinion.
Our audits included performing procedures to assess the risks of material misstatement of the financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the financial statements. Our audits also included evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe that our audits provide a reasonable basis for our opinion.
Critical Audit Matters
The critical audit matters communicated below are matters arising from the current period audit of the financial statements that were communicated or required to be communicated to the audit committee and that: (1) relate to accounts or disclosures that are material to the financial statements and (2) involved our especially challenging, subjective, or complex judgments. The communication of critical audit matters does not alter in any way our opinion on the financial statements, taken as a whole, and we are not, by communicating the critical audit matters below, providing separate opinions on the critical audit matters or on the accounts or disclosures to which they relate. We determined that there are no critical audit matters.
| /s/ RBSM LLP | |
| | |
| We have served as the Company’s auditor since 2021. | |
| Las Vegas, Nevada | |
| December 12, 2024 | |
| | |
| RBSM LLP (PCAOB ID Number 587) | |
SIDECHANNEL, INC.
CONSOLIDATED BALANCE SHEETS
(In thousands, except share and per share data)
| | | September 30, 2024 | | | September 30, 2023 | |
| | | | | | | |
| ASSETS | | | | | | | | |
| Current assets | | | | | | | | |
| Cash and cash equivalents | | $ | 1,045 | | | $ | 1,053 | |
| Short-term investments | | | 250 | | | | - | |
| Accounts receivable, net | | | 732 | | | | 834 | |
| Deferred costs | | | 150 | | | | 180 | |
| Prepaid expenses and other current assets | | | 385 | | | | 381 | |
| Total current assets | | | 2,562 | | | | 2,448 | |
| | | | | | | | | |
| Fixed assets | | | 33 | | | | 30 | |
| Goodwill | | | 1,356 | | | | 1,356 | |
| Deferred costs | | | - | | | | 150 | |
| Total assets | | $ | 3,951 | | | $ | 3,984 | |
| | | | | | | | | |
| LIABILITIES & STOCKHOLDERS’ EQUITY | | | | | | | | |
| Current liabilities | | | | | | | | |
| Accounts payable and accrued liabilities | | $ | 729 | | | $ | 613 | |
| Deferred revenue | | | 515 | | | | 280 | |
| Promissory note payable | | | - | | | | 50 | |
| Income taxes payable | | | 3 | | | | 11 | |
| Total current liabilities | | | 1,247 | | | | 954 | |
| | | | | | | | | |
| Other liabilities | | | - | | | | - | |
| Total liabilities | | | 1,247 | | | | 954 | |
| | | | | | | | | |
| Commitments and contingencies (Note 16) | | | - | | | | - | |
| | | | | | | | | |
| Common stock, $0.001 par value, 681,000,000 shares authorized; 225,975,331 and 213,854,781 shares issued and outstanding as of September 30, 2024, and 2023, respectively | | | 226 | | | | 214 | |
| Additional paid-in capital | | | 22,321 | | | | 21,755 | |
| Accumulated deficit | | | (19,843 | ) | | | (18,939 | ) |
| Total stockholders’ equity | | | 2,704 | | | | 3,030 | |
| Total liabilities and stockholders’ equity | | $ | 3,951 | | | $ | 3,984 | |
SIDECHANNEL, INC.
CONSOLIDATED STATEMENTS OF OPERATIONS
(In thousands, except share and per share data)
| | | | | | | | | |
| | | Twelve Months Ended | |
| | | September 30, | |
| | | 2024 | | | 2023 | |
| Revenues | | $ | 7,400 | | | $ | 6,572 | |
| Cost of revenues | | | 3,868 | | | | 3,240 | |
| Gross profit | | | 3,532 | | | | 3,332 | |
| | | | | | | | | |
| Operating expenses | | | | | | | | |
| General and administrative | | | 3,155 | | | | 3,586 | |
| Selling and marketing | | | 771 | | | | 1,337 | |
| Research and development | | | 546 | | | | 669 | |
| Intangible asset impairment | | | - | | | | 4,940 | |
| Business Combination related costs | | | - | | | | 214 | |
| Total operating expenses | | | 4,472 | | | | 10,746 | |
| Operating loss | | | (940 | ) | | | (7,414 | ) |
| | | | | | | | | |
| Other income, net | | | 41 | | | | 29 | |
| | | | | | | | | |
| Income tax expense (benefit) | | | 5 | | | | (379 | ) |
| Net loss | | $ | (904 | ) | | $ | (7,006 | ) |
| Net loss per common share – basic and diluted | | $ | (0.00 | ) | | $ | (0.04 | ) |
| Weighted average common shares outstanding – basic and diluted | | | 222,078,462 | | | | 175,274,762 | |
SIDECHANNEL, INC.
CONSOLIDATED STATEMENTS OF STOCKHOLDERS’ EQUITY
(In thousands, except share data)
| | | Preferred Shares | | | Preferred Par Value | | | Common Shares | | | Common Par Value | | | APIC | | | Accumulated Deficit | | | Total Equity | |
| | | For the Twelve Months Ended September 30, 2024 and 2023 | |
| | | Preferred Shares | | | Preferred Par Value | | | Common Shares | | | Common Par Value | | | APIC | | | Accumulated Deficit | | | Total Equity | |
| Balance at September 30, 2022 | | | 100 | | | $ | - | | | | 148,724,056 | | | $ | 149 | | | $ | 21,180 | | | $ | (11,933 | ) | | $ | 9,396 | |
| Shares issued for services | | | - | | | | - | | | | 770,978 | | | | - | | | | 66 | | | | - | | | | 66 | |
| Stock-based compensation | | | - | | | | - | | | | 2,343,029 | | | | 3 | | | | 357 | | | | - | | | | 360 | |
| Conversion of Preferred to Common | | | (100 | ) | | | - | | | | 100 | | | | - | | | | - | | | | - | | | | - | |
| Business Combination – Contingent Consideration | | | - | | | | - | | | | 62,016,618 | | | | 62 | | | | 152 | | | | - | | | | 214 | |
| Net loss | | | - | | | | - | | | | - | | | | - | | | | - | | | | (7,006 | ) | | | (7,006 | ) |
| Balance at September 30, 2023 | | | - | | | $ | - | | | | 213,854,781 | | | $ | 214 | | | $ | 21,755 | | | $ | (18,939 | ) | | $ | 3,030 | |
| Balance | | | - | | | | - | | | | 213,854,781 | | | | 214 | | | | 21,755 | | | | (18,939 | ) | | | 3,030 | |
| Shares issued for 2021 Investor Warrants | | | - | | | | - | | | | 7,270,958 | | | | 7 | | | | (7 | ) | | | - | | | | - | |
| Legal settlement | | | - | | | | - | | | | - | | | | - | | | | 15 | | | | - | | | | 15 | |
| Shares issued for services | | | - | | | | - | | | | 437,643 | | | | - | | | | 20 | | | | - | | | | 20 | |
| Stock-based compensation | | | - | | | | - | | | | 4,411,949 | | | | 5 | | | | 538 | | | | - | | | | 543 | |
| Net loss | | | - | | | | - | | | | - | | | | - | | | | - | | | | (904 | ) | | | (904 | ) |
| Balance at September 30, 2024 | | | - | | | $ | - | | | | 225,975,331 | | | $ | 226 | | | $ | 22,321 | | | $ | (19,843 | ) | | $ | 2,704 | |
| Balance | | | - | | | | - | | | | 225,975,331 | | | | 226 | | | | 22,321 | | | | (19,843 | ) | | | 2,704 | |
SIDECHANNEL, INC.
CONSOLIDATED STATEMENTS OF CASH FLOWS
(In thousands)
| | | 2024 | | | 2023 | |
| | | Twelve Months Ended September 30, | |
| | | 2024 | | | 2023 | |
| CASH FLOWS FROM OPERATING ACTIVITIES: | | | | | | | | |
| Net loss | | $ | (904 | ) | | $ | (7,006 | ) |
| Adjustments to reconcile net loss to net cash flows provided by / (used in) operating activities: | | | | | | | | |
| Depreciation and amortization | | | 192 | | | | 182 | |
| Legal settlement paid in stock | | | 15 | | | | | |
| Stock-based compensation and payments for services, net | | | 563 | | | | 405 | |
| Provision for doubtful accounts | | | - | | | | 3 | |
| Business Combination Costs | | | - | | | | 214 | |
| Intangible asset impairment | | | - | | | | 4,940 | |
| | | | | | | | | |
| Changes in operating assets and liabilities: | | | | | | | | |
| Accounts receivable, net | | | 102 | | | | (225 | ) |
| Prepaid expenses and other assets | | | (4 | ) | | | (61 | ) |
| Accounts payable and accrued liabilities | | | 116 | | | | (363 | ) |
| Income taxes payable | | | (8 | ) | | | (184 | ) |
| Deferred revenue | | | 235 | | | | 150 | |
| Net cash provided by / (used in) operating activities | | | 307 | | | | (1,945 | ) |
| | | | | | | | | |
| CASH FLOWS FROM INVESTING ACTIVITIES: | | | | | | | | |
| Purchase of short-term investments | | | (250 | ) | | | - | |
| Purchase of fixed assets | | | (15 | ) | | | (32 | ) |
| Net cash used in investing activities | | | (265 | ) | | | (32 | ) |
| | | | | | | | | |
| CASH FLOWS FROM FINANCING ACTIVITIES: | | | | | | | | |
| Payment of note payable | | | (50 | ) | | | - | |
| Net cash used in financing activities | | | (50 | ) | | | - | |
| | | | | | | | | |
| INCREASE / (DECREASE) IN CASH | | | (8 | ) | | | (1,977 | ) |
| CASH, BEGINNING OF PERIOD | | | 1,053 | | | | 3,030 | |
| CASH, END OF PERIOD | | $ | 1,045 | | | $ | 1,053 | |
| | | | | | | | | |
| SUPPLEMENTAL DISCLOSURES OF CASH FLOW INFORMATION: | | | | | | | | |
| Stock-based compensation included in accounts payable and accrued liabilities | | $ | - | | | $ | 21 | |
| Shares Issued for Services | | | 20 | | | | 66 | |
| Purchase of RSUs sold by employees to pay for taxes due on vested RSUs | | | 119 | | | | 59 | |
SIDECHANNEL, INC.
NOTES TO FINANCIAL STATEMENTS
FOR THE YEARS ENDED SEPTEMBER 30, 2024, AND 2023
(Amounts shown in thousands, except shares and per share amounts)
NOTE 1 – DESCRIPTION OF BUSINESS
Our mission is to make cybersecurity simple and accessible for mid-market and emerging companies, a market that we believe is currently underserved. We believe that our cybersecurity product and service offerings provide cybersecurity and privacy risk management solutions for our customers. We anticipate that our target customers will continue to need cost-effective security solutions. We intend to provide more tech-enabled services to address the needs of our customers, including virtual Chief Information Security Officer (vCISO), zero trust, third-party risk management, due diligence, privacy, threat intelligence, and managed end-point security solutions.
Our growth strategy focuses on these three initiatives:
1. Securing new vCISO clients
2. Adding new Cybersecurity Software and Services offerings
3. Increasing adoption of Cybersecurity Software, including Enclave and Services offerings, at vCISO clients
vCISO engagements typically contain a monthly subscription and rates for vCISO time and material projects ranging from $350 to $450 per hour. Each of our vCISOs is generally embedded into the C-suite executive teams of two (2) to four (4) of our clients. We augment our vCISO offering with a full range of other cybersecurity products and services including those delivered by our security engineer employees and independent contractors in addition to reselling services and software provided by third-parties.
On July 1, 2022, (the “Closing Date”) the Company, then known as Cipherloc Corporation, a Delaware corporation, completed its acquisition (the “Business Combination”) of all the outstanding equity securities of SideChannel, Inc., a Massachusetts corporation pursuant to an Equity Securities Purchase Agreement dated May 16, 2022 (the “Purchase Agreement”). On September 9, 2022, SideChannel, Inc. the acquired Massachusetts corporation and a subsidiary of the registrant, changed its name to SCS, Inc. (the “Subsidiary” or “SCS”) and Cipherloc Corporation, the Delaware parent company of the subsidiary has changed its name to SideChannel, Inc. Following the closing of the Business Combination, SCS, Inc. became a wholly owned subsidiary of the Company. As used herein, the words “the Company” refers to, for periods following the Business Combination, SideChannel, Inc., together with its subsidiaries.
Our headquarters are located at 146 Main Street, Suite 405, Worcester, MA, 01608. Our website is www.sidechannel.com.
NOTE 2 – GOING CONCERN ASSESSMENT
We are required to perform a going concern assessment for the annual reporting period. The assessment uses a two-step process to evaluate whether there are conditions and/or events that raise substantial doubt about our ability to continue as a going concern within one year after the date on which the annual financial statements are issued.
The two steps are to:
| | 1. | Determine if “substantial doubt” is raised regarding the entity’s ability to continue as a going concern. If it is not raised, the assessment stops there. However, if substantial doubt is raised, management would proceed to the next assessment step. |
| | 2. | Determine if the substantial doubt continues to exist after considering any plan to address and mitigate the doubt. However, regardless of whether such a plan alleviates the initial doubt, the guidance will require some level of disclosure in the financial statements. |
Substantial doubt exists when it is probable (within one year after the date on which the financial statements are issued) that the Company will be unable to meet its obligations as they become due. Probable is used consistently with its use in ASC 450, Contingencies (the future event or events are likely to occur, which is a higher threshold than “more likely than not” but lower than “virtually certain”).
This assessment is through December 31, 2025, because our fiscal year 2024 financial statements will be issued during December 2024. For the year ended September 30, 2024, we reported a net loss of $904 thousand which includes $755 thousand of non-cash expenses for depreciation, amortization, and stock-based compensation. Our operating activities generated $307 thousand in cash for the year ended September 30, 2024, and our cash balance decreased by $8 thousand during that same period after using $315 thousand of cash for investing and financing activities, including the purchase of $250 thousand in short-term investments. We may incur continued net losses until we generate revenues in excess of our expenses; however, we intend to manage our business such that our current cash balance and net cash provided by operations will allow us to sustainably fund our business. We cannot be certain that this will be achieved. We don’t currently have any credit facilities available to us.
We have determined that substantial doubt does not exist about our ability to continue as a going concern through December 31, 2025.
NOTE 3 - SUMMARY OF SIGNIFICANT ACCOUNTING POLICIES
Basis of Presentation and Use of Estimates
The accompanying consolidated financial statements include our accounts and those of our wholly owned subsidiaries. All significant intercompany accounts and transactions have been eliminated upon consolidation. The preparation of financial statements in conformity with U.S. GAAP requires us to make estimates and assumptions that affect the reported amounts of assets and liabilities and disclosure of contingent assets and liabilities at the date of the financial statements and the reported amounts of revenue and expenses during the reporting period. Actual results could differ from those estimates. Certain of our accounts, including goodwill, identifiable intangibles, and deferred tax assets and liabilities, including related valuation allowances, are based upon estimates.
Reclassifications
Certain prior year amounts have been reclassified to be comparable with the current year’s presentation or adjusted due to rounding and have had no impact on net income or stockholders’ equity.
Segment Information
We manage our operations as a single operating segment for the purpose of assessing performance and making operating decisions.
Business Combinations
Acquired businesses are accounted for using the purchase method of accounting, which requires that the purchase price be allocated to the net assets acquired at their respective fair values. Any excess of the purchase price over the estimated fair values of the net assets acquired is recorded as goodwill. Fair values of intangible assets are estimated by valuation models prepared by our management and third-party advisors. The assets purchased and liabilities assumed have been reflected in our consolidated balance sheets, and the operating results are included in the consolidated statements of operations and consolidated statements of cash flows from the date of acquisition. Any change in the fair value of acquisition-related contingent consideration subsequent to the acquisition date, including changes from events after the acquisition date, will be recognized in the consolidated statement of operations in the period of the estimated fair value change. Acquisition-related transaction costs, including legal and accounting fees and other external costs directly related to the acquisition, are recognized separately from the acquisition and expensed as incurred in general and administrative expense in the consolidated statements of operations.
Cash, Cash Equivalents, and Short-Term Investments
Cash includes funds deposited in banks.
We consider all highly liquid investments with an original maturity of 90 days or less to be cash equivalents. Highly liquid investments with original maturities of 91 days or more that will mature less than one year from the balance sheet date are classified as short-term investments. Securities with maturities of more than 360 days, if any, are included in “Long-term investments.”
Our cash equivalents and short-term investments are placed primarily in money market funds and time deposits and are classified as held-to-maturity based on our positive intent and ability to hold the securities to maturity. We value cash equivalents at their original purchase prices plus interest that has accrued at the stated rate. We value short-term investments at their original purchase prices. Interest earned on short-term investments is accrued in interest receivable which is included on our balance sheet in “Accounts receivable, net.”
Interest income related to cash equivalents and short-term investments is reported in “Other income, net” on the Consolidated Statement of Operations.
Accounts Receivable
Trade accounts receivable are recorded at the invoiced amounts and do not bear interest. We grant credit to customers and generally require no collateral. To minimize our risk, we perform ongoing credit evaluations of our customers’ financial condition. Effective January 1, 2023, we follow the guidance in Accounting Standards Codification (“ASC”) Topic 326 (Financial Instruments – Credit Losses) in developing our estimate of the allowance for credit losses related to our accounts receivable. The allowance for credit losses is our best estimate of the amount of expected credit losses in our existing accounts receivable. In establishing the amount of allowance for credit losses, we consider all information available as of the reporting date including information related to past events, such as historical loss rates and actual incurred losses, as well as current conditions that may indicate future risk of loss and any other factors of which we are aware, that we believe could impact the ultimate collectability of the related receivables in future periods.
Account balances are charged off against the allowance after all means of collection have been exhausted and the potential for recovery is considered remote. We do not have any significant off-balance sheet credit exposure related to our customers. Cash flows from accounts receivable are recorded in operating cash flows.
For the year ended September 30, 2024, there was no change in the amount of the allowance for credit losses. There was no bad debt expense recorded for the years ended September 30, 2024, and 2023.
Fair Value of Financial Instruments
Our financial instruments consisted primarily of cash and cash equivalents, short-term investments, accounts receivable, accounts payable and accrued expenses. The carrying amounts of such financial instruments approximate their respective estimated fair value due to the short-term maturities and approximate market interest rates of these instruments.
Fair value is focused on an exit price that would be received upon sale of an asset or paid to transfer a liability in an orderly transaction between market participants at the measurement date. Within the measurement of fair value, the use of market-based information is prioritized over entity specific information and a three-level hierarchy for fair value measurements is used based on the nature of inputs used in the valuation of an asset or liability as of the measurement date.
The three-level hierarchy for fair value measurements is defined as follows:
| | ● | Level 1 – inputs to the valuation methodology are quoted prices (unadjusted) for identical assets or liabilities in active markets; |
| | | |
| | ● | Level 2 – inputs to the valuation methodology include quoted prices for similar assets and liabilities in active markets, and inputs that are observable for the asset or liability other than quoted prices, either directly or indirectly, including inputs in markets that are not considered to be active; |
| | | |
| | ● | Level 3 – inputs to the valuation methodology are unobservable and significant to the fair value measurement. |
For more information about the Company’s accounting policies surrounding fair value investments, see Note 9.
Goodwill, Intangible, and Long-Lived Assets
We account for goodwill and intangible assets in accordance with ASC Topic 350 (Intangibles – Goodwill and Other). Finite-lived intangible assets are amortized over their estimated useful economic life and are carried at cost less accumulated amortization. Goodwill is assessed for impairment annually during the fourth quarter on a reporting unit basis, or more frequently when events and circumstances occur indicating that the recorded goodwill may be impaired. Goodwill is considered to be impaired if the fair value of a reporting unit is less than its carrying amount. As a part of the goodwill impairment assessment, we have the option to perform a qualitative assessment to determine whether it is more-likely-than-not that the fair value of a reporting unit is less than its carrying amount. If, as a result of our qualitative assessment, we determine that it is more-likely-than-not that the fair value of the reporting unit is greater than its carrying amount, a quantitative goodwill impairment test is not required. However, if, as a result of our qualitative assessment, we determine it is more-likely-than-not that the fair value of a reporting unit is less than its carrying amount, or, if we choose not to perform a qualitative assessment, we are required to perform a quantitative goodwill impairment test to identify potential goodwill impairment and measure the amount of goodwill impairment loss to be recognized.
The quantitative goodwill impairment test compares the fair value of a reporting unit with its carrying amount, including goodwill. If the fair value of a reporting unit exceeds its carrying amount, goodwill of the reporting unit is considered not impaired. If the carrying amount of a reporting unit exceeds its fair value, an impairment loss will be recognized in an amount equal to that excess, limited to the total amount of goodwill allocated to that reporting unit. The goodwill impairment assessment is based upon the income approach, which estimates the fair value of our reporting units based upon a discounted cash flow approach. This fair value is then reconciled to our market capitalization at year end with an appropriate control premium. The determination of the fair value of our reporting units requires management to make significant estimates and assumptions including the selection of control premiums, discount rates, terminal growth rates, forecasts of revenue and expense growth rates, income tax rates, changes in working capital, depreciation, amortization, and capital expenditures. Changes in assumptions concerning future financial results or other underlying assumptions could have a significant impact on either the fair value of the reporting unit or the amount of the goodwill impairment charge. The goodwill was evaluated at the balance sheet date of September 30, 2024. For fiscal years 2024 and 2023, we recorded no impairment of goodwill.
None of the goodwill associated with the Business Combination is deductible for income tax purposes.
We did not record indefinite-lived intangible assets in the fiscal years ended September 30, 2024, and 2023.
Long-lived assets, which consist of finite-lived intangible assets and property and equipment, are assessed for impairment whenever events or changes in business circumstances indicate that the carrying amount of the assets may not be fully recoverable or that the useful lives of these assets are no longer appropriate. Each impairment test is based on a comparison of the estimated undiscounted cash flows to the recorded value of the asset. If impairment is indicated, the asset is written down to its estimated fair value. The cash flow estimates used to determine the impairment, if any, contain management’s best estimates using appropriate assumptions and projections at that time.
We recorded $4.9 million of finite-lived intangible assets in the form of Acquired In Process Research & Development (“AIPR&D”) as a result of acquiring Enclave in the Business Combination as of September 30, 2022. Under ASC 805, AIPR&D are initially recognized at fair value and classified as finite-lived assets until the successful completion or abandonment of the associated research and development efforts. During the development period, these assets will not be amortized as charges to earnings; instead, these assets will be tested for impairment on an annual basis or more frequently if impairment indicators are identified. An impairment loss is measured based on the excess of the carrying amount over the asset’s fair value. Our impairment testing as of September 30, 2023, indicated the full value of this finite-lived intangible asset was impaired. The difficulty of projecting the amount and timing of future revenues caused us to conclude a full impairment of the asset was appropriate. The $4.9 million of intangible asset impairment charge recorded during fiscal year 2023 neither indicated a decrease in our emphasis on Enclave as a key initiative nor did it suggest a lack of market interest in the product. The Company did not record any finite-lived intangible asset impairment for the year ended September 30, 2024.
Revenue Recognition
We recognize revenue in accordance with the guidance in ASC Topic 606 (Revenue from Contracts with Customers).
Nature of Products and Services
We identify, develop, and deploy cybersecurity and privacy risk management solutions for our clients in North America. We categorize our products and services as either vCISO Services or Cybersecurity Software and Services. The revenue earned from Enclave, our proprietary software product, as well as the revenue from reselling third-party software and services are included in Cybersecurity Software and Services.
Performance Obligations
A performance obligation is a promise in a contract to transfer a distinct good or service to the client and is the unit of accounting in Topic 606. A significant portion of our revenue is from clients with whom we have a Master Service Agreement (“MSA”). Each MSA generally contains one or more Statement(s) of Work (“SOW”). Each SOW specifies the products and services and their respective transaction prices. We refer to an MSA and its SOW(s) as a “Contract”. Our Contracts generally contain monthly service subscriptions, annual software licenses, time and material based billing, or fixed fee projects.
A Contract’s transaction price is allocated to each distinct performance obligation. For Contracts with multiple performance obligations, we allocate the Contract’s transaction price to each performance obligation based on the relative standalone selling price.
Revenue is recognized over a period of time for monthly service subscriptions and software licenses. Revenue is recognized at a point in time when, or as, the performance obligation is satisfied for fixed fee projects and time and material based billing. The assets we create for our clients do not have alternative uses to SideChannel and our Contracts created a right to payment for work completed. Each of the fixed fee project performance obligations we delivered in fiscal year 2024 were accompanied by an upfront payment. Our determination for point in time revenue recognition is based upon client acceptance of the performance obligation.
We do not have any material variable consideration arrangements, client-specific acceptance criteria, or any material payment terms with our clients other than standard payment terms which generally range from net 15 to net 45 days.
Principal vs Agent
We resell the software and services provided by third-parties. When we have discretion over the pricing used in the Contracts with our clients then we deem ourselves to be the principal for purposes of revenue recognition and record revenue on a gross basis using the price specified in the Contract. This is the case for almost all of the third-party software and services we sell. Also consistent in our determinations to recognize revenue as the principal is our ability to direct the third-party to provide the service to the client on our behalf.
Occasionally, we receive a commission from the sale of third-party software and services in which case we are an agent and record revenue on a net basis equal to the amount of the commission earned.
Contract Balances
We record accounts receivable at the time of invoicing. To the extent that we do not recognize revenue at the same time as we invoice, we record a liability for deferred revenue. In certain instances, we also receive customer deposits in advance of invoicing and recording of accounts receivable. Deferred revenue and customer deposits are included in current liabilities on our consolidated balance sheets. In these instances, the recognition of revenue is deferred until we have determined that we have satisfied our performance obligations under the Contract.
Costs to Obtain a Contract with a Customer
The costs we incur associated with obtaining contracts with customers are marketing costs incurred with third-party service providers and sales commissions that we pay to our employees, contractors, or third-party sales representatives. Commissions are calculated based on set percentages of the revenue value of each product or service sold. Commissions are considered earned by our internal sales personnel at the time we recognize revenue for a particular transaction. Commissions are considered earned by third-party sales representatives at the time that revenue is recognized for a particular transaction. We record commission expense in our consolidated statements of operations at the time the commission is earned. Commissions earned but not yet paid are included in current liabilities on our balance sheets.
Leases
We account for leases in accordance with ASC Topic 842 (Leases). We determine if an arrangement is a lease at inception. A lease contract is within scope if the contract has an identified asset (property, plant, or equipment) and grants the lessee the right to control the use of the asset during the lease term. The identified asset may be either explicitly or implicitly specified in the contract. In addition, the supplier must not have any practical ability to substitute a different asset and would not economically benefit from doing so for the lease contract to be in scope. The lessee’s right to control the use of the asset during the term of the lease must include the ability to obtain substantially all of the economic benefits from the use of the asset as well as decision-making authority over how the asset will be used. Leases are classified as either operating leases or finance leases based on the guidance in ASC Topic 842. Operating leases are included in operating lease ROU assets and operating lease liabilities in our consolidated balance sheets. Finance leases are included in property and equipment and financing lease liabilities. We do not currently have any financing leases.
Operating lease payments are included in cash outflows from operating activities on our consolidated statements of cash flows.
We have made an accounting policy election not to apply the recognition requirements of ASC Topic 842 to short-term leases (leases with a term of one year or less at the commencement date of the lease). Our lease periods are less than one-year in duration. Lease expense for short-term lease payments is recognized on a straight-line basis over the lease term.
Following the guidance of ASC Topic 842, we are not required to record ROU assets and operating lease liabilities.
See Note 8 for further disclosures regarding our leases.
Research and Development and Software Development Expenses
All research and development costs, including patent and software development costs, are expensed as incurred.
Stock-Based Compensation
We account for stock-based compensation in accordance with ASC Topic 718 (Compensation – Stock Compensation) which requires that employee share-based equity awards be accounted for under the fair value method and requires the use of an option pricing model for estimating fair value of awards, which is then amortized to expense over the service periods. The Company estimates the fair value of share-based payment awards on the date of grant using an option-pricing mode or the fair value of our stock on the grant date. The value of the portion of the award that is ultimately expected to vest is recognized as stock compensation expense over the requisite service period in the Company’s consolidated statements of income.
As stock compensation expense recognized in the accompanying consolidated statements of income is based on awards ultimately expected to vest. Accounting guidance requires forfeitures to be estimated at the time of grant and revised, if necessary, in subsequent periods if actual forfeitures differ from those estimates. The Company has limited historical experience with forfeitures and were based on management’s estimates.
Excess tax benefits or deficiencies from stock compensation are recognized in the income tax provision and are not estimated in the effective tax rate. Rather, they are recorded as discrete tax items in the period they occur. Excess income tax benefits from stock compensation arrangements are classified as a cash flow from operations.
See further disclosures related to our stock-based compensation plans in Note 15.
Legal
We are subject to legal proceedings, claims, and liabilities which arise in the ordinary course of business, and we accrue for losses associated with legal claims when such losses are probable and can be reasonably estimated. These accruals are adjusted as additional information becomes available or circumstances change. Legal fees are charged to general and administrative expenses as they are incurred.
Income Taxes
We utilize the asset and liability method in accounting for income taxes. Under this method, deferred tax assets and liabilities are recognized for operating loss and tax credit carryforwards and for the future tax consequences attributable to differences between the financial statement carrying amounts of existing assets and liabilities and their respective tax bases. Deferred tax assets and liabilities are measured using enacted tax rates expected to apply to taxable income in the year in which those temporary differences are expected to be recovered or settled. The effect on deferred tax assets and liabilities of a change in tax rates is recognized in the results of operations in the period that includes the enactment date. A valuation allowance is recorded to reduce the carrying amounts of deferred tax assets unless it is more likely than not that the value of such assets will be realized.
We use the two-step approach to recognize and measure uncertain tax positions. The first step is to evaluate the tax position for recognition by determining if the weight of available evidence indicates it is more likely than not that the position will be sustained on audit, including resolution of related appeals or litigation processes, if any. The second step is to measure the tax benefit as the largest amount, which is more than 50% likely of being realized upon ultimate settlement. We consider many factors when evaluating and estimating our tax positions and tax benefits, which may require periodic adjustments. We did not record any liabilities for uncertain tax positions during the years ended September 30, 2024, or 2023.
Net Loss Per Common Share
Basic loss per share is computed by dividing net loss available to common stockholders by the weighted average number of common shares outstanding during the reporting period. The weighted average number of shares is calculated by taking the number of shares outstanding and weighting them by the amount of time that they were outstanding. Diluted earnings per share reflects the potential dilution that could occur if stock options, warrants, and other commitments to issue common stock were exercised or equity awards vest resulting in the issuance of common stock that could share in our earnings. Diluted loss per share is the same as basic loss per share during periods where net losses are incurred since the inclusion of the potential common stock equivalents would be anti-dilutive as a result of the net loss.
Warrants
We evaluate warrants in accordance with ASC Topics 480 (Distinguishing Liabilities from Equity) and 815 (Derivatives and Hedging). The result of this accounting treatment is that the fair value of the embedded derivative, if required to be bifurcated, is marked-to-market at each balance sheet date and recorded as a liability. The change in fair value is recorded in the Statement of Operations as a component of other income or expense. Upon exercise of a warrant, it is marked to fair value at the exercise date and then that fair value is reclassified to equity.
Recent Accounting Announcements
The Financial Accounting Standards Board (“FASB”) issues Accounting Standards Updates (“ASU”) to amend the authoritative literature in the ASC. There have been several ASUs to date that amend the original text of the ASCs. Other than those discussed below, we believe those ASUs issued to date either (i) provide supplemental guidance, (ii) are technical corrections, (iii) are not applicable to us, or (iv) are not expected to have a significant impact on us.
Accounting Pronouncements Adopted
We did not adopt new accounting pronouncements during the year ended September 30, 2024.
Accounting Pronouncements Not Yet Adopted
In November 2023, the FASB issued amendments to the guidance for disclosures about reportable segments which require disclosures of significant expenses by segment and interim disclosure of items that were previously required on an annual basis. The amendments are to be applied on a retrospective basis and are effective for fiscal years beginning after December 15, 2023, and interim periods within fiscal years beginning after December 15, 2024.
In December 2023, the FASB issued ASU 2023-09, “Income Taxes (Topic 740): Improvements to Income Tax Disclosures,” which updates income tax disclosure requirements primarily by requiring specific categories and greater disaggregation within the rate reconciliation table and disaggregation of income taxes paid, net of refunds, by jurisdiction. All entities are required to apply the guidance prospectively, with the option to apply it retrospectively. The guidance is effective for fiscal years beginning after December 15, 2024, which for us is our fiscal year 2026 beginning on October 1, 2025. Early adoption is permitted.
The Company does not believe that the above recently issued, but not yet effective accounting standards, when adopted, will have a material effect on the accompanying consolidated financial statements.
In March 2024, the Securities and Exchange Commission issued a rule which will require companies to make certain climate-related disclosures in periodic filings. The rule includes certain disclosures in the footnotes of the financial statements:
● capitalized costs, expenditures expensed, and losses incurred as a result of severe weather events and other natural conditions, such as hurricanes, tornadoes, flooding, drought, wildfires, extreme temperatures, and sea level rise;
● capitalized costs, expenditures expensed, and losses related to carbon offsets and renewable energy credits or certificates if they are used as a material component of a registrant’s plans to achieve its disclosed climate-related targets or goals; and
● whether estimates and assumptions used to produce the financial statements were materially impacted by risks and uncertainties associated with severe weather events and other natural conditions or any disclosed climate-related targets or transition plans.
The footnote disclosures are effective for annual filings for the year ended September 30, 2026. The Company is currently evaluating the impact of the adoption of the rule.
NOTE 4 – REVERSE MERGER BETWEEN CIPHERLOC CORPORATION AND SIDECHANNEL, INC. (now known as SCS, Inc.)
Overview of the Business Combination
The Business Combination was accounted for as a reverse acquisition (“reverse merger”) in accordance with GAAP. Under this method of accounting, SCS was deemed to be the accounting acquirer for financial reporting purposes. This determination was primarily based on the facts that, immediately following the Business Combination: (1) the majority of the Board of Directors of the combined company would be composed of directors designated by the Sellers under the terms of the Purchase Agreement; and (2) existing members of SCS management constituted the management of the combined company. Because SCS was determined to be the accounting acquirer in the Business Combination, but not the legal acquirer, the transaction was deemed a reverse acquisition under the guidance of the ASC Topic 805, Business Combinations. As a result, the historical financial statements of SideChannel are the historical financial statements of the combined company.
Summary of the Business Combination Terms
Pursuant to the Purchase Agreement, on the Closing Date, the former shareholders of the Subsidiary (the “Sellers”) exchanged all of their equity securities in the Subsidiary for a total of 59,900,000 shares of the Company’s common stock (the “First Tranche Shares”), and 100 shares of the Company’s newly designated Series A Preferred Stock, $0.001 par value (the “Series A Preferred Stock”). The Sellers were entitled to receive up to an additional 59,900,000 shares of the Company’s common stock (the “Second Tranche Shares” and together with the First Tranche Shares and the Series A Preferred Stock, the “Shares”) at such time that the operations of the Subsidiary, as a subsidiary of the Company, achieved at least $5.5 million in revenue (the “Milestone”) for any twelve-month period occurring after the Closing Date and before the 48-month anniversary of the execution of the Purchase Agreement. The Second Tranche shares were valued using the closing price on July 1, 2022, of $0.10 per share which resulted in a fair value of $6.1 million.
The number of the Second Tranche Shares was increased, based upon the Subsidiary’s working capital as of the Closing Date was more than zero.
As previously disclosed in Form 8-K dated May 9, 2023, a total of 62,016,618 shares of common stock were issued for the Second Tranche and Closing Working Capital Adjustment.
NOTE 5 – CASH EQUIVALENTS AND INVESTMENTS
We have financial instruments included as cash equivalents and short-term investments on our balance sheets. Money market funds and time deposits with maturities of less than 90 days from the purchase date are included in “Cash and cash equivalents.” Time deposits with maturities from 91-360 days are included in “Short-term investments.” As of September 30, 2024, and 2023, the Company had no long-term investments.
The following table presents the carrying amounts of cash equivalents and short-term investments as of September 30, 2024 and 2023:
SCHEDULE OF CASH AND CASH EQUIVALENTS AND SHORT TERM INVESTMENTS
| | | September 30, 2024 | | | September 30, 2023 | |
| Cash equivalents | | | | | | | | |
| Money market funds | | $ | 6 | | | $ | 42 | |
| Time deposits | | | - | | | | - | |
| Total cash equivalents | | $ | 6 | | | $ | 42 | |
| | | | | | | | | |
| Short-term investments | | | | | | | | |
| Time deposits | | | 250 | | | | - | |
| Total short-term investments | | $ | 250 | | | $ | - | |
For more information about the fair value of the Company’s financial instruments, see Note 9.
NOTE 6 – DEFERRED COSTS
On July 23, 2021, we entered into a financial advisory and consulting agreement with Paulson Investment Company, LLC (“Paulson”). The agreement with Paulson remains in place after the Business Combination. Pursuant to the agreement, Paulson will provide the following services at the Company’s request: (a) familiarize itself with the Company’s business, assets, and financial condition; (b) assist the Company in developing strategic and financial objectives; (c) assist the Company in increasing its exposure in the software industry; (d) assist the Company in increasing its profile in the investment and financial community through introductions to analysts and potential investors, participation in investment conferences and exploitation of reasonably available media opportunities; (e) identify potentially attractive merger and acquisition opportunities; (f) review possible innovative financing opportunities and (g) render other financial advisory services as may be reasonably requested. The term of the agreement is four years from the date of the agreement, unless terminated earlier by either party as provided therein. As compensation for these services, the Company issued to Paulson 4 million shares of the Company’s common stock and agreed to reimburse Paulson for all reasonable and documented expenses incurred by Paulson in connection with providing such services. The fair value of the shares issued was $720 thousand which Cipherloc recognized as deferred costs which are amortized at a rate of $45 thousand per quarter. The Company expensed $180 thousand in each of the fiscal years ended September 30, 2024, and 2023. The unamortized balance of the deferred costs was $150 thousand at September 30, 2024.
NOTE 7 – IDENTIFIABLE INTANGIBLE ASSETS
The estimated fair values of the identifiable intangible assets acquired were calculated using an income valuation approach which requires a forecast of expected future cash flows either through the use of relief-from-royalty method or multi-period excess earnings methods (“MPEEM”).
We conducted a fair value analysis of the intangible assets acquired as of September 30, 2023, and concluded that the full carrying value of this asset should be impaired. Our balance sheet as of September 30, 2023, reflects this conclusion. Incurring impairment in fiscal year 2023 neither indicated a decrease in our emphasis on Enclave as a key initiative nor did it suggest a lack of market interest in the product.
We did not have identifiable intangible assets at September 30, 2024.
NOTE 8 - LEASES
On December 10, 2021, we entered into a lease for approximately 500 square feet of office space at 146 Main Street in Worcester, Massachusetts, with the option to renew annually for three twelve-month periods through December 2025. The annual renewal date is January 1st. Our current lease payment is $967 per month. The lease allows for a 2% increase effective at the beginning of each renewal period.
Operating lease payments are included in cash outflows from operating activities on our consolidated statements of cash flows.
Operating lease expenses were $12 thousand and $10 thousand for the fiscal years ended September 30, 2024, and 2023, respectively.
We have made an accounting policy election not to apply the recognition requirements of ASC Topic 842 (Leases) to short-term leases (leases with a term of one year or less at the commencement date of the lease). Lease expense for short-term lease payments is recognized on a straight-line basis over the lease term. We do not have any long-term operating leases or financing leases as of September 30, 2024.
We expect to pay approximately $12 thousand over the next twelve (12) months for the Worcester lease.
NOTE 9 – FAIR VALUE MEASUREMENT
ASC Topic 820 “Fair Value Measurement” (“Topic 820”) defines fair value, establishes a market-based framework or hierarchy for measuring fair value, and expands disclosures about fair value measurements. Topic 820 is applicable whenever assets and liabilities are measured and included in the financial statements at fair value.
The following tables present the carrying amounts, estimated fair values, and valuation input levels of certain financial instruments as of September 30, 2024, and 2023.
SCHEDULE OF FAIR VALUE OF FINANCIAL INSTRUMENTS
| | | September 30, 2024 | |
| | | Carrying | | | Fair Value Measured Using | | | Fair | |
| (in thousands) | | Amount | | | Level 1 | | | Level 2 | | | Level 3 | | | Value | |
| Short-term investments | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | | | | | |
| Time deposits: 91 - 360 days | | $ | 250 | | | $ | - | | | $ | 250 | | | $ | - | | | $ | 250 | |
| | | | | | | | | | | | | | | | | | | | | |
| Total Short-term investments | | $ | 250 | | | $ | - | | | $ | 250 | | | $ | - | | | $ | 250 | |
| | | September 30, 2023 | |
| | | Carrying | | | Fair Value Measured Using | | | Fair | |
| (in thousands) | | Amount | | | Level 1 | | | Level 2 | | | Level 3 | | | Value | |
| Short-term investments | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | | | | | |
| Time deposits: 91 - 360 days | | $ | - | | | $ | - | | | $ | - | | | $ | - | | | $ | - | |
| | | | | | | | | | | | | | | | | | | | | |
| Total Short-term investments | | $ | - | | | $ | - | | | $ | - | | | $ | - | | | $ | - | |
The entire balance of time deposits maturing in 91 to 360 days are certificates of deposit issued by a bank at which total deposits exceed the FDIC limit of $250 thousand.
NOTE 10 – DEBT
Pursuant to a Membership Interest Redemption Agreement, dated November 3, 2021, by and between us and Akash Desai (“Desai Redemption Agreement”), we promised to pay Mr. Desai $100 thousand, without interest, in exchange for Mr. Desai’s right, title, and interest in us. Mr. Desai was paid $50 thousand at the execution of the Desai Redemption Agreement and the remaining $50 thousand was paid in December 2023.
NOTE 11 – STOCKHOLDERS’ EQUITY
Common Stock
As of September 30, 2024, and 2023, we had 225,975,331 and 213,854,781 shares of common stock outstanding, respectively, and were authorized to issue 681,000,000 shares of common stock at a par value of $0.001.
Common Stock Issued for Cash
We did not issue shares of common stock for cash during the years ended September 30, 2024, and September 30, 2023.
Common Stock Issued for Business Combinations
On May 4, 2023, we issued a total of 62,016,618 shares of common stock for the Second Tranche (59,900,000 shares) and Closing Working Capital Adjustment (2,116,618 shares).
No shares were issued for Business Combinations in fiscal year 2024.
Common Stock Issued for Services
Until March 31, 2024, our Board of Directors elected to have each of its members receive one-half of such member’s quarterly compensation in the form of shares of the Company’s common stock instead of cash. We also use stock as a form of compensation for independent contractors who provide professional services to us in sales, marketing, or administration. During fiscal year 2024, the fair market value of stock issued for services totaled $20 thousand for 437,643 shares of common stock compared to $66 thousand for 770,978 shares of common stock in fiscal year 2023.
Our Board of Directors elected to cease receiving quarterly compensation in the form of shares of the Company’s common stock after April 1, 2024.
Common Stock Issued Under Equity Incentive Plan
We issued 4,411,949 shares of common stock for 6,537,045 restricted stock units (“RSUs”) that vested during the year ended September 30, 2024. The number of RSUs sold by these employees to fund payroll taxes for the year September 30, 2024, was 2,125,096.
Common Stock Issued for Tender Offer
On August 22, 2023, the Company commenced a Tender Offer for the 69,281,020 Warrants subject to our Offer to Exchange. A new Tender Offer (“Offer to Exchange”) was filed on November 7, 2023.
We closed the November 7 Offer to Exchange on December 26, 2023, resulting in the issuance of 7,270,958 shares of common stock and 17,415,437 new warrants in exchange for 2021 Investor Warrants totaling 43,538,501.
Preferred Stock
As of September 30, 2024, and 2023, we had zero (0) shares of preferred stock outstanding.
Warrants
Warrant activity for years ended September 30, 2024, and 2023, is as follows:
SCHEDULE OF WARRANT ACTIVITY
| Outstanding Warrants | | Number of Warrants | | | Weighted Average Exercise Price | | | Weighted Average Remaining Life | |
| (In thousands, except prices and remaining lives) | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| Outstanding at September 30, 2022 | | | 87,794 | | | $ | 0.56 | | | | 3.57 | |
| Granted | | | — | | | | — | | | | — | |
| Tendered during November 2023 Warrant Exchange | | | - | | | | - | | | | - | |
| Exercised | | | — | | | | — | | | | — | |
| Canceled/Forfeited | | | (18,513 | ) | | | 1.20 | | | | — | |
| Outstanding at September 30, 2023 | | | 69,281 | | | $ | 0.39 | | | | 3.31 | |
| | | | | | | | | | | | | |
| Outstanding at September 30, 2023 | | | 69,281 | | | $ | 0.39 | | | | 3.31 | |
| Granted through November 2023 Warrant Exchange | | | 17,415 | | | | 0.18 | | | | 4.25 | |
| Tendered during November 2023 Warrant Exchange | | | (43,538 | ) | | | (0.36 | ) | | | (2.25 | ) |
| Exercised | | | — | | | | — | | | | — | |
| Canceled/Forfeited | | | — | | | | — | | | | — | |
| Outstanding at September 30, 2024 | | | 43,158 | | | $ | 0.33 | | | | 3.89 | |
NOTE 12 – REVENUE FROM CONTRACTS WITH CLIENTS
Disaggregation of Revenues
We disaggregate our revenue from contracts with clients by service type. See the below table:
SCHEDULE OF DISAGGREGATED REVENUE
| | | 2024 | | | 2023 | |
| | | Year Ended | |
| (in thousands) | | September 30, | |
| | | 2024 | | | 2023 | |
| vCISO services | | $ | 4,606 | | | $ | 4,383 | |
| Cybersecurity software and services | | | 2,794 | | | | 2,189 | |
| Total | | $ | 7,400 | | | $ | 6,572 | |
Deferred Revenue
Deferred revenue is comprised of payments received from our clients and customers for products or services in advance of receiving the product or service and primarily occurs for annual software and service contracts including Enclave. While software contracts can be initiated at any time of year, most of our annual agreements renew in our second fiscal quarter ending March 31.
The deferred revenue is expected to be earned within 12 months of the balance sheet date.
Changes in deferred revenue were as follows:
SCHEDULE OF CHANGES IN DEFERRED REVENUE
| Deferred Revenue | | | |
| (In thousands) | | | |
| | | | |
| Year Ended September 30, 2023 | | | | |
| Balance at September 30, 2022 | | $ | 130 | |
| Deferral of revenue | | | 553 | |
| Recognition of revenue | | | (403 | ) |
| Balance at September 30, 2023 | | $ | 280 | |
| | | | | |
| Year Ended September 30, 2024 | | | | |
| Balance at September 30, 2023 | | $ | 280 | |
| Deferral of revenue | | | 1,258 | |
| Recognition of revenue | | | (1,023 | ) |
| Balance at September 30, 2024 | | $ | 515 | |
NOTE 13 – BUSINESS RISK AND CREDIT RISK CONCENTRATION INVOLVING CASH
No client individually accounted for over 10% of our revenue during the years ended September 30, 2024, or 2023.
We did not have any customers with an accounts receivable balance that exceeded 10% of accounts receivable at September 30, 2024.
We maintain our cash and cash equivalents in accounts held by a highly reputable financial institution which, at times, may exceed federally insured limits as guaranteed by the Federal Deposit Insurance Corporation (“FDIC”). The FDIC insures these deposits up to $250 thousand. As of September 30, 2024, approximately $795 thousand of our cash and cash equivalent balance was uninsured. We have not experienced any losses on cash.
NOTE 14 – RELATED PARTY TRANSACTIONS
Brian Haugli, our Chief Executive Officer and our stockholder in the Company, is also a principal shareholder of RealCISO Inc. (“RealCISO”). In September 2020, SideChannel assigned to RealCISO Inc. certain contracts and intellectual property. We are a reseller of the RealCISO software. We receive revenue from our customers for the use of RealCISO software and pays licensing fees to RealCISO for such use. For the years ended September 30, 2024, and 2023, SideChannel paid $30 thousand and $26 thousand to RealCISO for licenses, respectively.
We also received $122 thousand and $63 thousand from RealCISO for software development services that we provided Real CISO during fiscal years 2024 and 2023, respectively.
On October 13, 2023, the Association of the US Army (“AUSA”) signed an agreement for a cybersecurity risk assessment for approximately $24 thousand. On February 15, 2024, the President of AUSA, Retired U.S. Army General Robert Brown, joined our Board. On July 8, 2024, AUSA signed an agreement for recurring vCISO Services which will generate approximately $108 thousand of annual revenue for the Company.
No other related party transactions occurred during the years ending September 30, 2024, and September 30, 2023.
NOTE 15 – STOCK-BASED COMPENSATION
As of September 30, 2024, we had unvested restricted stock awards (“RSUs”) and stock options granted under the 2021 Omnibus Equity Compensation Plan (the “2021 Equity Incentive Plan”) approved by stockholders on September 13, 2021.
The stockholder approval of the 2021 Equity Incentive Plan included a reserve of 8.0 million shares for awards. The 2021 Equity Incentive Plan also allows for an annual increase in the reserve up to an amount approximately equal to five percent (5%) of the fully diluted outstanding shares at the end of the prior calendar year. On June 29, 2022, the Board of Directors authorized an 8,186,106 increase in the shares reserved for the 2021 Equity Incentive Plan. On February 15, 2024, the Board of Directors authorized an increase of 13,599,834 in the shares reserved for the 2021 Equity Incentive Plan. Awards granted under the 2021 Equity Incentive Plan in lieu of compensation are exempt from counting against the reserve.
SCHEDULE OF COMMON STOCK SHARES RESERVED FOR EQUITY GRANTS
| 2021 Omnibus Equity Incentive Plan Reserve | | | | |
| (In thousands) | | | | |
| | | | | |
| Initial Reserve at September 13, 2021 | | | 8,000 | |
| | | | | |
| Non-exempt Awards | | | (24,783 | ) |
| Forfeitures | | | 3,036 | |
| Annual Reserve Increases | | | 21,786 | |
| | | | | |
| Reserve at September 30, 2024 | | | 8,039 | |
| | | | | |
| Reserve percent of outstanding shares at September 30, 2024 | | | 3.6 | % |
We typically have granted RSUs and stock options with a 3-year, service-based vesting period. Our unvested RSUs and stock options are accounted for based on their grant date fair value. As of September 30, 2024, total compensation expense to be recognized in future periods was $667 thousand. That cost is expected to be recognized over the remaining vesting period.
Our total stock-based compensation expense for the year ended September 30, 2024, was $682 thousand, comprised of $20 thousand for shares issued for services and $662 thousand for the amortization of outstanding equity compensation grants.
Certain employees opted to sell RSUs back to the Company at the fair market value on the vesting date to fund their portion of payroll taxes due on the taxable income generated by the vested RSUs. For the year ended September 30, 2024, we purchased RSUs with a vesting date value of $119 thousand. Our Statement of Stockholders Equity reflects the net increase of $543 thousand as of September 30, 2024, or $662 thousand of total stock-based compensation expense, less the $119 thousand of RSUs purchased.
We incurred stock-based compensation expense of $485 thousand for the year ended September 30, 2023, which is comprised of $66 thousand for shares issued for services and $419 thousand for the amortization of outstanding equity compensation grants. For the year ended September 30, 2023, we purchased RSUs with a vesting date value of $59 thousand.
Stock-based compensation of $568 thousand, $22 thousand, and $92 thousand was included in general and administrative expense, selling and marketing expense, and research and development expense respectively in our accompanying Consolidated Statements of Operations for the year ended September 30, 2024.
Restricted Stock Units
We record compensation expense for RSUs based on the closing market price of our stock at the grant date and amortize the expense over the vesting period which is typically three years. For RSUs, the Company recognizes compensation cost for unvested share-based awards on a straight-line basis over the requisite service period. The fair value of stock awards is based on the quoted price of our common stock on the grant date.
The following table summarizes the activity of our RSUs granted under the 2021 Equity Incentive Plan during the years ended September 30, 2024, and September 30, 2023.
SCHEDULE OF RESTRICTED STOCK UNITS VESTING
| Outstanding Restricted Stock Unit Grants | | Number of RSU’s | | | Weighted Average Grant Date Value Per RSU | |
| (In thousands) | | | | | | |
| | | | | | | |
| Outstanding Grants at September 30, 2022 | | | 4,309 | | | $ | 0.11 | |
| Granted | | | 8,174 | | | | 0.10 | |
| Vested | | | (2,988 | ) | | | 0.12 | |
| Canceled/Forfeited | | | (858 | ) | | | 0.12 | |
| Outstanding Grants at September 30, 2023 | | | 8,637 | | | | 0.10 | |
| | | | | | | | | |
| Outstanding Grants at September 30, 2023 | | | 8,637 | | | | 0.10 | |
| Granted | | | 11,048 | | | | 0.05 | |
| Vested | | | (6,537 | ) | | | 0.08 | |
| Canceled/Forfeited | | | (2,000 | ) | | | 0.10 | |
| Outstanding Grants at September 30, 2024 | | | 11,148 | | | $ | 0.06 | |
The weighted-average remaining vesting period of RSUs at September 30, 2024 was 1.92 years.
The total grant-date fair value of RSUs vested during 2024 and 2023, was $190 thousand, and $353 thousand, respectively. The approximate aggregate intrinsic value of RSUs outstanding at September 30, 2024 was $479 thousand. The approximate aggregate intrinsic values of RSUs awarded during 2024 and 2023 were $475 thousand and $572 thousand, respectively. Aggregate intrinsic value of RSUs represents the applicable number of awards multiplied by the Company’s closing share price on the last trading day of the relevant fiscal period. The Company’s closing share price was $0.04 on September 30, 2024, and $0.07 on September 30, 2023.
Stock Options
We record compensation expense for the stock options based on the fair market value of the options as of the grant date.
The fair value for stock options granted during the twelve months ended September 30, 2024, was estimated at the date of grant using the Black-Scholes option pricing model with the following weighted average assumptions:
SCHEDULE OF STOCK OPTIONS WEIGHTED AVERAGE ASSUMPTIONS USED IN THE FAIR VALUE
| | | 2024 | |
| Risk-free interest rate | | | 4.36 | % |
| Dividend yield | | | 0.00 | % |
| Expected common stock market price volatility factor | | | 182.97 | % |
| Weighted average expected live of stock options (years) | | | 10.00 | |
The following table summarizes the activity of our stock options granted under the 2021 Plan during the year ended September 30, 2024. We did not grant stock options during the year ended September 30, 2023.
SCHEDULE OF STOCK OPTION OUTSTANDING TRANSACTIONS
| Outstanding Stock Option Grants | | Number of | |
| (In thousands) | | Stock Options | |
| Outstanding grants at September 30, 2023 | | | — | |
| Granted | | | 4,400 | |
| Vested | | | — | |
| Canceled/forfeited | | | (1,100 | ) |
| Outstanding grants at September 30, 2024 | | | 3,300 | |
Stock options were issued to our independent directors on June 10, 2024. Each of our four independent directors received 1.1 million stock options priced at $0.18 with a 3-year vesting period, expiring on June 10, 2034. One independent director resigned from our Board on June 18, 2024, resulting in the forfeiture of 1.1 million stock options.
The weighted-average remaining vesting period of stock options at September 30, 2024, was 2.67 years.
NOTE 16 – COMMITMENTS AND CONTINGENCIES
Litigation
We are currently not involved in any litigation that we believe could have a material adverse effect on its financial condition or results of operations.
Currently Pending Litigation
In April 2021, Eric Marquez, the former Secretary/Treasurer and Chief Financial Officer of Cipherloc Corporation, and certain other plaintiffs, filed a lawsuit against Cipherloc Corporation and Michael De La Garza, Cipherloc’s former Chief Executive Officer and President, in the 20th Judicial District for Hays County, Texas (Cause No. 20-0818) (“OLWM Matter”). The lawsuit alleges causes of action for fraud against Mr. De La Garza (for misrepresentations allegedly made by Mr. De La Garza); breach of contract, for alleged breaches of Mr. Marquez’s alleged oral employment agreement, which Mr. Marquez claims required Cipherloc pay him cash and shares of stock; unjust enrichment; quantum meruit; and rescission of certain stock purchases made by certain of the plaintiffs, as well as declaratory relief and fraud. Damages sought exceeded $1 million. We reached a preliminary agreement with the plaintiffs on November 13, 2024. A written settlement agreement was negotiated and circulated to the plaintiffs on November 25, 2024. The execution of the settlement agreement is in progress and, when complete, will trigger the formal dismissal of the lawsuit. The terms of the agreement require the Company to issue the plaintiffs a combined 356,400 shares of common stock and pay a total of $95 thousand in cash in six equal, quarterly installments of approximately $16 thousand beginning on January 1, 2025, and ending on April 1, 2026. We estimate the cost of the settlement fee paid as stock to be approximately $15 thousand using the closing price of our common stock at September 30, 2024. A total of $110 thousand of expense has been recognized in our results for the year ended September 30, 2024.
NOTE 17 - INCOME TAXES
We began filing consolidated federal and state income tax returns beginning for the tax year ended September 30, 2023. We have adopted the provisions related to accounting for uncertainty in income taxes, which defines a recognition threshold and measurement attribute for the financial statement recognition and measurement of a tax position taken or expected to be taken in a tax return. We have considered our tax positions and believe that all of the positions taken by us in our federal and state tax returns are more likely than not to be sustained upon examination.
We utilize the asset and liability method in accounting for income taxes. Under this method, deferred tax assets and liabilities are recognized for operating loss and tax credit carryforwards and for the future tax consequences attributable to differences between the financial statement carrying amounts of existing assets and liabilities and their respective tax bases. Deferred tax assets and liabilities are measured using enacted tax rates expected to apply to taxable income in the year in which those temporary differences are expected to be recovered or settled. The effect on deferred tax assets and liabilities of a change in tax rates is recognized in the results of operations in the period that includes the enactment date. A valuation allowance is recorded to reduce the carrying amounts of deferred tax assets unless it is more likely than not that the value of such assets will be realized.
The provision (benefit) for income taxes from continued operations for the years ended September 30, 2024, and 2023 consist of the following:
SCHEDULE OF PROVISION (BENEFIT) FOR INCOME TAXES FROM CONTINUED OPERATIONS
| (In thousands) | | 2024 | | | 2023 | |
| | | September 30, | |
| (In thousands) | | 2024 | | | 2023 | |
| Current: | | | | | | | | |
| Federal | | $ | — | | | $ | (136 | ) |
| State | | | 5 | | | | (32 | ) |
| Total | | $ | 5 | | | $ | (168 | ) |
| | | | | | | | | |
| Deferred: | | | | | | | | |
| Federal | | $ | — | | | $ | — | |
| State | | | — | | | | (211 | ) |
| Total | | | — | | | | (211 | ) |
| | | | | | | | | |
| Provision (benefit) for income taxes, net | | $ | 5 | | | $ | (379 | ) |
The difference between income tax expense computed by applying the federal statutory corporate tax rate and actual income tax expense is as follows:
SCHEDULE OF FEDERAL STATUTORY CORPORATE TAX RATE AND ACTUAL INCOME TAX EXPENSE
| | | September 30, | |
| | | 2024 | | | 2023 | |
| Statutory federal income tax rate | | | 21.00 | % | | | 21.00 | % |
| Non-deductible meals & entertainment | | | (0.27 | ) | | | (0.22 | ) |
| Non-deductible contingent consideration | | | — | | | | (1.89 | ) |
| Prior Year Adjustment | | | (12.88 | ) | | | 1.58 | |
| State tax | | | (26.91 | ) | | | 3.02 | |
| Loss of NOL due to statute | | | (36.65 | ) | | | — | |
| Change in valuation allowance | | | 55.71 | | | | (18.36 | ) |
| | | | | | | | | |
| Effective tax rate | | | 0.00 | % | | | 5.13 | % |
For the years ended September 30, 2024, and 2023, the difference between the amounts of income tax expense or benefit that would result from applying the statutory rates to pretax income to the reported income tax expense of $5 thousand for the year ended September 30, 2024 due to state income taxes payable to the jurisdictions in which we have nexus, and income tax benefit of $379 thousand for the year ended September 30, 2023.
Deferred income taxes result from temporary differences in the recognition of income and expenses for the financial reporting purposes and for tax purposes. The tax effect of these temporary differences representing deferred tax asset and liabilities result principally from the following:
Federal
SCHEDULE OF DEFERRED TAX ASSETS AND LIABILITIES
| | | 2024 | | | 2023 | |
| | | September 30, | |
| | | 2024 | | | 2023 | |
| Net operating loss carry forward | | $ | 7,190 | | | $ | 7,603 | |
| Intangible asset – not deductible for tax | | | — | | | | (1,038 | ) |
| AIPR&D capitalization | | | 188 | | | | 126 | |
| Other | | | 34 | | | | 7 | |
| Deferred compensation | | | 124 | | | | 38 | |
| Valuation allowance | | | (7,536 | ) | | | (6,736 | ) |
| Deferred income tax asset | | $ | — | | | $ | — | |
State
| | | 2024 | | | 2023 | |
| | | September 30, | |
| | | 2024 | | | 2023 | |
| Net operating loss carry forward | | $ | 230 | | | $ | 225 | |
| Intangible asset – not deductible for tax | | | — | | | | (218 | ) |
| Other | | | 90 | | | | 36 | |
| Valuation allowance | | | (320 | ) | | | (43 | ) |
| Deferred income tax asset | | $ | — | | | $ | — | |
The Company has a net operating loss carry forward of $34.2 million available to offset future taxable income, of which, $2.6 million will expire within the next five years, $10.9 million will expire thereafter, and the remaining $20.7 million will not expire. For income tax reporting purposes, the Company’s aggregate unused net operating losses were subject to the limitations of Section 382 of the Internal Revenue Code, as amended. The Company has adjusted the net operating losses incurred prior to 2015 to reflect only the losses not subject to limitation. The Company has provided for a valuation reserve against the net operating loss benefit, because in the opinion of management based upon the earning history of the Company, it is more likely than not that the benefits will not be realized. For income tax reporting purposes, Management has determined that net operating losses prior to February 5, 2015, are subject to an annual limitation of approximately $525 thousand.
Utilization of the pre-Business Combination net operating loss carryforwards (“pre-Combination NOL’s”) attributable to Cipherloc may become subject to a substantial annual limitation under Section 382 of the Internal Revenue Code of 1986 due to ownership changes occurred during the tax year associated with the Business Combination. In general, an ownership change, as defined by Section 382, results from transactions increasing the ownership of certain stockholders or public groups in the stock of a corporation by more than 50% over a three-year period. Future ownership changes may trigger Section 382 and therefore, substantially limit the amount of pre-Combination NOLs that can be utilized annually to offset future taxable income.
The Company is current on all its federal income tax filings. The Company is subject to IRS examinations for periods beginning after September 30, 2019, and all net operating losses we may use in future federal tax filings are subject to IRS examination.
NOTE 18 - SUBSEQUENT EVENTS
As stated in Note 16, we reached a preliminary agreement with the plaintiffs in the OLWM Matter on November 13, 2024. A written settlement agreement was circulated to the plaintiffs on November 25, 2024, and the execution of the settlement agreement in progress and, when complete, will trigger the formal dismissal of the lawsuit.
The Company has evaluated events through, December 12, 2024, the filing date of this Annual Report on Form 10-K, and determined that there have been no additional subsequent events that occurred that would require adjustments to our disclosures in the consolidated financial statements.
ITEM 9. CHANGES IN AND DISAGREEMENTS WITH ACCOUNTANTS ON ACCOUNTING AND FINANCIAL DISCLOSURE
None.
ITEM 9A. CONTROLS AND PROCEDURES
Our management is responsible for establishing and maintaining adequate “disclosure controls and procedures,” as defined in Rules 13a-15(e) and 15d-15(e) under the Exchange Act, that are designed to ensure that information required to be disclosed by us in reports that we file or submit under the Exchange Act is recorded, processed, summarized, and reported within the time periods specified in the SEC’s rules and forms, and that such information is accumulated and communicated to our principal executive officer to allow timely decisions regarding required disclosure. Disclosure controls and procedures include, without limitation, controls and procedures designed to ensure that information required to be disclosed in our reports filed or submitted under the Exchange Act is accumulated and communicated to our management, including our Chief Executive Officer (“CEO”) and Chief Financial Officer (“CFO”), to allow timely decisions regarding required disclosure. In designing and evaluating our disclosure controls and procedures, the Company recognized that disclosure controls and procedures, no matter how well conceived and operated, can provide only reasonable assurance of achieving the desired control objectives, and we necessarily are required to apply our judgment in evaluating the cost-benefit relationship of possible disclosure controls and procedures.
Evaluation of Disclosure Controls and Procedures
As of September 30, 2024, our management, with the participation of our Chief Executive Officer and Chief Financial Officer, evaluated the effectiveness of our disclosure controls and procedures (as defined in Rules 13a-15(e) and 15d-15(e) under the Exchange Act). Our CEO and CFO have concluded, based upon the evaluation described above, that, as of September 30, 2024, our disclosure controls and procedures were not effective at the reasonable assurance level because of the material weaknesses discussed below.
Notwithstanding the material weakness in internal control over financial reporting described below, our management has concluded that our consolidated financial statements included in this Form 10-K are fairly stated in all material respects in accordance with GAAP.
Material Weaknesses
A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of a company’s annual or interim financial statements will not be prevented or detected on a timely basis.
In connection with the preparation of our audited financial statements for the year ended September 30, 2023, we identified material weaknesses in our internal controls over financial reporting, as of September 30, 2023. These material weaknesses had not been fully remediated as of September 30, 2024. The material weaknesses identified related to the fact that we did not design and maintain accounting policies, procedures and controls to ensure complete, accurate and timely financial reporting in accordance with U.S. GAAP. Specifically, the material weaknesses identified included the following:
| | ● | Did not design and maintain formal accounting policies, procedures and controls to achieve complete, accurate and timely financial accounting, reporting and disclosures, including controls over the preparation and review of account reconciliations, journal entries and classification of certain costs; |
| | ● | We had not developed and effectively communicated to our employees our accounting policies and procedures, which resulted in inconsistent practices. Since these entity level programs have a pervasive effect across the organization, management has determined that these circumstances constitute a material weakness; |
| | ● | We do not have sufficient, qualified finance and accounting staff with the appropriate U.S. GAAP technical accounting expertise to identify, evaluate and account for accounting and financial reporting, and effectively design and implement systems and processes that allow for the timely production of accurate financial information in accordance with internal financial reporting timelines. As a result, we did not design and maintain formal accounting policies, processes and controls related to complex transactions necessary for an effective financial reporting process; and |
| | ● | As a high-growth, smaller reporting company that became responsible for listed financial reporting, we have a limited staff and budget available to adequately test and monitor the effectiveness of certain internal controls. |
Remediation Plan
Our management is actively engaged and committed to taking the steps necessary to remediate the control deficiencies that constituted the material weaknesses. During fiscal year 2024, we made the following enhancement to our control environment:
| | ● | We continued documenting accounting policies, procedures and controls to achieve complete, accurate, and timely financial accounting, reporting and disclosures including controls over the preparation and review of account reconciliations, journal entries and classification of certain costs; and |
Our remediation activities will continue during fiscal year 2025. In addition to the above actions, we expect to engage in additional activities, including, but not limited to:
| | ● | Hiring additional qualified accounting staff to enable additional separation of duties; |
| | ● | Engaging external consultants to provide support and to assist us in our evaluation of more complex applications of GAAP, and to assist us with documenting and assessing our accounting policies and procedures until we have sufficient technical accounting resources; |
| | ● | Implementing business process-level controls across all significant accounts and information technology general controls across all relevant systems. This includes providing training for control owners that will present expectations as it relates to the control design, execution and monitoring of such controls, including enhancements to the documentation to evidence the execution of the controls; and |
We continue to enhance corporate oversight over process-level controls and structures to ensure that there is appropriate assignment of authority, responsibility, and accountability to enable remediation of our material weaknesses. We believe that our remediation plan will be sufficient to remediate the identified material weaknesses and strengthen our controls. As we continue to evaluate, and work to improve our controls, management may determine that additional measures to address control deficiencies or modifications to the remediation plan are necessary.
While we have performed certain remediation activities to strengthen our controls to address the identified material weaknesses, control weaknesses are not considered remediated until new internal controls have been operational for a period of time, are tested, and management concludes that these controls are operating effectively. We will continue to monitor the effectiveness of our remediation measures in connection with our future assessments of the effectiveness of internal control over financial reporting and disclosure controls and procedures, and we will make any changes to the design of our plan and take such other actions that we deem appropriate given the circumstances.
Management’s Annual Report on Internal Control over Financial Reporting
We are engaged in the process of design and implementation of our internal control over financial reporting in a manner commensurate with the scale of our operations subsequent to the Business Combination, including the enhancement of our internal and external technical accounting resources (as well as to address the material weaknesses discussed above). However, the design of internal control over financial reporting for our company post-business combination has required and will continue to require significant time and resources from management and other personnel. As a result, management was unable, without incurring unreasonable effort or expense to fully assess our internal control over financial reporting as of September 30, 2024.
Changes in Internal Control over Financial Reporting
There have been no changes in the Company’s internal control over financial reporting (as defined in Rules 13a-15(f) and 15d-15(f) under the Exchange Act) during the fiscal year ended September 30, 2024 covered by this Form 10-K that have materially affected, or are reasonably likely to materially affect, the Company’s internal control over financial reporting, other than described herein. We are continuing to take steps to remediate the material weakness in our internal control over financial reporting, as discussed above.
Inherent Limitation on the Effectiveness of Internal Control
Readers are cautioned that internal control over financial reporting, no matter how well designed, has inherent limitations and may not prevent or detect misstatements. Therefore, even effective internal control over financial reporting can only provide reasonable assurance with respect to the financial statement preparation and presentation.
This annual report does not include an attestation report of the Company’s registered public accounting firm regarding internal control over financial reporting. Management’s report was not subject to attestation by the Company’s registered public accounting firm pursuant to rules of the Securities and Exchange Commission that permit the Company to provide only management’s report in this annual report.
ITEM 9B. OTHER INFORMATION
None.
ITEM 9C. DISCLOSURE REGARDING FOREIGN JURISDICTIONS THAT PREVENT INSPECTIONS
None.
PART III
ITEM 10. DIRECTORS, EXECUTIVE OFFICERS, AND CORPORATE GOVERNANCE
Information regarding directors and executive officers of the Company, as well as the required disclosures with respect to the Company’s audit committee financial expert, is incorporated herein by reference to the information included in our Proxy Statement for our next Annual Meeting of Stockholders which will be filed with the SEC within 120 days after the end of our fiscal year 2024.
The Company has adopted a Code of Ethics that applies to all of our directors, officers and employees, including our Chief Executive Officer and Chief Financial Officer. The complete text of this Code of Ethics is available on the SEC’s EDGAR system as described in Part IV, Item 15 of this Form 10-K.
ITEM 11. EXECUTIVE COMPENSATION
Information regarding executive compensation of our directors and officers, is incorporated herein by reference to the information included in our Proxy Statement for our next Annual Meeting of Stockholders which will be filed with the SEC within 120 days after the end of our fiscal year 2024.
ITEM 12. SECURITY OWNERSHIP OF CERTAIN BENEFICIAL OWNERS AND MANAGEMENT AND RELATED STOCKHOLDER MATTERS
Information regarding security ownership of certain beneficial owners and management and the Company’s equity compensation plans are incorporated herein by reference to the information included in our Proxy Statement for our next Annual Meeting of Stockholders which will be filed with the SEC within 120 days after the end of our fiscal year 2024.
ITEM 13. CERTAIN RELATIONSHIPS AND RELATED TRANSACTIONS, AND DIRECTOR INDEPENDENCE
Information regarding certain relationships and related transactions and director independence is incorporated herein by reference to the information included in our Proxy Statement for our next Annual Meeting of Stockholders which will be filed with the SEC within 120 days after the end of our fiscal year 2024.
ITEM 14. PRINCIPAL ACCOUNTANT FEES AND SERVICES
Information regarding principal accounting fees and services is incorporated herein by reference to the information included in our Proxy Statement for our next Annual Meeting of Stockholders which will be filed with the SEC within 120 days after the end of our fiscal year 2024.
PART IV
ITEM 15. EXHIBITS AND FINANCIAL STATEMENT SCHEDULES
| (a) | Documents filed as part of this report: |
| | |
| | 1. | Financial Statements |
| | | |
| | The financial statements and schedules required by this Item 15 are set forth in Part II, Item 8 of this Form 10-K. |
| (b) | Exhibits. The following exhibits are filed as a part of this report: |
Exhibit Number | | Description of Document |
| | | |
| 2.1 | | Agreement and Plan of Merger by and between Cipherloc Corporation, a Texas corporation and Cipherloc Corporation, a Delaware corporation (incorporated by reference to Exhibit 2.1 to Current Report on Form 8-K filed September 17, 2021). |
| 3.1 | | Certificate of Incorporation of Cipherloc Corporation, a Delaware corporation (incorporated by reference to Exhibit 3.1 to the Company’s Current Report on Form 8-K filed on September 30, 2021). |
| 3.2 | | Bylaws (incorporated by reference to Exhibit 3.2 to the Company’s Current Report on Form 8-K, filed on September 30, 2021). |
| 3.3 | | Certificate of Amendment of Certificate of Incorporation of the Company (incorporated by reference to Exhibit 3.2 to the Company’s Current Report on Form 8-K filed July 6, 2022). |
| 3.4 | | Certificate of Designation of Series A Preferred Stock (incorporated by reference to Exhibit 3.1 to the Company’s Current Report on Form 8-K filed July 6, 2022). |
| 4.1 | | Description of the Registrant’s Securities Registered Pursuant to Section 12 of the Securities Exchange Act of 1934 (filed herewith). |
| 10.1 | | Form of Securities Purchase Agreement between Cipherloc, a Texas corporation and the several purchasers of the Company’s units (incorporated by reference to Exhibit 10.1 to the Company’s Current Report on Form 8-K filed on April 8, 2021). |
| 10.2 | | Form of Registration Rights Agreement dated March 31, 2021 (incorporated by reference to Exhibit 10.2 to the Company’s Current Report on Form 8-K filed on April 8, 2021). |
| 10.3 | | Form of Lockup Agreement between Cipherloc Corporation, a Texas corporation and the several purchasers of the Company’s Units (incorporated by reference to Exhibit 10.3 to the Company’s Current Report on Form 8-K filed on April 8, 2021). |
| 10.4 | | Placement Agent Agreement between Cipherloc Corporation, a Texas corporation and Paulsen Investment Company, LLC related to the Company’s sole of Units incorporated by reference to Exhibit 10.4. |
| 10.5 | | Indemnification Agreement by and between the Company and Paulson Investment Company, LLC (incorporated by reference to Exhibit 10.5 to the Company’s Current Report on Form 8-K filed on April 8, 2021). |
| 10.6 | | Letter Agreement with Paulson Investment Company, LLC (incorporated by reference to Exhibit 10.1 to the Company’s Current Report on Form 8-K filed on July 28, 2021). |
| 10.9† | | Ryan Polk Executive Employment Agreement (incorporated by reference to Exhibit 10.1 to the Company’s Current Report on Form 8-K filed on October 12, 2021). |
| 10.10† | | 2021 Omnibus Equity Incentive Plan approved by the Company’s stockholders at the 2021 Annual Meeting held September 13, 2021 (incorporated by reference to Appendix A to the Company’s Definitive Proxy Statement filed on July 20, 2021). |
| 10.12 | | Purchase Agreement between the Company and SideChannel, Inc. and The Sellers Therein and Brian Haugli, as the Seller Representative (incorporated by reference to Exhibit 10.1 to the Company’s Current Report on Form 8-K filed May 18, 2022). |
| 10.13† | | Brian Haugli Executive Employment Agreement (incorporated by reference to Exhibit 10.1 to the Company’s Current Report on Form 8-K filed on July 6, 2022). |
| 10.14 | | Independent Contractor Agreement by and between the Company and Thomas Wilkinson (Thomas W. Wilkinson, CPA, PLLC) dated December 28, 2022 (incorporated by reference to Exhibit 10.1 to the Company’s Current Report on Form 8-K filed on December 30, 2022). |
| 10.15† | | Ryan Polk 2023 Compensation Change Authorization (incorporated by reference to Exhibit 10.1 to the Company’s Current Report on Form 8-K filed on May 5, 2023). |
| 10.16 | | Offer to Exchange Common Stock for Certain Outstanding Warrants, dated August 21, 2023 (incorporated by reference to Exhibit (a)(1)(A) to the Schedule TO filed on August 22, 2023). |
| 10.17 | | Notice of Extension of the Offer to the Holders of the Warrants, dated September 19, 2023 (incorporated by reference to Exhibit (a)(1)(I) to the Schedule TO Amendment No. 2 filed on September 20, 2023. |
| 10.18 | | Notice of Withdrawal of the Offer to the Holders of Warrants, dated November 3, 2023 (incorporated by reference to Exhibit (a)(1)(J) to the Schedule TO Amendment No. 3 filed on November 3, 2023). |
| 10.19 | | Offer to Exchange Common Stock for Certain Outstanding Warrants, dated November 6, 2023 (incorporated by reference to Exhibit (a)(1)(A) to the Schedule TO filed on November 7, 2023). |
| 10.20 | | 2023 Common Stock Purchase Warrant as Amended on November 14, 2023, dated November 14, 2023 (incorporated by reference to Exhibit (a)(1)(F) to the Schedule TO Amendment No. 1 filed on November 14, 2023). |
| 10.21 | | Offer to Exchange Common Stock and New Warrants for 2021 Investor Warrants and Amended on December 1, 2023 (incorporated by reference to Exhibit (a)(1)(H) to the Schedule TO Amendment No. 2 filed on December 4, 2023). |
| 14.1 | | Code of Ethics for Directors, Officers and Employees of SideChannel and its Affiliates, dated August 8, 2019 (incorporated by reference to Exhibit 14.1 to the Company’s Current Report on Form 8-K, filed on August 12, 2019). |
| 21.1 | | Subsidiaries of the Registrant. |
| 23.1* | | Consent of Independent Registered Public Accounting Firm. |
| 24.1* | | Power of Attorney (included on signature page) |
† Indicates management or compensatory plan or arrangement
* Filed herewith
** Furnished herewith
EXHIBIT 16. FORM 10-K SUMMARY
None
SIGNATURES
In accordance with Section 13 or 15(d) of the Securities Exchange Act of 1934, the Registrant has duly caused this report to be signed on its behalf by the undersigned, there unto duly authorized.
| | SideChannel, Inc. |
| | | |
| Date: December 12, 2024 | By: | /s/ Brian Haugli |
| | | Brian Haugli |
| | | President and Chief Executive Officer |
| | | |
| Date: December 12, 2024 | By: | /s/ Ryan Polk |
| | | Ryan Polk |
| | | Chief Financial Officer |
POWER OF ATTORNEY
Each person whose signature appears below hereby appoints Brian Haugli and Ryan Polk, and each of them, as attorney-in-fact with full power of substitution to execute in the name and on behalf of the registrant and each such person, individually and in each capacity stated below, one or more amendments to the annual report on Form 10-K, which amendments may make such changes in the report as the attorney-in-fact acting deems appropriate and to file any such amendment to the annual report on Form 10-K with the Securities and Exchange Commission. Pursuant to the requirements of the Securities Exchange Act of 1934, this report has been signed below by the following persons on behalf of the registrant and in the capacities and on the dates indicated.
In accordance with the Securities Exchange Act of 1934, this report has been signed below by the following persons on behalf of the Company and in the capacities and on the dates indicated.
| Date: December 12, 2024 | By: | /s/ Brian Haugli |
| | | Brian Haugli |
| | | President, Chief Executive Officer, and Director (principal executive officer) |
| | | |
| Date: December 12, 2024 | By: | /s/ Ryan Polk |
| | | Ryan Polk |
| | | Chief Financial Officer (principal financial officer and principal accounting officer) |
| | | |
| Date: December 12, 2024 | By: | /s/ Deborah MacConnel |
| | | Deborah MacConnel |
| | | Chairwoman of the Board |
| | | |
| Date: December 12, 2024 | By: | /s/ Robert Brown |
| | | Robert Brown |
| | | Director |
| | | |
| Date: December 12, 2024 | By: | /s/ Nick Hnatiw |
| | | Nick Hnatiw |
| | | Chief Technology Officer and Director |
| | | |
| Date: December 12, 2024 | By: | /s/ Hugh Regan, Jr. |
| | | Hugh Regan, Jr. |
| | | Director |
