UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
WASHINGTON, D.C. 20549
FORM 20-F
☐REGISTRATION STATEMENT PURSUANT TO SECTION 12(b) OR (g) OF THE SECURITIES EXCHANGE ACT OF 1934
OR
☒ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
For the fiscal year ended December 31, 2021
OR
☐TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
OR
☐SHELL COMPANY REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
Date of event requiring this shell company report ______________
For the transition period from ____________ to ____________.
Commission file number 001-38866
TUFIN SOFTWARE TECHNOLOGIES LTD.
(Exact name of Registrant as specified in its charter)
(Jurisdiction of incorporation or organization)
5 HaShalom Road, ToHa Tower
Tel Aviv 6789205, Israel
(Address of principal executive offices)
Jack Wakileh
Telephone: +972 (3) 612-8118
Tufin Software Technologies Ltd.
5 HaShalom Road, ToHa Tower
Tel Aviv6789205, Israel
(Name, telephone, e-mail and/or facsimile number and address of company contact person)
Securities registered or to be registered pursuant to Section 12(b) of the Act:
|
Title of each class |
Trading Symbol(s) |
Name of each exchange on which registered |
|
Ordinary shares, par value NIS 0.015 per share |
TUFN |
New York Stock Exchange |
Securities registered or to be registered pursuant to Section 12(g) of the Act: None.
Securities for which there is a reporting obligation pursuant to Section 15(d) of the Act: None.
Indicate the number of outstanding shares of each of the issuer’s classes of capital or common stock as of the close of the period covered by the annual report: As of December 31, 2021, the registrant had outstanding 37,851,120 ordinary shares, par value NIS 0.015 per share.
Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act.
Yes ☐ No ☒
If this report is an annual or transition report, indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934.
Yes ☐ No ☒
Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days.
Yes ☒ No ☐
Indicate by check mark whether the registrant has submitted electronically and posted on its corporate website, if any, every Interactive Data File required to be submitted and posted pursuant to Rule 405 of Regulation S-T (§229.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit and post such files).
Yes ☒ No ☐
Indicate by check mark whether the registrant is a large accelerated filer, an accelerated file, a non-accelerated filer, or an emerging growth company. See definition of “large accelerated filer,” “ accelerated filer,” and “emerging growth company” in Rule 12b-2 of the Exchange Act:
|
Large accelerated filer ☐ |
Accelerated filer ☒ |
Non-accelerated filer ☐ |
Emerging growth company ☒ |
If an emerging growth company that prepares its financial statements in accordance with U.S. GAAP, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☒
Indicate by check mark whether the registrant has filed a report on the attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report. ☐
Indicate by check mark which basis for accounting the registrant has used to prepare the financing statements included in this filing:
|
U.S. GAAP ☒ |
International Financial Reporting Standards as issued by the International Accounting Standards Board ☐ |
Other ☐ |
If “Other” has been checked in response to the previous question, indicate by check mark which financial statement item the registrant has elected to follow.
☐ Item 17 ☐ Item 18
If this is an annual report, indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act).
Yes ☐ No ☒
TABLE OF CONTENTS
|
|
Page |
|
1 | |
|
1 | |
|
3 | |
|
3 | |
|
3 | |
| 32 | |
| 41 | |
| 42 | |
| 57 | |
| 79 | |
| 82 | |
| 83 | |
| 84 | |
| 97 | |
| 97 | |
| 98 | |
| 98 | |
| 98 | |
| 99 | |
| 99 | |
| 99 | |
| 100 | |
| 100 | |
| 100 | |
|
100 | |
| 101 | |
|
101 | |
|
101 | |
|
101 | |
| 101 | |
INTRODUCTION
In this annual report, the terms “Tufin,” “we,” “us,” “our”
and “the company” refer to Tufin Software Technologies Ltd. and its subsidiaries.
Throughout this annual report, we refer to various trademarks, service marks and trade names that we use
in our business. The “Tufin” design logo is the property of Tufin Software Technologies Ltd. Tufin®
is our registered trademark in several countries, including the United States. We have several other trademarks, service marks and pending
applications relating to our products. In particular, although we have omitted the “®”
and “™” trademark designations in this annual report from each reference to Unified Security Policy, Tufin Orchestration
Suite, SecureChange, SecureTrack, SecureApp and Tufin SecureCloud, all rights to such trademarks are nevertheless reserved. Other trademarks
and service marks appearing in this annual report are the property of their respective holders.
References in this annual report to “Global 2000” for either (i) the fiscal years ended on
December 31, 2019 and 2020 or (ii) the fiscal year ended on December 31, 2021, are to the world’s 2,000 largest public companies
as published by Forbes Media LLC according to its Forbes Global 2000: The World's Largest Public Companies, June 2018 and June 2021, respectively.
SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS AND RISK FACTORS
SUMMARY
We make forward-looking statements in this annual report that are subject to risks and uncertainties. The
Private Securities Litigation Reform Act of 1995 provides safe harbor protections for forward-looking statements in order to encourage
companies to provide prospective information about their business. These forward-looking statements include information about possible
or assumed future results of our business, financial condition, results of operations, liquidity, plans and objectives. In some cases,
you can identify forward-looking statements by terminology such as “believe,” “may,” “estimate,” “continue,”
“anticipate,” “intend,” “should,” “plan,” “expect,” “predict,”
“potential,” “will,” “likely,” “continue” or the negative of these terms or other similar
expressions. The statements we make regarding the following matters are forward-looking by their nature and are based on our beliefs,
assumptions and expectations of future performance, taking into account the information currently available to us. These statements are
only predictions based upon such current expectations and projections about future events. Although we believe that our plans and objectives
reflected in or suggested by these forward-looking statements are reasonable, we may not achieve these plans or objectives. There are
important factors that could cause our actual results, levels of activity, performance or achievements to differ materially from the results,
levels of activity, performance or achievements expressed or implied by the forward-looking statements. These factors include the principal
risks relating to the Company and its business described in “Part I, Item 3. Key Information—D. Risk Factors,” which
are also summarized below:
|
• |
the successful management of our business model,
as well as current and future growth, particularly with respect to the ongoing implementation of our plans to transition to a term-based
subscription license business model over time; |
|
• |
our intention to invest further in the Tufin
Orchestration Suite to extend its functionality and features; |
|
• |
our expectations regarding sales of our cloud
products; |
|
• |
competition we face in the security policy
management market, and our potential lack of sufficient financial or other resources in order to maintain or improve our competitive position;
|
|
• |
our expectations regarding growth in the market
for enterprise security and network management products; |
|
• |
our ability to compete and increase positive
market awareness of our brand, particularly with respect to markets for security policy management; |
|
• |
our expectation that policy-centric, automated
solutions will garner a growing share of enterprise security spend; |
|
• |
our expectations for growth in certain key
verticals and geographic regions and our intention to expand international operations; |
|
• |
our expectations regarding sales driven by
our relationships channel partners and our technology alliance partners through joint selling efforts and go-to-market strategies;
|
|
• |
customer relationships developed by our hybrid
sales model, including our ability to acquire new customers and retain existing customers; |
|
• |
our dependence on a single third-party manufacturer
to fulfill certain software license orders; |
|
• |
our expectations concerning seasonality and
the predictability of our sales cycle; |
|
• |
our ability to align our future and past performance
by continuing to generate sufficient revenues; |
|
• |
the compatibility and integration of our product
and service offerings with customers’ existing technology infrastructures and applications; |
|
• |
our plans to deploy additional cloud-based
subscription products and promote our brand over time, to enable more customers to consume our products beyond our existing on-premise
solutions; |
|
• |
our reliance on certain products and customers
to generate revenue; |
|
• |
compliance, managerial and regulatory risks
associated with international sales and operations; |
|
• |
the effect of any real or perceived shortcomings,
defects or vulnerabilities in our solutions; |
|
• |
political conditions and economic downturns,
particularly in areas where we operate; |
|
• |
the impact of COVID-19 on the budgets of our
customers and on economic conditions generally; |
|
• |
the effect of cybersecurity threats or attacks
on our technologies, products and services; |
|
• |
our compliance with laws, regulations
and requirements in the jurisdictions where we operate, including with respect to with data protection and privacy and export and import
control requirements; |
|
• |
the outcome of certain litigation relating
to our initial public offering; |
|
• |
our ability to adequately protect and defend
our intellectual property and other proprietary rights; |
|
• |
our ability to effectively manage, invest in,
train, grow and retain our sales force, research and development capabilities, marketing team and other key personnel; |
|
• |
our ability to maintain effective internal
controls over financial reporting; |
|
• |
the volatility of our share price and active
trading market for our shares; |
|
• |
political, economic, governmental and tax consequences
associated with our incorporation and location in Israel; |
|
• |
our expectations regarding our tax classifications.
|
Some of these factors are discussed in more detail in this annual report, including under “Part I,
Item 3. Key Information—D. Risk Factors,” “Part I, Item 4. Information on the Company” and “Part I, Item
5. Operating and Financial Review and Prospects.”
You should not rely upon forward-looking statements as predictions of future events. Although we believe
that the expectations reflected in the forward-looking statements are reasonable, we cannot guarantee that future results, levels of activity,
performance and events and circumstances reflected in the forward-looking statements will be achieved or will occur. All forward-looking
statements in this annual report speak as of the date of those statements. Except as required by law, we undertake no obligation to update
publicly any forward-looking statements for any reason after the date of this annual report, to conform these statements to actual results
or to changes in our expectations.
PART I
ITEM 1. IDENTITY OF DIRECTORS, SENIOR MANAGEMENT AND ADVISERS
Not applicable.
ITEM 2. OFFER STATISTICS AND EXPECTED TIMETABLE
Not applicable.
ITEM 3. KEY INFORMATION
| A. |
[Reserved] |
| B. |
Capitalization and Indebtedness |
Not applicable.
| C. |
Reasons for the Offer and Use of Proceeds |
Not applicable.
| D. |
Risk Factors |
Our business faces significant risks. You should carefully consider all
of the information set forth in this annual report and in our other filings with the U.S.
Securities and Exchange Commission, (the” SEC”), including the following risk factors which we face and which are faced
by our industry. If any of the following risks actually occurs, our business, financial condition and results of operations could be materially
and adversely affected. In that event, the trading price of our ordinary shares would likely decline, and you might lose all or part
of your investment. This annual report also contains forward-looking statements, as a result of certain risk factors including the risks
described below and elsewhere in this report and our other SEC filings. See also “Special Note Regarding Forward-Looking Statements
and Risk Factors Summary” on page 1 of this annual report.
Risks Related to our Business Strategy Transition
The ongoing transition in our business to a term-based subscription
license model could materially and adversely affect our financial condition, operating results and liquidity, if we fail to successfully
manage this new model, including if we are unable to secure new customer subscriptions or subscription renewals from existing customers.
In 2021, we announced our process of transitioning from a perpetual license business model to an on premises,
term-based subscription license business
model (a “term-based subscription license business model”). We believe that a term-based subscription license model will benefit
our financial results by increasing the portion of our revenue that comes from recurring revenue over the long term, and charging higher
prices for term-based licenses than we charge for the maintenance renewal of perpetual licenses today, thereby increasing the average
lifetime value we derive from our customers. We believe that such model reflects the trend of a growing number of enterprises preferring
to purchase software through subscription arrangements instead of perpetual license arrangements. While as of the date of this annual
report the initial phases of the transition have proven successful, it is uncertain whether the transition will continue to be successful
and meet the forecasts of our management and expectations of our investors.
Market acceptance of our products, the sustainability and the success of our term-based subscription license
model is dependent on our ability to enhance functionality and usability of our products to meet certain customer requirements while optimally
pricing such products taking into consideration the competitive landscape and customer demand.
This term-based subscription license business strategy may give rise to a number of risks, including the
following:
|
• |
our revenues and cash flows may fluctuate more
than anticipated over the short and mid-term; |
|
• |
if new or current customers do not desire to
consume our offerings under a subscription model, our subscription sales may lag behind our expectations; |
|
• |
the shift to a term-based subscription license
model may raise concerns among new or existing customers, resellers and investors, including concerns with respect to changes to pricing
over time and access to our products once a given subscription has expired, which could slow adoption rates; |
|
• |
our success in maintaining or implementing
our target pricing or new pricing models, product adoption and projected renewal rates, or selection of a target price or new pricing
model that is not optimal and could negatively affect our sales or earnings; |
|
• |
the shift to term-based subscription license
may create a subscription pricing disadvantage against our competition and increase our loss rates against competition; |
|
• |
our failure in implementing or maintaining
adequate subscription-based pricing models could negatively affect adoption, renewal rates and our business results. |
|
• |
if our customers do not renew their subscriptions
or do not renew them on a timely basis, our revenues may decline and our business may suffer; |
|
• |
we may incur sales compensation costs at a
higher than forecasted rate if the pace of our subscription transition is faster than anticipated; |
|
• |
we may see increased discounting behavior from
our sales force and, if we are unable to monitor, prevent and manage such discounting behavior successfully and in a timely manner, our
business and financial results will be negatively affected; |
|
• |
our sales force may not be successful in selling under a term-based subscription license model, which may
lead to increased sales headcount turnover rates; and |
|
• |
investors, industry and financial analysts may have difficulties understanding the shift in our business
model or interpret the transition to the term-based subscription license model as having a negative impact on the Company’s value,
resulting in changes in analysts’ financial analysis and impairment of the Company’s valuation |
After we will complete our transition from a perpetual license model to term-based subscription license
model, the vast majority of our revenue will be recurring in its nature and largely dependent on our customers renewing their subscription
contracts. Our ability to grow our business is dependent, in part, on our current customers renewing their existing subscriptions and
our current and prospective customers purchasing additional solutions or services after the initial term of their agreements. Though we
maintain and analyze historical data with respect to rates of customer renewals and expansions, those rates may not accurately predict
future trends in renewal of certain products and services offered by us. If our customers cancel or amend their agreements with us during
their term, do not renew their agreements, renew on less favorable terms or do not purchase additional products or solutions during the
relevant renewal periods, our revenue may grow more slowly than expected or decline and our profitability may be harmed.
Additionally, we may experience some level of attrition with existing customers, which
could lead to a fluctuation in subscription rates. Moreover, we could fail to accurately predict our customer renewal rates. Following
our transition to a term-based subscription license model, renewal rates may decline or fluctuate as a result of a number of factors,
including the level of their satisfaction with our products and services, customer merger or acquisition activity, customer budgets, the
pricing of our products compared with those offered by our competitors, technology trends, the prevailing regulatory regime and general
economic and market conditions (including as a result of the COVID-19 pandemic). If we are unable to obtain new subscriptions or our customers’
subscription renewals (either in quantity or products) decline from their current levels, our revenue or revenue growth may decline, and
our business may suffer.
We recognize revenue from a certain portion of our term-based subscription
license sales over the terms of our customers’ agreements, which
may be one year or more. As a result, a portion of the revenue we report in each quarter is deferred revenue from customer agreements
entered into during previous quarters. Consequently, a decline in new or renewed client agreements in any one quarter will not be fully
reflected in our revenue or our results of operations until future periods. Accordingly, this revenue recognition model also makes it
difficult for us to rapidly increase our revenue through additional sales in any period, as revenue from new clients must be recognized
over the applicable subscription term.
If we are required to and fail to successfully manage
any changes to our business model, including the transition of our sales to a term-based
subscription license sales model and associated services, our results of operations could be harmed.
In 2021, we announced our transition from a perpetual licenses business model to a term-based subscription
license business model. This adjustment in our business model to a term-based
subscription license model required and continues to require a considerable investment of technical, financial, legal and sales resources.
As a result, we continue to face risks associated with new and complex implementations, some of which remain uncertain to us at this stage
of the implementation process, the cost of which may differ from our expectations. We have no assurance that our investments and changes
to our operations will result in the desired growth in our subscription revenue.
Our failure in transitioning our business model to
be primarily term-based subscription may adversely affect valuation methods applied by investors
and analysts on our enterprise value.
Enterprise valuation methods may be applied differently to companies that are operating primarily under
a subscription based recurring revenue model than companies that are operating primarily under a perpetual license model. Investors and/or
analysts applying valuation methods to our company under the assumption that we will be successful with transitioning to a primarily term-based
subscription license business model, may have to adversely revise their valuations if we fail to achieve this transition in line with
their expectations.
If our maintenance or professional services are not satisfactory
to our customers, they may not renew their term-based subscription license or maintenance or contracts, which could adversely affect our
revenues and future results of operations, particularly with our transition to a term-based subscription license business model, in which
we will become significantly more dependent on renewals to meet our total revenue and profitability targets.
Our customers depend in a large part on customer support delivered through our channel partners or by us
to resolve issues relating to the use of our solutions. Our agreements with customers typically provide certain service level commitments,
including with respect to initial response time for support. Our business relies on our customers’ satisfaction with the technical
maintenance and support and professional services we provide to support our products. Our term-based subscription licenses (including
the related maintenance and support) and our perpetual license related maintenance contracts are sold on a term basis, with terms spanning
one to three years. In order for us to maintain and improve our results of operations, it is important that our existing customers renew
their maintenance and their term-based subscription license contracts at equal or higher contract value when such terms expire. For example,
our renewal rate for maintenance contracts associated with perpetual license sales in each of the years ending December 31, 2020 and 2021
was approximately 90%. If we fail to maintain customer renewal rates for term-based subscription licenses and perpetual license related
maintenance and support contracts, our revenues and results of operations could be adversely affected.
Our failure to effectively assist customers in deploying and integrating our solutions, may result in the
dissatisfaction by our customers in using our products effectively which may lead them to choose not to renew their term-based subscription
license contracts or their maintenance and support contracts or to choose not to purchase additional products and services from us. Accordingly,
our failure to provide satisfactory professional services or sufficient software upgrades could lead our customers not to renew their
agreements with us or renew on terms less favorable to us resulting in a material and adverse effect on our business and results of operations.
Operational Risks
Because we derive most of our revenues from sales of
licenses and maintenance for SecureTrack, SecureChange, SecureApp and SecureCloud, which
are all part of the Tufin Orchestration Suite – the failure of these products to satisfy customers or to
achieve increased market acceptance would adversely affect our business.
In the fiscal year ended December 31, 2021, we generated most of our revenues from sales of licenses and
maintenance for SecureTrack, SecureChange, SecureApp and SecureCloud and the Tufin Marketplace apps. We expect to continue to derive a
majority of our revenues from license and maintenance sales relating to the Tufin Orchestration Suite in the future. As such, market acceptance
of this suite of products is critical to our continued success. Demand for licenses for the Tufin Orchestration Suite is affected by a
number of factors, some of which are outside of our control, including continued market acceptance of our software by our customers and
potential customers, the viability of existing and new use cases, technological change and growth or contraction in our market. If we
are unable to continue to meet customer demands or to achieve more widespread market acceptance of our software, our business, operations,
financial results and growth prospects will be materially and adversely affected.
If we are unable to attract new customers, particularly
large organizations, our future revenues and operating results will be harmed.
Our growth strategy is dependent, in part, on our ability to attract new customers, particularly large
organizations, which we define as those comprising the Global 2000. For example, in the fiscal year ended December 31, 2021, large organizations
accounted for 64% of our revenues, excluding maintenance renewals. The size and number of customers that we add in a given period significantly
and directly impact both our short-term and long-term revenues. If we are unable to attract a sufficient number of new large organization
customers or if we attract customers that place orders of an insufficient size, we may be unable to generate revenue growth at desired
rates. The security policy management market is competitive and we cannot guarantee that we will out-perform our competitors. In addition,
in many cases, our primary competitors are in-house, manual, spreadsheet-driven processes and home-grown approaches to security management.
If potential customers perceive these competitors as having products or services that are equivalent to, or have advantages over, our
products and services, we may not be able to add new customers at the levels we expect, or may need to spend more on research and development
and sales and marketing efforts than we initially budgeted for such efforts, or we may need to lower our prices or offer sales incentives
to prospective customers. These competitive factors may have a material negative impact on our future revenues and operating results.
Sales to large organizations involve risks that may not be present (or that are present to a lesser extent)
with sales to smaller entities. These risks include:
|
• |
increased purchasing power and leverage held
by large organizations in negotiating contractual arrangements with us, including, in certain cases, clauses that provide preferred pricing
of configurations with similar specifications; |
|
• |
the timing of individual large sales, which
in some cases have occurred in a quarter subsequent to those we anticipated, or have not occurred at all; |
|
• |
longer sales cycles and the associated risk
that substantial time and resources may be spent on a potential customer that ultimately elects not to purchase our products or purchases
fewer products than we anticipated; |
|
• |
more stringent or costly requirements imposed
upon us in our maintenance and professional services contracts with such customers, including stricter response times and penalties for
any failure to meet maintenance and professional services requirements; |
|
• |
more complicated and costly implementation
processes and network infrastructure; and |
|
• |
closer relationships with, and increased dependence
upon, large technology companies who may offer competing products and have stronger brand recognition. |
If we are unable to increase sales of our solutions and products
to large organizations while mitigating the risks associated with serving such customers, our business, results of operations, prospects
and financial condition may suffer.
Our future growth also depends in part upon increasing our customer base, particularly those customers
with potentially high customer lifetime values. Our ability to achieve significant growth in revenues in the future will depend, in large
part, upon the effectiveness of our sales and marketing efforts, both in the Americas and EMEA, and our ability to attract new customers.
If we fail to attract new customers and maintain and expand those customer relationships, our revenues may be adversely affected, and
our business will be harmed.
Our business depends substantially on our ability to
retain existing customers and expand our offerings to them, and our failure to do
so could harm future results of operations.
We generate a significant portion of our revenues from sales to existing customers and our business depends
substantially on our ability to retain customers and expand our offerings to them. For example, during the fiscal year ended December
31, 2021, we generated approximately 73.1% of our revenues, excluding maintenance renewals, from sales to existing customers. We currently
offer four products that comprise the Tufin Orchestration Suite: SecureTrack, SecureChange, SecureApp and SecureCloud. The majority of
our customers initially purchase SecureTrack to monitor part of their networks. Initial product deployments frequently expand across departments,
divisions and geographies and result in the purchase of additional products, such as SecureChange and SecureApp. We also expect SecureCloud,
which allows for visibility and control of the security posture in cloud-native and hybrid cloud environments, to contribute to our revenues
over time. During 2020, we introduced the Tufin Marketplace, where customers can find and deploy applications and extensions that enhance
the overall value of their Tufin security policy management implementations. A number of the applications in the Marketplace, including
the Vulnerability Mitigation App, released in July of 2020, require a paid license and are expected to generate revenue in the future.
The rate at which our existing customers purchase additional products and services depends on a number
of factors, including the perceived need for additional IT security, our customers’ IT budgets, the efficacy of our solutions, general
economic conditions, (including with respect to the COVID-19 pandemic) our customers’ overall satisfaction with our products and
services (including their willingness to participate in our term-based subscription license model), and the continued growth and
economic health of our customer base. If our efforts to sell additional products and services to our customers are not successful, our
future revenues and operating results will be harmed.
Additionally, we devote significant efforts to developing and marketing product updates to existing customers
and rely on these efforts for a portion of our revenues. This requires a significant investment in building and maintaining customer relationships,
as well as significant research and development efforts in order to launch product updates and new products. Our future success depends,
in part, on our ability to continue to expand sales of our current product offerings to existing customers, sell additional licenses for
our current products to our existing customers and develop and sell new products to existing customers and receive subscription and maintenance
renewals.
We face competition in the security policy management
market in which we operate, and we may lack sufficient financial or other resources
to maintain or improve our competitive position.
We face competition in the security policy management market in which we operate. In many cases, our primary
competition is in-house, manual, spreadsheet driven processes and home-grown approaches to security management, and we and our channel
partners may not be successful in educating and familiarizing potential customers with the value associated with our products and services.
Our direct competitors include vendors such as AlgoSec, Inc., FireMon, LLC and Skybox Security LLC, which offer solutions comparable to
all or some of our products or product features. We also indirectly compete with large security companies that offer a broad array of
traditional security management solutions, such as Palo Alto Networks, Inc. and Cisco Systems, Inc., for a share of enterprises’
IT security budgets.
Some of our competitors are large companies that have the technical and financial resources and broad customer
bases and already have existing relationships as a trusted vendor for other products. Such companies may use these advantages to offer
products and services that are perceived to be as effective as ours at a lower price or for free as part of a larger product package or
solely in consideration for maintenance and professional services fees. As the security policy management market grows, we expect competition
to increase in the future from both existing competitors and new companies that may enter our markets. Some of our competitors may develop
different products that compete with our current solutions and respond more quickly and effectively than we do to new or changing opportunities,
technologies, standards or client requirements, including in cloud-native environments.
Organizations that use other products or home-grown tools may believe that these products or tools are
sufficient to meet their security policy management needs or that our products only serve the needs of a portion of the enterprise security
market. Accordingly, these organizations may continue allocating their IT budgets for other products, and may not adopt our products.
Further, many organizations have invested substantial personnel and financial resources to design and operate their networks and have
established deep relationships with other providers of networking and security products. As a result, these organizations may prefer to
purchase from their existing suppliers rather than add or switch to a new supplier, such as us, regardless of product performance, features,
or greater services offerings or may be more willing to incrementally add solutions to their existing security infrastructure from existing
suppliers than to replace it wholesale with our solutions.
Our current and potential competitors may also establish cooperative relationships among themselves or
with third parties that may further enhance their resources. For instance, in February of 2020, a direct competitor of ours, AlgoSec,
Inc., announced that they have entered into an agreement with Cisco Systems Inc. in which AlgoSec’s products were listed in Cisco’s
price list and can be sold by some of Cisco’s sales force, expanding AlgoSec’s potential market reach. Current or potential
competitors may be acquired by third parties with greater available resources. As a result of such acquisitions, our current or potential
competitors might be able to adapt more quickly to new technologies and customer needs, devote greater resources to the promotion or sale
of their products and services, initiate or withstand substantial price competition, take advantage of other opportunities more readily
or develop and expand their product and service offerings more quickly than we do.
If we fail to maintain successful relationships with
our channel partners, or if our channel partners fail to perform, our ability to market,
sell and distribute our solutions will be limited, and our business, financial position and results of operations will be harmed.
We sell our products and services through our sales force, including our field sales team and our inside
sales team, which works closely with our global network of over 150 active channel partners as of December 31, 2021. Our channel partners
include distributors and resellers, as well as service delivery partners that help customers successfully deploy, configure, customize
and maintain our products and services. Our channel partners fulfill orders constituting substantially all of our revenues. Certain of
our new customer leads are generated by our channel partners. For the years ended December 31, 2020 and 2021, our two largest channel
partners accounted for 15% and 15% of our revenues and 9% and 12% of our revenues, respectively. Our agreements with these channel partners
provide that each partner agrees to sell and distribute our products within certain territories for one year. These agreements are nonexclusive
and non-transferable, and automatically renew unless terminated by either party after providing prior written notice. As of December 31,
2021, three of our channel partners accounted for 10% or more of our accounts receivable, accounting for an aggregate of 39% of our accounts
receivable. Our engagements with these channel partners are generally based on separate contractual relationships with different business
units across multiple jurisdictions rather than on a single agreement.
As a result of this concentration, if a channel partner ceases to perform services for us, we may face
disruptions in deploying solutions to our customers. Additionally, we are exposed to the credit risk of our channel partners in the event
they become insolvent while owing us payment. If our channel partners do not effectively provide support to the satisfaction of our customers,
we may be required to provide additional support to such customers, which would require us to invest in additional personnel and may require
us to devote significant time and resources and divert attention away from other customers or opportunities. If our channel partners do
not effectively market and sell our solutions, or choose to use greater efforts to market and sell the products and services of our competitors,
our ability to grow our business may be adversely affected.
Our relationships with channel partners have been, and could in the future be, terminated with little or
no notice if they become subject to bankruptcy or other similar proceedings. The loss of our major channel partners, the inability to
replace them or the failure to recruit additional channel partners could materially and adversely affect our results of operations. If
we are unable to maintain our relationship with channel partners or otherwise develop and expand our sales channels, or if our channel
partners fail to perform, our business, financial position and results of operations could be adversely affected.
We depend on a single third-party hardware manufacturer
for the hardware that we use to fulfill certain orders for our software licenses,
and delays or disruptions in fulfilling such orders could materially and adversely impact our operations.
We depend on a single third-party manufacturer to supply the computer hardware on which our licensed software
is installed for certain customers. Specifically, when placing an order, a customer may elect to download our software onto its own computer
hardware that meets our specifications or to purchase computer hardware from us with our software pre-installed. In the years ended December
31, 2020 and 2021, transactions in which customers purchased software pre-installed on computer hardware that we supplied accounted for
21% and 22%, respectively, of our sales. Our computer hardware supplier fulfills our requirements on a purchase order basis and we hold
only limited inventory. We do not have a long-term contract with the supplier that guarantees capacity or the continuation of particular
pricing terms. There are alternative suppliers for the computer hardware, but that hardware would initially not be optimized for our software.
In addition, continuation or exacerbation of the global supply chain challenges, whether resulting
from the COVID-19 pandemic or for reasons otherwise unrelated, may impact our ability to forecast and control hardware costs. For instance,
given our dependency on a single third-party manufacturer, our operations may be adversely affected by disruptions or delays to the supply
chain resulting from temporary closures of our manufacturer’s facilities, spikes in demand for our manufacturer’s services
from other customers, interruptions in product supply or insufficient supply of relevant component parts, restrictions on export or shipment
or disruptions in product fulfillment due to closure or delays of our manufacturer’s delivery process. Furthermore, in the
event of a disruption in supply, we would need to inform customers with pending orders regarding the change in hardware and offer them
the choice of supplying their own hardware or using alternate hardware that we would supply, both of which may cause delays in the timely
fulfillment of their orders. This could have a material adverse effect on our business and results of operations.
Our sales cycle is long and unpredictable, which may cause significant
fluctuations in our quarterly results of operations.
The timing of our sales and related revenue recognition is difficult to predict because of the length and
unpredictability of the sales cycle for our products and services. We and our channel partners often spend significant time and resources
to better educate and familiarize potential customers with the value proposition of our products and solutions. Our sales cycle usually
lasts several months from proof of concept to purchase order from our customers, and it is often even longer, less predictable and more
resource-intensive for larger transactions. Customers may also require additional internal approvals or seek to test our products for
a longer trial period before deciding to purchase our solutions. Furthermore, even if we close a large transaction during a given quarter,
we may be unable to recognize the revenues derived from such a transaction due to our revenue recognition policy. See “Item 5.A.
Operating and Financial Review and Prospects—Operating Results—Application of Critical Accounting Policies and Estimates—Revenue
Recognition.”
In addition, in the past, customers have deferred significant purchases to the last quarter of the year
when they can determine what amount of their annual budget remains unused. As a result, the timing of individual sales can be difficult
to predict. We generally expect an increase in business activity as we approach our fiscal year end in December, driven by our customers’
buying patterns. We believe that these seasonal trends will continue to affect our quarterly results. Large individual sales have, in
some cases, occurred in quarters subsequent to those we anticipated or have not occurred at all. The loss or delay of one or more large
transactions in a quarter could impact our anticipated results from operations for that quarter and future quarters for which revenues
from those transactions are delayed. We may not be able to accurately predict or forecast the timing of sales, which has caused and could
again cause our results to vary significantly from our expectations and the expectations of market analysts. In addition, we might devote
substantial time and effort to a particular unsuccessful sales effort, and as a result we could lose other sales opportunities or incur
expenses that are not offset by an increase in revenue, which could harm our business.
The recent increase to our revenue may not be indicative of our
future performance.
For the years ended December 31, 2020 and 2021, our revenues were $100.8 million and $110.9 million, respectively,
representing a year-over-year increase of 10%. Our revenue growth may not be indicative of our future performance and we may not return
to our growth rate trajectory reported prior to the fiscal year ended December 31, 2019. Factors that could impact our ability to return
to significant revenue growth include the impact of COVID-19 on customer demand for our products and services, the unsuccessful transition
to a term-based subscription license business model, our ability to increase the size or efficiency of our sales force, our ability
to achieve repeat purchases by existing customers, our ability to successfully compete with other companies and the extent to which we
are successful in securing large-scale deployments, particularly among our large, Global 2000 customers. If we are unable to increase
revenues, our share price could experience volatility, and our ability to achieve and maintain profitability could be adversely affected.
Our business and operations have slowed down in relation
to recent periods of growth, and if we do not appropriately manage our current
business and operations, our results of operations may not return to previous growth rates and outputs.
During previous fiscal periods, we experienced growth that placed significant demands on our management,
administrative, operational and financial infrastructure. During the year end December 31, 2021, we were required to adapt to a variety
of challenging economic conditions, including COVID-19, as well as increasing recruitment efforts initiated by competitors, threatening
both our ability to maintain current talent and hire potential talent. Specifically, as of December 31, 2021, we had 542 employees and
contractors compared to 533 as of December 31, 2020. While we expect that the completion of our transition to a term-based subscription
license business model will have a positive impact on our business in the long term, we cannot guarantee that our business and operations
will return to the growth rates experienced in previous fiscal periods.
Our success will depend in part upon, among other things, our ability to manage and increase the productivity
of our existing employees, particularly our sales force, and hire, train, and manage new employees and expand our network of channel partners.
To manage the domestic and international growth of our operations and personnel, we will need maintain or to continue to improve our operational,
financial, and management controls, as well as our reporting processes and procedures.
These additional investments will increase our operating costs, which will make it more difficult for us
to offset any future revenue shortfalls by reducing expenses in the short term. We may not be able to successfully acquire or implement
these or other improvements to our systems and processes in an efficient or timely manner, or once implemented, we may discover deficiencies
in their capabilities or effectiveness. We may experience difficulties in managing improvements to our systems and processes or in integrating
with third-party technology. In addition, our systems and processes may fail to prevent or detect errors, omissions or fraud. Our failure
to improve our systems and processes, or their failure to operate effectively and in the intended manner, may result in the disruption
of our current operations and customer relationships, our inability to manage the growth of our business and our inability to accurately
forecast and report our revenues, expenses and earnings, any of which may materially harm our business, results of operations, prospects
and financial condition.
We have a history of losses, and we may not be able to generate
sufficient revenues to achieve and sustain profitability.
We have incurred net losses in each period since our inception, including net losses of $35.4 million and
$36.9 million for the years ended December 31, 2020 and 2021, respectively. As of December 31, 2021, our accumulated deficit was $140.8
million. We expect our operating expenses to increase significantly as we continue to expand our sales and marketing efforts, in part,
by building our sales force, continuing to devote significant research and development resources to develop our solutions and continuing
to expand our operations in existing and new geographies and vertical markets. In addition, as we transition to a term-based subscription
license business model, our revenues and cash flows may fluctuate more than anticipated over the short-term. We cannot assure investors
that we will achieve profitability in the future or that, if we do become profitable, we will be able to sustain profitability.
If third-party applications and network products change
such that we do not or cannot maintain the compatibility of our products and
solutions with these third-party applications and products, or if we fail to provide integrations that our customers desire, demand for
our solutions and products could decline.
The attractiveness of our products depends, in part, on our ability to integrate with third-party applications
and network products that our customers use or desire to use. Third-party providers may change the features of their applications and
platforms or alter the terms governing use of their applications and platforms in an adverse manner. Further, third-party application
providers may refuse to partner with us, or limit or restrict our access to their applications and platforms. Such changes could functionally
limit or terminate our ability to use these third-party applications and systems with our products, which could negatively impact our
offerings and harm our business. If we fail to integrate our products with new third-party applications that our customers desire, or
to adapt to the requirements of such third-party applications and platforms, we may not be able to offer the functionality that our customers
expect, which would negatively impact our ability to retain current customers or obtain new customers. As a result, our offerings and,
consequently, our business, could be adversely harmed.
If our products and services do not effectively interoperate
with our customers’ existing or future IT infrastructures, deployments and integrations
could be delayed or canceled, which would harm our business.
Our products and services must effectively interoperate with our customers’ existing or future IT
infrastructure, which often has different specifications, utilizes multiple protocol standards, deploys products from multiple vendors
and contains multiple generations of products that have been added over time. As a result, when problems occur in a network, it may be
difficult to identify the sources of these problems. If we find errors in the existing software or defects in the hardware used in our
customers’ infrastructure or problematic network configurations or settings, we may have to modify and improve our software so that
our products will integrate with our customers’ infrastructure. In such cases, our products may be unable to support some of the
configurations or protocols used in our customers’ infrastructure. These issues could cause longer deployment and integration times
for our products and could cause order cancelations, either of which would adversely affect our business, results of operations and financial
condition. Additionally, any changes in our customers’ IT infrastructure that degrade the functionality of our products or services
but which are better supported by competitive software, could adversely affect the adoption and usage of our products.
If we are unable to increase market awareness of our
company and our solutions, or fail to successfully promote or protect our brand,
our competitive market position and revenues may not continue to grow or may decline.
We believe that improved awareness of our brand and the value proposition of our solutions will be essential
to our continued growth and our success. Many factors, some of which are beyond our control, are important to maintaining and enhancing
our brand, including our ability to increase awareness among existing and potential channels partners through various means of marketing
and promotional activities. For example, as a result of various restrictions implemented by governments across the globe as a response
to COVID-19, we were compelled to adjust the way in which we market and sell our products, either by way of virtual conferences or otherwise.
We cannot guarantee that we will be successful in our transition to a more virtually-inclined marketing and sales model, and if unsuccessful
our results of operations may be materially and adversely affected. If our marketing efforts are unsuccessful in improving market awareness
of our brand and our solutions, then our business, results of operations, prospects, and financial condition will be adversely affected,
and we will not be able to achieve sustained growth.
Moreover, due to the intensely competitive nature of our market, we believe that building and maintaining
our brand and reputation is critical to our success and that the importance of positive brand recognition will increase as competition
in our market may further intensify. While we believe that we are successfully building a well-established brand and have invested and
expect to continue to invest substantial resources to promote and maintain our brand, both domestically and internationally, there can
be no assurances that our brand development strategies will enhance our reputation or brand recognition or lead to increased revenue.
Furthermore, an increasing number of independent industry analysts and researchers, such as Gartner, IDC
and 451 Research LLC, regularly evaluate, compare and publish reviews regarding the functionality of security products and services, including
our solutions. These reviews may significantly influence the market perception of our solutions. We do not have any control over the content
of these independent industry analysts and researchers’ reports, and our reputation and brand could be harmed if they publish negative
reviews of our solutions or do not view us as a market leader. The strength of our brand may also be negatively impacted by our competitors’
marketing efforts, which may include incomplete, inaccurate and misleading statements about our business, products and services. If we
are unable to maintain a strong brand and reputation, sales to new and existing customers could be adversely affected, and our financial
performance could be harmed.
Our business and reputation could be harmed based on
real or perceived shortcomings, defects or vulnerabilities in our solutions or the
failure of our solutions to meet customers’ expectations.
Our products are designed to assist customers in the management of their IT networks, enhance visibility
and control across their networks, ensure compliance with security standards and embed security enforcement into their workstreams. However,
despite the implementation of security measures, the solutions we sell to customers, including our cloud-based solutions, could contain
vulnerabilities that are not capable of being remedied or detected until after their deployment. If we fail to update our products to
remedy, detect or prevent such threats, our business and reputation will suffer. Moreover, as our solutions are adopted by an increasing
number of enterprises and governmental entities, including the U.S. federal government, cyberattacks may focus on finding ways to defeat
our solutions. The data stored in our products’ database is highly sensitive, and includes our customers’ current enterprise-wide
network configuration and security policies. If our products’ security configuration is breached, this data could be used by malicious
actors, including external hackers and rogue employees within our customers’ organizations, to plan how they could effectively traverse
our customers’ networks and gain unauthorized access to critical systems and data. A breach or theft of our customers’ sensitive
business data, regardless of whether the breach or theft is attributable to the failure of our products, could adversely affect the market’s
perception of the efficacy of our solutions and current or potential customers may look to our competitors for alternatives to our solutions.
The failure of our products may also subject us to lawsuits and financial losses stemming from indemnification of our partners and other
third parties, as well as the expenditure of significant financial resources to analyze, correct or eliminate any vulnerabilities. Although
we seek to limit our financial exposure in such circumstances through caps on our indemnification obligations to customers, customers
may litigate the enforceability of such caps and it is possible that such litigation may be successful in certain circumstances. Any such
event could also cause us to suffer reputational harm, lose existing customers or deter them from purchasing additional products and services
and prevent new customers from purchasing our solutions.
Our increasing focus on expanding security policy management
to cloud-native environments presents execution and competitive risks.
While many organizations see the cloud as a scalable extension of their existing data center, some are
adopting the DevOps approach to cloud application development. Pricing and delivery models in the cloud are evolving. Different usage
models and network security architectures in the cloud influence customers’ choice of cloud-based security products. Our ecosystem
must continue to evolve with this changing environment. We plan to devote significant resources to develop and deploy our cloud-based
capabilities. Unlike traditional enterprise applications, in which every connectivity change is controlled and managed by IT, in cloud-native
environments, the developers and DevOps engineers have administrative rights over some of the infrastructure. The connectivity decisions
and changes made by developers in cloud-native applications can have an immediate impact on the organization’s security posture,
with little or no oversight by the security team. Our success in developing cloud-native solutions is connected with the fragmentation
of enterprise networks between on-premise networks and the cloud environment, the growing use of cloud infrastructure and cloud-native
development environments and the level of adoption of cloud platforms such as such as Google Cloud, Amazon Web Services, or AWS and Microsoft
Azure.
We may not establish sufficient market share to achieve the scale necessary to achieve our business objectives.
If we are not effective in executing organizational and technical changes to increase efficiency and accelerate innovation, or if we fail
to generate sufficient usage of our new products and services, we may not grow revenues in line with the infrastructure and development
investments described above.
Our business depends, in part, on sales to the public
sector, and significant changes in the contracting or fiscal policies of the public sector
could have an adverse effect on our business.
We derive a portion of our revenues from sales of our solutions to federal, state, local and foreign governments,
and we believe that the success and growth of our business will continue to depend in part on our successful procurement of government
contracts. Factors that could impede our ability to maintain or increase the amount of revenues derived from government contracts include:
|
• |
changes in fiscal or contracting policies;
|
|
• |
decreases in available government funding;
|
|
• |
changes in government programs or applicable
requirements; |
|
• |
the adoption of new laws or regulations or
changes to existing laws or regulations; and |
|
• |
potential delays or changes in the government
appropriations or other funding authorization processes. |
The occurrence of any of the foregoing could cause governments and governmental agencies to delay or refrain
from purchasing our solutions or otherwise have an adverse effect on our business, operating results and financial condition.
We are subject to a number of risks associated with international
sales and operations.
We operate a global business with offices located primarily in Israel and the United States. In the year
ended December 31, 2021, we generated 51.3%, 42.3% and 6.4% of our revenues from customers in the Americas, EMEA and APAC, respectively.
Business practices in the international markets that we serve may differ from those in the United States and may require us to include
non-standard terms in customer contracts, such as extended payment or warranty terms. To the extent that we enter into customer contracts
that include non-standard terms related to payment, warranties, or performance obligations, our results of operations may be adversely
impacted.
Additionally, our international sales and operations are subject to a number of risks, including the following:
|
• |
greater difficulty in enforcing contracts and
managing collections, as well as longer collection periods; |
|
• |
higher costs of doing business internationally,
including costs incurred in establishing and maintaining office space and equipment for our international operations; |
|
• |
management communication and integration problems
resulting from cultural and geographic dispersion; |
|
• |
risks associated with trade restrictions and foreign legal requirements, including any importation, certification,
and localization of our products that may be required in foreign countries; |
|
• |
greater risk of unexpected changes in regulatory
practices, tariffs and tax laws and treaties; |
|
• |
compliance with anti-bribery laws, including,
without limitation, compliance with the U.S. Foreign Corrupt Practices Act, the bribery sections of the Israeli Penal Law, 5737-1977 and
the U.K. Bribery Act; |
|
• |
heightened risk of unfair or corrupt business
practices in certain geographies and of improper or fraudulent sales arrangements that may impact financial results and result in restatements
of, or irregularities in, financial statements; |
|
• |
the uncertainty of protection for intellectual
property rights in some countries; |
|
• |
fluctuations in currency exchange rates; |
|
• |
general political and economic conditions,
including due to the impact of COVID-19, in these foreign markets; and |
|
• |
double taxation of our international earnings
and potentially adverse tax consequences due to changes in the tax laws of the United States, Israel or the other jurisdictions in which
we operate. |
These and other factors could harm our ability to generate future international revenues and, consequently,
materially impact our business, results of operations and financial condition.
Economic and External Risks
The security policy management market is rapidly evolving
and difficult to predict. If the market does not continue to develop as we anticipate
or if our target customers do not adopt our solutions, our revenues may not grow as expected and our share price may decline.
We believe our future success depends in large part on growth in the security policy management market
in which we compete. The security policy management market is subject to rapid technological change, evolving industry standards and a
shift in the enforcement or scope of regulations to which our customers are subject, as well as changing customer needs, requirements
and preferences. As such, it is difficult to predict important market trends, including potential growth. For example, organizations that
currently use homegrown tools may believe that they already have sufficient security policy management products. Therefore, such organizations
may allocate all or most of their network infrastructure budgets on other products and may not adopt our solutions in addition to or in
lieu of other existing solutions. If the security policy management market does not continue to develop in the way we anticipate or if
organizations do not recognize the benefits our solutions offer in addition to or in place of other existing solutions, then our revenues
may not grow as expected and our share price could decline.
COVID-19, including the efforts to mitigate its impact,
have, and may continue to have, an impact on our business, liquidity,
results of operations, financial condition and price of our securities.
The ongoing COVID-19 pandemic, as well as the measures designed to contain and mitigate its effects, have
had and will likely continue to have an impact on our business and operations, as well as the operations of our customers. Current efforts
to contain or mitigate the spread of COVID-19 and its variants include governmental mandates or voluntary elections taken by companies
as preventative measures (e.g. travel restrictions, work from home and quarantine requirements). In the event future variants emerge and
trigger additional restrictions and other preventative measures, such efforts may contribute to an economic downturn, which could decrease
consumer spending on our products and services, as well as impact our ability to expand our customer base or provide additional services
to our current customers.
In response to the foregoing COVID-19 restrictions and as part of our ongoing effort to remain operational,
we previously implemented, and continue to implement, a hybrid remote work arrangement where we maintain a limited onsite presence in
our offices worldwide. To date, we believe such remote work has not had a material adverse impact on our productivity, business and operations.
However, due to the uncertainty surrounding the COVID-19 pandemic, prolonging remote work arrangements could cause interruptions to our
business continuity and the timing and execution of our business plans as well as our ability to provide our customers effectively and
timely with our services, particularly if such arrangements become ineffective or if there is a natural disaster, power outage, connectivity
issue, technology failure or other event that would inhibit the ability of our employees to work remotely. Furthermore, the increase in
remote work arrangements has heightened the risk of cybersecurity incidents, data breaches or cyber-attacks in the jurisdictions where
we operate. Any such incident, breach or attack that occurs with respect to, or is directed at us could have a materially adverse effect
due to, among other things, the loss of proprietary data, interruptions or delays in our operations, damage to our reputation and any
government-imposed penalties. In addition, continuous remote work arrangements could result in increased turnover or make it more difficult
to train new employees. For more information, see “Our ability to enhance our products may be harmed if we are unable to attract
and retain sufficient research and development personnel and other highly-skilled engineers, and if we are unable to generate an adequate
return on our investment in research and development.”
The full impact of COVID-19 on our business and future performance is uncertain due to, among other factors,
the emergence and spread of COVID-19 variants, vaccine administration rates and the efficacy of government policies. While our revenues
increased in the year ended December 31, 2021 compared to the year ended December 31, 2020, the occurrence of any of these factors could
produce future adverse effects by making it more difficult for us to attract new customers and expand within our existing customer base.
A prolonged pandemic could also result in extended customer sales cycles; reduced demand for our products and services; lower renewal
rates; delayed spending on, or reduced payment frequencies with respect to, our solutions; lower revenue from new customers; or impairment
of our ability to collect accounts receivable. We will continue to evaluate our financial position and take the appropriate measures,
as necessary, in light of future developments relating to COVID-19.
Estimates of market opportunity and forecasts of market
growth included in this annual report and in our public disclosures may prove
to be inaccurate.
Growth forecasts included in this annual report and in our public disclosures relating to our market opportunity
and the expected growth in the security policy management market, which are subject to significant uncertainty, may prove to be inaccurate.
We believe our policy management and automation functionalities define a new market, and we are not aware of any third-party research
that accurately defines the scope of our directly addressable opportunity. As such, in early 2019 we estimated the market size using third-party
data and, when third-party data was not available, internal estimates. We segment enterprises based on our estimates of their network
infrastructure size and their need for our solutions across their networks, and apply an average annual billings figure per segment based
on an estimated prior five years of inventory, resulting in an estimated directly addressable market of $10.3 billion, which includes
on-premise firewalls, private cloud and public cloud orchestration segments.
The addressable market we estimate may not materialize for many years. Even if the markets in which we
compete meet the size estimates and growth forecast in this annual report or in our public disclosures, our business could fail to grow
at similar rates. Our growth is subject to many factors, including our success in implementing our business strategy, which is subject
to many risks and uncertainties. Accordingly, the forecasts of market growth included in this annual report or in our public disclosures
are not indicative of our future growth.
Our investment portfolio may be adversely affected by market conditions
and interest rates.
We maintain substantial balances of liquid investments for operational and general corporate purposes.
Our marketable securities amounted to $41.7 million as of December 31, 2021, of total $89.4 million of cash and cash equivalents, restricted
bank deposits, short-term marketable securities and long-term marketable securities. Our investments in marketable securities might be
negatively affected by liquidity, credit deterioration, financial results and interest rate fluctuations, as well as other factors which
may be impacted by market downturns or events that affect global financial markets. We generally buy and hold our marketable securities
portfolio with the objective to minimize the potential risk of principal loss. Our investment policy sets limits for minimum credit rating
and maximum concentration per issuer, as well as maximum time to maturity. Our investments consist primarily of government and corporate
debentures.
Although we believe that we generally adhere to conservative investment guidelines, the continuing uncertainty
in the financial markets, including due to COVID-19 and its impacts on global economic conditions, may result in impairments of the carrying
value of our investment assets. Any significant decline in our financial income or the value of our investments as a result of the changes
in interest rates and interest rate expectations of the financial markets, deterioration in the credit rating of the securities in which
we have invested, or general market conditions, could have an adverse effect on our results of operations and financial condition.
Prolonged economic uncertainties or downturns could negatively impact
our customers’ businesses and cause them to reduce their spending on security policy management, which could impact our ability
to sell our products and services, reduce our revenues and materially adversely affect our business.
Our business depends on our current and prospective customers’ ability and willingness to invest
money in security policy management, which in turn is dependent upon their overall economic health. Negative economic conditions in the
global economy, particularly in the United States and the EMEA, could cause a decrease in business investments, including corporate spending
on security software and adversely impact the security policy management market and, therefore, our ability to grow our business. These
conditions include, for instance, those resulting from COVID-19, changes in gross domestic product growth, potential future government
shutdowns or restrictions, financial and credit market fluctuations or the unavailability of credit. The Americas accounted for the majority
of our revenues in each of the fiscal years ended December 31, 2019, 2020 and 2021. EMEA also accounted for a significant portion of our
revenues in each of the fiscal years ended December 31, 2020 and 2021, with revenues generated in Germany 29% and 30%, respectively, of
EMEA revenues. Economic downturns and geopolitical challenges in the Americas, EMEA or certain other parts of the world critical to our
operations may cause our customers in those locations to reevaluate decisions to purchase our solutions or to delay or reduce their technology
purchasing decisions, which could adversely impact our results of operations. For instance, rising tensions between Russia and Ukraine,
recently resulting in Russia’s invasion of Ukraine, and the possibility of retaliatory measures taken by the U.S. and NATO have
created global security concerns that could have a lasting adverse impact on regional and global economies, and in turn, on our customers’
decision to purchase our products.
In addition, a significant portion of our revenues is generated from customers in the financial services
industry, including banking and insurance, as well as the telecommunications industry. In the fiscal years ended December 31, 2020 and
2021, we generated approximately 48% and 45%, respectively, of our revenues from customers in the financial services and telecommunications
industries. Negative economic conditions may cause customers in those industries to reduce or delay their IT spending. Customers may delay
or cancel IT projects, choose to focus on in-house development efforts or seek to lower their costs by renegotiating maintenance and support
agreements. To the extent our current and potential customers consider purchases of licenses for our software to be discretionary and
choose to delay or reduce their IT spending, our revenues could be disproportionately affected.
Legal, Regulatory and Security Risks
Our business and reputation could be harmed if cybersecurity risks
materialize.
Our customers face increasingly sophisticated and targeted cyberthreats, including as a result of the increase
in remote working arrangements due to COVID-19. Many of our enterprise customers are experiencing more cyberthreats as enterprise networks
are becoming increasingly fragmented with firewalls from different vendors, public and private clouds and microservices in containers.
Security risks include, but are not limited to, unauthorized use or disclosure of customer data, theft
of proprietary information, theft of intellectual property, theft of Personal Identifiable Information (PII), theft of financial
data and financial reports, loss or corruption of customer data and computer hacking attacks or other cyberattacks. While our products
and services specifically aim to offer solutions to these risks, they may nevertheless contain vulnerabilities to such threats, which
are a growing and evolving risk and are often difficult or impossible to detect for long periods of time or to successfully defend against.
Successful attacks, whether through external or internal actors, could harm the confidentiality, integrity
and availability of personal data and other sensitive information, as well as the integrity and availability of our systems, products
and services in a manner that could materially and adversely affect our business. Because techniques used to obtain unauthorized access
or sabotage systems change frequently and generally are not identified until they are launched against a target, we may be unable to anticipate
these techniques or to implement adequate preventative measures. Efforts to implement preventative measures could require us to expend
significant capital and other resources to alleviate the problem and to improve technologies, impair our ability to provide services to
our customers and protect the privacy of their data, result in product development delays, compromise confidential or technical business
information, harm our competitive position, result in theft or misuse of our intellectual property or other assets and expose us to substantial
litigation expenses and damages, indemnity and other contractual obligations, government fines and penalties, mitigation expenses, costs
for remediation and incentives offered to affected parties, including customers, other business partners and employees, in an effort to
maintain business relationships after a breach or other incident, and other liabilities. In addition, such a security breach could impair
our ability to operate our business, including our ability to provide maintenance and support services to our customers. If this happens,
our revenues could decline and our business could suffer. In addition, if we suffer a highly publicized security breach, even if our products
and solutions perform effectively, such a breach could cause us to suffer reputational harm, lose existing commercial relationships and
customers or deter customers from purchasing additional solutions and prevent new customers from purchasing our solutions. We are continuously
working to improve our IT systems, products and services, together with creating security boundaries around our critical and sensitive
assets. We provide advanced security awareness training to our employees and contractors that focuses on various aspects of the cybersecurity
world. All of these steps are taken in order to mitigate the risk of attack and to ensure our readiness to responsibly handle any security
violation or attack. However, because techniques used to obtain unauthorized access or to sabotage systems change frequently and generally
are not recognized until successfully launched against a target, we may be unable to anticipate these techniques or to implement adequate
preventative measures.
We have experienced and expect to continue to experience attempted cyberattacks on our IT systems or networks.
To date, none of these attempted cyberattacks has had a material effect on our operations or financial condition. While we devote significant
resources to network security, data encryption and other security measures to protect our systems and data, including our own proprietary
information and the confidential and personally identifiable information of our customers, employees and channel partners, these measures
cannot provide absolute security.
We are subject to data protection and privacy laws,
regulations, standards, and contractual obligations, the breach of which could subject
us to fines and harm our reputation.
We are subject to an expanding number of domestic, international and contractual legal requirements regarding
privacy, personal data rights and data protection (“Applicable Data Obligations“). The Applicable Data Obligations continue
to evolve and address a range of issues, including restrictions or technological requirements regarding the collection, use, storage,
protection, retention, and transfer of personal data. Violation of the Applicable Data Obligations could result in substantial fines,
penalties and related defense costs. For example, the GDPR provides for penalties that could reach up to20 million Euros, or in the case
of an undertaking, up to 4% of a company’s global turnover of the preceding year for the most serious violations, as well as the
right to compensation for financial or non-financial damages claimed by individuals under Article 82 of the GDPR.
Additionally, we are also subject to the California Consumer Privacy Act (“CCPA”), which came
into effect in January 2020 and imposes heightened transparency obligations, adds restrictions on the “sale” of personal information,
and creates new data privacy rights for California residents and carries significant enforcement penalties for non-compliance. The California
Attorney General enforces the CCPA and can seek an injunction and civil penalties up to $7,500 per intentional violation and $2,500 per
other violation. The CCPA also provides California consumers a private right of action for certain data breaches where they can recover
up to $750 per incident, per consumer or actual damages, whichever is greater, and which is expected to increase data breach litigation.
The CCPA may require us to modify our data practices and policies and to incur substantial costs and expenses in order to comply.
On November 3, 2020, California voters passed the California Privacy Rights Act (“CPRA”) into
law, which will take effect in January 2023 and will significantly modify the CCPA, potentially resulting in further uncertainty and requiring
us to incur additional costs and expenses in an effort to comply. More generally, some observers have noted the CCPA and CPRA could mark
the beginning of a trend toward more stringent U.S. federal privacy legislation, which could increase our potential liability and adversely
affect our business.
In addition, we are subject to the Israeli Privacy Protection Law 5741-1981 (the “PPL”), and
its regulations, including the Israeli Privacy Protection Regulations (Data Security) 2017 (“Data Security Regulations”, and
collectively ”Israeli Law”), which impose obligations with respect to the manner personal data is processed, maintained, transferred,
disclosed, accessed and secured, as well as the guidelines of the Israeli Privacy Protection Authority. Failure to comply with the Israeli
Law may expose us to administrative fines, civil claims (including class actions), and in certain exceptional and unusual circumstances,
criminal liability. The Israeli Privacy Protection Authority may initiate administrative inspection proceedings, from time to time, without
any suspicion of any particular breach of the PPL, as the Authority has done in the past with respect to dozens of Israeli organizations
in various sectors. In addition, to the extent that any administrative supervision procedure is initiated by the Israeli Privacy Protection
Authority that reveals certain irregularities with respect to our compliance with the PPL, in addition to our exposure to administrative
fines, civil claims (including class actions) and in certain cases criminal liability, we may also need to take certain remedial actions
to rectify such irregularities, which may increase our costs.
Any failure or perceived failure by us to comply with our posted privacy policies, our privacy-related
obligations to users or other third parties, or any other legal obligations or regulatory requirements relating to privacy, data protection,
or data security, may result in governmental investigations or enforcement actions, litigation, claims, or public statements against us
by consumer advocacy groups or others and could result in significant liability, cause our users to lose trust in us, and otherwise materially
and adversely affect our reputation and business.
These and other legal requirements may be interpreted and enforced in a manner that is inconsistent with
our existing practices or the features of our products and services. We may also be subject to claims of liability or responsibility for
the actions of third parties with whom we interact or upon whom we rely in relation to various products and services, including our channel
partners. In addition to the possibility of our being subject to enforcement actions, fines, lawsuits and other claims with respect to
these and other legal requirements, we could be required to fundamentally change our business activities and practices or modify our products
and services, which could have an adverse effect on our business. Any inability to adequately address customer privacy and data protection
concerns, even if unfounded, or to comply with Applicable Data Obligations, could result in additional cost and liability to us, damage
our reputation, inhibit sales and adversely affect our business.
Our use of open source software could negatively affect our ability
to sell our software and subject us to possible litigation.
We use open source software in our products and our development environments and expect to continue to
use open source software in the future. Open source software is typically provided without warranties or assurances of any kind. Some
open source licenses contain requirements that the users of such software make available source code for modifications or derivative works
we create based upon the open source software used, and many open source licenses include provisions that have not been interpreted by
the courts. We monitor and control our use of open source software in an effort to avoid unanticipated conditions or restrictions on our
ability to successfully commercialize our products and solutions. We believe that our compliance with the obligations under the various
applicable licenses has mitigated the risks that we would trigger any such conditions or restrictions. However, such use may have inadvertently
occurred in the development and offering of our products and solutions. If we combine our proprietary software with open source software
in a certain manner that is not intended under our policies or monitoring practices, we could, under certain open source licenses, be
required to release the source code of our proprietary software to the public. This would allow our competitors to create similar products
quickly with lower development effort and ultimately could result in a loss of sales for us.
The terms of many open source software licenses have not been interpreted by U.S. or foreign courts, and
there is a risk that, once interpreted, those licenses could be construed in a manner that imposes unanticipated conditions or restrictions
on our ability to successfully commercialize our products and solutions. For example, certain open source software licenses may be interpreted
to require that we offer our products or solutions that use the open source software for no cost; that we make available the source code
for modifications or derivative works we create based upon, incorporating or using the open source software (or that we grant third parties
the right to decompile, disassemble, reverse engineer or otherwise derive such source code); that we license such modifications or derivative
works under the terms of the particular open source license; or that otherwise impose limitations, restrictions or conditions on our ability
to use, license, host or distribute our products and solutions in a manner that limits our ability to successfully commercialize our products.
This potential litigation could require us to purchase costly licenses or devote additional research and
development resources to change our products or services, either of which would have a negative effect on our business and results of
operations. In addition, if the license terms for the open source software we utilize change, we may be forced to reengineer our offerings
or incur additional costs. Although we monitor the use and incorporation of open source software into our products, we cannot be certain
that we have, in all cases, incorporated open source software in our products in a manner that is consistent with the applicable open
source license terms.
We may become a party to commercial disputes, claims
and legal actions, which are costly and may result in adverse outcomes for us.
Third parties may bring legal actions against us. Such actions, even if without merit, could harm our business.
Although we have contractual protections, such as warranty disclaimers and limitation of liability provisions in our standard terms and
conditions of sale (and we seek to include those protections when negotiating third party terms and conditions), they may not fully or
effectively protect us from claims by customers, commercial relationships or other third parties.
In addition, we may become subject to disputes with customers over the terms of our agreements with them.
Our agreements with certain larger customers grant those specific customers the right to use our software for specific purposes or within
a specific scope. From time to time, we have disagreed with customers over the interpretation of those agreements. Such disagreements
may harm our relationships with customers and could ultimately result in legal proceedings.
The results of complex legal proceedings, whether brought by us or by others against us, are difficult
to predict. An unfavorable resolution of any lawsuit could adversely affect our business, results of operations, prospects or financial
condition. Any insurance coverage that we have may not adequately cover all claims asserted against us, or may cover only a portion of
such claims. In addition, even if claims do not result in litigation or ultimately are resolved in our favor, such claims could result
in our expenditure of funds in attorneys’ fees, and divert management’s time and other resources. Litigation in general and
securities litigation in particular, can be expensive, lengthy and disruptive to normal business operations. For example, we are currently
named as a defendant in two parallel putative class action lawsuits in the Supreme Court of the State of New York and in the U.S. District
Court for the Southern District of New York alleging federal securities law violations in connection with our initial public offering.
For more information, see “Item 8A. Financial Information—Consolidated Financial Statements and Other Financial Information—Legal
Proceedings.” Based on information currently available and the current stage of the litigation, we are unable to reasonably estimate
a possible loss or range of possible losses, if any, with regard to these claims. Our business, results of operations, and financial condition
could be materially and adversely affected by such costs and any unfavorable outcomes in current or future litigation.
If our products fail to help our customers achieve
and maintain compliance with government regulations and industry standards, our business
and results of operations could be materially adversely affected.
We generate a substantial portion of our revenues from our products and services because they help our
customers achieve and maintain compliance with government regulations and industry standards, and we expect that will continue for the
foreseeable future. Industry standards may change with little or no notice, including changes that could make them more or less onerous
for businesses. Governments may also adopt new laws or regulations, or make changes to existing laws or regulations, that could impact
whether our solutions enable our customers to maintain compliance with such laws or regulations. Examples of industry and government regulations
include the Payment Card Industry Data Security Standard, or PCI-DSS, the Sarbanes-Oxley Act, the North American Electric Reliability
Corporation Critical Infrastructure Protection standards, or NERC-CIP, the General Data Protection Regulation, or GDPR, the NIST Cybersecurity
Framework and the Health Insurance Portability and Accountability Act of 1996, or HIPAA. If we are unable to adapt our solutions to changing
regulatory standards in a timely manner, or if our solutions fail to expedite our customers’ compliance initiatives, our customers
may lose confidence in our products and could switch to products offered by our competitors. In addition, if regulations and standards
related to information security change in a manner that makes them less onerous, our customers may view government and industry regulatory
compliance as less critical to their businesses, and our customers may be less willing to purchase our products and services. In either
case, our sales and financial results would suffer.
We are subject to governmental export and import controls
that could subject us to liability in the event of non-compliance or impair our
ability to compete in international markets.
We incorporate encryption capabilities into certain of our products and these products thus may be subject
to U.S. or Israeli export control requirements. We are also subject to Israeli regulations controlling the use, import and export of encryption
technology since our product development initiatives are primarily conducted in Israel. In December 2013, regulations under the Wassenaar
Arrangement for the first time included a chapter on cyber-related matters. We believe that our products do not fall under this chapter;
however, in the future we may become subject to this regulation or similar regulations, which would limit our sales and marketing activities
and could therefore have an adverse effect on our results of operations. We have satisfied U.S. and Israeli export control requirements
to export our products to most customers and jurisdictions outside of the United States and Israel, and we have satisfied other provisions
of Israeli law governing the use of encryption technology. If the applicable U.S. and Israeli requirements regarding the export of encryption
software or technology change or if we change the encryption means in our products or technology, we may need to satisfy additional requirements
in the United States or Israel. Furthermore, various other countries regulate the import of certain encryption products and technology,
including import permitting and licensing requirements, and have enacted laws that could limit our ability to distribute our products
or could limit our customers’ ability to implement our products in those countries.
We are also subject to U.S. and Israeli export control and economic sanctions laws, which prohibit the
shipment of certain products to embargoed or sanctioned countries and regions, governments and persons. Our products and technologies
could be exported to these sanctioned targets by our channel partners despite the contractual undertakings they have given us and any
such export could have negative consequences, including government investigations, penalties and reputational harm. Any change in export
or import regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing regulations, or change
in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our products by,
or in our decreased ability to export or sell our products to, existing or potential customers with international operations. Any decreased
use of our products or limitation on our ability to export or sell our products would likely adversely affect our business, financial
condition and results of operations.
In addition, in the future we may be subject to defense-related export controls. For example, currently
our solutions are not subject to supervision under the Israeli Defense Export Control Law, 5767-2007 (“the Import and Export Decree”)
(Export Control over Dual Use Goods, Services and Technology), 5766-2006, but if the definitions of regulated cybersecurity are changed
and our products are becoming classified as defense-related, we would become subject to such regulation. In particular, under the Defense
Export Control Law, an Israeli company may not conduct “defense marketing activity” without a defense marketing license from
the Israeli ministry of defense and may be subject to a requirement to obtain a specific license from the Israeli ministry of defense
for any export of defense-related products, services and/or know-how. The definition of defense marketing activity is broad and includes
any marketing of “defense equipment, services and/or know-how” outside of Israel or to a non-Israeli, which includes dual-use
equipment, services and/or know-how (equipment, services and/or know-how that can be used for civilian or defensive purposes such as our
cybersecurity solutions) that is specified in the list of Goods and Dual-Use Technology annexed to the Wassenaar Arrangement on Export
Controls for Conventional Arms and Dual-Use Goods and Technologies, if intended for defense use or defense user only, or is specified
under Israeli legislation. Similar issues could arise under the U.S. defense/military export controls under the Arms Export Control Act
and the International Traffic in Arms Regulations.
Requirements associated with being a public company in the United
States require significant resources and management attention.
Requirements associated with being a public company in the United States require significant resources
and management attention. We are subject to certain reporting requirements of the Securities Exchange Act of 1934, as amended, (“the
Exchange Act”), and the other rules and regulations of the Securities and Exchange Commission, (the “SEC”), and the
New York Stock Exchange, (the “NYSE”). We are also subject to various other regulatory requirements, including under the Sarbanes-Oxley
Act. These rules and regulations have increased, and may continue to increase, our legal, accounting and financial compliance costs and
to continue to make some activities more time-consuming and costly. These laws, regulations and standards are subject to varying interpretations,
in many cases due to their lack of specificity, and, as a result, their application in practice may evolve over time as new guidance is
provided by regulatory and governing bodies. This could result in continuing uncertainty regarding compliance matters and higher costs
necessitated by ongoing revisions to disclosure and governance practices.
In addition, complying with these rules and regulations and the increasingly complex laws pertaining to
public companies requires substantial attention from our senior management, which could divert their attention away from the day-to-day
management of our business. These cost increases and the diversion of management’s attention could disrupt our operations and materially
and adversely affect our business, financial condition and results of operations. We will also need to continue to hire additional personnel
to support our financial reporting function, and may face challenges in doing so.
Being a publicly traded company in the United States and being subject to U.S. rules and regulations may
also make it more expensive for us to obtain directors and officers liability insurance, and we may be required to accept reduced coverage
or incur substantially higher costs to obtain coverage. For example, during our last renewal, the cost of our directors and officers insurance
policy premiums substantially increased in light of certain changes in the market for such policies. These factors could also make it
more difficult for us to attract and retain qualified members of our board of directors, particularly to serve on our audit committee,
and qualified executive officers
As a result of disclosure of information in our filings with the SEC, our business and financial condition
have become more visible, which we believe may result in threatened or actual litigation, including by competitors and other third parties.
If such claims are successful, our business and results of operations could be adversely affected, and even if the claims do not result
in litigation or are resolved in our favor, these claims, and the time and resources necessary to resolve them, could divert the resources
of our management and adversely affect our business and results of operations.
Risks Related to Our Intellectual Property and Proprietary Rights
If we are unable to adequately protect our proprietary
technology and intellectual property rights, our business could suffer substantial
harm.
Our commercial success depends, in part, on our ability to protect our core technologies and other intellectual
property assets. We rely on a combination of trade secrets, copyright and trademark laws, patent laws, confidentiality procedures, technical
know-how and continuing innovation to protect our intellectual property and maintain our competitive advantage.
Our software and other proprietary information are protected by copyright on creation. Copyright registrations,
which have so far not been necessary, may be sought on an as-needed basis. We also control access to and use of our proprietary software,
proprietary technology and other confidential information through the use of internal and external controls, including contractual agreements
containing confidentiality obligations with our employees, independent consultants, independent contractors, professional services team,
partners and customers. Our confidentiality agreements are designed to protect our proprietary information, and the clauses requiring
assignment of inventions are designed to grant us ownership of technologies that are developed through our relationship with the respective
counterparty. Despite our efforts to protect our trade secrets and proprietary rights through intellectual property rights, confidentiality
agreements and licenses (including non-disclosure and invention assignment agreements), unauthorized parties may still copy or otherwise
obtain and use our intellectual property and technology.
In addition, we seek to protect our intellectual property by filing Israeli, U.S. and other foreign patent
applications related to our proprietary technology. As of December 31, 2021, we had 14 issued patents in the United States and 5 issued
patents in Israel. We may file additional patent applications in the future. In order to benefit from the protection of patents and other
intellectual property rights, we must monitor and detect infringement and pursue infringement claims in certain circumstances in relevant
jurisdictions, all of which are costly, time-consuming and uncertain. We may choose not to seek patent protection for certain innovations
or in certain jurisdictions. Furthermore, the scope of our issued patents may be insufficient, and they may not provide us with any competitive
advantages. Our patents and other intellectual property rights may be challenged by others or invalidated through administrative processes
or litigation. In addition, the issuance of a patent does not guarantee that we have an absolute right to practice the patented invention.
As a result, we may not be able to obtain adequate protection or effectively enforce our issued patents or other intellectual property
rights.
We cannot assure you that the steps taken by us will deter or prevent infringement or misappropriation
of our intellectual property or technology. In addition, the laws of some foreign countries where we operate do not protect our intellectual
property and technology to as great an extent as the laws of the United States, and many foreign countries do not enforce these laws as
diligently as government agencies and private parties in the United States.
We may be subject to intellectual property rights claims
by third parties, which may be costly to defend, could require us to pay significant
damages and could limit our ability to use certain technologies.
Companies in the software and technology industries, including some of our current and potential competitors,
own large numbers of copyrights, trademarks, trade secrets and patents, and frequently enter into litigation based on allegations of infringement,
misappropriation or other violations of intellectual property rights. From time to time, third parties may assert their patent, copyright,
trademark and other intellectual property rights against us, our channel partners or our customers.
Successful claims of infringement or misappropriation by a third-party could prevent us from using or distributing
certain products or performing certain services or could require us to pay substantial damages (including, for example, treble damages
if we are found to have willfully infringed patents and increased statutory damages if we are found to have willfully infringed copyrights),
royalties or other fees. Such claims also could require us to cease making, licensing or using solutions that are alleged to infringe
or misappropriate the intellectual property of others, to expend additional development resources to attempt to redesign our products
or services or otherwise to develop non-infringing technology, to enter into potentially unfavorable royalty or license agreements in
order to obtain the right to use necessary technologies or intellectual property rights, and to indemnify our partners and other third
parties, including our customers and channel partners whom we typically indemnify against such claims. Even if third parties may offer
a license to their intellectual property, the terms of any offered license may not be acceptable, and the failure to obtain a license
or the costs associated with any license could cause our business, results of operations or financial condition to be materially and adversely
affected.
We indemnify our channel partners and customers against claims that our products infringe the intellectual
property rights of third parties. Defending against claims of infringement or being deemed to be infringing the intellectual property
rights of others could impair our ability to innovate, develop, distribute and sell our current and planned products and services. If
we are unable to protect our intellectual property and technology and ensure that we are not violating the intellectual property rights
of others, we may find ourselves at a competitive disadvantage to others who need not incur the additional expense, time and effort required
to create the innovative products that have enabled us to be successful to date.
Risks Related to Our Personnel
If we are unable to integrate new members of our senior management
team, or if we lose the services of some of our senior management or other key personnel, our business, operating results,
and financial condition could be adversely affected.
Leadership changes or senior management transitions could cause disruptions to our business. While we do
not believe that recent management transitions have materially impacted our business, any failure to ensure continuity in responsibilities
and oversight could hinder our strategic planning, business execution and future performance. In particular leadership transitions may
result in a loss of personnel with deep institutional and/or technical knowledge, and have the potential to disrupt our operational efficiency
and relationships with employees and customers including due to added costs, decreased employee morale and productivity, diversion of
management attention and resources to training and attracting new and qualified leadership, and increased churn. We must successfully
be able to retain our leadership and senior management positions and in the event of transitions we must effectively and timely integrate
new leadership team member within our organization in order for us to achieve our operating objectives.
If we do not effectively expand, train and retain our
sales force, we may be unable to acquire new customers or sell additional products
and services to existing customers, and our business will suffer.
Our future success depends, in part, on our ability to expand, train and retain our sales force. If we
cannot attract or retain a qualified sales team or experience delays in hiring the necessary number of sales personnel, our business,
financial condition and results of operations. may be adversely impacted Any of our employees may terminate their employment at any time,
subject to certain notice requirements. Furthermore, our ability to attract and retain a highly skilled sales force is critical to our
future success. as we must provide training to our employees on the new processes and procedures associated with our new term-based subscription
license model Similarly, recently a growing number of Israeli technology companies went public, or elected to initiate the process of
going public, which in turn triggered a significant uptick in recruitment efforts, which threatens our ability to maintain our employees
and recruit new talent.
In addition, there is intense competition for individuals with sales training and experience. The training
and integration of a large number of sales and marketing personnel in a short time requires the allocation of significant internal resources.
We invest significant time and resources in training new sales force personnel to understand our solutions and growth strategy. However,
there is no guarantee that our recent hires and planned new hires will become as productive as we expect or require, and we may be unable
to hire or retain sufficient numbers of qualified individuals in the future in the markets in which we currently operate or where we seek
to conduct business. Our failure to hire a sufficient number of qualified sales force members and train them to operate at target performance
levels may materially and adversely impact our projected growth rate.
Our ability to enhance our products may be harmed if
we are unable to attract and retain sufficient research and development personnel
and other highly-skilled engineers, and if we are unable to generate an adequate return on our investment in research and development.
As a provider of proprietary software solutions that rely upon technological advancements, we rely heavily
on our research and development activities to enhance our products. We consequently depend, in large part, on our ability
to attract, motivate and retain sufficient research and development personnel. In addition, because our software solutions are highly
complex and are used by our customers to perform critical business functions, we also depend heavily on other technology professionals,
including highly-skilled engineers, who are in high demand. In particular, our principal research and development activities are conducted
from our headquarters in Israel, and we face significant competition for personnel in this region, where the availability of such personnel
is limited and, at present, in short supply. Even despite the ongoing COVID-19 pandemic, there remains a chronic shortage in skilled human
capital in the technology sector in Israel, particularly for software companies recruiting research and development, engineers and other
experienced technological positions. We face significant competition for suitably skilled developers in this region given the growing
number of local companies that are expanding their development activities, as well as the growing number of multinational corporations
establishing a presence in Israel. As a result, over the past fiscal year we have experienced an increase in competition for recruiting
qualified research and development teams and engineers in Israel where we have a substantial presence and need for skilled employees. We
also have a number of employees that work as developers in Bucharest, Romania in order to benefit from the significant pool of talent
that is more readily available in this market. In addition, the COVID-19 pandemic has caused a shift to virtual recruiting, which has
increased the difficulty with which we are able to timely attract new employees, integrate and introduce them into our corporate culture
and retain them for the longer term. Larger companies with whom we compete have expended and will likely continue to expend more resources
than we do on employee recruitment and are often better able to offer more favorable compensation and incentive packages than we can.
If we are unable to timely attract, retain or train qualified employees, particularly our engineers, salespeople and key managers, our
ability to innovate, introduce new products and compete would be adversely impacted, and our financial condition and results of operations
may suffer. If we cannot attract or retain a sufficient number of skilled research and development employees and other skilled technological
employees, our business, prospects and results of operations could be adversely affected.
In order to remain competitive, we expect to continue to dedicate significant financial and other resources
to expand upon our research and development teams to assist in developing new solutions, applications and enhancements to our existing
products.
We are dependent on the continued services and performance
of our two founders, the loss of either of whom could adversely affect our
business.
Our business depends on the continued services and performance of our two founders, Reuven Kitov, our Chief
Executive Officer and Chairman of the Board of Directors, and Reuven Harrison, our Chief Technology Officer and a director, due to their
relevant experience and skills, to execute on our business plan, and to identify and pursue new opportunities and product innovations.
We do not carry key man life insurance on either of Mr. Kitov or Mr. Harrison and, even if we did, such coverage would likely be insufficient
to compensate us for the loss of their services due to their industry experience and understanding of our business model. The loss of
services of either of Mr. Kitov or Mr. Harrison could significantly delay or prevent the achievement of our development and strategic
objectives.
Our corporate culture has contributed to our success,
and if we cannot maintain this culture moving forward, including as a result of
COVID-19 and related response measures, we could lose the innovation, creativity and teamwork fostered by our culture, which could
adversely affect our business.
We believe that our corporate culture, which emphasizes a people-centric, open atmosphere for mentorship
and knowledge-sharing among our employees, has been and will continue to be a key contributor to our future success. As part of our preventative
measures to prevent the spread COVID-19, we transitioned our employees to remote working arrangements and continue to implement a hybrid
remote-work model, where we permit the majority of our employees to work remotely and maintain
only limited onsite presence in our offices worldwide. We may find it difficult to maintain our strong corporate culture in light of these
remote working conditions, which could negatively impact our culture and therefore limit our ability to innovate and operate effectively.
While we continue to plan for the eventual return of employees to our offices, we expect that some of our employees will continue to work
from home full-time or part-time. A permanent remote working arrangement for some employees may make it more difficult to preserve culture
and values.
In addition, we plan to continue to expand our operations, and it may be difficult to maintain our corporate
culture as we find, hire and integrate additional international employees. From December 31, 2016 to December 31, 2021, we increased the
size of our workforce by 120 employees in Israel and by 164 employees in other countries, representing a 110% increase in our headcount,
and we expect to continue to hire new employees in order to support our growth plans. As we continue evolve and grow, we must effectively
train, develop and motivate new employees, and as a result of our continued hybrid remote-work model, we may experience greater difficulties
assimilating new hires into our corporate culture via virtual platforms. If we do not continue to maintain our corporate culture as we
grow, we may be unable to continue to foster the innovation, integrity, diversity, loyalty and collaboration which we believe are necessary
to support our growth and our customer-centric focus. Our anticipated headcount growth and potential international expansion may result
in a change to our corporate culture, which could adversely affect our business.
Risk Related to Our Internal Controls
If we fail to implement and maintain effective internal
control over financial reporting, we may be unable to report our financial results
accurately or meet our reporting obligations.
We are required to comply with the internal control, evaluation, and certification
requirements of Section 404(a) of the Sarbanes-Oxley Act and the Public Company Accounting Oversight Board and to report any material
weakness in those controls. Once we no longer qualify as an emerging growth company under the JOBS Act, our independent registered public
accounting firm will need to attest to the effectiveness of our internal control over financial reporting under Section 404. We will remain
an emerging growth company until the earlier of: (1) the last day of the fiscal year (a) following the fifth anniversary of
our IPO (which took place in 2019), (b) in which we have total annual gross revenue of at least $1.07 billion or (c) in
which we are deemed to be a large accelerated filer, which means the market value of our common equity that is held by non-affiliates exceeds
$700 million as of the end of the prior fiscal year’s second fiscal quarter; and (2) the date on which we have issued
more than $1 billion in non-convertible debt securities during the prior three-year period. Thus, unless we lose our status
as an emerging growth company under the JOBS Act through other means earlier, we will not be required to obtain an auditor attestation
under Section 404(b) of the Sarbanes-Oxley Act until we file our annual report on Form 20-F for the fiscal year ended December 31, 2024.
The process of determining whether our existing internal controls over financial reporting systems are
compliant with Section 404(a) and whether there are any material weaknesses or significant deficiencies in our existing internal
controls requires the investment of substantial time and resources, including by our Chief Financial Officer and other members of our
senior management. This determination and any remedial actions required could divert internal resources and take a significant amount
of time and effort to complete and could result in us incurring additional costs that we did not anticipate, including the hiring of outside
consultants. We could experience higher than anticipated operating expenses and higher independent auditor fees during and after the implementation
of these changes.
Irrespective of compliance with Section 404, any failure of our internal controls could have a material
adverse effect on our stated results of operations and harm our reputation. In connection with the issuance of our consolidated financial
statements for each of the years ended December 31, 2017, 2018 and 2019, we identified a material weakness in our internal control over
financial reporting that we subsequently remediated. If we identify future material weaknesses in our internal control of financial reporting,
and if we are unable to implement any of the required changes to our internal control over financial reporting effectively or efficiently
or are required to do so earlier than anticipated, it could adversely affect our operations, financial reporting and/or results of operations
and could result in an adverse opinion on internal controls from our management and, once we lose our emerging growth company status,
our independent auditors. Further, if our internal control over financial reporting is not effective, the reliability of our financial
statements may be questioned and our share price may suffer.
Risks Related to Our Ordinary Shares
Our share price has been and will likely continue to be volatile,
and you may lose all or part of your investment.
Since our initial public offering on April 11, 2019, our ordinary shares have traded as high as $31.04
per share and as low as $5.79 per share through December 31, 2021. On February 23, 2022, the closing bid price of our ordinary shares
was $8.22 per share.
In addition, the market price of our ordinary shares could be highly volatile and may fluctuate substantially
as a result of many factors, including:
|
• |
actual or anticipated fluctuations in our results
of operations; |
|
• |
variance in our financial performance from
the expectations of market analysts; |
|
• |
announcements by us or our competitors of significant
business developments, changes in service provider relationships, acquisitions or expansion plans; |
|
• |
changes in the prices of our products and services;
|
|
• |
our involvement in litigation; |
|
• |
our sale of ordinary shares or other securities
in the future; |
|
• |
market conditions in our industry; |
|
• |
changes in key personnel; |
|
• |
the trading volume of our ordinary shares;
|
|
• |
changes in the estimation of the future size
and growth rate of our markets; and |
|
• |
general economic and market conditions, including
with respect to COVID-19 and/or geopolitical instability. |
In addition, the stock markets have experienced extreme price and volume fluctuations. Broad market and
industry factors may materially harm the market price of our ordinary shares, regardless of our operating performance. In the past, following
periods of volatility in the market price of a company’s securities, securities class action litigation has often been instituted
against that company. For example, the Company and its directors and officers are subject to class action lawsuits in the Supreme Court
of the State of New York and the Southern District of New York, alleging federal securities law violations in connection with our initial
public offering. Based on information currently available and the current stage of the litigation, we are unable to reasonably estimate
a possible loss or range of possible losses, if any, with regard to these claims. For more information, see “Item 8A. Financial
Information—Consolidated Financial Statements and Other Financial Information—Legal Proceedings.” Low trading volume
may also increase the price volatility of our ordinary shares. A thin trading market could cause the price of our ordinary shares to fluctuate
significantly more than the stock market as a whole.
As a foreign private issuer with shares listed on NYSE,
we may choose to follow certain home country corporate governance practices
instead of otherwise applicable NYSE requirements, which could, in the future, result in less protection than is accorded to investors
under rules applicable to domestic U.S. issuers.
As a foreign private issuer with shares are listed on NYSE, we may follow certain home country corporate
governance practices instead of otherwise applicable NYSE requirements for U.S. domestic issuers. For example, foreign private issuers
are permitted to follow home country practices with regard to director nomination procedures and the approval of compensation of officers.
Additionally, foreign private issuers are not required to maintain a board comprised of a majority of independent directors. Foreign private
issuers are also exempt from NYSE rules that require shareholder approval prior to (i) the adoption or amendment of an equity compensation
plan or (ii) the issuance of ordinary shares, or securities convertible into or exercisable for ordinary shares, in private offerings
in excess of 20% of a company’s outstanding ordinary shares or voting power, as well as other private offerings to related parties.
However, notwithstanding our ability to follow the corporate governance practices of our home country, Israel, we have elected to comply
with NYSE corporate governance requirements that are applicable to U.S. domestic issuers. Nevertheless, we may, in the future, decide
to rely on foreign private issuer exemptions and follow Israeli home country governance practices in lieu of complying with some or all
NYSE corporate governance requirements, which could provide less protection to our investors than is accorded to investors of U.S. domestic
issuers. See “Item 6.C. Board Practices—Corporate Governance Practices.”
As a foreign private issuer, we are not subject to
the provisions of Regulation FD or U.S. proxy rules and are exempt from filing certain
reports required pursuant to the Exchange Act
As a foreign private issuer, we are exempt from a number of requirements under U.S. securities laws that
apply to public companies that are not foreign private issuers. In particular, we are exempt from the rules and regulations under the
Exchange Act, related to the furnishing and content of proxy statements, and our officers, directors and principal shareholders are exempt
from the reporting and short-swing profit recovery provisions contained in Section 16 of the Exchange Act. In addition, we are not required
under the Exchange Act to file annual and current reports and financial statements with the SEC as frequently or as promptly as U.S. domestic
companies whose securities are registered under the Exchange Act and we are generally exempt from filing quarterly reports on Form 10-Q
containing unaudited financial and other specified information with the SEC under the Exchange Act. We are also exempt from the provisions
of Regulation FD, which prohibits issuers from making selective disclosure of material nonpublic information to, among others, broker-dealers
and holders of a company’s securities under circumstances in which it is reasonably foreseeable that the holder will trade in such
company’s securities on the basis of the information. Even though we intend to comply voluntarily with Regulation FD, these exemptions
and leniencies will reduce the frequency and scope of information and protections to which you are entitled as an investor.
For so long as we qualify as a foreign private issuer, we are not required to comply with the proxy rules
applicable to U.S. domestic filers, including the requirement applicable to emerging growth companies to disclose the compensation of
our chief executive officer and other two most highly compensated executive officers on an individual, rather than an aggregate, basis.
Nevertheless, regulations promulgated under the Israeli Companies Law 5759-1999(“the Israeli Companies Law”), require us to
disclose in the proxy statement for the annual general meeting of our shareholders (or to include a reference therein to other previously
furnished public disclosure) the annual compensation of our five most highly compensated executive officers on an individual, rather than
an aggregate, basis. This disclosure will not be as extensive as that required of a U.S. domestic issuer. See “Item 6.B. Compensation—Compensation
of Directors and Executive Officers.”
In order to maintain our current status as a foreign private issuer, either (i) more than 50% of our outstanding
voting securities must be directly or indirectly owned of record by non-residents of the United States or (ii)(a) a majority of our executive
officers or directors may not be U.S. citizens or residents, (b) more than 50% of our assets cannot be located in the United States and
(c) our business must be administered principally outside the United States. In the event U.S. residents directly or indirectly own more
than 50% of our outstanding voting securities, we will cease to qualify as a foreign private issuer if we do not meet the requirements
set forth in (ii) above.
Although we have elected to comply with certain U.S. regulatory provisions, our loss of foreign private
issuer status would make such provisions mandatory. The regulatory and compliance costs to us under U.S. securities laws as a U.S. domestic
issuer would be significantly higher. If we are not a foreign private issuer, we will be required to file periodic reports and registration
statements on U.S. domestic issuer forms with the SEC, which are more detailed and extensive than the forms available to a foreign private
issuer. We would also be required to follow U.S. proxy disclosure requirements, including the requirement to disclose more detailed information
about the compensation of our senior executive officers on an individual basis. We may also be required to modify certain of our policies
to comply with good governance practices associated with U.S. domestic issuers. Such conversion and modifications will involve additional
costs. In addition, we would lose our ability to rely upon exemptions from certain corporate governance requirements on U.S. stock exchanges
that are available to foreign private issuers.
We may have exposure to greater tax liabilities than anticipated.
We have endeavored to structure our activities in a manner so as to minimize our and our subsidiaries’
aggregate tax liabilities. However, we have operations in various taxing jurisdictions, and our tax liabilities in one or more jurisdictions
could be more than reported in respect of prior taxable periods and more than anticipated in respect of future taxable periods. In this
regard, the amount of income taxes that we pay in future taxable periods could be higher if earnings are lower than anticipated in jurisdictions
where lower statutory tax rates apply and higher than anticipated in jurisdictions where higher statutory tax rates apply.
In addition, we have entered into transfer pricing arrangements that establish transfer prices for our
intercompany operations. However, our transfer pricing procedures are not binding on the applicable taxing authorities. No official authority
in any country has made a binding determination as to whether or not we are operating in compliance with its transfer pricing laws. Accordingly,
taxing authorities in any of the countries in which we operate could challenge our transfer prices and require us to adjust them to reallocate
our income and potentially to pay additional taxes for prior tax periods. For example, the tax authorities in the United States have increased
their focus on transfer pricing procedures, which could result in a greater likelihood of a challenge to our transfer pricing arrangements
and the risk that we will be required to adjust them and reallocate our income. Such an adjustment could result in a higher effective
tax rate than that to which we are currently subject. We expect that the issue of the validity of our transfer pricing procedures will
become of greater importance as we continue our expansion in markets in which we currently have a limited presence and attempt to penetrate
new markets. Any change to the allocation of our income as a result of reviews by taxing authorities could have a negative effect on our
financial condition and results of operations.
Moreover, the determination of our worldwide provision for income taxes and other tax liabilities requires
significant judgment and the ultimate tax determination is uncertain for many transactions and calculations. Although we believe our estimates
are reasonable, our ultimate tax liability may differ from the amounts recorded in our financial statements and may materially adversely
affect our financial condition and results of operations in the period or periods for which such determination is made. We have created
reserves with respect to tax liabilities where we believe it to be appropriate. However, there can be no assurance that our ultimate tax
liability will not exceed the reserves we have created.
The Base Erosion and Profit Shifting, or BEPS, project undertaken by the Organization for Economic Cooperation
and Development (the “OECD”), may also have adverse consequences on our tax liabilities. The BEPS project contemplates changes
to numerous international tax principles, as well as national tax incentives, and these changes, which are being adopted in different
manners by individual countries, could adversely affect our income tax liability. Even as countries translate the BEPS recommendations
into specific national tax laws, it remains difficult to predict with accuracy the magnitude of any impact that such new rules may have
on our financial results.
In addition, the 2017 Tax Cuts and Jobs Act (the “TCJA”), made significant changes to the U.S.
Internal Revenue Code, including a reduction in the U.S. federal corporate income tax rate from the previous top marginal rate of 35%
to a flat rate of 21% and limitations on certain corporate deductions and credits. Also, the TCJA requires complex computations to be
performed that were not previously required in U.S. tax law, significant judgments to be made in interpretation of the provisions of the
TCJA and significant estimates in calculations and the preparation and analysis of information not previously relevant or regularly produced.
The U.S. Treasury Department and the U.S. Internal Revenue Service, or IRS, continue to interpret and issue guidance on how provisions
of the TCJA will be applied and administered. Finally, foreign governments may enact tax laws in response to the TCJA that could result
in further changes to global taxation and materially adversely affect our financial position and results of operations.
U.S. holders that own 10% or more of the vote or value
of our ordinary shares may suffer adverse tax consequences if we and/or any
of our non-U.S. subsidiaries are characterized as a “controlled foreign corporation,” or a CFC, under Section 957(a) of the
U.S. Internal Revenue Code of 1986, as amended (the “Code”).
A non-U.S. corporation is considered a CFC if more than 50% of (i) the total combined voting power of all
classes of shares of such corporation entitled to vote or (ii) the total value of the shares of such corporation, is owned, or is considered
as owned by applying certain constructive ownership rules, including certain downward attribution rules, by U.S. shareholders (within
the meaning of the Code) on any day during the taxable year of such non-U.S. corporation. Certain U.S. shareholders of a CFC generally
are required to include currently in gross income such shareholders’ share of the CFC’s “Subpart F income,” a
portion of the CFC’s earnings to the extent the CFC holds certain U.S. property and a portion of the CFC’s “global intangible
low-taxed income” (as defined under Section 951A of the Code). Such U.S. shareholders are subject to current U.S. federal income
tax with respect to such items, even if the CFC has not made an actual distribution to such shareholders. “Subpart F income”
includes, among other things, certain passive income (such as income from dividends, interests, royalties, rents and annuities or gain
from the sale of property that produces such types of income) and certain sales and services income arising in connection with transactions
between the CFC and a person related to the CFC. “Global intangible low-taxed income” may include most of the remainder of
a CFC’s income over a deemed return on its tangible assets.
As a result of the ownership of our shares, certain voting arrangements with respect to our shares, and
certain changes in the U.S. tax law introduced by the TCJA, we and our non-U.S. subsidiaries may be classified as CFCs in the taxable
year ended December 31, 2021 as well as in prior taxable years. These determinations cannot be made with certainty. In the event that
we or any of our subsidiaries are a CFC, U.S. holders who hold 10% or more of the vote or value of our ordinary shares may realize adverse
U.S. federal income tax consequences, such as current U.S. taxation of Subpart F income and of any such shareholder’s share of our
or our subsidiaries’ accumulated non-U.S. earnings and profits (regardless of whether we make any distributions), taxation of amounts
treated as global intangible low-taxed income under Section 951A of the Code with respect to such shareholder and being subject to certain
reporting requirements with the IRS. Any such U.S. holder who is an individual generally would not be allowed certain tax deductions or
foreign tax credits that would be allowed to a U.S. corporation. Investors who are U.S. holders and who hold 10% or more of the vote or
value of our ordinary shares should consult their own tax advisors regarding the U.S. tax consequences of acquiring, owning or disposing
our ordinary shares and the impact of the TCJA, especially the changes to the rules relating to CFCs.
U.S. holders of our ordinary shares may suffer adverse
tax consequences if we are characterized as a passive foreign investment company,
or a PFIC, under Section 1297(a) of the Code.
Generally, if, for any taxable year, at least 75% of our gross income is passive income, or at least 50%
of the average quarterly value of our total gross assets (which generally may be measured in part by the market value of our ordinary
shares, which is subject to change) is attributable to assets that produce passive income or that are held for the production of passive
income, including cash, we would be characterized as a PFIC for U.S. federal income tax purposes. For purposes of these tests, passive
income includes dividends, interest, gains from the sale or exchange of investment property and rents and royalties other than rents and
royalties which are received from unrelated parties in connection with the active conduct of a trade or business. Additionally, a look-through
rule generally applies with respect to 25% or more owned subsidiaries. If we are characterized as a PFIC, U.S. holders of our ordinary
shares may suffer adverse tax consequences, including having gains realized on the sale of our ordinary shares treated as ordinary income,
rather than capital gain, the loss of the preferential tax rate applicable to dividends received on our ordinary shares by individuals
who are U.S. holders and having interest charges apply to tax payable on distributions by us and to the proceeds of sales of our ordinary
shares. In addition, special information reporting may be required. See “Item 10.E. Certain U.S. Federal Income Tax Consequences—Passive
Foreign Investment Company Considerations.”
The determination of whether we are a PFIC will depend on the nature and composition of our income and
the nature, composition and value of our assets from time to time. The 50% passive asset test described above is generally based on the
fair market value of each asset, with the value of goodwill and going concern value determined in large part by reference to the market
value of our ordinary shares, which may be volatile. If we are a CFC (determined by disregarding certain downward attribution rules) and
not publicly traded for the relevant taxable year, however, the test shall be applied based on the adjusted basis of our assets.
Recently adopted Treasury Regulations (the “New Regulations”), modify certain of the rules
described above. Such modifications include, for example, permitting asset value to be determined more frequently than on a quarterly
basis and treating a non-U.S. corporation as publicly traded for a taxable year if the stock of such corporation is publicly traded, other
than in de minimis quantities, for at least twenty trading days during such taxable year.
The New Regulations generally apply to taxable years of shareholders beginning on or after January 14,
2021. A shareholder, however, may choose to apply such rules for any open taxable year beginning before January 14, 2021, provided that,
with respect to a non-U.S. corporation being tested for PFIC status, the shareholder consistently applies certain of the provisions of
the New Regulations and certain other Treasury Regulations for such year and all subsequent years. Investors who are U.S. holders should
consult their own tax advisors regarding the impact and applicability of the New Regulations.
Based on our determination that our shares are properly treated as being publicly traded for the taxable
year ended December 31, 2021 and our estimates of the fair market values of our assets, we believe that we should not be classified as
a PFIC with respect to the taxable year ended December 31, 2021. However, this determination is subject to uncertainty.
In particular, the determination of whether we are, or will be, a PFIC for a taxable year depends, in part,
on the application of complex U.S. federal income tax rules, which are subject to differing interpretations. It is possible that the IRS
will disagree with the interpretation on which our belief about our PFIC status is based, and no ruling from the IRS concerning our PFIC
status has been obtained or is currently planned to be requested. Moreover, because PFIC status is based on our income, assets and activities
for the entire taxable year, it is not possible to determine whether we will be characterized as a PFIC for any subsequent year until
after the close of the relevant year. We can therefore make no assurances regarding our PFIC status for any taxable year. Our U.S. counsel
expresses no opinion with respect to our PFIC status for the taxable year ended December 31, 2021 or for any other taxable year. We will
continue to determine whether we were a PFIC or not for each taxable year and make such determination available to U.S. holders.
The tax consequences that would apply if we were a PFIC in any taxable year would be different from those
described above if a U.S. holder were able to make a valid “qualified electing fund,” or QEF, election. We will use commercially
reasonable efforts to make available to U.S. holders such information with respect to the company as is necessary for U.S. holders to
make QEF elections with respect to the company for any taxable year in which we determine that we are classified as a PFIC. See “Item
10.E. Certain U.S. Federal Income Tax Consequences—Passive Foreign Investment Company Considerations.”
We are an “emerging growth company,” and
the reduced disclosure requirements applicable to emerging growth companies may make
our ordinary shares less attractive to investors.
We are an “emerging growth company,” as defined in the Jumpstart Our Business Startups Act
(the “JOBS Act”). We will remain an emerging growth company until the earlier of: (1) the last day of the fiscal year
(a) following the fifth anniversary of our IPO (which took place in 2019), (b) in which we have total annual gross revenue of
at least $1.07 billion or (c) in which we are deemed to be a large accelerated filer, which means the market value of our common
equity that is held by non-affiliates exceeds $700 million as of the end of the prior fiscal year’s second fiscal
quarter; and (2) the date on which we have issued more than $1 billion in non-convertible debt securities during the prior
three-year period. Thus, unless we lose our status as an emerging growth company under the JOBS Act through other means earlier,
we will be an emerging growth company until December 31, 2024.
For so long as we remain an emerging growth company, we are permitted and intend to rely on exemptions
from certain disclosure requirements that are applicable to other public companies that are not emerging growth companies. These exemptions
include not being required to comply with the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act, not being required
to comply with any requirement that may be adopted by the Public Company Accounting Oversight Board regarding mandatory audit firm rotation
or a supplement to the auditor’s report providing additional information about the audit and the financial statements, reduced disclosure
obligations regarding executive compensation and exemptions from the requirements of holding a nonbinding advisory vote on executive compensation
and shareholder approval of any golden parachute payments not previously approved. We cannot predict whether investors will find our ordinary
shares less attractive if we rely on these exemptions. If some investors find our ordinary shares less attractive as a result, there may
be a less active trading market for our ordinary shares and our share price may be more volatile.
We do not intend to pay dividends for the foreseeable
future and, as a result, your ability to achieve a return on your investment will depend
on appreciation in the price of our ordinary shares.
We have never declared or paid any cash dividends on our ordinary shares and do not intend to pay any cash
dividends in the foreseeable future. We anticipate that we will retain all of our future earnings for use in the development of our business
and for general corporate purposes. In addition, our ability to pay cash dividends is currently limited by the terms of our credit agreements,
and any future credit agreements may contain terms prohibiting or limiting the amount of dividends that may be declared or paid on our
ordinary shares. Accordingly, investors must rely on sales of their ordinary shares after price appreciation, which may never occur, as
the only way to realize any future gains on their investments.
Our amended and restated articles of association provide
that unless we consent to an alternate forum, the federal district courts of the
United States shall be the exclusive forum of resolution of any claims arising under the Securities Act which may impose additional
litigation costs on our shareholders.
Our amended and restated articles of association provide that other than with respect to plaintiffs or
a class of plaintiffs which may be entitled to assert in the courts of the State of Israel, the federal district courts of the United
States shall be the exclusive forum for the resolution of any claims arising under the Securities Act or the Federal Forum Provision.
While the Federal Forum Provision does not restrict the ability of our shareholders to bring claims under the Securities Act, nor does
it affect the remedies available thereunder if such claims are successful, we recognize that it may limit shareholders ability to bring
a claim in the judicial forum that they find favorable and may increase certain litigation costs which may discourage the filing of claims
under the Securities Act against the Company, its directors and officers.
Risks Related to Our Incorporation and Location in Israel
Our corporate headquarters and principal research and
development facilities are located in Israel and, therefore, our business and operations
may be adversely affected by political, economic and military conditions in Israel.
We are incorporated under Israeli law, and our corporate headquarters and principal research and development
facilities are located in Israel. In addition, certain of our directors, executive officers and key employees are residents of Israel.
Accordingly, political, economic and military conditions in the Middle East in general, and in Israel in particular, directly affect our
business, product development and results of operations. In recent years, Israel has been engaged in sporadic armed conflicts with Hamas,
an Islamist terrorist group that controls the Gaza Strip, with Hezbollah, an Islamist terrorist group that controls large portions of
southern Lebanon, and with Iranian-backed military forces in Syria. In addition, Iran has threatened to attack Israel and may be developing
nuclear weapons. Some of these hostilities were accompanied by missiles being fired from the Gaza Strip against civilian targets in various
parts of Israel, including areas in which our employees and some of our consultants are located, and negatively affected business conditions
in Israel. Any hostilities involving Israel or the interruption or curtailment of trade between Israel and its trading partners could
adversely affect our operations and results of operations. Our corporate headquarters and principal research and development activities
are located in the range of missiles that could be fired from Lebanon, Syria or the Gaza Strip into Israel.
As of December 31, 2021, we had282 employees based in Israel. In addition, many Israeli citizens
are obligated to perform several days, and in some cases more, of annual military reserve duty each year until they reach the age of 40
(or older, for reservists who are military officers or who have certain occupations) and, in the event of a military conflict, may be
called to active duty. In response to increases in terrorist activity, there have been periods of significant call-ups of military reservists.
It is possible that there will be military reserve duty call-ups in the future. Our operations could be disrupted by such call-ups, which
may include the call-up of members of our management. Such disruption could materially adversely affect our business, prospects, financial
condition and results of operations.
Our commercial insurance does not cover losses that may occur as a result of events associated with war
and terrorism. Although the Israeli government currently covers the reinstatement value of direct damages that are caused by terrorist
attacks or acts of war, we cannot assure you that this government coverage will be maintained or that it will sufficiently cover our potential
damages. Any losses or damages incurred by us could have a material adverse effect on our business. Any armed conflicts or political instability
in the region would likely negatively affect business conditions and could harm our results of operations.
Further, in the past, the State of Israel and Israeli companies have been subjected to economic boycotts.
Several countries still restrict business with the State of Israel and with Israeli companies. These restrictive laws and policies may
have an adverse impact on our operating results, financial condition or the expansion of our business. A campaign of boycotts, divestment
and sanctions has been undertaken against Israel, which could also adversely impact our business.
Exchange rate fluctuations between the U.S. dollar,
the New Israeli Shekel, the Euro and other foreign currencies, may negatively affect
our future revenues.
We generate substantially all of our revenues in U.S. dollars. The majority of our operating expenses are
incurred in foreign currencies, and are subject to fluctuations due to changes in foreign currency exchange rates, particularly changes
between the U.S. dollar and the New Israeli Shekel(“the NIS”), the Euro and, to a lesser extent, the British Pound. As a result,
our financial results may be affected by fluctuations in the exchange rates of currencies in the countries in which our products may be
sold. For example, during 2021, we witnessed a strengthening of the average exchange rate of the NIS against the dollar, which increased
the dollar value of Israeli expenses. If the NIS strengthens against the dollar, as it did in 2021, the dollar value of our Israeli expenses,
mainly personnel and facility-related, will increase. Foreign exchange rates fluctuation have had, and could continue to present challenges
in future periods should significant increases in volatility in foreign exchange markets occur. In order to mitigate the volatility in
foreign exchange, we have entered into forward contracts with major banks to provide partial protection against foreign currency exchange
risks resulting from expenses paid in NIS during the year.
Although exposure to currency fluctuations to date has not had a material adverse effect on our business,
there can be no assurance that our limited hedging transactions will provide sufficient protection and that such fluctuations in the future
will not have a material adverse effect on our operating results and financial condition.
Our operations may be affected by negative labor conditions in Israel.
With respect to our Israeli employees, Israeli labor laws govern the length of the workday, minimum wages
for employees, procedures for hiring and dismissing employees, determination of severance pay, annual leave, sick days, advance notice
of termination of employment, equal opportunity and anti-discrimination laws and other conditions of employment. Subject to certain exceptions,
Israeli law generally requires severance pay upon the retirement, death or dismissal of an employee, and requires us and our employees
to make payments to the National Insurance Institute, which is similar to the U.S. Social Security Administration. Our employees have
pension plans that comply with the applicable Israeli legal requirements and we make monthly contributions to severance pay funds for
all employees, which cover potential severance pay obligations.
In Israel, we are subject to certain labor statutes and national labor court precedent rulings, as well
as to certain provisions of the collective bargaining agreements between the Histadrut (General Federation of Labor in Israel) and the
Coordination Bureau of Economic Organizations including the Industrialists’ Associations. These provisions of collective bargaining
agreements are applicable to our Israeli employees by virtue of extension orders issued in accordance with relevant labor laws by the
Israeli Ministry of Economy and Industry, and apply our employees even though they are not directly part of a union that has signed a
collective bargaining agreement.
The laws and labor court rulings that apply to our employees principally concern minimum wage laws, length
of the work day and workweek, overtime payment, procedures for dismissing employees, determination of severance pay, leaves of absence
(such as annual vacation or maternity leave), sick pay and other conditions for employment. The extension orders which apply to our employees
principally concern mandatory contributions to a pension fund or managers’ insurance, annual recreation allowance, travel expenses
payment and other conditions of employment. We generally provide our employees with benefits and working conditions beyond the required
minimums.
Competition for highly skilled technical and other personnel in
Israel is intense, and as a result we may fail to attract, recruit, retain and develop qualified employees, which could materially and
adversely impact our business, financial condition and results of operations.
We compete in a market marked by rapidly changing technologies and an evolving competitive landscape. In
order for us to successfully compete and grow, we must attract, recruit, retain and develop personnel with requisite qualifications to
provide expertise across the entire spectrum of our intellectual capital and business needs.
Our principal research and development as well as significant elements of our general and administrative
activities are conducted at our headquarters in Israel, and we face significant competition for suitably skilled employees in Israel.
While there has been intense competition for qualified human resources in the Israeli high-tech industry historically, the industry experienced
record growth and activity in 2021, both at the earlier stages of venture capital and growth equity financings, and at the exit stage
of initial public offerings and mergers and acquisitions. This flurry of growth and activity has been causing a sharp increase in job
openings in both Israeli high-tech companies and Israeli research and development centers of foreign companies, and intensification of
competition between these employers to attract qualified employees in Israel. As a result, the high-tech industry in Israel has
been experiencing significant levels of employee attrition and is currently facing a severe shortage of skilled human capital, including
engineering, research and development, sales and customer support personnel. Many of the companies with which we compete for qualified
personnel have greater resources than we do, and we may not succeed in recruiting additional experienced or professional personnel, retaining
personnel or effectively replacing current personnel who may depart with qualified or effective successors.
In addition, as a result of the intense competition for qualified human resources, the Israeli high-tech
market has also experienced and may continue to experience significant wage inflation. Accordingly, our efforts to attract, retain
and develop personnel may also result in significant additional expenses, which could incur costs and increase losses. Furthermore, in
making employment decisions, particularly in the high-technology industry, job candidates often consider the value of the equity they
are to receive in connection with their employment. Employees may be more likely to leave us if the shares they own or the shares underlying
their equity incentive awards have significantly appreciated or significantly decreased in value. Many of our employees may receive significant
proceeds from sales of our equity in the public markets, which may reduce their motivation to continue to work for us and could heighten
the risk of employee attrition.
While we utilize non-competition agreements with our employees as a means of improving our employee
retention, those agreements may not be effective towards that goal. These agreements prohibit our employees, if they cease working for
us, from competing directly with us or working for our competitors for a limited period. We may be unable to enforce these agreements
under Israeli law, and it may be difficult for us to restrict our competitors from benefiting from the expertise our former employees
developed while working for us.
In light of the foregoing, there can be no assurance that qualified employees will remain in our employ
or that we will be able to attract and retain qualified personnel in the future. Failure to retain or attract qualified personnel could
have a material adverse effect on our business, financial condition and results of operations.
The termination or reduction of tax and other incentives
that the Israeli government provides to domestic companies may increase the
costs involved in operating a company in Israel.
The Israeli government currently provides tax and capital investment incentives to domestic companies,
as well as grant and loan programs relating to research and development and marketing and export activities. In recent years, the Israeli
government has reduced the benefits available under these programs and the Israeli governmental authorities have indicated that the government
may in the future further reduce or eliminate the benefits of those programs. We have taken in the past and may take advantage of these
benefits and programs again in the future, however, there is no assurance that such benefits and programs will continue to be available
to us in the future. If such benefits and programs were terminated or further reduced, it could have an adverse effect on our business,
operating results and financial condition.
Enforcing a U.S. judgment against us and our current
directors and executive officers, or asserting U.S. securities law claims in Israel,
may be difficult.
We are incorporated under the laws of the State of Israel. Service of process upon us and upon our directors
and executive officers, most of whom reside outside of the United States, and on our auditors, may be difficult to obtain within the United
States. Furthermore, because a majority of our assets and most of our directors and executive officers are located outside of the United
States, any judgment obtained in the United States against us or any of them may be difficult to collect within the United States.
It may be difficult to assert U.S. securities law claims in original actions instituted in Israel. Israeli
courts may refuse to hear a claim based on an alleged violation of U.S. securities laws on the basis that Israel is not the most appropriate
forum in which to bring such a claim. In addition, even if an Israeli court agrees to hear a claim, it may determine that Israeli law
and not U.S. law is applicable to the claim. There is little binding case law in Israel addressing these matters. If U.S. law is found
to be applicable, the content of applicable U.S. law must be proven as a fact which can be a time-consuming and costly process. Certain
matters of procedure will also be governed by Israeli law.
Provisions of our amended and restated articles of
association and Israeli law and tax considerations may delay, prevent or make difficult
an acquisition of us, which could prevent a change of control and negatively affect the price of our ordinary shares.
Israeli corporate law regulates mergers, requires tender offers for acquisitions of shares above specified
thresholds, requires special approvals for certain transactions involving directors, officers or significant shareholders and regulates
other matters that may be relevant to these types of transactions. These provisions of Israeli law may delay, prevent or make difficult
an acquisition of us, which could prevent a change of control and therefore negatively affect the price of our ordinary shares. For example,
under the Israeli Companies Law, upon the request of a creditor of either party to a proposed merger, the court may delay or prevent the
merger if it concludes that there exists a reasonable concern that as a result of the merger the surviving company will be unable to satisfy
the obligations of any of the parties to the merger. In addition, our executive officers and certain other key employees are entitled
to certain benefits in connection with a change of control of our company.
Our amended and restated articles of association provide that our directors (other than external directors,
if applicable) are elected on a staggered basis, such that a potential acquirer cannot readily replace our entire board of directors at
a single annual general shareholder meeting.
Furthermore, Israeli tax considerations may make potential transactions unappealing to us or to our shareholders,
especially for those shareholders whose country of residence does not have a tax treaty with Israel, which exempts such shareholders from
Israeli tax. For example, Israeli tax law does not recognize tax-free share exchanges to the same extent as U.S. tax law. With respect
to mergers, Israeli tax law allows for tax deferral in certain circumstances but makes the deferral contingent on the fulfillment of a
number of conditions, including, in some cases, a holding period of two years from the date of the transaction during which sales and
dispositions of shares of the participating companies are subject to certain restrictions. Moreover, with respect to certain share swap
transactions, the tax deferral is limited in time, and when such time expires, the tax becomes payable even if no disposition of the shares
has occurred. In order to benefit from the tax deferral, a pre-ruling from the Israel Tax Authority might be required.
We may become subject to claims for remuneration or
royalties for assigned service invention rights by our employees, which could result
in litigation and adversely affect our business.
We have entered into assignment-of-invention agreements with our research and development employees pursuant
to which such individuals agreed to assign to us all rights to any inventions created during or as a result of their employment or engagement
with us or in our field of business. A significant portion of our intellectual property has been developed by our employees during the
course of their employment by us. Under the Israeli Patent Law, 5727-1967(“the Patent Law”), inventions conceived by an employee
during the scope of his or her employment with a company and as a result thereof are regarded as “service inventions,” which
belong to the employer, absent a specific agreement between the employee and employer giving the employee service invention rights. The
Patent Law also provides that if there is no agreement between an employer and an employee with respect to the employee’s right
to receive compensation for such “service inventions,” the Israeli Compensation and Royalties Committee(“the Committee”),
a body constituted under the Patent Law, shall determine whether the employee is entitled to remuneration for his or her service inventions
and the scope and conditions for such remuneration. A recent decision by the Committee clarifies that the right to receive consideration
for “service inventions” can be waived by the employee and that in certain circumstances, such waiver does not necessarily
have to be explicit. In order to determine the scope and validity of such wavier, the Committee will examine, on a case-by-case basis,
the general contractual framework between the parties, using interpretation rules of the general Israeli contract laws. Further, the Committee
has not yet determined one specific formula for calculating this remuneration (but rather uses the criteria specified in the Patent Law).
Although our employees have agreed to assign to us service invention rights and have specifically waived their right to receive any special
remuneration for such assignment beyond their regular salary and benefits, we may face claims that the assignment is not enforceable or
demanding remuneration in consideration for assigned inventions. As a consequence of such claims, we could be required to pay additional
remuneration or royalties to our current and former employees, or be forced to litigate such claims, which could negatively affect our
business.
The Israeli government tax benefits that we currently
are entitled to receive require us to meet several conditions and may be terminated
or reduced in the future.
Some of our operations in Israel may entitle us to certain tax benefits under the Israeli Law for the Encouragement
of Capital Investments, 5719-1959 (the “Investment Law”), once we are profitable. If we do not meet the requirements for maintaining
these benefits, they may be reduced or canceled and the relevant operations would be subject to Israeli corporate tax at the standard
rate, which is set at 23% in 2020 and thereafter. In addition to being subject to the standard corporate tax rate, we could be required
to refund any tax benefits that we have already received, plus interest and penalties thereon. Even if we continue to meet the relevant
requirements, the tax benefits that our current “Beneficiary Enterprise” is entitled to may not be continued in the future
at their current levels or at all. If these tax benefits were reduced or eliminated, the amount of taxes that we pay would likely increase,
as all of our operations would consequently be subject to corporate tax at the standard rate, which could adversely affect our results
of operations. Additionally, if we increase our activities outside of Israel, for example, by way of acquisitions, our increased activities
may not be eligible for inclusion in Israeli tax benefits programs.
Our investors’ rights and responsibilities as
shareholders are, and will continue to be, governed by Israeli law, which differs in some material
respects from the rights and responsibilities of shareholders of U.S. companies.
The rights and responsibilities of the holders of our ordinary shares are governed by our amended and restated
articles of association and by Israeli law. These rights and responsibilities differ in some material respects from the rights and responsibilities
of shareholders in U.S. corporations. For example, a shareholder of an Israeli company has a duty to act in good faith and in a customary
manner in exercising its rights and performing its obligations towards such company and its shareholders, and to refrain from abusing
its power in such company, including voting at a general meeting of shareholders on matters such as amendments to a company’s articles
of association, increases in a company’s authorized share capital, mergers and acquisitions and related party transactions requiring
shareholder approval. In addition, a shareholder who is aware that it possesses the power to determine the outcome of a shareholder vote
or to appoint or prevent the appointment of a director or executive officer in the company has a duty of fairness toward the company.
There is limited case law available to assist us in understanding the nature of these duties or the implications of these provisions.
These provisions may be interpreted to impose additional obligations and liabilities on holders of our ordinary shares that are not typically
imposed on shareholders of U.S. corporations.
Our amended and restated articles of association provide
that unless the Company consents otherwise, the Tel Aviv District Court (Economic
Division), Israel shall be the sole and exclusive forum for substantially all disputes between the Company and its shareholders
under the Israeli Companies Law and the Israeli Securities Law, which could limit its shareholders ability to brings claims and
proceedings against, as well as obtain favorable judicial forum for disputes with the Company, its directors, officers and other employees.
The Tel Aviv District Court (Economic Division), Israel shall be the exclusive forum for (i) any derivative
action or proceeding brought on behalf of the Company, (ii) any action asserting a claim of breach of fiduciary duty owed by any director,
officer or other employee of the Company to the Company or the Company’s shareholders or (iii) any action asserting a claim arising
pursuant to any provision of the Israeli Companies Law or the Israeli Securities Law. This exclusive forum provisions is intended to apply
to claims arising under Israeli Law and would not apply to claims brought pursuant to the Securities Act or the Exchange Act or any other
claim for which federal courts would have exclusive jurisdiction. Such exclusive forum provision in our amended and restated articles
of association will not relive the Company of its duties to comply with federal securities laws and the rules and regulations thereunder,
and shareholders of the Company will not be deemed to have waived the Company’s compliance with these laws, rules and regulations.
This exclusive forum provision may limit a shareholders ability to bring a claim in a judicial forum of its choosing for disputes with
the Company or its directors or other employees which may discourage lawsuits against the Company, its directors, officers and employees.
General Risk Factors
If securities or industry analysts cease to publish
research or publish inaccurate or unfavorable research reports about our business, our
share price and trading volume could decline.
The trading price for our ordinary shares is affected by any research or reports that securities or industry
analysts publish about us or our business. If one or more of the analysts who cover us or our business publish inaccurate or unfavorable
research about us or our business, and in particular, if they downgrade their evaluations of our ordinary shares, the price of our ordinary
shares would likely decline. If one or more of these analysts cease coverage of our business, we could lose visibility in the market for
our ordinary shares, which in turn could cause our share price to decline.
We may acquire other businesses, which could require
significant management attention, disrupt our business, dilute shareholder value
and adversely affect our results of operations.
As part of our business strategy and in order to remain competitive, we may acquire or make investments
in complementary companies, products or technologies. However, we have not made any acquisitions to date, and as a result, our ability
as an organization to acquire and integrate other companies, products or technologies in a successful manner is unproven. We may not be
able to find suitable acquisition candidates, and we may not be able to complete such acquisitions on favorable terms, if at all. If we
do complete acquisitions, we may not ultimately strengthen our competitive position or achieve our goals, and any acquisitions we complete
could be viewed negatively by our customers, analysts and investors. In addition, if we are unsuccessful at integrating such acquisitions
or the technologies associated with such acquisitions, our revenues and results of operations could be adversely affected. Any integration
process may require significant time and resources, and we may not be able to manage the process successfully. We may not successfully
evaluate or utilize the acquired technology or personnel or accurately forecast the financial impact of an acquisition transaction, including
accounting charges. We may have to pay cash, incur debt or issue equity securities to pay for any such acquisition, each of which could
adversely affect our financial condition or the value of our ordinary shares. The sale of equity or issuance of debt to finance any such
acquisitions could result in dilution to our shareholders. The incurrence of indebtedness would result in increased fixed obligations
and could also include covenants or other restrictions that would impede our ability to manage our operations.
ITEM 4. INFORMATION ON THE
COMPANY
| A. |
History and Development of the Company |
The legal name of our company is Tufin Software Technologies Ltd. and we are organized under the laws of
the State of Israel. We were founded in 2005 with the goal of introducing a centralized security management layer that analyzes, defines
and implements enterprise-specific security policies. In April 2019, we completed an initial public offering on NYSE. We believe we were
the first company to introduce security policy automation solutions with SecureChange and SecureApp, and we believe our position as a
market leader reinforces our brand and supports our position as one of the most prominent players in the increasingly important security
policy management market. Our Tufin Orchestration Suite, a comprehensive policy management platform, is currently comprised of four products:
SecureTrack, SecureChange, SecureApp and SecureCloud. Additionally, we provide a set of extensions and applications for the suite through
the Tufin Marketplace.
We are a company limited by shares organized under the laws of the State of Israel. We are registered with
the Israeli Registrar of Companies. Our registration number is 51-362739-8. Our principal executive offices are located at 5 HaShalom
Road, ToHa Tower, Tel Aviv 6789205, Israel, and our telephone number is +972 (3) 612-8118. Our website address is www.tufin.com. Information
contained on, or that can be accessed through, our website does not constitute a part of this annual report and is not incorporated by
reference herein. We have included our website address in this annual report solely for informational purposes. Our SEC filings are available
to you on the SEC’s website at http://www.sec.gov. This site contains reports, proxy and information statements, and other information
regarding issuers that file electronically with the SEC. The information on that website is not part of this annual report and is not
incorporated by reference herein. Our agent for service of process in
the United States is Tufin Software North America, Inc., located at 10 Summer Street, Suite 605, Boston, Massachusetts 02110-1292, and
its telephone number is +1 (877) 270-7711.
For a discussion of our capital expenditures, see “Item 5. Operating and Financial Review and Prospectus—Liquidity
and Capital Resources.”
| B. |
Business Overview |
We are pioneering a policy-centric approach to security and information technology (“IT”) operations.
We transform enterprises’ security operations by helping them visualize, define and enforce a unified security policy across complex,
heterogeneous IT and cloud environments. Our products govern how individuals, systems and applications are permitted to communicate and
provide policy-based security automation, enabling customers to reduce the time to securely implement complex network changes from days
to minutes. Our solutions increase business agility, eliminate errors from manual processes and ensure continuous compliance through a
single console. Since our inception, our solutions have been purchased by over 2,000 customers in over 70 countries, including approximately
19% of the Global 2000.
Cybersecurity is critical for enterprises of all sizes. As enterprises embrace digital transformation and
adopt new technologies such as cloud-based services, software-defined networks, microservices and containers, the IT and cloud environments
become increasingly complex and vulnerable to attack. In response to the heightened threat environment, lack of a defined network perimeter
and a constantly changing attack surface, enterprises continue to implement additional firewalls, endpoint security, identity and access
management and other security solutions. However, we believe most enterprises lack effective and comprehensive security policy management,
which results in a trade-off between the necessary security posture and business requirements for speed, agility and innovation.
We believe a new approach to enterprise security is necessary — a data-driven framework centered
on policy management and operationalized through policy-based automation, enhancing compliance and security while improving operational
efficiency. To address this need, we have developed highly differentiated technology with four main pillars, as described below.
|
• |
Policy-centric
approach. We enable enterprises to visualize, define and enforce a unified security policy that acts as the foundation of governance
and control, replacing ad-hoc configurations across fragmented networks. |
|
• |
Automated
network changes. We automate the network change process across complex, heterogeneous environments, increasing business agility,
enabling faster application deployment and reducing human error. |
|
• |
Data-driven
insights. Our approach draws data from across a customer’s IT and cloud environments, providing insights on connectivity
and end-to-end visibility across the network. |
|
• |
Open
and extensible framework. Our open solutions serve as a centralized control layer for our customers’ networks and cloud environments,
and can connect to a wide range of third-party technologies through application program interfaces, or APIs. |
We offer four products that comprise the Tufin Orchestration Suite: SecureTrack, SecureChange, SecureApp
and SecureCloud. We also offer a digital platform of applications and extensions through the Tufin Marketplace. SecureTrack, SecureChange
and SecureApp enable enterprises to visualize, define and enforce their security policy across heterogeneous networks, both on premise
and in the cloud. SecureTrack serves as the foundation of SecureChange and SecureApp. SecureTrack provides visibility across the network
and public cloud, and helps organizations define a unified security policy and maintain compliance. SecureChange provides customers with
the ability to automate changes across the network and public cloud while maintaining compliance with policy and security standards. SecureApp
provides application connectivity management and streamlines communication between application developers and network engineers. SecureCloud
provides cloud security policy management for cloud-native environments. The Tufin Marketplace provides apps and extensions from Tufin
and our community of cybersecurity partners that maximize return-on-investment by enhancing the overall value of security policy management
implementations.
While historically we sold our products primarily as an on-premises perpetual license with annual maintenance,
in 2021 we initiated our transition to a term-based subscription license model. In this business model and in accordance with the terms
of the given agreement, the customer has the right to use the software over a designated period of time.
We sell our products and services through our sales force, including our field sales team and our inside
sales team, which works closely with our global network of over 150 active channel partners as of December 31, 2021. Our channel partners
include distributors and resellers, as well as service delivery partners that help customers successfully deploy, configure, customize
and maintain our products and services.
For the years ended December 31, 2020 and 2021, our revenues were $100.8 million and $110.9 million, respectively,
representing a year-over-year increase of 10%. For the years ended December 31, 2020 and 2021, our net loss was $35.4 million and $36.9
million, respectively.
Industry Background
Enterprises that lack a comprehensive security policy are facing challenges in balancing the necessary
security and risk posture with their business requirements, leaving security, network and compliance professionals overwhelmed. Several
industry trends contribute to operational challenges in managing risk, as set forth below:
|
• |
Increasing
frequency and sophistication of cyberattacks. Enterprises worldwide are under constant security threat from both external cyberattacks
and malicious insiders in search of sensitive information and vital systems. Cyberattacks are increasingly able to breach networks and
cloud infrastructures, and locate and steal sensitive enterprise data. As a result, numerous enterprise boards are prioritizing and reshaping
their cybersecurity approaches. |
|
• |
Growing
complexity of software-defined networks. Enterprises have been undergoing a digital transformation. They are rapidly shifting on-premise
workloads to cloud environments to meet the changing demands of their markets and customers. To keep pace with this transformation, enterprises
design scalable and flexible workloads and connections, which increase network complexity and the velocity of changes. The rise of technologies
such as microservices and containers introduces additional complexity. The growing use of these dynamic technologies has raised business
expectations on agility and increased the need for a unified security approach across networks, applications and the cloud. |
|
• |
Accelerating
pace of application development and deployment. The accelerating pace of business and technological developments requires numerous
and continuous application and infrastructure changes. The rise of the DevOps model, which is a set of software development practices
that allows applications and features to be rapidly developed and deployed, has led to increased release velocity. Enterprises that use
manual change processes struggle to keep pace and lack policy consistency, resulting in an ever-growing backlog of changes, delayed software
releases and heightened security exposure. |
|
• |
Evolving
regulatory and compliance requirements. Global enterprises need to maintain compliance with a new wave of government regulations,
corporate security policies and industry standards related to privacy and cybersecurity. Manual changes to network policy are difficult
to track and are more likely to be non-compliant. As a result, enterprises seek cost-efficient security solutions to meet compliance requirements.
|
|
• |
Legacy
security approaches can no longer address cybersecurity threats in the ever-changing IT and cloud environments. Traditional security
policy management approaches address governance and control, but lack critical characteristics such as a unified security policy, automation,
scalability, end-to-end visibility and extensibility. We believe a new approach to enterprise security is necessary: a data-driven framework
centered on policy management and operationalized through automation. |
Our Products
Security and IT operations management has become an increasingly resource-intensive and high-risk task
for enterprises. The accelerating pace of business and technological developments require numerous application and infrastructure changes,
and enterprise networks are becoming increasingly complex. Enterprises often rely on their in-house network and security teams to manually
process change requests, which increases the risk of human error and cybersecurity vulnerabilities and delays the pace of application
releases.
Enterprises use our security policy management products to create a unified security policy and give them
the ability to implement accurate network changes in minutes instead of days while improving their security posture and business agility.
We offer four products that comprise the Tufin Orchestration Suite: SecureTrack, SecureChange, SecureApp and SecureCloud. SecureTrack,
SecureChange and SecureApp enable enterprises to unify, visualize and control their security policy across heterogeneous networks, both
on premise and in the cloud. SecureCloud provides visibility and control into the security posture of cloud-native and hybrid cloud environments.
In 2020, we launched the Tufin Marketplace, a digital platform where customers can find and deploy apps
and extensions that enhance the overall value of their security policy management implementations. Powered by Tufin and our community
of cybersecurity partners, the Tufin Marketplace provides apps that maximize return-on-investment by integrating security policy data
with other security technologies and practices.
To date, the most popular apps developed by Tufin and offered through the Tufin Marketplace are the SecureTrack
Reports Pack, SecureChange Reports Pack and the Vulnerability Mitigation App.
Security Policy Automation for the Extended Enterprise
The Tufin Orchestration Suite provides a policy-centric solution for automatically designing, provisioning,
analyzing and auditing enterprise security changes. From applications to firewalls, our products provide advanced automation capabilities
to increase business agility, eliminate errors stemming from manual processes and ensure continuous compliance through a single interface.
Our unified security policy empowers network and IT security teams to effectively safeguard complex, heterogeneous environments through
a central security policy, which can be applied over all of their IT and cloud environments and across different platforms.
The majority of our customers initially purchase SecureTrack to monitor a portion of their networks. Initial
product deployments frequently expand across networks, departments, divisions and geographies in response to a need for an enterprise-wide
approach for security policy management, as well as the need to automate the network change process. Our “land and expand”
sales strategy capitalizes on this potential. As we expanded our portfolio of solutions within the Tufin Orchestration Suite, customers
have increasingly purchased SecureChange and SecureApp on top of their initial transactions. With the accelerated adoption of cloud infrastructure
for application workloads, customers are purchasing SecureCloud to expand their visibility and control through security policy management
into cloud-native and hybrid cloud environments.
SecureTrack. Enterprises use SecureTrack to understand their enterprise
security infrastructure and manage a wide range of devices from a central console. SecureTrack enables security administrators to define
and manage a centralized security policy, minimize the attack surface and ensure continuous compliance across the network. SecureTrack
also provides a foundation for our customers to use SecureChange and SecureApp, and delivers the following key benefits:
|
• |
Policy definition.
SecureTrack includes our unified security policy, which visualizes, defines and enforces a zone-to-zone segmentation policy that dictates
how users, systems and applications can communicate across the entire enterprise. Our unified security policy serves as the security policy
framework for the Tufin Orchestration Suite. |
|
• |
Security and
compliance. SecureTrack provides monitoring, assessment and alerts on security and compliance risk, ensuring real-time accountability,
transparency and consistency with the unified security policy. It also generates a variety of configurable audit reports that support
regulatory compliance standards. |
|
• |
Visibility.
SecureTrack builds a dynamic topology map of network connectivity across the enterprise and the cloud. It also provides real-time visibility
into all security policy configurations and changes. This visibility enables security teams to efficiently manage configuration changes,
troubleshoot problems and prepare for audits. |
SecureChange. SecureChange is the change management and automation
component of the Tufin Orchestration Suite. Enterprises use SecureChange to quickly and accurately assess, provision and verify security
configuration changes across physical networks and cloud platforms, while maintaining security and compliance. SecureChange delivers the
following key benefits:
|
• |
Business agility.
SecureChange increases business agility through security change automation. It automates manual change processes, giving them the ability
to implement changes in minutes instead of days. |
|
• |
Security and
compliance. SecureChange proactively checks every change request for risk and compliance against the unified security policy before
and after changes are implemented. It also maintains comprehensive ticket and process documentation, which reduces the need for painstaking
information gathering and analysis before internal and external audits. |
|
• |
Control and
accuracy. SecureChange reduces inaccuracies due to human error through automated change design and provisioning for multi-vendor
environments. |
SecureApp. SecureApp is the application management and secure connectivity
automation component of the Tufin Orchestration Suite. Enterprises use SecureApp to define, manage and monitor network connectivity for
their applications. SecureApp delivers the following key benefits:
|
• |
Visibility
and control. SecureApp provides an intuitive interface to define application-critical connectivity needs. It serves as a central
repository of application connectivity requirements and indicates current connectivity status. |
|
• |
Business continuity
and agility. SecureApp monitors network device configurations and alerts security administrators to changes that could affect application
availability. SecureApp also provides graphical diagnostic tools that help our customers identify, troubleshoot and automatically repair
connectivity issues. By providing detailed insight into an application’s connectivity needs and status, SecureApp accelerates service
deployment, provides business continuity and simplifies network operations. |
|
• |
Security and
compliance. SecureApp proactively creates clean, reliable network configurations. It automatically recommends policy rule changes
and decommissions unnecessary network access paths that can lead to a security breach. |
SecureCloud. SecureCloud is a security policy management service
for cloud-native, multi-cloud, and hybrid-cloud applications and workloads. Enterprises use SecureCloud to gain visibility into their
cloud security posture, establish security policy guardrails, and ensure compliance with these security policies by integrating with DevOps
processes and tools to reduce risk and maintain security without compromising speed and agility. SecureCloud delivers the following key
benefits:
|
• |
Visibility.
SecureCloud provides visibility into the security of application connectivity in the cloud through the assessment of cloud access controls.
SecureCloud displays vulnerabilities and overly permissive access paths. ensuring adherence to industry standards and best practices.
|
|
• |
Security Guardrails.
SecureCloud defines policies to secure application connectivity across cloud-native, multi-cloud, and hybrid-cloud -platforms. SecureCloud
automatically generates the cloud-native control code required to enforce these policies, saving enterprises the cost and overhead of
using third-party products that introduce proprietary control points across their cloud environment. |
|
• |
Continuous
Compliance. SecureCloud integrates directly into cloud-native application development processes and DevOps CI/CD automation pipelines,
ensuring continuous compliance checks of enterprise security policy throughout the entire life-cycle of cloud application development
and deployment efforts. |
|
• |
Enterprise-wide
Security Policy Management. With SecureCloud, Tufin Orchestration Suite provides a comprehensive platform that enterprises can
use to manage security policies across their entire estate, from on-premise to hybrid cloud environments. |
Vulnerability Mitigation App (VMA). The Tufin Vulnerability Mitigation
App (VMA), offered as part of the Tufin Marketplace, enables organizations to prioritize remediation and mitigation efforts
by enhancing vulnerability scanner output with network insights. By combining vulnerability measures (e.g. CVSS and severity) with insights
into how these vulnerabilities may be accessed and exploited via the network, customers have the context to identify and address
vulnerabilities that pose the greatest threat to their critical business assets.
|
• |
Out-of-the-Box
Integration. VMA provides out-of-the-box integration with the most widely used vulnerability management solutions, including Rapid7
Nexpose, Rapid7 InsightVM, Qualys VMDR, Tenable.io, and Tenable.sc. |
|
• |
Risk Mitigation.
Tufin VMA automates risk mitigation by implementing network changes that block access to the critical asset until vulnerability remediation
efforts can be fully implemented. |
|
• |
Comprehensive
Dashboard. VMA also includes a comprehensive dashboard, monitors and measures risk exposure over time, and highlights overall vulnerability
exposure and the impact of mitigation and remediation efforts networkwide. |
Our Technology
Our comprehensive security policy management solutions rely on a set of proprietary technologies that provide
a high level of security, scalability and performance. Our core technologies, which serve as the foundation of both our network and cloud-based
products, include analysis engines, a provisioning engine, Application Programming Interface (“API”) integrations and infrastructure
technology.
Analysis Engines
|
• |
Topology intelligence.
Our topology intelligence engine uses network routing algorithms to calculate the paths between different points on the network and provides
our customers with a graphic display of devices and data flows. Network administrators use our topology intelligence to quickly determine
which devices and cloud platforms a network connection can traverse, which enables them to automate network path analysis and troubleshoot
issues. |
|
• |
Network usage
analysis engine. Our network usage analysis engine detects unused elements of a security policy by analyzing network flows and
traffic hits over a specified time period. Our technology leverages an automated workflow process to decommission unnecessary access and
reduce the attack surface. |
|
• |
Policy analysis
engine. Our policy analysis engine calculates the expected connectivity and access behavior of network devices and cloud platforms.
Security administrators can use different parameters and logic to determine in real time if supported network devices and cloud security
groups will allow or block specific connections. |
|
• |
Risk and compliance
analysis engines. Our risk engine proactively analyzes risk by identifying potential security violations, checking the existing
configuration or the proposed access changes against the unified security policy. Our compliance analysis engine creates an audit trail
in real time by automatically documenting any remedial changes. |
Our technology also provides cloud-based security automation
for applications developed in CI/CD mode. Our CI/CD vulnerability scanning and compliance validation embeds security at the development
and testing stage, and enables our customers’ DevOps teams to quickly identify security issues, reducing the probability of vulnerabilities
in production environments.
|
• |
Change designer
engine. Our change designer engine automates enterprise security access requests. It first identifies the connection-relevant network
devices and cloud platforms based on topology intelligence, and then recommends the optimal policy change based on information from the
policy analysis engine. Our technology provides vendor-specific suggestions that maximize security and performance, while offering accurate
configuration changes designed to be intuitive and user friendly. |
Provisioning Engine
|
• |
Change provisioning
engine. Our technology automatically implements policy changes approved by security administrators. Our automated change provisioning
engine supports all major network, security and cloud vendors. In zero-touch automation mode, our technology automatically applies recommended
policy changes without the need for human intervention. |
API Integrations
|
• |
Extensible APIs. Our technology features a RESTful API framework
to enable extensibility and interoperability with third-party systems, including ticketing and service management systems such as ServiceNow
and BMC Remedy. Our professional services team, as well as our customers and partners, use the API framework to supplement the Tufin Orchestration
Suite with additional functionality by integrating with the third-party security ecosystem. We integrate with leading network and cloud
platforms, such as Checkpoint, Cisco, Fortinet, Palo Alto Networks, F5 Networks, Forcepoint, Juniper Networks, VMware, AWS, Google Cloud,
Microsoft Azure and Kubernetes, to provide vendor agnostic solutions, which is key to our value proposition. In addition, we believe our
technology alliance partner program, which is an ecosystem of technology partners who build certified integrations to our products, helps
to expand our common use cases. |
Infrastructure Technology
|
• |
Distributed
architecture. Customers can deploy our products across multiple distributed servers. Rather than monitoring all devices and platforms
from a single server, remote collectors monitor local network devices (e.g., firewalls and routers), process the raw data and upload compressed
data to a central server over a secure connection. Using a fully distributed architecture, our products can easily scale to meet the demands
of large organizations. |
|
• |
SaaS architecture.
SecureCloud, is offered as Software-as-a-Service, and is able to scale up and scale out to meet the demands of various customer deployment
scenarios and architectures, with built in multi-tenancy and high availability. |
|
• |
Tufin Orchestration
Suite Aurora. Aurora is the next generation of the Tufin Orchestration Suite, which runs in microservices on Kubernetes. This architecture
will enable us to offer SecureTrack, SecureChange, and SecureApp to our customers as a service in the future. Aurora allows for more agile
research and development and gives us the ability to scale out to the largest networks in the world, advancing our leadership in scalability.
Also, Aurora provides a refresh and more modern user interface that customers will find easy and intuitive to use. |
Our Services
Professional Services
Our professional services team helps customers with product deployment, integration, customization, optimization,
operation and training. We support initial product setup, implementation and configuration, and help customers integrate our products
with existing third-party applications and internally developed tools. Our professional services team also helps customers define their
unified security policy, model their network topology, configure workflows, discover application connectivity and deliver customized reporting
according to their requirements. In addition, we provide technical training so that our customers can use our products with confidence.
We also enable our authorized service delivery partners to provide similar professional services.
Maintenance and Support
We offer several levels of technical support for our products by providing customers with access to our
user and partner portal, our knowledge center and our regional support centers. We provide customers with software bug repairs, system
enhancements and updates, as well as access to our technical support experts. Our support engineers liaise with our product experts to
diagnose and solve our customers’ technical challenges. In addition to post-sales support activities, we emphasize service readiness
by coordinating with our product management team to define prerequisite product and service quality levels prior to their release. Additionally,
our designated support engineers serve as ongoing, accessible customer resources.
Sales and Marketing
Sales
We sell our products and services through our sales force, including our field sales team and our inside
sales team, which works closely with our global network of over 150 active channel partners as of December 31, 2021.
Our highly trained sales force is responsible for overall market development. Our sales force consists
of our field sales team, which accounts for most of our sales, and our inside sales team. Our field sales team targets large organizations,
which we define as those comprising the Global 2000, while our inside sales team targets mid-market companies that do not belong to the
Global 2000. Within our field sales team, our regional field sales representatives develop new business relationships with our key customers,
and our channel account managers support and expand existing relationships with our channel partners. Our sales engineers provide technical
expertise and support, and architect our solutions to address the business needs of our customers. Our sales cycle usually lasts several
months from proof of concept to purchase order, and is often longer for larger transactions. As of December 31, 2021, we had sales personnel
in 19 countries. Although our transition to a term-based subscription license model did not materially change our sales or marketing efforts
in 2021, we expect to continue to hire sales personnel in order to support our growth plans.
Our channel partners include distributors and resellers, as well as service delivery partners that help
customers successfully deploy, configure, customize and maintain our products and services. In addition, on October 2, 2018, we launched
our “Tufin as a Service” program – a consumption-based, pay-per-use services model that enables Managed Security Service
Providers, or MSSPs, to offer our security policy management solutions to their customers.
Marketing
Our marketing strategy is focused on promoting brand awareness through differentiated positioning, messaging
and thought leadership. We achieve this by educating the market on effective security policy change management, communicating our product
advantages and business benefits, generating leads for our sales force and channel partners, and promoting our brand. We market our products
and services as enterprise security policy management solutions for complex networks and cloud-based environments.
We execute our marketing strategy by leveraging a combination of internal marketing professionals, external
marketing partners and a network of platform and technology partners. Our internal marketing enterprise is responsible for branding, digital
content generation and targeted advertising through active digital channels. We actively drive thought leadership by providing community
education through our online technical webinars in multiple regions. We host and sponsor demand-generation events, including our channel
and technical partners’ events and our annual worldwide customer conferences, Tufinnovate, as well as local events for specific
customers and prospect accounts in multiple regions. In 2021, we hosted the Tufinnovate conferences virtually, and plan to do the same
in 2022. Although some of the face-to-face interaction was not possible in a virtual event, we had double the number of attendees in the
virtual Tufinnovate conference, compared to the in person Tufinnovate conferences in 2019. Our conferences and events demonstrate our
strong commitment to enabling our partners and customers to succeed, and provide an opportunity to create a pipeline for new sales to
prospective customers and additional sales to existing customers.
Research and Development
Continued investment in research and development is critical to our business. Our research and development
efforts focus primarily on improving our existing products and services with additional innovative features and functionality, as well
as developing new products and services. For example, we regularly release enhanced capabilities of the Tufin Orchestration Suite. We
believe the timely development of new products, including both on-premise and cloud solutions, is essential to maintaining our competitive
position.
In the years ended December 31, 2020 and 2021, our research and development expenses were $35.0 million
and $39.6 million, respectively. We plan to continue investing significantly in research and development initiatives across our global
innovation centers in Tel Aviv, Israel, Karmiel, Israel and Bucharest, Romania. By spreading our research and development team across
multiple locations, we increase our access to highly-skilled engineering talent, which we believe provides us opportunities for evolution
and growth.
Intellectual Property
Our commercial success depends, in part, on our ability to protect our core technologies and other intellectual
property assets. We rely on a combination of trade secrets, copyright and trademark laws, confidentiality procedures, technical know-how
and continuing innovation to protect our intellectual property and maintain our competitive advantage. Our technical personnel use their
skills, knowledge and experience to develop, strengthen and maintain our proprietary position in the security policy automation market.
In addition, we seek to protect our intellectual property by filing Israeli, U.S. and other foreign patent applications related to our
proprietary technology.
Our software and other proprietary information are protected by copyright on creation. Copyright registrations,
which have so far not been necessary, may be sought on an as-needed basis. We also control access to and use of our proprietary software,
proprietary technology and other confidential information through the use of internal and external controls, including contractual agreements
containing confidentiality obligations with our employees, independent consultants, independent contractors, professional services team,
partners and customers. Our confidentiality agreements are designed to protect our proprietary information, and the clauses requiring
assignment of inventions are designed to grant us ownership of technologies that are developed through our relationship with the respective
counterparty. We also license software from third parties for use in developing our products and for integration into our products, including
open source software. Despite our efforts to protect our trade secrets and proprietary rights through intellectual property rights, confidentiality
agreements and licenses (including non-disclosure and invention assignment agreements), unauthorized parties may still copy or otherwise
obtain and use our intellectual property and technology.
As of December 31, 2021, we had registered three trademarks in the United States, six trademarks in Israel
and two trademarks in the European Union. As of December 31, 2021, we had 14 issued patents in the United States and five issued patents
in Israel.
Competition
The security policy management market in which we operate is relatively new and evolving. We are a leading
provider of enterprise security automation and management products. In many cases, our primary competition is in-house, manual, spreadsheet
driven processes and home-grown approaches to security management. Our direct competitors include vendors such as AlgoSec, Inc., FireMon,
LLC and Skybox Security LLC that offer solutions that compete with all or some of our products or product features. We also indirectly
compete with large IT companies that offer a broad array of traditional security management solutions, such as Palo Alto Networks and
Cisco Systems, Inc., for a share of enterprises’ IT security budgets. In the cloud, direct competition to SecureCloud has not fully
emerged, although our traditional competitors have added some capabilities in this area. The cloud security vendor landscape is crowded
and many company offerings overlap. In particular, we may compete with tools from firewall vendors that provide visibility into cloud
access policies for their proprietary platforms. SecureCloud is differentiated from such tools by enabling enterprise buyers to avoid
vendor lock-in associated with proprietary enforcement solutions, ultimately having the ability to optimize how they enforce policy and
manage costs using a security policy management system across multi-vendor environments.
As our market further develops, we anticipate that competition will increase based on customer demand for
security automation and management solutions. Furthermore, we believe enterprises will allocate an increasing portion of their IT security
budgets, and specifically security management spending, to operational security and automation solutions.
The principal competitive factors in our market include:
|
• |
security change automation; |
|
• |
multi-vendor integration and heterogeneous
network topology; |
|
• |
application connectivity in modern IT and cloud
environments; |
|
• |
efficacy in provisioned and cloud-native environments;
|
|
• |
suitability for DevOps processes and microservice
architectures; |
|
• |
scalability and overall performance; and
|
|
• |
strong relationships with existing IT vendors.
|
Our Customers
Since our inception, our solutions have been purchased by over 2,000 customers in over 70 countries, including
approximately 19% of the Global 2000. We sell substantially all of our products and services through our global network of channel partners,
including distributors and resellers, who then sell to end-user customers. For the years ended December 31, 2020 and 2021, our two largest
channel partners accounted for 15% and 10% of our revenues and 15% and 12% of our revenues, respectively. Our agreements with these channel
partners provide that each partner agrees to sell and distribute our products within certain territories for one year. These agreements
are nonexclusive and non-transferable, and automatically renew unless terminated by either party after providing prior written notice.
When
analyzing our business, we refer to end-user customers as our customers throughout this Item, even when our direct commercial relationship
is with a channel partner. Our customers include leading enterprises across a broad range of geographies in a diverse set of industries,
including financial services, telecommunications, automotive, manufacturing, energy, healthcare and pharmaceuticals, technology, government,
retail and business services.
Our diverse global footprint is evidenced by the fact that, for the year ended December 31, 2021, we generated
51.3%, 42.3% and 6.4% our revenues from customers in the Americas, EMEA and APAC, respectively.
Properties
Our corporate headquarters are located in Tel Aviv, Israel in an office consisting of approximately 62,859
square feet, where we employ our primary research and development team and a portion of our support and general administrative teams.
The lease for this office expires January 31, 2029 (with an option to extend until January 31, 2034). Our U.S. headquarters are located
in Boston, Massachusetts in an office consisting of approximately 3,214 rentable square feet, where we employ a portion of our marketing
and general administrative teams. The lease for this office expires in December 31, 2023. During the first quarter of 2020, we relocated
to a new office in Boston, Massachusetts, consisting of approximately 8,982 rentable square feet. We also lease an office in Karmiel,
Israel (which serves as a research and development site), Akron, Ohio (which hosts the Americas technology support, professional services
and inside sales teams) and Reading, England (which hosts the European inside sales team). We believe our facilities are sufficient to
meet our current needs and anticipate that suitable additional space will be readily available to accommodate any foreseeable expansion
of our operations.
Seasonality
We generally expect an increase in business activity as we approach our fiscal year end in December, driven
by our customers’ buying patterns. We believe that these seasonal trends will continue to affect our quarterly results. Large individual
sales have, in some cases, occurred in quarters subsequent to those we anticipated or have not occurred at all. The loss or delay of one
or more large transactions in a quarter could impact our anticipated results of operations for that quarter and future quarters for which
revenues from that transaction is delayed.
| C. |
Organizational Structure |
The legal name of our company is Tufin Software Technologies Ltd. and we are organized under the laws of
the State of Israel. We have six wholly-owned subsidiaries:
|
Name of Subsidiary |
Place of Incorporation | |
|
Tufin Software North America Inc. |
Delaware, United States | |
|
Tufin Software Europe Limited |
United Kingdom | |
|
Tufin Software France SARL |
France | |
|
Tufin Software Germany GmbH |
Germany | |
|
Tufin Software Australia Pty Ltd |
Australia | |
|
Tufin Software SRL |
Romania |
| D. |
Property, Plants and Equipment |
See “Item 4.B. Business Overview—Properties” for a discussion of property, plants and
equipment.
ITEM 4A. UNRESOLVED STAFF COMMENTS
Not applicable.
ITEM 5. OPERATING AND FINANCIAL
REVIEW AND PROSPECTS
Company Overview
We are pioneering a policy-centric approach to security and IT operations. We transform enterprises’
security operations by helping them visualize, define and enforce a unified security policy across complex, heterogeneous IT and cloud
environments and by providing them tools to manage configurations and automate changes to their security networks. Our products govern
how individuals, systems and applications are permitted to communicate and provide policy-based security automation, enabling customers
to reduce the time to implement complex network changes from days to minutes. Our solutions increase business agility, eliminate errors
from manual processes and ensure continuous compliance through a single console.
Since our inception, our solutions have been purchased by over 2,000 customers in over 70 countries, including
approximately 19% of the Global 2000.
We generate revenues from sales of our products and associated maintenance and professional services. We
primarily sell our software through term-based subscription license agreements and perpetual license agreements. Our products offer the
same functionality whether our customers receive them through a perpetual or term-based license. Our agreements with customers for software
licenses include maintenance contracts and may also include professional services contracts. Maintenance revenues consist of fees for
providing software updates and technical support for our products for a specified term, which is typically one or three years. We offer
a portfolio of professional services and extended support contract options to assist our customers with integration, customization, optimization,
training and ongoing advanced technical support.
Our goal is to provide significant benefits to customers seeking to enforce enterprise-wide security policies
and automate network change process, which we believe will enable us to maximize the lifetime value of our customers. We believe our existing
customers serve as a strong source of incremental revenues given our multiple product offerings and the growing complexity of IT and cloud
environments and networks. Our products provide customers the flexibility to initially deploy one or more of our products in all or parts
of their IT and cloud environments, and further expand deployment as they purchase additional products or cover additional parts of their
IT and cloud environments. We believe our “land and expand” sales strategy capitalizes on this potential. We make significant
investments in acquiring new customers, both as term-based subscription licenses and perpetual licenses, and expect to achieve a favorable
return on investments by maintaining a high level of customer retention for both term-based subscription licenses and maintenance contracts
for perpetual licenses, which we define as our renewal rate. Our renewal rates are generally derived from dividing actual renewal sales
in the trailing 12 months period by our total prior period sales that where up to renewal in the trailing 12 months period.
We derive an increasing portion of our revenues from existing customers. During the years ended December
31, 2020 and 2021, we generated approximately 71% and 73% of our revenues, respectively, excluding maintenance renewals, from existing
customers.
We believe our diverse global footprint provides a significant growth opportunity. We aim to continue to
expand our business globally, particularly in the Americas and EMEA where our main target markets are. In the year ended December 31,
2021, we generated 51% of our revenues from customers in the Americas, 42% of our revenues from customers in EMEA and 7% of our revenues
from customers in APAC.
We expect sales in the Americas to continue to account for a majority of our revenues. Our customers include
leading enterprises across a broad range of geographies in a diverse set of industries, including financial services, telecommunications,
automotive, manufacturing, energy, healthcare and pharmaceuticals, technology, government, retail and business services. We believe our
expansion within the Global 2000 is a key indicator of our market penetration and the value that our products provide to large customers.
We sell our products and services through our sales force, including our field sales team and our inside
sales team, which works closely with our global network of over 150 active channel partners as of December 31, 2021. Our highly trained
sales force is responsible for overall market development. Our sales force consists of our field sales team, which accounts for most of
our sales, and our inside sales team. Our field sales team targets large organizations, which we generally define as those comprising
the Global 2000, while our inside sales team targets mid-market companies that do not belong to the Global 2000. Within our field sales
team, our regional field sales representatives develop new business relationships with our key customers, and our channel account managers
support and expand existing relationships with our channel partners. Our sales engineers provide technical expertise and support, and
architect our solutions to address the business needs of our customers. Our sales cycle usually lasts several months from proof of concept
to purchase order and is often longer for larger transactions. As of December 31, 2021, we had sales personnel in 19 countries.
Our channel partners include distributors and resellers, as well as service delivery partners that help
customers successfully deploy, configure and maintain our products and services. We sell substantially all of our products and services
through our global network of channel partners, who then sell to end-user customers. When analyzing our business, we refer to end-user customers
as our customers throughout this Item, even when our direct commercial relationship is with a channel partner. We consider our channel
partners active if they have sold our products or services in the trailing 12-month period.
We integrate with leading network and cloud platforms, such as Checkpoint, Cisco, Fortinet, Palo Alto Networks,
F5 Networks, Forcepoint, Juniper Networks, Zscaler, VMware, AWS, Google Cloud, Microsoft Azure and Kubernetes, to provide vendor agnostic
solutions, which is key to our value proposition. In addition, we believe our technology alliance partner program, which is an ecosystem
of technology partners who build certified integrations to our products, helps to expand our common use cases.
For the years ended December 31, 2020 and 2021, our revenues were $100.8 million and $110.9 million, respectively,
representing year-over-year increase of 10%.
Key Performance Indicators
We monitor the following key performance indicators to help us evaluate our business, measure our performance,
identify trends affecting our business, formulate business plans and make strategic decisions. Our key performance indicators may be calculated
in a manner different than similar key performance indicators used by other companies.
|
• |
Number of
Customers. We believe the size of our customer base is an indicator of our market penetration and our net customer additions are
an indicator of the growth of our business and future revenue opportunity. We believe we have a significant opportunity to expand our
footprint through new installations and displacement of our competitors’ solutions. To do so, we plan to continue to grow our sales
team, leverage our channel partner relationships and enhance our marketing efforts. |
We believe organizations choose us for our customer-first approach, continuing innovation and seamless
integration with third-party technologies.
We define a customer as a distinct entity, division or business unit of a company that has purchased our
products or services and is eligible to receive maintenance and support. Since our inception, our solutions have been purchased by over
2,000 customers in over 70 countries, including approximately 19% of the Global 2000. As of December 31, 2020 and 2021, we had 1,728 and
1,860 active customers, respectively.
|
• |
Revenues from Existing Customers. We believe our existing customers
provide a significant source of revenue growth. We derive an increasing portion of our revenues from existing customers. For example,
during the years ended December 31, 2020 and 2021, we generated approximately 71% and 73% of our revenues, respectively, excluding maintenance
renewals, from existing customers. |
|
• |
Maintenance
Renewal Rates. We believe our maintenance renewal rates are an important metric to measure our ability to provide significant value
to our existing customers. We generate incremental maintenance revenues when our customers renew their maintenance contracts. We measure
the maintenance renewal rate of our customers over a trailing 12-month period, based on a dollar renewal rate of contracts expiring during
that time period. For each of the years ended December 31, 2020 and 2021, our maintenance renewal rate was over 90%. Our key strategies
to maintain our renewal rate include continuing to provide more valuable features and network device coverage in our product updates,
focusing on the quality and reliability of our customer service and support and ensuring our customers receive value from our products.
|
|
• |
Sales to Large
Organizations. In the year ended December 31, 2021, large organizations, which we define as those comprising the Global 2000, accounted
for 64% of our revenues, compared to 63% of our revenues in the year ended December 31, 2020, in each case excluding maintenance renewals.
Sales to large organizations involve a distinct set of opportunities and challenges. Large organizations sales are characterized by longer
sales cycles and additional time and resources spent on a potential customer. |
For the years ended December 31, 2020 and 2021, the average spend
for all customers, excluding maintenance renewals, was $102,000 and $117,648, respectively. During those years, the average spend for
Global 2000 customers, excluding maintenance renewals, was $155,000 and $193,123, respectively; and the average spend for non-Global 2000
customers, excluding maintenance renewals, was $67,000 and $69,936, respectively. We define average spend as total sales, excluding maintenance
renewals, for the relevant customer group (i.e., all customers, Global 2000 customers or non-Global 2000 customers) divided by the number
of customers belonging to such customer group.
|
• |
Seasonality.
We generally expect an increase in business activity in the fourth quarter, driven by our customers’ buying patterns. We believe
that these seasonal trends will continue to affect our quarterly results. The loss or delay of one or more large transactions in a quarter
could impact our anticipated results of operations for that quarter and future quarters for which revenues from that transaction is delayed.
|
|
• |
Non-GAAP Gross
Profit, non-GAAP Operating Income (Loss) and Non-GAAP Net Loss. We believe that providing non-GAAP financial measures that exclude, as applicable, share-based compensation expense
and certain non-recurring costs, as well as, the tax effect of these non-GAAP adjustments, allows for more
meaningful comparisons between our operating results from period to period. These non-GAAP financial measures are an important tool for
financial and operational decision-making and for evaluating our operating results over different periods. |
We define Non-GAAP gross profit, Non-GAAP operating income (loss) and Non-GAAP net loss as follows:
|
• |
“Non-GAAP gross profit” as gross profit excluding share-based compensation expense. |
|
• |
“Non-GAAP operating income (loss)” as operating income (loss) excluding share-based compensation
expense, shelf registration costs and one-time expenses associated with the reorganization of one of our subsidiaries. |
|
• |
“Non-GAAP net loss” as net loss excluding share-based compensation expense, shelf registration
costs and one-time expenses associated with the reorganization of one of our subsidiaries and the tax effect of these non-GAAP adjustments.
|
The following tables show the applicable non-GAAP financial measure along with the comparable GAAP financial
measure.
|
Year ended December 31, |
||||||||
|
2020 |
2021 |
|||||||
|
(in thousands) |
||||||||
|
Gross profit |
$ |
80,587 |
$ |
87,837 |
||||
|
Non-GAAP gross profit |
82,611 |
89,649 |
||||||
|
|
||||||||
|
Operating loss |
$ |
(33,925 |
) |
$ |
(36,329 |
) | ||
|
Non-GAAP operating loss |
(18,452 |
) |
(22,433 |
) | ||||
|
|
||||||||
|
Net loss |
$ |
(35,406 |
) |
$ |
(36,926 |
) | ||
|
Non-GAAP net loss |
(20,634 |
) |
(25,820 |
) | ||||
The following tables reconcile gross profit, operating loss and net loss, the most directly comparable
U.S. GAAP measures, to non-GAAP gross profit, non-GAAP operating income (loss) and non-GAAP net loss for the periods presented:
|
Year ended December 31, |
||||||||
|
2020 |
2021 |
|||||||
|
(in thousands) |
||||||||
|
Reconciliation of Gross Profit to Non-GAAP Gross Profit:
|
||||||||
|
Gross profit |
$ |
80,587 |
$ |
87,837 |
||||
|
Add: |
||||||||
|
Share-based compensation expense |
$ |
2,024 |
$ |
1,812 |
||||
|
Non-GAAP gross profit |
$ |
82,611 |
$ |
89,649 |
||||
|
Year ended December 31, |
||||||||
|
2020 |
2021 |
|||||||
|
(in thousands) |
||||||||
|
Reconciliation of Operating Loss to Non-GAAP Operating Loss:
|
||||||||
|
Operating loss |
$ |
(33,925 |
) |
$ |
(36,329 |
) | ||
|
Add: |
||||||||
|
Share-based compensation expense |
$ |
15,025 |
$ |
13,896 |
||||
|
Shelf registration costs |
126 |
- |
||||||
|
One-time reorganization charges |
322 |
- |
||||||
|
Non-GAAP operating loss |
$ |
(18,452 |
) |
$ |
(22,433 |
) | ||
|
Year ended December 31, |
||||||||
|
2020 |
2021 |
|||||||
|
(in thousands) |
||||||||
|
Reconciliation of Net Loss to Non-GAAP Net Loss: |
||||||||
|
Net loss |
$ |
(35,406 |
) |
$ |
(36,329 |
) | ||
|
Add: |
||||||||
|
Share-based compensation expense |
$ |
15,025 |
$ |
13,896 |
||||
|
Shelf registration costs |
126 |
- |
||||||
|
One-time reorganization charges |
322 |
- |
||||||
|
Taxes on income related to non-GAAP adjustments |
(701 |
) |
(2,790 |
) | ||||
|
Non-GAAP net loss |
$ |
(20,634 |
) |
$ |
(25,820 |
) | ||
Because of varying available valuation methodologies, subjective assumptions and the variety of equity
instruments that can impact a company’s non-cash expense, we believe that providing non-GAAP financial measures that exclude non-cash
share-based compensation expense allows for more meaningful comparisons between our operating results from period to period. In addition,
we believe that providing non-GAAP financial measures that exclude shelf registration costs and one-time expenses associated with the
reorganization of one of our subsidiaries allows for more meaningful comparisons between our operating results from period to period since
these non-recurring costs are not representative or indicative of our ongoing operations. We also believe that the tax effects related
to the non-GAAP adjustments set forth above do not reflect the performance of our core business and would impact period-to-period comparability.
Other companies, including companies in our industry, may calculate non-GAAP gross profit, non-GAAP operating
income (loss) and non-GAAP net income (loss) differently or not at all, which reduces the usefulness of these non-GAAP financial measures
for comparison. These non-GAAP financial measures should be considered along with other financial performance measures, including gross
profit, operating income (loss) and net income (loss), and our financial results presented in accordance with U.S. GAAP. We urge investors
to review the reconciliation of our non-GAAP financial measures to the comparable U.S. GAAP financial measures included below, and not
to rely on any single financial measure to evaluate our business.
Transition to Term-Based Subscription License Business
Model
In February 2021, we announced our transition to a term-based subscription license business model.
This strategic initiative had a positive impact on our business, and we believe it will increase our recurring revenues and will result
in higher visibility over time, supporting our long-term future growth plans. As we continue our transition to a term-based subscription
license business model, we expect a greater portion of our products to be delivered through term-based subscription licenses. Shifts in
the mix of whether our solutions are sold as term-based subscription licenses could result in fluctuations in our bookings and revenues.
We also expect that maintenance revenues associated with perpetual license contracts will decline over the long term as we will sell fewer
perpetual licenses. In addition, we anticipate that the shift toward a recurring revenue business will result in an increase in annualized
recurring revenues. Our subscription license renewal rate is an important parameter that will help us to achieve our long-term goals.
Our key strategies to ensure high renewals rates, both for subscription licenses and maintenance agreements, include focusing on the quality
and reliability of our product and customer service and support, ensuring our customers receive value from our products, as well as providing
valuable software upgrades and enhancements when and if they are available.
|
• |
Annualized
recurring revenues. We consider annualized recurring revenues (“ARR”) as a performance indicator which is defined as
the annualized value of active term-based subscription license contracts, SaaS contracts and maintenance contracts related to perpetual
licenses in effect at the end of a period. Such contracts are annualized by dividing the total contract value by the number of months
of its term and multiplying by twelve (12). As of December 31, 2020 and 2021, ARR was approximately $60 million and $72 million, respectively.
The annualized value of contracts is a legal and contractual determination made by assessing the contractual terms with our customers.
ARR is not determined by reference to historical revenues, deferred revenues or any other GAAP financial measure over any period. ARR
is not a forecast of future revenues and should not be perceived as such. Our ARR, can be impacted by contract start and end dates and
renewal rates and does not include revenue associated with the sales of perpetual software licenses, hardware, or professional services.
|
COVID-19 Impacts
In light of the ongoing spread of COVID-19, including the global
emergence of new variants, government and public health authorities continue to recommend measures, and companies otherwise are taking
voluntary efforts as preventative measures, to attempt to contain and mitigate the effects of the virus. Current efforts include social
distancing, travel restrictions, shutdowns, quarantine requirements, restrictions on trade, as well as other measures directed at or impacting
businesses. In response to these measures, we have made certain adjustments to our operations as we continue to provide our offerings
to current and prospective customers. For example, we continue to employ a hybrid remote-work arrangement by permitting the majority of
our employees to work remotely while maintaining a limited onsite presence in our offices worldwide.
As a preventative measure to mitigate uncertainties associated
with COVID-19, we have continued to take certain cost reduction measures, including shifting our customer events to virtual-only platforms,
which resulted in realized savings in fiscal years 2020 and 2021 as a result of our placing restrictions on travel and limiting in-person
events.
While during the beginning stages of the COVID-19 pandemic we
experienced a slow-down in our business, resulting in decreased revenues for fiscal year 2020 as compared to fiscal year 2019, we experienced
signs of recovery starting in the second half of fiscal year 2020 and continuing through fiscal year 2021. For the year ended December
31, 2021, we experienced moderate growth, with an increase in revenue of 10% as compared to fiscal year 2020. However, we cannot estimate
if the signs of recovery will continue or were temporary (in which case we may go back to experiencing a slowdown in our business).
As the COVID-19 pandemic has caused more organizations to shift
to a remote workforce, we believe the value and scalability of our security management products and services have become even more appealing
to customers who seek to operate safely and for the long-term in a virtual world. In particular, as has proven evident over the last fiscal
year, we have experienced an increased desire by organizations to protect their networks and achieve regulatory compliance. Companies
around the world now have employees working remotely from potentially vulnerable home networks, accessing
critical on-premises data stores and infrastructure through VPNs and sharing information on cloud environments. As these remote
working conditions have created and continue to create vulnerable conditions for cyberattacks, we aim to continue developing and marketing
our products and solutions to help protect data and infrastructure against attackers. Further, we believe that enterprises understand
that a data-centric approach to security is critical and that these elevated risks are expected to remain in the long-term
We continue to monitor, assess and respond to the implications
of the COVID-19 pandemic on our operations and our customers, partners and suppliers. In addition, we continue to actively evaluate and
respond to new developments relating to the evolving COVID-19 pandemic, which has and is expected to result in continued significant global,
social and business disruptions.
While we believe that the impact of the COVID-19 pandemic has
not had an immediate material adverse impact on our financial performance has subsided, our business may yet be negatively impacted by
the pandemic, its duration and the ability to contain the virus and its variant strains ultimately remain unknown. The extent to which
COVID-19 impacts our business going forward will depend on numerous evolving factors that we cannot reliably predict, including the duration
and scope of the pandemic, the efficiency of available vaccines and the availability of such vaccines to the worldwide population, governmental,
business, and individuals' actions in response to the pandemic, and the impact on economic activity including the possibility of a recession
or financial market instability. For a discussion of the risks surrounding this uncertainty and its potential impacts on our business,
including management’s accounting estimates and assumptions, see “Item 3.D. Risk Factors.—COVID-19, including the efforts
to mitigate its impact, have, and may continue to have an impact on our business, liquidity, results of operations, financial condition
and price of our securities”.
Components of Statements of Operations
Revenues
We derive our revenues from the following:
Product Revenues. We generate product revenues from sales of our
software licenses and third-party hardware to new customers and sales of additional licenses and third-party hardware to existing customers.
We generate the vast majority of our revenues through sales of software with less than 4% of our revenues generated through sales of third-party
hardware. In the year ended December 31, 2020, we primarily sold our software through perpetual license agreements and, to a lesser extent,
term-based license agreements. In 2021 we primarily sold our software through term-based license agreements. As a percentage of total
revenues, we expect our product revenues to vary from quarter to quarter based on seasonal and cyclical factors. We are focused on acquiring
new customers as well as increasing product revenues from our existing customers.
Maintenance and Professional Services Revenues. We generate maintenance
and professional services revenues by selling maintenance contracts and, to a lesser extent, by providing professional services to our
customers. Maintenance includes software updates and technical support. Our contracts with customers for software licenses include maintenance
for a specified term. We recognize revenues associated with maintenance on a straight-line basis over the specified maintenance period.
Professional services consist of deployment services for our products, and implementation of our solutions and their integration in the
customer’s environment.
We recognize revenues associated with professional services as we perform the services. As a percentage
of total revenues, we expect our maintenance and professional services revenues to vary from quarter to quarter based on fluctuations
in license sales, maintenance renewal rates, professional services attach rates and cyclical factors. The increase in maintenance is attributable
to the growth in our software license sales to new and existing customers.
See Note 2 to our consolidated financial statements “Significant Accounting Policies—Revenue
recognition” for more information.
Cost of Revenues and Gross Profit
Our total cost of revenues is comprised of the following:
Cost of Product Revenues. Cost of product revenues consist primarily
of personnel costs (including share-based compensation) associated with the processing and delivery of our software licenses to customers
and, to a lesser extent, the purchase and delivery of third-party hardware, as well as other overhead costs. There is no direct cost of
revenues associated with our software products because we deliver our software products electronically. Electronic delivery occurs when
we provide the customer with access to the software and license key via a secure portal. Our cost of product revenues is primarily impacted
by the number of personnel involved in the delivery of our products, as well as our third-party hardware revenues.
Cost of Maintenance and Professional Services Revenues. Cost of
maintenance and professional services revenues consist primarily of personnel costs for those responsible for providing maintenance and
support and professional services to our global customer base. Such personnel costs consist of salaries, benefits, bonuses and share-based
compensation.
Gross profit is total revenues less total cost of revenues. Gross margin is gross profit expressed as a
percentage of total revenues. Our gross margin fluctuates from quarter-to-quarter based on the total revenue amount for the quarter, the
mix of product revenues and maintenance and professional services revenues. We expect our gross margins to continue to fluctuate.
Operating Expenses
Our operating expenses consist of research and development expenses, sales and marketing expenses and general
and administrative expenses. For each category, personnel costs are the most significant component of our operating expenses. Personnel
costs consist of salaries and employee benefits (including vacation expenses, bonuses and share-based compensation). Sales commissions
account for a significant portion of our sales and marketing compensation costs.
Research and Development. Research and development expenses consist
primarily of personnel costs attributable to our research and development personnel, subcontractors and consultants, as well as allocated
overhead costs. We expense research and development expenses as incurred. We expect to continue to invest in our research and development
and other long-term strategic initiatives, as we plan to further strengthen our technology platform and enhance our current and future
product and service offerings.
Sales and Marketing. Sales and marketing expenses are the largest
component of our operating expenses and consist primarily of personnel costs, including variable compensation, as well as marketing and
business development costs (including marketing campaigns and tradeshows), travel expenses and allocated overhead costs. We expect
sales and marketing expenses will continue to increase in absolute dollars and account for the majority of our operating costs as we expand
our international sales and marketing efforts.
General and Administrative. General and administrative expenses
consist primarily of personnel-related costs, including share-based compensation expense, for our executive, finance, IT, human resources,
legal and administrative personnel. General and administrative expenses also include external legal, accounting, directors and officer’s
insurance expenses, other professional service fees and allocated overhead. We expect that general and administrative expenses will increase
in absolute dollars in the near term as we continue to support the company needs and our operations as a public company, including maintaining
compliance with the Sarbanes-Oxley Act and related regulations.
Financial Income (expense), Net
Financial income (expense), net, consists primarily of bank charges, interest earned on our cash, cash
equivalents restricted bank deposits and marketable securities, amortization of premium or accretion of discount on our marketable securities
and foreign currency exchange fluctuations. Foreign currency exchange fluctuations reflect gains or losses related to transactions denominated
in currencies other than the U.S. dollar, particularly the NIS, the Euro and the GBP. As a result of our global presence, we expect to
continue to incur expenses in currencies other than the U.S. dollar. As such, we expect our exposure to fluctuations in foreign currencies
to continue.
Taxes on Income
The standard corporate tax rate in Israel for 2021 and thereafter was 23%. We have net operating loss carry
forwards. As of December 31, 2021, our net operating loss carry forwards for Israeli tax purposes amounted to approximately $110 million.
Under Israeli law, net operating losses can be carried forward indefinitely and offset against certain future taxable income. We expect
that if or when we become profitable, we will generate the substantial majority of our taxable income in Israel. However, no tax benefit
was recorded for the years ended December 31, 2020 and 2021 for the deferred tax assets of the Israeli entity, since we have recorded
a full valuation allowance against these deferred tax assets which are less likely than not to be realized.
In addition, we are entitled to tax benefits under the Investment Law in Israel in respect of our status
as a Benefited Enterprise. Under the Investment Law, our effective tax rate to be paid with respect to our Israeli taxable income as a
Benefited Enterprise may be lower than the standard corporate tax rate. The tax benefit period for the Benefited Enterprise program under
the Investment Law is expected to end in 2022. The availability of these tax benefits is subject to certain requirements, including making
specified investments in property and equipment, and financing a percentage of investments with share capital. If we do not meet these
requirements in the future, the tax benefits may be canceled and we could be required to refund any tax benefits that we have already
received.
Our subsidiaries currently generate taxable income. To the extent that we generate taxable income in Israel,
our effective tax rate will be a weighted average rate based on the applicable U.S., European, Australian and Israeli tax rates.
| A. |
Operating Results |
We are providing within this section a supplemental discussion that compares our historical statement of
operations data in accordance with accounting principles generally accepted in the United States, or GAAP. The below tables provide data
for each of the years ended December 31, 2021 and 2020. The following discussion and analysis are based on our consolidated financial
statements including the related notes, and should be read in conjunction with them. Our consolidated financial statements are provided
in “Item 18 – Financial Statements”.
For discussion related to our results of operations for the year ended December 31, 2020 compared to the
year ended December 31, 2019, refer to Part I, Item 5. “Operating and Financial Review and Prospects” in our annual report
on Form 20-F for the fiscal year ended December 31, 2020, which was originally filed with the SEC on March 2, 2021, and subsequently by
amendment on March 8, 2021.
Comparison of Period to Period Results of Operations
Results of Operations
The following tables summarize our results of operations in dollars and as a percentage of our total revenues
for the periods indicated. The period-to-period comparison of results is not necessarily indicative of results for future periods.
|
Year ended December 31, |
||||||||||||||||
|
2020 |
2021 |
|||||||||||||||
|
Amount |
% |
Amount |
% |
|||||||||||||
|
(Dollars in thousands) |
||||||||||||||||
|
Revenues: |
||||||||||||||||
|
Product |
$ |
38,690 |
38.4 |
% |
$ |
46,593 |
42.0 |
% | ||||||||
|
Maintenance and professional services |
62,144 |
61.6 |
64,356 |
58.0 |
||||||||||||
|
Total revenues |
100,834 |
100.0 |
110,949 |
100.0 |
||||||||||||
|
Cost of revenues: |
||||||||||||||||
|
Product |
2,940 |
2.9 |
3,291 |
3.0 |
||||||||||||
|
Maintenance and professional services |
17,307 |
17.2 |
19,821 |
17.9 |
||||||||||||
|
Total cost of revenues(1) |
20,247 |
20.1 |
23,112 |
20.8 |
||||||||||||
|
Gross profit |
80,587 |
79.9 |
87,837 |
79.2 |
||||||||||||
|
Operating expenses: |
||||||||||||||||
|
Research and development(1) |
34,978 |
34.7 |
39,584 |
35.7 |
||||||||||||
|
Sales and marketing(1) |
59,484 |
59.0 |
60,378 |
54.4 |
||||||||||||
|
General and administrative(1) |
20,050 |
19.9 |
24,204 |
21.8 |
||||||||||||
|
Total operating expenses |
114,512 |
113.6 |
124,166 |
111.9 |
||||||||||||
|
Operating loss |
$ |
(33,925 |
) |
(33.6 |
) |
$ |
(36,329 |
) |
(32.7 |
) | ||||||
|
Financial income (loss), net |
114 |
0.1 |
(1,104 |
) |
(1.0 |
) | ||||||||||
|
Loss before taxes on income |
$ |
(33,811 |
) |
(33.5 |
) |
$ |
(37,433 |
) |
(33.7 |
) | ||||||
|
Taxes on income |
(1,595 |
) |
(1.6 |
) |
507 |
(0.5 |
) | |||||||||
|
Net loss |
$ |
(35,406 |
) |
35.1 |
% |
$ |
(36,926 |
) |
(33.3 |
)% | ||||||
|
| |
|
(1) |
Includes share-based compensation expense as follows: |
|
Year ended December 31, |
||||||||
|
2020 |
2021 |
|||||||
|
(in thousands) |
||||||||
|
Share-based Compensation Expense: |
||||||||
|
Cost of revenues |
$ |
2,024 |
$ |
1,812 |
||||
|
Research and development |
4,437 |
3,867 |
||||||
|
Sales and marketing |
4,635 |
3,772 |
||||||
|
General and administrative |
3,929 |
4,445 |
||||||
|
Total share-based compensation expenses |
$ |
15,025 |
$ |
13,896 |
||||
Comparison of the Years Ended December 31, 2020 and 2021
Revenues
|
Year ended December 31, |
||||||||||||||||
|
2020 |
2021 |
Change |
||||||||||||||
|
Amount |
Amount |
Amount |
% |
|||||||||||||
|
(Dollars in thousands) |
||||||||||||||||
|
Revenues: |
||||||||||||||||
|
Product |
$ |
38,690 |
$ |
46,593 |
$ |
7,903 |
20.4 |
% | ||||||||
|
Maintenance and support |
50,794 |
53,975 |
3,181 |
6.3 |
% | |||||||||||
|
Professional services |
11,350 |
10,381 |
(969 |
) |
(8.5 |
)% | ||||||||||
|
Total revenues |
$ |
100,834 |
$ |
110,949 |
$ |
10,115 |
10.0 |
% | ||||||||
Revenues increased by $10.1 million, or 10.0%, from $100.8 million in 2020 to $110.9 million in 2021. The
increase in total revenues was driven by an increase in product and maintenance and support revenues across all regions and was partially
offset by decrease in professional services revenues. The increase in total revenues was also reflected by $9.9 million increase in revenues
from existing customers.
Product revenues increased by $7.9 million, or 20.4%, from $38.7 million in 2020 to $46.6 million in 2021.
This increase was driven by increase sales volumes to new and existing customers, which increased by $2.2 million and $5.7 million, respectively.
The substantial majority of our product revenues was attributable to sales of term-based subscription licenses.
Maintenance and support revenues grew by $3.2 million, or 6.3%, from $50.8 million in 2020 to $54.0 million
in 2021. This increase was driven by revenues from maintenance and support contracts renewals, which accounted for $3.8 million of this
increase partially offsets from initial maintenance and support contracts which accounted for $0.6 million decrease.
Professional services revenues decreased by $1.0 million, or 8.5%, from $11.4 million in 2020 to $10.4
million in 2021. This decrease was attributable to the timing of projects deployment by our professional services teams and the customers.
Geographic Breakdown of Revenues
The following table sets forth the geographic breakdown of our revenues by region for the periods indicated:
|
Year ended December 31, |
||||||||||||||||
|
2020 |
2021 |
|||||||||||||||
|
Amount |
% |
Amount |
% |
|||||||||||||
|
(in thousands) |
||||||||||||||||
|
Americas |
$ |
54,645 |
54.2 |
% |
$ |
56,908 |
51.3 |
% | ||||||||
|
EMEA |
40,114 |
39.8 |
46,980 |
42.3 |
||||||||||||
|
APAC |
6,075 |
6.0 |
7,061 |
6.4 |
||||||||||||
|
Total |
$ |
100,834 |
100.0 |
% |
$ |
110,949 |
100 |
% | ||||||||
The Americas accounted for the majority of our revenues in each of the years ended December 31, 2020 and
2021. EMEA also accounted for a significant portion of our revenues in each of the years ended December 31, 2020 and 2021, with revenues
generated in Germany representing 29% and 30%, respectively, of EMEA revenues.
Cost of Revenues
|
Year ended December 31, |
||||||||||||||||
|
2020 |
2021 |
Change |
||||||||||||||
|
Amount |
Amount |
Amount |
% |
|||||||||||||
|
(Dollars in thousands)
|
||||||||||||||||
|
Cost of revenues: |
||||||||||||||||
|
Product |
$ |
2,940 |
3,291 |
$ |
351 |
11.9 |
% | |||||||||
|
Maintenance and professional services |
17,307 |
19,821 |
2,514 |
14.5 | ||||||||||||
|
Total cost of revenues |
$ |
20,247 |
23,112 |
$ |
2,865 |
14.2 |
% | |||||||||
Cost of revenues increased by $2.9 million, or 14.2%, from $20.2 million in 2020 to $23.1 million in 2021.
This increase was primarily driven by the increase in compensation costs and hardware related costs.
Cost of product revenues increased by $0.4 million, or 12%, from $2.9 million in 2020 to $3.3 million in
2021.
Cost of maintenance and professional services revenues increased by $2.5 million, or 14.5%, from $17.3
million in 2020 to $19.8 million in 2021. The increase in cost of maintenance and professional services revenues was driven primarily
by an increase in increase in compensation costs resulting from salary updates and an increase of the number of employees on our services,
support and fulfillment teams on an annual-average basis, as well as an increase in related overhead costs, as we remain committed to
support our increased sales of our services offerings.
Gross Profit
|
Year ended December 31, |
||||||||||||||||||||||||
|
2020 |
2021 |
Gross Profit Change |
||||||||||||||||||||||
|
Gross Profit |
Gross Margin |
Gross Profit |
Gross Margin |
Amount |
% |
|||||||||||||||||||
|
Gross profit |
$ |
80,587 |
79.9 |
% |
$ |
87,837 |
79.2 |
% |
$ |
7,250 |
(0.9) |
% | ||||||||||||
Gross profit decreased by $7.3 million, or 0.7%, from $80.6 million in 2020 to $87.8 million in 2021. Gross
margins decreased from 79.9% to 79.2% during the same period. This decrease was driven by as higher costs of revenues in 2021 compared
to 2020, as discussed above.
Operating Expenses
|
Year ended December 31, |
||||||||||||||||
|
2020 |
2021 |
Change |
||||||||||||||
|
Amount |
Amount |
Amount |
% |
|||||||||||||
|
(Dollars in thousands) |
||||||||||||||||
|
Operating expenses: |
||||||||||||||||
|
Research and development |
$ |
34,978 |
$ |
39,584 |
$ |
4,606 |
13.2 |
% | ||||||||
|
Sales and marketing |
59,484 |
60,378 |
894 |
1.5 | ||||||||||||
|
General and administrative |
20,050 |
24,204 |
4,154 |
20.7 |
||||||||||||
|
Total operating expenses |
$ |
114,512 |
$ |
124,166 |
$ |
9,654 |
8.4 |
% | ||||||||
Total operating expenses increased by $9.7 million, or 8.4%,
from $114.5 million in 2020 to $124.2 million in 2021.
Research and Development.
Research and development expenses increased by $4.6 million, or 13.2%, from $35.0 million in 2020 to $39.6 million in 2021. This increase
was primarily attributable to an increase of $4.3 million in compensation expenses. The increase in compensation expenses was primarily
driven by salary updates, and unfavorable impact of foreign exchange rate fluctuations (mainly the NIS in relation to the U.S. dollar).
The increase in research and development expenses reflects our plans to invest in strategic initiatives that further strengthen our technology
platform and enhance our current and future product and service offerings in a competitive environment.
Sales and Marketing.
Sales and marketing expenses increased by $0.9 million, or 1.5%, from $59.5 million in 2020 to $60.4 million in 2021. This increase was
primarily attributable to an increase of $0.8 million in compensation expenses and an increase of $0.6 million for investments in marketing
programs. This increase was partially offset by a decrease in travel expenses.
General and Administrative.
General and administrative expenses increased by $4.2 million, or 20.7%, from $20.1 million in 2020 to $24.2 million in 2021. This increase
was primarily attributable to an increase of $2.9 million in compensation costs, which includes a $0.4 million increase in share-based
compensation expense as we grew our general and administrative teams in order to scale and support the business needs as a public company.
Our general and administrative headcount has increased from 63 in 2020 to 68 in 2021, on an annual-average basis. The remaining increase
in general and administrative expense of $1.2 million was primarily due to increase in our directors and officers insurance, as well as
accounting and legal and allocated IT and facilities costs.
Financial Income (expense), Net
|
Year ended December 31, |
||||||||||||||||
|
2020 |
2021 |
Change |
||||||||||||||
|
Amount |
Amount |
Amount |
% |
|||||||||||||
|
(Dollars in thousands) |
||||||||||||||||
|
Financial Income (expense), net |
$ |
114 |
$ |
(1,104 |
) |
$ |
(1,218 |
) |
(1,068 |
)% | ||||||
Financial expense, net for the year ended December 31, 2021 were $1.1 million. Financial income, net for
the year ended December 31, 2020 were $0.1 million. Our financial income (expense), net was impacted by exchange rate fluctuations in
the foreign currencies against the U.S. dollar and our derivatives and hedging activities, which resulted in an expense of $0.9 million
for the year ended December 31, 2021 compared to minimal financial expense, net in the year ended December 31, 2020.
Taxes on Income
|
Year ended December 31, |
||||||||||||||||
|
2020 |
2021 |
Change |
||||||||||||||
|
Amount |
Amount |
Amount |
% |
|||||||||||||
|
(Dollars in thousands) |
||||||||||||||||
|
Taxes on income |
$ |
(1,595 |
) |
$ |
507 |
$ |
2,102 |
(132 |
)% | |||||||
Taxes on income for the year ended December 31, 2020 amounted to $1.6 million. Income tax benefit for the
year ended December 31, 2021 amounted to $0.5 million. Our effective tax rate in 2021 was primarily impacted by tax benefits associated
with stock-based compensation of our US subsidiary and our full valuation allowance against potential future benefits for deferred tax
assets of our Israeli entity, including loss carryforwards generated in Israel.
In addition, our effective tax rate is based on recurring factors, including the geographic mix of foreign
taxable income and loss, as well as nonrecurring items that may not be predictable. See Note 11 to our consolidated financial statements
included elsewhere in this annual report for a full reconciliation of our effective tax rate to the Israeli statutory rate of 23% and
for further explanation of our provision for income taxes.
Application of Critical Accounting Policies and Estimates
Our consolidated financial statements have been prepared in accordance with GAAP. The preparation of these
consolidated financial statements requires us to make estimates and assumptions that affect the reported amounts of assets, liabilities,
revenue, expenses, and related disclosures. We base our estimates on historical experience and on various other assumptions that we believe
are reasonable under the circumstances. We evaluate our estimates and assumptions on an ongoing basis. Actual results may differ from
these estimates. To the extent that there are material differences between these estimates and our actual results, our future financial
statements will be affected.
The critical accounting policies requiring estimates, assumptions, and judgments that we believe have the
most significant impact on our consolidated financial statements are described below.
Revenue Recognition
We determine the appropriate revenue recognition for our contracts with customers by analyzing the type,
terms and conditions of each contract. We classify the revenue components as products according to the attributes of the underlying components.
We sell our on-premises software licenses through both perpetual and term-based license agreements. Our
products offer the same functionality whether our customers receive them through a perpetual or term-based license. We deliver our software
licenses electronically. Electronic delivery occurs when we provide the channel partner or customer with access to our software and license
key via a secure portal. We generally recognize revenues from on-premises software licenses upfront when we make the software available
to the channel partner or, if we are selling directly, customer. We recognize hardware sales upon delivery.
We generally recognize revenues from software sold through term-based license agreements upfront, upon
delivery to the channel partner or, if we are selling directly, customer. We defer the associated maintenance revenues and recognize them
over the contract period. Assuming we expect to recover the costs, we capitalize all incremental costs we incur to obtain a contract with
a customer that we would not have incurred if we had not obtained the contract. We include amortization expense in sales and marketing
expenses in our consolidated statements of operations. We amortize costs incurred in obtaining a contract as a sales and marketing expense
on a straight-line basis over the expected period of benefit. We periodically review these costs for impairment.
Our contract payment terms typically range between 30 and 120 days. We assess collectability based on several
factors, including collection history.
Our contracts with customers for software licenses include maintenance and may also include training and/or
professional services. Maintenance consists of fees for providing software updates and technical support for our products for a specified
term. We recognize maintenance revenues ratably over the contractual service period. We bill for professional services on a fixed fee
basis and recognize revenues as we perform the services. We defer payments received in advance of services performed and recognize such
payments when we perform the related services.
In contracts with multiple performance obligations, we account for individual performance obligations separately
if they are distinct. We allocate the transaction price to each performance obligation based on its relative standalone selling price
out of the total consideration of the contract. For maintenance and support contracts, we determine the standalone selling price based
on the price at which we separately sell a renewal contract. We determine the standalone selling price for sales of licenses using the
residual approach. For professional services, we determine the standalone selling prices based on the price at which we separately sell
those services.
Share-Based Compensation
We measure and recognize share-based compensation expense in our consolidated financial statements based
on the grant date fair value of the award. We recognize the grant date fair value of the award as an expense based on the graded vesting
attribution method over the requisite service period (primarily a four-year period).
We estimated the grant date fair value of share options for the years ended December 31, 2019 and 2020
using the Black-Scholes option-pricing model. Our use of the Black-Scholes option-pricing model requires the input of highly subjective
assumptions, including estimated fair value of our ordinary share price, expected share price volatility and expected term. The fair value
of restricted stock units ("RSU") is based on the closing market value of the underlying shares at the date of grant.
Following our initial public offering on April 11, 2019, our ordinary shares are publicly traded, and therefore
we currently base the value of our ordinary shares on their market price.
|
•
|
Risk-Free
Interest Rate. We base the risk-free interest rate on the implied yield on currently available U.S. treasury zero-coupon securities
with a remaining term equal to the expected life of our options. |
|
•
|
Dividend Yield.
We base dividend yield on our historical experience and expectation of no future dividend payouts. We have historically not paid cash
dividends and have no foreseeable plans to pay cash dividends in the future. |
|
•
|
Expected Volatility.
We base expected share price volatility on the historical volatility of the ordinary shares of comparable companies that are publicly
traded, as well as the historical volatility of the Company’s ordinary shares. |
|
• |
Expected Term.
The expected term of options granted represents the period of time that options granted are expected to be outstanding. The expected option
term is calculated using the simplified method, as we concluded that currently our historical share option exercise experience does not
provide an adequate basis to estimate our expected option term. |
Any changes in these highly subjective assumptions would significantly impact our share-based compensation
expense.
Income Taxes
We account for income taxes using the asset and liability approach, which requires the recognition of taxes
payable or refundable for the current year and the deferred tax liabilities and assets for the future tax consequences of events that
we have recognized in our financial statements or tax returns.
We measure current and deferred tax liabilities and assets based on provisions of the relevant tax law.
We reduce the measurement of deferred tax assets, if necessary, by the amount of any tax benefits that we do not expect to realize. We
classify interest and penalties relating to uncertain tax positions within taxes on income.
Accounts Receivable
We present accounts receivable in our consolidated balance sheets net of allowance for credit losses for
potential uncollectible amounts. We estimate the collectability of accounts receivable balances and adjust the allowance for credit losses
based on our assessment of collectability by reviewing accounts receivable on an aggregated basis where similar characteristics exist
and on an individual basis when it identifies specific customers with known disputes or collectability issues. We also consider a number
of factors to assess collectability, including the past due status, creditworthiness of the specific customer, payment history and reasonable
and supportable forecasts of future economic conditions.
When revenue recognition criteria are not met for a sale transaction that has been billed, we do not recognize
deferred revenues on our balance sheet or the related account receivable.
Derivative Instruments
We carry out transactions involving foreign currency exchange derivative financial instruments. These transactions
are designed to hedge our exposure in currencies other than the U.S. dollar, and are not designated as an accounting hedge. We are primarily
exposed to foreign exchange risk with respect to recognized assets and liabilities and anticipated transactions denominated in the NIS,
Euro and British Pound, including payroll expenses. Going forward we may consider to designate transactions involving foreign currency
exchange derivative financial instruments as an accounting hedge.
New and Revised Financial Accounting Standards
Under the JOBS Act, we meet the definition of an “emerging growth company.” As such, we may
avail ourselves of an extended transition period for complying with new or revised accounting standards. However, we have chosen to “opt
out” of such extended transition period, and as a result, we will comply with new or revised accounting standards on the relevant
dates on which adoption of such standards is required for non-emerging growth companies. Our decision to opt out of the extended transition
period for complying with new or revised accounting standards is irrevocable.
| B. |
Liquidity and Capital Resources |
As of December 31, 2021, we had $89.4 million of cash and cash equivalents, restricted bank deposits, short-term
marketable securities and long-term marketable securities, compared to $104.0 million as of December 31, 2020. The majority of our cash
and cash equivalents, restricted bank deposits and marketable securities are held in banks in Israel and the United States. Our marketable
securities primarily consist of highly-rated corporate debt securities and U.S. government agency securities. We believe that our existing
cash and cash equivalents, restricted bank deposits, short-term marketable securities and long-term marketable securities will be sufficient
to fund our operations, as well as our working capital and capital expenditures needs for at least the next 12 months. Our future capital
requirements will depend on many factors, including our rate of revenue growth, which may be impacted, among other factors, by our transition
to term-based subscription license business model, the expansion of our sales and marketing activities, the timing and extent of spending
to support product development efforts and expansion into new geographic locations, the timing of introductions of new products and enhancements
to existing products and the continuing market acceptance of our products and services. For information on our future operating lease
obligations, including beyond the next 12 months, see Note 7 to our consolidated financial statements included elsewhere in this annual
report.
For discussion related to our financial condition for the year ended December 31, 2019, refer to Part I,
Item 5. “Operating and Financial Review and Prospects” in our annual report on Form 20-F for the fiscal year ended December
31, 2020, which was originally filed with the SEC on March 2, 2021, and subsequently by amendment on March 8, 2021.
Net Cash Used in Operating Activities
Cash used by operating activities was $14.2 million for the year ended December 31, 2021. This was primarily
due to an increased net loss of $36.9 million adjusted by non-cash charges of $16.3 million, primarily relating to share-based compensation
of $13.9 million and depreciation expense of $1.9 million, as well as a favorable impact of $6.4 million resulting from the net changes
in our operating assets and liabilities. Changes in operating assets and liabilities included (i) a $9.4 million increase in deferred
revenues representing unearned amounts resulting primarily from increased maintenance and support sales and (ii) a $3.6 million
increase in employee and payroll accrued expenses offset by (a) a $2.2 million increase in prepaid expenses and other current assets,
(b) a $2.5 million increase in accounts receivables and (c) a $2.3 million increase in deferred costs.
Cash used by operating activities was $17.4 million for the year ended December 31, 2020. This was primarily
due to an increased net loss of $35.4 million adjusted by non-cash charges of $15.6 million, primarily relating to share-based compensation
of $15.0 million and depreciation expense, as well as a favorable impact of $2.4 million resulting from the net changes in our operating
assets and liabilities. Changes in operating assets and liabilities included (i) a $2.2 million increase in deferred revenues representing
unearned amounts resulting primarily from increased maintenance and support sales and (ii) a $4.3 million increase in employee and payroll
accrued expenses and operating lease liabilities, net, partially offset by (a) a $2.6 million increase in deferred taxes and other non-current
assets, (b) a $0.5 million increase in accounts receivables and (c) a $0.7 million decrease in trade payables and other accounts payables.
Net Cash Used in Investing Activities
Investing activities for the year ended December 31, 2021 have consisted primarily of investment in capital
expenditures to purchase property and equipment.
During the year ended December 31, 2021, net cash used in investing activities was $1.5 million was attributable
to purchase of capital expenditures to purchase property and equipment of $1.7 million, partially offset by net proceeds of marketable
securities of $0.2 million.
During the year ended December 31, 2020, net cash used in investing activities was $44.4 million was attributable
to net purchases of marketable securities of $42.3 million and $2.1 million purchase of capital expenditures to purchase property and
equipment for our leased offices.
Net Cash Provided by Financing Activities
Net cash provided by financing activities was $1.9 million in the year ended December 31, 2021, consisting
of $2.4 million in proceeds from the exercise of employee share options, partially offset by the changes in its related withholding amounts.
Net cash provided by financing activities was $0.7 million in the year ended December 31, 2020, consisting
of $1.4 million in proceeds from the exercise of employee share options, partially offset by the changes in its related withholding amounts.
C. Research and Development, Patents and Licenses, etc.
We conduct our research and development activities primarily in Israel. As of December 31, 2021 our research
and development personnel included 181 employees and contractors.
For a description of our research and development policies, see “Item 4.B. Business Overview—Research
and development.”
D. Trend Information
Other than as disclosed elsewhere in this annual report, we are not aware of any trends, uncertainties,
demands, commitments or events for the period from January 1, 2021 to December 31, 2021 that are reasonably likely to have a material
adverse effect on our net revenue, income, profitability, liquidity or capital resources, or that caused the disclosed financial information
to be not necessarily indicative of future operating results or financial condition.
| E. |
Critical Accounting Estimates |
See “Application of Critical Accounting Policies and Estimates” in “Item 5.A. Operating
Review and Financial Prospects—Operating results.”
ITEM 6. DIRECTORS, SENIOR MANAGEMENT
AND EMPLOYEES
| A. |
Directors and Senior Management |
The following table sets forth the name, age and position of each of our executive officers and directors:
|
Name |
Age |
Position | ||
|
Executive Officers |
||||
|
Reuven Kitov |
48 |
Chief Executive Officer, Co-Founder and Chairman of the Board | ||
|
Reuven Harrison |
52 |
Chief Technology Officer, Co-Founder and Director | ||
|
Jack Wakileh |
50 |
Chief Financial Officer | ||
|
Yoram Gronich |
53 |
Senior Vice President of Products and Engineering | ||
|
Shay Dayan |
40 |
Vice President of Research and Development | ||
|
Raymond Brancato |
57 |
Chief Revenue Officer | ||
|
Non-Employee Directors |
||||
|
Tom Schodorf (1)(4) |
63 |
Lead Independent Director | ||
|
Ohad Finkelstein (4) |
61 |
Director | ||
|
Yuval Shachar (3)(4) |
59 |
Director | ||
|
Yair Shamir (3)(4) |
76 |
Director | ||
|
Edouard Cukierman (4) |
57 |
Director | ||
|
Peter Campbell (1)(2)(4) |
57 |
Director | ||
|
Dafna Gruber (1)(2)(3)(4) |
57 |
Director | ||
|
Brian Gumbel (2)(4) |
46 |
Director |
|
(1) |
Member of our audit committee. |
|
(2) |
Member of our compensation committee. |
|
(3) |
Member of our nominating and corporate governance committee. |
|
(4) |
Independent director under NYSE rules. |
Reuven Kitov is our Chief Executive Officer, Co-Founder and Chairman
of the board of directors, which positions he has held since co-founding Tufin in January 2005. Prior to co-founding Tufin, Mr. Kitov
held key project management and development roles at Check Point Software Technologies, Inc. from 1998 to 2003. Mr. Kitov holds a Bachelor
of Science degree in Computer Science from the University of Maryland in College Park, Maryland.
Reuven Harrison is our Chief Technology Officer, Co-Founder and
a director, which positions he has held since co-founding Tufin in January 2005. Prior to co-founding Tufin, Mr. Harrison held key software
developer positions at Check Point Software Technologies, Inc. from 1999 to 2003, as well as other key positions at Capsule Tech, Inc.
from 1997 to 1999 and ECS Inc. from 1991 to 1996. Mr. Harrison holds a Bachelor of Arts degree in Mathematics and Philosophy from Tel
Aviv University in Israel.
Jack Wakileh is our Chief Financial Officer, which position he
has held since July 2013. Prior to joining Tufin, Mr. Wakileh worked as a financial and business consultant for various technology companies
from 2010 to 2013. He was a Co-Founder of iSpade Technologies Ltd. and was Chief Financial Officer from 2008 to 2010, Co-Chief Executive
Officer of LEADIP Systems Ltd. from 2006 to 2007 and Chief Financial Officer of VCON Telecommunications Ltd. from 1999 to 2005 prior to
which he held the Corporate Controller position. Mr. Wakileh holds a Bachelor of Arts degree in Accounting and Economics from Tel Aviv
University in Israel and is a Certified Public Accountant.
Yoram Gronich is our Senior Vice President of Products and Engineering,
which position he has held since September 2021. Before that, he was our Vice President of Research and Development from September 2008
to September 2021. Prior to joining Tufin, Mr. Gronich held software management and engineering positions at Symantec Corporation from
2005 to 2008 and project management and team leader roles at Check Point Software Technologies, Inc. from 2002 to 2005. Mr. Gronich holds
a Master of Science degree in Electrical Engineering and a Bachelor of Science degree in Physics and Computer Science each from Tel Aviv
University in Israel.
Shay Dayan is our Vice President of Research and Development, which
position he has held since September 2021. Prior to that and since August 2009, Mr. Dayan held several roles in Tufin’s research
and development department, including Team Leader, Group Manager, Chief Architect, Director of system architecture and Chief Technology
Officer of cloud products. From August 2006 until August 2009, he was a development Team Leader at Radware Ltd. Mr. Dayan holds a Bachelor
of Science degree in Computer Science from Tel Aviv University in Israel.
Raymond Brancato joined Tufin in January 2021 as our Chief Revenue
Officer. He joined Tufin from AnyVision, an artificial intelligence company, where he was Chief Revenue Officer from March 2019 to January
2021. Prior to AnyVision, he held senior sales leadership positions over the course of 10 years with CA Technologies, including Vice President,
Senior Vice President and General Manager of Business Unit Sales. Prior to that, he was Vice President of Sales, Americas at Kabira Technologies
from April 2007 to March 2009, Director of Sales at BMC Software from November 2002 to April 2007, and Vice President of Sales at Remedy
from December 2000 to November 2002. He holds a Bachelor of Science degree in Finance and Management Science from the University of South
Carolina.
Tom Schodorf has served as a member of our board of directors
since 2019. Mr. Schodorf founded View Consulting LLC, specializing in advisory services for the technology industry, in 2014. He
previously served as Senior Vice President of Sales and Field Operations of Splunk Inc. (traded on Nasdaq) from October 2009 to March
2014, and prior to that, he held various sales and executive management positions at BMC Software and IBM. Mr. Schodorf has also
been a director of Quali and Behavox since 2021, of Egnyte since 2018 where he is a member of the Compensation Committee, of OutSystems
since 2017 where he is also Chairman of the Compensation Committee, of Rapid7 since 2016 where he is a member of the Compensation Committee,
and of Kaseya since 2014. Mr. Schodorf holds a Masters of Business Administration degree from the University of Dayton in Dayton, Ohio
and a Bachelor of Science in Business Administration from the Ohio State University in Columbus, Ohio.
Ohad Finkelstein has served as a director since January 2011. Mr.
Finkelstein serves as Managing Partner of Danli Capital, an investment advisory firm that he founded in 2017. Mr. Finkelstein is the Co-Founding
Partner of Marker LLC, which he founded in 2011. Prior to that, from 2005 to 2011, he led international investment for Venrock, an Israeli
venture capital firm. He served as the Chairman, Chief Executive Officer and President at Interoute Communications Limited from 1999 to
2003. Mr. Finkelstein holds a Bachelor of Arts degree in Political Science and International Marketing from the University of California,
Los Angeles.
Yuval Shachar has served as a director since October 2009. Mr.
Shachar is the Executive Chairman and Co-Founder of Team8, a venture capital firm specializing in incubation of security companies. Mr.
Shachar serves as Founding Venture Partner of Innovation Endeavors, which he joined at its inception, previously serving as an investment
partner of its predecessor fund from 2013. Mr. Shachar served as Co-Founding Partner of Marker LLC and its predecessors from 2011. From
2004 to 2009, he served as General Manager of a Cisco business unit in its Service Provider group. Prior to that, Mr. Shachar served as
Co-Founder, President and CEO of P-Cube (which was acquired by Cisco), and co-founded each of Pentacom and Infogear (which were each acquired
by Cisco). From 1995 to 1998, Mr. Shachar served as Vice President of Research and Development at VocalTec Ltd. (which completed an IPO
on The Nasdaq Stock Market, or Nasdaq, in 1996), and previously held key engineering and management positions at National Semiconductors.
Mr. Shachar holds a Bachelor of Science degree in Mathematics and Computer Science from Tel Aviv University in Israel.
Yair Shamir has served as a director from 2007 to 2013 and again
from October 2018 to present. Mr. Shamir has been a Founding and Managing Partner of Catalyst Investments since its establishment from
1999 to 2013 and again from 2015 to present. Mr. Shamir was elected as a member of the Israeli Parliament (Knesset) and served as Minister
of Agriculture of the State of Israel from 2013 to 2015. Mr. Shamir served as the Chairman of the Israeli Road Safety Authorities from
September 2018 until November 2020. Prior to that, he served as the Chairman of Board of N.T.A. – Metropolitan Mass Transit System
until August 2018. Mr. Shamir served as the Chairman of Israel’s National Roads Company from 2011 to 2012. Mr. Shamir served as
the Chairman of Israel Aerospace Industries Ltd. from 2005 until 2011. From 2004 to 2007, Mr. Shamir was the Chairman of Shamir Optical
Industry Ltd. From 2004 to 2005, Mr. Shamir served as the Chairman of EL AL. From 1997 to 2004, Mr. Shamir served as the Chief Executive
Officer and Chairman of VCON Telecommunications Ltd. Mr. Shamir was a board member of DSP Group Corporation from 2005 to 2013. Mr. Shamir
holds a Bachelor of Science degree in Electronics Engineering from the Technion, Israel Institute of Technology in Haifa, Israel.
Edouard Cukierman has served as a director since 2014. Mr. Cukierman
has been a Founding and Managing Partner of Catalyst Investments since its establishment in 1999, and has served as the Chairman of Cukierman
& Co. Investment House since its establishment. Prior to establishing and managing Catalyst Investments, Mr. Cukierman was the President
and Chief Executive Officer of Astra Technological Investments, a Venture Capital Fund established in 1993. Mr. Cukierman serves as a
board member of Dori Media Group. He is also is the Founder of the GoforIsrael annual conference. Mr. Cukierman served as a Reserve Officer
of the Crisis & Hostage Negotiation Team and IDF Spokesman Unit. Mr. Cukierman holds a Master of Business Administration degree from
INSEAD University in Fontainebleau, France and a Bachelor of Science degree from the Technion, Israel Institute of Technology in Haifa,
Israel.
Peter Campbell has served as a director since 2019 and served as
an external director under the Israeli Companies Law between July 2019 and May 2020. Mr. Campbell served as Chief Financial Officer of
Mimecast Ltd. (traded on Nasdaq) from 2006 to 2019, where he also served as a director from 2007 to 2015. He previously served as Chief
Financial Officer of SR Telecom Inc., where he was employed from 2002 to 2006. Prior to that, Mr. Campbell was an auditor at Ernst &
Young LLP in Canada. Mr. Campbell is currently a director and chairman of the audit committee of Latch inc. (traded on Nasdaq) and a director
and chairman of the audit committee of Dataiku. Mr. Campbell holds a Bachelor of Commerce degree and a Graduate Diploma in accounting
from the John Molson School of Business at Concordia University in Canada, where he also served as a lecturer.
Dafna Gruber has served as a member of our board of directors
since 2019 and served as an external director, as such term is defined under the Israeli Companies Law. Ms. Gruber serves as the chief
financial officer of Netafim Ltd., a private company. Prior to that as chief financial officer in various companies including Aqua security
Ltd. Landa Corporation Ltd. and Clal Industries Ltd. From 2007 until 2015, Ms. Gruber served as the chief financial officer of Nice
Systems Ltd., a public company traded on Nasdaq and TASE. From 1996 until 2007, Ms. Gruber was part of Alvarion Ltd., a public company
traded on Nasdaq and TASE, mostly as chief financial officer. Ms. Gruber currently serves as an external director or independent director
of several public companies, including Nova Measuring Instruments Ltd, ICL group Ltd and Cellebrite DI Ltd. Ms. Gruber is a certified
public accountant and holds a Bachelor’s degree in Accounting and Economics from Tel Aviv University, Israel.
Brian Gumbel has served as a director since 2019. Mr. Gumbel currently
serves as the Chief Revenue Officer of Armis Inc. Prior to joining Armis, he served as the Chief Revenue Officer for Sisense from October
2019 to April 2020. He previously served as the Senior Vice President of Worldwide Sales at Forescout Technologies Inc., where he held
senior management positions from October 2015 to October 2019. Previously, he led sales and operations at Tanium as the Vice President
for Americas East and Canada from February 2014 to October 2015. Prior to that, he worked at McAfee from 2007 to 2014 ultimately serving
as the Vice President for Americas East and Canada, and at Cisco from 2000 to 2007 in various sales and leadership positions. Mr. Gumbel
holds a Bachelor of Science degree in Biology from Marist College in Poughkeepsie, New York.
| B. |
Compensation |
Compensation of Directors and Executive Officers
The aggregate compensation expensed, including share-based compensation and other compensation expensed
by us and our subsidiaries, to our directors and executive officers with respect to the year ended December 31, 2021, was $8.2 million.
This amount includes approximately $0.4 million set aside or accrued to provide pension, severance, retirement, or similar benefits.
The table below sets forth the compensation paid to our five most highly compensated office holders (as
defined in the Israeli Companies Law and described under “Board Practices—Disclosure of Compensation of Executive Officers”
below) during or with respect to the year ended December 31, 2021. We refer to the five individuals for whom disclosure is provided herein
as our “Covered Executives.”
For purposes of the table and the summary below, “compensation” includes base salary, bonuses,
equity-based compensation, retirement or termination payments, benefits and perquisites such as car, phone and social benefits and any
undertaking to provide such compensation.
Summary Compensation Table
|
Information Regarding the Covered Executive(1) |
||||||||||||||||||||
|
Name and Principal Position(2) |
Base Salary |
Benefits and Perquisites(3)
|
Variable Compensation(4)
|
Equity-Based Compensation(5)
|
Total |
|||||||||||||||
|
Raymond Brancato, Chief Revenue Officer |
$ |
320,075 |
$ |
59,485 |
$ |
351,726 |
$ |
1,473,151 |
$ |
2,204,437 |
||||||||||
|
Reuven Kitov, Chief Executive Officer |
$ |
300,000 |
$ |
46,297 |
$ |
288,667 |
$ |
658,937 |
$ |
1,293,901 |
||||||||||
|
Jack Wakileh, Chief Financial Officer |
$ |
289,966 |
$ |
139,162 |
$ |
130,322 |
$ |
460,938 |
$ |
1,020,388 |
||||||||||
|
Yoram Gronich, Senior Vice President of Products and Engineering
|
$ |
266,362 |
$ |
124,945 |
$ |
70,173 |
$ |
388,992 |
$ |
850,472 |
||||||||||
|
Reuven Harrison, Chief Technology Officer |
$ |
269,731 |
$ |
69,711 |
$ |
84,097 |
$ |
340,314 |
$ |
763,853 |
||||||||||
|
(1) |
In accordance with Israeli law, all amounts reported in the table are in terms of
cost to our company, as recorded in our financial statements. |
|
|
|
|
(2) |
All current executive officers listed in the table are full-time employees. Cash compensation
amounts denominated in currencies other than the U.S. dollar were converted into U.S. dollars at the average conversion rate for the year
ended December 31, 2021. |
|
| |
|
(3) |
Amounts reported in this column include benefits and perquisites, including those
mandated by applicable law. Such benefits and perquisites may include, to the extent applicable to each executive, payments, contributions
and/or allocations for savings funds, pension, severance, vacation, car or car allowance, medical insurances and benefits, risk insurances
(such as life, disability and accident insurances), convalescence pay, payments for social security, tax gross-up payments and other benefits
and perquisites consistent with our guidelines. |
|
|
|
|
(4) |
Amounts reported in this column refer to Variable Compensation such as earned commission,
incentive and bonus payments as recorded in our financial statements for the year ended December 31, 2021. |
|
|
|
|
(5) |
Amounts reported in this column represent the expense recorded in our financial statements
for the year ended December 31, 2021 with respect to equity-based compensation. Assumptions and key variables used in the calculation
of such amounts are described in Note 10 to our audited consolidated financial statements, which are included in this annual report.
|
Employment Agreements with Executive Officers
We have entered into written employment agreements with each of our executive officers. These agreements
provide for notice periods of varying duration for termination of the agreement by us or by the relevant executive officer, during which
time the executive officer will continue to receive base salary and benefits. These agreements also contain customary provisions regarding
noncompetition, confidentiality of information and assignment-of-inventions. However, the enforceability of the noncompetition provisions
may be limited under applicable law.
Directors’ Service Contracts
There are no arrangements or understandings between us, on the one hand, and any of our directors, on the
other hand, providing for benefits upon termination of their employment or service as directors of our company.
Equity Incentive Plans
2007 Israeli Share Option Plan
Effective Date and Shares Reserved.
On October 21, 2007, our board of directors adopted the 2007 Israeli Share Option Plan(the “2007
Plan”). The 2007 Plan generally allowed us to grant options to our employees, directors, officers, consultants, advisors and any
other person providing services to us or any of our affiliates. In May 2017, we extended the terms of options held by certain holders
under the 2007 Plan by an additional 10 years. Unless earlier terminated pursuant to the original terms of the 2007 Plan, all granted
but unexercised options will expire and cease to be exercisable at 5:00 p.m. Israel time on the 10th
anniversary of the vesting commencement date of such options. We no longer make awards under the 2007 Plan. As of February 23, 2022, options
to purchase a total of 2,047,600 shares were outstanding under the 2007 Plan.
Plan Administration. The 2007 Plan may be administered by our board
of directors or a committee thereof. Subject to Israeli law and our amended and restated articles of association or any resolution to
the contrary by our board of directors, the administrator is authorized, in its sole and absolute discretion, to exercise all powers and
authorities specifically granted to it under the 2007 Plan or necessary or advisable in the administration of the 2007 Plan.
Vesting Terms and Conditions of the Options. Unless otherwise determined
by the administrator, options under the 2007 Plan vest and become exercisable as follows: 25% of the shares covered by the options vested
on the first anniversary of the vesting commencement date, 1/3 of the remaining shares vest on each subsequent anniversary of the vesting
commencement date and all options become fully vested by the fourth anniversary of the vesting commencement date.
Israeli Tax Law. Unless otherwise determined by the administrator,
any underlying shares issued upon exercise of options (granted through the “capital gains track through a trustee” in accordance
with Section 102(b)(2) of the Israeli Income Tax Ordinance (New Version), 1961(the “Israeli Tax Ordinance”), will be held
by a trustee until the lapse of the holding period (as defined in the 2007 Plan), or, subject to a tax ruling, until the earlier of a
merger (as defined in the 2007 Plan) or an initial public offering. We appointed a trustee to hold the allocated options and underlying
shares issued upon the exercise off such options in a trust on behalf of each applicable Israeli grantee. No underlying shares or additional
rights we issue to the trustee will be held for a period longer than 20 years after the end of the term of the options.
Termination of Employment or Service. In the event that the employment
or service of a grantee terminates (other than by reason of death, disability retirement or for cause), all options of such grantee that
are vested but unexercised on the date of the termination may be exercised unless earlier terminated in accordance with their terms and
if not previously expired, no later than the earlier of (i) 90 days after such termination and (ii) the term of the option. All other
granted options will expire upon such termination. In the event of a grantee’s death during employment or service, or in the event
of a grantee’s termination due to retirement or disability, all of the grantee’s vested but unexercised options will be exercisable
until the earlier of (i) 180 days after the date of termination of employment and (ii) the term of the option. In the event of a grantee’s
termination for cause, all options, whether vested or unvested, will expire.
Merger. In the event of a merger transaction (as defined in the
2007 Plan), the administrator in its sole discretion, will decide (i) if and how the unvested options will be canceled, replaced or accelerated,
(ii) if and how vested options will be exercised, replaced and/or sold by us or the trustee on the behalf of Israeli participants and
(iii) how underlying shares issued upon exercise of the options and held by the trustee on behalf of Israeli participants will be replaced
and/or sold by the trustee on behalf of the Israeli participant.
2008 U.S. Stock Plan
Effective Date and Shares Reserved. On May 25, 2008, our board
of directors adopted the 2008 U.S. Stock Plan(the “2008 Plan”). The 2008 Plan generally allowed us to grant no statutory share
options, incentive share options that satisfied the requirements of Section 422 of the Code, and the sale or award of shares to our employees,
outside directors and consultants and those of Tufin Software North America, Inc., as well as any of our other subsidiaries. We no longer
make awards under the 2008 Plan. As of February 23, 2022, options to purchase a total of 343,658 shares were outstanding under the 2008
Plan.
Plan Administration. The 2008 Plan may be administered by one or
more committees of the board of directors. The entire board of directors may administer the 2008 Plan if no committee is otherwise appointed.
Subject to the provisions of the 2008 Plan, the board of directors will have full authority and discretion to take any actions it deems
necessary or advisable for the administration of the 2008 Plan. All decisions, interpretations and other actions of the board of directors
will be final and binding on all participants.
Terms and Conditions of Awards. Any shares issued upon exercise
of an option or awarded or sold under the 2008 Plan may be subject to the special forfeiture conditions, rights of repurchase, rights
of first refusal and other transfer restrictions as the board of directors may determine.
Options. The 2008 Plan requires that options have an exercise price
that is not less than 100% of the fair market value of a share on the grant date. Incentive share options granted to an employee owning
more than 10% of our or any of our subsidiaries’ combined voting power will have an exercise price of at least 110% of the fair
market value of the share on the grant date. The expiration date of an option may be no later than the 10th anniversary of the date of
grant (or the fifth anniversary in the case of incentive share options granted to employees who, at the time of grant, own more than 10%
of our or any of our subsidiaries’ combined voting power).
Change in Control. In the event that we are a party to a merger,
consolidation, exchange of shares, sale of all or substantially all of its assets or like event, all outstanding options will be subject
to the applicable transaction agreement, which will provide for one or more of the following: (i) the continuation of our outstanding
options (if we are the surviving corporation); (ii) the assumption of the outstanding option by the surviving corporation or its parent
in a manner that complies with Section 424(a) of the Code; (iii) the substitution by the surviving corporation or its parent of new options
for the outstanding options in a manner that complies with Section 424(a) of the Code; or (iv) the cancelation of the outstanding options
without the payment of any consideration.
2018 U.S. Equity-Based Incentive Plan
Effective Date and Shares Reserved. On April 9, 2018, our board
of directors adopted the 2018 U.S. Equity-Based Incentive Plan (the “2018 Plan”). The 2018 Plan generally allowed us to grant
options to our employees, directors, executive officers, consultants, advisors and any other person providing services to us or any of
our affiliates who are U.S. citizens or who are resident aliens of the United States for U.S. federal income tax purposes. We no longer
make awards under the 2018 Plan. As of February 23, 2022 options to purchase a total of 79,778 shares were outstanding under the 2018
Plan.
Plan Administration. The 2018 Plan may be administered by a committee
of the board of directors. The entire board of directors may administer the 2018 Plan if no committee is otherwise appointed. Subject
to the provisions of the 2018 Plan, the administrator of the 2018 Plan has full authority and discretion to take any actions it deems
necessary or advisable for the administration of the 2018 Plan. All decisions, interpretations and other actions of the administrator
of the 2018 Plan will be final and binding on all participants, unless otherwise determined by the board of directors.
Options. The 2018 Plan allows for the grant of nonqualified share
options and incentive share options that satisfy the requirements of Section 422 of the Code. Each award will be evidenced by an option
agreement that will govern such award’s terms and conditions. Only our employees or employees of our parent or subsidiaries are
eligible to receive incentive share options. The 2018 Plan requires that incentive share options have an exercise price that is not less
than 100% of the fair market value of a share on the grant date and that nonqualified share options have an exercise price equal to the
fair market value of a share on the grant date unless the committee administering the 2018 Plan specifies otherwise and the option complies
with Section 409A of the Code. Incentive share options granted to an employee owning more than 10% of our or our and our subsidiaries’
combined voting power will have an exercise price of at least 110% of the fair market value of the shares on the grant date. The expiration
date of an option may be no later than the 10th anniversary of the date of grant, unless otherwise determined by the committee administering
the 2018 Plan (or the fifth anniversary in the case of incentive share options granted to employees who, at the time of grant, own more
than 10% of our or our parent’s or subsidiaries’ combined voting power).
Termination of Employment or Service. In the event that the employment
or service of a grantee terminates (other than by reason of death, disability or retirement), all awards of such grantee that are unvested
at the time of such termination will terminate on the date of such termination, and all awards of such grantee that are vested and exercisable
at the time of such termination may, unless earlier terminated in accordance with their terms, be exercised within 12 months after the
date of such termination (or such different period as the committee administering the 2018 Plan will prescribe). In the event of a grantee’s
death during employment or service or within three months following such grantee’s termination, or in the event of a grantee’s
termination due to disability, all of the grantee’s vested awards may be exercised at any time within one year after such death
or disability. In the event of a grantee’s retirement, all of the grantee’s vested awards, unless earlier terminated in accordance
with their terms, may be exercised at any time within the three month period following such retirement. If we (or our affiliate, when
applicable) terminate the grantee’s employment or service for cause, or if at any time during the exercise period, facts or circumstances
arise or are discovered with respect to the grantee that would have constituted cause, all awards theretofore granted to such grantee
will, to the extent not theretofore exercised, terminate on the date of such termination (or on such subsequent date on which such facts
or circumstances arise or are discovered, as the case may be) unless otherwise determined by the committee administering the 2018 Plan.
Merger or Sale. In the event of a merger or sale, unless otherwise
determined by the committee administering the 2018 Plan in its sole and absolute discretion, any award then outstanding will be assumed
or will be substituted by us or by the successor corporation in the merger or sale or by any affiliate thereof under substantially the
same terms as the award. In the event that awards are not assumed or substituted for equivalent awards, the committee administering the
2018 Plan may (i) provide for a grantee to have the right to exercise an award, or otherwise accelerate vesting of an award, as to all
or part of the shares covered thereby, including shares covered by the award which would not otherwise be exercisable or vested, and/or
(ii) provide for the cancelation of each outstanding award at the closing of the merger or sale, and payment to the grantee. In the event
of a merger or sale, the committee administering the 2018 Plan may, without the consent of the grantee, amend, modify or terminate awards
as the committee will deem in good faith to be appropriate.
2019 Equity-Based Incentive Plan
Effective Date and Shares Reserved. On February 28, 2019, our board
of directors approved our 2019 Equity-Based Incentive Plan(the “2019 Plan”), which became effective upon shareholder approval
on March 21, 2019. Our 2019 Plan replaced our 2007 Plan and our 2018 Plan(the “Prior Plans”), under which further grants will
not be made. The 2019 Plan generally allows for the grant of options, restricted shares, restricted share units and other share-based
awards to our and our affiliates’ employees, directors, officers, consultants and advisors. The 2019 Plan enables us to issue awards
under varying tax regimes, including Section 102 and Section 3(i) awards pursuant to the Israeli Tax Ordinance and incentive stock options
within the meaning of Section 422 of the Code. The maximum aggregate number of shares that may be issued pursuant to awards under the
2019 Plan is the sum of (a) 1,833,333 shares plus (b) on January 1 of each calendar year during the term of the 2019 Plan commencing in
2020, a number of shares equal to the lesser of: (i) an amount determined by our board of directors, if so determined prior to the January
1 of the calendar year in which the increase will occur, (ii) 5% of the total number of shares outstanding on December 31 of the immediately
preceding calendar year and (iii) 5,000,000 shares.
Additionally, any share (i) underlying an award under the 2019 Plan or the Prior Plans (in an amount not
to exceed 813,515 shares under the Prior Plans) that has expired, or was canceled, terminated, forfeited, repurchased or settled in cash
in lieu of issuance of shares, for any reason, without having been exercised, (ii) tendered to pay the exercise price of an award (or
the exercise price or other purchase price of any option or other award under the Prior Plans), or withholding tax obligations with respect
to an award (or any awards under the Prior Plans), or (iii) subject to an award (or any award under the Prior Plans) that is not delivered
to a grantee because such shares are withheld to pay the exercise price (or of any award under the Prior Plans), or withholding tax obligations
with respect to such award (or such other award) will automatically be available for grant under the 2019 Plan. As of February 23, 2022,
options to purchase a total of 2,068,509 shares and 2,453,049 unvested RSUs were outstanding under the 2019 Plan. In addition,
our board of directors approved the grant of 1,679,300 RSUs to certain of our employees, which grant became effective on March 1, 2022.
Plan Administration. Either our board of directors or a committee
established by our board of directors administers the 2019 Plan, and such administrator will have full authority in its discretion to
determine (i) eligible grantees, (ii) grants of awards and setting the terms and provisions of award agreements (which need not be identical)
and any other agreements or instruments under which awards are made, including the number of shares underlying each award and the class
of shares underlying each award (if more than one class was designated by our board of directors), (iii) the time or times at which awards
will be granted, (iv) the terms, conditions and restrictions applicable to each award (which need not be identical) and any shares acquired
upon the exercise or (if applicable) vesting thereof, (v) to accelerate, continue, extend or defer the exercisability of any award or
the vesting thereof, including with respect to the period following a grantee’s termination of employment or other service, (vi)
the interpretation of the 2019 Plan and any award agreement and the meaning, interpretation and applicability of terms referred to in
applicable laws, (vii) policies, guidelines, rules and regulations relating to and for carrying out the 2019 Plan, and any amendment,
supplement or rescission thereof, as it may deem appropriate, (viii) to adopt supplements to, or alternative versions of, the 2019 Plan,
including, without limitation, as it deems necessary or desirable to comply with the laws of, or to accommodate the tax regime or custom
of, foreign jurisdictions whose citizens or residents may be granted awards, (ix) the fair market value of the shares or other property,
(x) the tax track (capital gains, ordinary income track or any other track available under the Section 102 of the Israeli Tax Ordinance)
for the purpose of Section 102 to the Israeli Tax Ordinance, (xi) the authorization and approval of conversion, substitution, cancelation
or suspension under and in accordance with the 2019 Plan of any or all awards or shares, (xii) the amendment, modification, waiver or
supplement of the terms of each outstanding award (with the consent of the applicable grantee, if such amendments refers to the increase
of the exercise price of awards or reduction of the number of shared underlying an award (but, in each case, other than as a result of
an adjustment or exercise of rights in accordance with the provisions of the 2019 Plan) unless otherwise provided under the terms of the
2019 Plan, (xiii) without limiting the generality of the foregoing, and subject to the provisions of applicable law, to grant to a grantee
who is the holder of an outstanding award, in exchange for the cancelation of such award, a new award having an exercise price lower than
that provided in the award so canceled and containing such other terms and conditions as the committee may prescribe in accordance with
the provisions of the 2019 Plan or to set a new exercise price for the same award lower than that previously provided in the award, (xiv)
to correct any defect, supply any omission or reconcile any inconsistency in the 2019 Plan or any award agreement and all other determinations
and take such other actions with respect to the 2019 Plan or any award as it may deem advisable to the extent not inconsistent with the
provisions of the 2019 Plan or applicable law, (xv) to designate any of our officers or other persons to manage the day to day administration
of the awards granted under the 2019 Plan or authorize any of them to act on behalf of the committee with respect to any matter, right,
obligation, determination or election which is the responsibility of or which is allocated to the committee herein, (xvi) to determine
that awards, shares issuable upon the exercise or (if applicable) vesting of awards and/or any securities issued or distributed with respect
thereto, shall be allocated or issued to, or held by, the representative in trust for the benefit of the grantees and (xvii) any other
matter which is necessary or desirable for, or incidental to, the administration of the 2019 Plan and any award thereunder. The board
of directors and the committee need not take the same action or determination with respect to all awards, with respect to certain types
of awards, with respect to all service providers or any certain type of service providers and actions and determinations may differ as
among the grantees, and as between the grantees and any other holders of our securities. The board of directors may, at any time, suspend,
terminate, modify, or amend the 2019 Plan, whether retroactively or prospectively.
Types and Terms and Conditions of Awards. The committee may grant
awards intended to qualify as an incentive stock option, non-qualified stock option, Section 102 award, Section 3(i) award, or other designations
under other regimes. The 2019 Plan generally requires that incentive stock options have an exercise price that is not less than 100% of
the fair market value of a share underlying such options or 110% in case of an employee who at the time of the grant owns shares possessing
more than 10% of the total combined voting power of all classes of our shares or of any of our subsidiaries on the date of grant of such
options or such other price as may be determined pursuant to the Code. The exercise price of any other awards granted will be determined
by the committee.
The exercise period of an option award will be 10 years from the date of grant of the award unless otherwise
determined by the committee, but subject to the vesting and the early termination provisions, provided that the period of an incentive
stock option granted to an employee who at the time of the grant owns shares possessing more than 10% of the total combined voting power
of all classes of our shares or of any of our subsidiaries, shall not exceed five years from the date of grant. Except as described below,
an award generally may not be exercised unless the grantee is then in our employ or service and unless the grantee has remained continuously
so employed since the date of grant of the award and throughout the vesting dates. In the event that the employment or service of a grantee
terminates (other than by reason of death, disability or retirement), unless otherwise determined by the committee, all awards of such
grantee that are unvested at the time of such termination shall terminate on the date of such termination, and all awards of such grantee
that are vested and exercisable at the time of such termination may, unless earlier terminated in accordance with their terms, be exercised
within up to three months after the date of such termination (or such different period as the committee will prescribe), but in any event
no later than the date of expiration of the award’s term as set forth in the award agreement or pursuant to this 2019 Plan. In the
event of a grantee’s death during employment or service or within three months following such grantee’s termination, (or such
longer period as determined by the committee), or in the event of a grantee’s termination due to disability, all of the grantee’s
vested awards may be exercised at any time within one year after such death or disability (or such longer period as determined by the
committee). In the event of a grantee’s retirement, all of the grantee’s vested awards, unless earlier terminated in accordance
with their terms, may be exercised at any time within the three month period following such retirement (or such different period as the
committee shall prescribe). If we (or our affiliate, when applicable) terminate the grantee’s employment or service for cause (as
defined in the 2019 Plan), or if at any time during the exercise period (whether prior to and after termination of employment or service,
and whether or not the grantee’s employment or service is terminated by either party as a result thereof), facts or circumstances
arise or are discovered with respect to the grantee that would have constituted cause, all awards theretofore granted to such grantee
(whether vested or not) shall, to the extent not theretofore exercised, terminate on the date of such termination (or on such subsequent
date on which such facts or circumstances arise or are discovered, as the case may be) unless otherwise determined by the committee.
Section 102 of the Israeli Tax Ordinance allows our employees, directors and executive officers who are
not controlling shareholders and are Israeli residents for tax purposes to receive favorable tax treatment for share-based awards. Section
102 includes two alternatives for tax treatment involving the issuance of awards to a trustee for the benefit of the grantees and also
includes an additional alternative for the issuance of awards directly to the grantee. We elected the “capital gain track”
pursuant to Section 102(b)(2) of the Israeli Tax Ordinance for grants to eligible Israeli grantees as provided above, which may allow
favorable tax treatment for such grantees. In order to comply with the terms of the capital gain track, all awards granted under the 2019
Plan and subject to the provisions of Section 102 of the Israeli Tax Ordinance, as well as the shares issued upon exercise of such awards
and any rights granted thereunder, including bonus shares, must be registered in the name of a trustee selected by the board and held
in trust for the benefit of the relevant grantee for the requisite period prescribed by the Israeli Tax Ordinance or such longer period
as set by the committee. The trustee may release these awards or shares to the holders thereof after the expiration of the required statutory
holding period, provided that the trustee has received an acknowledgment from the Israeli Tax Authority that the grantee paid all applicable
taxes, or the trustee and/or us and/or our affiliate withholds all applicable taxes and compulsory payments due. Our non-employee service
providers and controlling shareholders may only be granted options or RSUs under Section 3(i) of the Israeli Tax Ordinance, which will
be taxed as ordinary income upon the exercise of such awards into shares.
The administrator may grant restricted share units, or RSUs, under the 2019 Plan, which are awards covering
a number of shares that are settled, if vested, by issuance of those shares. The award agreement for any restricted shares granted will
provide the vesting schedule and purchase price, if any, for the restricted shares. If a grantee’s employment or services to us
or any of our affiliates terminates for any reason prior to the vesting of such grantee’s restricted shares, any shares that remain
subject to vesting will be forfeited by such grantee. No payment of exercise price (subject to applicable law and the terms of the award
agreement) will be required as consideration for RSUs.
The administrator may grant other awards under the 2019 Plan, including shares (which may, but need not,
be restricted shares), cash, a combination of cash and shares, awards denominated in share units, and share appreciation rights. However,
to qualify as Section 102 or Section 3(i) awards pursuant to the Israeli Tax Ordinance, the award must be share-based compensation only
and not cash compensation or any award that is settled in cash.
Adjustment Provisions. In the event of a division or subdivision
of our outstanding share capital, any distribution of bonus shares (share split), consolidation or combination of our share capital (reverse
stock split), reclassification with respect to our shares or any similar recapitalization events, a merger (including, a reverse merger
and a reverse triangular merger), consolidation, amalgamation or like transaction of us with or into another corporation, reorganization
(which may include a combination or exchange of shares, spin-off or other corporate divestiture or division, or other similar occurrences),
the committee shall have the authority to make, without the need for a consent of any holder of an award, such adjustments as determined
by the committee to be appropriate, in its discretion, in order to adjust (i) the number and class of shares reserved and available for
grants of awards, (ii) the number and class of shares covered by outstanding awards, (iii) the exercise price per share covered by any
award, (iv) the terms and conditions concerning vesting and exercisability and the term and duration of the outstanding awards and (v)
any other terms of the award that in the opinion of the committee should be adjusted.
In the event of (i) a sale of all or substantially all of our assets, or a sale (including an exchange)
of all or substantially all of our shares, to any person, or a purchase by any of our shareholders or by an affiliate of such shareholder,
of all or substantially all of our shares held by all or substantially all other shareholders or by other shareholders who are not affiliated
with such acquiring party; (ii) a merger (including, a reverse merger and a reverse triangular merger), consolidation, amalgamation or
like transaction of us with or into another corporation; (iii) a scheme of arrangement for the purpose of effecting such sale, merger,
consolidation, amalgamation or other transaction; (iv) change in board event, which means any time at which individuals who, as of the
effective date of the 2019 Plan, constitute the incumbent board cease for any reason to constitute at least a majority of the board; provided,
however, that any individual becoming a director subsequent to the effective date of the 2019 Plan whose election, or nomination for election
by our shareholders, was approved by a vote of at least a majority of the directors then comprising the incumbent board shall be considered
as though such individual were a member of the incumbent board, but excluding, for this purpose, any such individual whose initial assumption
of office occurs as a result of an actual or threatened election contest with respect to the election or removal of directors or other
actual or threatened solicitation of proxies or consents by or on behalf of a person other than the board; (v) approval by our shareholders
of a complete liquidation or dissolution of the company; or (vi) such other transaction or set of circumstances that is determined by
the board (being the incumbent board in case of a change in board event), in its discretion, to be a transaction subject to these provisions
of the 2019 Plan; excluding any of the above transactions in clauses (i) through (v) if the board (being the incumbent board in case of
a change in board event) determines that such transaction should be excluded from the definition hereof and the applicability of this
provision of the 2019 Plan, any award then outstanding will be assumed or will be substituted by us or by the successor corporation in
such change in control or by any affiliate thereof, as determined by the committee in its discretion, under terms as determined by the
committee or the terms of the 2019 Plan applied by the successor corporation to such assumed or substituted award, unless otherwise determined
by the sole and absolute discretion of the committee. Regardless of whether awards are assumed or substituted the committee may (but will
not be obligated to), in its sole discretion: (a) provide for grantees to have the right to exercise their awards or otherwise for the
acceleration of vesting of award in respect of all or part of the shares covered by the awards which would not otherwise be exercisable
or vested, under such terms and conditions as the committee will determine, including the cancelation of all unexercised awards (whether
vested or unvested) upon or immediately prior to the closing of the change in control; and/or (b) provide for the cancelation of each
outstanding and unexercised award at or immediately prior to the closing of the change in control, and payment to the grantees of an amount
in cash, our shares, the acquirer or of a corporation or other business entity which is a party to the change in control or other property,
as determined by the committee to be fair in the circumstances, and subject to such terms and conditions as determined by the committee.
Notwithstanding the foregoing, in the event of change in control, the committee may determine, in its sole discretion, that upon completion
of such change in control, the terms of any award be otherwise amended, modified or terminated, as the committee deems in good faith to
be appropriate.
Miscellaneous Provisions. Awards under the 2019 Plan are not transferable
other than by will or by the laws of descent and distribution or to a grantee’s designated beneficiary, unless, in the case of awards
other than incentive stock options, otherwise determined by our committee or under the 2019 Plan, and generally expire 10 years following
the grant date. The board of directors may at any time amend, suspend, terminate or modify the 2019 Plan and the administrator may at
any time modify or amend any award under the 2019 Plan.
| C. |
Board Practices |
Corporate Governance Practices
Under the Israeli Companies Law, companies incorporated under the laws of the State of Israel whose shares
are publicly traded, including companies with shares listed on NYSE, are considered public companies under Israeli law and are required
to comply with various corporate governance requirements under Israeli law relating to matters such as external directors, the audit committee,
the compensation committee and an internal auditor. This is the case even though our shares are not listed on a stock exchange in Israel.
Subject to certain exceptions, these requirements are in addition to the corporate governance requirements imposed by NYSE rules and other
applicable provisions of U.S. securities laws to which we are subject (as a foreign private issuer). Under NYSE rules, a foreign private
issuer, such as us, may generally follow its home country rules of corporate governance in lieu of the comparable NYSE corporate governance
requirements, except for certain matters, including the composition and responsibilities of the audit committee and the independence of
its members within the meaning of the rules and regulations of the SEC.
We currently comply with the rules generally applicable to U.S. domestic companies listed on NYSE. We may
in the future decide to use the foreign private issuer exemption with respect to certain NYSE corporate governance requirements.
Board of Directors and Executive Officers
Under the Israeli Companies Law, our board of directors determines our policies and supervises the performance
of our chief executive officer. Our board of directors may exercise all powers and may take all actions that are not specifically granted
to our shareholders or to management. Our executive officers are responsible for our day-to-day management. Our executive officers serve
at the discretion of our board of directors, subject to the terms of their respective employment agreements.
Independent Directors
We comply with NYSE rules, which require that a majority of our directors are independent. Our board of
directors has determined that all of our directors, other than Reuven Kitov and Reuven Harrison, qualify as independent under such rules.
Board Composition and Election
Under our amended and restated articles of association, the number of directors on our board of directors
must be no less than six and no more than 10, including any director appointed by one or both of our founders, or a founder director,
pursuant to the appointment rights described under “—Appointment Rights.” The minimum and maximum number of directors
may be changed, at any time and from time to time, by a special vote of the holders of at least 66 2/3% of our outstanding shares.
Other than any founder director, our directors are divided into three classes with staggered three-year
terms. Each class of directors consists, as nearly as possible, of 1/3 of the total number of directors constituting the entire board
of directors (other than any founder director). At each annual general meeting of our shareholders, the election or re-election of directors
following the expiration of the term of office of the directors of that class of directors is for a term of office that expires on the
third annual general meeting following such election or re-election, such that at each annual general meeting the term of office of only
one class of directors will expire. Each director, aside from any founder director, holds office until the annual general meeting of our
shareholders for the year in which his or her term expires and until his or her successor is duly appointed, unless the tenure of such
director expires earlier pursuant to the Israeli Companies Law upon the occurrence of certain events or unless removed from office by
a vote of the holders of at least 66 2/3% of the total voting power of our shareholders at a general meeting of our shareholders in accordance
with our amended and restated articles of association.
Our directors who are not founder directors are divided among the three classes as follows:
|
• |
the Class I directors consist of Edouard Cukierman, Reuven Harrison and Yuval Shachar, and their terms
will expire at our annual general meeting of shareholders to be held in 2023; |
|
• |
the Class II directors, consist of Ohad Finkelstein, Reuven Kitov and Brian Gumbel and their terms will
expire at our annual general meeting of shareholders to be held in 2024; and |
|
• |
the Class III directors consist of Yair Shamir, Tom Schodorf, Dafna Gruber and Peter Campbell and their
terms will expire at our annual general meeting of shareholders to be held in 2022. |
External Directors
Under the Israeli Companies Law, companies incorporated under the laws of the State of Israel that are
public companies, including companies with shares listed on NYSE, are required to appoint at least two external directors.
Pursuant to regulations enacted under the Israeli Companies Law, the board of directors of a public company
whose shares are listed on certain non-Israeli stock exchanges, including NYSE, that do not have a controlling shareholder (as such term
is defined in the Israeli Companies Law), may, subject to certain conditions, elect to “opt-out” of the requirements of the
Israeli Companies Law regarding the election of external directors and to the composition of the audit committee and compensation committee,
provided that the company complies with the requirements as to director independence and audit committee and compensation committee composition
applicable to companies that are incorporated in the jurisdiction in which its stock exchange is located. In May 2020, our board of directors
elected to opt-out of the Israeli Companies Law requirements to appoint external directors and related Israeli Companies Law rules concerning
the composition of the audit committee and compensation committee.
The foregoing exemptions will continue to be available to us so long as: (i) we do not have a “controlling
shareholder” (as such term is defined under the Israeli Companies Law), (ii) our shares are traded on a U.S. stock exchange, including
NYSE, and (iii) we comply with NYSE rules applicable to domestic U.S. companies. If in the future we were to have a controlling shareholder,
we would again be required to comply with the requirements relating to external directors and composition of the audit committee and compensation
committee.
Under the Israeli Companies Law, the term “controlling shareholder” means a shareholder with
the ability to direct the activities of the company, other than by virtue of being an office holder. A shareholder is presumed to be a
controlling shareholder if the shareholder holds 50% or more of the voting rights in a company or has the right to appoint the majority
of the directors of the company or its general manager. For the purpose of approving transactions with controlling shareholders, the term
“controlling shareholder” also includes any shareholder that holds 25% or more of the voting rights of the company if no other
shareholder holds more than 50% of the voting rights in the company.
Lead Independent Director
As approved by our board of directors, for so long as the same person serves both as our Chief Executive
Officer and Chairman of the Board, the non-executive board members will select a Lead Independent Director from among the independent
directors of the Board. If at any meeting of the Board the Lead Independent Director is not present, a majority of the independent members
of the Board present will select an independent member of the Board to act as Lead Independent Director for the purpose and duration of
such meeting. The authorities and responsibilities of the Lead Independent Director include, but are not limited to, the following:
|
• |
Presiding at all meetings of the Board of Directors
at which the Chairman is not present, including executive sessions of the independent directors; |
|
• |
Serving as a liaison between the Chairman and
the independent directors; |
|
• |
Having the authority to recommend that the
Board of Directors retain consultants or advisers that report directly to the Board of Directors; |
|
• |
Approving information sent to the Board of
Directors; |
|
• |
Approving meeting agendas for the Board of
Directors; |
|
• |
Approving meeting schedules to assure that
there is sufficient time for discussion of all agenda items; |
|
• |
Having the authority to call meetings of the
independent directors; and |
|
• |
If requested by major shareholders, ensuring
that he is available for consultation and direct communication. |
As Mr. Reuven Kitov is currently the Company’s Co-Founder, Chairman of the Board of Directors and
Chief Executive Officer, the non-executive board members elected Tom Schodorf to be the Lead Independent Director.
Appointment Rights
Under our amended and restated articles of association, our founders, Reuven Kitov and Reuven Harrison,
jointly have the right to appoint one director to our board of directors so long as they each hold voting control over 2% of our outstanding
ordinary shares. Pursuant to an agreement between them, Reuven Kitov will designate the director to be appointed in this instance subject
to prior consultation with Reuven Harrison. If only one of the founders holds voting control over 2% of our outstanding ordinary shares,
such founder has the sole right to appoint one director. The appointment rights of our founders are suspended if either founder is otherwise
serving on our board of directors. The term of office for a founder director expires if the appointment rights are suspended or if the
founders or founder, as the case may be, no longer holds the requisite voting control.
Under our amended and restated articles of association, our board of directors may appoint new directors
to fill vacancies (whether such vacancy is due to a director no longer serving or due to the number of directors serving being less than
the maximum required in our amended and restated articles of association). Our amended and restated articles of association provide that
the term of a director appointed by our board of directors to fill any vacancy will be for the remaining term of office of the director(s)
whose office(s) have been vacated. See “Item 6.C. Board Practices—External Directors” for a description of the exemption
from the requirements under the Israeli Companies Law to appoint external directors.
Other Considerations
Under the Israeli Companies Law, the chief executive officer of a public company may not serve as the chairman
of the board of directors of that company unless approved by a special majority of shareholders. However, if the roles of chief executive
officer and chairman of the board of directors are held by the same person and this arrangement was approved by the company’s shareholders
prior to its initial public offering and is described in the company’s initial public offering prospectus, shareholder approval
is only required upon the lapse of the fifth anniversary of the initial public offering. Reuven Kitov, our Chief Executive Officer, also
serves as our Chairman of the board of directors, as was approved by our shareholders in 2019 prior to our initial public offering. We
may, at the conclusion of the five-year period, and again thereafter, seek further shareholder approval for the renewal of such dual role
for up to an additional three years at a time.
In addition, under the Israeli Companies Law, our board of directors must determine the minimum number
of directors who are required to have “accounting and financial expertise.” Under applicable regulations, a director with
accounting and financial expertise is a director who, by reason of his or her education, professional experience and skill, possesses
an expertise in and understanding of financial and accounting matters and financial statements. He or she must be able to thoroughly comprehend
the financial statements of the company and initiate debate regarding the manner in which financial information is presented. In determining
the number of directors required to have such expertise, the board of directors must consider, among other things, the type and size of
the company and the scope and complexity of its operations. Our board of directors has determined that we require at least one director
with the requisite accounting and financial expertise, and it has determined Dafna Gruber has such expertise.
There are no familial relationships among any of our office holders (including directors).
Audit Committee
Israeli Companies Law Requirements
Under the Israeli Companies Law, the board of directors of a public company must appoint an audit committee
comprised of at least three directors. Our audit committee consists of three independent directors, Tom Schodorf (Lead Independent Director),
Peter Campbell and Dafna Gruber.
Listing Requirements
Under NYSE corporate governance requirements, we are required to maintain an audit committee consisting
of at least three independent directors, all of whom are financially literate and one of whom has accounting or related financial management
expertise.
Our audit committee consists of Dafna Gruber, Peter Campbell and Tom Schodorf. Peter Campbell serves as
the chairperson of our audit committee. All members of our audit committee meet the requirements for financial literacy under the applicable
rules and regulations of the SEC and NYSE corporate governance rules. Our board of directors has determined in its business judgment that
each of Peter Campbell and Dafna Gruber are audit committee financial experts as defined by the SEC rules and has the requisite accounting
or related financial management expertise as required by NYSE corporate governance requirements. Each of Dafna Gruber, Peter Campbell
and Tom Schodorf is “independent” as such term is defined in Rule 10A-3(b)(1) under the Exchange Act and NYSE corporate governance
requirements for audit committee members.
Approval of Transactions with Related Parties
The approval of the audit committee is required to effect specified actions and transactions with office
holders and controlling shareholders and their relatives, or in which they have a personal interest. See “Item 6.C. Board Practices—Fiduciary
Duties and Approval of Specified Related Party Transactions and Compensation under Israeli Law.” The audit committee may not approve
an action or a transaction with a controlling shareholder or with an office holder unless, among other things, at the time of approval
the audit committee meets the composition requirements under the Israeli Companies Law.
Audit Committee Role
Our board of directors has adopted an audit committee charter that sets forth the responsibilities of the
audit committee consistent with the Israeli Companies Law, SEC rules and NYSE corporate governance requirements, which include, among
other responsibilities:
|
• |
retaining and terminating our independent auditors,
subject to board of directors and shareholder ratification; |
|
• |
overseeing the independence, compensation and
performance of the company’s independent auditors; |
|
• |
the appointment, compensation, retention and
oversight of any accounting firm engaged for the purpose of preparing or issuing an audit report or performing other audit services;
|
|
• |
pre-approval of audit and non-audit services
to be provided by the independent auditors; |
|
• |
reviewing with management and our independent
directors our financial statements prior to their submission to the SEC; and |
|
• |
approval of certain transactions with office
holders and controlling shareholders, as described below, and other related party transactions. |
Additionally, under the Israeli Companies Law, the role of the audit committee includes the identification
of irregularities in our business management, among other things, by consulting with the internal auditor or our independent auditors
and suggesting an appropriate course of action to the board of directors. In addition, the audit committee or the board of directors,
as set forth in the articles of association of the company, is required to approve the yearly or periodic work plan proposed by the internal
auditor. The audit committee is required to assess the company’s internal audit system and the performance of its internal auditor.
The Israeli Companies Law also requires that the audit committee assess the scope of the work and compensation of the company’s
external auditor. In addition, the audit committee is required to determine whether certain related party actions and transactions are
“material” or “extraordinary” for the purpose of the requisite approval procedures under the Israeli Companies
Law and whether certain transactions with a controlling shareholder will be subject to a competitive procedure (regardless of whether
such transactions are deemed extraordinary transactions) and to set forth the approval process for transactions that are “non-negligible”
(meaning, transactions with a controlling shareholder that are classified by the audit committee as non-negligible, even though they are
not deemed extraordinary transactions), as well as determining which types of transactions would require the approval of the audit committee,
optionally based on criteria which may be determined annually in advance by the audit committee.
The audit committee charter states that the audit committee is empowered to conduct or authorize investigations
into any matters within its scope of responsibilities.
Compensation Committee
Under the Israeli Companies Law, the board of directors of any public company must appoint a compensation
committee. Our compensation committee consists of three independent directors, Peter Campbell, Dafna Gruber and Brian Gumbel. Peter Campbell
serves as the chairman of our compensation committee.
Listing Requirements
Under SEC and NYSE rules, there are heightened independence standards for members of the compensation committee,
including a prohibition against the receipt of any compensation from us other than standard supervisory board member fees. Although foreign
private issuers are not required to meet this heightened standard or the requirements general for a compensation committee, our board
of directors has determined that all of our compensation committee members meet this heightened standard and other independence requirements.
Each of Peter Campbell, Dafna Gruber and Brian Gumbel is “independent” under the NYSE corporate governance requirements for
compensation committee members.
Compensation Committee Role
Our board of directors has adopted a compensation committee charter that sets forth the responsibilities
of the compensation committee consistent with the Israeli Companies Law, SEC rules and NYSE corporate governance requirements, which include,
among other responsibilities:
|
• |
recommending to the board of directors the
compensation policy for directors and executive officers, and to recommend to the board of directors once every three years whether the
compensation policy that had been approved should be extended for a period of more than three years; |
|
• |
recommending to the board of directors updates
to the compensation policy, from time to time, and examine its implementation; |
|
• |
deciding whether to approve the terms of office
and employment of directors and executive officers that require approval of the compensation committee; |
|
• |
deciding whether the compensation terms of
the chief executive officer, which were determined pursuant to the compensation policy, will be exempted from approval by the shareholders
because such approval would harm the ability to engage the chief executive officer; and |
|
• |
administering and, where applicable, recommending
to our board of directors regarding the awarding of employee equity grants. |
Compensation Policy
In general, under the Israeli Companies Law, a public company must have a compensation policy approved
by the board of directors after receiving and considering the recommendations of the compensation committee. In addition, the compensation
policy requires the approval of the general meeting of the shareholders, which approval requires one of the following: (i) the majority
of shareholder votes counted at a general meeting including the majority of all of the votes of those shareholders who are non-controlling
shareholders and do not have a personal interest in the approval of the compensation policy, who vote at the meeting (excluding abstentions)
or (ii) the total number of votes against the proposal among the shareholders mentioned in clause (i) above does exceed 2% of the voting
rights in the company. However, under special circumstances, the board of directors may override the shareholders’ decision and
approve the compensation policy despite the objection of the shareholders on the condition that the compensation committee and then the
board of directors decide, on the basis of detailed arguments and after discussing again the compensation policy, that approval of the
compensation policy, despite the objection of the meeting of shareholders, is for the benefit of the company.
If a company that initially offers its securities to the public adopts a compensation policy in advance
of its initial public offering, and describes it in its prospectus, as we did in the prospectus for our initial public offering, then
such compensation policy shall be deemed a validly adopted policy in accordance with the Israeli Companies Law requirements described
above. Furthermore, if the compensation policy is set in accordance with the aforementioned relief, then it will remain in effect for
term of five years from the date such company has become a public company.
The compensation policy must be based on certain considerations, include certain provisions and needs to
reference certain matters as set forth in the Israeli Companies Law.
The compensation policy must serve as the basis for decisions concerning the financial terms of employment
or engagement of office holders, including exculpation, insurance, indemnification or any monetary payment or obligation of payment in
respect of employment or engagement. The compensation policy must relate to certain factors, including advancement of the company’s
objectives, business plan and long-term strategy, and creation of appropriate incentives for office holders. It must also consider, among
other things, the company’s risk management, size and the nature of its operations. The compensation policy must furthermore consider
the following additional factors:
|
• |
the education, skills, experience, expertise
and accomplishments of the relevant office holder; |
|
• |
the office holder’s position, responsibilities
and prior compensation agreements with that office holder; |
|
• |
the ratio between the cost of the terms of
employment of an office holder and the cost of the employment of other employees of the company, including employees employed through
contractors who provide services to the company, in particular the ratio between such cost, the average and median salary of the employees
of the company, as well as the impact of such disparities on the work relationships in the company; |
|
• |
if the terms of employment include variable
components—the possibility of reducing variable components at the discretion of the board of directors and the possibility of setting
a limit on the value of non-cash variable equity-based components; and |
|
• |
if the terms of employment include severance
compensation—the term of employment or office of the office holder, the terms of his or her compensation during such period, the
company’s performance during the such period, his or her individual contribution to the achievement of the company goals and the
maximization of its profits and the circumstances under which he or she is leaving the company. |
The compensation policy must also include:
|
• |
with regard to variable components: |
|
• |
with the exception of office holders who report
directly to the chief executive officer, determining the variable components on long-term performance basis and on measurable criteria;
however, the company may determine that an immaterial part of the variable components of the compensation package of an office holder’s
shall be awarded based on non-measurable criteria, if such amount is not higher than three monthly salaries per annum, while taking into
account such office holder contribution to the company; and |
|
• |
the ratio between variable and fixed components,
as well as the limit of the values of variable components at the time of their grant; |
|
• |
a condition under which the office holder will
return to the company, according to conditions to be set forth in the compensation policy, any amounts paid as part of his or her terms
of employment, if such amounts were paid based on information later to be discovered to be wrong, and such information was restated in
the company’s financial statements; |
|
• |
the minimum holding or vesting period of variable
equity-based components to be set in the terms of office or employment, as applicable, while taking into consideration long-term incentives;
and |
|
• |
a limit to retirement grants. |
Our compensation policy, which was adopted and approved on March 21, 2019 and amended on July 29, 2020
and July 15, 2021, is designed to promote retention and motivation of directors and executive officers, incentivize superior individual
excellence, align the interests of our directors and executive officers with our long-term performance and provide a risk management tool.
To that end, a portion of an executive officer compensation package is targeted to reflect our short- and long-term goals, as well as
the executive officer’s individual performance. On the other hand, our compensation policy includes measures designed to reduce
the executive officer’s incentives to take excessive risks that may harm us in the long-term, such as limits on the value of cash
bonuses and equity-based compensation, limitations on the ratio between the variable and the total compensation of an executive officer
and minimum vesting periods for equity-based compensation.
Our compensation policy also addresses each of our executive officers’ individual characteristics
(such as his or her respective position, education, scope of responsibilities and contribution to the attainment of our goals) as the
basis for compensation variation among our executive officers, and considers the internal ratios between compensation of our executive
officers and directors and other employees. Pursuant to our compensation policy, the compensation that may be granted to an executive
officer may include: base salary, annual bonuses and other cash bonuses (such as a signing bonus and special bonuses with respect to any
special achievements, such as outstanding personal achievement, outstanding personal effort or outstanding company performance), equity-based
compensation, benefits and retirement and termination of service arrangements. All cash bonuses are limited to a maximum amount linked
to the executive officer’s base salary. In addition, the total variable compensation components (cash bonuses and equity-based compensation)
may not exceed 95% of each executive officer’s total compensation package with respect to any given calendar year.
An annual cash bonus may be awarded to executive officers upon the attainment of pre-set periodic objectives
determined by the compensation committee and individual targets. The annual cash bonus, which may be granted to our executive officers
other than our chief executive officer, is based on performance objectives and a discretionary evaluation of the executive officer’s
overall performance by our chief executive officer and subject to minimum thresholds. The annual cash bonus that may be granted to executive
officers other than our chief executive officer may be based entirely on a discretionary evaluation. Furthermore, the performance objectives
are recommended by our chief executive officer and approved by our compensation committee (and, if required by law, by our board of directors).
The performance measurable objectives of our chief executive officer are determined annually by our compensation
committee and board of directors, and include the weight to be assigned to each achievement in the overall evaluation. A less significant
portion of the chief executive officer’s annual cash bonus may be based on a discretionary evaluation of the chief executive officer’s
overall performance by the compensation committee and the board of directors based on quantitative and qualitative criteria.
The equity-based compensation under our compensation policy for our executive officers (including members
of our board of directors) is designed in a manner consistent with the underlying objectives in determining the base salary and the annual
cash bonus, with its main objectives being to enhance the alignment between the executive officers’ interests with our long-term
interests and those of our shareholders and to strengthen the retention and the motivation of executive officers in the long term. Our
compensation policy provides for executive officer compensation in the form of share options or other equity-based awards, such as restricted
shares and restricted share units, in accordance with our equity incentive plans then in place. All equity-based incentives granted to
executive officers shall be subject to vesting periods in order to promote long-term retention of the executive officers. The equity-based
compensation shall be granted from time to time and be individually determined and awarded according to the performance, educational background,
prior business experience, qualifications, role and the personal responsibilities of the executive officer.
In addition, our compensation policy contains compensation recovery provisions which allows us under certain
conditions to recover bonuses paid in excess, enables our chief executive officer to approve an immaterial change in the terms of employment
of an executive officer (provided that the changes of the terms of employment are in accordance our compensation policy) and allows us
to exculpate, indemnify and insure our executive officers and directors subject to certain limitations set forth thereto.
Our compensation policy also provides for compensation to the members of our board of directors either
(i) in accordance with the amounts provided in the Israeli Companies Regulations (Rules Regarding the Compensation and Expenses of an
External Director) of 2000, as amended by the Israeli Companies Regulations (Relief for Public Companies Traded in Stock Exchange Outside
of Israel) of 2000, as such regulations may be amended from time to time, or (ii) in accordance with the amounts determined in our compensation
policy.
Nominating and Corporate Governance Committee
Our nominating and corporate governance committee consists of Dafna Gruber, Yuval Shachar and Yair Shamir.
Yuval Shachar serves as the chairperson of our nominating and corporate governance committee.
Listing Requirements
Under NYSE corporate governance requirements, we are required to maintain a nominating and corporate governance
committee composed only of independent directors, but may opt out as a foreign private issuer. Our board of directors has determined that
all of our nominating and corporate governance committee members meet such standards. Each of Dafna Gruber, Yuval Schachar and Yair Shamir
is “independent” under NYSE corporate governance requirements.
Nominating and Corporate Governance Committee Role
Our board of directors has adopted a nominating and corporate governance committee charter that sets forth
the responsibilities of the nominating and corporate governance committee consistent with the Israeli Companies Law, SEC rules and NYSE
corporate governance requirements, which include, among other responsibilities:
|
• |
supporting and advising our board of directors
in selecting director nominees, consistent with the criteria approved by our board of directors, who are best able to fulfill the responsibilities
of a director; |
|
• |
overseeing the evaluation of our board of directors
and our management; and |
|
• |
otherwise taking a leadership role in shaping
our corporate governance establishing and maintaining effective corporate governance policies and practices, including developing and
recommending to our board of directors a set of corporate governance guidelines applicable to our company. |
Internal Auditor
Under the Israeli Companies Law, the board of directors of a public company must appoint an internal auditor
based on the recommendation of the audit committee. The role of the internal auditor is, among other things, to examine whether a company’s
actions comply with applicable law and orderly business procedure. Under the Israeli Companies Law, the internal auditor may not be an
interested party or an office holder or a relative of an interested party or of an office holder, nor may the internal auditor be the
company’s independent auditor or the representative of the same.
An “interested party” is defined in the Israeli Companies Law as (i) a holder of 5% or more
of the issued share capital or voting power in a company, (ii) any person or entity who has the right to designate one or more directors
or to designate the chief executive officer of the company or (iii) any person who serves as a director or as a chief executive officer
of the company.
Chaikin, Cohen, Rubin & Co. has been appointed as our internal auditor.
Fiduciary Duties and Approval of Specified Related Party Transactions and Compensation
under Israeli Law
Fiduciary Duties of Office Holders
The Israeli Companies Law imposes a duty of care and a duty of loyalty on all office holders of a company.
The duty of care requires an office holder to act with the degree of skill and care with which a reasonable office holder in the same
position would have acted under the same circumstances. The duty of care includes, among other things, a duty to use reasonable means,
in light of the circumstances, to obtain:
|
• |
information on the advisability of a given action brought for his or her approval or performed by virtue of his or her position;
and |
|
• |
all other important information pertaining
to such action. |
The duty of loyalty incumbent on an office holder requires him or her to act in good faith and for the
benefit of the company, and includes, among other things, the duty to:
|
• |
refrain from any act involving a conflict of
interest between the performance of his or her duties in the company and his or her other duties or personal affairs; |
|
• |
refrain from any activity that is competitive
with the business of the company; |
|
• |
refrain from exploiting any business opportunity
of the company for the purpose of gaining a personal advantage for himself or herself or others; and |
|
• |
disclose to the company any information or
documents relating to the company’s affairs which the office holder received as a result of his or her position as an office holder.
|
Disclosure of Personal Interests of an Office Holder and Approval
of Certain Transactions
Under the Israeli Companies Law, a company may approve an act specified above which would otherwise constitute
a breach of the office holder’s fiduciary duty, provided that the office holder acted in good faith, the act or its approval does
not harm the company, and the office holder discloses to the company his or her personal interest in the transaction (including any significant
fact or document) a reasonable time before the approval of such act. Any such approval is subject to the terms of the Israeli Companies
Law, setting forth, among other things, the appropriate bodies of the company required to provide such approval, and the methods of obtaining
such approval.
The Israeli Companies Law requires that an office holder promptly disclose to the company any direct or
indirect personal interest that he or she may have and all related material information or documents known to him or her relating to any
existing or proposed transaction by the company. An interested office holder’s disclosure must be made promptly and, in any event,
no later than the first meeting of the board of directors at which the transaction is considered. An office holder is not obliged to disclose
such information if the personal interest of the office holder derives solely from the personal interest of his or her relative in a transaction
that is not considered an extraordinary transaction.
If the transaction is an extraordinary transaction, the office holder must also disclose any personal interest
held by:
|
• |
the office holder’s relatives (spouse,
siblings, parents, grandparents, descendants, spouse’s descendants and the spouses of any of these people); or |
|
• |
any company in which the office holder or his
or her relatives holds 5% or more of the shares or voting rights, serves as a director or general manager or has the right to appoint
at least one director or the general manager. |
Under the Israeli Companies Law, unless the articles of association of a company provide otherwise, a transaction
with an office holder or with a third party in which the office holder has a personal interest, which is not an extraordinary transaction,
requires approval by the board of directors or a committee authorized by the board of directors. Our amended and restated articles of
association provide that such a transaction, which is not an extraordinary transaction, shall be approved by the board of directors or
a committee of the board of directors or any other body or person (which has no personal interest in the transaction) authorized by the
board of directors. If the transaction considered is an extraordinary transaction with an office holder or third party in which the office
holder has a personal interest, then audit committee approval is required prior to approval by the board of directors. Under specific
circumstances, shareholder approval may also be required. For the approval of compensation arrangements with directors and executive officers,
see “Item 6.B. Compensation—Compensation of Directors and Executive Officers.”
Any persons who have a personal interest in the approval of a transaction that is brought before a meeting
of the board of directors or the audit committee may not be present at the meeting or vote on the matter. However, if the chairman of
the board of directors or the chairman of the audit committee, as applicable, has determined that the presence of an office holder with
a personal interest is required, such office holder may be present at the meeting for the purpose of presenting the matter. Notwithstanding
the foregoing, a director who has a personal interest may be present at the meeting of the board of directors or the audit committee (as
applicable) and vote on the matter if a majority of the members of the board of directors or the audit committee (as applicable) have
a personal interest in the approval of such transaction. If a majority of the directors at a board of directors meeting have a personal
interest in the transaction, such transaction also generally requires approval of the shareholders of the company.
A “personal interest” is defined under the Israeli Companies Law as the personal interest of
a person in an action or in a transaction of the company, including the personal interest of such person’s relative or the interest
of any other corporate body in which the person and/or such person’s relative is a director or general manager, a 5% shareholder
or holds 5% or more of the issued and outstanding share capital of the company or of its voting rights, or has the right to appoint at
least one director or the general manager, but excluding a personal interest stemming solely from the fact of holding shares in the company.
A personal interest also includes (i) a personal interest of a person who votes according to a proxy of another person, including in the
event that the other person has no personal interest, and (ii) a personal interest of a person who gave a proxy to another person to vote
on his or her behalf regardless of whether the discretion of how to vote lies with the person voting.
An “extraordinary transaction” is defined under the Israeli Companies Law as any of the following:
|
• |
a transaction other than in the ordinary course
of business; |
|
• |
a transaction that is not on market terms;
or |
|
• |
a transaction that may have a material impact
on the company’s profitability, assets or liabilities. |
Disclosure of Personal Interests of a Controlling Shareholder and
Approval of Transactions
Pursuant to the Israeli Companies Law, the disclosure requirements that apply to an office holder also
apply to a controlling shareholder of a public company. Extraordinary transactions with a controlling shareholder or in which a controlling
shareholder has a personal interest, including a private placement in which a controlling shareholder has a personal interest, and the
terms of engagement of the company, directly or indirectly, with a controlling shareholder or a controlling shareholder’s relative
(including through a corporation controlled by a controlling shareholder), regarding the company’s receipt of services from the
controlling shareholder, and if such controlling shareholder is also an office holder or employee of the company, regarding his or her
terms of employment, require the approval of each of (i) the audit committee (or the compensation committee with respect to the terms
of the engagement as an office holder or employee, including insurance, indemnification and compensation), (ii) the board of directors
and (iii) the shareholders, in that order. In addition, the shareholder approval must fulfill one of the following requirements:
|
• |
a majority of the shares held by shareholders
who have no personal interest in the transaction and are voting at the meeting must be voted in favor of approving the transaction, excluding
abstentions; or |
|
• |
the shares voted by shareholders who have no
personal interest in the transaction who vote against the transaction represent no more than 2% of the voting rights in the company.
|
Such majority determined in accordance with the majority requirement described above is hereinafter referred
to as the Compensation Special Majority Requirement.
Any such transaction for which the term is more than three years must be approved in the same manner every
three years, unless with respect to certain transactions as permitted by the Israeli Companies Law, the audit committee has determined
that a longer term is reasonable under the circumstances. In addition, transactions with a controlling shareholder or a controlling shareholder’s
relative who serves as an executive officer in a company, directly or indirectly (including through a corporation under his control),
involving the receipt of services by a company or their compensation can have a term of five years from the company’s initial public
offering under certain circumstances.
The Israeli Companies Law requires that every shareholder that participates, in person or by proxy, in
a vote regarding a transaction with a controlling shareholder, must indicate in advance or in the ballot whether or not that shareholder
has a personal interest in the vote in question. Failure to so indicate generally results in the invalidation of that shareholder’s
vote.
Disclosure of Compensation of Executive Officers
For so long as we qualify as a foreign private issuer, we are not required to comply with the proxy rules
applicable to U.S. domestic filers, including the requirement applicable to emerging growth companies to disclose the compensation of
our chief executive officer and other two most highly compensated executive officers on an individual, rather than an aggregate, basis.
Nevertheless, regulations promulgated under the Israeli Companies Law require us to disclose in the proxy statement for the annual general
meeting of our shareholders (or to include a reference therein to other previously furnished public disclosure) the annual compensation
of our five most highly compensated executive officers on an individual, rather than an aggregate, basis. This disclosure will not be
as extensive as that required of a U.S. domestic issuer.
Compensation of Directors and Executive Officers
Directors. Under the Israeli Companies Law, the compensation of
our directors requires the approval of our compensation committee, the subsequent approval of the board of directors and, unless exempted
under regulations promulgated under the Israeli Companies Law, the approval of the shareholders at a general meeting. If the compensation
of our directors is inconsistent with our compensation policy, then, provided that those provisions that must be included in the compensation
policy according to the Israeli Companies Law have been considered by the compensation committee and board of directors, and provided
that shareholder approval is obtained by the Compensation Special Majority Requirement.
Executive Officers (other than the Chief Executive Officer). The
Israeli Companies Law requires the approval of the compensation of a public company’s executive officers (other than the chief executive
officer) in the following order: (i) the compensation committee, (ii) the company’s board of directors and (iii) if such compensation
arrangement is inconsistent with the company’s compensation policy, the company’s shareholders (the Compensation Special Majority
Requirement). However, if the shareholders of the company do not approve a compensation arrangement with an executive officer that is
inconsistent with the company’s compensation policy, the compensation committee and board of directors may override the shareholders’
decision if each of the compensation committee and the board of directors provide detailed reasons for their decision.
Chief Executive Officer. The Israeli Companies Law requires the
approval of the compensation of a public company’s chief executive officer in the following order: (i) the company’s compensation
committee, (ii) the company’s board of directors and (iii) the company’s shareholders (the Compensation Special Majority Requirement).
However, if the shareholders of the company do not approve the compensation arrangement with the chief executive officer, the compensation
committee and board of directors may override the shareholders’ decision if each of the compensation committee and the board of
directors provide a detailed report for their decision. The approval of each of the compensation committee and the board of directors
should be in accordance with the company’s compensation policy; however, in special circumstances, they may approve compensation
terms of a chief executive officer that are inconsistent with such policy provided that they have considered those provisions that must
be included in the compensation policy according to the Israeli Companies Law and that shareholder approval was obtained (by a special
majority vote as discussed above with respect to the approval of director compensation). In addition, the compensation committee may waive
the shareholder approval requirement with regards to the approval of the engagement terms of a candidate for the chief executive officer
position, if the compensation committee determines that the compensation arrangement is consistent with the company’s compensation
policy, and that the chief executive officer did not have a prior business relationship with the company or a controlling shareholder
of the company and that subjecting the approval of the engagement to a shareholder vote would impede the company’s ability to employ
the chief executive officer candidate.
Duties of Shareholders
Under the Israeli Companies Law, a shareholder has a duty to refrain from abusing its power in the company
and to act in good faith and in an acceptable manner in exercising its rights and performing its obligations to the company and other
shareholders, including, among other things, when voting at meetings of shareholders on the following matters:
|
• |
an amendment to the articles of association;
|
|
• |
an increase in the company’s authorized
share capital; |
|
• |
a merger; and |
|
• |
the approval of related party transactions
and acts of office holders that require shareholder approval. |
A shareholder also has a general duty to refrain from discriminating against other shareholders.
The remedies generally available upon a breach of contract also apply to a breach of the shareholder duties
mentioned above, and in the event of discrimination against other shareholders, additional remedies may be available to the injured shareholder.
In addition, any controlling shareholder, any shareholder that knows that its vote can determine the outcome
of a shareholder vote and any shareholder that, under a company’s articles of association, has the power to appoint or prevent the
appointment of an office holder, or any other power with respect to a company, is under a duty to act with fairness towards the company.
The Israeli Companies Law does not describe the substance of this duty except to state that the remedies generally available upon a breach
of contract also apply in the event of a breach of the duty to act with fairness, taking the shareholder’s position in the company
into account.
Approval of Private Placements
Under the Israeli Companies Law and the regulations promulgated thereunder, a private placement of securities
of an Israeli public company whose shares are traded solely outside of Israel does not require approval at a general meeting of the shareholders
of a company; provided however, that in special circumstances, such as a private placement, which is intended to obviate the need to conduct
a special tender offer or a private placement which qualifies as a related party transaction, for which approval at a general meeting
of the shareholders of a company is required. See “Item 10.B. Memorandum and Articles of Association—Acquisitions under Israeli
Law.”
However, we are subject to NYSE corporate governance requirements relating to private placements.
Exculpation, Insurance and Indemnification of Directors and Officers
Under the Israeli Companies Law, a company may not exculpate an office holder from liability for a breach
of the duty of loyalty. An Israeli company may exculpate an office holder in advance from liability to the company, in whole or in part,
for damages caused to the company as a result of a breach of duty of care but only if a provision authorizing such exculpation is included
in its articles of association. Our amended and restated articles of association include such a provision. The company may not exculpate
in advance a director from liability arising from a breach of his or her duty of care in connection with a prohibited dividend or distribution
to shareholders.
As permitted under the Israeli Companies Law, our amended and restated articles of association provide
that we may indemnify an office holder in respect of the following liabilities, payments and expenses incurred for acts performed by him
or her as an office holder, either in advance of an event or following an event:
|
• |
a monetary liability incurred by or imposed
on the office holder in favor of another person pursuant to a court judgment, including pursuant to a settlement confirmed as judgment
or arbitrator’s decision approved by a competent court. However, if an undertaking to indemnify an office holder with respect to
such liability is provided in advance, then such an undertaking must be limited to events which, in the opinion of the board of directors,
can be foreseen based on the company’s activities when the undertaking to indemnify is given, and to an amount or according to criteria
determined by the board of directors as reasonable under the circumstances, and such undertaking shall detail the abovementioned foreseen
events and amount or criteria; |
|
• |
reasonable litigation expenses, including reasonable
attorneys’ fees, which were incurred by the office holder as a result of an investigation or proceeding filed against the office
holder by an authority authorized to conduct such investigation or proceeding, provided that such investigation or proceeding was either
(i) concluded without the filing of an indictment against such office holder and without the imposition on him of any monetary obligation
in lieu of a criminal proceeding, (ii) concluded without the filing of an indictment against the office holder but with the imposition
of a monetary obligation on the office holder in lieu of criminal proceedings for an offense that does not require proof of criminal intent
or (iii) in connection with a monetary sanction; |
|
• |
reasonable litigation expenses, including attorneys’
fees, incurred by the office holder or which were imposed on the office holder by a court (i) in a proceeding instituted against him or
her by the company, on its behalf, or by a third party, (ii) in connection with criminal indictment of which the office holder was acquitted
or (iii) in a criminal indictment which the office holder was convicted of an offense that does not require proof of criminal intent;
|
|
• |
expenses he or she incurs as a result of administrative
proceedings that may be instituted against him or her under Israeli securities laws, if applicable, and payments made to injured persons
under specific circumstances thereunder; and |
|
• |
any other matter in respect of which it is
permitted or will be permitted under applicable law to indemnify an office holder in the company. |
As permitted under the Israeli Companies Law, our amended and restated articles of association provide
that we may insure an office holder against the following liabilities incurred for acts performed by him or her as an office holder:
|
• |
a breach of the duty of loyalty to the company,
provided that the office holder acted in good faith and had a reasonable basis to believe that the act would not harm the company;
|
|
• |
a breach of duty of care to the company or
to another person, to the extent such a breach arises out of the negligent conduct of the office holder; |
|
• |
a monetary liability imposed on the office
holder in favor of a third party; |
|
• |
expenses he or she incurs as a result of administrative
proceedings that may be instituted against him or her under the Israeli securities laws if applicable, and payments made to injured persons
under specific circumstances thereunder; and |
|
• |
any other matter in respect of which it is
permitted or will be permitted under applicable law to insure the liability of an office holder in the company. |
Under the Israeli Companies Law, a company may not indemnify, exculpate or insure an office holder against
any of the following:
|
• |
a breach of the duty of loyalty, except for
indemnification and insurance for a breach of the duty of loyalty to the company to the extent that the office holder acted in good faith
and had a reasonable basis to believe that the act would not prejudice the company; |
|
• |
a breach of duty of care committed intentionally
or recklessly, excluding a breach arising out of the negligent conduct of the office holder; |
|
• |
an act or omission committed with intent to
derive illegal personal benefit; or |
|
• |
a fine, monetary sanction or forfeit levied
against the office holder. |
Under the Israeli Companies Law, exculpation, indemnification and insurance of office holders must be approved
by the compensation committee and the board of directors and, with respect to directors or controlling shareholders, their relatives and
third parties in which controlling shareholders have a personal interest, also by the shareholders.
Our amended and restated articles of association permit us to exculpate, indemnify and insure our office
holders to the fullest extent permitted or to be permitted by law. Our office holders are currently covered by a directors’ and
officers’ liability insurance policy. As of the date of this annual report, no claims for directors’ and officers’ liability
insurance have been filed under this policy and we are not aware of any pending or threatened litigation or proceeding involving any of
our office holders, including our directors, in which indemnification is sought.
We have entered into agreements with each of our current office holders exculpating them from a breach
of their duty of care to us to the fullest extent permitted by law, subject to limited exceptions, and undertaking to indemnify them to
the fullest extent permitted by law, subject to limited exceptions, including to the extent that these liabilities are not covered by
insurance. This indemnification is limited, with respect to any monetary liability imposed in favor of a third party, to events determined
as foreseeable by the board of directors based on our activities. The maximum aggregate amount of indemnification that we may pay to our
office holders based on such indemnification agreement is the greater of (i) 25% of our total shareholders’ equity pursuant to our
most recent financial statements as of the time of the actual payment of indemnification and (ii) $40.0 million (as may be increased from
time to time by shareholders’ approval); provided, however, that in relation to indemnification claimed in connection with a public
offering of our securities, the amount, if higher, shall be equal to the aggregate proceeds from the sale by the Company and/or any shareholder
of the Company in connection with such public offering. Such indemnification amounts are in addition to any insurance amounts. Each office
holder who agrees to receive this letter of indemnification also gives his approval to the termination of all previous letters of indemnification
that we have provided to him or her in the past, if any. However, in the opinion of the SEC, indemnification of office holders for liabilities
arising under the Securities Act is against public policy and therefore unenforceable.
Employment and Consulting Agreements with Executive Officers
We have entered into written employment or service agreements with each of our executive officers. See
“Item 7.B. Related Party Transactions—Employment Agreements.”
| D. |
Employees |
As of December 31, 2021, we had 542 employees, independent consultants and independent contractors,
of which 282 were in located in Israel, 159 were located in the United States, 27 were located in the United Kingdom and approximately
74 were located across 19 other countries. Set forth below is a breakdown of our global workforce of employees, independent consultants
and independent contractors by category of activity as of the dates indicated:
|
As of December 31, |
||||||||||||
|
2019 |
2020 |
2021 |
||||||||||
|
Services, support and fulfillment |
98 |
97 |
100 |
|||||||||
|
Research and development |
187 |
177 |
171 |
|||||||||
|
Sales and marketing |
223 |
194 |
198 |
|||||||||
|
General and administrative |
60 |
65 |
73 |
|||||||||
|
Total |
568 |
533 |
542 |
|||||||||
With respect to our Israeli employees, Israeli labor laws govern the length of the workday, minimum wages
for employees, procedures for hiring and dismissing employees, determination of severance pay, annual leave, sick days, advance notice
of termination of employment, equal opportunity and anti-discrimination laws and other conditions of employment. Subject to certain exceptions,
Israeli law generally requires severance pay upon the retirement, death or dismissal of an employee, and requires us and our employees
to make payments to the National Insurance Institute, which is similar to the U.S. Social Security Administration. Our Israeli employees
have pension plans that comply with the applicable Israeli legal requirements, and we make monthly contributions to severance pay funds
for all Israeli employees, which cover potential severance pay obligations.
Extension orders issued by the Israeli Ministry of Economy and Industry (formerly the Israeli Ministry
of Industry, Trade and Labor) apply to our employees in Israel and affect matters such as, living adjustments to salaries, length of working
hours and week, recuperation pay, travel expenses, and pension rights. We have never experienced labor-related work stoppages or strikes
and believe that our relations with our employees are satisfactory.
| E. |
Share Ownership |
For information regarding the share ownership of our directors and executive officers, please refer to
“Item 6.B. Compensation” and “Item 7.A. Major Shareholders.”
ITEM 7. MAJOR SHAREHOLDERS
AND RELATED PARTY TRANSACTIONS
| A. |
Major Shareholders |
The following table sets forth information with respect to the beneficial ownership of our shares as of
February 23, 2022 by:
|
• |
each person or entity known by us to own beneficially
more than 5% of our outstanding shares; |
|
• |
each of our directors and executive officers
individually; and |
|
• |
all of our directors and executive officers
as a group. |
The beneficial ownership of ordinary shares is determined in accordance with the rules of the SEC and generally
includes any ordinary shares over which a person exercises sole or shared voting or investment power, or the right to receive the economic
benefit of ownership. For purposes of the table below, we deem shares subject to options or warrants that are currently exercisable or
exercisable within 60 days of February 23, 2022 to be outstanding and to be beneficially owned by the person holding the options or warrants
for the purposes of computing the percentage ownership of that person but we do not treat them as outstanding for the purpose of computing
the percentage ownership of any other person. The percentage of shares beneficially owned is based on 37,921,019 ordinary shares outstanding
as of February 23, 2022.
As of February 23, 2022, we had 5 holders of record of our ordinary shares in the United States, including
Cede & Co., the nominee of The Depository Trust Company. These shareholders held an aggregate of 33,996,364, or 89.7%, of our ordinary
shares outstanding as of February 23, 2022. The number of record holders in the United States is not representative of the number of beneficial
holders nor is it representative of where such beneficial holders are resident, since many of these ordinary shares were held by brokers
or other nominees.
All of our shareholders, including the shareholders listed below, have the same voting rights attached
to their ordinary shares. See “Item 10.B. Memorandum and Articles of Association—Voting Rights and Conversion.” Unless
otherwise noted below, each shareholder’s address is Tufin Software Technologies Ltd., 5 HaShalom Road, ToHa Tower, Tel Aviv 6789205,
Israel.
|
Shares Beneficially Owned |
||||||||
|
Name of Beneficial Owner |
Number |
% |
||||||
|
Directors and Executive Officers |
||||||||
|
Reuven Kitov (1) |
1,971,853 |
5.2 |
% | |||||
|
Reuven Harrison |
1,736,191 |
4.6 |
% | |||||
|
Jack Wakileh |
* |
* |
||||||
|
Yoram Gronich |
* |
* |
||||||
|
Shay Dayan |
* |
* |
||||||
|
Raymond Brancato |
* |
* |
||||||
|
Ohad Finkelstein (2) |
500,280 |
1.3 |
% | |||||
|
Yuval Shachar (3) |
623,147 |
1.6 |
% | |||||
|
Yair Shamir |
* |
* |
||||||
|
Edouard Cukierman |
* |
* |
||||||
|
Peter Campbell |
* |
* |
||||||
|
Dafna Gruber |
* |
* |
||||||
|
Tom Schodorf |
* |
* |
||||||
|
Brian Gumbel |
* |
* |
||||||
|
All directors and executive officers as a group (14 persons) (4) |
4,552,493 |
12.0 |
% | |||||
|
Principal Shareholders |
||||||||