10-Q 1 cblk-20190331x10q.htm 10-Q cblk_Current_Folio_10Q

 

 

 

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

WASHINGTON, DC 20549

 

FORM 10-Q

 

 

 

 

QUARTERLY REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

 

For the quarterly period ended March 31, 2019

OR

 

 

 

TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

 

For the transition period from______to_____.

Commission File Number: 001-38478

CARBON BLACK, INC.

(Exact Name of Registrant as Specified in its Charter)

 

 

 

 

Delaware

    

55-0810166

(State or other jurisdiction of

 

(I.R.S. Employer

incorporation or organization)

 

Identification No.)

 

 

 

1100 Winter Street

 

 

Waltham, MA

 

02451

(Address of principal executive offices)

 

(Zip Code)

 

(617) 393-7400

(Registrant’s telephone number, including area code)

Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes       No   

Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§ 232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). Yes       No   

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company” and “emerging growth company” in Rule 12b-2 of the Exchange Act.

 

 

 

 

 

 

 

Large accelerated filer

    

 

    

Accelerated filer

Non-accelerated filer

 

 

 

Small reporting company

Emerging growth company

 

 

 

 

 

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. 

Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act). Yes         No    

 

Securities registered pursuant to Section 12(b) of the Act:

 

 

 

Title of each class

Trading Symbol(s)

Name of each exchange on which registered

Common Stock, par value $0.001 per share

CBLK

The Nasdaq Global Select Market

 

There were 71,569,406 shares of the registrant’s common stock with a par value of $0.001 per share, outstanding as of April 30, 2019.

 

 

 

 

 

CARBON BLACK, INC.

QUARTERLY REPORT ON FORM 10-Q FOR THE QUARTERLY PERIOD ENDED

MARCH 31, 2019

 

TABLE OF CONTENTS

PART I  — FINANCIAL INFORMATION 

 

 

 

 

 

 

Item 1. 

Financial Statements

 

 

 

Consolidated Balance Sheets as of March 31, 2019 and December 31, 2018 (Unaudited)

 
3

 

Consolidated Statements of Operations for the Three Months Ended March 31, 2019 and 2018 (Unaudited)

 
4

 

Consolidated Statements of Comprehensive Loss for the Three Months Ended March 31, 2019 and 2018 (Unaudited)

 
5

 

Consolidated Statements of Redeemable Convertible and Convertible Preferred Stock and Stockholders’ Equity (Deficit) for the Three Months Ended March 31, 2019 and 2018 (Unaudited)

 
6

 

Consolidated Statements of Cash Flows for the Three Months Ended March 31, 2019 and 2018 (Unaudited)

 
7

 

Condensed Notes to the Consolidated Financial Statements (Unaudited)

 
8

 

 

 

 

Item 2.  

Management’s Discussion and Analysis of Financial Condition and Results of Operations

 
24

Item 3.  

Quantitative and Qualitative Disclosures About Market Risk

 
38

Item 4.  

Controls and Procedures

 
38

 

 

 

 

PART II — OTHER INFORMATION 

 

 

 

 

 

 

Item 1.  

Legal Proceedings

 
39

Item 1A. 

Risk Factors

 
39

Item 2.  

Unregistered Sales of Equity Securities and Use of Proceeds

 
63

Item 3. 

Defaults upon Senior Securities

 
63

Item 4. 

Mine Safety Disclosures

 
63

Item 5. 

Other Information

 
63

Item 6.  

Exhibits

 
64

Signatures 

 

 
65

 

 

 

2

 

PART I – FINANCIAL INFORMATION

ITEM 1. FINANCIAL STATEMENTS

CARBON BLACK, INC.

CONSOLIDATED BALANCE SHEETS

(UNAUDITED)

 

 

 

 

 

 

 

March 31, 

 

December 31, 

(In thousands, except share and per share amounts)

2019

    

2018

Assets

 

 

 

 

 

Current assets:

 

 

 

 

 

Cash and cash equivalents

$

72,880

 

$

67,868

Short-term investments

 

80,399

 

 

92,770

Accounts receivable, net of allowances of $210 and $300, as of March 31, 2019 and December 31, 2018, respectively

 

43,870

 

 

62,555

Prepaid expenses and other current assets

 

9,397

 

 

8,751

Deferred commissions

 

13,680

 

 

13,078

Total current assets

 

220,226

 

 

245,022

Deferred commissions, net of current portion

 

25,397

 

 

25,076

Property and equipment, net

 

13,253

 

 

14,370

Operating lease right-of-use assets

 

14,931

 

 

 —

Intangible assets, net

 

2,204

 

 

2,529

Goodwill

 

119,656

 

 

119,656

Deferred tax asset

 

483

 

 

483

Other-long term assets

 

560

 

 

601

Total assets

$

396,710

 

$

407,737

Liabilities:

 

 

 

 

 

Current liabilities:

 

  

 

 

  

Accounts payable

$

4,846

 

$

4,663

Accrued expenses

 

13,901

 

 

20,669

Deferred revenue

 

146,912

 

 

152,522

Deferred rent

 

 —

 

 

1,216

Operating lease short-term liability

 

5,339

 

 

 —

Total current liabilities

 

170,998

 

 

179,070

Deferred revenue, net of current portion

 

36,296

 

 

40,371

Deferred rent, net of current portion

 

 —

 

 

2,651

Operating lease long-term liability

 

13,344

 

 

 —

Deferred tax liability

 

49

 

 

49

Other long-term liabilities

 

28

 

 

42

Total liabilities

 

220,715

 

 

222,183

Commitments and contingencies (Note 10)

 

  

 

 

  

Stockholders' equity:

 

 

 

 

 

Common stock, $0.001 par, 500,000,000 shares authorized:

 

 

 

 

 

71,396,964 and 69,738,599 shares issued, and 71,341,560 and 69,683,195 shares outstanding,as of March 31, 2019 and December 31, 2018, respectively

 

71

 

 

70

Treasury stock, at cost, 55,404 shares as of March 31, 2019 and December 31, 2018, respectively

 

(6)

 

 

(6)

Additional paid-in capital

 

733,129

 

 

723,051

Accumulated other comprehensive loss

 

 —

 

 

(49)

Accumulated deficit

 

(557,199)

 

 

(537,512)

Total stockholders' equity

 

175,995

 

 

185,554

Total liabilities and stockholders' equity

$

396,710

 

$

407,737

 

 

 

 

See accompanying condensed notes to the consolidated financial statements.

3

 

CARBON BLACK, INC.

CONSOLIDATED STATEMENTS OF OPERATIONS

(UNAUDITED)

 

 

 

 

 

 

 

 

 

 

Three Months Ended March 31, 

(In thousands, except share and per share amounts)

    

2019

    

2018

Revenue:

 

 

  

 

 

  

Subscription, license and support

 

$

56,294

 

$

45,391

Services

 

 

2,262

 

 

3,043

Total revenue

 

 

58,556

 

 

48,434

Cost of revenue:

 

 

 

 

 

 

Subscription, license and support

 

 

10,502

 

 

7,212

Services

 

 

2,523

 

 

3,003

Total cost of revenue

 

 

13,025

 

 

10,215

Gross profit

 

 

45,531

 

 

38,219

Operating expenses:

 

 

 

 

 

 

Sales and marketing

 

 

39,410

 

 

30,678

Research and development

 

 

18,377

 

 

14,922

General and administrative

 

 

8,088

 

 

10,426

Total operating expenses

 

 

65,875

 

 

56,026

Loss from operations

 

 

(20,344)

 

 

(17,807)

Other income (expense), net:

 

 

 

 

 

 

Interest income

 

 

859

 

 

68

Interest expense

 

 

(31)

 

 

(23)

Change in fair value of warrant liability

 

 

 —

 

 

(2,881)

Other income (expense), net

 

 

(105)

 

 

120

Total other income (expense), net

 

 

723

 

 

(2,716)

Loss before income taxes

 

 

(19,621)

 

 

(20,523)

Provision for income taxes

 

 

66

 

 

71

Net loss

 

 

(19,687)

 

 

(20,594)

Accretion of preferred stock to redemption value

 

 

 —

 

 

(40,039)

Net loss attributable to common stockholders

 

$

(19,687)

 

$

(60,633)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Net loss per share attributable to common stockholders—basic and diluted

 

$

(0.28)

 

$

(5.38)

Weighted-average common shares outstanding—basic and diluted

 

 

70,474,542

 

 

11,264,252

 

 

 

 

 

 

 

 

See accompanying condensed notes to the consolidated financial statements.

4

 

CARBON BLACK, INC.

CONSOLIDATED STATEMENTS OF COMPREHENSIVE LOSS

(UNAUDITED)

 

 

 

 

 

 

 

Three Months Ended March 31, 

(In thousands)

2019

 

2018

Net loss

$

(19,687)

 

$

(20,594)

Other comprehensive income (loss), net of related taxes:

 

 

 

 

 

Net unrealized gains (losses) on available-for-sale securities, net of related taxes of zero

 

49

 

 

 -

Other comprehensive income (loss)

 

49

 

 

 -

Total comprehensive loss

$

(19,638)

 

$

(20,594)

 

 

 

 

 

 

 

 

 

 

 

 

 

See accompanying condensed notes to the consolidated financial statements.

 

 

5

 

CARBON BLACK, INC.

CONSOLIDATED STATEMENTS OF REDEEMABLE CONVERTIBLE AND CONVERTIBLE PREFERRED STOCK AND STOCKHOLDERS’ EQUITY (DEFICIT)

(UNAUDITED)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Redeemable

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Accumulated

 

 

 

 

 

 

 

 

Convertible

 

Convertible

 

 

 

 

 

 

 

 

 

 

 

 

Additional

 

Other

 

 

 

 

Total

 

 

Preferred Stock

 

Preferred Stock

 

 

Common Stock

 

Treasury Stock

 

Paid-in

 

Comprehensive

 

Accumulated

 

Stockholders'

(In thousands, except share amounts)

   

Shares

    

Amount

    

Shares

    

Amount

  

  

Shares

 

Amount

    

Shares

    

Amount

    

Capital

 

Loss

    

Deficit

    

Equity (Deficit)

Balance at December 31, 2017

 

88,741,194

 

$

333,204

 

3,851,806

 

$

1,510

 

 

11,139,690

 

$

11

 

53,676

 

$

(6)

 

$

13,429

 

$

 —

 

$

(273,513)

 

$

(260,079)

Net loss

 

 

 

 

 —

 

 

 —

 

 

 —

 

 

 —

 

 —

 

 

 —

 

 

 —

 

 

 —

 

 

(20,594)

 

 

(20,594)

Exercise of Series A stock options

 

 

 

 

185,063

 

 

89

 

 

 —

 

 

 —

 

 —

 

 

 —

 

 

 —

 

 

 —

 

 

 —

 

 

 —

Exercise of common stock options

 

 

 

 

 —

 

 

 —

 

 

274,840

 

 

 —

 

 —

 

 

 —

 

 

976

 

 

 —

 

 

 —

 

 

976

Stock-based compensation expense

 

 

 

 

 —

 

 

 —

 

 

 —

 

 

 —

 

 —

 

 

 —

 

 

2,389

 

 

 —

 

 

 —

 

 

2,389

Accretion of redeemable convertible preferred stock to redemption value

 

 

 

40,039

 

 —

 

 

 —

 

 

 —

 

 

 —

 

 —

 

 

 —

 

 

(16,794)

 

 

 —

 

 

(23,245)

 

 

(40,039)

Repurchase of common stock

 

 

 

 

 —

 

 

 —

 

 

(1,728)

 

 

 —

 

1,728

 

 

 —

 

 

 —

 

 

 —

 

 

 —

 

 

 —

Balance at March 31, 2018

 

88,741,194

 

$

373,243

 

4,036,869

 

$

1,599

 

 

11,412,802

 

$

11

 

55,404

 

$

(6)

 

$

 —

 

$

 —

 

$

(317,352)

 

$

(317,347)

Balance at December 31, 2018

 

 —

 

$

 —

 

 —

 

$

 —

 

 

69,683,195

 

$

70

 

55,404

 

$

(6)

 

$

723,051

 

$

(49)

 

$

(537,512)

 

$

185,554

Net loss

 

 —

 

 

 —

 

 —

 

 

 —

 

 

 —

 

 

 —

 

 —

 

 

 —

 

 

 —

 

 

 —

 

 

(19,687)

 

 

(19,687)

Exercise of common stock options

 

 —

 

 

 —

 

 —

 

 

 —

 

 

1,535,993

 

 

 1

 

 —

 

 

 —

 

 

6,225

 

 

 —

 

 

 —

 

 

6,226

Vesting of restricted stock units, net of shares withheld for employee taxes

 

 —

 

 

 —

 

 —

 

 

 —

 

 

122,372

 

 

 —

 

 —

 

 

 —

 

 

(351)

 

 

 —

 

 

 —

 

 

(351)

Stock-based compensation expense

 

 —

 

 

 —

 

 —

 

 

 —

 

 

 —

 

 

 —

 

 —

 

 

 —

 

 

4,204

 

 

 —

 

 

 —

 

 

4,204

Unrealized gain (loss) on available-for-sale securities

 

 —

 

 

 —

 

 —

 

 

 —

 

 

 —

 

 

 —

 

 —

 

 

 —

 

 

 —

 

 

49

 

 

 —

 

 

49

Balance at March 31, 2019

 

 —

 

$

 —

 

 —

 

$

 —

 

 

71,341,560

 

$

71

 

55,404

 

$

(6)

 

$

733,129

 

$

 —

 

$

(557,199)

 

$

175,995

 

 

 

 

 

 

 

 

 

 

See accompanying condensed notes to the consolidated financial statements.

 

 

6

 

CARBON BLACK, INC.

CONSOLIDATED STATEMENTS OF CASH FLOWS

(UNAUDITED)

 

 

 

 

 

 

 

 

Three Months Ended March 31,

(In thousands)

2019

 

2018

Cash flows from operating activities:

 

 

 

 

 

Net loss

$

(19,687)

 

$

(20,594)

Adjustments to reconcile net loss to net cash used in operating activities:

 

 

 

 

 

Depreciation and amortization expense

 

2,124

 

 

1,905

Stock-based compensation expense

 

4,204

 

 

2,389

Provisions for doubtful accounts

 

(41)

 

 

19

Non-cash interest expense

 

16

 

 

 9

Change in fair value of warrant liability

 

 —

 

 

2,881

Deferred income taxes

 

 —

 

 

 4

Other non-cash income

 

(383)

 

 

 —

Changes in operating assets and liabilities:

 

 

 

 

 

Accounts receivable

 

18,726

 

 

24,031

Prepaid expenses and other assets

 

(893)

 

 

(1,861)

Deferred commissions

 

(923)

 

 

(494)

Accounts payable

 

236

 

 

25

Accrued expenses

 

(7,482)

 

 

(2,305)

Deferred revenue

 

(9,686)

 

 

(6,703)

Deferred rent

 

 —

 

 

(82)

Operating leases right-of-use assets

 

1,088

 

 

 —

Operating leases liability

 

(1,202)

 

 

 —

Other long-term liabilities

 

(13)

 

 

(1)

Net cash used in operating activities

 

(13,916)

 

 

(777)

Cash flows from investing activities:

 

 

 

 

 

Purchases of short-term investments

 

(15,897)

 

 

 —

Sale and maturities of short-term investments

 

28,700

 

 

 —

Purchases of property and equipment

 

(577)

 

 

(1,495)

Capitalization of internal-use software costs

 

(160)

 

 

(293)

Net cash provided by (used in) investing activities

 

12,066

 

 

(1,788)

Cash flows from financing activities:

 

 

 

 

 

Proceeds from exercise of stock options

 

6,546

 

 

1,065

Payments of deferred financing costs

 

(47)

 

 

(47)

Taxes paid related to net share settlement of equity awards

 

(351)

 

 

 —

Proceeds from employee stock purchase plan

 

714

 

 

 —

Payments of initial public offering costs

 

 —

 

 

(840)

Net cash provided by financing activities

 

6,862

 

 

178

Net increase (decrease) in cash and cash equivalents

 

5,012

 

 

(2,387)

Cash and cash equivalents at beginning of period

 

67,868

 

 

36,073

Cash and cash equivalents at end of period

$

72,880

 

$

33,686

 

 

 

 

 

 

Supplemental disclosure of non-cash investing and financing activities:

 

 

 

 

 

Accretion of preferred stock to redemption value

$

 —

 

$

40,039

Additions to property and equipment included in accounts payable at period end

$

189

 

$

353

Deferred offering costs included in accounts payable at period end

$

 —

 

$

546

 

 

See accompanying condensed notes to the consolidated financial statements.

 

 

7

 

Table of Contents

CARBON BLACK

CONDENSED NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS

(UNAUDITED)

 

8

 

Table of Contents

CARBON BLACK

CONDENSED NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS

(UNAUDITED)

 

NOTE 1. OVERVIEW AND BASIS OF PRESENTATION

Overview

Carbon Black, Inc. (the “Company,” ”we,” “us,” “our”) is a leader in cloud endpoint protection. The Company’s solutions enable customers to predict, prevent, detect, respond to and remediate cyber attacks before they cause a damaging incident or data breach. The Company was incorporated under the laws of the State of Delaware in December 2002 as Bit 9, Inc. and in April 2005 changed its name to Bit9, Inc. In January 2016, the Company amended its certificate of incorporation to change its name to Carbon Black, Inc.

The company is headquartered in Waltham, Massachusetts. The Company has wholly owned subsidiaries in the United States, the United Kingdom, Singapore, Australia, Canada, Malaysia and Japan.

Reverse Stock Split

On April 20, 2018, the Company effected a 1-for-2 reverse stock split of its issued and outstanding shares of common stock and a proportional adjustment to the existing conversion ratios of Company’s Series B, Series C, Series D, Series E, Series E-1 and Series F preferred stock. Accordingly, all share and per share amounts for all periods presented in the accompanying consolidated financial statements and notes thereto have been adjusted retroactively, where applicable, to reflect this reverse stock split and adjustment of the preferred stock conversion ratios.

Initial Public Offering

On May 8, 2018, the Company closed its initial public offering (“IPO”), in which it issued and sold 9,200,000 shares of common stock inclusive of the underwriters’ option to purchase additional shares that was exercised in full. The price to the public was $19.00 per share. The Company received aggregate proceeds of $162.6 million from the IPO, net of underwriters’ discounts and commissions, and before deducting offering costs of approximately $4.9 million. Upon the closing of the IPO, all shares of the Company’s outstanding redeemable convertible and convertible preferred stock automatically converted into 46,079,623 shares of common stock. Additionally, an outstanding warrant which became exercisable upon the closing of the IPO was exercised to purchase 485,985 shares of common stock.

Basis of Presentation

The accompanying consolidated financial statements have been prepared by us in accordance with accounting principles generally accepted in the United States (“GAAP”), as well as pursuant to the rules and regulations of the Securities and Exchange Commission (SEC), regarding interim financial reporting. Accordingly, certain information and note disclosures normally included in the financial statements prepared in accordance with GAAP have been condensed or omitted pursuant to such rules and regulations. These consolidated financial statements should be read in conjunction with the financial information included in our Annual Report on Form 10-K for 2018 filed with the SEC on March 8, 2019 (“2018 Form 10-K”).

The consolidated financial statements include our results of operations and those of our wholly-owned subsidiaries and reflect all adjustments which are, in the opinion of management, necessary for a fair statement of results for the interim periods presented. All intercompany transactions and balances have been eliminated in consolidation.

Certain previously reported amounts presented in this Quarterly Report on Form 10-Q (“Form 10-Q”) may be reclassified to conform to current-period presentation. Events occurring subsequent to the date of our consolidated balance sheet were evaluated for potential recognition or disclosure in our consolidated financial statements through the date we filed this Form 10-Q with the SEC.

Use of Estimates

The preparation of consolidated financial statements in conformity with GAAP requires management to make estimates and assumptions that may materially affect the reported amounts of assets, liabilities, equity, revenue and expenses. As a result of unanticipated events or circumstances, actual results could differ from those estimates, and such differences may be material to the consolidated financial statements. For additional information about our use of estimates refer to “Critical Accounting Policies” included under management’s discussion and analysis in our 2018 Form 10-K.

Significant Accounting Policies

9

 

Table of Contents

CARBON BLACK

CONDENSED NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS

(UNAUDITED)

 

Effective January 1, 2019, the Company adopted the requirements of Accounting Standards Update (“ASU”) No. 2016-02, Leases (Topic 842) (“ASC 842”) on a modified retrospective transition approach as discussed in detail in Note 2. All amounts and disclosures set forth in this Form 10-Q have been updated to comply with ASC 842.

The Jumpstart Our Business Startups Act of 2012 (the “JOBS Act”) permits an “emerging growth company” such as the Company, to take advantage of an extended transition period to comply with new or revised accounting standards applicable to public companies until those standards would otherwise apply to private companies. The Company has irrevocably elected to “opt out” of this provision and, as a result, the Company will comply with new or revised accounting standards when they are required to be adopted by public companies that are not emerging growth companies. For a complete discussion of our significant accounting policies refer to Note 2 to the consolidated financial statements in our 2018 Form 10-K.

 

NOTE 2. NEW ACCOUNTING PRONOUNCEMENTS

Recently issued accounting pronouncements:

Standard

Description

Date of Adoption

Effects on the financial statements or other significant matters

ASU 2018-15, Intangibles-Goodwill and Other (Topic 350): Internal-Use Software

The standard was issued in order to address a customer’s accounting for implementation costs incurred in a cloud computing arrangement (“CCA”) that is considered a service contract. Under this guidance, implementation costs for a CCA should be evaluated for capitalization using the same approach as implementation costs associated with internal-use software. Generally costs incurred to configure/customize the hosted software are capitalizable, however, data conversion and training costs are expensed as incurred consistent with internal-use software guidance. The amortization period is over the non-cancelable term and any reasonable certain renewals are expensed to the same line item in which fees paid to the vendor are recognized (i.e., not included in amortization expense).

January 1, 2020, early adoption permitted

We are currently assessing the impact of the standard on our consolidated financial statements.

ASU 2016-13, Financial Instruments – Credit Losses (Topic 326): Measurement of Credit Losses on Financial Instruments

The standard requires immediate recognition of expected credit losses for financial assets carried at amortized cost, including trade and other receivables, loans and commitments, held-to-maturity debt securities and other financial assets, held at the reporting date to be measured based on historical experience, current conditions and reasonable supportable forecasts.  Credit losses on available-for-sale securities will be recorded as an allowance versus a write-down of the amortized cost basis of the security and will allow for a reversal of impairment loss when the credit of the issuer improves.

January 1, 2020, early adoption permitted

We are currently assessing the impact of the standard on our consolidated financial statements.

10

 

Table of Contents

CARBON BLACK

CONDENSED NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS

(UNAUDITED)

 

ASU 2017-04, Intangibles – Goodwill and Other (Topic 350): Simplifying the Test for Goodwill Impairment

The standard simplifies the subsequent measurement of goodwill by eliminating Step 2 from the goodwill impairment test. The ASU requires an entity to compare the fair value of a reporting unit with its carrying amount and recognize an impairment charge for the amount by which the carrying value exceeds the fair value of the reporting unit.  Additionally, an entity should consider income tax effects from any tax deductible goodwill on the carrying amount of the reporting unit when measuring the goodwill impairment loss.

January 1, 2020, early adoption permitted

We are currently evaluating the impacts of early adoption and will apply this standard prospectively, as applicable.

ASU 2018-13, Fair Value Measurement (Topic 820): Disclosure Framework – Changes to the Disclosure Requirements for Fair Value Measurement

The standard eliminates, amends and adds disclosure requirements for fair value measurements. Eliminated disclosures include: amount of and reasons for transfers between levels 1 and 2, policy on timing of transfers, valuation processes for level 3. Removal of the requirement to disclose future changes in FV inputs. Relevant amended disclosures include no longer requiring full level 3 rollforward but rather disclosure of transfers in/out and purchases/ issuances. New disclosures include changes in OCI on level 3 assets/ liabilities and disclosure of range and weighted average of significant unobservable inputs for level 3. 

January 1, 2020, early adoption permitted

We are in the process of evaluating the changes required by the new provisions. We expect this to be minimal as we do not have any level 3 inputs.

 

11

 

Table of Contents

CARBON BLACK

CONDENSED NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS

(UNAUDITED)

 

Recently adopted accounting pronouncements:

Leases

In February 2016, the FASB issued ASC No. 2016-02, Leases (Topic 842) (“ASC 842”), to increase transparency and comparability among organizations by recognizing lease assets and lease liabilities on the balance sheet and disclosing key information about leasing arrangements. We adopted ASC 842 effective January 1, 2019 and elected the modified retrospective approach, whereby periods prior to 2019 were not adjusted for the new standard.

We elected the hindsight practical expedient to determine the lease term for existing leases, and we did not elect to apply the recognition requirements in the leases standard to leases that at commencement date have a lease term of 12 months or less.

We have elected the available package of practical expedients permitted under the transition guidance within the new standard which does not require us to reassess the prior conclusions about lease identification, lease classification and initial direct costs. The adoption of ASC 842 resulted in the recognition of operating right-of-use assets of approximately $16.0 million and operating lease liabilities of approximately $19.9 million. Included within our operating lease assets are the previously recorded net deferred rent balances which were reclassified into our operating lease assets upon the adoption of ASC 842. The standard did not have a material effect on our consolidated statement of operations, consolidated statement of comprehensive loss or consolidated statement of cash flows. Expanded disclosures about the nature and terms of our lease agreements are included in Note 7 in this Form 10-Q.

Stock Compensation

We adopted ASU No. 2018-07, Compensation – Stock Compensation (Topic 718) (“ASC 718”), effective January 1, 2019. The standard provides expanded guidance for stock-based compensation, to include share-based payment transactions for acquiring goods and services from nonemployees. The overall effect from the adoption of ASC 718  had an immaterial impact to our consolidated financial statements.

 

12

 

Table of Contents

CARBON BLACK

CONDENSED NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS

(UNAUDITED)

 

NOTE 3. CASH EQUIVALENTS AND SHORT-TERM INVESTMENTS

The Company considers all highly liquid investments with a maturity of three months or less when purchased to be cash equivalents. The Company’s cash equivalents consist of highly liquid investments in money market funds.

The Company considers all high quality investments purchased with original maturities at the date of purchase greater than three months to be short-term investments. Investments are available to be used for current operations and are, therefore, classified as current assets even though maturities may extend beyond one year. Short-term investments are classified as available-for-sale and are, therefore, recorded at fair value on the consolidated balance sheet, with any unrealized gains and losses reported in accumulated other comprehensive income (loss), which is reflected as a separate component of stockholders’ equity in the Company’s consolidated balance sheets, until realized. The Company uses the specific identification method to compute gains and losses on the investments. The amortized cost of securities is adjusted for amortization of premiums and accretion of discounts to maturity. Such amortization and accretion is included as a component of interest income in the consolidated statement of operations.

The following tables present the amortized cost, fair value and associated unrealized gains and losses of cash equivalents and short-term investments as of the periods presented:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

March 31, 2019

(In thousands)

 

Amortized Cost

 

Unrealized Gains

   

Unrealized Losses

 

Fair Value

Cash equivalents:

 

 

  

 

 

  

 

 

  

 

 

  

Money market funds

 

$

55,798

 

$

 —

 

$

 —

 

$

55,798

Total cash equivalents

 

$

55,798

 

$

 —

 

$

 —

 

$

55,798

 

 

 

 

 

 

 

 

 

 

 

 

 

Short-term investments:

 

 

 

 

 

 

 

 

 

 

 

 

Commercial paper

 

$

37,606

 

$

 —

 

$

 —

 

$

37,606

U.S. treasury securities

 

 

14,375

 

 

 —

 

 

 —

 

 

14,375

Corporate bonds

 

 

17,852

 

 

 —

 

 

 —

 

 

17,852

Asset-backed securities

 

 

10,566

 

 

 —

 

 

 —

 

 

10,566

Total short-term investments

 

$

80,399

 

$

 —

 

$

 —

 

$

80,399

13

 

Table of Contents

CARBON BLACK

CONDENSED NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS

(UNAUDITED)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

December 31, 2018

(In thousands)

    

Amortized Cost

    

Unrealized Gains

    

Unrealized Losses

    

Fair Value

Cash equivalents:

 

 

  

 

 

  

 

 

  

 

 

  

Money market funds

 

$

52,047

 

$

 —

 

$

 —

 

$

52,047

Total cash equivalents

 

$

52,047

 

$

 —

 

$

 —

 

$

52,047

 

 

 

 

 

 

 

 

 

 

 

 

 

Short-term investments:

 

 

 

 

 

 

 

 

 

 

 

 

Commercial paper

 

$

42,706

 

$

 —

 

$

 —

 

$

42,706

U.S. treasury securities

 

 

21,486

 

 

 —

 

 

(9)

 

 

21,477

Corporate bonds

 

 

13,790

 

 

 —

 

 

(23)

 

 

13,767

Asset-backed securities

 

 

14,837

 

 

 —

 

 

(17)

 

 

14,820

Total short-term investments

 

$

92,819

 

$

 —

 

$

(49)

 

$

92,770

The following table summarizes the contractual maturities of our short-term investments as of the period presented:

 

 

 

 

 

 

 

March 31, 2019

(In thousands)

Amortized Cost

    

Fair Value

Due within one year

$

80,399

 

$

80,399

Due after one year

 

 —

 

 

 —

Total short-term investments

$

80,399

 

$

80,399

 

 

 

4. FAIR VALUE OF FINANCIAL INSTRUMENTS

The Company categorizes assets and liabilities recorded or disclosed at fair value on our condensed consolidated balance sheets based upon the level of judgment associated with inputs used to measure their fair value. The categories are as follows:

Level 1—Inputs are unadjusted quoted prices in active markets for identical assets or liabilities.

Level 2—Inputs are quoted prices for similar assets and liabilities in active markets or inputs that are observable for the assets or liabilities, either directly or indirectly.

Level 3—Inputs are unobservable inputs based on our own assumptions used to measure assets and liabilities at fair value. The inputs require significant management judgment or estimation.

The following tables present information about the Company's financial assets and liabilities measured at fair value on a recurring basis and indicate the level of the fair value hierarchy utilized to determine such fair values:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

March 31, 2019

(In thousands)

    

Level 1

    

Level 2

    

Level 3

    

Total

Cash equivalents:

 

 

  

 

 

  

 

 

  

 

 

  

Money market funds

 

$

55,798

 

$

 —

 

$

 —

 

$

55,798

Total cash equivalents

 

$

55,798

 

$

 —

 

$

 —

 

$

55,798

 

 

 

 

 

 

 

 

 

 

 

 

 

Short-term investments:

 

 

 

 

 

 

 

 

 

 

 

 

Commercial paper

 

$

 —

 

$

37,606

 

$

 —

 

$

37,606

U.S. treasury securities

 

 

14,375

 

 

 —

 

 

 —

 

 

14,375

Corporate bonds

 

 

 —

 

 

17,852

 

 

 —

 

 

17,852

Asset-backed securities

 

 

 —

 

 

10,566

 

 

 —

 

 

10,566

Total short-term investments

 

$

14,375

 

$

66,024

 

$

 —

 

$

80,399

 

14

 

Table of Contents

CARBON BLACK

CONDENSED NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS

(UNAUDITED)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

December 31, 2018

(In thousands)

    

Level 1

    

Level 2

    

Level 3

    

Total

Cash equivalents:

 

 

  

 

 

  

 

 

  

 

 

  

Money market funds

 

$

52,047

 

$

 —

 

$

 —

 

$

52,047

Total cash equivalents

 

$

52,047

 

$

 —

 

$

 —

 

$

52,047

 

 

 

 

 

 

 

 

 

 

 

 

 

Short-term investments:

 

 

 

 

 

 

 

 

 

 

 

 

Commercial paper

 

$

 —

 

$

42,706

 

$

 —

 

$

42,706

U.S. treasury securities

 

 

21,477

 

 

 —

 

 

 —

 

 

21,477

Corporate bonds

 

 

 —

 

 

13,767

 

 

 —

 

 

13,767

Asset-backed securities

 

 

 —

 

 

14,820

 

 

 —

 

 

14,820

Total short-term investments

 

$

21,477

 

$

71,293

 

$

 —

 

$

92,770

 

Changes in the fair values of the Company's preferred stock warrant liabilities and common stock warrant liability for the periods presented were as follows:

 

 

 

 

 

 

(In thousands)

Series D
Preferred Stock
Warrant Liability

    

Common Stock
Warrant Liability

Fair value at December 31, 2017

$

992

 

$

1,774

Change in fair value

 

1,378

 

 

7,460

Exercise of common stock warrant

 

 —

 

 

(9,234)

Conversion to common stock warrant

 

(2,370)

 

 

 —

Fair value at December 31, 2018

$

 —

 

$

 —

 

 

 

 

 

(1) Upon the closing of our IPO in May 2018, we no longer had any outstanding warrant liabilities.

Upon the closing of the IPO, the warrants for the purchase of Series D preferred stock became warrants to purchase common stock. The Company valued the Series D preferred stock liability as of the IPO closing date using the Black-Scholes option pricing-model and recorded a change in the fair value of the preferred stock warrants through that date. The Series D preferred stock warrant liability was then reclassified to additional paid-in capital. Additionally, the warrants for the purchase of common stock were exercised to purchase 485,985 shares of common stock upon the closing of the IPO. The Company valued the common stock warrant liability as of the IPO date using the $19 per share offering price and recorded a change in the fair value of the common stock warrants through that date. The common stock warrant liability was then reclassified to common stock and additional paid-in capital.

15

 

Table of Contents

CARBON BLACK

CONDENSED NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS

(UNAUDITED)

 

5. PROPERTY AND EQUIPMENT, NET

 

 

 

 

 

 

 

March 31, 

 

December 31, 

(In thousands)

2019

    

2018

Computer equipment

$

15,776

 

$

15,519

Leasehold improvements

 

6,987

 

 

6,921

Internal-use software

 

4,458

 

 

4,298

Computer software

 

3,885

 

 

3,850

Furniture and fixtures

 

3,790

 

 

3,773

Office equipment

 

20

 

 

20

Total property and equipment

 

34,916

 

 

34,381

Less: Accumulated depreciation and amortization

 

(21,663)

 

 

(20,011)

Total property and equipment, net

$

13,253

 

$

14,370

 

Depreciation and amortization expense related to property and equipment, including internal-use software, was approximately $1.8 million and $1.5 million for the three months ended March 31, 2019 and 2018, respectively. During the three months ended March 31, 2019, we disposed of fully depreciated assets with an original cost of $149 thousand. During the three months ended March 31, 2018, we had no disposals of fully depreciated assets.

During the three months ended March 31, 2019 and 2018, the Company capitalized $160 thousand and $293 thousand, respectively, of costs related to the development of internal-use software and recorded amortization expense of capitalized internal-use software of $304 thousand and $157 thousand, respectively.  

6. GOODWILL AND INTANGIBLE ASSETS

Goodwill was $119.7 million as of both March 31, 2019 and December 31, 2018.

The following table represents the gross carrying amount, accumulated amortization and net carrying amount of other intangible assets by type, as of the dates indicated:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

March 31, 2019

 

December 31, 2018

 

Gross

    

Accumulated

    

Carrying

    

Gross

    

Accumulated

    

Carrying

(In thousands)

Amount

 

Amortization

 

Value

 

Amount

 

Amortization

 

Value

Intangible assets:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

License agreement

$

150

 

$

(131)

 

$

19

 

$

150

 

$

(128)

 

$

22

Developed technology

 

7,301

 

 

(5,116)

 

 

2,185

 

 

7,301

 

 

(4,804)

 

 

2,497

Trade name

 

440

 

 

(440)

 

 

 —

 

 

440

 

 

(430)

 

 

10

Customer relationships

 

2,950

 

 

(2,950)

 

 

 —

 

 

2,950

 

 

(2,950)

 

 

 —

Total intangible assets

$

10,841

 

$

(8,637)

 

$

2,204

 

$

10,841

 

$

(8,312)

 

$

2,529

 

Amortization expense related to intangible assets was $325 thousand and $391 thousand for the three months ended March 31, 2019 and 2018, respectively.

 

16

 

Table of Contents

CARBON BLACK

CONDENSED NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS

(UNAUDITED)

 

7. LEASES

We lease various office space and data centers under non-cancellable operating leases. Our leases have remaining lease terms ranging from 1 year to 5 years, some of which include extension options of up to 5 years and termination options within 3 years. The exercise of these lease extension and termination options are at our sole discretion.

Right-of-use (“ROU”) assets represent the Company’s right to use leased assets over the term of the lease. Lease liabilities represent the Company’s contractual obligation to make lease payments over the lease term. We determine if an arrangement is a lease at inception. Right-of-use assets and lease liabilities are initially measured at the lease commencement date based on the present value of the lease payments over the lease term, discounted using the interest rate implicit in the lease or, if that rate cannot be readily determined, our incremental borrowing rate. We determine our incremental borrowing rate based on the rate of interest that we would have to pay to borrow on a collateralized basis over a similar term, an amount equal to the lease payments in a similar economic environment. Our lease right-of-use assets also include any unamortized initial direct costs plus any prepayments less any unamortized lease incentives received.

Leases with an initial term of 12 months or less are classified as short-term leases and are not recorded on the balance sheet. Lease expenses relating to our short-term leases are recognized on a straight-line basis over the lease term. For lease agreements we entered into or reassessed after the adoption of Topic 842, we combine lease and non-lease components as a single lease component. Non-lease components primarily consist of payments for maintenance and utilities.

Our lease agreements do not contain any material residual value guarantees, material restrictive covenants or variable lease payments based on an index or rate. We currently sublease one of our office spaces to a third party.

The following table presents the components of lease expense and supplemental information for the three months ended March 31, 2019.

 

 

 

(Dollars in thousands, except where otherwise noted)

March 31, 2019

Lease cost:

 

 

Operating lease cost

$

1,202

Short-term lease cost

 

16

Sublease income

 

(52)

Total lease cost

$

1,166

 

 

 

Other information:

 

 

Cash paid for amounts included in the measurement of lease liabilities

$

1,460

 

 

 

Weighted-average:

 

 

Remaining lease term - operating leases

 

3.5 years

Discount rate - operating leases

 
5.5%

 

Future minimum payments under non-cancellable leases as of March 31, 2019 were the following: 

 

 

 

(In thousands)

March 31, 2019

2019 (remaining nine months)

$

4,701

2020

 

5,900

2021

 

5,675

2022

 

2,709

2023

 

1,303

Thereafter

 

244

Total lease payments

 

20,532

Less: Imputed interest

 

(1,849)

Present value of lease payments

$

18,683

17

 

Table of Contents

CARBON BLACK

CONDENSED NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS

(UNAUDITED)

 

As previously disclosed in our 2018 Form 10-K and under the previous lease accounting standard, ASC 840, Leases, the following table summarizes the future minimum lease payments due under operating leases as of December 31, 2018. In determining the future minimum lease payments, the Company included lease payments due for an optional renewal period under an existing lease.

 

 

 

(In thousands)

December 31, 2018

2019

$

5,492

2020

 

5,343

2021

 

5,118

2022

 

2,343

2023

 

1,070

Thereafter

 

986

Total lease payments

$

20,352

 

8. STOCKHOLDERS’ EQUITY

Preferred Stock

Upon the completion of our IPO, all outstanding shares of redeemable convertible and convertible preferred stock, totaling 46.1 million shares, were automatically converted into shares of common stock. The carrying amount of the redeemable convertible and convertible preferred stock was approximately $532.7 million and $1.7 million, respectively, and was reclassified to stockholders’ equity (deficit). Also upon the completion of our IPO, all outstanding warrants to purchase shares of redeemable convertible preferred stock became warrants exercisable for 130,965 shares of common stock, which were subsequently exercised at a price of $2.9891 per share. For additional information regarding the impact of our IPO on our preferred stockholders’ equity, refer to Notes 11 and 13 to the consolidated financial statements, in our 2018 Form 10-K.

On the date of our IPO, we filed a restated certificate of incorporation, which authorized the issuance of 25.0 million shares of preferred stock with a par value of $0.001 per share, with rights and preferences designated from time to time by the board of directors. As of March 31, 2019, no shares of preferred stock were issued or outstanding.

Common Stock

Upon the completion of our IPO, a common stock warrant with an issuance date of July 1, 2012, became exercisable and was net exercised at an exercise price of $0.002 per share to purchase 485,985 shares of common stock. Subsequent to the completion of our IPO, a common stock warrant with an issuance date of July 31, 2014, was net exercised at an exercise price of $3.02 per share to purchase 95,113 shares of common stock. For additional information regarding the impact of our IPO on our common stockholders’ equity, refer to Notes 12 and 13 to the consolidated financial statements, in our 2018 Form 10-K.

On the date of our IPO, we filed a restated certificate of incorporation, which authorized the issuance of 500.0 million shares of common stock with a par value of $0.001 per share, with rights and preferences designated from time to time by the board of directors. As of March 31, 2019, 71.4 million shares were issued and 71.3 million shares were outstanding.

Each share of common stock entitles the holder to one vote on all matters submitted to a vote of the Company’s stockholders. Common stockholders are entitled to receive dividends, as may be declared by the board of directors, if any, subject to the preferential dividend rights of the preferred stockholders. No dividends have been declared through March 31, 2019.

9. EQUITY AWARD PLANS

2018 Stock Option and Incentive Plan

We have only issued new incentive equity awards under our 2018 Stock Option and Incentive Plan (the “2018 Plan”) since our IPO in May 2018. Our 2018 Plan provides for the grant of incentive stock options, nonqualified stock options, stock appreciation rights, restricted stock units, restricted stock awards, unrestricted stock awards and dividend equivalent rights.

The shares of common stock underlying any awards that are forfeited, canceled, held back upon exercise or settlement of an award to satisfy the exercise price or tax withholding, reacquired by the Company prior to vesting, satisfied without any issuance of stock, expire or

18

 

Table of Contents

CARBON BLACK

CONDENSED NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS

(UNAUDITED)

 

are otherwise terminated by the Company under the 2018 Plan will be added back to the shares of common stock available for issuance under the 2018 Plan.

As of March 31, 2019 and December 31, 2018, there were approximately 9.3 million and 5.8 million shares, respectively, available for grant under the 2018 Plan.

Options to Purchase Common Stock

The following table summarizes our common stock option activity for the three months ended March 31, 2019:

 

 

 

 

 

 

 

 

 

 

 

 

    

 

 

    

Weighted-

 

 

 

 

 

 

Weighted-

 

Average Remaining

 

Aggregate

 

Number of

 

Average

 

Contractual Term

 

Intrinsic

(Dollars in thousands, except per share amounts)

Shares

    

Exercise Price

    

(in years)

    

Value

Outstanding at December 31, 2018

16,217,066

 

$

6.26

 

6.56

 

$

126,901

Granted

32,000

 

 

15.27

 

 

 

 

 

Exercised

(1,535,993)

 

 

4.04

 

 

 

 

 

Forfeited

(371,322)

 

 

11.92

 

 

 

 

 

Outstanding at March 31, 2019

14,341,751

 

$

6.37

 

6.43

 

$

117,724

Vested and expected to vest at March 31, 2019

13,863,290

 

 

6.20

 

6.36

 

 

115,350

Options exercisable at March 31, 2019

9,631,348

 

 

4.46

 

5.51

 

 

91,899

As of March 31, 2019, the total unrecognized compensation expense related to outstanding common stock options was approximately $26.0 million and will be recognized over an estimated weighted-average amortization period of approximately 2.24 years.

The assumptions we used to determine the fair value of the common stock options granted to employees and directors were as follows:

 

 

 

 

 

 

 

Three Months Ended March 31, 

 

2019

    

2018

Risk-free interest rate

2.53

%

 

2.74

%

Expected term (in years)

6.25

 

 

6.25

 

Expected volatility

42.63

%

 

43.85

%

Expected dividend yield

 —

 

 

 —

 

 

Restricted Stock Units

The following table summarizes our unvested restricted stock unit (“RSU”) activity for the three months ended March 31, 2019:

 

 

 

 

 

 

 

 

 

 

    

 

    

Weighted

    

Weighted

    

 

 

 

 

 

Average

 

Average Remaining

 

Aggregate

 

Number of

 

Grant Date Fair

 

Contractual Term

 

Intrinsic

(Dollars in thousands, except share per share amounts)

Shares

 

Value Per Share

 

(in years)

 

Value

Unvested at December 31, 2018

1,116,675

 

$

14.31

 

1.56

 

$

14,986

Granted

371,925

 

 

15.30

 

  

 

 

  

Vested(1)

(148,670)

 

 

7.78

 

  

 

 

  

Forfeited

(40,057)

 

 

18.97

 

  

 

 

  

Unvested at March 31, 2019

1,299,873

 

$

15.19

 

1.67

 

$

18,133

RSUs vested and expected to vest at March 31, 2019

1,103,894

 

 

15.20

 

1.58

 

 

15,399

RSUs vested and exercisable at March 31, 2019

 —

 

 

 —

 

 —

 

 

 —

 

 

 

 

 

(1) The number of RSUs vested includes shares of common stock that we withheld on behalf of the employees to satisfy the minimum statutory tax withholding requirements.

As of March 31, 2019, the total unrecognized compensation expense related to unvested RSUs was approximately $18.4 million and will be recognized over an estimated weighted-average amortization period of approximately 3.20 years.

 

19

 

Table of Contents

CARBON BLACK

CONDENSED NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS

(UNAUDITED)

 

Stock-Based Compensation

The following table summarizes the total stock-based compensation expense recognized in our consolidated statements of operations for the periods indicated:

 

 

 

 

 

 

 

Three Months Ended March 31, 

(In thousands)

2019

 

2018

Cost of subscription, license and support revenue

$

167

 

$

136

Cost of services revenue

 

64

 

 

57

Sales and marketing expense

 

1,838

 

 

936

Research and development expense

 

1,044

 

 

564

General and administrative expense

 

1,091

 

 

696

 

$

4,204

 

$

2,389

Employee Stock Purchase Plan

In April 2018, the Board of Directors adopted, and stockholders approved, the 2018 Employee Stock Purchase Plan (the “2018 ESPP”). A total of approximately 1.7 million shares of the Company’s common stock have been authorized for issuance under the 2018 ESPP. Subject to any plan limitations, the 2018 ESPP allows eligible employees to contribute through payroll deductions, up to 10% of their base compensation during the offering period, for the purchase of the Company’s common stock at a discounted price per share. Our current offering period began January 1, 2019 and is expected to end June 30, 2019.

Unless the participating employee has previously withdrawn from the offering, their accumulated payroll deductions will be used to purchase shares of common stock on the last business day of the offering period at a price equal to 85 percent of the fair market value of the common stock on the first business day or the last business day of the offering period, whichever is lower.

10. COMMITMENTS AND CONTINGENCIES

For additional information about our commitments and contingencies, refer to Note 15 to the consolidated financial statements, in our 2018 Form 10-K.

Hosting Services Agreement

In September 2017, the Company entered a non‑cancelable contractual agreement related to the hosting of its data processing, storage and other computing services. The agreement, as amended, expires in November 2020. As of March 31, 2019, our off-balance sheet commitment remaining under the hosting agreement totaled approximately $21.7 million.

Indemnifications

Under the indemnification provisions of the Company's standard sales‑related contracts, the Company agreed to defend end‑customers against third‑party claims asserting infringement of certain intellectual property rights by the Company’s solutions, which may include patents, copyrights, trademarks, or trade secrets and to pay judgments entered on such claims. The Company's exposure under these indemnification provisions is generally limited by certain defined remedies and exclusions under the agreement. However, certain agreements include indemnification provisions that could potentially expose the Company to losses in excess of the amount received under the agreement.

In addition, the Company indemnifies its officers, directors and certain key employees while they are serving in good faith in their capacities. Through March 31, 2019, there have been no claims under any indemnification provisions.

We do not believe that the outcome of any claims under indemnification arrangements will have a material effect on our financial position, results of operations or cash flows, and we have not accrued any liabilities related to such obligations in our consolidated financial statements as of March 31, 2019 or December 31, 2018.

Litigation

On March 21, 2018, Finjan, Inc. (“Finjan”) filed a complaint in the U.S. District Court for the Northern District of California alleging that certain of the Company's products and services infringe at least four U.S. patents purportedly owned by Finjan, seeking, among other things, a judgment holding that the Company has infringed four asserted patents, a preliminary and permanent injunction preventing alleged

20

 

Table of Contents

CARBON BLACK

CONDENSED NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS

(UNAUDITED)

 

continued infringement of one of the asserted patents, past damages not less than a reasonable royalty, enhanced damages for alleged willful infringement, costs and reasonable attorneys' fees, and pre‑ and post‑judgment interest. While the Company did not believe the complaint had merit, on April 6, 2018, the Company entered into a settlement agreement with Finjan, resolving all claims made pursuant to the complaint, which was dismissed later in April 2018. During the year ended December 31, 2018, we recognized and paid $3.9 million in settlement charges relating to this matter.

From time to time the Company may become involved in legal proceedings or be subject to claims arising in the ordinary course of business. Although the results of litigation and claims cannot be predicted with certainty, the Company currently believes that the final outcome of these ordinary course matters will not have a material adverse effect on its business, operating results, financial condition or cash flows. Regardless of the outcome, litigation can have an adverse impact because of defense and settlement costs, diversion of management resources and other factors.

11. INCOME TAXES

During the three months ended March 31, 2019 and 2018, the Company recorded an income tax provision of $66 thousand and $71 thousand, respectively, due to foreign income taxes.

12. REVENUE

We generate revenue through relationships with channel partners and through our direct sales force, consisting of three primary sources:

(i)

Sale of subscription (i.e., term-based) and perpetual licenses for our CB Protection and CB Response software products along with access to and the right to utilize the threat intelligence capabilities of the CB Predictive Security Cloud, as well as maintenance services and customer support, collectively referred to as support;

(ii)

Cloud-based software-as-a-service, or SaaS, subscriptions for access to our CB Predictive Security Cloud software products and CB Response Cloud; and

(iii)

Professional services and training, collectively referred to as services.

For information about our revenue recognition methodology, refer to Note 2 to our consolidated financial statements in our 2018 Form 10-K.

Contract Costs

As of March 31, 2019 and December 31, 2018, the Company recorded approximately $39.1 million and $38.1 million, respectively, of deferred commission costs in the consolidated balance sheet. Commission costs capitalized as deferred commissions during the three months ended March 31, 2019 and 2018 totaled $4.9 million and $3.5 million, respectively. Amortization of deferred commissions during the three months ended March 31, 2019 and 2018 totaled $3.9 million and $3.0 million, respectively, and is included in sales and marketing expense in the consolidated statements of operations. The Company periodically reviews these deferred costs to determine whether events or changes in circumstances have occurred that could impact the period of benefit of these deferred sales commissions. The Company does not incur any material costs to fulfill customer contracts.

Deferred Revenue

Contract liabilities consist of deferred revenue and include payments received in advance of performance under the contract. Such amounts are recognized as revenue over the contractual period. During the three months ended March 31, 2019, we recognized revenue of $54.5 million which was included in the deferred revenue balance as of December 31, 2018.

We receive payments from customers based upon contractual billing schedules; accounts receivable are recorded when the right to consideration becomes unconditional. We generally bill our customers in advance, and payment terms on invoiced amounts are typically 30 to 90 days. Contract costs include amounts related to our contractual right to consideration for completed and partially completed performance obligations that may not have been invoiced; such amounts have been insignificant to date.

21

 

Table of Contents

CARBON BLACK

CONDENSED NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS

(UNAUDITED)

 

Major products and services

 

 

 

 

 

 

 

Three Months Ended March 31, 

(In thousands)

2019

 

2018

Subscription and support revenue

$

33,741

 

$

32,095

Cloud-based subscription revenue

 

21,033

 

 

11,692

Perpetual license revenue

 

1,520

 

 

1,604

Services revenue

 

2,262

 

 

3,043

Total revenue

$

58,556

 

$

48,434

Geographic revenue 

 

 

 

 

 

 

 

Three Months Ended March 31, 

(In thousands)

2019

 

2018

United States

$

47,609

 

$

40,493

All other

 

10,947

 

 

7,941

Total revenue

$

58,556

 

$

48,434

Transaction price allocated to remaining performance obligations

Transaction price allocated to remaining performance obligations represents contracted revenue that has not yet been recognized, which includes deferred revenue and backlog. The Company defines backlog as contractually committed orders for subscriptions and support services for which the associated revenue has not been recognized and the customer has not been invoiced. As of March 31, 2019, the aggregate amount of the transaction price allocated to remaining performance obligations was $183.2 million in deferred revenue and $40.0 million in backlog.

The following table presents the remaining performance obligations we expect to recognize over the periods indicated (in percentages):

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Less than

 

 

 

 

More than

 

Total

 

1 year

 

1-2 Years

 

2 years

Deferred revenue

100

 

80

 

14

 

 6

%

Backlog

100

 

 

38

 

 

43

 

 

19

 

Concentration Risk

As of March 31, 2019, two channel partners accounted for approximately 28% and 23% of outstanding accounts receivable, respectively, and approximately 21% and 18% of total revenue, respectively, for the three months ended March 31, 2019.

During the three months ended March 31, 2019 and 2018, revenue from customers located outside of the United States in the aggregate accounted for approximately 19% and 16%, respectively, of our total revenue. Substantially all of our long-lived tangible assets (consisting of property and equipment) were held within the United States as of March 31, 2019 and December 31, 2018.

13. NET LOSS PER SHARE

Basic net loss per share is computed by dividing the net loss attributable to common stockholders by the weighted-average number of common shares outstanding during the period. Diluted net loss per share attributable to common stockholders is computed by dividing net loss attributable to common stockholders by diluted weighted-average shares outstanding, including potentially dilutive securities, unless anti-dilutive.

As the company was in a loss for all periods presented, basic net loss per share is the same as dilutive net loss per share as the inclusion of all potential common shares outstanding would have been anti-dilutive. The following table presents the calculation for basic and diluted net loss per share attributable to common stockholders for the dates indicated:

 

 

 

 

 

 

 

Three Months Ended March 31, 

(in thousands, except share and per share amounts)

2019

    

2018

Numerator:

 

 

 

 

 

Net loss

$

(19,687)

 

$

(20,594)

Accretion of preferred stock to redemption value

 

 —

 

 

(40,039)

22

 

Table of Contents

CARBON BLACK

CONDENSED NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS

(UNAUDITED)

 

Net loss attributable to common stockholders

$

(19,687)

 

$

(60,633)

Denominator:

 

 

 

 

 

Weighted-average number of common shares outstanding—basic and diluted

 

70,474,542

 

 

11,264,252

Net loss per share attributable to common stockholders—basic and diluted

$

(0.28)

 

$

(5.38)

The following table presents the potentially dilutive securities that were excluded from the computation of net loss per share for the periods presented because their inclusion would have an anti-dilutive effect:

 

 

 

 

 

As of March 31, 

 

2019

    

2018

Options to purchase common stock

14,341,751

 

15,368,789

Unvested restricted stock units

1,299,873

 

394,500

Shares to be issued under ESPP

68,886

 

 —

Options to purchase Series E-1 preferred stock (as converted to common stock)

 —

 

837,835

Warrants to purchase common stock

 —

 

106,250

Warrants to purchase redeemable convertible preferred stock (as converted to common stock)

 —

 

167,500

Redeemable convertible preferred stock (as converted to common stock)

 —

 

44,370,560

Total potential common shares

15,710,510

 

61,245,434

 

 

 

23

 

Table of Contents

CARBON BLACK

MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION

AND RESULTS OF OPERATIONS

 

ITEM 2. MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS

FORWARD-LOOKING STATEMENTS

The following discussion and analysis of our financial condition and results of operations should be read in conjunction with our unaudited consolidated financial statements and related notes appearing elsewhere in this Form 10-Q and our consolidated financial statements and related notes included in our 2018 Form 10-K. In addition to historical consolidated financial information, the following discussion and analysis and information set forth elsewhere in this Form 10-Q contains “forward-looking statements” within the meaning of the Private Securities Litigation Reform Act of 1995 that involve substantial risks and uncertainties. All statements, other than statements of historical facts, included in this Form 10-Q regarding our strategy, future operations, future financial position, future revenue, projected costs, prospects, plans, objectives of management and expected market growth are forward-looking statements. The words “anticipate,” “believe,” “could,” “estimate,” “expect,” “intend,” “may,” “might,” “plan,” “predict,” “project,” “will,” “would,” or the negative of these words or other similar terms or expressions are intended to identify forward-looking statements although not all forward-looking statements contain these identifying words.

These forward-looking statements are not statements of historical facts and represent only our current expectations regarding such matters. These statements inherently involve a wide range of known and unknown uncertainties. Our actual actions and results could differ materially from what is expressed or implied by these statements. Specific factors that could cause such a difference include, but are not limited to, those set forth under Item 1A. “Risk Factors” and other important factors disclosed previously in our other filings with the SEC. Given these factors, as well as other variables that may affect our operating results, you should not rely on forward-looking statements, assume that past financial performance will be a reliable indicator of future performance, or use historical trends to anticipate results or trends in future periods. The forward-looking statements made in this Form 10-Q relate only to events as of the date on which they are made and we expressly disclaim any obligation or intention to provide updates to the forward-looking statements and the estimates and assumptions associated with them, except as required by law.

BUSINESS OVERVIEW

Carbon Black is a leader in cloud endpoint protection. As an innovator in the Endpoint Protection Platform (“EPP”) market, our technology enables customers to address the complete endpoint security lifecycle and stay ahead of advanced cyber attacks.

Our big data and security analytics platform, the CB Predictive Security Cloud (“PSC”), consolidates endpoint security and IT operations into an extensible cloud platform that prevents advanced threats, provides actionable insight and enables businesses of all sizes to simplify operations. By analyzing billions of security events per day across the globe, Carbon Black has key insights into attackers’ behavior patterns, enabling customers to detect, respond to and prevent emerging attacks.

We believe the depth, breadth and real-time nature of our unfiltered endpoint data, combined with the analytic power of our Predictive Security Cloud platform, provides customers with world-class security efficacy and operational efficiency.

Organizations globally are re-platforming their IT operations by investing in cloud computing and workforce mobility, which has resulted in enterprise environments that are more open, interconnected, and vulnerable to cyber attacks. Today, an increasingly mobile workforce and the explosion of enterprise data and applications in the cloud have expanded the attack surface beyond the traditional network perimeter. In response, attackers have adapted their methods and tools to directly target the endpoint. In short, the endpoint is the new perimeter.

Endpoints are the primary focus of attacks because they store valuable data that attackers seek to steal; perform critical operations that attackers seek to disrupt; and are the interface where attackers can target humans through email, social engineering and other tactics. Endpoints are the physical and virtual locations where sensitive data resides and include desktops, laptops, servers, virtual machines, cloud workloads (services running on cloud servers), containers, fixed‑function devices such as ATMs, point of sale systems, and control and data systems for power plants and other industrial assets.

Our approach to solving these endpoint security challenges focuses on leveraging our big data and our security analytics platform in the cloud (the PSC) to better detect and prevent the behaviors and specific techniques used by attackers. Based on our experience and investment in next‑generation solutions designed to address the full endpoint security lifecycle, we have developed a highly differentiated technology

24

 

Table of Contents

CARBON BLACK

MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION

AND RESULTS OF OPERATIONS

 

approach with four main pillars: (1) unfiltered data collection, (2) proprietary data shaping technology, (3) streaming analytics, and (4) extensible open architecture.

A substantial majority of our customers purchase our solutions under a subscription license. Our subscription licenses include: access to and the right to utilize the threat intelligence capabilities of the CB Predictive Security Cloud; ongoing support, which provides our customers with telephone and web‑based support, bug fixes and repairs; and software updates on a when‑and‑if‑available basis. Additionally, a substantial amount of those customers who purchase licenses on a perpetual basis also purchase an agreement for access to and the right to utilize the threat intelligence capabilities of the CB Predictive Security Cloud. Subscription (i.e. term-based) revenue is recognized on a ratable basis over the contract term beginning on the date the software is delivered to the customer. Revenue for cloud-based subscriptions is recognized on a ratable basis over the term of the subscription beginning on the date the customer is given access to the platform. Maintenance services and customer support revenue related to subscription licenses is recognized ratably over the term of the maintenance and support arrangement as this performance obligation is satisfied. Revenue from the infrequent sales of perpetual software licenses is recognized ratably over the customer’s estimated economic life, which we have estimated to be five years, beginning on the date the software is delivered to the customer. Maintenance services and customer support revenue related to perpetual licenses is recognized ratably over the term of the maintenance and support arrangement as this performance obligation is satisfied. Revenue from perpetual licenses represented less than 5% of our $56.3  million of subscription, license and support revenue for the three months ended March 31, 2019. Due to our revenue recognition model, all of our subscription, license and support revenue is recognized on a ratable basis, providing us with strong visibility into future revenue.

We primarily sell our products through a channel partner go‑to‑market model, which significantly extends our global market reach and ability to rapidly scale our sales efforts. Our inside sales and field sales representatives work alongside an extensive network of value‑added resellers, or VARs, distributors, managed security service providers, or MSSPs, and incident response, or IR, firms. Our MSSP and IR firm channel partners both use and recommend our products to their clients. We have established significant relationships with leading channel partners, including Optiv Security, Inc., a leading VAR and MSSP; CDW Corporation, one of the world’s largest software VARs; Arrow Electronics, Inc., a major global distributor; SecureWorks, Inc., a leading MSSP; and Kroll, a leading IR firm. For the three months ended March 31, 2019, approximately 91% of our new and add‑on business was closed in collaboration with a channel partner.

Our customers include many of the world’s largest, security‑focused enterprises and government agencies that are among the most heavily targeted by cyber adversaries, as well as mid‑sized organizations. As of March 31, 2019, we serve 5,339 customers globally across multiple industries, including 35 of the Fortune 100.

We have experienced revenue growth, with revenue increasing to $58.6 million in the three months ended March 31, 2019, up from $48.4 million in the same period in 2018, representing a 21% annual growth rate. Recurring revenue, a non-GAAP financial measure, represented 94% and 90% of our total revenue in the three months ended March 31, 2019 and 2018, respectively. Annual recurring revenue, or ARR, was $226.0 million and $182.8 million as of March 31, 2019 and 2018, respectively. We define ARR as the annualized value of all active subscription contracts as of the end of the period. ARR excludes revenue from perpetual licenses and services. The portion of ARR related to our cloud‑based subscription contracts was $88.8 million and $51.8 million as of March 31, 2019 and 2018, respectively. The percentage of our total recurring revenue generated by sales of our cloud‑based solutions was 38% and 27% as of March 31, 2019 and 2018, respectively. We incurred net losses of $19.7 million and $20.6 million for the three months ended March 31, 2019 and 2018, respectively, as we continued to invest for growth to address the large market opportunity for our platform.

25

 

Table of Contents

CARBON BLACK

MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION

AND RESULTS OF OPERATIONS

 

OVERVIEW OF FINANCIAL RESULTS

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

RESULTS OF OPERATIONS

 

 

PERCENTAGE OF REVENUE

 

Three Months Ended March 31, 

 

 

Three Months Ended March 31, 

(In thousands, except percentages)

2019

    

2018

 

% Change

 

 

2019

 

2018

Revenue:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Subscription, license and support

$

56,294

 

$

45,391

 

24

%

 

 

96

%

 

94

%

Services

 

2,262

 

 

3,043

 

(26)

 

 

 

 4

 

 

 6

 

Total revenue

 

58,556

 

 

48,434

 

21

 

 

 

100

 

 

100

 

Cost of revenue:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Subscription, license and support(1)

 

10,502

 

 

7,212

 

46

 

 

 

18

 

 

15

 

Services(1)

 

2,523

 

 

3,003

 

(16)

 

 

 

 4

 

 

 6

 

Total cost of revenue

 

13,025

 

 

10,215

 

28

 

 

 

22

 

 

21

 

Gross profit

 

45,531

 

 

38,219

 

19

 

 

 

78

 

 

79

 

Operating expenses:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Sales and marketing(1)

 

39,410

 

 

30,678

 

28

 

 

 

67

 

 

63

 

Research and development(1)

 

18,377

 

 

14,922

 

23

 

 

 

31

 

 

31

 

General and administrative(1)

 

8,088

 

 

10,426

 

(22)

 

 

 

14

 

 

22

 

Total operating expenses

 

65,875

 

 

56,026

 

18

 

 

 

112

 

 

116

 

Loss from operations

 

(20,344)

 

 

(17,807)

 

14

 

 

 

(34)

 

 

(37)

 

Net interest income

 

828

 

 

45

 

1,740

 

 

 

 1

 

 

 —

 

Other income (expense), net

 

(105)

 

 

(2,761)

 

(96)

 

 

 

 —

 

 

(6)

 

Loss before income taxes

 

(19,621)

 

 

(20,523)

 

(4)

 

 

 

(33)

 

 

(43)

 

Provision for income taxes

 

66

 

 

71

 

(7)

 

 

 

 —

 

 

 —

 

Net loss

$

(19,687)

 

$

(20,594)

 

(4)

%

 

 

(33)

%

 

(43)

%

(1) Includes stock-based compensation expense. Additional information about our stock-based compensation expense is provided in Note 9 to the consolidated financial statements in this Form 10-Q.

 

Financial Highlights

Highlights for the three months ended March 31, 2019 compared to the same period in 2018 included:

 

 

 

Revenue increased to $58.6 million from $48.4 million, representing a 21% annual growth rate. 

Annual recurring revenue, or ARR, was $226.0 million and $182.8 million, respectively, representing a 24% annual growth rate. We define ARR as the annualized value of all active subscription contracts as of the end of the period. ARR excludes revenue from perpetual licenses and services.

ARR related to our cloud-based subscription contracts was $88.8 million and $51.8 million, respectively, representing a 71% annual growth rate.

Recurring revenue increased to $54.8 million from $43.8 million, a 25% annual growth rate. Recurring revenue represented 94% and 90% of our total revenue, respectively.

 

The revenue from cloud-based solutions increased to $21.0 million from $11.7 million, a 80% annual growth rate. The percentage of our total recurring revenue generated by sales of our cloud-based solutions was 38% and 27%, respectively.

Our customer count, which includes both direct sale customers and customers with one or more subscriptions to our platform through channel partners, grew to 5,339 from 4,006, representing a year-over-year increase of 33%.

Number of customers who purchased our cloud-based solutions increased from 1,870 customers to 3,169 customers.

 

 

26

 

Table of Contents

CARBON BLACK

MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION

AND RESULTS OF OPERATIONS

 

Key Factors Affecting Our Performance

Our historical financial performance has been, and we expect our financial performance in the future to be, primarily driven by the following factors:

Market Adoption

We believe our future success will depend, in large part, on the market for next-generation endpoint security. Because network-centric security is no longer adequate, organizations must focus on securing the endpoint. However, while organizations have made significant investments in upgrading to advanced network security solutions, the majority of endpoint security technology in use today relies on multiple agents and uses the same ineffective, traditional signature-based antivirus software. As a result, organizations are increasingly shifting their security budgets toward next-generation endpoint security solutions. We believe that we are well positioned as a market leader to capitalize on this investment cycle and that our ability to address the full lifecycle of a cyber attack will help to drive our market adoption. Additionally, the number of security professionals has not kept pace with total demand. As the number of threats multiplies, legacy solutions either miss threats or produce more alerts than security teams are able to process and investigate. Organizations are increasingly turning to next-generation solutions, advanced analytics and automation tools to empower their security professionals to increase their efficiency and focus on the highest value cyber security tasks, thereby reducing the need for additional security headcount. Organizations are also addressing the talent gap by relying more on security-focused VARs and trusted partners to augment their internal teams of security experts.

Add New Customers

Our ability to add new customers is a key indicator of our increasing market adoption and future revenue potential. Our customer count, which includes both direct sale customers and customers with one or more subscriptions to our platform through channel partners, grew to 5,339 customers in the three months ended March 31, 2019 from 4,006 customers in the same period of 2018, representing a year-over-year increase of approximately 33%. We expect this trend to continue in future periods as we focus on adding new customers and renewing existing customers through our channel partners. We are focused on continuing to grow our customer base. We have continuously enhanced our endpoint security platform and product offerings, and we have expanded both our domestic and international sales force to drive new customer acquisition. However, our ability to continue to grow our customer base is dependent on a number of factors, including our ability to compete within the increasingly competitive markets in which we participate.

Maintain Strong Retention Rates

An important component of our revenue growth strategy is to have our existing customers renew their agreements with us. To assess our performance against this objective, we monitor the retention rate of our existing customers. We calculate retention rate by comparing the annual recurring subscription and support revenue from our customers at the beginning of a measurement period. We divide the ending annual recurring revenue by the beginning annual recurring revenue to arrive at our retention rate metric. We exclude the impact of any add-on purchases from these customers during the measurement period; accordingly, our retention rate cannot exceed 100%. In addition, the metric reflects the loss of customers who elected not to renew contracts expiring during the measurement period and customers who elected to reduce their contract spend during the measurement period. Our retention rate was approximately 87% for the three months ended March 31, 2019.

Increase Sales to Existing Customers

Our current customer base provides us with a significant opportunity to drive incremental sales. Our extensible platform allows us to develop new solutions rapidly and at a lower cost over time. As we develop and deploy additional security offerings on the CB Predictive Security Cloud platform, we see significant additional opportunity to cross-sell these offerings as customers benefit by addressing multiple security requirements through a single platform. Our ability to increase sales to existing customers will depend on a number of factors, including customers’ satisfaction or dissatisfaction with our solutions, our ability to develop new products, pricing, economic conditions or overall reductions in our customers’ spending levels.

Invest in Growth

We will continue to focus on long-term revenue growth. We believe that our market opportunity is large and we will continue to invest significantly in research and development to enhance our technology platform and product functionality. We also expect to continue to invest in sales and marketing to grow our customer base, both domestically and internationally. In addition to our ongoing investment in research and development, we may also pursue acquisitions of businesses, technologies and assets that complement and expand the functionality of

27

 

Table of Contents

CARBON BLACK

MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION

AND RESULTS OF OPERATIONS

 

our products and services, expand the functionality of our solutions, add to our technology or security expertise, or bolster our leadership position by gaining access to new customers or markets.

 

Key Metrics

We regularly monitor a number of financial and operating metrics, including the following key metrics, in order to measure our current performance and estimate our future performance, as follows:

 

 

 

 

 

 

 

 

 

Three Months Ended March 31, 

(In thousands, except percentages)

2019

 

2018

Billings

$

48,871

 

 

$

41,730

 

Year-over-year growth

 

17

% 

 

 
33

%

Short-term billings

$

52,946

 

 

$

42,015

 

Year-over-year growth

 

26

%

 

 
35

%

Total revenue

$

58,556

 

 

$

48,434

 

Year-over-year growth

 

21

%

 

 
35

%

Recurring revenue

$

54,774

 

 

$

43,787

 

Year-over-year growth

 

25

%

 

 
39

%

Recurring revenue as a percentage of total revenue

 

94

%

 

 

90

%

Billings

We define billings, a non-GAAP financial measure, as total revenue plus the change in deferred revenue during the period, excluding acquired deferred revenue. Our deferred revenue consists of amounts that have been invoiced to customers but that have not yet been recognized as revenue. Our deferred revenue balance primarily consists of the portion of products and support revenue that will be recognized ratably over the term of the subscription as the performance obligation is satisfied.

Most of our revenue is derived from subscriptions to our products with a duration of one or three years. For our subscription arrangements, we typically bill our customers the fee on an annual basis for the upcoming year. Some of our revenue is derived from perpetual licenses of our products sold with a maintenance and support agreement. For our perpetual licenses, we bill our customers the entire license fee upon delivery of the software, and for support, we typically bill our customers the support fee on an annual basis for the upcoming year. For services sold on a fixed-price basis, we bill customers in advance. For services sold on a time-and-materials basis, we bill customers as such services are performed.

We use billings as one factor to evaluate our business because billings is an indicator of current period sales activity and provides visibility into corresponding future revenue growth due to our subscription-based revenue model. However, it is important to note that billings, in any period, may be impacted by the timing of customer renewals, including early renewals, and customers’ preferences for multi-year upfront or annual billing terms, which could favorably or unfavorably impact year-over-year comparisons. While we believe that billings is somewhat useful in evaluating our business, billings is a non-GAAP financial measure that has limitations as an analytical tool, and billings should not be considered as an alternative to, or substitute for, total revenue recognized in accordance with GAAP. In addition, other companies, including companies in our industry, may calculate billings differently or not at all, which reduces the usefulness of billings as a tool for comparison. We recommend that you review the reconciliation of billings to total revenue, the most directly comparable GAAP financial measure, provided below, and that you not rely on billings or any single financial measure to evaluate our business.

 

 

 

 

 

 

 

Three Months Ended March 31, 

(In thousands)

2019

    

2018

Total revenue

$

58,556

 

$

48,434

Deferred revenue, end of period

 

183,208

 

 

161,996

Deferred revenue, beginning of period

 

(192,893)

 

 

(168,700)

Billings

$

48,871

 

$

41,730

Short-term billings

We define short-term billings, a non-GAAP financial measure, as total revenue plus the change in current deferred revenue during the period, excluding acquired deferred revenue. We believe that short-term billings provides useful information to investors and others in

28

 

Table of Contents

CARBON BLACK

MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION

AND RESULTS OF OPERATIONS

 

evaluating our operating performance because it excludes the impact of upfront multi-year billings, which can vary from period to period depending on the timing of large, multi-year customer contracts and customer preferences for annual billing versus multi-year upfront billing. However, it is important to note that short-term billings, in any period, may be impacted by the timing of customer renewals, including early renewals, which could favorably or unfavorably impact year-over-year comparisons. While we believe that short-term billings is somewhat useful in evaluating our business, short-term billings is a non-GAAP financial measure that has limitations as an analytical tool, and short-term billings should not be considered as an alternative to, or substitute for, total revenue recognized in accordance with GAAP. In addition, other companies, including companies in our industry, may calculate short-term billings differently or not at all, which reduces the usefulness of short-term billings as a tool for comparison. We recommend that you review the reconciliation of short-term billings to total revenue, the most directly comparable GAAP financial measure, provided below, and that you not rely on short-term billings or any single financial measure to evaluate our business.

 

 

 

 

 

 

 

Three Months Ended March 31, 

(In thousands)

2019

    

2018

Total revenue

$

58,556

 

$

48,434

Deferred revenue, current, end of period

 

146,912

 

 

123,746

Deferred revenue, current, beginning of period

 

(152,522)

 

 

(130,165)

Short-term billings

$

52,946

 

$

42,015

Recurring revenue

We define recurring revenue, a non-GAAP financial measure, as subscription, license and support revenue (which includes revenue relating to support for perpetual licenses) less perpetual license revenue for the period. We use recurring revenue as one factor to evaluate our business because we believe that recurring revenue provides visibility into the revenue expected to be recognized in the current and future periods. Accordingly, we believe that recurring revenue provides useful information to investors and others in understanding and evaluating our operating results in the same manner as our management. While we believe that recurring revenue is useful in evaluating our business, recurring revenue is a non-GAAP financial measure that has limitations as an analytical tool, and recurring revenue should not be considered as an alternative to, or substitute for, subscription, license and support revenue recognized in accordance with GAAP. In addition, other companies, including companies in our industry, may calculate recurring revenue differently or not at all, which reduces the usefulness of recurring revenue as a tool for comparison. We recommend that you review the reconciliation of recurring revenue to subscription, license and support revenue, the most directly comparable GAAP financial measure, provided below, and that you not rely on recurring revenue or any single financial measure to evaluate our business.

 

 

 

 

 

 

 

 

 

Three Months Ended March 31, 

(In thousands, except percentages)

2019

 

2018

Subscription, license and support revenue

$

56,294

 

 

$

45,391

 

Perpetual license revenue

 

(1,520)

 

 

 

(1,604)

 

Recurring revenue

$

54,774

 

 

$

43,787

 

Recurring revenue as a percentage of total revenue

 

94

%

 

 

90

%

 

 

Non-GAAP Financial Measures

Non-GAAP Free cash flow and free cash flow margin

We define free cash flow, a non-GAAP financial measure, as net cash used in operating activities less purchases of property and equipment and capitalized internal-use software. We define free cash flow margin as free cash flow divided by total revenue. We monitor free cash flow as one measure of our overall business performance, which enables us to analyze our future performance without the effects of non-cash items and allow us to better understand the cash needs of our business. While we believe that free cash flow is useful in evaluating our business, free cash flow is a non-GAAP financial measure that has limitations as an analytical tool, and free cash flow should not be considered as an alternative to, or substitute for, net cash used in operating activities in accordance with GAAP. The utility of free cash flow as a measure of our liquidity is further limited as it does not represent the total increase or decrease in our cash balance for any given period. In addition, other companies, including companies in our industry, may calculate free cash flow differently or not at all, which reduces the usefulness of free cash flow as a tool for comparison. A summary of our cash flows from operating, investing and financing activities is provided below. We recommend that you review the reconciliation of free cash flow to net cash used in operating activities, the most directly comparable GAAP financial measure, and the reconciliation of free cash flow margin to net cash used in operating activities (as a percentage

29

 

Table of Contents

CARBON BLACK

MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION

AND RESULTS OF OPERATIONS

 

of revenue), the most directly comparable GAAP financial measure, provided below, and that you not rely on free cash flow, free cash flow margin or any single financial measure to evaluate our business.

 

 

 

 

 

 

 

Three Months Ended March 31, 

(In thousands)

2019

    

2018

Net cash used in operating activities

$

(13,916)

 

$

(777)

Net cash provided by (used in) investing activities

 

12,066

 

 

(1,788)

Net cash provided by financing activities

 

6,862

 

 

178

Net increase (decrease) in cash and cash equivalents

$

5,012

 

$

(2,387)

 

 

 

 

 

 

 

 

Three Months Ended March 31, 

(In thousands)

2019

    

2018

Net cash used in operating activities

$

(13,916)

 

$

(777)

Purchases of property and equipment

 

(577)

 

 

(1,495)

Capitalization of internal-use software costs

 

(160)

 

 

(293)

Free cash flow

$

(14,653)

 

$

(2,565)

 

 

 

 

 

 

 

 

Three Months Ended March 31, 

 

2019

 

2018

Net cash used in operating activities (as a percentage of revenue)

(23.8)

%  

 

(1.6)

%

Purchases of property and equipment (as a percentage of revenue)

(1.0)

 

 

(3.1)

 

Capitalization of internal-use software costs (as a percentage of revenue)

(0.3)

 

 

(0.6)

 

Free cash flow margin

(25.1)

%  

 

(5.3)

%

 

 

Non-GAAP operating loss

We define non-GAAP operating loss as loss from operations excluding stock-based compensation and amortization of acquired intangible assets. For the three months ended March 31, 2018, we have also excluded from non-GAAP operating loss the $3.9 million expense related to the payments we agreed to make in 2018 pursuant to the Finjan legal settlement.

We consider non-GAAP operating loss to be a useful metric for investors and other users of our financial information in evaluating our operating performance because it excludes the impact of stock-based compensation and amortization of acquired intangible assets, each of which is a non-cash charge that can vary from period to period for reasons that are unrelated to our core operating performance, and expense recorded by us pursuant to the legal settlement because it is a non-recurring item. While we believe that non-GAAP operating loss is useful in evaluating our business, non-GAAP operating loss is a non-GAAP financial measure that has limitations as an analytical tool, and non-GAAP operating loss should not be considered as an alternative to, or substitute for loss from operations in accordance with GAAP. In addition, other companies, including companies in our industry, may calculate non-GAAP operating loss differently or not at all, which reduces the usefulness of non-GAAP operating loss as a tool for comparison. We recommend that you review the reconciliation of non-GAAP operating loss to loss from operations, the most directly comparable GAAP financial measure, provided below, and that you not rely on non-GAAP operating loss or any single financial measure to evaluate our business.

 

 

 

 

 

 

 

Three Months Ended March 31, 

(In thousands)

2019

    

2018

Loss from operations

$

(20,344)

 

$

(17,807)

Stock-based compensation

 

4,204

 

 

2,389

Amortization of acquired intangible assets

 

325

 

 

391

Legal settlement

 

 —

 

 

3,900

Non-GAAP operating loss

$

(15,815)

 

$

(11,127)

30

 

Table of Contents

CARBON BLACK

MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION

AND RESULTS OF OPERATIONS

 

RESULTS OF OPERATIONS

The following table presents the total revenue for the periods indicated:

 

 

 

 

 

 

 

 

 

 

 

 

 

Three Months Ended March 31, 

(In thousands, except percentages)

2019

    

2018

 

$ Change

 

% Change

Revenue:

 

 

 

 

 

 

 

 

 

 

 

Subscription, license and support

$

56,294

 

$

45,391

 

$

10,903

 

24

%

Services

 

2,262

 

 

3,043

 

 

(781)

 

(26)

 

Total revenue

$

58,556

 

$

48,434

 

$

10,122

 

21

 

 

 

 

REVENUE

We generate revenue through relationships with channel partners and through our direct sales force, consisting of three primary sources:

(i)

Sale of subscription (i.e., term-based) and perpetual licenses for our CB Protection and CB Response software products along with access to and the right to utilize the threat intelligence capabilities of the CB Predictive Security Cloud, as well as maintenance services and customer support, collectively referred to as support;

(ii)

Cloud-based software-as-a-service, or SaaS, subscriptions for access to our CB Predictive Security Cloud software products and CB Response Cloud; and

(iii)

Professional services and training, collectively referred to as services.

For information about our revenue recognition methodology, refer to Note 2 to our consolidated financial statements in our 2018 Form 10-K.

Subscription, License and Support Revenue

Our CB Protection and CB Response products are offered through subscription or perpetual software licenses, with a substantial majority of our customers selecting a subscription license. Subscription licenses include access to and the right to utilize the threat intelligence capabilities of the CB Predictive Security Cloud as well as ongoing support, which provides our customers with telephone and web-based support, bug fixes and repairs and software updates on a when-and-if-available basis. Substantially all customers who purchase licenses on a perpetual basis also purchase an agreement for access to and the right to utilize the threat intelligence capabilities of the CB Predictive Security Cloud.

During 2015, we began offering our CB Response product through cloud-based subscriptions. During 2016, we began offering our CB Defense product, a cloud-based next-generation antivirus solution, representing our first offering on the CB Predictive Security Cloud Platform. During 2018, we launched four new products on the CB Predictive Security Cloud Platform: CB ThreatSight, CB Defense for VMWare, CB LiveOps and CB ThreatHunter. Revenue for cloud-based subscriptions is deferred on our balance sheet and subsequently recognized as revenue ratably over the term of the subscription.

Our term-based and cloud-based subscription agreements and perpetual license support agreements typically have one- or three-year terms. For multi-year arrangements, we typically bill on an annual basis. We offer customers who make a multi-year contract commitment the option to be billed the total contract fee upfront or to be billed on an annual basis.

Subscription, license and support revenue increased 24% in the three months ended March 31, 2019 compared to the same period in 2018, primarily due to an increase in total customers and sales to existing customers. We added 314 net new customers during the three months ended March 31, 2019.

Revenue generated by sales of our cloud-based solutions increased from $11.7 million in the three months ended March 31, 2018 to $21.0 million for the same period in 2019, representing a 80% annual growth rate.

Services Revenue

We generate services revenue from the sale of deployment and training services. Services are typically sold together with licenses of our software products and, to a lesser extent, on a stand-alone basis. Services are priced separately and are considered distinct from our software license.

31

 

Table of Contents

CARBON BLACK

MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION

AND RESULTS OF OPERATIONS

 

The professional services can be performed by a third party and have a history of consistent pricing by us. Professional services are sold as time-and-materials contracts based on the number of hours worked and at contractually agreed-upon hourly rates, and also on a fixed-fee basis. Revenue from professional services and training sold on a stand-alone basis or in a combined arrangement is recognized as those services are rendered as control of the services passes to the customer over time. As more customers select our cloud-based offerings, we expect our services revenue to decrease in absolute dollars and decrease as a percentage of total revenue over time as our cloud-based offerings are typically easier to deploy.

During the three months ended March 31, 2019, services revenue decreased 26% compared to the same period in 2018, due to an increase in customers selecting our cloud-based offerings, which are typically easier to deploy than our on-premise solutions.

COST OF REVENUE

 

 

 

 

 

 

 

 

 

 

 

 

 

Three Months Ended March 31, 

 

(In thousands, except percentages)

2019

 

2018

 

$ Change

    

% Change

Subscription, license and support

$

10,502

 

$

7,212

 

$

3,290

 

46

%

Services

 

2,523

 

 

3,003

 

 

(480)

 

(16)

%

Total cost of revenue

$

13,025

 

$

10,215

 

$

2,810

 

28

%

Gross margin percentage:

 

 

 

 

 

 

 

 

 

 

 

Subscription, license and support

 

81

%  

 

84

%  

 

 

 

 

 

Services

 

(12)

 

 

 1

 

 

 

 

 

 

Total gross margin percentage

 

78

 

 

79

 

 

 

 

 

 

 

Cost of Subscription, License and Support Revenue

Cost of subscription, license and support revenue consists primarily of hosting costs associated with our cloud-based offerings, personnel-related costs for our support and hosting personnel, which includes salaries, benefits, bonuses, payroll taxes, stock-based compensation and allocated overhead costs. Also included in cost of subscription, license and support revenue are costs associated with amortization of capitalized software development costs for internal-use software and amortization of developed technology intangible assets related to our prior acquisitions.

We expect cost of subscription, license and support revenue to increase on an absolute dollar basis in the near term due to the acceleration of our cloud-based offerings. We expect to incur additional personnel-related costs, including salaries, benefits, bonuses, payroll taxes, stock-based compensation and allocated overhead costs, for employees who support our cloud-based subscriptions and hosting services. The hosting costs for our cloud-based offerings will also increase as the number of customers who purchase our cloud-based offerings increases.

Cost of subscription, license and support revenue increased 46% for the three months ended March 31, 2019 compared to the same period in 2018, primarily due to a $2.5 million increase in hosting costs related to our cloud-based products.

Cost of Services Revenue

Costs of services revenue consists of personnel-related costs for our professional services team, including salaries, benefits, bonuses, payroll taxes, stock-based compensation, travel expenses and allocated overhead costs. We recognize these costs for providing services when incurred. We expect the cost of services revenue to decrease as more customers purchase our cloud-based subscription products, which require fewer deployment services compared to our on-premise solutions.

Costs of services revenue decreased 16% for the three months ended March 31, 2019 compared to the same period in 2018, primarily due to a decrease in employee related costs resulting from a decrease in headcount.

Gross Margin Percentage

Total gross margin percentage for the three months ended March 31, 2019 remained flat compared to the same period in 2018. We experienced a slight decrease in gross margin percentage on our subscription license and support revenue primarily due to an increase in the number of customers purchasing our cloud-based subscription products during 2019 and the associated hosting and support personnel costs. We also experienced a decline in gross margin percentage on our services revenue. We expect gross margin percentage on our service revenue in future periods to continue to be at or near break-even.

32

 

Table of Contents

CARBON BLACK

MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION

AND RESULTS OF OPERATIONS

 

OPERATING EXPENSES

Our operating expenses primarily consist of expenses relating to sales and marketing, research and development and general and administrative. The following table presents operating expenses as of the periods indicated:

 

 

 

 

 

 

 

 

 

 

 

 

 

Three Months Ended March 31, 

(In thousands, except percentages)

2019

    

2018

 

$ Change

 

% Change

Operating expenses:

 

 

 

 

 

 

 

 

 

 

 

Sales and marketing

$

39,410

 

$

30,678

 

$

8,732

 

28

%

Research and development

 

18,377

 

 

14,922

 

 

3,455

 

23

 

General and administrative

 

8,088

 

 

10,426

 

 

(2,338)

 

(22)

 

Total operating expenses

$

65,875

 

$

56,026

 

$

9,849

 

18

 

Sales and Marketing Expenses

Sales and marketing expenses consist of personnel-related costs for our sales and marketing teams, including salaries, benefits, amortization of deferred commissions, bonuses, payroll taxes, stock-based compensation and other related costs. Additional expenses include costs of marketing activities and promotional events, travel, amortization of trade name and customer relationship intangible assets related to our prior acquisitions, and allocated overhead costs. We capitalize commission costs that are incremental and directly related to the acquisition of customer agreements. Commissions are earned by our sales force and paid in full upon the receipt of customer orders, or bookings, for new and add-on arrangements or renewals. Commission costs for new and add on arrangements are capitalized when earned and are amortized as expense over an estimated customer relationship period of five years. Commission costs for renewals are capitalized when earned and are amortized as expense over the related renewal period.

Sales and marketing expenses increased 28% for the three months ended March 31, 2019 compared to the same period in 2018, as we continue to support our current and anticipated revenue growth. This increase is primarily due to a $4.1 million increase in employee-related costs (including an increase of approximately $0.9 million in stock-based compensation) which resulted from an increase in our sales, marketing and business development headcount. The increase in sales and marketing expense also includes an increase of approximately $1.5 million in sales programs, an increase of approximately $1.2 million in spending on marketing programs and events, and an increase of approximately $0.9 million in amortization of deferred commissions. For full year 2019, we expect sales and marketing expense to remain relatively flat.

Channel Partners

In addition to our field sales staff, we have a dedicated channel team that works with our field and inside sales organizations to manage our relationships with channel partners and work with our channel partners to win end-use customers. As a result, our sales team works closely with our end-use customer prospects at every stage of the sales cycle regardless of whether the prospect is sourced directly or indirectly – from initial information meetings through the implementation of our products. This sales approach allows us to leverage the benefits of the channel while also building long-term, trusted relationships with our customers. Additionally we believe this approach delivers the security expertise and support that leads to full realization of the benefits of our technology platform. For the three months ended March 31, 2019, approximately 91% of our new and add-on business was closed in collaboration with a channel partner.

Research and Development

Research and development expense consists of personnel-related costs for our research and development team, including salaries, benefits, bonuses, payroll taxes, stock-based compensation and other related costs. Additional expenses include subcontracting for third-party engineering resources as well as allocated overhead costs.

Research and development expenses increased 23% for the three months ended March 31, 2019 compared to the same period in 2018, as we continue to invest in our technology architecture and software platform. The increase is primarily due to a $2.7 million increase in employee-related costs, including $0.5 million in stock-based compensation. We expect research and development expense to increase on an absolute dollar basis in the near term as we continue to increase investments in our technology architecture and software platform.

33

 

Table of Contents

CARBON BLACK

MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION

AND RESULTS OF OPERATIONS

 

General and Administrative

General and administrative expense consists of personnel-related costs for our executive, administrative, legal, human resources, security, finance and accounting personnel, including salaries, benefits, bonuses, payroll taxes, stock-based compensation and other related costs. Additional expenses include bad debt expense related to customer receivables, recruiting costs, professional fees, travel, insurance and allocated overhead costs.

General and administrative expenses decreased 22% during the three months ended March 31, 2019 compared to the same period in 2018, primarily due to a legal settlement of $3.9 million in the first quarter of 2018 relating to the settlement agreement with Finjan, partially offset by an increase of approximately $1.0 million in employee compensation. We expect general and administrative expense to remain flat in the near term.

 

OTHER INCOME (EXPENSE), NET

The following table summarizes other income (expense), net, for the periods indicated:

 

 

 

 

 

 

 

 

 

 

 

 

 

Three Months Ended March 31, 

(In thousands, except percentages)

2019

 

2018

 

$ Change

 

% Change

Other income (expense), net

 

 

 

 

 

 

 

 

 

 

 

Interest income

$

859

 

$

68

 

$

791

 

1,163

%

Interest expense

 

(31)

 

 

(23)

 

 

(8)

 

35

 

Net interest income

 

828

 

 

45

 

 

783

 

1,740

 

Change in fair value of warrant liability(1)

 

 -

 

 

(2,881)

 

 

2,881

 

(100)

 

Other income (expense), net

 

(105)

 

 

120

 

 

(225)

 

(188)

 

Total other income (expense), net

$

723

 

$

(2,716)

 

$

3,439

 

(127)

 

 

 

 

 

 

 

 

 

 

(1) Upon the closing of our IPO in May 2018, we no longer had any outstanding warrant liabilities.

Net Interest Income

Net interest income consists of interest income related to our invested balances of cash, cash equivalents and short-term investments, as well as interest expense related to our outstanding debt obligations and the amortization of deferred financing costs and debt discount associated with such arrangements.

The increase in net interest income for the three months ended March 31, 2019 compared to the same period in 2018, is primarily due to the interest earned on our short-term investments, which we began investing in during the third quarter of 2018.

Other Income (Expense), Net

Other income (expense), net historically consisted primarily of gains and losses related to the revaluation of certain of our outstanding warrant liabilities and foreign currency transactions gains and losses. As we no longer have any outstanding warrant liabilities, other income (expense), net for the three months ended March 31, 2019 reflects our gains and losses related to foreign currency transactions.

Provision for Income Taxes

Provision for income taxes for the three months ended March 31, 2019 was approximately $66 thousand, compared to a provision for income taxes of $71 thousand in the same period in 2018. The provision recognized in both periods was primarily due to foreign income taxes.

BACKLOG

We define backlog as contractually committed orders for our subscriptions and support services for which the associated revenue has not been recognized and the customer has not been invoiced. Amounts that have been invoiced but not yet recognized as revenue are reported as deferred revenue on our consolidated balance sheets and are not included in our calculation of backlog. As of March 31, 2019 and 2018, we had backlog of approximately $40.0 million and $41.8 million, respectively. Of the amount of backlog as of March 31, 2019, we expect that approximately $27.0 million will be invoiced to customers within the following twelve-months and will be initially recorded as deferred revenue.

34

 

Table of Contents

CARBON BLACK

MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION

AND RESULTS OF OPERATIONS

 

LIQUIDITY AND CAPITAL RESOURCES

Our primary sources of liquidity include cash, cash equivalents and short-term investments, which are reported on our consolidated balance sheet and held for working capital purposes. We consider all highly liquid investments with a maturity of three months or less when purchased to be cash equivalents, which currently consists of highly liquid investments in money market funds. Our short-term investments consist of commercial paper, U.S. treasury securities, corporate debt and asset-backed securities, and are classified as available-for sale on our consolidated balance sheet.

On May 8, 2018, we closed our IPO, in which we issued and sold 9,200,000 shares of common stock inclusive of the underwriters’ option to purchase additional shares that was exercised in full. The price to the public was $19.00 per share. We received aggregate proceeds of $162.6 million from the IPO, net of underwriters’ discounts and commissions, and before deducting offering costs of approximately $4.9 million.

Since our inception, we have generated significant losses and expect to continue to generate losses for the foreseeable future as we continue to grow our business. We believe that our existing cash, cash equivalents and short-term investments will be sufficient to meet our working capital expenditure requirements for at least the next 12 months. Our future capital requirements will depend on many factors, including our growth rate, our activities related to the acquisition of complementary businesses, technologies and assets, the timing and extent of spending to support research and development efforts, the expansion of sales and marketing activities, particularly internationally, and the introduction of new and enhanced products as we continue to innovate. In the event that additional financing is required from outside sources, we may be unable to raise the funds on acceptable terms, if at all. If we are unable to raise additional capital when desired, our business, operating results and financial condition could be adversely affected.

Line of Credit

We are party to a senior loan and security agreement with Silicon Valley Bank, or the line of credit, which, as amended, provides for $40 million in maximum borrowings. Borrowings under the line of credit accrue interest at Silicon Valley Bank’s prime rate and may be repaid and reborrowed until the line of credit expires on March 21, 2020, in which all outstanding amounts must be repaid. As of March 31, 2019 and 2018, we had no outstanding borrowings under the line of credit.

Sources and Uses of Liquidity

Our historical uses of cash have consisted of cash used for operating activities, such as expansion of our sales and marketing operations, research and development activities and other working capital needs, and cash used for investing activities including cash paid for business acquisitions and for purchases of property and equipment. The following data should be read in conjunction with our consolidated statement of cash flows included in this Form 10-Q.

The following table presents a summary of our cash flows for the periods indicated:

 

 

 

 

 

 

 

Three Months Ended March 31, 

(In thousands)

2019

    

2018

Net cash used in operating activities

$

(13,916)

 

$

(777)

Net cash provided by (used in) investing activities

 

12,066

 

 

(1,788)

Net cash provided by financing activities

 

6,862

 

 

178

Net increase (decrease) in cash, cash equivalents and restricted cash

$

5,012

 

$

(2,387)

Operating Activities

Cash provided by operating activities is net income adjusted for certain non-cash items and changes in assets and liabilities.

During the three months ended March 31, 2019, net cash used in operating activities was $13.9 million due to the increase in expenses as we continue to invest to grow our business and the impact of the timing of working capital items. Accounts receivable decreased $18.7 million due to cash collections, primarily of amounts we billed during the fourth quarter of 2018, partially offset by amounts we billed during the first quarter of 2019. Deferred revenue decreased $9.7 million due to amounts being recognized as revenue from deferred revenue partially offset by amounts we billed during the three months ended March 31, 2019. Accrued expenses decreased $7.5 million primarily due to the payment of the 2018 bonus amount during the first quarter of 2019.

35

 

Table of Contents

CARBON BLACK

MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION

AND RESULTS OF OPERATIONS

 

During the three months ended March 31, 2018, operating activities used $0.8 million of cash. Accounts receivable decreased $24.0 million due to cash collections, primarily of amounts we billed during the fourth quarter of 2017, partially offset by amounts we billed during the first quarter of 2018. Deferred revenue decreased $6.7 million due to amounts being recognized as revenue from deferred revenue partially offset by amounts we billed during the three months ended March 31, 2018. Accrued expenses decreased by $2.3 million primarily due to the payment of the 2017 bonus amount during the first quarter of 2018, partially offset by the $3.9 million accrual for the Finjan settlement. Prepaid expenses and other assets increased $1.9 million from our increased spending due to the growth of the business and the timing of software subscription renewals.

Investing Activities

Cash flows from investing activities primarily consist of capital expenditures; investment purchases and maturities; and capitalization of internal use software.

During the three months ended March 31, 2019, investing activities provided $12.1 million of cash, primarily due to maturities of short-term investments of $28.7 million partially offset by $15.9 of short-term investment purchases and $0.7 million of property and equipment purchases and internal-use software costs.

During the three months ended March 31, 2018, investing activities used $1.8 million of cash, consisting of purchases of property and equipment of $1.5 million and capitalization of internal-use software costs of $0.3 million. The purchases of property and equipment in 2018 were primarily related to the growth of our headcount and the general expansion of our business.

Financing Activities

Cash flows from financing activities primarily consist of common stock, and proceeds and payments from the sale of shares of common stock through employee equity incentive plans.

During the three months ended March 31, 2019, financing activities provided $6.9 million of cash, primarily due to $6.5 million of proceeds from the exercise of stock options.

During the three months ended March 31, 2018, financing activities provided $0.2 million of cash, primarily resulting from proceeds of $1.1 million from the exercise of stock options, partially offset by payments of $0.9 million of IPO costs.

CONTRACTUAL OBLIGATIONS AND COMMITMENTS

During the three months ended March 31, 2019, there have been no material changes outside the ordinary course of business to our contractual obligations and commitments from those disclosed in our 2018 Form 10-K. For additional information on our contractual obligations and commitments refer to Note 10 to our consolidated financial statements included in this Form 10-Q.

OFF-BALANCE SHEET ARRANGEMENTS

We do not have any relationships with unconsolidated entities or financial partnerships, including entities sometimes referred to as structured finance or special purpose entities that were established for the purpose of facilitating off-balance sheet arrangements or other contractually narrow or limited purposes. We do not engage in off-balance sheet financing arrangements. In addition, we do not engage in trading activities involving non-exchange traded contracts. We therefore believe that we are not materially exposed to any financing, liquidity, market or credit risk that could arise if we had engaged in these relationships.

CRITICAL ACCOUNTING POLICIES

Our consolidated financial statements are prepared in accordance with GAAP. The preparation of our consolidated financial statements requires us to make estimates, assumptions and judgments that affect the reported amounts of assets, liabilities, revenue, costs and expenses. We base our estimates and assumptions on historical experience and other factors that we believe to be reasonable under the circumstances. We evaluate our estimates and assumptions on an ongoing basis. Our actual results may differ materially from these estimates.

36

 

Table of Contents

CARBON BLACK

MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION

AND RESULTS OF OPERATIONS

 

Except for accounting policies related to our adoption of ASC 842, there have been no material changes to our critical accounting policies and estimates as compared to the critical accounting policies and estimates disclosed in our 2018 Form 10-K. For additional information on our critical accounting policies refer to Note 2 to our consolidated financial statements included in our 2018 Form 10-K.

RECENT ACCOUNTING PRONOUNCEMENTS

Information with respect to recent accounting developments is provided in Note 2 to the consolidated financial statements included in this Form 10-Q.

 

 

37

 

ITEM 3. QUALITATIVE AND QUANTITATIVE DISCLOSURES ABOUT MARKET RISK

There have been no material changes in our market risk from the information provided under “Quantitative and Qualitative Disclosures About Market Risk” in Part II, Item 7A of our 2018 Form 10-K.

ITEM 4. CONTROLS AND PROCEDURES

Evaluation of Disclosure Controls and Procedures

Our management, with the participation of our Chief Executive Officer and Chief Financial Officer, has evaluated the effectiveness of our disclosure controls and procedures (as defined in Rules 13a-15(e) and 15d-15(e) under the Securities Exchange Act of 1934, as amended, or the Exchange Act), as of the end of the period covered by this Quarterly Report on Form 10-Q. In designing and evaluating our disclosure controls and procedures, management recognizes that any controls and procedures, no matter how well designed and operated, can provide only reasonable assurance of achieving the desired control objectives. In addition, the design of disclosure controls and procedures and internal control over financial reporting must reflect the fact that there are resource constraints and that management is required to apply its judgment in evaluating the benefits of possible controls and procedures relative to their costs.

Based on management’s evaluation as of the end of the period covered by this Quarterly Report on Form 10-Q, our principal executive officer and principal financial officer have concluded that as of such date, our disclosure controls and procedures were effective to provide reasonable assurance that information required to be disclosed by us in the reports that we file or submit under the Exchange Act is recorded, processed, summarized, and reported within the time periods specified in the SEC’s rules and forms and to provide reasonable assurance that such information is accumulated and communicated to our management, including our principal executive officer and principal financial officer, as appropriate, to allow timely decisions regarding required disclosures.

Changes in Internal Control over Financial Reporting

Except for the implementation of certain controls related to the adoption of ASC 842, there were no changes in our internal control over financial reporting (as defined in Rules 13a-15(f) and 15d-15(f) under the Exchange Act) during the period covered by this Quarterly Report on Form 10-Q that have materially affected, or are reasonably likely to materially affect, our internal control over financial reporting.

38

 

PART II — OTHER INFORMATION

ITEM 1. LEGAL PROCEEDINGS

The information contained in Note 10 to the Consolidated Financial Statements included in Part I, Item 1 of this Form 10-Q is incorporated by reference herein.

ITEM 1A. Risk Factors

A description of the risks and uncertainties associated with our business and industry is set forth below. You should carefully consider the risks and uncertainties described below, together with all of the other information in this Form 10‑Q, including the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and our consolidated financial statements and related notes included elsewhere in this Form 10‑Q. The risks and uncertainties described below are not the only ones we face. Additional risks and uncertainties that we are unaware of may also become important factors that adversely affect our business. If any of the following risks actually occur, our business, financial condition, results of operations and future prospects could be adversely affected. In that event, the market price of our stock could decline, perhaps significantly.

Risks Related to Our Business and Industry

We are a rapidly growing company, which makes it difficult to evaluate our future prospects.

We are a rapidly growing company. Our ability to forecast our future operating results is subject to a number of uncertainties, including our ability to plan for and model future growth. We have encountered and will continue to encounter risks and uncertainties frequently experienced by growing companies in rapidly evolving industries. If our assumptions regarding these uncertainties, which we use to plan our business, are incorrect or change in reaction to changes in our markets, or if we do not address these risks successfully, our operating and financial results could differ materially from our expectations, our business could suffer and the trading price of our stock may decline.

We have not been profitable historically and may not achieve or maintain profitability in the future.

We have incurred net losses in each year since inception, including net losses of $19.7 million and $20.6 million for the three months ended March 31, 2019 and 2018, respectively. As of March  31, 2019, we had an accumulated deficit of $557.2 million. While we have experienced significant revenue growth in recent periods, we are not certain whether or when we will obtain a high enough volume of sales of our products to sustain or increase our growth or achieve or maintain profitability in the future. We also expect our costs to increase in future periods, which could negatively affect our future operating results if our revenue does not increase. In particular, we expect to continue to expend substantial financial and other resources on:

·

research and development related to our products, including investments in our research and development team;

·

sales and marketing both domestically and internationally;

·

continued international expansion of our business; and

·

general administration expenses, including legal and accounting expenses related to being a public company.

These investments may not result in increased revenue or growth in our business. We expect to continue to devote research and development resources to our on-premise solutions; if our customers and potential customers shift their information technology, or IT, infrastructures to the cloud faster than we anticipate, we may not realize our expected return from the costs we incur. If we are unable to increase our revenue at a rate sufficient to offset the expected increase in our costs, our business, financial position and results of operations will be harmed, and we may not be able to achieve or maintain profitability over the long term. Additionally, we may encounter unforeseen operating expenses, difficulties, complications, delays and other unknown factors that may result in losses in future periods. If our revenue growth does not meet our expectations in future periods, our financial performance may be harmed, and we may not achieve or maintain profitability in the future.

If we are unable to sustain our revenue growth rate, we may not achieve or maintain profitability in the future.

Our revenue grew from $48.4 million for the three months ended March 31, 2018 to $58.6 million for the same period in 2019, representing a 21% annual growth rate. Although we have experienced rapid growth historically and currently have high customer retention rates, we may not continue to grow as rapidly in the future and our customer retention rates may decline. Any success that we may experience in the future will depend in large part on our ability to, among other things:

·

maintain and expand our customer base;

·

increase revenues from existing customers through increased or broader use of our products within their organizations;

·

maintain and expand strategic partnerships with our channel partners;

·

improve the performance and capabilities of our products through research and development;

39

 

·

continue to develop our cloud-based solutions;

·

attract and retain high performing personnel;

·

continue to successfully expand our business domestically and internationally;

·

successfully identify and consummate acquisitions of complementary businesses, technology and assets; and

·

successfully compete with other companies.

If we are unable to maintain consistent revenue or revenue growth, our stock price could be volatile, and it may be difficult to achieve and maintain profitability. You should not rely on our revenue for any prior quarterly or annual periods as any indication of our future revenue or revenue growth.

Our quarterly financial results, including our billings and deferred revenue, may fluctuate for a variety of reasons, including our failure to close significant sales before the end of a particular quarter.

A meaningful portion of our revenue is generated by significant sales to new customers and sales of additional products to existing customers. Purchases of our solutions often occur during the last month of each quarter, particularly in the last quarter of the year. In addition, our sales cycle can last several months from proof of concept to contract negotiation, to delivery of our solution to our customers, and this sales cycle can be even longer, less predictable and more resource-intensive for larger sales. Customers may also require additional internal approvals or seek to test our products for a longer trial period before deciding to purchase our solutions. As a result, the timing of individual sales can be difficult to predict. In some cases, sales have occurred in a quarter subsequent to those we anticipated, or have not occurred at all, which can significantly impact our quarterly financial results and make it more difficult to meet market expectations.

In addition to the sales cycle-related fluctuations noted above, our financial results, including our billings and deferred revenue, will continue to vary as a result of a number of factors, many of which are outside of our control and may be difficult to predict, including:

·

our ability to attract and retain new customers;

·

our ability to sell additional products to existing customers;

·

our ability to expand into adjacent and complementary markets;

·

changes in customer or channel partner requirements or market needs;

·

changes in the growth rate of the next-generation endpoint security market;

·

the timing and success of new product introductions by us or our competitors, or any other change in the competitive landscape of the next-generation endpoint security market, including consolidation among our customers or competitors;

·

a disruption in, or termination of, any of our relationships with channel partners;

·

our ability to successfully expand our business globally;

·

reductions in customer retention rates;

·

changes in our pricing policies or those of our competitors;

·

general economic conditions in our markets;

·

future accounting pronouncements or changes in our accounting policies or practices;

·

the amount and timing of our operating costs, including cost of goods sold;

·

a change in our mix of products and services, including shifts to cloud-based products offered through a software-as-a-service model; and

·

increases or decreases in our revenue and expenses caused by fluctuations in foreign currency exchange rates.

Any of the above factors, individually or in the aggregate, may result in significant fluctuations in our financial and other operating results from period to period. These fluctuations could result in our failure to meet our operating plan or the expectations of investors or analysts for any period. If we fail to meet such expectations for these or other reasons, the trading price of our common stock could fall substantially, and we could face costly lawsuits, including securities class action suits.

We recognize substantially all of our revenue ratably over the term of our subscription agreements with customers and, as a result, downturns or upturns in sales may not be immediately reflected in our operating results.

We recognize substantially all of our revenue ratably over the terms of our agreements with customers, which generally occur over a one- or three-year period. As a result, a substantial portion of the revenue that we report in each period will be derived from the recognition of deferred revenue relating to agreements entered into during previous periods. Consequently, a decline in new sales or renewals in any one period may not be immediately reflected in our revenue results for that period. This decline, however, will negatively affect our revenue in future periods. Accordingly, the effect of significant downturns in sales and market acceptance of our products, and potential changes in our rate of renewals may not be fully reflected in our results of operations until future periods. Our model also makes it difficult for us to rapidly increase our revenue through additional sales in any period, as revenue from new customers generally will be recognized over the term of the applicable agreement.

40

 

We also intend to increase our investment in research and development, sales and marketing and general and administrative functions and other areas to grow our business. These costs are generally expensed as incurred (with the exception of sales commissions), as compared to our revenue, substantially all of which is recognized ratably in future periods.

We are likely to recognize the costs associated with these increased investments earlier than some of the anticipated benefits and the return on these investments may be lower, or may develop more slowly, than we expect, which could adversely affect our operating results.

We face intense competition in our market, especially from larger, well-established companies, and we may lack sufficient financial or other resources to maintain or improve our competitive position.

Our market is large, highly competitive, fragmented and subject to rapidly evolving technology, shifting customer needs and frequent introductions of new solutions. We expect competition to increase in the future from both established competitors and new market entrants. Our current competitors include legacy antivirus solution providers, such as McAfee and Symantec Corporation, established network security providers, such as Palo Alto Networks, Inc., FireEye, Inc. and Cisco Systems, Inc., and privately held companies, such as Crowdstrike and Cylance (recently acquired by BlackBerry Limited). New startup companies, as well as established public and private companies, have entered or are currently attempting to enter the next-generation endpoint security market, some of which are or may become significant competitors in the future.

Many of our existing competitors have, and some of our potential competitors could have, substantial competitive advantages such as:

·

greater name recognition and longer operating histories;

·

larger sales and marketing budgets and resources;

·

broader distribution and established relationships with distribution partners and customers;

·

greater customer support resources;

·

greater resources to make acquisitions;

·

lower labor and development costs;

·

larger and more mature intellectual property portfolios; and

·

substantially greater financial, technical and other resources.

In addition, some of our larger competitors have substantially broader and more diverse product offerings and leverage their relationships based on their installed products or incorporate functionality into existing products to gain business in a manner that discourages users from purchasing our products, including by selling their products at zero or negative margins, product bundling or closed technology platforms. Potential customers may also prefer to purchase from their existing suppliers rather than a new supplier regardless of product performance or features. These larger competitors often have broader product lines and market focus and may therefore not be as susceptible to downturns in a particular market. Some of our smaller competitors that specialize in providing point solutions focused on narrow security problems are able to deliver these specialized security solutions to the market on a faster cadence than a typical enterprise class solution. Conditions in our market could change rapidly and significantly as a result of technological advancements, partnering by our competitors or continuing market consolidation. New start-up companies that innovate and large competitors that are making significant investments in research and development may invent similar or superior products and technologies that compete with our products and technology. Our current and potential competitors may also establish cooperative relationships among themselves or with third parties that may further enhance their resources.

Some of our competitors have made acquisitions of businesses that may allow them to offer more directly competitive and comprehensive solutions than they had previously offered. As a result of such acquisitions, our current or potential competitors might be able to adapt more quickly to new technologies and customer needs, devote greater resources to the promotion or sale of their products and services, initiate or withstand substantial price competition, take advantage of acquisition or other opportunities more readily, or develop and expand their product and service offerings more quickly than we do. For various reasons, organizations may be more willing to incrementally add our competitors’ products to their existing security infrastructure instead of incorporating our products. These competitive pressures in our market or our failure to compete effectively may result in price reductions, fewer orders, reduced revenue and gross margins, and loss of market share. Any failure to meet and address these factors could seriously harm our business and operating results.

The next-generation endpoint security market is new and evolving, and may not grow as expected.

We believe our future success will depend in large part on the growth, if any, in the market for next-generation endpoint security products. This market is new and evolving, and as such, it is difficult to predict important market trends, including its potential growth, if any. To date, enterprise and corporate cyber security budgets have allocated a majority of dollars to prevention-centric threat protection solutions, such as network, endpoint and web security products designed to stop threats from penetrating corporate networks. Organizations that use these security products may be satisfied with such existing security products and, as a result, these organizations may not adopt our solutions in addition to, or in lieu of, security products they currently use.

41

 

Further, sophisticated cyber attackers are skilled at adapting to new technologies and developing new methods of gaining access to organizations’ sensitive business data, and changes in the nature of advanced cyber threats could result in a shift in IT budgets away from products such as ours. In addition, while recent high visibility attacks on prominent enterprises and governments have increased market awareness of the problem of cyber attacks, if cyber attacks were to decline, or enterprises or governments perceived that the general level of cyber attacks has declined, our ability to attract new customers and expand our sales to existing customers could be materially and adversely affected. If products such as ours are not viewed by organizations as necessary, or if customers do not recognize the benefit of our products as a critical element of an effective cyber security strategy, our revenue may not grow as quickly as expected, or may decline, and the trading price of our stock could suffer.

In addition, it is difficult to predict customer adoption and retention rates, customer demand for our products, the size and growth rate of the market for next-generation endpoint security, the entry of competitive products or the success of existing competitive products. Any expansion in our market depends on a number of factors, including the cost, performance and perceived value associated with our products and those of our competitors. If these products do not achieve widespread adoption or there is a reduction in demand for products in our market caused by a lack of customer acceptance, technological challenges, competing technologies, products, decreases in corporate spending, weakening economic conditions or otherwise, it could result in reduced customer orders, early terminations, reduced customer retention rates or decreased revenue, any of which would adversely affect our business operations and financial results. You should consider our business and prospects in light of the risks and difficulties we encounter in this new and evolving market.

Forecasts of our market and market growth may prove to be inaccurate, and even if the markets in which we compete achieve the forecasted growth, there can be no assurance that our business will grow at similar rates, or at all.

Growth forecasts that we disclose relating to our market opportunities, including our primary endpoint security market and adjacent security markets, and the expected growth thereof are subject to significant uncertainty and are based on assumptions and estimates which may prove to be inaccurate. Even if these markets meet our size estimate and experience the forecasted growth, we may not grow our business at a similar rate, or at all. Our growth is subject to many factors, including our success in implementing our business strategy and ability to penetrate adjacent security markets, which is subject to many risks and uncertainties. Accordingly, the forecasts of market growth that we disclose should not be taken as indicative of our future growth.

If our products fail or are perceived to fail to detect cyber attacks, or if our products contain undetected errors or defects, our brand and reputation could be harmed, which could have an adverse effect on our business and results of operations.

If our products fail or are perceived to fail to detect cyber attacks, including advanced attacks that have never been seen before, in our customers’ endpoints and cyber security infrastructure, or if our products fail to identify and respond to new and increasingly complex methods of cyber attacks, our business and reputation may suffer. There is no guarantee that our products will detect all cyber attacks, especially in light of the rapidly changing security landscape to which we must respond. For example, in August 2017, a blog post alleged a product defect in our CB Response product. We issued a press release stating that the allegation was incorrect, but in the course of evaluating the alleged defect, we uncovered and fixed another defect in our product. We cannot guarantee that our products will not contain undetected errors or defects in the future. Additionally, our products may falsely detect cyber attacks or threats that do not actually exist. For example, our products rely on third-party reports of identified security threats and information provided by an active community of security professionals. If the information from these third parties is inaccurate, the potential for false indications of security cyber attacks increases. These false positives, while typical in the industry, may impair the perceived reliability of our products, and may therefore adversely impact market acceptance of our products, and could result in negative publicity, loss of customers and sales and increased costs to remedy any problem.

Our products, which are complex, may also contain undetected errors or defects when first introduced or as new versions are released. We have experienced these errors or defects in the past in connection with new products and product upgrades. We expect that these errors or defects will be found from time to time in the future in new or enhanced products after commercial release. Defects may cause our products to be vulnerable to attacks, cause them to fail to detect cyber attacks, or temporarily interrupt customers’ networking traffic. Any errors, defects, disruptions in service or other performance problems with our products may damage our customers’ business and could hurt our reputation. If our products fail to detect cyber attacks for any reason, we may incur significant costs, the attention of our key personnel could be diverted, our customers may delay or withhold payment to us or elect not to renew or other significant customer relations problems may arise.

We may also be subject to liability claims for damages related to errors or defects in our products. A material liability claim or other occurrence that harms our reputation or decreases market acceptance of our products may harm our business and operating results. Although we have limitation of liability provisions in our terms and conditions of sale, they may not fully or effectively protect us from claims as a result of federal, state, or local laws or ordinances, or unfavorable judicial decisions in the U.S. or other countries. The sale and support of our products also entails the risk of product liability claims. We maintain insurance to protect against certain claims associated with the

42

 

use of our products, but our insurance coverage may not adequately cover any claim asserted against us. In addition, even claims that ultimately are unsuccessful could result in our expenditure of funds in litigation, divert management’s time and other resources, and harm our business and reputation.

We rely on channel partners, such as managed security service providers, incident response firms and security-focused value added resellers, to generate a significant portion of our revenue. If we fail to maintain successful relationships with our channel partners, or if our channel partners fail to perform, our ability to market, sell and distribute our products will be limited, and our business, financial position and results of operations will be harmed.

In addition to our direct sales force, we rely on our channel partners to sell our products. A majority of our revenue is generated by our channel partners, including managed service security providers, incident response firms and value added resellers. In addition, in the three months ended March 31, 2019, 91% of our new and add-on business was closed in collaboration with our channel partners. We expect to continue to focus on generating sales to new and existing customers through our channel partners as a part of our growth strategy.

We provide our sales channel partners with specific training and programs to assist them in selling our products, but there can be no assurance that these steps will be effective. In addition, our channel partners may be unsuccessful in marketing, selling and supporting our products. If we are unable to develop and maintain effective sales incentive programs for our third-party channel partners, we may not be able to incentivize these partners to sell our products to customers and, in particular, to large enterprises. Our agreements with our channel partners are generally non-exclusive and these partners may also market, sell and support products that are competitive with ours and may devote more resources to the marketing, sales and support of such competitive products. These partners may have incentives to promote our competitors’ products to the detriment of our own or may cease selling our products altogether. Our channel partners may cease or deemphasize the marketing of our products with limited or no notice and with little or no penalty. Our agreements with our channel partners may generally be terminated for any reason by either party with advance notice prior to each annual renewal date. We cannot be certain that we will retain these channel partners or that we will be able to secure additional or replacement channel partners. The loss of one or more of our significant channel partners or a decline in the number or size of orders from them could harm our operating results. In addition, any new sales channel partner requires extensive training and may take several months or more to achieve productivity. Our channel partner sales structure could subject us to lawsuits, potential liability and reputational harm if, for example, any of our channel partners misrepresent the functionality of our products, subscriptions or services to customers or violate laws or our corporate policies.

If we fail to effectively manage our existing sales channels, or if our channel partners are unsuccessful in fulfilling the orders for our products, or if we are unable to enter into arrangements with, and retain a sufficient number of, high quality channel partners in each of the regions in which we sell products and keep them motivated to sell our products, our ability to sell our products and operating results will be harmed. The termination of our relationship with any significant channel partner may also adversely impact our sales and operating results.

If we are unable to acquire new customers, our future revenues and operating results will be harmed.

Our success depends on our ability to acquire new customers, including large enterprise customers. If we are unable to attract a sufficient number of new customers, we may be unable to generate revenue growth at desired rates. Many enterprise customers operate in increasingly complex IT environments and require additional features and functionality, as well as higher levels of support than smaller customers. If our solutions are perceived as insufficient to meet the needs of large enterprises, we may be limited in our ability to acquire large enterprise customers. The next-generation endpoint security market is competitive and many of our competitors have substantial financial, personnel and other resources that they utilize to develop solutions and attract customers. As a result, it may be difficult for us to add new customers to our customer base. Competition in the marketplace may also lead us to win fewer new customers or result in us providing discounts and other commercial incentives. Additional factors that impact our ability to acquire new customers include the perceived need for next-generation endpoint security, the size of our prospective customers’ IT budgets, the utility and efficacy of our existing and new products, whether proven or perceived, and general economic conditions. These factors may have a meaningful negative impact on future revenues and operating results.

If we are unable to sell additional products to our customers and maintain and grow our customer retention rates, our future revenue and operating results will be harmed.

Our future success depends, in part, on our ability to expand the deployment of our products with existing customers by selling them additional products. This may require increasingly sophisticated and costly sales efforts and may not result in additional sales. In addition, the rate at which our customers purchase additional products depends on a number of factors, including the perceived need for additional next-generation endpoint security as well as general economic conditions. If our efforts to sell additional products to our customers are not successful, our business may suffer.

Further, to maintain or improve our operating results, it is important that our customers renew their agreements with us when the existing term expires. Our customers have no obligation to renew their agreements upon expiration of the applicable contract term, and we

43

 

cannot provide assurance that customers will renew subscription agreements. The rate of customer retention may decline or fluctuate as a result of a number of factors, including our customers’ satisfaction or dissatisfaction with our products, the effectiveness of our customer support services, our pricing, the prices of competing products, subscriptions or services, mergers and acquisitions affecting our customer base, or reductions in our customers’ budgets and spending levels. If our end-use customers do not renew their agreements, or renew on less favorable terms, our revenue may decline, our business may suffer, and we may not realize improved operating results from our customer base.

If we do not successfully anticipate market needs and enhance our existing products or develop new products that meet those needs on a timely basis, we may not be able to compete effectively and our ability to generate revenues will suffer.

Our customers operate in markets characterized by rapidly changing technologies and business plans, which require them to adapt to increasingly complex IT infrastructures that incorporate a variety of hardware, software applications, operating systems and networking protocols. As our customers’ technologies and business plans grow more complex, we expect them to face new and increasingly sophisticated methods of attack. We face significant challenges in ensuring that our products effectively identify and respond to these advanced and evolving attacks without disrupting the performance of our customers’ IT infrastructures. As a result, we must continually modify and improve our products in response to changes in our customers’ IT infrastructures.

We cannot guarantee that we will be able to anticipate future market needs and opportunities or be able to develop product enhancements or new products to meet such needs or opportunities in a timely manner, if at all. Even if we are able to anticipate, develop and commercially introduce enhancements and new products, there can be no assurance that enhancements or new products will achieve widespread market acceptance.

New products, as well as enhancements to our existing products, could fail to attain sufficient market acceptance for many reasons, including:

·

delays in releasing new products, or product enhancements;

·

failure to accurately predict market demand and to supply products that meet this demand in a timely fashion;

·

inability to integrate effectively with the existing or newly introduced technologies, systems or applications of our existing and prospective customers;

·

inability to protect against new types of attacks or techniques used by cyber attackers or other data thieves;

·

defects in our products, errors or failures of our products;

·

negative publicity or perceptions about the performance or effectiveness of our products;

·

introduction or anticipated introduction of competing products by our competitors;

·

installation, configuration or usage errors by our customers;

·

easing or changing of regulatory requirements related to security; and

·

reluctance of customers to purchase products incorporating open source software.

If we fail to anticipate market requirements or fail to develop and introduce product enhancements or new products to meet those needs in a timely manner, it could cause us to lose existing customers and prevent us from gaining new customers, which would significantly harm our business, financial condition and results of operations.

While we continue to invest significant resources in research and development to ensure that our products continue to address the cyber security risks that our customers face, the introduction of products embodying new technologies could also render our existing products or services obsolete or less attractive to customers. If we spend significant time and effort on research and development and are unable to generate an adequate return on our investment, our business and results of operations may be materially and adversely affected.

If our products do not effectively integrate with our customers’ IT infrastructure, or if our technology partners no longer support our products or allow us to integrate with their programs, our business could suffer.

Our products must effectively integrate with our customers’ existing or future IT infrastructure, which often has different specifications, utilizes multiple protocol standards, deploys products from multiple vendors and contains multiple generations of products that have been added over time. As a result, when problems occur in a network, it may be difficult to identify the sources of these problems. If we find errors in the existing software or defects in the hardware used in our customers’ infrastructure or problematic network configurations or settings, we may have to modify our software or hardware so that our products will integrate with our customers’ infrastructure. In such cases, our products may be unable to provide significant performance improvements for applications deployed in our customers’ infrastructure. These issues could cause longer installation times for our products and could cause order cancellations, either of which would adversely affect our business, results of operations and financial condition. Additionally, any changes in our customers’ IT infrastructure that degrade the functionality of our products or services or give preferential treatment to competitive software could adversely affect the adoption and usage of our products.

44

 

Further, if our technology partners no longer support our products or allow us to integrate with customers’ IT infrastructure, or if we do not maintain these integrations, the functionality of our products may be reduced and our products may not be as marketable to certain existing and potential customers.

If our products are late in achieving or fail to achieve compliance with these certifications and standards, or our competitors achieve compliance with these certifications and standards, we may be disqualified from selling our products to such customers, or may otherwise be at a competitive disadvantage, either of which would harm our business, results of operations and financial condition.

If our products fail to help our customers achieve and maintain compliance with regulations and/or industry standards, our revenue and operating results could be harmed.

We generate a portion of our revenue from our product offerings that help organizations achieve and maintain compliance with regulations and industry standards both domestically and internationally. For example, many of our customers subscribe to our product offerings to help them comply with the security standards developed and maintained by the Payment Card Industry Security Standards Council, or the PCI Council, which apply to companies that process, transmit or store cardholder data. In addition, our product and service offerings are used by customers in the healthcare industry to help them comply with numerous federal and state laws and regulations related to patient privacy. In particular, the Health Insurance Portability and Accountability Act of 1996, or HIPAA, and the 2009 Health Information Technology for Economic and Clinical Health Act include privacy and data security standards that protect individual privacy by limiting the uses and disclosures of individually identifiable health information and implementing data security standards. The foregoing and other state, federal and international legal and regulatory regimes may affect our customers’ requirements for, and demand for, our products and professional services. Governments and industry organizations, such as the PCI Council, may also adopt new laws, regulations or requirements, or make changes to existing laws or regulations, that could impact the demand for, or value of, our products. If we are unable to adapt our products to changing legal and regulatory standards or other requirements in a timely manner, or if our products fail to assist with, or expedite, our customers’ cyber security defense and compliance efforts, our customers may lose confidence in our products, and could switch to products offered by our competitors or threaten or bring legal actions against us. In addition, if laws, regulations or standards related to data security, vulnerability management and other IT security and compliance requirements are relaxed or the penalties for non-compliance are changed in a manner that makes them less onerous, our customers may view government and industry regulatory compliance as less critical to their businesses, and our customers may be less willing to purchase our products. In any of these cases, our revenue and operating results could be harmed.

In addition, government and other customers may require our products to comply with certain privacy and security regulations, or other certifications and standards. If our products are late in achieving or fail to achieve or maintain compliance with these certifications and standards, or our competitors achieve compliance with these certifications and standards, we may be disqualified from selling our products to such customers, or may otherwise be at a competitive disadvantage, either of which would harm our business, results of operations and financial condition.

As a cyber security provider, we have been, and expect to continue to be, a target of cyber attacks that could adversely impact our reputation and operating results.

We will not succeed unless the marketplace is confident that we provide effective next-generation endpoint security protection. Because we sell next-generation endpoint security solutions, we may be an attractive target for attacks by cyber attackers or other data thieves, since a breach of our system could provide information regarding us or our customers. Accordingly, we have been, and expect to continue to be, a target of cyber attacks designed to interrupt or impede the performance of our products or the security of our cloud platform, penetrate our network security or our internal systems, or those of our customers, or to misappropriate proprietary information. For example, in 2012, we were subject to an unauthorized breach of one of our computer systems that was not protected by our platform. As a result of this attack, which we discovered in January 2013, a malicious third party gained temporary access to one of our digital code-signing certificates. This third party then used this certificate to sign malware that would not be blocked by our CB Protection security software. That malware was installed on the computers of several of our customers. While we have undertaken substantial remedial efforts to prevent similar incidents from occurring in the future, we cannot guarantee that we will not be the target of additional cyber attacks and that future cyber attacks will not be successful.

We have experienced increased visibility as a public company, which could have the effect of attracting the attention of more cyber attackers than would otherwise target us. If our systems are breached, attackers could learn critical information about how our products operate to help protect our customers’ endpoints, thereby making our customers more vulnerable to cyber attacks. In addition, if actual or perceived breaches of our platform occur, they could adversely affect the market perception of our products, negatively affecting our reputation, and may expose us to the loss of our proprietary information or information belonging to our customers, investigations or litigation and possible liability, including injunctive relief and monetary damages. Such security breaches could also divert the efforts of our

45

 

technical and management personnel. In addition, such security breaches could impair our ability to operate our business and provide products to our customers. If this happens, our reputation could be harmed, our revenue could decline and our business could suffer.

Our business and operations are experiencing rapid growth, and if we do not appropriately manage our future growth, or are unable to scale our systems and processes, our operating results may be negatively affected.

We are a rapidly growing company. To manage future growth effectively, and in connection with our transition to being a public company, we will need to continue to improve and expand our internal IT systems, financial infrastructure and operating and administrative systems and controls, which we may not be able to do efficiently, in a timely manner or at all. Any future growth would add complexity to our organization and require effective coordination across our organization. Failure to manage any future growth effectively could result in increased costs, harm our results of operations and lead to investors losing confidence in our internal systems and processes.

If we are not successful in our continued international expansion, our operating results may be negatively affected.

We have a limited history of marketing, selling and supporting our products internationally. In the three months ended March 31, 2019, we generated approximately 19% of our revenue from customers located outside of the U.S. Our growth strategy is dependent, in part, on our continued international expansion. We expect to conduct a significant amount of our business with organizations that are located outside the U.S., particularly in Europe and Asia. As a result, we must hire and train experienced personnel to staff and manage our foreign operations. To the extent that we experience difficulties in recruiting, training, managing and retaining international employees, particularly managers and other members of our international sales team, we may experience difficulties in sales productivity in, or market penetration of, foreign markets. We also enter into strategic distributor and reseller relationships with companies in certain international markets where we do not have a local presence. If we are not able to maintain successful strategic distributor relationships with our international channel partners or recruit additional channel partners, our future success in these international markets could be limited. Business practices in the international markets that we serve may differ from those in the U.S. and may require us to include non-standard terms in customer contracts. To the extent that we enter into customer contracts in the future that include non-standard terms related to payment or performance obligations, our results of operations may be adversely impacted.

Our business, including the sales of our products by us and our channel partners, may be subject to foreign governmental regulations, which vary substantially from country to country and change from time to time. Our failure, or the failure by our channel partners, to comply with these regulations could adversely affect our business. Further, in many foreign countries it is common for others to engage in business practices that are prohibited by our internal policies and procedures or U.S. regulations applicable to us. Although we have implemented policies and procedures designed to comply with these laws and policies, there can be no assurance that our employees, contractors, channel partners and agents have complied, or will comply, with these laws and policies. Violations of laws or key control policies by our employees, contractors, channel partners or agents could result in delays in revenue recognition, financial reporting misstatements, fines, penalties or the prohibition of the importation or exportation of our products, and could have a material adverse effect on our business and results of operations. If we are unable to successfully manage the challenges of international expansion and operations, our business and operating results could be adversely affected.

Additionally, our international sales and operations are subject to a number of risks, including the following:

·

greater difficulty in enforcing contracts and managing collections, as well as longer collection periods;

·

higher costs of doing business internationally, including costs incurred in establishing and maintaining office space and equipment for our international operations;

·

fluctuations in exchange rates between the U.S. dollar and foreign currencies in markets where we do business;

·

management communication and integration problems resulting from cultural and geographic dispersion;

·

costs associated with language localization of our products;

·

risks associated with trade restrictions and foreign legal requirements, including any importation, certification and localization of our products that may be required in foreign countries;

·

greater risk of unexpected changes in regulatory practices, tariffs and tax laws and treaties;

·

costs of compliance with foreign laws and regulations and the risks and costs of non-compliance with such laws and regulations, including, but not limited to data privacy, data protection and data security regulations;

·

compliance with anti-bribery laws, including, without limitation, the U.S. Foreign Corrupt Practices Act of 1977, as amended, the U.S. Travel Act and the UK Bribery Act 2010, violations of which could lead to significant fines, penalties and collateral consequences for our company;

·

heightened risk of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of, or irregularities in, financial statements;

·

the uncertainty of protection for intellectual property rights in some countries;

·

general economic and political conditions in these foreign markets, including political and economic instability in some countries;

46

 

·

foreign exchange controls or tax regulations that might prevent us from repatriating cash earned outside the U.S. and

·

double taxation of our international earnings and potentially adverse tax consequences due to changes in the tax laws of the U.S. or the foreign jurisdictions in which we operate.

These and other factors could harm our ability to generate future international revenue and, consequently, materially impact our business, results of operations and financial condition.

We provide service level commitments for cloud-based delivery of our products and support. Any future service disruption could obligate us to provide service credits and we could face subscription or support agreement terminations, which could adversely affect our revenue.

Our agreements with customers provide certain service level commitments, including with respect to uptime requirements for cloud-based delivery of our services and response time for support. If we are unable to meet the stated service level commitments or suffer extended periods of downtime that exceed the periods allowed under our customer agreements, we could be required to provide service credits or face subscription terminations, either of which could significantly impact our revenue.

Our customers depend on our customer support team to resolve technical issues relating to our products. We may be unable to respond quickly enough to accommodate short-term increases in customer demand for support services. Increased customer demand for these services, without corresponding revenue, could increase costs and adversely affect our operating results. Any failure to maintain high-quality customer support, or a market perception that we do not maintain high-quality support, could adversely affect our reputation and our ability to sell our products to existing and prospective customers, or could result in terminations of existing customer agreements.

We are dependent on the continued services and performance of our senior management and other key employees, as well as on our ability to successfully hire, train, manage and retain qualified personnel, especially those in sales and marketing and research and development.

Our future performance depends on the continued services and contributions of our senior management, particularly Patrick Morley, our President and Chief Executive Officer, and other key employees to execute on our business plan and to identify and pursue new opportunities and product innovations. We do not maintain key man insurance for any of our executive officers or key employees. From time to time, there may be changes in our senior management team resulting from the termination or departure of our executive officers and key employees. Our senior management and key employees are generally employed on an at-will basis, which means that they could terminate their employment with us at any time. The loss of the services of our senior management, particularly Mr. Morley, or other key employees for any reason could significantly delay or prevent our development or the achievement of our strategic objectives and harm our business, financial condition and results of operations.

Our ability to successfully pursue our growth strategy will also depend on our ability to attract, motivate and retain our personnel, especially those in sales and marketing and research and development. We face intense competition for these employees from numerous technology, software and other companies, especially in certain geographic areas in which we operate, and we cannot ensure that we will be able to attract, motivate and/or retain additional qualified employees in the future. If we are unable to attract new employees and retain our current employees, we may not be able to adequately develop and maintain new products, or market our existing products at the same levels as our competitors and we may, therefore, lose customers and market share. Our failure to attract and retain personnel, especially those in sales and marketing, research and development and engineering positions, could have an adverse effect on our ability to execute our business objectives and, as a result, our ability to compete could decrease, our operating results could suffer and our revenue could decrease. Even if we are able to identify and recruit a sufficient number of new hires, these new hires will require significant training before they achieve full productivity and they may not become productive as quickly as we would like, or at all.

If we do not effectively expand, train and retain qualified sales and marketing personnel, we may be unable to acquire new customers or sell additional products to successfully pursue our growth strategy.

We depend significantly on our sales force to attract new customers and expand sales to existing customers. As a result, our ability to grow our revenue depends in part on our success in recruiting, training and retaining sufficient numbers of sales personnel to support our growth, particularly in the U.S., Europe, the Middle East, Africa and Asia Pacific. We expect to continue to expand our sales and marketing personnel significantly and face a number of challenges in achieving our hiring and integration goals. There is intense competition for individuals with sales training and experience. In addition, the training and integration of a large number of sales and marketing personnel in a short time requires the allocation of significant internal resources. We invest significant time and resources in training new sales force personnel to understand our products, platform and our growth strategy. Based on our past experience, it takes approximately six to twelve months before a new sales force member operates at target performance levels, depending on their role. However, we may be unable to achieve or maintain our target performance levels with large numbers of new sales personnel as quickly as we have done in the past. Our

47

 

failure to hire a sufficient number of qualified sales force members and train them to operate at target performance levels may materially and adversely impact our projected growth rate.

If the general level of advanced cyber attacks declines, or is perceived by our current or potential customers to have declined, our business could be harmed.

Our business is substantially dependent on enterprises and governments recognizing that advanced cyber attacks are pervasive and are not effectively prevented by legacy security products. High visibility attacks on prominent enterprises and governments have increased market awareness of the problem of advanced cyber attacks and help to provide an impetus for enterprises and governments to devote resources to protecting against advanced cyber attacks, such as testing our products, purchasing them and broadly deploying them within their organizations. If advanced cyber attacks were to decline, or enterprises or governments perceived that the general level of advanced cyber attacks has declined, our ability to attract new customers and expand sales of our products to existing customers could be materially and adversely affected. A reduction in the threat landscape could increase our sales cycles and harm our business, results of operations and financial condition.

Organizations have been and may continue to be reluctant to purchase cyber security offerings that are cloud-based due to the actual or perceived vulnerability of cloud solutions.

Some organizations, particularly in certain geographies and industries, such as defense and financial services, have been and may continue to be reluctant to use cloud solutions for cyber security because they have concerns regarding the risks associated with the reliability or security of the technology delivery model associated with this solution. If we or other cloud service providers experience security incidents, breaches of customer data, disruptions in service delivery or other problems, the market for cloud solutions as a whole may be negatively impacted.

If we cannot maintain our company culture as we grow, we could lose the innovation, teamwork, passion and focus on execution that we believe contribute to our success and our business may be harmed.

We believe that a critical component to our success has been our company culture, which we believe fosters innovation, teamwork, passion for customers and focus on execution, and facilitates critical knowledge transfer, knowledge sharing and professional growth. We have invested substantial time and resources in building our team within this company culture. Any failure to preserve our culture could negatively affect our ability to retain and recruit personnel and to effectively focus on and pursue our corporate objectives. As we grow and develop the infrastructure of a public company, we may find it difficult to maintain these important aspects of our company culture. If we fail to maintain our company culture, our business may be adversely impacted.

Fluctuating economic conditions make it difficult to predict revenue for a particular period, and a shortfall in revenue may harm our operating results.

Our revenue depends significantly on general economic conditions and the demand for products in the next-generation endpoint security market. Economic weakness, customer financial difficulties and constrained spending on cyber security may result in decreased revenue and earnings. Such factors could make it difficult to accurately forecast our sales and operating results and could negatively affect our ability to provide accurate forecasts of our costs and expenses. In addition, concerns regarding continued budgetary challenges in the U.S. and Europe, geopolitical turmoil and terrorism in many parts of the world, and the effects of climate change have and may continue to put pressure on global economic conditions and overall spending on cyber security. Currently, most enterprises and governments have not allocated a fixed portion of their budgets to protect against next-generation advanced cyber attacks. If we do not succeed in convincing customers that our products should be an integral part of their overall approach to cyber security and that a fixed portion of their annual security budgets should be allocated to our products, general reductions in security spending by our customers are likely to have a disproportionate impact on our business, results of operations and financial condition. General economic weakness may also lead to longer collection cycles for payments due from our customers, an increase in customer bad debt, restructuring initiatives and associated expenses and impairment of investments. Furthermore, the continued weakness and uncertainty in worldwide credit markets, including the sovereign debt situation in certain countries in the European Union, or EU, may adversely impact the ability of our customers to adequately fund their expected capital expenditures, which could lead to delays or cancellations of planned purchases of our products.

Uncertainty about future economic conditions also makes it difficult to forecast operating results and to make decisions about future investments. Future or continued economic weakness for us or our customers, failure of our customers and markets to recover from such weakness, customer financial difficulties and reductions in spending on cyber security could have a material adverse effect on demand for our products, and consequently on our business, financial condition and results of operations.

48

 

If we are not able to maintain and enhance our brand or reputation as an industry leader, our business and operating results may be adversely affected.

We believe that maintaining and enhancing our reputation as a leader in next-generation endpoint security is critical to our relationship with our existing end-use customers and channel partners and our ability to attract new customers and channel partners. The successful promotion of our brand will depend on a number of factors, including our marketing efforts, our ability to continue to develop high-quality features for our products and our ability to successfully differentiate our products from those of our competitors. Our brand promotion activities may not be successful or yield increased revenue. In addition, independent industry analysts often provide reports of our solutions, as well as the solutions of our competitors, and perception of our solutions in the marketplace may be significantly influenced by these reports. If these reports are negative, or less positive as compared to those of our competitors’ products, our reputation may be adversely affected. Additionally, the performance of our channel partners may affect our brand and reputation if customers do not have a positive experience with our products as implemented by our channel partners or with the implementation generally. The promotion of our brand requires us to make substantial expenditures, and we anticipate that the expenditures will increase as our market becomes more competitive, as we expand into new geographies and vertical markets and as more sales are generated through our channel partners. To the extent that these activities yield increased revenue, this revenue may not offset the increased expenses we incur. If we do not successfully maintain and enhance our brand and reputation, our business and operating results may be adversely affected.

Our brand, reputation and ability to attract, retain and serve our customers are dependent in part upon the reliable performance of our products and infrastructure.

Our brand, reputation and ability to attract, retain and serve our customers are dependent in part upon the reliable performance of, and the ability of our existing customers and new customers to access and use, our solutions and infrastructure. We have experienced, and may in the future experience, disruptions, outages and other performance problems due to a variety of factors, including infrastructure changes, equipment failure, human or software errors, capacity constraints and fraud or security attacks. In some instances, we may not be able to identify the cause or causes of these performance problems within an acceptable period of time.

We operate and maintain our infrastructure at our headquarters and by using third-party data centers located in the Boston, Massachusetts area. We also utilize Amazon Web Services, or AWS, for the delivery of our cloud-based products. In addition, our ability to access certain third-party software-as-a-service, or SaaS, solutions, such as Salesforce, is important to our operations and our ability to execute sales. Some elements of this complex system are operated by third parties that we do not control and that could require significant time to replace. We expect this dependence on third parties to continue. Interruptions in our systems or the third-party systems on which we rely, whether due to system failures, computer viruses, physical or electronic break-ins, or other factors, could affect the security or availability of our products, network infrastructure, cloud infrastructure and website.

Prolonged delays or unforeseen difficulties in connection with adding capacity or upgrading our network architecture when required may cause our service quality to suffer. Problems with the reliability or security of our systems could harm our reputation. Damage to our reputation and the cost of remedying these problems could negatively affect our business, financial condition and operating results.

Additionally, our existing data center facilities and third-party hosting providers have no obligations to renew their agreements with us on commercially reasonable terms or at all, and certain of the agreements governing these relationships may be terminated by either party at any time. If we are unable to maintain or renew our agreements with these providers on commercially reasonable terms or if in the future we add additional data center facilities or third-party hosting providers, we may experience costs or downtime as we transition our operations.

Any disruptions or other performance problems with our products could harm our reputation and business and may damage our customers’ businesses. Interruptions in our service delivery might reduce our revenue, cause us to issue credits to customers, subject us to potential liability and cause customers to not renew their purchases or our products.

In deploying our cloud-based SaaS products, we rely upon AWS to operate our cloud-based offerings; any disruption or interference with our use of AWS would adversely affect our business, results of operations and financial condition.

AWS is a third-party provider of cloud infrastructure services. We outsource substantially all of the infrastructure relating to our cloud offerings to AWS. Our Predictive Security Cloud resides on hardware owned or leased and operated by us at the AWS data centers. Customers of our cloud-based SaaS products need to be able to access our platform at any time, without interruption or degradation of performance, and we provide them with service level commitments with respect to uptime. Our cloud-based SaaS products depend on protecting the virtual cloud infrastructure hosted in AWS by maintaining its configuration, architecture, features and interconnection specifications, as well as the information stored in these virtual data centers and which third-party internet service providers transmit. Although we have disaster recovery plans that utilize multiple AWS locations, any incident affecting their infrastructure that may be caused by fire, flood, severe storm, earthquake or other natural disasters, cyber attacks, terrorist or other attacks, and other similar events beyond our control could negatively

49

 

affect our cloud-based SaaS products. For example, in September 2015 and February 2017, AWS suffered significant outages that had a widespread impact on cloud-based software and services companies. Although our customers were not affected by that outage, a similar outage could render our cloud-based offerings inaccessible to customers. A prolonged AWS service disruption affecting our cloud-based offerings for any of the foregoing reasons would negatively impact our ability to serve our customers and could damage our reputation with current and potential customers, expose us to liability, cause us to lose customers or otherwise harm our business. We may also incur significant costs for using alternative equipment or taking other actions in preparation for, or in reaction to, events that damage the AWS services we use.

In addition, AWS may terminate the agreement with us by providing two years’ prior written notice, and may terminate the agreement for cause with 30 days’ prior written notice, including any material breach of the agreement by us that we do not cure within the 30‑day cure period. In the event that our AWS service agreements are terminated, or there is a lapse of service, elimination of AWS services or features that we utilize, interruption of internet service provider connectivity or damage to such facilities, we could experience interruptions in access to our platform as well as significant delays and additional expense in arranging or creating new facilities and services and/or re-architecting our cloud offering for deployment on a different cloud infrastructure service provider, which may adversely affect our business, operating results and financial condition.

If we fail to manage our operations infrastructure, our customers may experience service outages and/or delays.

Our future growth is dependent upon our ability to continue to meet the expanding needs of our customers and to attract new customers. As existing customers gain more experience with our products, they may broaden their reliance on our products, which will require that we expand our operations infrastructure as well as our dependence on third parties to support that infrastructure. We also seek to maintain excess capacity in our operations infrastructure to facilitate the rapid provision of new customer deployments. In addition, we need to properly manage our technological operations infrastructure to support changes in hardware and software parameters and the evolution of our solutions, all of which require significant lead time. If we do not accurately predict our infrastructure requirements, our existing customers may experience service outages that may subject us to financial penalties, financial liabilities and customer losses. If our operations infrastructure fails to keep pace with increased sales, customers may experience delays as we seek to obtain additional capacity, which could adversely affect our reputation and our revenue.

If our customers are unable to implement our products successfully, customer perceptions of our products may be impaired or our reputation and brand may suffer.

Our products are deployed in a wide variety of IT environments, including large-scale, complex infrastructures. Some of our customers have experienced difficulties implementing our products in the past and may experience implementation difficulties in the future. If our customers are unable to implement our products successfully, customer perceptions of our products may be impaired or our reputation and brand may suffer.

In addition, for our products to achieve their functional potential, our products must effectively integrate into our customers’ IT infrastructures, which have different specifications, utilize varied protocol standards, deploy products from multiple different vendors and contain multiple layers of products that have been added over time. Our customers’ IT infrastructures are also dynamic, with myriad devices and endpoints entering and exiting the customers’ IT systems on a regular basis, and our products must be able to effectively adapt to and track these changes.

Any failure by our customers to appropriately implement our products or any failure of our products to effectively integrate and operate within our customers’ IT infrastructures could result in customer dissatisfaction, impact the perceived reliability of our products, result in negative press coverage, negatively affect our reputation and harm our financial results.

We have in the past completed acquisitions and may acquire or invest in other companies or technologies in the future, which could divert management’s attention, fail to meet our expectations, result in additional dilution to our stockholders, increase expenses, disrupt our operations or otherwise harm our operating results.

We have in the past acquired, and we may in the future acquire or invest in, businesses, products or technologies that we believe could complement or expand our platform, enhance our technical capabilities or otherwise offer growth opportunities. For example, in February 2014, we acquired Carbon Black (our name at the time was Bit9, Inc.), a threat detection and response software company; in 2015, we acquired Objective Logistics Inc., a software company, and VisiTrend, Inc., a security analytics company; and in 2016, we acquired Confer Technologies, Inc., a next-generation antivirus software company. We may not be able to fully realize the anticipated benefits of these or any future acquisitions. The pursuit of potential acquisitions may divert the attention of management and cause us to incur various expenses related to identifying, investigating and pursuing suitable acquisitions, whether or not they are consummated.

There are inherent risks in integrating and managing acquisitions. If we acquire additional businesses, we may not be able to assimilate or integrate the acquired personnel, operations, products, services and technologies successfully or effectively manage the combined

50

 

business following the acquisition and our management may be distracted from operating our business. We also may not achieve the anticipated benefits from the acquired business due to a number of factors, including, without limitation:

·

unanticipated costs or liabilities associated with the acquisition;

·

incurrence of acquisition-related costs, which would be recognized as a current period expense;

·

inability to generate sufficient revenue to offset acquisition or investment costs;

·

the inability to maintain relationships with customers and partners of the acquired business;

·

the difficulty of incorporating acquired technology and rights into our platform and of maintaining quality and security standards consistent with our brand;

·

delays in customer purchases due to uncertainty related to any acquisition;

·

the need to integrate or implement additional controls, procedures and policies;

·

challenges caused by distance, language and cultural differences;

·

harm to our existing business relationships with business partners and customers as a result of the acquisition;

·

the potential loss of key employees;

·

use of resources that are needed in other parts of our business and diversion of management and employee resources;

·

the inability to recognize acquired deferred revenue in accordance with our revenue recognition policies; and

·

use of substantial portions of our available cash or the incurrence of debt to consummate the acquisition.

Acquisitions also increase the risk of unforeseen legal liability, including for potential violations of applicable law or industry rules and regulations, arising from prior or ongoing acts or omissions by the acquired businesses that are not discovered by due diligence during the acquisition process. Generally, if an acquired business fails to meet our expectations, our operating results, business and financial condition may suffer. Acquisitions could also result in dilutive issuances of equity securities or the incurrence of debt, which could adversely affect our business, results of operations and financial condition.

In addition, a significant portion of the purchase price of companies we acquire may be allocated to goodwill and other intangible assets, which must be assessed for impairment at least annually. If our acquisitions do not ultimately yield expected returns, we may be required to take charges to our operating results based on our impairment assessment process, which could harm our results of operations.

The failure of our customers to correctly use our products and services, or our failure to effectively assist customers in installing our products and services, and provide effective ongoing support, may harm our business.

Our customers depend in large part on customer support delivered by us to resolve issues relating to the use of our products and services. However, even with our support, our customers are ultimately responsible for effectively using our products, and ensuring that their IT staff is properly trained in the use of our products, and complementary security products. The failure of our customers to correctly use our products, or our failure to effectively assist customers in installing our products and provide effective ongoing support, may result in an increase in the vulnerability of our customers’ IT infrastructures and sensitive business data. We are also in the process of expanding our certification program and professional services organization. It can take significant time and resources to recruit, hire and train qualified technical support and service employees. We may not be able to keep up with demand, particularly if the sales of our products exceed our internal forecasts. To the extent that we are unsuccessful in hiring, training and retaining adequate support resources, our ability to provide adequate and timely support to our customers may be negatively impacted, and our customers’ satisfaction with our products may be adversely affected. Additionally, in unusual circumstances, if we were to need to rely on our sales engineers to provide post-sales support while we are growing our service organization, our sales productivity may be negatively impacted. Accordingly, our failure to provide satisfactory maintenance and technical support services could have a material and adverse effect on our business and results of operations.

The sales prices of our products and services may decrease, which may reduce our gross profits and adversely impact our financial results.

The sales prices for our products and services may decline for a variety of reasons, including competitive pricing pressures, discounts, a change in our mix of products and services, anticipation of the introduction of new products or promotional programs. Competition continues to increase in the market segments in which we participate, and we expect competition to further increase in the future, thereby leading to increased pricing pressures. Larger competitors with more diverse product and service offerings may reduce the price of products that compete with ours or may bundle them with other products and services. Additionally, currency fluctuations in certain countries and regions may negatively impact prices that partners and customers are willing to pay in those countries and regions. Furthermore, we anticipate that the sales prices and gross profits for our products will decrease over product life cycles. We cannot be certain that we will be successful in developing and introducing new products with enhanced functionality on a timely basis, or that our new product offerings, if introduced, will enable us to maintain our prices and gross profits at levels that will allow us to maintain positive gross margins and achieve profitability.

51

 

We incorporate technology from third parties into our products, and our inability to obtain or maintain rights to the technology could harm our business.

We incorporate technology from third parties into our products. We cannot be certain that our suppliers and licensors are not infringing the intellectual property rights of third parties or that the suppliers and licensors have sufficient rights to the technology in all jurisdictions in which we may sell our products. We may not be able to rely on indemnification obligations of third parties if some of our agreements with our suppliers and licensors may be terminated for convenience by them. If we are unable to obtain or maintain rights to any of this technology because of intellectual property infringement claims brought by third parties against our suppliers and licensors or against us, or if we are unable to continue to obtain such technology or enter into new agreements on commercially reasonable terms, our ability to develop and sell products, subscriptions and services containing such technology could be severely limited, and our business could be harmed. Additionally, if we are unable to obtain necessary technology from third parties, including certain sole suppliers, we may be forced to acquire or develop alternative technology, which may require significant time, cost and effort and may be of lower quality or performance standards. This would limit and delay our ability to offer new or competitive products, and increase our costs of production. If alternative technology cannot be obtained or developed, we may not be able to offer certain functionality as part of our products, subscriptions and services. As a result, our margins, market share and results of operations could be significantly harmed.

Our products contain third-party open source software components, and our failure to comply with the terms of the underlying open source software licenses could restrict our ability to sell our products.

Our products contain software licensed to us by third parties under so-called “open source” licenses. Open source software is typically freely accessible, usable and modifiable. Certain open source software licenses require a user who intends to distribute the open source software as a component of the user’s software to disclose publicly part or all of the source code to the user’s software. In addition, certain open source software licenses require the user of such software to make any derivative works of the open source code available to others on unfavorable terms or at no cost. This can subject previously proprietary software to open source license terms. From time to time, there have been claims against companies that distribute or use open source software in their products and services, asserting that such open source software infringes the claimants’ intellectual property rights. We could be subject to suits by parties claiming that what we believe to be licensed open source software infringes their intellectual property rights. Use and distribution of open source software may entail greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or other contractual protections regarding infringement claims or the quality of the code. In addition, certain open source licenses require that source code for software programs that are subject to the license be made available to the public and that any modifications or derivative works to such open source software continue to be licensed under the same terms.

Although we monitor our use of open source software in an effort both to comply with the terms of the applicable open source licenses and to avoid subjecting our products to conditions we do not intend, the terms of many open source licenses have not been interpreted by U.S. courts, and there is a risk that these licenses could be construed in a way that could impose unanticipated conditions or restrictions on our ability to commercialize our products. The terms of certain open source licenses require us to release the source code of our applications and to make our applications available under those open source licenses if we combine or distribute our applications with open source software in a certain manner. In the event that portions of our applications are determined to be subject to an open source license, we could be required to publicly release the affected portions of our source code, re-engineer all, or a portion of, those applications or otherwise be limited in the licensing of our applications. Disclosing our proprietary source code could allow our competitors to create similar products with lower development effort and time and ultimately could result in a loss of sales for us. Disclosing the source code of our proprietary software could also make it easier for cyber attackers and other third parties to discover vulnerabilities in or to defeat the protections of our products, which could result in our products failing to provide our customers with the security they expect. Any of these events could have a material adverse effect on our business, operating results and financial condition.

We therefore could also be subject to claims alleging that we have not complied with the restrictions or limitations of the applicable open source software license terms. In that event, we could incur significant legal expenses, be subject to significant damages, be enjoined from further sale and distribution of our products or solutions that use the open source software, be required to pay a license fee, be forced to reengineer our products and solutions or be required to comply with the foregoing conditions of the open source software licenses (including the release of the source code to our proprietary software), any of which could adversely affect our business. Even if these claims do not result in litigation or are resolved in our favor or without significant cash settlements, the time and resources necessary to resolve them could harm our business, results of operations, financial condition and reputation.

52

 

Our sales cycles can be long and unpredictable, and our sales efforts require considerable time and expense. As a result, our sales and revenue are difficult to predict and may vary substantially from period to period, which may cause our results of operations to fluctuate significantly.

Our results of operations may fluctuate, in part, because of the resource intensive nature of our sales efforts, the length and variability of our sales cycle and the short-term difficulty in adjusting our operating expenses. Our results of operations depend in part on sales to large organizations. The length of our sales cycle, from proof of concept to delivery of and payment for our platform, is typically three to nine months but can be more than a year for large enterprise customers. To the extent our competitors develop solutions that our prospective customers view as equivalent to ours, our average sales cycle may increase. Because the length of time required to close a sale varies substantially from customer to customer, it is difficult to predict exactly when, or even if, we will make a sale with a potential customer. As a result, large individual sales have, in some cases, occurred in quarters subsequent to those we anticipated, or have not occurred at all. The loss or delay of one or more large transactions in a quarter could impact our results of operations for that quarter and any future quarters for which revenue from that transaction is delayed. As a result of these factors, it is difficult for us to forecast our revenue accurately in any quarter. Because a substantial portion of our expenses are relatively fixed in the short term, our results of operations will suffer if our revenue falls below our or analysts’ expectations in a particular quarter, which could cause the price of our common stock to decline.

A portion of our revenue is generated by sales to government entities, which are subject to a number of challenges and risks.

Selling to government entities can be highly competitive, expensive and time-consuming, and often requires significant upfront time and expense without any assurance that we will win a sale. Government demand and payment for our solutions may also be impacted by changes in fiscal or contracting policies, changes in government programs or applicable requirements, the adoption of new laws or regulations or changes to existing laws or regulations, public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our solutions. Government entities also have heightened sensitivity surrounding the purchase of cyber security products due to the critical importance of their IT infrastructures, the nature of the information contained within those infrastructures and the fact that they are highly visible targets for cyber attacks. Accordingly, increasing sales of our products to government entities may be more challenging than selling to commercial organizations, especially given extensive certification, clearance and security requirements. Government agencies may have statutory, contractual or other legal rights to terminate contracts with us or channel partners. Further, in the course of providing our solutions to government entities, our employees and those of our channel partners may be exposed to sensitive government information. Any failure by us or our channel partners to safeguard and maintain the confidentiality of such information could subject us to liability and reputational harm, which could materially and adversely affect our results of operations and financial performance. Governments routinely investigate and audit government contractors’ administrative processes, and any unfavorable audit may cause the government to shift away from our solutions and may result in a reduction of revenue, fines or civil or criminal liability if the audit uncovers improper or illegal activities, which could adversely impact our results or operations.

Our efforts to expand our international sales and operations may increasingly expose us to fluctuations in currency exchange rates, which could negatively affect our financial condition and results of operations.

Our reporting currency is the U.S. dollar, and we generate a substantial majority of our revenue and expenses in U.S. dollars. In the three months ended March 31, 2019, approximately 11% of our revenue was generated in foreign currencies from customers located outside of the U.S. Additionally, in the three months ended March 31, 2019, we incurred approximately 8% of our expenses outside of the U.S. in foreign currencies, primarily the British pound, principally with respect to salaries and related personnel expenses associated with our sales operations. The exchange rate between the U.S. dollar and foreign currencies has fluctuated substantially in recent years and may continue to fluctuate substantially in the future. Accordingly, as we continue with our anticipated international expansion, changes in exchange rates may have an increasingly adverse effect on our business, operating results and financial condition. To date, we have not engaged in any hedging strategies, and any such strategies, such as forward contracts, options and foreign exchange swaps related to transaction exposures that we may implement to mitigate this risk may not eliminate our exposure to foreign exchange fluctuations.

Changes in or interpretations of financial accounting standards may cause an adverse impact to our reported results of operations.

We prepare our consolidated financial statements in conformity with generally accepted accounting principles in the U.S., or GAAP. These principles are subject to interpretation by the Securities and Exchange Commission, or SEC, and various bodies formed to interpret and create appropriate accounting standards. It is possible that future requirements could change our current application of GAAP, resulting in a material adverse impact on our reported results of operations or financial position, and may even affect our reporting of transactions completed before the change is effective. New accounting pronouncements and varying interpretations of accounting pronouncements have occurred and may occur in the future. Changes to existing rules or the questioning of current practices may harm our operating results or the way we conduct our business.

We may require additional capital to support business growth, and this capital might not be available on acceptable terms, if at all.

53

 

We intend to continue to make investments to support our business growth and may require additional funds to respond to business challenges, including the need to develop new features or enhance our products, improve our operating infrastructure or acquire complementary businesses and technologies. Accordingly, we may need to engage in equity or debt financings to secure additional funds. If we raise additional funds through future issuances of equity or convertible debt securities, our existing stockholders could suffer significant dilution, and any new equity securities we issue could have rights, preferences and privileges superior to those of holders of our common stock. Any debt financing that we may secure in the future could involve restrictive covenants relating to our capital raising activities and other financial and operational matters, which may make it more difficult for us to obtain additional capital and to pursue business opportunities, including potential acquisitions. We may not be able to obtain additional financing on terms favorable to us, if at all. If we are unable to obtain adequate financing or financing on terms satisfactory to us when we require it, our ability to continue to support our business growth and to respond to business challenges could be significantly impaired, and our business may be adversely affected.

Our existing credit agreement contains operating and financial covenants that may adversely impact our business and the failure to comply with such covenants could prevent us from borrowing funds and could cause any outstanding debt to become immediately payable.

We are a party to a line of credit with Silicon Valley Bank. Borrowings under this line of credit are secured by substantially all of our assets, excluding certain intellectual property rights. We are also subject to various financial reporting requirements and financial covenants under the line of credit, including maintaining specified liquidity measurements. In addition, there are negative covenants restricting our activities, including limitations on dispositions, mergers or acquisitions; encumbering intellectual property; incurring indebtedness or liens; paying dividends and redeeming or repurchasing capital stock; making certain investments; and engaging in certain other business transactions. The obligations under the line of credit are subject to acceleration upon the occurrence of specified events of default, including a material adverse change in our business, operations or financial or other condition. These restrictions and covenants, as well as those contained in any future financing agreements that we may enter into, may restrict our ability to finance our operations and to engage in, expand or otherwise pursue our business activities and strategies. Our ability to comply with these covenants may be affected by events beyond our control, and breaches of these covenants could result in a default under the credit agreement and any future financial agreements that we may enter into. If not waived, defaults could cause our outstanding indebtedness under our credit agreement and any future financing agreements that we may enter into to become immediately due and payable.

Our business is subject to the risks of earthquakes, fire, power outages, floods and other catastrophic events, and to interruption by manmade problems such as terrorism.

A significant natural disaster, such as an earthquake, fire or a flood, or a significant power outage could have a material adverse impact on our business, operating results and financial condition. In addition, natural disasters could affect our channel partners’ ability to perform services for us on a timely basis. In the event we or our channel partners are hindered by any of the events discussed above, our ability to provide our products to customers could be delayed.

In addition, our facilities and those of our third-party data centers and hosting providers are vulnerable to damage or interruption from human error, intentional bad acts, pandemics, earthquakes, hurricanes, floods, fires, war, terrorist attacks, power losses, hardware failures, systems failures, telecommunications failures and similar events. The occurrence of a natural disaster, power failure or an act of terrorism, vandalism or other misconduct, a decision by a third party to close a facility on which we rely without adequate notice, or other unanticipated problems could result in lengthy interruptions in provision or delivery of our products, potentially leaving our customers vulnerable to cyber attacks. The occurrence of any of the foregoing events could damage our systems and hardware or could cause them to fail completely, and our insurance may not cover such events or may be insufficient to compensate us for the potentially significant losses, including the potential harm to the future growth of our business, that may result from interruptions in our platform as a result of system failures.

All of the aforementioned risks may be exacerbated if the disaster recovery plans for us and our third-party data centers and hosting providers prove to be inadequate. To the extent that any of the above results in delayed or reduced customer sales, our business, financial condition and results of operations could be adversely affected.

Risks Related to Government Regulation, Data Collection, Intellectual Property and Litigation

Failure to comply with governmental laws and regulations could harm our business.

Our business is subject to regulation by various federal, state, local and foreign governments. In certain jurisdictions, these regulatory requirements may be more stringent than those in the U.S. Noncompliance with applicable regulations or requirements could subject us to investigations, sanctions, mandatory product recalls, enforcement actions, disgorgement of profits, fines, damages, civil and criminal penalties, injunctions or other collateral consequences. If any governmental sanctions are imposed, or if we do not prevail in any possible civil or criminal litigation, our business, results of operations and financial condition could be materially adversely affected. In addition, responding to any action will likely result in a significant diversion of management’s attention and resources and an increase in professional fees. Enforcement actions and sanctions could harm our business, reputation, results of operations and financial condition.

54

 

We are subject to governmental export controls and economic sanctions regulations that could impair our ability to compete in international markets and/or subject us to liability if we are not in compliance with applicable laws.

Like other U.S.-origin cyber security products, our products are subject to U.S. export control laws and regulations, including the U.S. Export Administration Regulations and various economic and trade sanctions regulations administered by the U.S. Treasury Department’s Office of Foreign Assets Control. Exports of these products must be made in compliance with these laws and regulations. If we fail to comply with these laws and regulations, we and certain of our employees could be subject to substantial civil and criminal penalties, including fines for our company and responsible employees or managers, and, in extreme cases, incarceration of responsible employees and managers and the possible loss of export privileges. Complying with export control laws and regulations, including obtaining the necessary licenses or authorizations, for a particular sale may be time-consuming, is not guaranteed and may result in the delay or loss of sales opportunities. Changes in export or sanctions laws and regulations, shifts in the enforcement or scope of existing laws and regulations, or changes in the countries, governments, persons or products targeted by such laws and regulations, could also result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential customers. A decreased use of our products or limitation on our ability to export or sell our products could adversely affect our business, financial condition and results of operations.

Further, our products incorporate encryption technology. These encryption products may be exported outside of the U.S. only with the required export authorizations, including by a license, a license exception or other appropriate government authorizations; such items may also be subject to certain regulatory reporting requirements. Further, U.S. export control laws and economic sanctions prohibit the shipment or provision of certain products to U.S.-embargoed or sanctioned countries, governments or persons as well as the exposure of software code to nationals of embargoed countries. Although we take precautions to prevent our products from being provided or exposed to those subject to U.S. sanctions, such measures may be circumvented or inadvertently violated.

In addition, various countries regulate the import and domestic use of certain encryption technology, including through import permitting and licensing requirements, and have enacted laws that could limit our customers’ ability to implement our products in those countries.

Multinational efforts are currently underway as part of the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies, or the Wassenaar Arrangement, to impose additional restrictions on certain cyber security products. To implement the controls under the Wassenaar Arrangement in the U.S., on May 20, 2015, the U.S. Department of Commerce’s Bureau of Industry and Security, or BIS, published a proposed rule for public comment that would amend the Export Administration Regulations with regard to exports, reexports and transfers (in-country) of specified intrusion software, surveillance items and related software and technology. Under the proposed rule, intrusion software and surveillance items were defined broadly and would have established an export license requirement for all countries other than the U.S. and Canada for many commercially available penetration testing and network monitoring products. The proposed rule was ultimately withdrawn due to wide public objection, and the U.S. has agreed to renegotiate the breath of the language under the Wassenaar Arrangement. Should the U.S. adopt an onerous policy, this could affect our business and could result in loss of potential market in certain countries, increased administrative costs and delays or loss of sales opportunities.

Failure to comply with applicable anti-corruption legislation could result in fines, criminal penalties and materially adversely affect our business, financial condition and results of operations.

We are required to comply with anti-corruption and anti-bribery laws in the jurisdictions in which we operate, including the Foreign Corrupt Practices Act, or FCPA, in the U.S., the UK Bribery Act, or the Bribery Act, and other similar laws in other countries in which we do business. As a result of doing business in foreign countries, including through channel partners and agents, we will be exposed to a risk of violating anti-corruption laws. Some of the international locations in which we will operate have developing legal systems and may have higher levels of corruption than more developed nations. The FCPA prohibits providing anything of value to foreign officials for the purposes of obtaining or retaining business or securing any improper business advantage. We may deal with both governments and state-owned business enterprises, the employees of which are considered foreign officials for purposes of the FCPA. The provisions of the Bribery Act extend beyond bribery of foreign public officials and are more onerous than the FCPA in a number of other respects, including jurisdiction, non-exemption of facilitation payments and penalties.

Although we have adopted policies and procedures designed to ensure that we, our employees and third-party agents will comply with such laws, there can be no assurance that such policies or procedures will work effectively at all times or protect us against liability under these or other laws for actions taken by our employees, channel partners and other third parties with respect to our business. If we are not in compliance with anti-corruption laws and other laws governing the conduct of business with government entities and/or officials (including local laws), we may be subject to criminal and civil penalties and other remedial measures, which could harm our business, financial condition, results of operations, cash flows and prospects. In addition, investigations of any actual or alleged violations of such laws or policies related to us could harm our business, financial condition, results of operations, cash flows and prospects.

55

 

Because our products may collect and store user and related information, domestic and international privacy and cyber security concerns, and other laws and regulations, could result in additional costs and liabilities to us or inhibit sales of our products.

We, our channel partners and our customers are subject to a number of domestic and international laws and regulations that apply to online services and the internet generally. These laws, rules and regulations address a range of issues including data privacy and cyber security, breach notification and restrictions or technological requirements regarding the collection, use, storage, protection, retention or transfer of data. The regulatory framework for online services, data privacy and cyber security issues worldwide can vary substantially from jurisdiction to jurisdiction, is rapidly evolving and is likely to remain uncertain for the foreseeable future. Many federal, state and foreign government bodies and agencies have adopted or are considering adopting laws, rules and regulations regarding the collection, use, storage and disclosure of information, web browsing and geolocation data collection, data analytics, cyber security and breach response and notification procedures. Interpretation of these laws, rules and regulations and their application to our products in the U.S. and foreign jurisdictions is ongoing and cannot be fully determined at this time.

In the U.S., these include rules and regulations promulgated under the authority of the Federal Trade Commission, the Electronic Communications Privacy Act, Computer Fraud and Abuse Act, HIPAA, the Gramm Leach Bliley Act and state breach notification laws, other state laws and regulations applicable to privacy and data security, as well as regulator enforcement positions and expectations reflected in federal and state regulatory actions, settlements, consent decrees and guidance documents.

Internationally, virtually every jurisdiction in which we operate and have customers and/or have prospective customers to which we market has established its own data security and privacy legal frameworks with which we, our channel partners or our customers must comply. Further, many federal, state and foreign government bodies and agencies have introduced, and are currently considering, additional laws and regulations. If passed, we will likely incur additional expenses and costs associated with complying with such laws, as well as face heightened potential liability if we are unable to comply with these laws.

Laws in the European Economic Area, or EEA, regulate transfers of EU personal data to third countries, such as the U.S., that have not been found to provide adequate protection to such personal data. We have in the past relied upon adherence to the U.S. Department of Commerce’s U.S.-EU Safe Harbor Framework which established a means for legitimating the transfer of personal data from the EEA to the U.S. However, the Court of Justice of the European Union invalidated the U.S.-EU Safe Harbor Framework in October 2015 and, in February 2016, EU and U.S. negotiators agreed to a new framework, the EU-U.S. Privacy Shield, which came into effect in July 2016. However, there have been regulatory concerns about this framework, as well as litigation challenging other EU mechanisms for adequate data transfer (i.e., the standard contractual clauses). We are certified under the EU-U.S. Privacy Shield, and rely on a mixture of mechanisms to transfer EU personal data to the U.S. We could be impacted by changes in law as a result of the current challenges to these mechanisms by regulators and in the European courts which may lead to governmental enforcement actions, litigation, fines and penalties or adverse publicity, which could have an adverse effect on our reputation and business.

On April 27, 2016, the European Union adopted the General Data Protection Regulation 2016/679, or GDPR, that took effect on May 25, 2018 replacing the current data protection laws of each EU member state. The GDPR applies to any company established in the EU as well as to those outside the EU if they collect and use personal data in connection with the offering of goods or services to individuals in the EU or the monitoring of their behavior (for example, through email monitoring). The GDPR enhances data protection obligations for processors and controllers of personal data, including, for example, expanded disclosures about how personal information is to be used, limitations on retention of information, mandatory data breach notification requirements and onerous new obligations on services providers. Non-compliance with the GDPR can trigger steep fines of up to €20 million or 4% of total worldwide annual turnover, whichever is higher. Given the breadth and depth of changes in data protection obligations, preparing to meet the GDPR’s requirements before its application on May 25, 2018 required time, resources and a review of our technology and systems against the GDPR’s requirements. We engaged a third party to assist us in undertaking a data protection review, and implemented remedial changes to achieve GDPR compliance, which is an on-going process. Separate EU laws and regulations (and member states’ implementations thereof) govern the protection of consumers and of electronic communications and these are also evolving. For instance, the current European laws that cover the use of cookies and similar technology and marketing online or by electronic means are under reform. A draft of the new ePrivacy Regulation extends the strict opt-in marketing rules with limited exceptions to business-to-business communications, alters rules on third-party cookies, web beacons and similar technology and significantly increases penalties. We cannot yet determine the impact such future laws, regulations, and standards may have on our business. Such laws and regulations are often subject to differing interpretations and may be inconsistent among jurisdictions. We have incurred and may continue to incur substantial expense in complying with the new obligations imposed by the GDPR and we may be required to make significant changes in our business operations and product and services development, all of which may adversely affect our revenues and our business.

We and our customers are at risk of enforcement actions taken by certain EU data protection authorities until such point in time that we may be able to ensure that all transfers of personal data to us from the EEA are conducted in compliance with all applicable regulatory obligations, the guidance of data protection authorities and evolving best practices. We may find it necessary to establish systems to maintain

56

 

personal data originating from the EU in the EEA, which may involve substantial expense and may cause us to need to divert resources from other aspects of our business, all of which may adversely affect our business.

Because the interpretation and application of privacy and data protection laws are still uncertain, it is possible that these laws may be interpreted and applied in a manner that is inconsistent with our existing practices or the features of our products. We may also be subject to claims of liability or responsibility for the actions of third parties with whom we interact or upon whom we rely in relation to various products, including but not limited to vendors and business partners. If so, in addition to the possibility of fines, lawsuits and other claims, we could be required to fundamentally change our business activities and practices or modify our products, which could have an adverse effect on our business. Any inability to adequately address privacy and/or data concerns, even if unfounded, or comply with applicable privacy or data protection laws, regulations and policies, could result in additional cost and liability to us, damage our reputation, inhibit sales and adversely affect our business.

The costs of compliance with, and other burdens imposed by, the laws, rules, regulations and policies that are applicable to the businesses of our customers may limit the use and adoption of, and reduce the overall demand for, our software. Even the perception of privacy concerns, whether or not valid, may harm our reputation, inhibit adoption of our products by current and future customers, or adversely impact our ability to attract and retain workforce talent. Our failure to comply with applicable laws and regulations, or to protect such data, could result in enforcement action against us, including fines, imprisonment of company officials and public censure, claims for damages by customers and other affected individuals, damage to our reputation and loss of goodwill (both in relation to existing customers and prospective customers), any of which could have a material adverse effect on our operations, financial performance and business.

Our intellectual property rights are valuable and any inability to protect our proprietary technology and intellectual property rights could substantially harm our business and operating results.

Our future success and competitive position depend in part on our ability to protect our intellectual property and proprietary technologies. To safeguard these rights, we rely on a combination of patent, trademark, copyright and trade secret laws and contractual protections in the U.S. and other jurisdictions, all of which provide only limited protection and may not now or in the future provide us with a competitive advantage. We maintain a program of identifying technology appropriate for patent protection. Our practice is to require employees and consultants to execute non-disclosure and proprietary rights agreements upon commencement of employment or consulting arrangements. These agreements acknowledge our exclusive ownership of all intellectual property developed by the individuals during their work for us and require that all proprietary information disclosed will remain confidential. Such agreements may not be enforceable in full or in part in all jurisdictions and any breach could have a negative effect on our business and our remedy for such breach may be limited.

We have 23 U.S. patents and patent applications relating to our products. We cannot be certain that any patents will issue from any patent applications, that patents that issue from such applications will give us the protection that we seek or that any such patents will not be challenged, invalidated, or circumvented. Any patents that may issue in the future from our pending or future patent applications may not provide sufficiently broad protection and may not be enforceable in actions against alleged infringers. We have registered the “Carbon Black, ”CB Collective Defense Cloud,” “Arm Your Endpoints” and “Bit9” names and logos in the U.S. and certain other countries. We have registrations and/or pending applications for additional marks in the U.S. and other countries, including “CB Predictive Security Cloud” and “CB LiveOps”; however, we cannot be certain that any future trademark registrations will be issued for pending or future applications or that any registered trademarks will be enforceable or provide adequate protection of our proprietary rights. We also license software from third parties for integration into our products, including open source software and other software available on commercially reasonable terms. We cannot be certain that such third parties will maintain such software or continue to make it available.

In order to protect our unpatented proprietary technologies and processes, we rely on trade secret laws and confidentiality agreements with our employees, consultants, channel partners, vendors and others. Despite our efforts to protect our proprietary technology and trade secrets, unauthorized parties may attempt to misappropriate, reverse engineer or otherwise obtain and use them. In addition, others may independently discover our trade secrets, in which case we would not be able to assert trade secret rights, or develop similar technologies and processes. Further, the contractual provisions that we enter into may not prevent unauthorized use or disclosure of our proprietary technology or intellectual property rights and may not provide an adequate remedy in the event of unauthorized use or disclosure of our proprietary technology or intellectual property rights. Moreover, policing unauthorized use of our technologies, trade secrets and intellectual property is difficult, expensive and time-consuming, particularly in foreign countries where the laws may not be as protective of intellectual property rights as those in the U.S. and where mechanisms for enforcement of intellectual property rights may be weak. We may be unable to determine the extent of any unauthorized use or infringement of our products, technologies or intellectual property rights.

From time to time, legal action by us may be necessary to enforce our patents and other intellectual property rights, to protect our trade secrets, to determine the validity and scope of the intellectual property rights of others, to defend against claims of infringement or invalidity or to prevent the misappropriation of our intellectual property. Such litigation could result in substantial costs and diversion of resources and could negatively affect our business, operating results and financial condition.

57

 

Assertions by third parties of infringement or other violations by us of their intellectual property rights, whether or not correct, could result in significant costs and harm our business and operating results.

Patent and other intellectual property disputes are common in our industry. Some companies, including some of our competitors, some of whom have substantially more resources and have been developing relevant technologies for much longer than us, own large numbers of patents, copyrights and trademarks, which they may use to assert claims against us. Third parties have in the past and may in the future assert claims of infringement, misappropriation or other violations of intellectual property rights against us. They may also assert such claims against our customers or channel partners, whom we typically indemnify against claims that our products infringe, misappropriate or otherwise violate the intellectual property rights of third parties. If we do infringe a third party’s rights and are unable to provide a sufficient workaround, we may need to negotiate with holders of those rights to obtain a license to those rights or otherwise settle any infringement claim as a party that makes a claim of infringement against us may obtain an injunction preventing us from shipping products containing the allegedly infringing technology. As the number of products and competitors in our market increase and overlaps occur, claims of infringement, misappropriation and other violations of intellectual property rights may increase. Any claim of infringement, misappropriation or other violation of intellectual property rights by a third party, even those without merit, could cause us to incur substantial costs defending against the claim and could distract our management from our business. For example, in 2018 we paid $3.9 million pursuant to a settlement agreement with a non-practicing entity that claimed we infringed upon certain patents held by such entity. See Note 10 to our consolidated financial statements included in this Form 10‑Q.

The patent portfolios of our most significant competitors are larger than ours. This disparity may increase the risk that they may sue us for patent infringement and may limit our ability to counterclaim for patent infringement or settle through patent cross-licenses. In addition, future assertions of patent rights by third parties, and any resulting litigation, may involve patent holding companies or other adverse patent owners who have no relevant product revenues and against whom our own patents may therefore provide little or no deterrence or protection. There can be no assurance that we will not be found to infringe or otherwise violate any third-party intellectual property rights or to have done so in the past.

An adverse outcome of a dispute may require us to:

·

pay substantial damages, including treble damages, if we are found to have willfully infringed a third party’s patents or copyrights;

·

cease making, licensing or using products that are alleged to infringe or misappropriate the intellectual property of others;

·

expend additional development resources to attempt to redesign our products or otherwise develop non-infringing technology, which may not be successful;

·

enter into potentially unfavorable royalty or license agreements to obtain the right to use necessary technologies or intellectual property rights;

·

take legal action or initiate administrative proceedings to challenge the validity and scope of the third-party rights or to defend against any allegations of infringement; and

·

indemnify our partners and other third parties.

In addition, royalty or licensing agreements, if required or desirable, may be unavailable on terms acceptable to us, or at all, and may require significant royalty payments and other expenditures. Some licenses may also be non-exclusive, and therefore our competitors may have access to the same technology licensed to us. Any of the foregoing events could seriously harm our business, financial condition and results of operations.

Confidentiality arrangements with employees and others may not adequately prevent disclosure of trade secrets and other proprietary information.

We have devoted substantial resources to the development of our technology, business operations and business plans. In order to protect our trade secrets and proprietary information, we rely in significant part on confidentiality arrangements with our employees, licensees, independent contractors, advisors, channel partners and customers. These arrangements may not be effective to prevent disclosure of confidential information, including trade secrets, and may not provide an adequate remedy in the event of unauthorized disclosure of confidential information. In addition, if others independently discover trade secrets and proprietary information, we would not be able to assert trade secret rights against such parties. Effective trade secret protection may not be available in every country in which our products are available or where we have employees or independent contractors. The loss of trade secret protection could make it easier for third parties to compete with our products by copying functionality. In addition, any changes in, or unexpected interpretations of, the trade secret and employment laws in any country in which we operate may compromise our ability to enforce our trade secret and intellectual property rights. Costly and time-consuming litigation could be necessary to enforce and determine the scope of our proprietary rights, and failure to obtain or maintain trade secret protection could adversely affect our competitive business position.

58

 

We may be subject to damages resulting from claims that our employees or contractors have wrongfully used or disclosed alleged trade secrets of their former employers or other parties.

We could in the future be subject to claims that employees or contractors, or we, have inadvertently or otherwise used or disclosed trade secrets or other proprietary information of our competitors or other parties. Litigation may be necessary to defend against these claims. If we fail in defending against such claims, a court could order us to pay substantial damages and prohibit us from using technologies or features that are essential to our products, if such technologies or features are found to incorporate or be derived from the trade secrets or other proprietary information of these parties. In addition, we may lose valuable intellectual property rights or personnel. A loss of key personnel or their work product could hamper or prevent our ability to develop, market and support potential products or enhancements, which could severely harm our business. Even if we are successful in defending against these claims, such litigation could result in substantial costs and be a distraction to management.

Our operating results may be harmed if we are required to collect sales and use or other related taxes for our products in jurisdictions where we have not historically done so.

Taxing jurisdictions, including state, local and foreign taxing authorities, have differing rules and regulations governing sales and use or other taxes, and these rules and regulations are subject to varying interpretations that may change over time. In particular, significant judgment is required in evaluating our tax positions and our worldwide provision for taxes. While we believe that we are in material compliance with our obligations under applicable taxing regimes, one or more states, localities or countries may seek to impose additional sales or other tax collection obligations on us, including for past sales by us or our channel partners. It is possible that we could face sales tax audits and that such audits could result in tax-related liabilities for which we have not accrued. A successful assertion that we should be collecting additional sales or other taxes on our products in jurisdictions where we have not historically done so and do not accrue for sales taxes could result in substantial tax liabilities for past sales, discourage customers from purchasing our products or otherwise harm our business and operating results.

In addition, our tax obligations and effective tax rates could be adversely affected by changes in the relevant tax, accounting and other laws, regulations, principles and interpretations, including those relating to income tax nexus, by recognizing tax losses or lower than anticipated earnings in jurisdictions where we have lower statutory rates and higher than anticipated earnings in jurisdictions where we have higher statutory rates, by changes in foreign currency exchange rates, or by changes in the valuation of our deferred tax assets and liabilities. Although we believe our tax estimates are reasonable, the final determination of any tax audits or litigation could be materially different from our historical tax provisions and accruals, which could have a material adverse effect on our operating results or cash flows in the period or periods for which a determination is made.

Comprehensive tax reform legislation could adversely affect our business and financial condition.

The U.S. government has recently enacted comprehensive tax legislation that includes significant changes to the taxation of business entities, referenced herein as the Tax Reform Act. These changes include, among others, a permanent reduction to the corporate income tax rate, limiting interest deductions, adopting elements of a territorial tax system, assessing a repatriation tax or “toll-charge” on undistributed earnings and profits of U.S.-owned foreign corporations, and introducing certain anti-base erosion provisions. The overall impact of this tax reform is uncertain, and our business and financial condition, including with respect to our non-U.S. operations, could be adversely affected. The overall impact of the Tax Reform Act on stockholders is uncertain, and this report does not address, other than as expressly addressed herein, the manner in which it may affect holders of our common stock. We urge investors to consult with their legal and tax advisors with respect to any such legislation and the potential tax consequences of investing in our common shares.

We may not be able to utilize a significant portion of our net operating loss carryforwards and research and development tax credit carryforwards.

As of December 31, 2018, we had federal and state net operating loss carryforwards of $283.9 million and $193.0 million, respectively, which if not utilized will begin to expire in 2023 and 2019, respectively, and federal and state research and development tax credit carryforwards of $6.6 million and $2.9 million, respectively, which if not utilized will begin to expire in 2026 and 2021, respectively. These net operating loss and tax credit carryforwards could expire unused and be unavailable to offset our future income tax liabilities. In addition, under Section 382 of the Internal Revenue Code of 1986, as amended, or the Code, and corresponding provisions of state law, if a corporation undergoes an “ownership change,” which is generally defined as a greater than 50% change, by value, in its equity ownership over a three-year period, the corporation’s ability to use its pre-change net operating loss carryforwards and other pre-change tax attributes to offset its post-change income may be limited. We have not determined if we have experienced Section 382 ownership changes in the past and if a portion of our net operating loss and tax credit carryforwards is subject to an annual limitation under Section 382. In addition, we may experience ownership changes in the future as a result of subsequent shifts in our stock ownership, some of which may be outside of our control. If we determine that an ownership change has occurred and our ability to use our historical net operating loss and tax credit carryforwards is materially limited, it would harm our future operating results by effectively increasing our future tax obligations.

59

 

Risks Related to Our Common Stock

Our stock price may be volatile, and you may lose some or all of your investment.

Since shares of our common stock were sold in our initial public offering in May 2018 at a price of $19.00 per share, our stock price has ranged from $35.00 to $11.80 through March 31, 2019. The market price of our common stock has been and may continue to be highly volatile and may fluctuate substantially as a result of a variety of factors, some of which are related in complex ways, including:

·

actual or anticipated fluctuations in our financial condition and operating results;

·

variance in our financial performance from expectations of securities analysts;

·

changes in the prices of our products;

·

changes in our projected operating and financial results;

·

changes in laws or regulations applicable to our products;

·

announcements by us or our competitors of significant business developments, acquisitions or new products;

·

our involvement in any litigation;

·

our sale of our common stock or other securities in the future, as well as the anticipation of lock-up releases;

·

changes in senior management or key personnel;

·

trading volume of our common stock;

·

changes in the anticipated future size and growth rate of our market; and

·

general economic, regulatory and market conditions.

The stock markets are subject to extreme price and volume fluctuations that have affected and continue to affect the market prices of equity securities of many companies. These fluctuations have often been unrelated or disproportionate to the operating performance of those companies. Broad market and industry fluctuations, as well as general economic, political, regulatory and market conditions, may negatively impact the market price of our common stock. In the past, companies that have experienced volatility in the market price of their securities have been subject to securities class action litigation. We may be the target of this type of litigation in the future, which could result in substantial costs and divert our management’s attention.

If securities or industry analysts do not continue to publish research or reports about our business, or publish negative reports about our business, our stock price and trading volume could decline.

The trading market for our common stock depends, in part, on the research and reports that securities or industry analysts publish about us or our business. We do not have any control over these analysts. If our financial performance fails to meet analyst estimates or one or more of the analysts who cover us downgrade our shares or change their opinion of our shares, our share price would likely decline. If one or more of these analysts cease coverage of our company or fail to regularly publish reports on us, we could lose visibility in the financial markets, which could cause our share price or trading volume to decline.

The issuance of additional stock in connection with financings, acquisitions, investments, our stock incentive plans or otherwise will dilute all other stockholders.

Our amended and restated certificate of incorporation authorizes us to issue up to 500,000,000 shares of common stock and up to 25,000,000 shares of preferred stock with such rights and preferences as may be determined by our board of directors. Subject to compliance with applicable rules and regulations, we may issue our shares of common stock or securities convertible into our common stock from time to time in connection with a financing, acquisition, investment, our stock incentive plans or otherwise. Any such issuance could result in substantial dilution to our existing stockholders and cause the trading price of our common stock to decline.

We do not intend to pay dividends for the foreseeable future and, as a result, your ability to achieve a return on your investment will depend on appreciation in the price of our common stock.

We have never declared or paid any cash dividends on our common stock and do not intend to pay any cash dividends in the foreseeable future. We anticipate that we will retain all of our future earnings for use in the development of our business and for general corporate purposes. In addition, our ability to pay cash dividends is currently limited by the terms of our credit agreements, and any future credit agreements may contain terms prohibiting or limiting the amount of dividends that may be declared or paid on our common stock. Accordingly, investors must rely on sales of their common stock after price appreciation, which may never occur, as the only way to realize any future gains on their investments.

Concentration of ownership among our directors, executive officers and holders of 5% or more of our outstanding common stock may prevent new investors from influencing significant corporate decisions.

Our directors, executive officers and holders of more than 5% of our common stock, some of whom are represented on our board of directors, together with affiliates control a significant portion of our outstanding capital stock. As a result, these stockholders will be able to

60

 

determine the outcome of matters submitted to our stockholders for approval. Some of these persons or entities may have interests that are different from yours, and this ownership could affect the value of your shares of common stock if, for example, these stockholders elect to delay, defer or prevent a change in corporate control, merger, consolidation, takeover or other business combination. This concentration of ownership may also adversely affect the market price of our common stock.

We are an “emerging growth company” and we cannot be certain if the reduced disclosure requirements applicable to emerging growth companies will make our common stock less attractive to investors.

We are an “emerging growth company,” as defined in the JOBS Act, and we may take advantage of certain exemptions from various reporting requirements that are applicable to other public companies that are not “emerging growth companies” including, but not limited to, the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act, reduced disclosure obligations regarding executive compensation in our periodic reports and proxy statements, and exemptions from the requirements of holding a non-binding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved. We cannot predict if investors will find our common stock less attractive if we choose to rely on these exemptions. If some investors find our common stock less attractive as a result, there may be a less active trading market for our common stock and our stock price may be more volatile.

We will incur increased costs as a result of operating as a public company, and our management will be required to devote substantial time to compliance with our public company responsibilities and corporate governance practices.

As a public company, and particularly after we are no longer an “emerging growth company,” we will continue to incur significant legal, accounting and other expenses that we did not incur as a private company. The Sarbanes-Oxley Act, the Dodd-Frank Wall Street Reform and Consumer Protection Act, the listing requirements of The Nasdaq Global Select Market and other applicable securities rules and regulations impose various requirements on public companies. Our management and other personnel will need to devote a substantial amount of time to compliance with these requirements. Moreover, these rules and regulations will increase our legal and financial compliance costs and will make some activities more time-consuming and costly. For example, we expect that these rules and regulations may make it more difficult and more expensive for us to obtain directors’ and officers’ liability insurance, which could make it more difficult for us to attract and retain qualified members of our board of directors. We cannot predict or estimate the amount of additional costs we will incur as a public company or the timing of such costs.

As a result of becoming a public company, we are obligated to develop and maintain proper and effective internal controls over financial reporting and any failure to maintain the adequacy of these internal controls may adversely affect investor confidence in our company and, as a result, the value of our common stock.

We will be required, pursuant to Section 404 of the Sarbanes-Oxley Act, or Section 404, to furnish a report by management on, among other things, the effectiveness of our internal control over financial reporting for the first fiscal year beginning after the effective date of the IPO. This assessment will need to include disclosure of any material weaknesses identified by our management in our internal control over financial reporting. Our independent registered public accounting firm will not be required to attest to the effectiveness of our internal control over financial reporting until our first annual report required to be filed with the SEC following the date we are no longer an “emerging growth company,” as defined in the JOBS Act. We will be required to disclose significant changes made in our internal control procedures on a quarterly basis.

We have commenced the costly and challenging process of compiling the system and processing documentation necessary to perform the evaluation needed to comply with Section 404, and we may not be able to complete our evaluation, testing and any required remediation in a timely fashion. Our compliance with Section 404 will require that we incur substantial accounting expense and expend significant management efforts. We currently do not have an internal audit group, and we may need to hire additional accounting and financial staff with appropriate public company experience and technical accounting knowledge and compile the system and process documentation necessary to perform the evaluation needed to comply with Section 404.

During the evaluation and testing process of our internal controls, if we identify one or more material weaknesses in our internal control over financial reporting, we will be unable to assert that our internal control over financial reporting is effective. We cannot be certain that there will not be material weaknesses or significant deficiencies in our internal control over financial reporting in the future. Any failure to maintain internal control over financial reporting could severely inhibit our ability to accurately report our financial condition or results of operations. If we are unable to conclude that our internal control over financial reporting is effective, or if our independent registered public accounting firm determines we have a material weakness or significant deficiency in our internal control over financial reporting, we could lose investor confidence in the accuracy and completeness of our financial reports, the market price of our common stock could decline, and we could be subject to sanctions or investigations by The Nasdaq Global Select Market, the SEC or other regulatory authorities. Failure to remedy any material weakness in our internal control over financial reporting, or to implement or maintain other effective control systems required of public companies, could also restrict our future access to the capital markets.

61

 

Anti-takeover provisions in our charter documents and Delaware law may delay or prevent an acquisition of our company, limit attempts by our stockholders to replace or remove our current management and limit the market price of our common stock.

Our amended and restated certificate of incorporation, amended and restated bylaws and Delaware law contain provisions that may have the effect of delaying or preventing a change in control of us or changes in our management. Our amended and restated certificate of incorporation and amended and restated bylaws include provisions that:

·

authorize “blank check” preferred stock, which could be issued by our board of directors without stockholder approval and may contain voting, liquidation, dividend and other rights superior to our common stock;

·

provide for a classified board of directors whose members serve staggered three-year terms;

·

specify that special meetings of our stockholders can be called only by a majority of the members of our board of directors then in office and only those matters set forth in the notice of the special meeting may be considered or acted upon at a special meeting of stockholders;

·

prohibit stockholder action by written consent;

·

establish an advance notice procedure for stockholder proposals to be brought before an annual meeting of our stockholders, including proposed nominations of persons for election to our board of directors;

·

provide that our directors may be removed only for cause;

·

provide that vacancies on our board of directors may be filled only by a majority of directors then in office, even though less than a quorum;

·

specify that no stockholder is permitted to cumulate votes at any election of directors;

·

authorize our board of directors to modify, alter or repeal our amended and restated bylaws; and

·

require supermajority votes of the holders of our common stock to amend specified provisions of our charter documents.

These provisions, alone or together, could delay or prevent hostile takeovers and changes in control or changes in our management.

In addition, because we are incorporated in Delaware, we are governed by the provisions of Section 203 of the Delaware General Corporation Law, which limits the ability of stockholders owning in excess of 15% of our outstanding voting stock to merge or combine with us in certain circumstances.

Any provision of our amended and restated certificate of incorporation, amended and restated bylaws or Delaware law that has the effect of delaying or deterring a change in control could limit the opportunity for our stockholders to receive a premium for their shares of our common stock, and could also affect the price that some investors are willing to pay for our common stock.

Our amended and restated bylaws designate the Court of Chancery of the State of Delaware or the United States District Court for the District of Massachusetts as the exclusive forum for certain litigation that may be initiated by our stockholders, which could limit our stockholders’ ability to obtain a favorable judicial forum for disputes with us.

Pursuant to our amended and restated bylaws, unless we consent in writing to the selection of an alternative forum, the Court of Chancery of the State of Delaware is the sole and exclusive forum for state law claims for (1) any derivative action or proceeding brought on our behalf, (2) any action asserting a claim of or based on a breach of a fiduciary duty owed by any of our current or former directors, officers or other employees to us or our stockholders, (3) any action asserting a claim against us or any of our current or former directors, officers, employees or stockholders arising pursuant to any provision of the Delaware General Corporation Law, our amended and restated bylaws or (4) any action asserting a claim governed by the internal affairs doctrine. Our amended and restated bylaws will further provide that the United States District Court for the District of Massachusetts will be the exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act. In addition, our amended and restated bylaws provide that any person or entity purchasing or otherwise acquiring any interest in shares of our common stock is deemed to have notice of and consented to the foregoing provisions. We have chosen the United States District Court for the District of Massachusetts as the exclusive forum for such causes of action because our principal executive offices are located in Waltham, Massachusetts. On December 19, 2018, the Court of Chancery of the State of Delaware issued a decision declaring that federal forum selection provisions purporting to require claims under the Securities Act be brought in federal court are ineffective and invalid under Delaware law. On January 17, 2019, the decision was appealed to the Delaware Supreme Court.  While the Delaware Supreme Court recently dismissed the appeal on jurisdictional grounds, we expect that the appeal will be re-filed after the Court of Chancery issues a final judgment.  Unless and until the Court of Chancery’s decision is reversed by the Delaware Supreme Court or otherwise abrogated, we do not intend to enforce our federal forum selection provision designating the District of Massachusetts as the exclusive forum for Securities Act claims.  In the event that the Delaware Supreme Court affirms the Court of Chancery’s decision or otherwise determines that federal forum selection provisions are invalid, our board of directors intends to amend promptly our amended and restated by-laws to remove our federal forum selection bylaw provision.  As a result of the Court of Chancery’s decision or a decision by the Delaware Supreme Court affirming the Court of Chancery’s decision, or if the federal forum selection provision is otherwise found inapplicable to, or unenforceable in respect of, one or more of the specified actions or proceedings, we may incur additional costs, which could have an adverse

62

 

effect on our business, financial condition or results of operations. We recognize that the federal district court forum selection clause may impose additional litigation costs on stockholders who assert the provision is not enforceable and may impose more general additional litigation costs in pursuing any such claims, particularly if the stockholders do not reside in or near the Commonwealth of Massachusetts. Additionally, the forum selection clauses in our amended and restated bylaws may limit our stockholders’ ability to obtain a favorable judicial forum for disputes with us.  The Court of Chancery of the State of Delaware and the United States District Court for the District of Massachusetts may also reach different judgments or results than would other courts, including courts where a stockholder considering an action may be located or would otherwise choose to bring the action, and such judgments may be more or less favorable to us than our stockholders.

ITEM 2.    UNREGISTERED SALES OF EQUITY SECURITIES AND USE OF PROCEEDS.

(a) Recent Sales of Unregistered Equity Securities

None.

(b) Use of Proceeds

We completed our IPO pursuant to a Registration Statement on Form S-1 (File No. 333-224196), which was declared effective on May 3, 2018. In the IPO, we issued 9,200,000 shares of common stock (inclusive of 1,200,000 shares of common stock sold by us pursuant to the full exercise of an overallotment option granted to the underwriters in connection with the offering) at a public offering price of $19.00 per share. The managing underwriters for the IPO were Morgan Stanley & Co. LLC and J.P. Morgan Securities LLC. The IPO commenced on May 3, 2018 and did not terminate until the sale of all the shares offered.

We received aggregate proceeds of $162.6 million from the IPO, net of underwriters’ discounts and commissions, and before deducting offering costs of approximately $4.9 million. No offering expenses were paid directly or indirectly to any of our directors or officers (or their associated) or persons owning 10.0% or more of any class of our equity securities or to any other affiliates.

Information related to use of proceeds from registered securities is incorporated herein by reference to the “Use of Proceeds” section of the Company’s final prospectus related to the IPO. There has been no material change in the planned use of proceeds from our IPO as described in our final prospectus.

(c) Issuer Purchases of Equity Securities

None.

ITEM 3.     DEFAULTS UPON SENIOR SECURITIES

None.

ITEM 4.     MINE SAFETY DISCLOSURES

Not applicable.

ITEM 5.     OTHER INFORMATION

None.

 

63

 

ITEM 6.    EXHIBITS.

 

 

 

Exhibit
Number

    

Description

 

 

 

3.1

 

Ninth Amended and Restated Certificate of Incorporation(1) 

3.2

 

Third Amended and Restated By-laws(2)

4.1

 

Form of Common Stock Certificate of the Registrant(3)

10.1*#

 

Employment Agreement, between the Registrant and Stephen Webber, dated as of February 20, 2019, as amended.

10.2*#

 

Transition Agreement, between the Registrant and Mark Sullivan, dates as of March 15, 2019, as amended.

31.1*

 

Certification of Principal Executive Officer Pursuant to Rules 13a-14(a) and 15d-14(a) under the Securities Exchange Act of 1934, as Adopted Pursuant to Section 302 of the Sarbanes-Oxley Act of 2002.

31.2*

 

Certification of Principal Financial Officer Pursuant to Rules 13a-14(a) and 15d-14(a) under the Securities Exchange Act of 1934, as Adopted Pursuant to Section 302 of the Sarbanes-Oxley Act of 2002.

32.1**

 

Certification of Principal Executive Officer Pursuant to 18 U.S.C. Section 1350, as Adopted Pursuant to Section 906 of the Sarbanes-Oxley Act of 2002.

101.INS

 

XBRL Instance Document

101.SCH

 

XBRL Taxonomy Extension Schema Document

101.CAL

 

XBRL Taxonomy Extension Calculation Linkbase Document

101.DEF

 

XBRL Taxonomy Extension Definition Linkbase Document

101.LAB

 

XBRL Taxonomy Extension Label Linkbase Document

101.PRE

 

XBRL Taxonomy Extension Presentation Linkbase Document

(1)

Previously filed as Exhibit 3.2 to Amendment No. 1 to Registrant’s Registration on Form S-1 filed with the Securities and Exchange Commission on April 23, 2018, and incorporated herein by reference.

(2)

Previously filed as Exhibit 3.4 to Amendment No. 1 to Registrant’s Registration on Form S-1 filed with the Securities and Exchange Commission on April 23, 2018, and incorporated herein by reference.

(3)

Previously filed as Exhibit 4.1 to Amendment No. 1 to Registrant’s Registration on Form S-1 filed with the Securities and Exchange Commission on April 23, 2018, and incorporated herein by reference.

 

* Filed herewith.

** This certification is deemed not filed for purposes of Section 18 of the Securities Exchange Act of 1934, as amended, or otherwise subject to the liability of that section, nor shall it be deemed incorporated by reference into any filing under the Securities Act of 1933, as amended, or the Securities Exchange Act of 1934, as amended.

# Indicates a management contract or compensatory plan.

64

 

SIGNATURES

Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned thereunto duly authorized.

 

 

 

 

 

 

 

CARBON BLACK, INC.

 

 

Date: May 2, 2019

By:

/s/ Patrick Morley

 

 

Patrick Morley,

 

 

President, Chief Executive Officer and Director

 

 

(Principal Executive Officer)

 

 

 

Date: May 2, 2019

By:

/s/ Stephen Webber

 

 

Stephen Webber,

 

 

Executive Vice President and Chief Financial Officer

 

 

(Principal Financial Officer and Principal Accounting Officer)

 

 

65