0001757399 false FY IL redeemable convertible preferred shares redeemable convertible preferred shares 0001757399 2021-12-31 iso4217:USD 0001757399 srt:AmericasMember 2021-12-31 0001757399 us-gaap:EMEAMember 2021-12-31 0001757399 country:IL 2021-12-31 0001757399 2020-12-31 0001757399 srt:AmericasMember 2020-12-31 0001757399 us-gaap:EMEAMember 2020-12-31 0001757399 country:IL 2020-12-31 0001757399 2019-12-31 0001757399 srt:AmericasMember 2019-12-31 0001757399 us-gaap:EMEAMember 2019-12-31 0001757399 country:IL 2019-12-31 0001757399 2018-12-31 0001757399 us-gaap:CommonStockMember 2018-12-31 0001757399 us-gaap:AdditionalPaidInCapitalMember 2018-12-31 0001757399 us-gaap:RetainedEarningsMember 2018-12-31 0001757399 TUFN:RedeemableConvertiblePreferredStocksMember 2018-12-31 0001757399 TUFN:RedeemableConvertiblePreferredStocksMember 2021-12-31 0001757399 us-gaap:CommonStockMember 2021-12-31 0001757399 us-gaap:AdditionalPaidInCapitalMember 2021-12-31 0001757399 us-gaap:RetainedEarningsMember 2021-12-31 0001757399 TUFN:RedeemableConvertiblePreferredStocksMember 2020-12-31 0001757399 us-gaap:CommonStockMember 2020-12-31 0001757399 us-gaap:AdditionalPaidInCapitalMember 2020-12-31 0001757399 us-gaap:RetainedEarningsMember 2020-12-31 0001757399 us-gaap:AccumulatedOtherComprehensiveIncomeMember 2020-12-31 0001757399 us-gaap:AccumulatedOtherComprehensiveIncomeMember 2021-12-31 0001757399 TUFN:RedeemableConvertiblePreferredStocksMember 2019-12-31 0001757399 us-gaap:CommonStockMember 2019-12-31 0001757399 us-gaap:AdditionalPaidInCapitalMember 2019-12-31 0001757399 us-gaap:RetainedEarningsMember 2019-12-31 iso4217:ILS i:shares 0001757399 TUFN:TwoThousandsNinteenStockOptionPlanMember 2021-12-31 i:shares 0001757399 2019-01-01 2019-12-31 0001757399 us-gaap:ProductMember 2019-01-01 2019-12-31 0001757399 us-gaap:ServiceMember 2020-01-01 2020-12-31 0001757399 us-gaap:ServiceMember 2019-01-01 2019-12-31 0001757399 country:US 2019-01-01 2019-12-31 0001757399 TUFN:AmericasOtherMember 2019-01-01 2019-12-31 0001757399 srt:AmericasMember 2019-01-01 2019-12-31 0001757399 country:IL 2019-01-01 2019-12-31 0001757399 TUFN:EMEAExcludingGermanyMember 2019-01-01 2019-12-31 0001757399 country:DE 2019-01-01 2019-12-31 0001757399 TUFN:APACMember 2019-01-01 2019-12-31 0001757399 TUFN:HardwareProductsMember 2020-01-01 2020-12-31 0001757399 TUFN:SoftwareProductsMember 2019-01-01 2019-12-31 0001757399 TUFN:HardwareProductsMember 2019-01-01 2019-12-31 0001757399 us-gaap:MaintenanceMember 2019-01-01 2019-12-31 0001757399 TUFN:ProfessionalServicesMember 2019-01-01 2019-12-31 0001757399 2021-01-01 2021-12-31 0001757399 us-gaap:ProductMember 2021-01-01 2021-12-31 0001757399 us-gaap:ServiceMember 2021-01-01 2021-12-31 0001757399 TUFN:SoftwareProductsMember 2021-01-01 2021-12-31 0001757399 TUFN:HardwareProductsMember 2021-01-01 2021-12-31 0001757399 us-gaap:MaintenanceMember 2021-01-01 2021-12-31 0001757399 TUFN:ProfessionalServicesMember 2021-01-01 2021-12-31 0001757399 country:US 2021-01-01 2021-12-31 0001757399 TUFN:AmericasOtherMember 2021-01-01 2021-12-31 0001757399 srt:AmericasMember 2021-01-01 2021-12-31 0001757399 country:IL 2021-01-01 2021-12-31 0001757399 TUFN:EMEAExcludingGermanyMember 2021-01-01 2021-12-31 0001757399 country:DE 2021-01-01 2021-12-31 0001757399 TUFN:APACMember 2021-01-01 2021-12-31 0001757399 2020-01-01 2020-12-31 0001757399 us-gaap:ProductMember 2020-01-01 2020-12-31 0001757399 country:US 2020-01-01 2020-12-31 0001757399 TUFN:AmericasOtherMember 2020-01-01 2020-12-31 0001757399 srt:AmericasMember 2020-01-01 2020-12-31 0001757399 country:IL 2020-01-01 2020-12-31 0001757399 TUFN:EMEAExcludingGermanyMember 2020-01-01 2020-12-31 0001757399 country:DE 2020-01-01 2020-12-31 0001757399 TUFN:APACMember 2020-01-01 2020-12-31 0001757399 TUFN:SoftwareProductsMember 2020-01-01 2020-12-31 0001757399 us-gaap:MaintenanceMember 2020-01-01 2020-12-31 0001757399 TUFN:ProfessionalServicesMember 2020-01-01 2020-12-31 0001757399 us-gaap:RetainedEarningsMember 2019-01-01 2019-12-31 0001757399 us-gaap:RetainedEarningsMember 2021-01-01 2021-12-31 0001757399 us-gaap:RetainedEarningsMember 2020-01-01 2020-12-31 0001757399 us-gaap:CommonStockMember 2019-01-01 2019-12-31 0001757399 us-gaap:CommonStockMember 2021-01-01 2021-12-31 0001757399 us-gaap:EmployeeStockOptionMember 2021-01-01 2021-12-31 0001757399 us-gaap:IPOMember 2019-04-01 2019-04-30 0001757399 us-gaap:CommonStockMember 2020-01-01 2020-12-31 0001757399 2019-04-01 2019-04-30 0001757399 dei:BusinessContactMember 2021-01-01 2021-12-31 iso4217:USD i:shares 0001757399 us-gaap:CostOfSalesMember 2019-01-01 2019-12-31 0001757399 us-gaap:ResearchAndDevelopmentExpenseMember 2019-01-01 2019-12-31 0001757399 us-gaap:SellingAndMarketingExpenseMember 2019-01-01 2019-12-31 0001757399 us-gaap:GeneralAndAdministrativeExpenseMember 2019-01-01 2019-12-31 0001757399 us-gaap:CostOfSalesMember 2021-01-01 2021-12-31 0001757399 us-gaap:ResearchAndDevelopmentExpenseMember 2021-01-01 2021-12-31 0001757399 us-gaap:SellingAndMarketingExpenseMember 2021-01-01 2021-12-31 0001757399 us-gaap:GeneralAndAdministrativeExpenseMember 2021-01-01 2021-12-31 0001757399 us-gaap:CostOfSalesMember 2020-01-01 2020-12-31 0001757399 us-gaap:ResearchAndDevelopmentExpenseMember 2020-01-01 2020-12-31 0001757399 us-gaap:SellingAndMarketingExpenseMember 2020-01-01 2020-12-31 0001757399 us-gaap:GeneralAndAdministrativeExpenseMember 2020-01-01 2020-12-31 0001757399 us-gaap:AdditionalPaidInCapitalMember 2019-01-01 2019-12-31 0001757399 us-gaap:AdditionalPaidInCapitalMember 2021-01-01 2021-12-31 0001757399 us-gaap:AdditionalPaidInCapitalMember 2020-01-01 2020-12-31 0001757399 TUFN:RedeemableConvertiblePreferredStocksMember 2019-01-01 2019-12-31 0001757399 us-gaap:AccumulatedOtherComprehensiveIncomeMember 2020-01-01 2020-12-31 0001757399 us-gaap:AccumulatedOtherComprehensiveIncomeMember 2021-01-01 2021-12-31 0001757399 country:IL 2019-01-01 2019-12-31 0001757399 us-gaap:NonUsMember 2019-01-01 2019-12-31 0001757399 country:IL 2021-01-01 2021-12-31 0001757399 us-gaap:NonUsMember 2021-01-01 2021-12-31 0001757399 country:IL 2020-01-01 2020-12-31 0001757399 us-gaap:NonUsMember 2020-01-01 2020-12-31 0001757399 us-gaap:IPOMember 2021-01-01 2021-12-31 i:pure 0001757399 us-gaap:EmployeeStockOptionMember 2021-12-31 0001757399 us-gaap:EmployeeStockOptionMember 2020-12-31 0001757399 us-gaap:RestrictedStockUnitsRSUMember 2021-12-31 0001757399 us-gaap:IPOMember 2019-04-30 0001757399 us-gaap:SeriesAPreferredStockMember 2019-12-31 0001757399 srt:MaximumMember 2021-01-01 2021-12-31 0001757399 us-gaap:FurnitureAndFixturesMember 2021-01-01 2021-12-31 0001757399 us-gaap:ComputerEquipmentMember 2021-01-01 2021-12-31 0001757399 us-gaap:LeaseholdImprovementsMember 2021-01-01 2021-12-31 0001757399 TUFN:ElectronicEquipmentMember 2021-01-01 2021-12-31 0001757399 us-gaap:AccountsReceivableMember us-gaap:CustomerConcentrationRiskMember TUFN:CustomerOneMember 2021-01-01 2021-12-31 0001757399 us-gaap:AccountsReceivableMember us-gaap:CustomerConcentrationRiskMember TUFN:CustomerOneMember 2020-01-01 2020-12-31 0001757399 us-gaap:AccountsReceivableMember us-gaap:CustomerConcentrationRiskMember TUFN:CustomerTwoMember 2021-01-01 2021-12-31 0001757399 us-gaap:AccountsReceivableMember us-gaap:CustomerConcentrationRiskMember TUFN:CustomerTwoMember 2020-01-01 2020-12-31 0001757399 us-gaap:AccountsReceivableMember us-gaap:CustomerConcentrationRiskMember TUFN:CustomerThreeMember 2021-01-01 2021-12-31 0001757399 us-gaap:AccountsReceivableMember us-gaap:CustomerConcentrationRiskMember TUFN:CustomerThreeMember 2020-01-01 2020-12-31 0001757399 TUFN:CustomerOneMember us-gaap:SalesRevenueNetMember us-gaap:CustomerConcentrationRiskMember 2021-01-01 2021-12-31 0001757399 TUFN:CustomerOneMember us-gaap:SalesRevenueNetMember us-gaap:CustomerConcentrationRiskMember 2020-01-01 2020-12-31 0001757399 TUFN:CustomerOneMember us-gaap:SalesRevenueNetMember us-gaap:CustomerConcentrationRiskMember 2019-01-01 2019-12-31 0001757399 TUFN:CustomerTwoMember us-gaap:SalesRevenueNetMember us-gaap:CustomerConcentrationRiskMember 2021-01-01 2021-12-31 0001757399 TUFN:CustomerTwoMember us-gaap:SalesRevenueNetMember us-gaap:CustomerConcentrationRiskMember 2020-01-01 2020-12-31 0001757399 TUFN:CustomerTwoMember us-gaap:SalesRevenueNetMember us-gaap:CustomerConcentrationRiskMember 2019-01-01 2019-12-31 0001757399 us-gaap:AccountsReceivableMember us-gaap:CustomerConcentrationRiskMember TUFN:CustomerFourMember 2021-01-01 2021-12-31 0001757399 us-gaap:AccountsReceivableMember us-gaap:CustomerConcentrationRiskMember TUFN:CustomerFourMember 2020-01-01 2020-12-31 0001757399 us-gaap:FairValueMeasurementsRecurringMember us-gaap:NotDesignatedAsHedgingInstrumentTradingMember us-gaap:FairValueInputsLevel2Member 2021-12-31 0001757399 us-gaap:FairValueMeasurementsRecurringMember us-gaap:NotDesignatedAsHedgingInstrumentTradingMember us-gaap:FairValueInputsLevel2Member 2020-12-31 0001757399 us-gaap:USGovernmentDebtSecuritiesMember 2021-12-31 0001757399 us-gaap:CorporateDebtSecuritiesMember 2021-12-31 0001757399 us-gaap:USGovernmentDebtSecuritiesMember 2020-12-31 0001757399 us-gaap:CorporateDebtSecuritiesMember 2020-12-31 0001757399 us-gaap:FurnitureAndFixturesMember 2020-12-31 0001757399 us-gaap:ComputerEquipmentMember 2020-12-31 0001757399 us-gaap:LeaseholdImprovementsMember 2020-12-31 0001757399 TUFN:ElectronicEquipmentMember 2020-12-31 0001757399 us-gaap:FurnitureAndFixturesMember 2021-12-31 0001757399 us-gaap:ComputerEquipmentMember 2021-12-31 0001757399 us-gaap:LeaseholdImprovementsMember 2021-12-31 0001757399 TUFN:ElectronicEquipmentMember 2021-12-31 0001757399 us-gaap:ForeignExchangeForwardMember us-gaap:NotDesignatedAsHedgingInstrumentTradingMember 2021-12-31 0001757399 us-gaap:ForeignExchangeForwardMember us-gaap:NotDesignatedAsHedgingInstrumentTradingMember 2020-12-31 0001757399 TUFN:TwoThousandsNinteenStockOptionPlanMember TUFN:OptionsRestrictedSharesAndOtherSharebasedAwardsMember 2021-01-01 2021-12-31 0001757399 us-gaap:RestrictedStockUnitsRSUMember 2022-02-28 2022-03-01 0001757399 us-gaap:RestrictedStockUnitsRSUMember 2021-01-01 2021-12-31 0001757399 TUFN:TwoThousandsNinteenStockOptionPlanMember TUFN:OptionsRestrictedSharesAndOtherSharebasedAwardsMember srt:MinimumMember 2021-12-31 0001757399 TUFN:TwoThousandsNinteenStockOptionPlanMember TUFN:OptionsRestrictedSharesAndOtherSharebasedAwardsMember srt:MaximumMember 2022-01-03 0001757399 TUFN:ExercisePriceOneMember 2021-01-01 2021-12-31 0001757399 TUFN:ExercisePriceTwoMember 2021-01-01 2021-12-31 0001757399 TUFN:ExercisePriceThreeMember 2021-01-01 2021-12-31 0001757399 TUFN:ExercisePriceFourMember 2021-01-01 2021-12-31 0001757399 TUFN:ExercisePriceOneMember 2021-12-31 0001757399 TUFN:ExercisePriceTwoMember 2021-12-31 0001757399 TUFN:ExercisePriceThreeMember 2021-12-31 0001757399 TUFN:ExercisePriceFourMember 2021-12-31 0001757399 us-gaap:EmployeeStockOptionMember srt:MinimumMember 2021-01-01 2021-12-31 0001757399 us-gaap:EmployeeStockOptionMember srt:MaximumMember 2021-01-01 2021-12-31 0001757399 us-gaap:EmployeeStockOptionMember srt:MinimumMember 2020-01-01 2020-12-31 0001757399 us-gaap:EmployeeStockOptionMember srt:MaximumMember 2020-01-01 2020-12-31 0001757399 us-gaap:EmployeeStockOptionMember 2020-01-01 2020-12-31 0001757399 country:US 2021-01-01 2021-12-31 0001757399 country:DE 2021-01-01 2021-12-31 0001757399 country:GB 2021-01-01 2021-12-31 0001757399 country:FR 2021-01-01 2021-12-31


UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

WASHINGTON, D.C. 20549

FORM 20-F

REGISTRATION STATEMENT PURSUANT TO SECTION 12(b) OR (g) OF THE SECURITIES EXCHANGE ACT OF 1934

OR

ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934  

For the fiscal year ended December 31, 2021

OR

TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934  

OR

SHELL COMPANY REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

Date of event requiring this shell company report ______________

For the transition period from ____________ to ____________.

Commission file number 001-38866

image provided by client

TUFIN SOFTWARE TECHNOLOGIES LTD.

(Exact name of Registrant as specified in its charter)

ISRAEL

(Jurisdiction of incorporation or organization)

5 HaShalom Road, ToHa Tower

Tel Aviv  6789205, Israel

(Address of principal executive offices)

 

Jack Wakileh

Telephone: +972 (3) 612-8118

Tufin Software Technologies Ltd.

5 HaShalom Road, ToHa Tower

Tel Aviv6789205, Israel

(Name, telephone, e-mail and/or facsimile number and address of company contact person)

Securities registered or to be registered pursuant to Section 12(b) of the Act:

Title of each class

Trading Symbol(s)

Name of each exchange on which registered

Ordinary shares, par value NIS 0.015 per share

TUFN

New York Stock Exchange

Securities registered or to be registered pursuant to Section 12(g) of the Act: None.

Securities for which there is a reporting obligation pursuant to Section 15(d) of the Act: None.

Indicate the number of outstanding shares of each of the issuer’s classes of capital or common stock as of the close of the period covered by the annual report: As of December 31, 2021, the registrant had outstanding 37,851,120 ordinary shares, par value NIS 0.015 per share.


Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act.

Yes ☐  No ☒

If this report is an annual or transition report, indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934.

Yes ☐  No ☒

Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days.

Yes ☒  No ☐

Indicate by check mark whether the registrant has submitted electronically and posted on its corporate website, if any, every Interactive Data File required to be submitted and posted pursuant to Rule 405 of Regulation S-T (§229.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit and post such files).

Yes ☒  No ☐

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated file, a non-accelerated filer, or an emerging growth company. See definition of “large accelerated filer,” “ accelerated filer,” and “emerging growth company” in Rule 12b-2 of the Exchange Act:

Large accelerated filer ☐

Accelerated filer ☒

Non-accelerated filer ☐

Emerging growth company

If an emerging growth company that prepares its financial statements in accordance with U.S. GAAP, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☒

Indicate by check mark whether the registrant has filed a report on the attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report. ☐

Indicate by check mark which basis for accounting the registrant has used to prepare the financing statements included in this filing:

U.S. GAAP ☒

International Financial Reporting Standards as issued by the International Accounting Standards Board ☐

Other ☐

If “Other” has been checked in response to the previous question, indicate by check mark which financial statement item the registrant has elected to follow.

☐ Item 17  ☐ Item 18

If this is an annual report, indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act).

Yes ☐  No ☒


 

 
TABLE OF CONTENTS
 
Page
1
1
3
3
3
32
41
42
57
79
82
83
84
97
97
98
98
98
99
99
99
100
100
100
100
101
101
101
101
101

 

 
INTRODUCTION
 
In this annual report, the terms “Tufin,” “we,” “us,” “our” and “the company” refer to Tufin Software Technologies Ltd. and its subsidiaries.
 
Throughout this annual report, we refer to various trademarks, service marks and trade names that we use in our business. The “Tufin” design logo is the property of Tufin Software Technologies Ltd. Tufin® is our registered trademark in several countries, including the United States. We have several other trademarks, service marks and pending applications relating to our products. In particular, although we have omitted the “®” and “™” trademark designations in this annual report from each reference to Unified Security Policy, Tufin Orchestration Suite, SecureChange, SecureTrack, SecureApp and Tufin SecureCloud, all rights to such trademarks are nevertheless reserved. Other trademarks and service marks appearing in this annual report are the property of their respective holders.
 
References in this annual report to “Global 2000” for either (i) the fiscal years ended on December 31, 2019 and 2020 or (ii) the fiscal year ended on December 31, 2021, are to the world’s 2,000 largest public companies as published by Forbes Media LLC according to its Forbes Global 2000: The World's Largest Public Companies, June 2018 and June 2021, respectively.
 
SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS AND RISK FACTORS SUMMARY
 
We make forward-looking statements in this annual report that are subject to risks and uncertainties. The Private Securities Litigation Reform Act of 1995 provides safe harbor protections for forward-looking statements in order to encourage companies to provide prospective information about their business. These forward-looking statements include information about possible or assumed future results of our business, financial condition, results of operations, liquidity, plans and objectives. In some cases, you can identify forward-looking statements by terminology such as “believe,” “may,” “estimate,” “continue,” “anticipate,” “intend,” “should,” “plan,” “expect,” “predict,” “potential,” “will,” “likely,” “continue” or the negative of these terms or other similar expressions. The statements we make regarding the following matters are forward-looking by their nature and are based on our beliefs, assumptions and expectations of future performance, taking into account the information currently available to us. These statements are only predictions based upon such current expectations and projections about future events. Although we believe that our plans and objectives reflected in or suggested by these forward-looking statements are reasonable, we may not achieve these plans or objectives. There are important factors that could cause our actual results, levels of activity, performance or achievements to differ materially from the results, levels of activity, performance or achievements expressed or implied by the forward-looking statements. These factors include the principal risks relating to the Company and its business described in “Part I, Item 3. Key Information—D. Risk Factors,” which are also summarized below:

 
the successful management of our business model, as well as current and future growth, particularly with respect to the ongoing implementation of our plans to transition to a term-based subscription license business model over time;
 
 
our intention to invest further in the Tufin Orchestration Suite to extend its functionality and features;
 
 
our expectations regarding sales of our cloud products;
 
 
competition we face in the security policy management market, and our potential lack of sufficient financial or other resources in order to maintain or improve our competitive position;

 
our expectations regarding growth in the market for enterprise security and network management products;
 
 
our ability to compete and increase positive market awareness of our brand, particularly with respect to markets for security policy management;
 
 
our expectation that policy-centric, automated solutions will garner a growing share of enterprise security spend;

 
our expectations for growth in certain key verticals and geographic regions and our intention to expand international operations;

 
our expectations regarding sales driven by our relationships channel partners and our technology alliance partners through joint selling efforts and go-to-market strategies;
 
 
customer relationships developed by our hybrid sales model, including our ability to acquire new customers and retain existing customers;

 
our dependence on a single third-party manufacturer to fulfill certain software license orders;
 
 
our expectations concerning seasonality and the predictability of our sales cycle;

 
our ability to align our future and past performance by continuing to generate sufficient revenues;
 
 
the compatibility and integration of our product and service offerings with customers’ existing technology infrastructures and applications;
 
1

 
our plans to deploy additional cloud-based subscription products and promote our brand over time, to enable more customers to consume our products beyond our existing on-premise solutions;
 
 
our reliance on certain products and customers to generate revenue;
 
 
compliance, managerial and regulatory risks associated with international sales and operations;
 
 
the effect of any real or perceived shortcomings, defects or vulnerabilities in our solutions;
 
 
political conditions and economic downturns, particularly in areas where we operate;

 
the impact of COVID-19 on the budgets of our customers and on economic conditions generally;

 
the effect of cybersecurity threats or attacks on our technologies, products and services;
 
 
our compliance with  laws, regulations and requirements in the jurisdictions where we operate, including with respect to with data protection and privacy and export and import control requirements;
 
 
the outcome of certain litigation relating to our initial public offering;
 
 
our ability to adequately protect and defend our intellectual property and other proprietary rights;
 
 
our ability to effectively manage, invest in, train, grow and retain our sales force, research and development capabilities, marketing team and other key personnel;
 
 
our ability to maintain effective internal controls over financial reporting;
 
 
the volatility of our share price and active trading market for our shares;
 
 
political, economic, governmental and tax consequences associated with our incorporation and location in Israel;
 
 
our expectations regarding our tax classifications.
 
Some of these factors are discussed in more detail in this annual report, including under “Part I, Item 3. Key Information—D. Risk Factors,” “Part I, Item 4. Information on the Company” and “Part I, Item 5. Operating and Financial Review and Prospects.”
 
You should not rely upon forward-looking statements as predictions of future events. Although we believe that the expectations reflected in the forward-looking statements are reasonable, we cannot guarantee that future results, levels of activity, performance and events and circumstances reflected in the forward-looking statements will be achieved or will occur. All forward-looking statements in this annual report speak as of the date of those statements. Except as required by law, we undertake no obligation to update publicly any forward-looking statements for any reason after the date of this annual report, to conform these statements to actual results or to changes in our expectations.
 

2


PART I
 
ITEM 1. IDENTITY OF DIRECTORS, SENIOR MANAGEMENT AND ADVISERS
 
Not applicable.
 
ITEM 2. OFFER STATISTICS AND EXPECTED TIMETABLE
 
Not applicable.
 
ITEM 3. KEY INFORMATION
 

A.
[Reserved]
 

B.
Capitalization and Indebtedness
 
Not applicable.
 

C.
Reasons for the Offer and Use of Proceeds
 
Not applicable.
 

D.
Risk Factors
 
Our business faces significant risks. You should carefully consider all of the information set forth in this annual report and in our other filings with the U.S. Securities and Exchange Commission, (the” SEC”), including the following risk factors which we face and which are faced by our industry. If any of the following risks actually occurs, our business, financial condition and results of operations could be materially and adversely affected. In that event, the trading price of our ordinary shares would likely decline, and you might lose all or part of your investment. This annual report also contains forward-looking statements, as a result of certain risk factors including the risks described below and elsewhere in this report and our other SEC filings. See also “Special Note Regarding Forward-Looking Statements and Risk Factors Summary” on page 1 of this annual report.

3


Risks Related to our Business Strategy Transition
 
The ongoing transition in our business to a term-based subscription license model could materially and adversely affect our financial condition, operating results and liquidity, if we fail to successfully manage this new model, including if we are unable to secure new customer subscriptions or subscription renewals from existing customers.
 
In 2021, we announced our process of transitioning from a perpetual license business model to an on premises, term-based subscription license business model (a “term-based subscription license business model”). We believe that a term-based subscription license model will benefit our financial results by increasing the portion of our revenue that comes from recurring revenue over the long term, and charging higher prices for term-based licenses than we charge for the maintenance renewal of perpetual licenses today, thereby increasing the average lifetime value we derive from our customers. We believe that such model reflects the trend of a growing number of enterprises preferring to purchase software through subscription arrangements instead of perpetual license arrangements. While as of the date of this annual report the initial phases of the transition have proven successful, it is uncertain whether the transition will continue to be successful and meet the forecasts of our management and expectations of our investors.
 
Market acceptance of our products, the sustainability and the success of our term-based subscription license model is dependent on our ability to enhance functionality and usability of our products to meet certain customer requirements while optimally pricing such products taking into consideration the competitive landscape and customer demand.
 
This term-based subscription license business strategy may give rise to a number of risks, including the following:
 
 
our revenues and cash flows may fluctuate more than anticipated over the short and mid-term;
 
 
if new or current customers do not desire to consume our offerings under a subscription model, our subscription sales may lag behind our expectations;
 
 
the shift to a term-based subscription license model may raise concerns among new or existing customers, resellers and investors, including concerns with respect to changes to pricing over time and access to our products once a given subscription has expired, which could slow adoption rates;

 
our success in maintaining or implementing our target pricing or new pricing models, product adoption and projected renewal rates, or selection of a target price or new pricing model that is not optimal and could negatively affect our sales or earnings;
 
 
the shift to term-based subscription license may create a subscription pricing disadvantage against our competition and increase our loss rates against competition;
 
 
our failure in implementing or maintaining adequate subscription-based pricing models could negatively affect adoption, renewal rates and our business results.
 
 
if our customers do not renew their subscriptions or do not renew them on a timely basis, our revenues may decline and our business may suffer;
 
 
we may incur sales compensation costs at a higher than forecasted rate if the pace of our subscription transition is faster than anticipated;
 
 
we may see increased discounting behavior from our sales force and, if we are unable to monitor, prevent and manage such discounting behavior successfully and in a timely manner, our business and financial results will be negatively affected;
 
 
our sales force may not be successful in selling under a term-based subscription license model, which may lead to increased sales headcount turnover rates; and
 
 
investors, industry and financial analysts may have difficulties understanding the shift in our business model or interpret the transition to the term-based subscription license model as having a negative impact on the Company’s value, resulting in changes in analysts’ financial analysis and impairment of the Company’s valuation

4

 
After we will complete our transition from a perpetual license model to term-based subscription license model, the vast majority of our revenue will be recurring in its nature and largely dependent on our customers renewing their subscription contracts. Our ability to grow our business is dependent, in part, on our current customers renewing their existing subscriptions and our current and prospective customers purchasing additional solutions or services after the initial term of their agreements. Though we maintain and analyze historical data with respect to rates of customer renewals and expansions, those rates may not accurately predict future trends in renewal of certain products and services offered by us. If our customers cancel or amend their agreements with us during their term, do not renew their agreements, renew on less favorable terms or do not purchase additional products or solutions during the relevant renewal periods, our revenue may grow more slowly than expected or decline and our profitability may be harmed.
 
Additionally, we may experience some level of attrition with existing customers, which could lead to a fluctuation in subscription rates. Moreover, we could fail to accurately predict our customer renewal rates. Following our transition to a term-based subscription  license model, renewal rates may decline or fluctuate as a result of a number of factors, including the level of their satisfaction with our products and services, customer merger or acquisition activity, customer budgets, the pricing of our products compared with those offered by our competitors, technology trends, the prevailing regulatory regime and general economic and market conditions (including as a result of the COVID-19 pandemic). If we are unable to obtain new subscriptions or our customers’ subscription renewals (either in quantity or products) decline from their current levels, our revenue or revenue growth may decline, and our business may suffer.

We recognize revenue from a certain portion of our term-based subscription license sales over the terms of our customers’ agreements, which may be one year or more. As a result, a portion of the revenue we report in each quarter is deferred revenue from customer agreements entered into during previous quarters. Consequently, a decline in new or renewed client agreements in any one quarter will not be fully reflected in our revenue or our results of operations until future periods. Accordingly, this revenue recognition model also makes it difficult for us to rapidly increase our revenue through additional sales in any period, as revenue from new clients must be recognized over the applicable subscription term.
 
If we are required to and fail to successfully manage any changes to our business model, including the transition of our sales to a term-based subscription license sales model and associated services, our results of operations could be harmed.
 
In 2021, we announced our transition from a perpetual licenses business model to a term-based subscription license business model. This adjustment in our business model to a term-based subscription license model required and continues to require a considerable investment of technical, financial, legal and sales resources. As a result, we continue to face risks associated with new and complex implementations, some of which remain uncertain to us at this stage of the implementation process, the cost of which may differ from our expectations. We have no assurance that our investments and changes to our operations will result in the desired growth in our subscription revenue.
 
Our failure in transitioning our business model to be primarily term-based subscription may adversely affect valuation methods applied by investors and analysts on our enterprise value.

Enterprise valuation methods may be applied differently to companies that are operating primarily under a subscription based recurring revenue model than companies that are operating primarily under a perpetual license model. Investors and/or analysts applying valuation methods to our company under the assumption that we will be successful with transitioning to a primarily term-based subscription license business model, may have to adversely revise their valuations if we fail to achieve this transition in line with their expectations.
 
If our maintenance or professional services are not satisfactory to our customers, they may not renew their term-based subscription license or maintenance or contracts, which could adversely affect our revenues and future results of operations, particularly with our transition to a term-based subscription license business model, in which we will become significantly more dependent on renewals to meet our total revenue and profitability targets.

Our customers depend in a large part on customer support delivered through our channel partners or by us to resolve issues relating to the use of our solutions. Our agreements with customers typically provide certain service level commitments, including with respect to initial response time for support. Our business relies on our customers’ satisfaction with the technical maintenance and support and professional services we provide to support our products. Our term-based subscription licenses (including the related maintenance and support) and our perpetual license related maintenance contracts are sold on a term basis, with terms spanning one to three years. In order for us to maintain and improve our results of operations, it is important that our existing customers renew their maintenance and their term-based subscription license contracts at equal or higher contract value when such terms expire. For example, our renewal rate for maintenance contracts associated with perpetual license sales in each of the years ending December 31, 2020 and 2021 was approximately 90%. If we fail to maintain customer renewal rates for term-based subscription licenses and perpetual license related maintenance and support contracts, our revenues and results of operations could be adversely affected.

Our failure to effectively assist customers in deploying and integrating our solutions, may result in the dissatisfaction by our customers in using our products effectively which may lead them to choose not to renew their term-based subscription license contracts or their maintenance and support contracts or to choose not to purchase additional products and services from us. Accordingly, our failure to provide satisfactory professional services or sufficient software upgrades could lead our customers not to renew their agreements with us or renew on terms less favorable to us resulting in a material and adverse effect on our business and results of operations.

5

 
Operational Risks
 
Because we derive most of our revenues from sales of licenses and maintenance for SecureTrack, SecureChange, SecureApp and SecureCloud, which are all part of the Tufin Orchestration Suite – the failure of these products to satisfy customers or to achieve increased market acceptance would adversely affect our business.
 
In the fiscal year ended December 31, 2021, we generated most of our revenues from sales of licenses and maintenance for SecureTrack, SecureChange, SecureApp and SecureCloud and the Tufin Marketplace apps. We expect to continue to derive a majority of our revenues from license and maintenance sales relating to the Tufin Orchestration Suite in the future. As such, market acceptance of this suite of products is critical to our continued success. Demand for licenses for the Tufin Orchestration Suite is affected by a number of factors, some of which are outside of our control, including continued market acceptance of our software by our customers and potential customers, the viability of existing and new use cases, technological change and growth or contraction in our market. If we are unable to continue to meet customer demands or to achieve more widespread market acceptance of our software, our business, operations, financial results and growth prospects will be materially and adversely affected.
 
If we are unable to attract new customers, particularly large organizations, our future revenues and operating results will be harmed.
 
Our growth strategy is dependent, in part, on our ability to attract new customers, particularly large organizations, which we define as those comprising the Global 2000. For example, in the fiscal year ended December 31, 2021, large organizations accounted for 64% of our revenues, excluding maintenance renewals. The size and number of customers that we add in a given period significantly and directly impact both our short-term and long-term revenues. If we are unable to attract a sufficient number of new large organization customers or if we attract customers that place orders of an insufficient size, we may be unable to generate revenue growth at desired rates. The security policy management market is competitive and we cannot guarantee that we will out-perform our competitors. In addition, in many cases, our primary competitors are in-house, manual, spreadsheet-driven processes and home-grown approaches to security management. If potential customers perceive these competitors as having products or services that are equivalent to, or have advantages over, our products and services, we may not be able to add new customers at the levels we expect, or may need to spend more on research and development and sales and marketing efforts than we initially budgeted for such efforts, or we may need to lower our prices or offer sales incentives to prospective customers. These competitive factors may have a material negative impact on our future revenues and operating results.
 
Sales to large organizations involve risks that may not be present (or that are present to a lesser extent) with sales to smaller entities. These risks include:
 
 
increased purchasing power and leverage held by large organizations in negotiating contractual arrangements with us, including, in certain cases, clauses that provide preferred pricing of configurations with similar specifications;
 
 
the timing of individual large sales, which in some cases have occurred in a quarter subsequent to those we anticipated, or have not occurred at all;
 
 
longer sales cycles and the associated risk that substantial time and resources may be spent on a potential customer that ultimately elects not to purchase our products or purchases fewer products than we anticipated;
 
 
more stringent or costly requirements imposed upon us in our maintenance and professional services contracts with such customers, including stricter response times and penalties for any failure to meet maintenance and professional services requirements;
 
 
more complicated and costly implementation processes and network infrastructure; and
 
 
closer relationships with, and increased dependence upon, large technology companies who may offer competing products and have stronger brand recognition.
 
If we are unable to increase sales of our solutions and products to large organizations while mitigating the risks associated with serving such customers, our business, results of operations, prospects and financial condition may suffer.
 
Our future growth also depends in part upon increasing our customer base, particularly those customers with potentially high customer lifetime values. Our ability to achieve significant growth in revenues in the future will depend, in large part, upon the effectiveness of our sales and marketing efforts, both in the Americas and EMEA, and our ability to attract new customers. If we fail to attract new customers and maintain and expand those customer relationships, our revenues may be adversely affected, and our business will be harmed.

6

 
Our business depends substantially on our ability to retain existing customers and expand our offerings to them, and our failure to do so could harm future results of operations.
 
We generate a significant portion of our revenues from sales to existing customers and our business depends substantially on our ability to retain customers and expand our offerings to them. For example, during the fiscal year ended December 31, 2021, we generated approximately 73.1% of our revenues, excluding maintenance renewals, from sales to existing customers. We currently offer four products that comprise the Tufin Orchestration Suite: SecureTrack, SecureChange, SecureApp and SecureCloud. The majority of our customers initially purchase SecureTrack to monitor part of their networks. Initial product deployments frequently expand across departments, divisions and geographies and result in the purchase of additional products, such as SecureChange and SecureApp. We also expect SecureCloud, which allows for visibility and control of the security posture in cloud-native and hybrid cloud environments, to contribute to our revenues over time. During 2020, we introduced the Tufin Marketplace, where customers can find and deploy applications and extensions that enhance the overall value of their Tufin security policy management implementations. A number of the applications in the Marketplace, including the Vulnerability Mitigation App, released in July of 2020, require a paid license and are expected to generate revenue in the future.
 
The rate at which our existing customers purchase additional products and services depends on a number of factors, including the perceived need for additional IT security, our customers’ IT budgets, the efficacy of our solutions, general economic conditions, (including with respect to the COVID-19 pandemic) our customers’ overall satisfaction with our products and services (including their willingness to participate in our term-based subscription  license model), and the continued growth and economic health of our customer base. If our efforts to sell additional products and services to our customers are not successful, our future revenues and operating results will be harmed.
 
Additionally, we devote significant efforts to developing and marketing product updates to existing customers and rely on these efforts for a portion of our revenues. This requires a significant investment in building and maintaining customer relationships, as well as significant research and development efforts in order to launch product updates and new products. Our future success depends, in part, on our ability to continue to expand sales of our current product offerings to existing customers, sell additional licenses for our current products to our existing customers and develop and sell new products to existing customers and receive subscription and maintenance renewals.
 
We face competition in the security policy management market in which we operate, and we may lack sufficient financial or other resources to maintain or improve our competitive position.
 
We face competition in the security policy management market in which we operate. In many cases, our primary competition is in-house, manual, spreadsheet driven processes and home-grown approaches to security management, and we and our channel partners may not be successful in educating and familiarizing potential customers with the value associated with our products and services. Our direct competitors include vendors such as AlgoSec, Inc., FireMon, LLC and Skybox Security LLC, which offer solutions comparable to all or some of our products or product features. We also indirectly compete with large security companies that offer a broad array of traditional security management solutions, such as Palo Alto Networks, Inc. and Cisco Systems, Inc., for a share of enterprises’ IT security budgets.
 
Some of our competitors are large companies that have the technical and financial resources and broad customer bases and already have existing relationships as a trusted vendor for other products. Such companies may use these advantages to offer products and services that are perceived to be as effective as ours at a lower price or for free as part of a larger product package or solely in consideration for maintenance and professional services fees. As the security policy management market grows, we expect competition to increase in the future from both existing competitors and new companies that may enter our markets. Some of our competitors may develop different products that compete with our current solutions and respond more quickly and effectively than we do to new or changing opportunities, technologies, standards or client requirements, including in cloud-native environments.
 
Organizations that use other products or home-grown tools may believe that these products or tools are sufficient to meet their security policy management needs or that our products only serve the needs of a portion of the enterprise security market. Accordingly, these organizations may continue allocating their IT budgets for other products, and may not adopt our products. Further, many organizations have invested substantial personnel and financial resources to design and operate their networks and have established deep relationships with other providers of networking and security products. As a result, these organizations may prefer to purchase from their existing suppliers rather than add or switch to a new supplier, such as us, regardless of product performance, features, or greater services offerings or may be more willing to incrementally add solutions to their existing security infrastructure from existing suppliers than to replace it wholesale with our solutions.
 
Our current and potential competitors may also establish cooperative relationships among themselves or with third parties that may further enhance their resources. For instance, in February of 2020, a direct competitor of ours, AlgoSec, Inc., announced that they have entered into an agreement with Cisco Systems Inc. in which AlgoSec’s products were listed in Cisco’s price list and can be sold by some of Cisco’s sales force, expanding AlgoSec’s potential market reach. Current or potential competitors may be acquired by third parties with greater available resources. As a result of such acquisitions, our current or potential competitors might be able to adapt more quickly to new technologies and customer needs, devote greater resources to the promotion or sale of their products and services, initiate or withstand substantial price competition, take advantage of other opportunities more readily or develop and expand their product and service offerings more quickly than we do.

7

 
If we fail to maintain successful relationships with our channel partners, or if our channel partners fail to perform, our ability to market, sell and distribute our solutions will be limited, and our business, financial position and results of operations will be harmed.
 
We sell our products and services through our sales force, including our field sales team and our inside sales team, which works closely with our global network of over 150 active channel partners as of December 31, 2021. Our channel partners include distributors and resellers, as well as service delivery partners that help customers successfully deploy, configure, customize and maintain our products and services. Our channel partners fulfill orders constituting substantially all of our revenues. Certain of our new customer leads are generated by our channel partners. For the years ended December 31, 2020 and 2021, our two largest channel partners accounted for 15% and 15% of our revenues and 9% and 12% of our revenues, respectively. Our agreements with these channel partners provide that each partner agrees to sell and distribute our products within certain territories for one year. These agreements are nonexclusive and non-transferable, and automatically renew unless terminated by either party after providing prior written notice. As of December 31, 2021, three of our channel partners accounted for 10% or more of our accounts receivable, accounting for an aggregate of 39% of our accounts receivable. Our engagements with these channel partners are generally based on separate contractual relationships with different business units across multiple jurisdictions rather than on a single agreement.
 
As a result of this concentration, if a channel partner ceases to perform services for us, we may face disruptions in deploying solutions to our customers. Additionally, we are exposed to the credit risk of our channel partners in the event they become insolvent while owing us payment. If our channel partners do not effectively provide support to the satisfaction of our customers, we may be required to provide additional support to such customers, which would require us to invest in additional personnel and may require us to devote significant time and resources and divert attention away from other customers or opportunities. If our channel partners do not effectively market and sell our solutions, or choose to use greater efforts to market and sell the products and services of our competitors, our ability to grow our business may be adversely affected.
 
Our relationships with channel partners have been, and could in the future be, terminated with little or no notice if they become subject to bankruptcy or other similar proceedings. The loss of our major channel partners, the inability to replace them or the failure to recruit additional channel partners could materially and adversely affect our results of operations. If we are unable to maintain our relationship with channel partners or otherwise develop and expand our sales channels, or if our channel partners fail to perform, our business, financial position and results of operations could be adversely affected.
 
We depend on a single third-party hardware manufacturer for the hardware that we use to fulfill certain orders for our software licenses, and delays or disruptions in fulfilling such orders could materially and adversely impact our operations.
 
We depend on a single third-party manufacturer to supply the computer hardware on which our licensed software is installed for certain customers. Specifically, when placing an order, a customer may elect to download our software onto its own computer hardware that meets our specifications or to purchase computer hardware from us with our software pre-installed. In the years ended December 31, 2020 and 2021, transactions in which customers purchased software pre-installed on computer hardware that we supplied accounted for 21% and 22%, respectively, of our sales. Our computer hardware supplier fulfills our requirements on a purchase order basis and we hold only limited inventory. We do not have a long-term contract with the supplier that guarantees capacity or the continuation of particular pricing terms. There are alternative suppliers for the computer hardware, but that hardware would initially not be optimized for our software.
 
 In addition, continuation or exacerbation of the global supply chain challenges, whether resulting from the COVID-19 pandemic or for reasons otherwise unrelated, may impact our ability to forecast and control hardware costs. For instance, given our dependency on a single third-party manufacturer, our operations may be adversely affected by disruptions or delays to the supply chain resulting from temporary closures of our manufacturer’s facilities, spikes in demand for our manufacturer’s services from other customers, interruptions in product supply or insufficient supply of relevant component parts, restrictions on export or shipment or disruptions in product fulfillment due to closure or delays of our manufacturer’s delivery process.  Furthermore, in the event of a disruption in supply, we would need to inform customers with pending orders regarding the change in hardware and offer them the choice of supplying their own hardware or using alternate hardware that we would supply, both of which may cause delays in the timely fulfillment of their orders. This could have a material adverse effect on our business and results of operations.
 
8


Our sales cycle is long and unpredictable, which may cause significant fluctuations in our quarterly results of operations.
 
The timing of our sales and related revenue recognition is difficult to predict because of the length and unpredictability of the sales cycle for our products and services. We and our channel partners often spend significant time and resources to better educate and familiarize potential customers with the value proposition of our products and solutions. Our sales cycle usually lasts several months from proof of concept to purchase order from our customers, and it is often even longer, less predictable and more resource-intensive for larger transactions. Customers may also require additional internal approvals or seek to test our products for a longer trial period before deciding to purchase our solutions. Furthermore, even if we close a large transaction during a given quarter, we may be unable to recognize the revenues derived from such a transaction due to our revenue recognition policy. See “Item 5.A. Operating and Financial Review and Prospects—Operating Results—Application of Critical Accounting Policies and Estimates—Revenue Recognition.”
 
In addition, in the past, customers have deferred significant purchases to the last quarter of the year when they can determine what amount of their annual budget remains unused. As a result, the timing of individual sales can be difficult to predict. We generally expect an increase in business activity as we approach our fiscal year end in December, driven by our customers’ buying patterns. We believe that these seasonal trends will continue to affect our quarterly results. Large individual sales have, in some cases, occurred in quarters subsequent to those we anticipated or have not occurred at all. The loss or delay of one or more large transactions in a quarter could impact our anticipated results from operations for that quarter and future quarters for which revenues from those transactions are delayed. We may not be able to accurately predict or forecast the timing of sales, which has caused and could again cause our results to vary significantly from our expectations and the expectations of market analysts. In addition, we might devote substantial time and effort to a particular unsuccessful sales effort, and as a result we could lose other sales opportunities or incur expenses that are not offset by an increase in revenue, which could harm our business.

The recent increase to our revenue may not be indicative of our future performance.
 
For the years ended December 31, 2020 and 2021, our revenues were $100.8 million and $110.9 million, respectively, representing a year-over-year increase of 10%. Our revenue growth may not be indicative of our future performance and we may not return to our growth rate trajectory reported prior to the fiscal year ended December 31, 2019. Factors that could impact our ability to return to significant revenue growth include the impact of COVID-19 on customer demand for our products and services, the unsuccessful transition to a term-based subscription  license business model, our ability to increase the size or efficiency of our sales force, our ability to achieve repeat purchases by existing customers, our ability to successfully compete with other companies and the extent to which we are successful in securing large-scale deployments, particularly among our large, Global 2000 customers. If we are unable to increase revenues, our share price could experience volatility, and our ability to achieve and maintain profitability could be adversely affected.
 
Our business and operations have slowed down in relation to recent periods of growth, and if we do not appropriately manage our current business and operations, our results of operations may not return to previous growth rates and outputs.
 
During previous fiscal periods, we experienced growth that placed significant demands on our management, administrative, operational and financial infrastructure. During the year end December 31, 2021, we were required to adapt to a variety of challenging economic conditions, including COVID-19, as well as increasing recruitment efforts initiated by competitors, threatening both our ability to maintain current talent and hire potential talent. Specifically, as of December 31, 2021, we had 542 employees and contractors compared to 533 as of December 31, 2020. While we expect that the completion of our transition to a term-based subscription license business model will have a positive impact on our business in the long term, we cannot guarantee that our business and operations will return to the growth rates experienced in previous fiscal periods.
 
Our success will depend in part upon, among other things, our ability to manage and increase the productivity of our existing employees, particularly our sales force, and hire, train, and manage new employees and expand our network of channel partners. To manage the domestic and international growth of our operations and personnel, we will need maintain or to continue to improve our operational, financial, and management controls, as well as our reporting processes and procedures.
 
These additional investments will increase our operating costs, which will make it more difficult for us to offset any future revenue shortfalls by reducing expenses in the short term. We may not be able to successfully acquire or implement these or other improvements to our systems and processes in an efficient or timely manner, or once implemented, we may discover deficiencies in their capabilities or effectiveness. We may experience difficulties in managing improvements to our systems and processes or in integrating with third-party technology. In addition, our systems and processes may fail to prevent or detect errors, omissions or fraud. Our failure to improve our systems and processes, or their failure to operate effectively and in the intended manner, may result in the disruption of our current operations and customer relationships, our inability to manage the growth of our business and our inability to accurately forecast and report our revenues, expenses and earnings, any of which may materially harm our business, results of operations, prospects and financial condition.
 
We have a history of losses, and we may not be able to generate sufficient revenues to achieve and sustain profitability.
 
We have incurred net losses in each period since our inception, including net losses of $35.4 million and $36.9 million for the years ended December 31, 2020 and 2021, respectively. As of December 31, 2021, our accumulated deficit was $140.8 million. We expect our operating expenses to increase significantly as we continue to expand our sales and marketing efforts, in part, by building our sales force, continuing to devote significant research and development resources to develop our solutions and continuing to expand our operations in existing and new geographies and vertical markets. In addition, as we transition to a term-based subscription license business model, our revenues and cash flows may fluctuate more than anticipated over the short-term. We cannot assure investors that we will achieve profitability in the future or that, if we do become profitable, we will be able to sustain profitability.

9

 
If third-party applications and network products change such that we do not or cannot maintain the compatibility of our products and solutions with these third-party applications and products, or if we fail to provide integrations that our customers desire, demand for our solutions and products could decline.
 
The attractiveness of our products depends, in part, on our ability to integrate with third-party applications and network products that our customers use or desire to use. Third-party providers may change the features of their applications and platforms or alter the terms governing use of their applications and platforms in an adverse manner. Further, third-party application providers may refuse to partner with us, or limit or restrict our access to their applications and platforms. Such changes could functionally limit or terminate our ability to use these third-party applications and systems with our products, which could negatively impact our offerings and harm our business. If we fail to integrate our products with new third-party applications that our customers desire, or to adapt to the requirements of such third-party applications and platforms, we may not be able to offer the functionality that our customers expect, which would negatively impact our ability to retain current customers or obtain new customers. As a result, our offerings and, consequently, our business, could be adversely harmed.
 
If our products and services do not effectively interoperate with our customers’ existing or future IT infrastructures, deployments and integrations could be delayed or canceled, which would harm our business.
 
Our products and services must effectively interoperate with our customers’ existing or future IT infrastructure, which often has different specifications, utilizes multiple protocol standards, deploys products from multiple vendors and contains multiple generations of products that have been added over time. As a result, when problems occur in a network, it may be difficult to identify the sources of these problems. If we find errors in the existing software or defects in the hardware used in our customers’ infrastructure or problematic network configurations or settings, we may have to modify and improve our software so that our products will integrate with our customers’ infrastructure. In such cases, our products may be unable to support some of the configurations or protocols used in our customers’ infrastructure. These issues could cause longer deployment and integration times for our products and could cause order cancelations, either of which would adversely affect our business, results of operations and financial condition. Additionally, any changes in our customers’ IT infrastructure that degrade the functionality of our products or services but which are better supported by competitive software, could adversely affect the adoption and usage of our products.
 
If we are unable to increase market awareness of our company and our solutions, or fail to successfully promote or protect our brand, our competitive market position and revenues may not continue to grow or may decline.
 
We believe that improved awareness of our brand and the value proposition of our solutions will be essential to our continued growth and our success. Many factors, some of which are beyond our control, are important to maintaining and enhancing our brand, including our ability to increase awareness among existing and potential channels partners through various means of marketing and promotional activities. For example, as a result of various restrictions implemented by governments across the globe as a response to COVID-19, we were compelled to adjust the way in which we market and sell our products, either by way of virtual conferences or otherwise. We cannot guarantee that we will be successful in our transition to a more virtually-inclined marketing and sales model, and if unsuccessful our results of operations may be materially and adversely affected. If our marketing efforts are unsuccessful in improving market awareness of our brand and our solutions, then our business, results of operations, prospects, and financial condition will be adversely affected, and we will not be able to achieve sustained growth.
 
Moreover, due to the intensely competitive nature of our market, we believe that building and maintaining our brand and reputation is critical to our success and that the importance of positive brand recognition will increase as competition in our market may further intensify. While we believe that we are successfully building a well-established brand and have invested and expect to continue to invest substantial resources to promote and maintain our brand, both domestically and internationally, there can be no assurances that our brand development strategies will enhance our reputation or brand recognition or lead to increased revenue.
 
Furthermore, an increasing number of independent industry analysts and researchers, such as Gartner, IDC and 451 Research LLC, regularly evaluate, compare and publish reviews regarding the functionality of security products and services, including our solutions. These reviews may significantly influence the market perception of our solutions. We do not have any control over the content of these independent industry analysts and researchers’ reports, and our reputation and brand could be harmed if they publish negative reviews of our solutions or do not view us as a market leader. The strength of our brand may also be negatively impacted by our competitors’ marketing efforts, which may include incomplete, inaccurate and misleading statements about our business, products and services. If we are unable to maintain a strong brand and reputation, sales to new and existing customers could be adversely affected, and our financial performance could be harmed.
 
Our business and reputation could be harmed based on real or perceived shortcomings, defects or vulnerabilities in our solutions or the failure of our solutions to meet customers’ expectations.
 
Our products are designed to assist customers in the management of their IT networks, enhance visibility and control across their networks, ensure compliance with security standards and embed security enforcement into their workstreams. However, despite the implementation of security measures, the solutions we sell to customers, including our cloud-based solutions, could contain vulnerabilities that are not capable of being remedied or detected until after their deployment. If we fail to update our products to remedy, detect or prevent such threats, our business and reputation will suffer. Moreover, as our solutions are adopted by an increasing number of enterprises and governmental entities, including the U.S. federal government, cyberattacks may focus on finding ways to defeat our solutions. The data stored in our products’ database is highly sensitive, and includes our customers’ current enterprise-wide network configuration and security policies. If our products’ security configuration is breached, this data could be used by malicious actors, including external hackers and rogue employees within our customers’ organizations, to plan how they could effectively traverse our customers’ networks and gain unauthorized access to critical systems and data. A breach or theft of our customers’ sensitive business data, regardless of whether the breach or theft is attributable to the failure of our products, could adversely affect the market’s perception of the efficacy of our solutions and current or potential customers may look to our competitors for alternatives to our solutions. The failure of our products may also subject us to lawsuits and financial losses stemming from indemnification of our partners and other third parties, as well as the expenditure of significant financial resources to analyze, correct or eliminate any vulnerabilities. Although we seek to limit our financial exposure in such circumstances through caps on our indemnification obligations to customers, customers may litigate the enforceability of such caps and it is possible that such litigation may be successful in certain circumstances. Any such event could also cause us to suffer reputational harm, lose existing customers or deter them from purchasing additional products and services and prevent new customers from purchasing our solutions.

10

 
Our increasing focus on expanding security policy management to cloud-native environments presents execution and competitive risks.
 
While many organizations see the cloud as a scalable extension of their existing data center, some are adopting the DevOps approach to cloud application development. Pricing and delivery models in the cloud are evolving. Different usage models and network security architectures in the cloud influence customers’ choice of cloud-based security products. Our ecosystem must continue to evolve with this changing environment. We plan to devote significant resources to develop and deploy our cloud-based capabilities. Unlike traditional enterprise applications, in which every connectivity change is controlled and managed by IT, in cloud-native environments, the developers and DevOps engineers have administrative rights over some of the infrastructure. The connectivity decisions and changes made by developers in cloud-native applications can have an immediate impact on the organization’s security posture, with little or no oversight by the security team. Our success in developing cloud-native solutions is connected with the fragmentation of enterprise networks between on-premise networks and the cloud environment, the growing use of cloud infrastructure and cloud-native development environments and the level of adoption of cloud platforms such as such as Google Cloud, Amazon Web Services, or AWS and Microsoft Azure.
 
We may not establish sufficient market share to achieve the scale necessary to achieve our business objectives. If we are not effective in executing organizational and technical changes to increase efficiency and accelerate innovation, or if we fail to generate sufficient usage of our new products and services, we may not grow revenues in line with the infrastructure and development investments described above.

Our business depends, in part, on sales to the public sector, and significant changes in the contracting or fiscal policies of the public sector could have an adverse effect on our business.
 
We derive a portion of our revenues from sales of our solutions to federal, state, local and foreign governments, and we believe that the success and growth of our business will continue to depend in part on our successful procurement of government contracts. Factors that could impede our ability to maintain or increase the amount of revenues derived from government contracts include:
 
 
changes in fiscal or contracting policies;
 
 
decreases in available government funding;
 
 
changes in government programs or applicable requirements;
 
 
the adoption of new laws or regulations or changes to existing laws or regulations; and
 
 
potential delays or changes in the government appropriations or other funding authorization processes.
 
The occurrence of any of the foregoing could cause governments and governmental agencies to delay or refrain from purchasing our solutions or otherwise have an adverse effect on our business, operating results and financial condition.
 
11


We are subject to a number of risks associated with international sales and operations.
 
We operate a global business with offices located primarily in Israel and the United States. In the year ended December 31, 2021, we generated 51.3%, 42.3% and 6.4% of our revenues from customers in the Americas, EMEA and APAC, respectively. Business practices in the international markets that we serve may differ from those in the United States and may require us to include non-standard terms in customer contracts, such as extended payment or warranty terms. To the extent that we enter into customer contracts that include non-standard terms related to payment, warranties, or performance obligations, our results of operations may be adversely impacted.
 
Additionally, our international sales and operations are subject to a number of risks, including the following:
 
 
greater difficulty in enforcing contracts and managing collections, as well as longer collection periods;
 
 
higher costs of doing business internationally, including costs incurred in establishing and maintaining office space and equipment for our international operations;
 
 
management communication and integration problems resulting from cultural and geographic dispersion;
 
 
risks associated with trade restrictions and foreign legal requirements, including any importation, certification, and localization of our products that may be required in foreign countries;

 
greater risk of unexpected changes in regulatory practices, tariffs and tax laws and treaties;
 
 
compliance with anti-bribery laws, including, without limitation, compliance with the U.S. Foreign Corrupt Practices Act, the bribery sections of the Israeli Penal Law, 5737-1977 and the U.K. Bribery Act;
 
 
heightened risk of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of, or irregularities in, financial statements;
 
 
the uncertainty of protection for intellectual property rights in some countries;

 
fluctuations in currency exchange rates;
 
 
general political and economic conditions, including due to the impact of COVID-19, in these foreign markets; and
 
 
double taxation of our international earnings and potentially adverse tax consequences due to changes in the tax laws of the United States, Israel or the other jurisdictions in which we operate.
 
These and other factors could harm our ability to generate future international revenues and, consequently, materially impact our business, results of operations and financial condition.
 
12


Economic and External Risks
 
The security policy management market is rapidly evolving and difficult to predict. If the market does not continue to develop as we anticipate or if our target customers do not adopt our solutions, our revenues may not grow as expected and our share price may decline.
 
We believe our future success depends in large part on growth in the security policy management market in which we compete. The security policy management market is subject to rapid technological change, evolving industry standards and a shift in the enforcement or scope of regulations to which our customers are subject, as well as changing customer needs, requirements and preferences. As such, it is difficult to predict important market trends, including potential growth. For example, organizations that currently use homegrown tools may believe that they already have sufficient security policy management products. Therefore, such organizations may allocate all or most of their network infrastructure budgets on other products and may not adopt our solutions in addition to or in lieu of other existing solutions. If the security policy management market does not continue to develop in the way we anticipate or if organizations do not recognize the benefits our solutions offer in addition to or in place of other existing solutions, then our revenues may not grow as expected and our share price could decline.
 
COVID-19, including the efforts to mitigate its impact, have, and may continue to have, an impact on our business, liquidity, results of operations, financial condition and price of our securities.

The ongoing COVID-19 pandemic, as well as the measures designed to contain and mitigate its effects, have had and will likely continue to have an impact on our business and operations, as well as the operations of our customers. Current efforts to contain or mitigate the spread of COVID-19 and its variants include governmental mandates or voluntary elections taken by companies as preventative measures (e.g. travel restrictions, work from home and quarantine requirements). In the event future variants emerge and trigger additional restrictions and other preventative measures, such efforts may contribute to an economic downturn, which could decrease consumer spending on our products and services, as well as impact our ability to expand our customer base or provide additional services to our current customers.
 
In response to the foregoing COVID-19 restrictions and as part of our ongoing effort to remain operational, we previously implemented, and continue to implement, a hybrid remote work arrangement where we maintain a limited onsite presence in our offices worldwide. To date, we believe such remote work has not had a material adverse impact on our productivity, business and operations. However, due to the uncertainty surrounding the COVID-19 pandemic, prolonging remote work arrangements could cause interruptions to our business continuity and the timing and execution of our business plans as well as our ability to provide our customers effectively and timely with our services, particularly if such arrangements become ineffective or if there is a natural disaster, power outage, connectivity issue, technology failure or other event that would inhibit the ability of our employees to work remotely. Furthermore, the increase in remote work arrangements has heightened the risk of cybersecurity incidents, data breaches or cyber-attacks in the jurisdictions where we operate. Any such incident, breach or attack that occurs with respect to, or is directed at us could have a materially adverse effect due to, among other things, the loss of proprietary data, interruptions or delays in our operations, damage to our reputation and any government-imposed penalties. In addition, continuous remote work arrangements could result in increased turnover or make it more difficult to train new employees. For more information, see “Our ability to enhance our products may be harmed if we are unable to attract and retain sufficient research and development personnel and other highly-skilled engineers, and if we are unable to generate an adequate return on our investment in research and development.”
 
The full impact of COVID-19 on our business and future performance is uncertain due to, among other factors, the emergence and spread of COVID-19 variants, vaccine administration rates and the efficacy of government policies. While our revenues increased in the year ended December 31, 2021 compared to the year ended December 31, 2020, the occurrence of any of these factors could produce future adverse effects by making it more difficult for us to attract new customers and expand within our existing customer base. A prolonged pandemic could also result in extended customer sales cycles; reduced demand for our products and services; lower renewal rates; delayed spending on, or reduced payment frequencies with respect to, our solutions; lower revenue from new customers; or impairment of our ability to collect accounts receivable. We will continue to evaluate our financial position and take the appropriate measures, as necessary, in light of future developments relating to COVID-19.
 
13

 
Estimates of market opportunity and forecasts of market growth included in this annual report and in our public disclosures may prove to be inaccurate.
 
Growth forecasts included in this annual report and in our public disclosures relating to our market opportunity and the expected growth in the security policy management market, which are subject to significant uncertainty, may prove to be inaccurate. We believe our policy management and automation functionalities define a new market, and we are not aware of any third-party research that accurately defines the scope of our directly addressable opportunity. As such, in early 2019 we estimated the market size using third-party data and, when third-party data was not available, internal estimates. We segment enterprises based on our estimates of their network infrastructure size and their need for our solutions across their networks, and apply an average annual billings figure per segment based on an estimated prior five years of inventory, resulting in an estimated directly addressable market of $10.3 billion, which includes on-premise firewalls, private cloud and public cloud orchestration segments.
 
The addressable market we estimate may not materialize for many years. Even if the markets in which we compete meet the size estimates and growth forecast in this annual report or in our public disclosures, our business could fail to grow at similar rates. Our growth is subject to many factors, including our success in implementing our business strategy, which is subject to many risks and uncertainties. Accordingly, the forecasts of market growth included in this annual report or in our public disclosures are not indicative of our future growth.
 
Our investment portfolio may be adversely affected by market conditions and interest rates.
 
We maintain substantial balances of liquid investments for operational and general corporate purposes. Our marketable securities amounted to $41.7 million as of December 31, 2021, of total $89.4 million of cash and cash equivalents, restricted bank deposits, short-term marketable securities and long-term marketable securities. Our investments in marketable securities might be negatively affected by liquidity, credit deterioration, financial results and interest rate fluctuations, as well as other factors which may be impacted by market downturns or events that affect global financial markets. We generally buy and hold our marketable securities portfolio with the objective to minimize the potential risk of principal loss. Our investment policy sets limits for minimum credit rating and maximum concentration per issuer, as well as maximum time to maturity. Our investments consist primarily of government and corporate debentures.

Although we believe that we generally adhere to conservative investment guidelines, the continuing uncertainty in the financial markets, including due to COVID-19 and its impacts on global economic conditions, may result in impairments of the carrying value of our investment assets. Any significant decline in our financial income or the value of our investments as a result of the changes in interest rates and interest rate expectations of the financial markets, deterioration in the credit rating of the securities in which we have invested, or general market conditions, could have an adverse effect on our results of operations and financial condition.
 
Prolonged economic uncertainties or downturns could negatively impact our customers’ businesses and cause them to reduce their spending on security policy management, which could impact our ability to sell our products and services, reduce our revenues and materially adversely affect our business.
 
Our business depends on our current and prospective customers’ ability and willingness to invest money in security policy management, which in turn is dependent upon their overall economic health. Negative economic conditions in the global economy, particularly in the United States and the EMEA, could cause a decrease in business investments, including corporate spending on security software and adversely impact the security policy management market and, therefore, our ability to grow our business. These conditions include, for instance, those resulting from COVID-19, changes in gross domestic product growth, potential future government shutdowns or restrictions, financial and credit market fluctuations or the unavailability of credit. The Americas accounted for the majority of our revenues in each of the fiscal years ended December 31, 2019, 2020 and 2021. EMEA also accounted for a significant portion of our revenues in each of the fiscal years ended December 31, 2020 and 2021, with revenues generated in Germany 29% and 30%, respectively, of EMEA revenues. Economic downturns and geopolitical challenges in the Americas, EMEA or certain other parts of the world critical to our operations may cause our customers in those locations to reevaluate decisions to purchase our solutions or to delay or reduce their technology purchasing decisions, which could adversely impact our results of operations. For instance, rising tensions between Russia and Ukraine, recently resulting in Russia’s invasion of Ukraine, and the possibility of retaliatory measures taken by the U.S. and NATO have created global security concerns that could have a lasting adverse impact on regional and global economies, and in turn, on our customers’ decision to purchase our products.
 
In addition, a significant portion of our revenues is generated from customers in the financial services industry, including banking and insurance, as well as the telecommunications industry. In the fiscal years ended December 31, 2020 and 2021, we generated approximately 48% and 45%, respectively, of our revenues from customers in the financial services and telecommunications industries. Negative economic conditions may cause customers in those industries to reduce or delay their IT spending. Customers may delay or cancel IT projects, choose to focus on in-house development efforts or seek to lower their costs by renegotiating maintenance and support agreements. To the extent our current and potential customers consider purchases of licenses for our software to be discretionary and choose to delay or reduce their IT spending, our revenues could be disproportionately affected.
 
14


Legal, Regulatory and Security Risks
 
Our business and reputation could be harmed if cybersecurity risks materialize.
 
Our customers face increasingly sophisticated and targeted cyberthreats, including as a result of the increase in remote working arrangements due to COVID-19. Many of our enterprise customers are experiencing more cyberthreats as enterprise networks are becoming increasingly fragmented with firewalls from different vendors, public and private clouds and microservices in containers.
 
Security risks include, but are not limited to, unauthorized use or disclosure of customer data, theft of proprietary information, theft of intellectual property, theft of Personal Identifiable Information (PII), theft of financial data and financial reports, loss or corruption of customer data and computer hacking attacks or other cyberattacks. While our products and services specifically aim to offer solutions to these risks, they may nevertheless contain vulnerabilities to such threats, which are a growing and evolving risk and are often difficult or impossible to detect for long periods of time or to successfully defend against.
 
Successful attacks, whether through external or internal actors, could harm the confidentiality, integrity and availability of personal data and other sensitive information, as well as the integrity and availability of our systems, products and services in a manner that could materially and adversely affect our business. Because techniques used to obtain unauthorized access or sabotage systems change frequently and generally are not identified until they are launched against a target, we may be unable to anticipate these techniques or to implement adequate preventative measures. Efforts to implement preventative measures could require us to expend significant capital and other resources to alleviate the problem and to improve technologies, impair our ability to provide services to our customers and protect the privacy of their data, result in product development delays, compromise confidential or technical business information, harm our competitive position, result in theft or misuse of our intellectual property or other assets and expose us to substantial litigation expenses and damages, indemnity and other contractual obligations, government fines and penalties, mitigation expenses, costs for remediation and incentives offered to affected parties, including customers, other business partners and employees, in an effort to maintain business relationships after a breach or other incident, and other liabilities. In addition, such a security breach could impair our ability to operate our business, including our ability to provide maintenance and support services to our customers. If this happens, our revenues could decline and our business could suffer. In addition, if we suffer a highly publicized security breach, even if our products and solutions perform effectively, such a breach could cause us to suffer reputational harm, lose existing commercial relationships and customers or deter customers from purchasing additional solutions and prevent new customers from purchasing our solutions. We are continuously working to improve our IT systems, products and services, together with creating security boundaries around our critical and sensitive assets. We provide advanced security awareness training to our employees and contractors that focuses on various aspects of the cybersecurity world. All of these steps are taken in order to mitigate the risk of attack and to ensure our readiness to responsibly handle any security violation or attack. However, because techniques used to obtain unauthorized access or to sabotage systems change frequently and generally are not recognized until successfully launched against a target, we may be unable to anticipate these techniques or to implement adequate preventative measures.
 
We have experienced and expect to continue to experience attempted cyberattacks on our IT systems or networks. To date, none of these attempted cyberattacks has had a material effect on our operations or financial condition. While we devote significant resources to network security, data encryption and other security measures to protect our systems and data, including our own proprietary information and the confidential and personally identifiable information of our customers, employees and channel partners, these measures cannot provide absolute security.
 
We are subject to data protection and privacy laws, regulations, standards, and contractual obligations, the breach of which could subject us to fines and harm our reputation.
 
We are subject to an expanding number of domestic, international and contractual legal requirements regarding privacy, personal data rights and data protection (“Applicable Data Obligations“). The Applicable Data Obligations continue to evolve and address a range of issues, including restrictions or technological requirements regarding the collection, use, storage, protection, retention, and transfer of personal data. Violation of the Applicable Data Obligations could result in substantial fines, penalties and related defense costs. For example, the GDPR provides for penalties that could reach up to20 million Euros, or in the case of an undertaking, up to 4% of a company’s global turnover of the preceding year for the most serious violations, as well as the right to compensation for financial or non-financial damages claimed by individuals under Article 82 of the GDPR.
 
Additionally, we are also subject to the California Consumer Privacy Act (“CCPA”), which came into effect in January 2020 and imposes heightened transparency obligations, adds restrictions on the “sale” of personal information, and creates new data privacy rights for California residents and carries significant enforcement penalties for non-compliance. The California Attorney General enforces the CCPA and can seek an injunction and civil penalties up to $7,500 per intentional violation and $2,500 per other violation. The CCPA also provides California consumers a private right of action for certain data breaches where they can recover up to $750 per incident, per consumer or actual damages, whichever is greater, and which is expected to increase data breach litigation. The CCPA may require us to modify our data practices and policies and to incur substantial costs and expenses in order to comply.
 
15


On November 3, 2020, California voters passed the California Privacy Rights Act (“CPRA”) into law, which will take effect in January 2023 and will significantly modify the CCPA, potentially resulting in further uncertainty and requiring us to incur additional costs and expenses in an effort to comply. More generally, some observers have noted the CCPA and CPRA could mark the beginning of a trend toward more stringent U.S. federal privacy legislation, which could increase our potential liability and adversely affect our business.
 
In addition, we are subject to the Israeli Privacy Protection Law 5741-1981 (the “PPL”), and its regulations, including the Israeli Privacy Protection Regulations (Data Security) 2017 (“Data Security Regulations”, and collectively ”Israeli Law”), which impose obligations with respect to the manner personal data is processed, maintained, transferred, disclosed, accessed and secured, as well as the guidelines of the Israeli Privacy Protection Authority. Failure to comply with the Israeli Law may expose us to administrative fines, civil claims (including class actions), and in certain exceptional and unusual circumstances, criminal liability. The Israeli Privacy Protection Authority may initiate administrative inspection proceedings, from time to time, without any suspicion of any particular breach of the PPL, as the Authority has done in the past with respect to dozens of Israeli organizations in various sectors. In addition, to the extent that any administrative supervision procedure is initiated by the Israeli Privacy Protection Authority that reveals certain irregularities with respect to our compliance with the PPL, in addition to our exposure to administrative fines, civil claims (including class actions) and in certain cases criminal liability, we may also need to take certain remedial actions to rectify such irregularities, which may increase our costs.
 
Any failure or perceived failure by us to comply with our posted privacy policies, our privacy-related obligations to users or other third parties, or any other legal obligations or regulatory requirements relating to privacy, data protection, or data security, may result in governmental investigations or enforcement actions, litigation, claims, or public statements against us by consumer advocacy groups or others and could result in significant liability, cause our users to lose trust in us, and otherwise materially and adversely affect our reputation and business.
 
These and other legal requirements may be interpreted and enforced in a manner that is inconsistent with our existing practices or the features of our products and services. We may also be subject to claims of liability or responsibility for the actions of third parties with whom we interact or upon whom we rely in relation to various products and services, including our channel partners. In addition to the possibility of our being subject to enforcement actions, fines, lawsuits and other claims with respect to these and other legal requirements, we could be required to fundamentally change our business activities and practices or modify our products and services, which could have an adverse effect on our business. Any inability to adequately address customer privacy and data protection concerns, even if unfounded, or to comply with Applicable Data Obligations, could result in additional cost and liability to us, damage our reputation, inhibit sales and adversely affect our business.
 
Our use of open source software could negatively affect our ability to sell our software and subject us to possible litigation.
 
We use open source software in our products and our development environments and expect to continue to use open source software in the future. Open source software is typically provided without warranties or assurances of any kind. Some open source licenses contain requirements that the users of such software make available source code for modifications or derivative works we create based upon the open source software used, and many open source licenses include provisions that have not been interpreted by the courts. We monitor and control our use of open source software in an effort to avoid unanticipated conditions or restrictions on our ability to successfully commercialize our products and solutions. We believe that our compliance with the obligations under the various applicable licenses has mitigated the risks that we would trigger any such conditions or restrictions. However, such use may have inadvertently occurred in the development and offering of our products and solutions. If we combine our proprietary software with open source software in a certain manner that is not intended under our policies or monitoring practices, we could, under certain open source licenses, be required to release the source code of our proprietary software to the public. This would allow our competitors to create similar products quickly with lower development effort and ultimately could result in a loss of sales for us.
 
The terms of many open source software licenses have not been interpreted by U.S. or foreign courts, and there is a risk that, once interpreted, those licenses could be construed in a manner that imposes unanticipated conditions or restrictions on our ability to successfully commercialize our products and solutions. For example, certain open source software licenses may be interpreted to require that we offer our products or solutions that use the open source software for no cost; that we make available the source code for modifications or derivative works we create based upon, incorporating or using the open source software (or that we grant third parties the right to decompile, disassemble, reverse engineer or otherwise derive such source code); that we license such modifications or derivative works under the terms of the particular open source license; or that otherwise impose limitations, restrictions or conditions on our ability to use, license, host or distribute our products and solutions in a manner that limits our ability to successfully commercialize our products.
 
This potential litigation could require us to purchase costly licenses or devote additional research and development resources to change our products or services, either of which would have a negative effect on our business and results of operations. In addition, if the license terms for the open source software we utilize change, we may be forced to reengineer our offerings or incur additional costs. Although we monitor the use and incorporation of open source software into our products, we cannot be certain that we have, in all cases, incorporated open source software in our products in a manner that is consistent with the applicable open source license terms.
 
16


We may become a party to commercial disputes, claims and legal actions, which are costly and may result in adverse outcomes for us.
 
Third parties may bring legal actions against us. Such actions, even if without merit, could harm our business. Although we have contractual protections, such as warranty disclaimers and limitation of liability provisions in our standard terms and conditions of sale (and we seek to include those protections when negotiating third party terms and conditions), they may not fully or effectively protect us from claims by customers, commercial relationships or other third parties.
 
In addition, we may become subject to disputes with customers over the terms of our agreements with them. Our agreements with certain larger customers grant those specific customers the right to use our software for specific purposes or within a specific scope. From time to time, we have disagreed with customers over the interpretation of those agreements. Such disagreements may harm our relationships with customers and could ultimately result in legal proceedings.
 
The results of complex legal proceedings, whether brought by us or by others against us, are difficult to predict. An unfavorable resolution of any lawsuit could adversely affect our business, results of operations, prospects or financial condition. Any insurance coverage that we have may not adequately cover all claims asserted against us, or may cover only a portion of such claims. In addition, even if claims do not result in litigation or ultimately are resolved in our favor, such claims could result in our expenditure of funds in attorneys’ fees, and divert management’s time and other resources. Litigation in general and securities litigation in particular, can be expensive, lengthy and disruptive to normal business operations. For example, we are currently named as a defendant in two parallel putative class action lawsuits in the Supreme Court of the State of New York and in the U.S. District Court for the Southern District of New York alleging federal securities law violations in connection with our initial public offering. For more information, see “Item 8A. Financial Information—Consolidated Financial Statements and Other Financial Information—Legal Proceedings.” Based on information currently available and the current stage of the litigation, we are unable to reasonably estimate a possible loss or range of possible losses, if any, with regard to these claims. Our business, results of operations, and financial condition could be materially and adversely affected by such costs and any unfavorable outcomes in current or future litigation.
 
If our products fail to help our customers achieve and maintain compliance with government regulations and industry standards, our business and results of operations could be materially adversely affected.
 
We generate a substantial portion of our revenues from our products and services because they help our customers achieve and maintain compliance with government regulations and industry standards, and we expect that will continue for the foreseeable future. Industry standards may change with little or no notice, including changes that could make them more or less onerous for businesses. Governments may also adopt new laws or regulations, or make changes to existing laws or regulations, that could impact whether our solutions enable our customers to maintain compliance with such laws or regulations. Examples of industry and government regulations include the Payment Card Industry Data Security Standard, or PCI-DSS, the Sarbanes-Oxley Act, the North American Electric Reliability Corporation Critical Infrastructure Protection standards, or NERC-CIP, the General Data Protection Regulation, or GDPR, the NIST Cybersecurity Framework and the Health Insurance Portability and Accountability Act of 1996, or HIPAA. If we are unable to adapt our solutions to changing regulatory standards in a timely manner, or if our solutions fail to expedite our customers’ compliance initiatives, our customers may lose confidence in our products and could switch to products offered by our competitors. In addition, if regulations and standards related to information security change in a manner that makes them less onerous, our customers may view government and industry regulatory compliance as less critical to their businesses, and our customers may be less willing to purchase our products and services. In either case, our sales and financial results would suffer.
 
We are subject to governmental export and import controls that could subject us to liability in the event of non-compliance or impair our ability to compete in international markets.
 
We incorporate encryption capabilities into certain of our products and these products thus may be subject to U.S. or Israeli export control requirements. We are also subject to Israeli regulations controlling the use, import and export of encryption technology since our product development initiatives are primarily conducted in Israel. In December 2013, regulations under the Wassenaar Arrangement for the first time included a chapter on cyber-related matters. We believe that our products do not fall under this chapter; however, in the future we may become subject to this regulation or similar regulations, which would limit our sales and marketing activities and could therefore have an adverse effect on our results of operations. We have satisfied U.S. and Israeli export control requirements to export our products to most customers and jurisdictions outside of the United States and Israel, and we have satisfied other provisions of Israeli law governing the use of encryption technology. If the applicable U.S. and Israeli requirements regarding the export of encryption software or technology change or if we change the encryption means in our products or technology, we may need to satisfy additional requirements in the United States or Israel. Furthermore, various other countries regulate the import of certain encryption products and technology, including import permitting and licensing requirements, and have enacted laws that could limit our ability to distribute our products or could limit our customers’ ability to implement our products in those countries.
 
We are also subject to U.S. and Israeli export control and economic sanctions laws, which prohibit the shipment of certain products to embargoed or sanctioned countries and regions, governments and persons. Our products and technologies could be exported to these sanctioned targets by our channel partners despite the contractual undertakings they have given us and any such export could have negative consequences, including government investigations, penalties and reputational harm. Any change in export or import regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential customers with international operations. Any decreased use of our products or limitation on our ability to export or sell our products would likely adversely affect our business, financial condition and results of operations.
 
17


In addition, in the future we may be subject to defense-related export controls. For example, currently our solutions are not subject to supervision under the Israeli Defense Export Control Law, 5767-2007 (“the Import and Export Decree”) (Export Control over Dual Use Goods, Services and Technology), 5766-2006, but if the definitions of regulated cybersecurity are changed and our products are becoming classified as defense-related, we would become subject to such regulation. In particular, under the Defense Export Control Law, an Israeli company may not conduct “defense marketing activity” without a defense marketing license from the Israeli ministry of defense and may be subject to a requirement to obtain a specific license from the Israeli ministry of defense for any export of defense-related products, services and/or know-how. The definition of defense marketing activity is broad and includes any marketing of “defense equipment, services and/or know-how” outside of Israel or to a non-Israeli, which includes dual-use equipment, services and/or know-how (equipment, services and/or know-how that can be used for civilian or defensive purposes such as our cybersecurity solutions) that is specified in the list of Goods and Dual-Use Technology annexed to the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies, if intended for defense use or defense user only, or is specified under Israeli legislation. Similar issues could arise under the U.S. defense/military export controls under the Arms Export Control Act and the International Traffic in Arms Regulations.
 
Requirements associated with being a public company in the United States require significant resources and management attention.
 
Requirements associated with being a public company in the United States require significant resources and management attention. We are subject to certain reporting requirements of the Securities Exchange Act of 1934, as amended, (“the Exchange Act”), and the other rules and regulations of the Securities and Exchange Commission, (the “SEC”), and the New York Stock Exchange, (the “NYSE”). We are also subject to various other regulatory requirements, including under the Sarbanes-Oxley Act. These rules and regulations have increased, and may continue to increase, our legal, accounting and financial compliance costs and to continue to make some activities more time-consuming and costly. These laws, regulations and standards are subject to varying interpretations, in many cases due to their lack of specificity, and, as a result, their application in practice may evolve over time as new guidance is provided by regulatory and governing bodies. This could result in continuing uncertainty regarding compliance matters and higher costs necessitated by ongoing revisions to disclosure and governance practices.
 
In addition, complying with these rules and regulations and the increasingly complex laws pertaining to public companies requires substantial attention from our senior management, which could divert their attention away from the day-to-day management of our business. These cost increases and the diversion of management’s attention could disrupt our operations and materially and adversely affect our business, financial condition and results of operations. We will also need to continue to hire additional personnel to support our financial reporting function, and may face challenges in doing so.
 
Being a publicly traded company in the United States and being subject to U.S. rules and regulations may also make it more expensive for us to obtain directors and officers liability insurance, and we may be required to accept reduced coverage or incur substantially higher costs to obtain coverage. For example, during our last renewal, the cost of our directors and officers insurance policy premiums substantially increased in light of certain changes in the market for such policies. These factors could also make it more difficult for us to attract and retain qualified members of our board of directors, particularly to serve on our audit committee, and qualified executive officers

As a result of disclosure of information in our filings with the SEC, our business and financial condition have become more visible, which we believe may result in threatened or actual litigation, including by competitors and other third parties. If such claims are successful, our business and results of operations could be adversely affected, and even if the claims do not result in litigation or are resolved in our favor, these claims, and the time and resources necessary to resolve them, could divert the resources of our management and adversely affect our business and results of operations.

18


Risks Related to Our Intellectual Property and Proprietary Rights
 
If we are unable to adequately protect our proprietary technology and intellectual property rights, our business could suffer substantial harm.
 
Our commercial success depends, in part, on our ability to protect our core technologies and other intellectual property assets. We rely on a combination of trade secrets, copyright and trademark laws, patent laws, confidentiality procedures, technical know-how and continuing innovation to protect our intellectual property and maintain our competitive advantage.
 
Our software and other proprietary information are protected by copyright on creation. Copyright registrations, which have so far not been necessary, may be sought on an as-needed basis. We also control access to and use of our proprietary software, proprietary technology and other confidential information through the use of internal and external controls, including contractual agreements containing confidentiality obligations with our employees, independent consultants, independent contractors, professional services team, partners and customers. Our confidentiality agreements are designed to protect our proprietary information, and the clauses requiring assignment of inventions are designed to grant us ownership of technologies that are developed through our relationship with the respective counterparty. Despite our efforts to protect our trade secrets and proprietary rights through intellectual property rights, confidentiality agreements and licenses (including non-disclosure and invention assignment agreements), unauthorized parties may still copy or otherwise obtain and use our intellectual property and technology.
 
In addition, we seek to protect our intellectual property by filing Israeli, U.S. and other foreign patent applications related to our proprietary technology. As of December 31, 2021, we had 14 issued patents in the United States and 5 issued patents in Israel. We may file additional patent applications in the future. In order to benefit from the protection of patents and other intellectual property rights, we must monitor and detect infringement and pursue infringement claims in certain circumstances in relevant jurisdictions, all of which are costly, time-consuming and uncertain. We may choose not to seek patent protection for certain innovations or in certain jurisdictions. Furthermore, the scope of our issued patents may be insufficient, and they may not provide us with any competitive advantages. Our patents and other intellectual property rights may be challenged by others or invalidated through administrative processes or litigation. In addition, the issuance of a patent does not guarantee that we have an absolute right to practice the patented invention. As a result, we may not be able to obtain adequate protection or effectively enforce our issued patents or other intellectual property rights.
 
We cannot assure you that the steps taken by us will deter or prevent infringement or misappropriation of our intellectual property or technology. In addition, the laws of some foreign countries where we operate do not protect our intellectual property and technology to as great an extent as the laws of the United States, and many foreign countries do not enforce these laws as diligently as government agencies and private parties in the United States.
 
We may be subject to intellectual property rights claims by third parties, which may be costly to defend, could require us to pay significant damages and could limit our ability to use certain technologies.
 
Companies in the software and technology industries, including some of our current and potential competitors, own large numbers of copyrights, trademarks, trade secrets and patents, and frequently enter into litigation based on allegations of infringement, misappropriation or other violations of intellectual property rights. From time to time, third parties may assert their patent, copyright, trademark and other intellectual property rights against us, our channel partners or our customers.
 
Successful claims of infringement or misappropriation by a third-party could prevent us from using or distributing certain products or performing certain services or could require us to pay substantial damages (including, for example, treble damages if we are found to have willfully infringed patents and increased statutory damages if we are found to have willfully infringed copyrights), royalties or other fees. Such claims also could require us to cease making, licensing or using solutions that are alleged to infringe or misappropriate the intellectual property of others, to expend additional development resources to attempt to redesign our products or services or otherwise to develop non-infringing technology, to enter into potentially unfavorable royalty or license agreements in order to obtain the right to use necessary technologies or intellectual property rights, and to indemnify our partners and other third parties, including our customers and channel partners whom we typically indemnify against such claims. Even if third parties may offer a license to their intellectual property, the terms of any offered license may not be acceptable, and the failure to obtain a license or the costs associated with any license could cause our business, results of operations or financial condition to be materially and adversely affected.
 
We indemnify our channel partners and customers against claims that our products infringe the intellectual property rights of third parties. Defending against claims of infringement or being deemed to be infringing the intellectual property rights of others could impair our ability to innovate, develop, distribute and sell our current and planned products and services. If we are unable to protect our intellectual property and technology and ensure that we are not violating the intellectual property rights of others, we may find ourselves at a competitive disadvantage to others who need not incur the additional expense, time and effort required to create the innovative products that have enabled us to be successful to date.

19

 
Risks Related to Our Personnel
 
If we are unable to integrate new members of our senior management team, or if we lose the services of some of our senior management or other key personnel, our business, operating results, and financial condition could be adversely affected.

Leadership changes or senior management transitions could cause disruptions to our business. While we do not believe that recent management transitions have materially impacted our business, any failure to ensure continuity in responsibilities and oversight could hinder our strategic planning, business execution and future performance. In particular leadership transitions may result in a loss of personnel with deep institutional and/or technical knowledge, and have the potential to disrupt our operational efficiency and relationships with employees and customers including due to added costs, decreased employee morale and productivity, diversion of management attention and resources to training and attracting new and qualified leadership, and increased churn. We must successfully be able to retain our leadership and senior management positions and in the event of transitions we must effectively and timely integrate new leadership team member within our organization in order for us to achieve our operating objectives.
 
If we do not effectively expand, train and retain our sales force, we may be unable to acquire new customers or sell additional products and services to existing customers, and our business will suffer.
 
Our future success depends, in part, on our ability to expand, train and retain our sales force. If we cannot attract or retain a qualified sales team or experience delays in hiring the necessary number of sales personnel, our business, financial condition and results of operations. may be adversely impacted Any of our employees may terminate their employment at any time, subject to certain notice requirements. Furthermore, our ability to attract and retain a highly skilled sales force is critical to our future success. as we must provide training to our employees on the new processes and procedures associated with our new term-based subscription license model Similarly, recently a growing number of Israeli technology companies went public, or elected to initiate the process of going public, which in turn triggered a significant uptick in recruitment efforts, which threatens our ability to maintain our employees and recruit new talent.
 
In addition, there is intense competition for individuals with sales training and experience. The training and integration of a large number of sales and marketing personnel in a short time requires the allocation of significant internal resources. We invest significant time and resources in training new sales force personnel to understand our solutions and growth strategy. However, there is no guarantee that our recent hires and planned new hires will become as productive as we expect or require, and we may be unable to hire or retain sufficient numbers of qualified individuals in the future in the markets in which we currently operate or where we seek to conduct business. Our failure to hire a sufficient number of qualified sales force members and train them to operate at target performance levels may materially and adversely impact our projected growth rate.
 
Our ability to enhance our products may be harmed if we are unable to attract and retain sufficient research and development personnel and other highly-skilled engineers, and if we are unable to generate an adequate return on our investment in research and development.
 
As a provider of proprietary software solutions that rely upon technological advancements, we rely heavily on our research and development activities to   enhance our products. We consequently depend, in large part, on our ability to attract, motivate and retain sufficient research and development personnel. In addition, because our software solutions are highly complex and are used by our customers to perform critical business functions, we also depend heavily on other technology professionals, including highly-skilled engineers, who are in high demand. In particular, our principal research and development activities are conducted from our headquarters in Israel, and we face significant competition for personnel in this region, where the availability of such personnel is limited and, at present, in short supply. Even despite the ongoing COVID-19 pandemic, there remains a chronic shortage in skilled human capital in the technology sector in Israel, particularly for software companies recruiting research and development, engineers and other experienced technological positions. We face significant competition for suitably skilled developers in this region given the growing number of local companies that are expanding their development activities, as well as the growing number of multinational corporations establishing a presence in Israel. As a result, over the past fiscal year we have experienced an increase in competition for recruiting qualified research and development teams and engineers in Israel where we have a substantial presence and need for skilled employees. We also have a number of employees that work as developers in Bucharest, Romania in order to benefit from the significant pool of talent that is more readily available in this market. In addition, the COVID-19 pandemic has caused a shift to virtual recruiting, which has increased the difficulty with which we are able to timely attract new employees, integrate and introduce them into our corporate culture and retain them for the longer term. Larger companies with whom we compete have expended and will likely continue to expend more resources than we do on employee recruitment and are often better able to offer more favorable compensation and incentive packages than we can. If we are unable to timely attract, retain or train qualified employees, particularly our engineers, salespeople and key managers, our ability to innovate, introduce new products and compete would be adversely impacted, and our financial condition and results of operations may suffer. If we cannot attract or retain a sufficient number of skilled research and development employees and other skilled technological employees, our business, prospects and results of operations could be adversely affected.
 
In order to remain competitive, we expect to continue to dedicate significant financial and other resources to expand upon our research and development teams to assist in developing new solutions, applications and enhancements to our existing products.

20

 
We are dependent on the continued services and performance of our two founders, the loss of either of whom could adversely affect our business.
 
Our business depends on the continued services and performance of our two founders, Reuven Kitov, our Chief Executive Officer and Chairman of the Board of Directors, and Reuven Harrison, our Chief Technology Officer and a director, due to their relevant experience and skills, to execute on our business plan, and to identify and pursue new opportunities and product innovations. We do not carry key man life insurance on either of Mr. Kitov or Mr. Harrison and, even if we did, such coverage would likely be insufficient to compensate us for the loss of their services due to their industry experience and understanding of our business model. The loss of services of either of Mr. Kitov or Mr. Harrison could significantly delay or prevent the achievement of our development and strategic objectives.
 
Our corporate culture has contributed to our success, and if we cannot maintain this culture moving forward, including as a result of COVID-19 and related response measures, we could lose the innovation, creativity and teamwork fostered by our culture, which could adversely affect our business.
 
We believe that our corporate culture, which emphasizes a people-centric, open atmosphere for mentorship and knowledge-sharing among our employees, has been and will continue to be a key contributor to our future success. As part of our preventative measures to prevent the spread COVID-19, we transitioned our employees to remote working arrangements and continue to implement a hybrid remote-work model, where we permit the majority of our employees to work remotely and maintain only limited onsite presence in our offices worldwide. We may find it difficult to maintain our strong corporate culture in light of these remote working conditions, which could negatively impact our culture and therefore limit our ability to innovate and operate effectively. While we continue to plan for the eventual return of employees to our offices, we expect that some of our employees will continue to work from home full-time or part-time. A permanent remote working arrangement for some employees may make it more difficult to preserve culture and values.
 
In addition, we plan to continue to expand our operations, and it may be difficult to maintain our corporate culture as we find, hire and integrate additional international employees. From December 31, 2016 to December 31, 2021, we increased the size of our workforce by 120 employees in Israel and by 164 employees in other countries, representing a 110% increase in our headcount, and we expect to continue to hire new employees in order to support our growth plans. As we continue evolve and grow, we must effectively train, develop and motivate new employees, and as a result of our continued hybrid remote-work model, we may experience greater difficulties assimilating new hires into our corporate culture via virtual platforms. If we do not continue to maintain our corporate culture as we grow, we may be unable to continue to foster the innovation, integrity, diversity, loyalty and collaboration which we believe are necessary to support our growth and our customer-centric focus. Our anticipated headcount growth and potential international expansion may result in a change to our corporate culture, which could adversely affect our business.
 
Risk Related to Our Internal Controls
 
If we fail to implement and maintain effective internal control over financial reporting, we may be unable to report our financial results accurately or meet our reporting obligations.

We are required to comply with the internal control, evaluation, and certification requirements of Section 404(a) of the Sarbanes-Oxley Act and the Public Company Accounting Oversight Board and to report any material weakness in those controls. Once we no longer qualify as an emerging growth company under the JOBS Act, our independent registered public accounting firm will need to attest to the effectiveness of our internal control over financial reporting under Section 404. We will remain an emerging growth company until the earlier of: (1) the last day of the fiscal year (a) following the fifth anniversary of our IPO (which took place in 2019), (b) in which we have total annual gross revenue of at least $1.07 billion or (c) in which we are deemed to be a large accelerated filer, which means the market value of our common equity that is held by  non-affiliates exceeds $700 million as of the end of the prior fiscal year’s second fiscal quarter; and (2) the date on which we have issued more than $1 billion in non-convertible debt securities during the prior three-year period. Thus, unless we lose our status as an emerging growth company under the JOBS Act through other means earlier, we will not be required to obtain an auditor attestation under Section 404(b) of the Sarbanes-Oxley Act until we file our annual report on Form 20-F for the fiscal year ended December 31, 2024.

The process of determining whether our existing internal controls over financial reporting systems are compliant with Section 404(a) and whether there are any material weaknesses or significant deficiencies in our existing internal controls requires the investment of substantial time and resources, including by our Chief Financial Officer and other members of our senior management. This determination and any remedial actions required could divert internal resources and take a significant amount of time and effort to complete and could result in us incurring additional costs that we did not anticipate, including the hiring of outside consultants. We could experience higher than anticipated operating expenses and higher independent auditor fees during and after the implementation of these changes.

Irrespective of compliance with Section 404, any failure of our internal controls could have a material adverse effect on our stated results of operations and harm our reputation. In connection with the issuance of our consolidated financial statements for each of the years ended December 31, 2017, 2018 and 2019, we identified a material weakness in our internal control over financial reporting that we subsequently remediated. If we identify future material weaknesses in our internal control of financial reporting, and if we are unable to implement any of the required changes to our internal control over financial reporting effectively or efficiently or are required to do so earlier than anticipated, it could adversely affect our operations, financial reporting and/or results of operations and could result in an adverse opinion on internal controls from our management and, once we lose our emerging growth company status, our independent auditors. Further, if our internal control over financial reporting is not effective, the reliability of our financial statements may be questioned and our share price may suffer.

21

 
Risks Related to Our Ordinary Shares
 
Our share price has been and will likely continue to be volatile, and you may lose all or part of your investment.
 
Since our initial public offering on April 11, 2019, our ordinary shares have traded as high as $31.04 per share and as low as $5.79 per share through December 31, 2021. On February 23, 2022, the closing bid price of our ordinary shares was $8.22 per share.
 
In addition, the market price of our ordinary shares could be highly volatile and may fluctuate substantially as a result of many factors, including:
 
 
actual or anticipated fluctuations in our results of operations;
 
 
variance in our financial performance from the expectations of market analysts;
 
 
announcements by us or our competitors of significant business developments, changes in service provider relationships, acquisitions or expansion plans;
 
 
changes in the prices of our products and services;
 
 
our involvement in litigation;
 
 
our sale of ordinary shares or other securities in the future;
 
 
market conditions in our industry;
 
 
changes in key personnel;
 
 
the trading volume of our ordinary shares;
 
 
changes in the estimation of the future size and growth rate of our markets; and
 
 
general economic and market conditions, including with respect to COVID-19 and/or geopolitical instability.
 
In addition, the stock markets have experienced extreme price and volume fluctuations. Broad market and industry factors may materially harm the market price of our ordinary shares, regardless of our operating performance. In the past, following periods of volatility in the market price of a company’s securities, securities class action litigation has often been instituted against that company. For example, the Company and its directors and officers are subject to class action lawsuits in the Supreme Court of the State of New York and the Southern District of New York, alleging federal securities law violations in connection with our initial public offering. Based on information currently available and the current stage of the litigation, we are unable to reasonably estimate a possible loss or range of possible losses, if any, with regard to these claims. For more information, see “Item 8A. Financial Information—Consolidated Financial Statements and Other Financial Information—Legal Proceedings.” Low trading volume may also increase the price volatility of our ordinary shares. A thin trading market could cause the price of our ordinary shares to fluctuate significantly more than the stock market as a whole.
 
22


As a foreign private issuer with shares listed on NYSE, we may choose to follow certain home country corporate governance practices instead of otherwise applicable NYSE requirements, which could, in the future, result in less protection than is accorded to investors under rules applicable to domestic U.S. issuers.
 
As a foreign private issuer with shares are listed on NYSE, we may follow certain home country corporate governance practices instead of otherwise applicable NYSE requirements for U.S. domestic issuers. For example, foreign private issuers are permitted to follow home country practices with regard to director nomination procedures and the approval of compensation of officers. Additionally, foreign private issuers are not required to maintain a board comprised of a majority of independent directors. Foreign private issuers are also exempt from NYSE rules that require shareholder approval prior to (i) the adoption or amendment of an equity compensation plan or (ii) the issuance of ordinary shares, or securities convertible into or exercisable for ordinary shares, in private offerings in excess of 20% of a company’s outstanding ordinary shares or voting power, as well as other private offerings to related parties. However, notwithstanding our ability to follow the corporate governance practices of our home country, Israel, we have elected to comply with NYSE corporate governance requirements that are applicable to U.S. domestic issuers. Nevertheless, we may, in the future, decide to rely on foreign private issuer exemptions and follow Israeli home country governance practices in lieu of complying with some or all NYSE corporate governance requirements, which could provide less protection to our investors than is accorded to investors of U.S. domestic issuers. See “Item 6.C. Board Practices—Corporate Governance Practices.”
 
As a foreign private issuer, we are not subject to the provisions of Regulation FD or U.S. proxy rules and are exempt from filing certain reports required pursuant to the Exchange Act
 
As a foreign private issuer, we are exempt from a number of requirements under U.S. securities laws that apply to public companies that are not foreign private issuers. In particular, we are exempt from the rules and regulations under the Exchange Act, related to the furnishing and content of proxy statements, and our officers, directors and principal shareholders are exempt from the reporting and short-swing profit recovery provisions contained in Section 16 of the Exchange Act. In addition, we are not required under the Exchange Act to file annual and current reports and financial statements with the SEC as frequently or as promptly as U.S. domestic companies whose securities are registered under the Exchange Act and we are generally exempt from filing quarterly reports on Form 10-Q containing unaudited financial and other specified information with the SEC under the Exchange Act. We are also exempt from the provisions of Regulation FD, which prohibits issuers from making selective disclosure of material nonpublic information to, among others, broker-dealers and holders of a company’s securities under circumstances in which it is reasonably foreseeable that the holder will trade in such company’s securities on the basis of the information. Even though we intend to comply voluntarily with Regulation FD, these exemptions and leniencies will reduce the frequency and scope of information and protections to which you are entitled as an investor.
 
For so long as we qualify as a foreign private issuer, we are not required to comply with the proxy rules applicable to U.S. domestic filers, including the requirement applicable to emerging growth companies to disclose the compensation of our chief executive officer and other two most highly compensated executive officers on an individual, rather than an aggregate, basis. Nevertheless, regulations promulgated under the Israeli Companies Law 5759-1999(“the Israeli Companies Law”), require us to disclose in the proxy statement for the annual general meeting of our shareholders (or to include a reference therein to other previously furnished public disclosure) the annual compensation of our five most highly compensated executive officers on an individual, rather than an aggregate, basis. This disclosure will not be as extensive as that required of a U.S. domestic issuer. See “Item 6.B. Compensation—Compensation of Directors and Executive Officers.”
 
In order to maintain our current status as a foreign private issuer, either (i) more than 50% of our outstanding voting securities must be directly or indirectly owned of record by non-residents of the United States or (ii)(a) a majority of our executive officers or directors may not be U.S. citizens or residents, (b) more than 50% of our assets cannot be located in the United States and (c) our business must be administered principally outside the United States. In the event U.S. residents directly or indirectly own more than 50% of our outstanding voting securities, we will cease to qualify as a foreign private issuer if we do not meet the requirements set forth in (ii) above.
 
Although we have elected to comply with certain U.S. regulatory provisions, our loss of foreign private issuer status would make such provisions mandatory. The regulatory and compliance costs to us under U.S. securities laws as a U.S. domestic issuer would be significantly higher. If we are not a foreign private issuer, we will be required to file periodic reports and registration statements on U.S. domestic issuer forms with the SEC, which are more detailed and extensive than the forms available to a foreign private issuer. We would also be required to follow U.S. proxy disclosure requirements, including the requirement to disclose more detailed information about the compensation of our senior executive officers on an individual basis. We may also be required to modify certain of our policies to comply with good governance practices associated with U.S. domestic issuers. Such conversion and modifications will involve additional costs. In addition, we would lose our ability to rely upon exemptions from certain corporate governance requirements on U.S. stock exchanges that are available to foreign private issuers.
 

23

 
We may have exposure to greater tax liabilities than anticipated.
 
We have endeavored to structure our activities in a manner so as to minimize our and our subsidiaries’ aggregate tax liabilities. However, we have operations in various taxing jurisdictions, and our tax liabilities in one or more jurisdictions could be more than reported in respect of prior taxable periods and more than anticipated in respect of future taxable periods. In this regard, the amount of income taxes that we pay in future taxable periods could be higher if earnings are lower than anticipated in jurisdictions where lower statutory tax rates apply and higher than anticipated in jurisdictions where higher statutory tax rates apply.
 
In addition, we have entered into transfer pricing arrangements that establish transfer prices for our intercompany operations. However, our transfer pricing procedures are not binding on the applicable taxing authorities. No official authority in any country has made a binding determination as to whether or not we are operating in compliance with its transfer pricing laws. Accordingly, taxing authorities in any of the countries in which we operate could challenge our transfer prices and require us to adjust them to reallocate our income and potentially to pay additional taxes for prior tax periods. For example, the tax authorities in the United States have increased their focus on transfer pricing procedures, which could result in a greater likelihood of a challenge to our transfer pricing arrangements and the risk that we will be required to adjust them and reallocate our income. Such an adjustment could result in a higher effective tax rate than that to which we are currently subject. We expect that the issue of the validity of our transfer pricing procedures will become of greater importance as we continue our expansion in markets in which we currently have a limited presence and attempt to penetrate new markets. Any change to the allocation of our income as a result of reviews by taxing authorities could have a negative effect on our financial condition and results of operations.
 
Moreover, the determination of our worldwide provision for income taxes and other tax liabilities requires significant judgment and the ultimate tax determination is uncertain for many transactions and calculations. Although we believe our estimates are reasonable, our ultimate tax liability may differ from the amounts recorded in our financial statements and may materially adversely affect our financial condition and results of operations in the period or periods for which such determination is made. We have created reserves with respect to tax liabilities where we believe it to be appropriate. However, there can be no assurance that our ultimate tax liability will not exceed the reserves we have created.
 
The Base Erosion and Profit Shifting, or BEPS, project undertaken by the Organization for Economic Cooperation and Development (the “OECD”), may also have adverse consequences on our tax liabilities. The BEPS project contemplates changes to numerous international tax principles, as well as national tax incentives, and these changes, which are being adopted in different manners by individual countries, could adversely affect our income tax liability. Even as countries translate the BEPS recommendations into specific national tax laws, it remains difficult to predict with accuracy the magnitude of any impact that such new rules may have on our financial results.
 
In addition, the 2017 Tax Cuts and Jobs Act (the “TCJA”), made significant changes to the U.S. Internal Revenue Code, including a reduction in the U.S. federal corporate income tax rate from the previous top marginal rate of 35% to a flat rate of 21% and limitations on certain corporate deductions and credits. Also, the TCJA requires complex computations to be performed that were not previously required in U.S. tax law, significant judgments to be made in interpretation of the provisions of the TCJA and significant estimates in calculations and the preparation and analysis of information not previously relevant or regularly produced. The U.S. Treasury Department and the U.S. Internal Revenue Service, or IRS, continue to interpret and issue guidance on how provisions of the TCJA will be applied and administered. Finally, foreign governments may enact tax laws in response to the TCJA that could result in further changes to global taxation and materially adversely affect our financial position and results of operations.
 
24


U.S. holders that own 10% or more of the vote or value of our ordinary shares may suffer adverse tax consequences if we and/or any of our non-U.S. subsidiaries are characterized as a “controlled foreign corporation,” or a CFC, under Section 957(a) of the U.S. Internal Revenue Code of 1986, as amended (the “Code”).
 
A non-U.S. corporation is considered a CFC if more than 50% of (i) the total combined voting power of all classes of shares of such corporation entitled to vote or (ii) the total value of the shares of such corporation, is owned, or is considered as owned by applying certain constructive ownership rules, including certain downward attribution rules, by U.S. shareholders (within the meaning of the Code) on any day during the taxable year of such non-U.S. corporation. Certain U.S. shareholders of a CFC generally are required to include currently in gross income such shareholders’ share of the CFC’s “Subpart F income,” a portion of the CFC’s earnings to the extent the CFC holds certain U.S. property and a portion of the CFC’s “global intangible low-taxed income” (as defined under Section 951A of the Code). Such U.S. shareholders are subject to current U.S. federal income tax with respect to such items, even if the CFC has not made an actual distribution to such shareholders. “Subpart F income” includes, among other things, certain passive income (such as income from dividends, interests, royalties, rents and annuities or gain from the sale of property that produces such types of income) and certain sales and services income arising in connection with transactions between the CFC and a person related to the CFC. “Global intangible low-taxed income” may include most of the remainder of a CFC’s income over a deemed return on its tangible assets.
 
As a result of the ownership of our shares, certain voting arrangements with respect to our shares, and certain changes in the U.S. tax law introduced by the TCJA, we and our non-U.S. subsidiaries may be classified as CFCs in the taxable year ended December 31, 2021 as well as in prior taxable years. These determinations cannot be made with certainty. In the event that we or any of our subsidiaries are a CFC, U.S. holders who hold 10% or more of the vote or value of our ordinary shares may realize adverse U.S. federal income tax consequences, such as current U.S. taxation of Subpart F income and of any such shareholder’s share of our or our subsidiaries’ accumulated non-U.S. earnings and profits (regardless of whether we make any distributions), taxation of amounts treated as global intangible low-taxed income under Section 951A of the Code with respect to such shareholder and being subject to certain reporting requirements with the IRS. Any such U.S. holder who is an individual generally would not be allowed certain tax deductions or foreign tax credits that would be allowed to a U.S. corporation. Investors who are U.S. holders and who hold 10% or more of the vote or value of our ordinary shares should consult their own tax advisors regarding the U.S. tax consequences of acquiring, owning or disposing our ordinary shares and the impact of the TCJA, especially the changes to the rules relating to CFCs.
 
U.S. holders of our ordinary shares may suffer adverse tax consequences if we are characterized as a passive foreign investment company, or a PFIC, under Section 1297(a) of the Code.
 
Generally, if, for any taxable year, at least 75% of our gross income is passive income, or at least 50% of the average quarterly value of our total gross assets (which generally may be measured in part by the market value of our ordinary shares, which is subject to change) is attributable to assets that produce passive income or that are held for the production of passive income, including cash, we would be characterized as a PFIC for U.S. federal income tax purposes. For purposes of these tests, passive income includes dividends, interest, gains from the sale or exchange of investment property and rents and royalties other than rents and royalties which are received from unrelated parties in connection with the active conduct of a trade or business. Additionally, a look-through rule generally applies with respect to 25% or more owned subsidiaries. If we are characterized as a PFIC, U.S. holders of our ordinary shares may suffer adverse tax consequences, including having gains realized on the sale of our ordinary shares treated as ordinary income, rather than capital gain, the loss of the preferential tax rate applicable to dividends received on our ordinary shares by individuals who are U.S. holders and having interest charges apply to tax payable on distributions by us and to the proceeds of sales of our ordinary shares. In addition, special information reporting may be required. See “Item 10.E. Certain U.S. Federal Income Tax Consequences—Passive Foreign Investment Company Considerations.”
 
The determination of whether we are a PFIC will depend on the nature and composition of our income and the nature, composition and value of our assets from time to time. The 50% passive asset test described above is generally based on the fair market value of each asset, with the value of goodwill and going concern value determined in large part by reference to the market value of our ordinary shares, which may be volatile. If we are a CFC (determined by disregarding certain downward attribution rules) and not publicly traded for the relevant taxable year, however, the test shall be applied based on the adjusted basis of our assets.
 
25


Recently adopted Treasury Regulations (the “New Regulations”), modify certain of the rules described above. Such modifications include, for example, permitting asset value to be determined more frequently than on a quarterly basis and treating a non-U.S. corporation as publicly traded for a taxable year if the stock of such corporation is publicly traded, other than in de minimis quantities, for at least twenty trading days during such taxable year.
 
The New Regulations generally apply to taxable years of shareholders beginning on or after January 14, 2021. A shareholder, however, may choose to apply such rules for any open taxable year beginning before January 14, 2021, provided that, with respect to a non-U.S. corporation being tested for PFIC status, the shareholder consistently applies certain of the provisions of the New Regulations and certain other Treasury Regulations for such year and all subsequent years. Investors who are U.S. holders should consult their own tax advisors regarding the impact and applicability of the New Regulations.
 
Based on our determination that our shares are properly treated as being publicly traded for the taxable year ended December 31, 2021 and our estimates of the fair market values of our assets, we believe that we should not be classified as a PFIC with respect to the taxable year ended December 31, 2021. However, this determination is subject to uncertainty.
 
In particular, the determination of whether we are, or will be, a PFIC for a taxable year depends, in part, on the application of complex U.S. federal income tax rules, which are subject to differing interpretations. It is possible that the IRS will disagree with the interpretation on which our belief about our PFIC status is based, and no ruling from the IRS concerning our PFIC status has been obtained or is currently planned to be requested. Moreover, because PFIC status is based on our income, assets and activities for the entire taxable year, it is not possible to determine whether we will be characterized as a PFIC for any subsequent year until after the close of the relevant year. We can therefore make no assurances regarding our PFIC status for any taxable year. Our U.S. counsel expresses no opinion with respect to our PFIC status for the taxable year ended December 31, 2021 or for any other taxable year. We will continue to determine whether we were a PFIC or not for each taxable year and make such determination available to U.S. holders.
 
The tax consequences that would apply if we were a PFIC in any taxable year would be different from those described above if a U.S. holder were able to make a valid “qualified electing fund,” or QEF, election. We will use commercially reasonable efforts to make available to U.S. holders such information with respect to the company as is necessary for U.S. holders to make QEF elections with respect to the company for any taxable year in which we determine that we are classified as a PFIC. See “Item 10.E. Certain U.S. Federal Income Tax Consequences—Passive Foreign Investment Company Considerations.”
 
We are an “emerging growth company,” and the reduced disclosure requirements applicable to emerging growth companies may make our ordinary shares less attractive to investors.
 
We are an “emerging growth company,” as defined in the Jumpstart Our Business Startups Act (the “JOBS Act”). We will remain an emerging growth company until the earlier of: (1) the last day of the fiscal year (a) following the fifth anniversary of our IPO (which took place in 2019), (b) in which we have total annual gross revenue of at least $1.07 billion or (c) in which we are deemed to be a large accelerated filer, which means the market value of our common equity that is held by  non-affiliates exceeds $700 million as of the end of the prior fiscal year’s second fiscal quarter; and (2) the date on which we have issued more than $1 billion in non-convertible debt securities during the prior three-year period. Thus, unless we lose our status as an emerging growth company under the JOBS Act through other means earlier, we will be an emerging growth company until December 31, 2024.
 
For so long as we remain an emerging growth company, we are permitted and intend to rely on exemptions from certain disclosure requirements that are applicable to other public companies that are not emerging growth companies. These exemptions include not being required to comply with the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act, not being required to comply with any requirement that may be adopted by the Public Company Accounting Oversight Board regarding mandatory audit firm rotation or a supplement to the auditor’s report providing additional information about the audit and the financial statements, reduced disclosure obligations regarding executive compensation and exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and shareholder approval of any golden parachute payments not previously approved. We cannot predict whether investors will find our ordinary shares less attractive if we rely on these exemptions. If some investors find our ordinary shares less attractive as a result, there may be a less active trading market for our ordinary shares and our share price may be more volatile.
 
We do not intend to pay dividends for the foreseeable future and, as a result, your ability to achieve a return on your investment will depend on appreciation in the price of our ordinary shares.
 
We have never declared or paid any cash dividends on our ordinary shares and do not intend to pay any cash dividends in the foreseeable future. We anticipate that we will retain all of our future earnings for use in the development of our business and for general corporate purposes. In addition, our ability to pay cash dividends is currently limited by the terms of our credit agreements, and any future credit agreements may contain terms prohibiting or limiting the amount of dividends that may be declared or paid on our ordinary shares. Accordingly, investors must rely on sales of their ordinary shares after price appreciation, which may never occur, as the only way to realize any future gains on their investments.
 
Our amended and restated articles of association provide that unless we consent to an alternate forum, the federal district courts of the United States shall be the exclusive forum of resolution of any claims arising under the Securities Act which may impose additional litigation costs on our shareholders.
 
Our amended and restated articles of association provide that other than with respect to plaintiffs or a class of plaintiffs which may be entitled to assert in the courts of the State of Israel, the federal district courts of the United States shall be the exclusive forum for the resolution of any claims arising under the Securities Act or the Federal Forum Provision. While the Federal Forum Provision does not restrict the ability of our shareholders to bring claims under the Securities Act, nor does it affect the remedies available thereunder if such claims are successful, we recognize that it may limit shareholders ability to bring a claim in the judicial forum that they find favorable and may increase certain litigation costs which may discourage the filing of claims under the Securities Act against the Company, its directors and officers.
 
26


Risks Related to Our Incorporation and Location in Israel
 
Our corporate headquarters and principal research and development facilities are located in Israel and, therefore, our business and operations may be adversely affected by political, economic and military conditions in Israel.
 
We are incorporated under Israeli law, and our corporate headquarters and principal research and development facilities are located in Israel. In addition, certain of our directors, executive officers and key employees are residents of Israel. Accordingly, political, economic and military conditions in the Middle East in general, and in Israel in particular, directly affect our business, product development and results of operations. In recent years, Israel has been engaged in sporadic armed conflicts with Hamas, an Islamist terrorist group that controls the Gaza Strip, with Hezbollah, an Islamist terrorist group that controls large portions of southern Lebanon, and with Iranian-backed military forces in Syria. In addition, Iran has threatened to attack Israel and may be developing nuclear weapons. Some of these hostilities were accompanied by missiles being fired from the Gaza Strip against civilian targets in various parts of Israel, including areas in which our employees and some of our consultants are located, and negatively affected business conditions in Israel. Any hostilities involving Israel or the interruption or curtailment of trade between Israel and its trading partners could adversely affect our operations and results of operations. Our corporate headquarters and principal research and development activities are located in the range of missiles that could be fired from Lebanon, Syria or the Gaza Strip into Israel.
 
As of December 31, 2021, we had282  employees based in Israel. In addition, many Israeli citizens are obligated to perform several days, and in some cases more, of annual military reserve duty each year until they reach the age of 40 (or older, for reservists who are military officers or who have certain occupations) and, in the event of a military conflict, may be called to active duty. In response to increases in terrorist activity, there have been periods of significant call-ups of military reservists. It is possible that there will be military reserve duty call-ups in the future. Our operations could be disrupted by such call-ups, which may include the call-up of members of our management. Such disruption could materially adversely affect our business, prospects, financial condition and results of operations.
 
Our commercial insurance does not cover losses that may occur as a result of events associated with war and terrorism. Although the Israeli government currently covers the reinstatement value of direct damages that are caused by terrorist attacks or acts of war, we cannot assure you that this government coverage will be maintained or that it will sufficiently cover our potential damages. Any losses or damages incurred by us could have a material adverse effect on our business. Any armed conflicts or political instability in the region would likely negatively affect business conditions and could harm our results of operations.
 
Further, in the past, the State of Israel and Israeli companies have been subjected to economic boycotts. Several countries still restrict business with the State of Israel and with Israeli companies. These restrictive laws and policies may have an adverse impact on our operating results, financial condition or the expansion of our business. A campaign of boycotts, divestment and sanctions has been undertaken against Israel, which could also adversely impact our business.
 
Exchange rate fluctuations between the U.S. dollar, the New Israeli Shekel, the Euro and other foreign currencies, may negatively affect our future revenues.
 
We generate substantially all of our revenues in U.S. dollars. The majority of our operating expenses are incurred in foreign currencies, and are subject to fluctuations due to changes in foreign currency exchange rates, particularly changes between the U.S. dollar and the New Israeli Shekel(“the NIS”), the Euro and, to a lesser extent, the British Pound. As a result, our financial results may be affected by fluctuations in the exchange rates of currencies in the countries in which our products may be sold. For example, during 2021, we witnessed a strengthening of the average exchange rate of the NIS against the dollar, which increased the dollar value of Israeli expenses. If the NIS strengthens against the dollar, as it did in 2021, the dollar value of our Israeli expenses, mainly personnel and facility-related, will increase. Foreign exchange rates fluctuation have had, and could continue to present challenges in future periods should significant increases in volatility in foreign exchange markets occur. In order to mitigate the volatility in foreign exchange, we have entered into forward contracts with major banks to provide partial protection against foreign currency exchange risks resulting from expenses paid in NIS during the year.
 
Although exposure to currency fluctuations to date has not had a material adverse effect on our business, there can be no assurance that our limited hedging transactions will provide sufficient protection and that such fluctuations in the future will not have a material adverse effect on our operating results and financial condition.
 
27


Our operations may be affected by negative labor conditions in Israel.
 
With respect to our Israeli employees, Israeli labor laws govern the length of the workday, minimum wages for employees, procedures for hiring and dismissing employees, determination of severance pay, annual leave, sick days, advance notice of termination of employment, equal opportunity and anti-discrimination laws and other conditions of employment. Subject to certain exceptions, Israeli law generally requires severance pay upon the retirement, death or dismissal of an employee, and requires us and our employees to make payments to the National Insurance Institute, which is similar to the U.S. Social Security Administration. Our employees have pension plans that comply with the applicable Israeli legal requirements and we make monthly contributions to severance pay funds for all employees, which cover potential severance pay obligations.
 
In Israel, we are subject to certain labor statutes and national labor court precedent rulings, as well as to certain provisions of the collective bargaining agreements between the Histadrut (General Federation of Labor in Israel) and the Coordination Bureau of Economic Organizations including the Industrialists’ Associations. These provisions of collective bargaining agreements are applicable to our Israeli employees by virtue of extension orders issued in accordance with relevant labor laws by the Israeli Ministry of Economy and Industry, and apply our employees even though they are not directly part of a union that has signed a collective bargaining agreement.
 
The laws and labor court rulings that apply to our employees principally concern minimum wage laws, length of the work day and workweek, overtime payment, procedures for dismissing employees, determination of severance pay, leaves of absence (such as annual vacation or maternity leave), sick pay and other conditions for employment. The extension orders which apply to our employees principally concern mandatory contributions to a pension fund or managers’ insurance, annual recreation allowance, travel expenses payment and other conditions of employment. We generally provide our employees with benefits and working conditions beyond the required minimums.

Competition for highly skilled technical and other personnel in Israel is intense, and as a result we may fail to attract, recruit, retain and develop qualified employees, which could materially and adversely impact our business, financial condition and results of operations.
 
We compete in a market marked by rapidly changing technologies and an evolving competitive landscape. In order for us to successfully compete and grow, we must attract, recruit, retain and develop personnel with requisite qualifications to provide expertise across the entire spectrum of our intellectual capital and business needs.

Our principal research and development as well as significant elements of our general and administrative activities are conducted at our headquarters in Israel, and we face significant competition for suitably skilled employees in Israel. While there has been intense competition for qualified human resources in the Israeli high-tech industry historically, the industry experienced record growth and activity in 2021, both at the earlier stages of venture capital and growth equity financings, and at the exit stage of initial public offerings and mergers and acquisitions. This flurry of growth and activity has been causing a sharp increase in job openings in both Israeli high-tech companies and Israeli research and development centers of foreign companies, and intensification of competition between these employers to attract qualified employees in Israel.  As a result, the high-tech industry in Israel has been experiencing significant levels of employee attrition and is currently facing a severe shortage of skilled human capital, including engineering, research and development, sales and customer support personnel. Many of the companies with which we compete for qualified personnel have greater resources than we do, and we may not succeed in recruiting additional experienced or professional personnel, retaining personnel or effectively replacing current personnel who may depart with qualified or effective successors.
 
In addition, as a result of the intense competition for qualified human resources, the Israeli high-tech market has also experienced and may continue to experience significant wage inflation.  Accordingly, our efforts to attract, retain and develop personnel may also result in significant additional expenses, which could incur costs and increase losses. Furthermore, in making employment decisions, particularly in the high-technology industry, job candidates often consider the value of the equity they are to receive in connection with their employment. Employees may be more likely to leave us if the shares they own or the shares underlying their equity incentive awards have significantly appreciated or significantly decreased in value. Many of our employees may receive significant proceeds from sales of our equity in the public markets, which may reduce their motivation to continue to work for us and could heighten the risk of employee attrition.

28


While we utilize non-competition agreements with our employees as a means of improving our employee retention, those agreements may not be effective towards that goal. These agreements prohibit our employees, if they cease working for us, from competing directly with us or working for our competitors for a limited period. We may be unable to enforce these agreements under Israeli law, and it may be difficult for us to restrict our competitors from benefiting from the expertise our former employees developed while working for us.

In light of the foregoing, there can be no assurance that qualified employees will remain in our employ or that we will be able to attract and retain qualified personnel in the future. Failure to retain or attract qualified personnel could have a material adverse effect on our business, financial condition and results of operations.
 
The termination or reduction of tax and other incentives that the Israeli government provides to domestic companies may increase the costs involved in operating a company in Israel.
 
The Israeli government currently provides tax and capital investment incentives to domestic companies, as well as grant and loan programs relating to research and development and marketing and export activities. In recent years, the Israeli government has reduced the benefits available under these programs and the Israeli governmental authorities have indicated that the government may in the future further reduce or eliminate the benefits of those programs. We have taken in the past and may take advantage of these benefits and programs again in the future, however, there is no assurance that such benefits and programs will continue to be available to us in the future. If such benefits and programs were terminated or further reduced, it could have an adverse effect on our business, operating results and financial condition.
 
Enforcing a U.S. judgment against us and our current directors and executive officers, or asserting U.S. securities law claims in Israel, may be difficult.
 
We are incorporated under the laws of the State of Israel. Service of process upon us and upon our directors and executive officers, most of whom reside outside of the United States, and on our auditors, may be difficult to obtain within the United States. Furthermore, because a majority of our assets and most of our directors and executive officers are located outside of the United States, any judgment obtained in the United States against us or any of them may be difficult to collect within the United States.
 
It may be difficult to assert U.S. securities law claims in original actions instituted in Israel. Israeli courts may refuse to hear a claim based on an alleged violation of U.S. securities laws on the basis that Israel is not the most appropriate forum in which to bring such a claim. In addition, even if an Israeli court agrees to hear a claim, it may determine that Israeli law and not U.S. law is applicable to the claim. There is little binding case law in Israel addressing these matters. If U.S. law is found to be applicable, the content of applicable U.S. law must be proven as a fact which can be a time-consuming and costly process. Certain matters of procedure will also be governed by Israeli law.
 
Provisions of our amended and restated articles of association and Israeli law and tax considerations may delay, prevent or make difficult an acquisition of us, which could prevent a change of control and negatively affect the price of our ordinary shares.
 
Israeli corporate law regulates mergers, requires tender offers for acquisitions of shares above specified thresholds, requires special approvals for certain transactions involving directors, officers or significant shareholders and regulates other matters that may be relevant to these types of transactions. These provisions of Israeli law may delay, prevent or make difficult an acquisition of us, which could prevent a change of control and therefore negatively affect the price of our ordinary shares. For example, under the Israeli Companies Law, upon the request of a creditor of either party to a proposed merger, the court may delay or prevent the merger if it concludes that there exists a reasonable concern that as a result of the merger the surviving company will be unable to satisfy the obligations of any of the parties to the merger. In addition, our executive officers and certain other key employees are entitled to certain benefits in connection with a change of control of our company.
 
29


Our amended and restated articles of association provide that our directors (other than external directors, if applicable) are elected on a staggered basis, such that a potential acquirer cannot readily replace our entire board of directors at a single annual general shareholder meeting.
 
Furthermore, Israeli tax considerations may make potential transactions unappealing to us or to our shareholders, especially for those shareholders whose country of residence does not have a tax treaty with Israel, which exempts such shareholders from Israeli tax. For example, Israeli tax law does not recognize tax-free share exchanges to the same extent as U.S. tax law. With respect to mergers, Israeli tax law allows for tax deferral in certain circumstances but makes the deferral contingent on the fulfillment of a number of conditions, including, in some cases, a holding period of two years from the date of the transaction during which sales and dispositions of shares of the participating companies are subject to certain restrictions. Moreover, with respect to certain share swap transactions, the tax deferral is limited in time, and when such time expires, the tax becomes payable even if no disposition of the shares has occurred. In order to benefit from the tax deferral, a pre-ruling from the Israel Tax Authority might be required.
 
We may become subject to claims for remuneration or royalties for assigned service invention rights by our employees, which could result in litigation and adversely affect our business.
 
We have entered into assignment-of-invention agreements with our research and development employees pursuant to which such individuals agreed to assign to us all rights to any inventions created during or as a result of their employment or engagement with us or in our field of business. A significant portion of our intellectual property has been developed by our employees during the course of their employment by us. Under the Israeli Patent Law, 5727-1967(“the Patent Law”), inventions conceived by an employee during the scope of his or her employment with a company and as a result thereof are regarded as “service inventions,” which belong to the employer, absent a specific agreement between the employee and employer giving the employee service invention rights. The Patent Law also provides that if there is no agreement between an employer and an employee with respect to the employee’s right to receive compensation for such “service inventions,” the Israeli Compensation and Royalties Committee(“the Committee”), a body constituted under the Patent Law, shall determine whether the employee is entitled to remuneration for his or her service inventions and the scope and conditions for such remuneration. A recent decision by the Committee clarifies that the right to receive consideration for “service inventions” can be waived by the employee and that in certain circumstances, such waiver does not necessarily have to be explicit. In order to determine the scope and validity of such wavier, the Committee will examine, on a case-by-case basis, the general contractual framework between the parties, using interpretation rules of the general Israeli contract laws. Further, the Committee has not yet determined one specific formula for calculating this remuneration (but rather uses the criteria specified in the Patent Law). Although our employees have agreed to assign to us service invention rights and have specifically waived their right to receive any special remuneration for such assignment beyond their regular salary and benefits, we may face claims that the assignment is not enforceable or demanding remuneration in consideration for assigned inventions. As a consequence of such claims, we could be required to pay additional remuneration or royalties to our current and former employees, or be forced to litigate such claims, which could negatively affect our business.
 
The Israeli government tax benefits that we currently are entitled to receive require us to meet several conditions and may be terminated or reduced in the future.
 
Some of our operations in Israel may entitle us to certain tax benefits under the Israeli Law for the Encouragement of Capital Investments, 5719-1959 (the “Investment Law”), once we are profitable. If we do not meet the requirements for maintaining these benefits, they may be reduced or canceled and the relevant operations would be subject to Israeli corporate tax at the standard rate, which is set at 23% in 2020 and thereafter. In addition to being subject to the standard corporate tax rate, we could be required to refund any tax benefits that we have already received, plus interest and penalties thereon. Even if we continue to meet the relevant requirements, the tax benefits that our current “Beneficiary Enterprise” is entitled to may not be continued in the future at their current levels or at all. If these tax benefits were reduced or eliminated, the amount of taxes that we pay would likely increase, as all of our operations would consequently be subject to corporate tax at the standard rate, which could adversely affect our results of operations. Additionally, if we increase our activities outside of Israel, for example, by way of acquisitions, our increased activities may not be eligible for inclusion in Israeli tax benefits programs.
 
Our investors’ rights and responsibilities as shareholders are, and will continue to be, governed by Israeli law, which differs in some material respects from the rights and responsibilities of shareholders of U.S. companies.
 
The rights and responsibilities of the holders of our ordinary shares are governed by our amended and restated articles of association and by Israeli law. These rights and responsibilities differ in some material respects from the rights and responsibilities of shareholders in U.S. corporations. For example, a shareholder of an Israeli company has a duty to act in good faith and in a customary manner in exercising its rights and performing its obligations towards such company and its shareholders, and to refrain from abusing its power in such company, including voting at a general meeting of shareholders on matters such as amendments to a company’s articles of association, increases in a company’s authorized share capital, mergers and acquisitions and related party transactions requiring shareholder approval. In addition, a shareholder who is aware that it possesses the power to determine the outcome of a shareholder vote or to appoint or prevent the appointment of a director or executive officer in the company has a duty of fairness toward the company. There is limited case law available to assist us in understanding the nature of these duties or the implications of these provisions. These provisions may be interpreted to impose additional obligations and liabilities on holders of our ordinary shares that are not typically imposed on shareholders of U.S. corporations.
 
30


Our amended and restated articles of association provide that unless the Company consents otherwise, the Tel Aviv District Court (Economic Division), Israel shall be the sole and exclusive forum for substantially all disputes between the Company and its shareholders under the Israeli Companies Law and the Israeli Securities Law, which could limit its shareholders ability to brings claims and proceedings against, as well as obtain favorable judicial forum for disputes with the Company, its directors, officers and other employees.
 
The Tel Aviv District Court (Economic Division), Israel shall be the exclusive forum for (i) any derivative action or proceeding brought on behalf of the Company, (ii) any action asserting a claim of breach of fiduciary duty owed by any director, officer or other employee of the Company to the Company or the Company’s shareholders or (iii) any action asserting a claim arising pursuant to any provision of the Israeli Companies Law or the Israeli Securities Law. This exclusive forum provisions is intended to apply to claims arising under Israeli Law and would not apply to claims brought pursuant to the Securities Act or the Exchange Act or any other claim for which federal courts would have exclusive jurisdiction. Such exclusive forum provision in our amended and restated articles of association will not relive the Company of its duties to comply with federal securities laws and the rules and regulations thereunder, and shareholders of the Company will not be deemed to have waived the Company’s compliance with these laws, rules and regulations. This exclusive forum provision may limit a shareholders ability to bring a claim in a judicial forum of its choosing for disputes with the Company or its directors or other employees which may discourage lawsuits against the Company, its directors, officers and employees.
 
General Risk Factors
 
If securities or industry analysts cease to publish research or publish inaccurate or unfavorable research reports about our business, our share price and trading volume could decline.
 
The trading price for our ordinary shares is affected by any research or reports that securities or industry analysts publish about us or our business. If one or more of the analysts who cover us or our business publish inaccurate or unfavorable research about us or our business, and in particular, if they downgrade their evaluations of our ordinary shares, the price of our ordinary shares would likely decline. If one or more of these analysts cease coverage of our business, we could lose visibility in the market for our ordinary shares, which in turn could cause our share price to decline.
 
We may acquire other businesses, which could require significant management attention, disrupt our business, dilute shareholder value and adversely affect our results of operations.
 
As part of our business strategy and in order to remain competitive, we may acquire or make investments in complementary companies, products or technologies. However, we have not made any acquisitions to date, and as a result, our ability as an organization to acquire and integrate other companies, products or technologies in a successful manner is unproven. We may not be able to find suitable acquisition candidates, and we may not be able to complete such acquisitions on favorable terms, if at all. If we do complete acquisitions, we may not ultimately strengthen our competitive position or achieve our goals, and any acquisitions we complete could be viewed negatively by our customers, analysts and investors. In addition, if we are unsuccessful at integrating such acquisitions or the technologies associated with such acquisitions, our revenues and results of operations could be adversely affected. Any integration process may require significant time and resources, and we may not be able to manage the process successfully. We may not successfully evaluate or utilize the acquired technology or personnel or accurately forecast the financial impact of an acquisition transaction, including accounting charges. We may have to pay cash, incur debt or issue equity securities to pay for any such acquisition, each of which could adversely affect our financial condition or the value of our ordinary shares. The sale of equity or issuance of debt to finance any such acquisitions could result in dilution to our shareholders. The incurrence of indebtedness would result in increased fixed obligations and could also include covenants or other restrictions that would impede our ability to manage our operations.

31

 
ITEM 4. INFORMATION ON THE COMPANY
 

A.
History and Development of the Company
 
The legal name of our company is Tufin Software Technologies Ltd. and we are organized under the laws of the State of Israel. We were founded in 2005 with the goal of introducing a centralized security management layer that analyzes, defines and implements enterprise-specific security policies. In April 2019, we completed an initial public offering on NYSE. We believe we were the first company to introduce security policy automation solutions with SecureChange and SecureApp, and we believe our position as a market leader reinforces our brand and supports our position as one of the most prominent players in the increasingly important security policy management market. Our Tufin Orchestration Suite, a comprehensive policy management platform, is currently comprised of four products: SecureTrack, SecureChange, SecureApp and SecureCloud. Additionally, we provide a set of extensions and applications for the suite through the Tufin Marketplace.
 
We are a company limited by shares organized under the laws of the State of Israel. We are registered with the Israeli Registrar of Companies. Our registration number is 51-362739-8. Our principal executive offices are located at 5 HaShalom Road, ToHa Tower, Tel Aviv 6789205, Israel, and our telephone number is +972 (3) 612-8118. Our website address is www.tufin.com. Information contained on, or that can be accessed through, our website does not constitute a part of this annual report and is not incorporated by reference herein. We have included our website address in this annual report solely for informational purposes. Our SEC filings are available to you on the SEC’s website at http://www.sec.gov. This site contains reports, proxy and information statements, and other information regarding issuers that file electronically with the SEC. The information on that website is not part of this annual report and is not incorporated by reference herein. Our agent for service of process in the United States is Tufin Software North America, Inc., located at 10 Summer Street, Suite 605, Boston, Massachusetts 02110-1292, and its telephone number is +1 (877) 270-7711.
 
For a discussion of our capital expenditures, see “Item 5. Operating and Financial Review and Prospectus—Liquidity and Capital Resources.”
 

B.
Business Overview    
 
We are pioneering a policy-centric approach to security and information technology (“IT”) operations. We transform enterprises’ security operations by helping them visualize, define and enforce a unified security policy across complex, heterogeneous IT and cloud environments. Our products govern how individuals, systems and applications are permitted to communicate and provide policy-based security automation, enabling customers to reduce the time to securely implement complex network changes from days to minutes. Our solutions increase business agility, eliminate errors from manual processes and ensure continuous compliance through a single console. Since our inception, our solutions have been purchased by over 2,000 customers in over 70 countries, including approximately 19% of the Global 2000.
 
Cybersecurity is critical for enterprises of all sizes. As enterprises embrace digital transformation and adopt new technologies such as cloud-based services, software-defined networks, microservices and containers, the IT and cloud environments become increasingly complex and vulnerable to attack. In response to the heightened threat environment, lack of a defined network perimeter and a constantly changing attack surface, enterprises continue to implement additional firewalls, endpoint security, identity and access management and other security solutions. However, we believe most enterprises lack effective and comprehensive security policy management, which results in a trade-off between the necessary security posture and business requirements for speed, agility and innovation.
 
We believe a new approach to enterprise security is necessary — a data-driven framework centered on policy management and operationalized through policy-based automation, enhancing compliance and security while improving operational efficiency. To address this need, we have developed highly differentiated technology with four main pillars, as described below.
 
 
Policy-centric approach. We enable enterprises to visualize, define and enforce a unified security policy that acts as the foundation of governance and control, replacing ad-hoc configurations across fragmented networks.
 
 
Automated network changes. We automate the network change process across complex, heterogeneous environments, increasing business agility, enabling faster application deployment and reducing human error.
 
 
Data-driven insights. Our approach draws data from across a customer’s IT and cloud environments, providing insights on connectivity and end-to-end visibility across the network.
 
 
Open and extensible framework. Our open solutions serve as a centralized control layer for our customers’ networks and cloud environments, and can connect to a wide range of third-party technologies through application program interfaces, or APIs.
 
32


We offer four products that comprise the Tufin Orchestration Suite: SecureTrack, SecureChange, SecureApp and SecureCloud. We also offer a digital platform of applications and extensions through the Tufin Marketplace. SecureTrack, SecureChange and SecureApp enable enterprises to visualize, define and enforce their security policy across heterogeneous networks, both on premise and in the cloud. SecureTrack serves as the foundation of SecureChange and SecureApp. SecureTrack provides visibility across the network and public cloud, and helps organizations define a unified security policy and maintain compliance. SecureChange provides customers with the ability to automate changes across the network and public cloud while maintaining compliance with policy and security standards. SecureApp provides application connectivity management and streamlines communication between application developers and network engineers. SecureCloud provides cloud security policy management for cloud-native environments. The Tufin Marketplace provides apps and extensions from Tufin and our community of cybersecurity partners that maximize return-on-investment by enhancing the overall value of security policy management implementations.

While historically we sold our products primarily as an on-premises perpetual license with annual maintenance, in 2021 we initiated our transition to a term-based subscription license model. In this business model and in accordance with the terms of the given agreement, the customer has the right to use the software over a designated period of time.

We sell our products and services through our sales force, including our field sales team and our inside sales team, which works closely with our global network of over 150 active channel partners as of December 31, 2021. Our channel partners include distributors and resellers, as well as service delivery partners that help customers successfully deploy, configure, customize and maintain our products and services.
 
For the years ended December 31, 2020 and 2021, our revenues were $100.8 million and $110.9 million, respectively, representing a year-over-year increase of 10%. For the years ended December 31, 2020 and 2021, our net loss was $35.4 million and $36.9 million, respectively.

Industry Background   
 
Enterprises that lack a comprehensive security policy are facing challenges in balancing the necessary security and risk posture with their business requirements, leaving security, network and compliance professionals overwhelmed. Several industry trends contribute to operational challenges in managing risk, as set forth below:
 
 
Increasing frequency and sophistication of cyberattacks. Enterprises worldwide are under constant security threat from both external cyberattacks and malicious insiders in search of sensitive information and vital systems. Cyberattacks are increasingly able to breach networks and cloud infrastructures, and locate and steal sensitive enterprise data. As a result, numerous enterprise boards are prioritizing and reshaping their cybersecurity approaches.
 
 
Growing complexity of software-defined networks. Enterprises have been undergoing a digital transformation. They are rapidly shifting on-premise workloads to cloud environments to meet the changing demands of their markets and customers. To keep pace with this transformation, enterprises design scalable and flexible workloads and connections, which increase network complexity and the velocity of changes. The rise of technologies such as microservices and containers introduces additional complexity. The growing use of these dynamic technologies has raised business expectations on agility and increased the need for a unified security approach across networks, applications and the cloud.
 
 
Accelerating pace of application development and deployment. The accelerating pace of business and technological developments requires numerous and continuous application and infrastructure changes. The rise of the DevOps model, which is a set of software development practices that allows applications and features to be rapidly developed and deployed, has led to increased release velocity. Enterprises that use manual change processes struggle to keep pace and lack policy consistency, resulting in an ever-growing backlog of changes, delayed software releases and heightened security exposure.
 
 
Evolving regulatory and compliance requirements. Global enterprises need to maintain compliance with a new wave of government regulations, corporate security policies and industry standards related to privacy and cybersecurity. Manual changes to network policy are difficult to track and are more likely to be non-compliant. As a result, enterprises seek cost-efficient security solutions to meet compliance requirements.
 
 
Legacy security approaches can no longer address cybersecurity threats in the ever-changing IT and cloud environments. Traditional security policy management approaches address governance and control, but lack critical characteristics such as a unified security policy, automation, scalability, end-to-end visibility and extensibility. We believe a new approach to enterprise security is necessary: a data-driven framework centered on policy management and operationalized through automation.
 
33


Our Products
 
Security and IT operations management has become an increasingly resource-intensive and high-risk task for enterprises. The accelerating pace of business and technological developments require numerous application and infrastructure changes, and enterprise networks are becoming increasingly complex. Enterprises often rely on their in-house network and security teams to manually process change requests, which increases the risk of human error and cybersecurity vulnerabilities and delays the pace of application releases.
 
Enterprises use our security policy management products to create a unified security policy and give them the ability to implement accurate network changes in minutes instead of days while improving their security posture and business agility. We offer four products that comprise the Tufin Orchestration Suite: SecureTrack, SecureChange, SecureApp and SecureCloud. SecureTrack, SecureChange and SecureApp enable enterprises to unify, visualize and control their security policy across heterogeneous networks, both on premise and in the cloud. SecureCloud provides visibility and control into the security posture of cloud-native and hybrid cloud environments.
 
In 2020, we launched the Tufin Marketplace, a digital platform where customers can find and deploy apps and extensions that enhance the overall value of their security policy management implementations. Powered by Tufin and our community of cybersecurity partners, the Tufin Marketplace provides apps that maximize return-on-investment by integrating security policy data with other security technologies and practices.
 
To date, the most popular apps developed by Tufin and offered through the Tufin Marketplace are the SecureTrack Reports Pack, SecureChange Reports Pack and the Vulnerability Mitigation App.
 
 
34


Security Policy Automation for the Extended Enterprise
 
The Tufin Orchestration Suite provides a policy-centric solution for automatically designing, provisioning, analyzing and auditing enterprise security changes. From applications to firewalls, our products provide advanced automation capabilities to increase business agility, eliminate errors stemming from manual processes and ensure continuous compliance through a single interface. Our unified security policy empowers network and IT security teams to effectively safeguard complex, heterogeneous environments through a central security policy, which can be applied over all of their IT and cloud environments and across different platforms.
 
The majority of our customers initially purchase SecureTrack to monitor a portion of their networks. Initial product deployments frequently expand across networks, departments, divisions and geographies in response to a need for an enterprise-wide approach for security policy management, as well as the need to automate the network change process. Our “land and expand” sales strategy capitalizes on this potential. As we expanded our portfolio of solutions within the Tufin Orchestration Suite, customers have increasingly purchased SecureChange and SecureApp on top of their initial transactions. With the accelerated adoption of cloud infrastructure for application workloads, customers are purchasing SecureCloud to expand their visibility and control through security policy management into cloud-native and hybrid cloud environments.
 
SecureTrack. Enterprises use SecureTrack to understand their enterprise security infrastructure and manage a wide range of devices from a central console. SecureTrack enables security administrators to define and manage a centralized security policy, minimize the attack surface and ensure continuous compliance across the network. SecureTrack also provides a foundation for our customers to use SecureChange and SecureApp, and delivers the following key benefits:
 
 
Policy definition. SecureTrack includes our unified security policy, which visualizes, defines and enforces a zone-to-zone segmentation policy that dictates how users, systems and applications can communicate across the entire enterprise. Our unified security policy serves as the security policy framework for the Tufin Orchestration Suite.
 
 
Security and compliance. SecureTrack provides monitoring, assessment and alerts on security and compliance risk, ensuring real-time accountability, transparency and consistency with the unified security policy. It also generates a variety of configurable audit reports that support regulatory compliance standards.
 
 
Visibility. SecureTrack builds a dynamic topology map of network connectivity across the enterprise and the cloud. It also provides real-time visibility into all security policy configurations and changes. This visibility enables security teams to efficiently manage configuration changes, troubleshoot problems and prepare for audits.
 
SecureChange. SecureChange is the change management and automation component of the Tufin Orchestration Suite. Enterprises use SecureChange to quickly and accurately assess, provision and verify security configuration changes across physical networks and cloud platforms, while maintaining security and compliance. SecureChange delivers the following key benefits:
 
 
Business agility. SecureChange increases business agility through security change automation. It automates manual change processes, giving them the ability to implement changes in minutes instead of days.
 
 
Security and compliance. SecureChange proactively checks every change request for risk and compliance against the unified security policy before and after changes are implemented. It also maintains comprehensive ticket and process documentation, which reduces the need for painstaking information gathering and analysis before internal and external audits.
 
 
Control and accuracy. SecureChange reduces inaccuracies due to human error through automated change design and provisioning for multi-vendor environments.
 
35


SecureApp. SecureApp is the application management and secure connectivity automation component of the Tufin Orchestration Suite. Enterprises use SecureApp to define, manage and monitor network connectivity for their applications. SecureApp delivers the following key benefits:
 
 
Visibility and control. SecureApp provides an intuitive interface to define application-critical connectivity needs. It serves as a central repository of application connectivity requirements and indicates current connectivity status.
 
 
Business continuity and agility. SecureApp monitors network device configurations and alerts security administrators to changes that could affect application availability. SecureApp also provides graphical diagnostic tools that help our customers identify, troubleshoot and automatically repair connectivity issues. By providing detailed insight into an application’s connectivity needs and status, SecureApp accelerates service deployment, provides business continuity and simplifies network operations.
 
 
Security and compliance. SecureApp proactively creates clean, reliable network configurations. It automatically recommends policy rule changes and decommissions unnecessary network access paths that can lead to a security breach.
 
SecureCloud. SecureCloud is a security policy management service for cloud-native, multi-cloud, and hybrid-cloud applications and workloads. Enterprises use SecureCloud to gain visibility into their cloud security posture, establish security policy guardrails, and ensure compliance with these security policies by integrating with DevOps processes and tools to reduce risk and maintain security without compromising speed and agility. SecureCloud delivers the following key benefits:
 
 
Visibility. SecureCloud provides visibility into the security of application connectivity in the cloud through the assessment of cloud access controls. SecureCloud displays vulnerabilities and overly permissive access paths. ensuring adherence to industry standards and best practices.
 
 
Security Guardrails. SecureCloud defines policies to secure application connectivity across cloud-native, multi-cloud, and hybrid-cloud -platforms. SecureCloud automatically generates the cloud-native control code required to enforce these policies, saving enterprises the cost and overhead of using third-party products that introduce proprietary control points across their cloud environment.
 
 
Continuous Compliance. SecureCloud integrates directly into cloud-native application development processes and DevOps CI/CD automation pipelines, ensuring continuous compliance checks of enterprise security policy throughout the entire life-cycle of cloud application development and deployment efforts.
 
 
Enterprise-wide Security Policy Management. With SecureCloud, Tufin Orchestration Suite provides a comprehensive platform that enterprises can use to manage security policies across their entire estate, from on-premise to hybrid cloud environments.
 
Vulnerability Mitigation App (VMA). The Tufin Vulnerability Mitigation App (VMA), offered as part of the Tufin Marketplace, enables organizations to prioritize remediation and mitigation efforts by enhancing vulnerability scanner output with network insights. By combining vulnerability measures (e.g. CVSS and severity) with insights into how these vulnerabilities may be accessed and exploited via the network, customers have the context to identify and address vulnerabilities that pose the greatest threat to their critical business assets.
 
 
Out-of-the-Box Integration. VMA provides out-of-the-box integration with the most widely used vulnerability management solutions, including Rapid7 Nexpose, Rapid7 InsightVM, Qualys VMDR, Tenable.io, and Tenable.sc.
 
 
Risk Mitigation. Tufin VMA automates risk mitigation by implementing network changes that block access to the critical asset until vulnerability remediation efforts can be fully implemented.
 
 
Comprehensive Dashboard. VMA also includes a comprehensive dashboard, monitors and measures risk exposure over time, and highlights overall vulnerability exposure and the impact of mitigation and remediation efforts networkwide.
 

36

 
Our Technology
 
Our comprehensive security policy management solutions rely on a set of proprietary technologies that provide a high level of security, scalability and performance. Our core technologies, which serve as the foundation of both our network and cloud-based products, include analysis engines, a provisioning engine, Application Programming Interface (“API”) integrations and infrastructure technology.
 
 
Analysis Engines
 
 
Topology intelligence. Our topology intelligence engine uses network routing algorithms to calculate the paths between different points on the network and provides our customers with a graphic display of devices and data flows. Network administrators use our topology intelligence to quickly determine which devices and cloud platforms a network connection can traverse, which enables them to automate network path analysis and troubleshoot issues.
 
 
Network usage analysis engine. Our network usage analysis engine detects unused elements of a security policy by analyzing network flows and traffic hits over a specified time period. Our technology leverages an automated workflow process to decommission unnecessary access and reduce the attack surface.
 
 
Policy analysis engine. Our policy analysis engine calculates the expected connectivity and access behavior of network devices and cloud platforms. Security administrators can use different parameters and logic to determine in real time if supported network devices and cloud security groups will allow or block specific connections.
 
 
Risk and compliance analysis engines. Our risk engine proactively analyzes risk by identifying potential security violations, checking the existing configuration or the proposed access changes against the unified security policy. Our compliance analysis engine creates an audit trail in real time by automatically documenting any remedial changes.
 
Our technology also provides cloud-based security automation for applications developed in CI/CD mode. Our CI/CD vulnerability scanning and compliance validation embeds security at the development and testing stage, and enables our customers’ DevOps teams to quickly identify security issues, reducing the probability of vulnerabilities in production environments.
 
 
Change designer engine. Our change designer engine automates enterprise security access requests. It first identifies the connection-relevant network devices and cloud platforms based on topology intelligence, and then recommends the optimal policy change based on information from the policy analysis engine. Our technology provides vendor-specific suggestions that maximize security and performance, while offering accurate configuration changes designed to be intuitive and user friendly.
 
37


Provisioning Engine
 
 
Change provisioning engine. Our technology automatically implements policy changes approved by security administrators. Our automated change provisioning engine supports all major network, security and cloud vendors. In zero-touch automation mode, our technology automatically applies recommended policy changes without the need for human intervention.
 
API Integrations
 
 
Extensible APIs. Our technology features a RESTful API framework to enable extensibility and interoperability with third-party systems, including ticketing and service management systems such as ServiceNow and BMC Remedy. Our professional services team, as well as our customers and partners, use the API framework to supplement the Tufin Orchestration Suite with additional functionality by integrating with the third-party security ecosystem. We integrate with leading network and cloud platforms, such as Checkpoint, Cisco, Fortinet, Palo Alto Networks, F5 Networks, Forcepoint, Juniper Networks, VMware, AWS, Google Cloud, Microsoft Azure and Kubernetes, to provide vendor agnostic solutions, which is key to our value proposition. In addition, we believe our technology alliance partner program, which is an ecosystem of technology partners who build certified integrations to our products, helps to expand our common use cases.

Infrastructure Technology
 
 
Distributed architecture. Customers can deploy our products across multiple distributed servers. Rather than monitoring all devices and platforms from a single server, remote collectors monitor local network devices (e.g., firewalls and routers), process the raw data and upload compressed data to a central server over a secure connection. Using a fully distributed architecture, our products can easily scale to meet the demands of large organizations.
 
 
SaaS architecture. SecureCloud, is offered as Software-as-a-Service, and is able to scale up and scale out to meet the demands of various customer deployment scenarios and architectures, with built in multi-tenancy and high availability.
 
 
Tufin Orchestration Suite Aurora. Aurora is the next generation of the Tufin Orchestration Suite, which runs in microservices on Kubernetes. This architecture will enable us to offer SecureTrack, SecureChange, and SecureApp to our customers as a service in the future. Aurora allows for more agile research and development and gives us the ability to scale out to the largest networks in the world, advancing our leadership in scalability. Also, Aurora provides a refresh and more modern user interface that customers will find easy and intuitive to use.
 
Our Services
 
Professional Services
 
Our professional services team helps customers with product deployment, integration, customization, optimization, operation and training. We support initial product setup, implementation and configuration, and help customers integrate our products with existing third-party applications and internally developed tools. Our professional services team also helps customers define their unified security policy, model their network topology, configure workflows, discover application connectivity and deliver customized reporting according to their requirements. In addition, we provide technical training so that our customers can use our products with confidence. We also enable our authorized service delivery partners to provide similar professional services.
 
Maintenance and Support
 
We offer several levels of technical support for our products by providing customers with access to our user and partner portal, our knowledge center and our regional support centers. We provide customers with software bug repairs, system enhancements and updates, as well as access to our technical support experts. Our support engineers liaise with our product experts to diagnose and solve our customers’ technical challenges. In addition to post-sales support activities, we emphasize service readiness by coordinating with our product management team to define prerequisite product and service quality levels prior to their release. Additionally, our designated support engineers serve as ongoing, accessible customer resources.
 
38


Sales and Marketing
 
Sales
 
We sell our products and services through our sales force, including our field sales team and our inside sales team, which works closely with our global network of over 150 active channel partners as of December 31, 2021.
 
Our highly trained sales force is responsible for overall market development. Our sales force consists of our field sales team, which accounts for most of our sales, and our inside sales team. Our field sales team targets large organizations, which we define as those comprising the Global 2000, while our inside sales team targets mid-market companies that do not belong to the Global 2000. Within our field sales team, our regional field sales representatives develop new business relationships with our key customers, and our channel account managers support and expand existing relationships with our channel partners. Our sales engineers provide technical expertise and support, and architect our solutions to address the business needs of our customers. Our sales cycle usually lasts several months from proof of concept to purchase order, and is often longer for larger transactions. As of December 31, 2021, we had sales personnel in 19 countries. Although our transition to a term-based subscription license model did not materially change our sales or marketing efforts in 2021, we expect to continue to hire sales personnel in order to support our growth plans.
 
Our channel partners include distributors and resellers, as well as service delivery partners that help customers successfully deploy, configure, customize and maintain our products and services. In addition, on October 2, 2018, we launched our “Tufin as a Service” program – a consumption-based, pay-per-use services model that enables Managed Security Service Providers, or MSSPs, to offer our security policy management solutions to their customers.
 
Marketing
 
Our marketing strategy is focused on promoting brand awareness through differentiated positioning, messaging and thought leadership. We achieve this by educating the market on effective security policy change management, communicating our product advantages and business benefits, generating leads for our sales force and channel partners, and promoting our brand. We market our products and services as enterprise security policy management solutions for complex networks and cloud-based environments.
 
We execute our marketing strategy by leveraging a combination of internal marketing professionals, external marketing partners and a network of platform and technology partners. Our internal marketing enterprise is responsible for branding, digital content generation and targeted advertising through active digital channels. We actively drive thought leadership by providing community education through our online technical webinars in multiple regions. We host and sponsor demand-generation events, including our channel and technical partners’ events and our annual worldwide customer conferences, Tufinnovate, as well as local events for specific customers and prospect accounts in multiple regions. In 2021, we hosted the Tufinnovate conferences virtually, and plan to do the same in 2022. Although some of the face-to-face interaction was not possible in a virtual event, we had double the number of attendees in the virtual Tufinnovate conference, compared to the in person Tufinnovate conferences in 2019. Our conferences and events demonstrate our strong commitment to enabling our partners and customers to succeed, and provide an opportunity to create a pipeline for new sales to prospective customers and additional sales to existing customers.
 
Research and Development
 
Continued investment in research and development is critical to our business. Our research and development efforts focus primarily on improving our existing products and services with additional innovative features and functionality, as well as developing new products and services. For example, we regularly release enhanced capabilities of the Tufin Orchestration Suite. We believe the timely development of new products, including both on-premise and cloud solutions, is essential to maintaining our competitive position.
 
In the years ended December 31, 2020 and 2021, our research and development expenses were $35.0 million and $39.6 million, respectively. We plan to continue investing significantly in research and development initiatives across our global innovation centers in Tel Aviv, Israel, Karmiel, Israel and Bucharest, Romania. By spreading our research and development team across multiple locations, we increase our access to highly-skilled engineering talent, which we believe provides us opportunities for evolution and growth.
 
Intellectual Property
 
Our commercial success depends, in part, on our ability to protect our core technologies and other intellectual property assets. We rely on a combination of trade secrets, copyright and trademark laws, confidentiality procedures, technical know-how and continuing innovation to protect our intellectual property and maintain our competitive advantage. Our technical personnel use their skills, knowledge and experience to develop, strengthen and maintain our proprietary position in the security policy automation market. In addition, we seek to protect our intellectual property by filing Israeli, U.S. and other foreign patent applications related to our proprietary technology.
 
Our software and other proprietary information are protected by copyright on creation. Copyright registrations, which have so far not been necessary, may be sought on an as-needed basis. We also control access to and use of our proprietary software, proprietary technology and other confidential information through the use of internal and external controls, including contractual agreements containing confidentiality obligations with our employees, independent consultants, independent contractors, professional services team, partners and customers. Our confidentiality agreements are designed to protect our proprietary information, and the clauses requiring assignment of inventions are designed to grant us ownership of technologies that are developed through our relationship with the respective counterparty. We also license software from third parties for use in developing our products and for integration into our products, including open source software. Despite our efforts to protect our trade secrets and proprietary rights through intellectual property rights, confidentiality agreements and licenses (including non-disclosure and invention assignment agreements), unauthorized parties may still copy or otherwise obtain and use our intellectual property and technology.
 
39


As of December 31, 2021, we had registered three trademarks in the United States, six trademarks in Israel and two trademarks in the European Union. As of December 31, 2021, we had 14 issued patents in the United States and five issued patents in Israel.
 
Competition
 
The security policy management market in which we operate is relatively new and evolving. We are a leading provider of enterprise security automation and management products. In many cases, our primary competition is in-house, manual, spreadsheet driven processes and home-grown approaches to security management. Our direct competitors include vendors such as AlgoSec, Inc., FireMon, LLC and Skybox Security LLC that offer solutions that compete with all or some of our products or product features. We also indirectly compete with large IT companies that offer a broad array of traditional security management solutions, such as Palo Alto Networks and Cisco Systems, Inc., for a share of enterprises’ IT security budgets. In the cloud, direct competition to SecureCloud has not fully emerged, although our traditional competitors have added some capabilities in this area. The cloud security vendor landscape is crowded and many company offerings overlap. In particular, we may compete with tools from firewall vendors that provide visibility into cloud access policies for their proprietary platforms. SecureCloud is differentiated from such tools by enabling enterprise buyers to avoid vendor lock-in associated with proprietary enforcement solutions, ultimately having the ability to optimize how they enforce policy and manage costs using a security policy management system across multi-vendor environments.
 
As our market further develops, we anticipate that competition will increase based on customer demand for security automation and management solutions. Furthermore, we believe enterprises will allocate an increasing portion of their IT security budgets, and specifically security management spending, to operational security and automation solutions.
 
The principal competitive factors in our market include:
 
 
security change automation;
 
 
multi-vendor integration and heterogeneous network topology;
 
 
application connectivity in modern IT and cloud environments;
 
 
efficacy in provisioned and cloud-native environments;
 
 
suitability for DevOps processes and microservice architectures;
 
 
scalability and overall performance; and
 
 
strong relationships with existing IT vendors.
 
Our Customers
 
Since our inception, our solutions have been purchased by over 2,000 customers in over 70 countries, including approximately 19% of the Global 2000. We sell substantially all of our products and services through our global network of channel partners, including distributors and resellers, who then sell to end-user customers. For the years ended December 31, 2020 and 2021, our two largest channel partners accounted for 15% and 10% of our revenues and 15% and 12% of our revenues, respectively. Our agreements with these channel partners provide that each partner agrees to sell and distribute our products within certain territories for one year. These agreements are nonexclusive and non-transferable, and automatically renew unless terminated by either party after providing prior written notice.
 
When analyzing our business, we refer to end-user customers as our customers throughout this Item, even when our direct commercial relationship is with a channel partner. Our customers include leading enterprises across a broad range of geographies in a diverse set of industries, including financial services, telecommunications, automotive, manufacturing, energy, healthcare and pharmaceuticals, technology, government, retail and business services.
 
Our diverse global footprint is evidenced by the fact that, for the year ended December 31, 2021, we generated 51.3%, 42.3% and 6.4% our revenues from customers in the Americas, EMEA and APAC, respectively.
 
40

Properties
 
Our corporate headquarters are located in Tel Aviv, Israel in an office consisting of approximately 62,859 square feet, where we employ our primary research and development team and a portion of our support and general administrative teams. The lease for this office expires January 31, 2029 (with an option to extend until January 31, 2034). Our U.S. headquarters are located in Boston, Massachusetts in an office consisting of approximately 3,214 rentable square feet, where we employ a portion of our marketing and general administrative teams. The lease for this office expires in December 31, 2023. During the first quarter of 2020, we relocated to a new office in Boston, Massachusetts, consisting of approximately 8,982 rentable square feet. We also lease an office in Karmiel, Israel (which serves as a research and development site), Akron, Ohio (which hosts the Americas technology support, professional services and inside sales teams) and Reading, England (which hosts the European inside sales team). We believe our facilities are sufficient to meet our current needs and anticipate that suitable additional space will be readily available to accommodate any foreseeable expansion of our operations.
 
Seasonality
 
We generally expect an increase in business activity as we approach our fiscal year end in December, driven by our customers’ buying patterns. We believe that these seasonal trends will continue to affect our quarterly results. Large individual sales have, in some cases, occurred in quarters subsequent to those we anticipated or have not occurred at all. The loss or delay of one or more large transactions in a quarter could impact our anticipated results of operations for that quarter and future quarters for which revenues from that transaction is delayed.
 

C.
Organizational Structure
 
The legal name of our company is Tufin Software Technologies Ltd. and we are organized under the laws of the State of Israel. We have six wholly-owned subsidiaries:
 
Name of Subsidiary
 
Place of Incorporation
Tufin Software North America Inc.
 
Delaware, United States
Tufin Software Europe Limited
 
United Kingdom
Tufin Software France SARL
 
France
Tufin Software Germany GmbH
 
Germany
Tufin Software Australia Pty Ltd
 
Australia
Tufin Software SRL
 
Romania
 

D.
Property, Plants and Equipment
 
See “Item 4.B. Business Overview—Properties” for a discussion of property, plants and equipment.
 
ITEM 4A. UNRESOLVED STAFF COMMENTS
 
Not applicable.
 

41

 
ITEM 5. OPERATING AND FINANCIAL REVIEW AND PROSPECTS
 
Company Overview
 
We are pioneering a policy-centric approach to security and IT operations. We transform enterprises’ security operations by helping them visualize, define and enforce a unified security policy across complex, heterogeneous IT and cloud environments and by providing them tools to manage configurations and automate changes to their security networks. Our products govern how individuals, systems and applications are permitted to communicate and provide policy-based security automation, enabling customers to reduce the time to implement complex network changes from days to minutes. Our solutions increase business agility, eliminate errors from manual processes and ensure continuous compliance through a single console.
 
Since our inception, our solutions have been purchased by over 2,000 customers in over 70 countries, including approximately 19% of the Global 2000.
 
We generate revenues from sales of our products and associated maintenance and professional services. We primarily sell our software through term-based subscription license agreements and perpetual license agreements. Our products offer the same functionality whether our customers receive them through a perpetual or term-based license. Our agreements with customers for software licenses include maintenance contracts and may also include professional services contracts. Maintenance revenues consist of fees for providing software updates and technical support for our products for a specified term, which is typically one or three years. We offer a portfolio of professional services and extended support contract options to assist our customers with integration, customization, optimization, training and ongoing advanced technical support.
 
Our goal is to provide significant benefits to customers seeking to enforce enterprise-wide security policies and automate network change process, which we believe will enable us to maximize the lifetime value of our customers. We believe our existing customers serve as a strong source of incremental revenues given our multiple product offerings and the growing complexity of IT and cloud environments and networks. Our products provide customers the flexibility to initially deploy one or more of our products in all or parts of their IT and cloud environments, and further expand deployment as they purchase additional products or cover additional parts of their IT and cloud environments. We believe our “land and expand” sales strategy capitalizes on this potential. We make significant investments in acquiring new customers, both as term-based subscription licenses and perpetual licenses, and expect to achieve a favorable return on investments by maintaining a high level of customer retention for both term-based subscription licenses and maintenance contracts for perpetual licenses, which we define as our renewal rate. Our renewal rates are generally derived from dividing actual renewal sales in the trailing 12 months period by our total prior period sales that where up to renewal in the trailing 12 months period.
 
We derive an increasing portion of our revenues from existing customers. During the years ended December 31, 2020 and 2021, we generated approximately 71% and 73% of our revenues, respectively, excluding maintenance renewals, from existing customers.
 
We believe our diverse global footprint provides a significant growth opportunity. We aim to continue to expand our business globally, particularly in the Americas and EMEA where our main target markets are. In the year ended December 31, 2021, we generated 51% of our revenues from customers in the Americas, 42% of our revenues from customers in EMEA and 7% of our revenues from customers in APAC.
 
We expect sales in the Americas to continue to account for a majority of our revenues. Our customers include leading enterprises across a broad range of geographies in a diverse set of industries, including financial services, telecommunications, automotive, manufacturing, energy, healthcare and pharmaceuticals, technology, government, retail and business services. We believe our expansion within the Global 2000 is a key indicator of our market penetration and the value that our products provide to large customers.
 
We sell our products and services through our sales force, including our field sales team and our inside sales team, which works closely with our global network of over 150 active channel partners as of December 31, 2021. Our highly trained sales force is responsible for overall market development. Our sales force consists of our field sales team, which accounts for most of our sales, and our inside sales team. Our field sales team targets large organizations, which we generally define as those comprising the Global 2000, while our inside sales team targets mid-market companies that do not belong to the Global 2000. Within our field sales team, our regional field sales representatives develop new business relationships with our key customers, and our channel account managers support and expand existing relationships with our channel partners. Our sales engineers provide technical expertise and support, and architect our solutions to address the business needs of our customers. Our sales cycle usually lasts several months from proof of concept to purchase order and is often longer for larger transactions. As of December 31, 2021, we had sales personnel in 19 countries.
 
Our channel partners include distributors and resellers, as well as service delivery partners that help customers successfully deploy, configure and maintain our products and services. We sell substantially all of our products and services through our global network of channel partners, who then sell to end-user customers. When analyzing our business, we refer to end-user customers as our customers throughout this Item, even when our direct commercial relationship is with a channel partner. We consider our channel partners active if they have sold our products or services in the trailing 12-month period.

We integrate with leading network and cloud platforms, such as Checkpoint, Cisco, Fortinet, Palo Alto Networks, F5 Networks, Forcepoint, Juniper Networks, Zscaler, VMware, AWS, Google Cloud, Microsoft Azure and Kubernetes, to provide vendor agnostic solutions, which is key to our value proposition. In addition, we believe our technology alliance partner program, which is an ecosystem of technology partners who build certified integrations to our products, helps to expand our common use cases.
 
For the years ended December 31, 2020 and 2021, our revenues were $100.8 million and $110.9 million, respectively, representing year-over-year increase of 10%.
 
42


Key Performance Indicators
 
We monitor the following key performance indicators to help us evaluate our business, measure our performance, identify trends affecting our business, formulate business plans and make strategic decisions. Our key performance indicators may be calculated in a manner different than similar key performance indicators used by other companies.
 
 
Number of Customers. We believe the size of our customer base is an indicator of our market penetration and our net customer additions are an indicator of the growth of our business and future revenue opportunity. We believe we have a significant opportunity to expand our footprint through new installations and displacement of our competitors’ solutions. To do so, we plan to continue to grow our sales team, leverage our channel partner relationships and enhance our marketing efforts.
 
We believe organizations choose us for our customer-first approach, continuing innovation and seamless integration with third-party technologies.
 
We define a customer as a distinct entity, division or business unit of a company that has purchased our products or services and is eligible to receive maintenance and support. Since our inception, our solutions have been purchased by over 2,000 customers in over 70 countries, including approximately 19% of the Global 2000. As of December 31, 2020 and 2021, we had 1,728 and 1,860 active customers, respectively.
 
 
Revenues from Existing Customers. We believe our existing customers provide a significant source of revenue growth. We derive an increasing portion of our revenues from existing customers. For example, during the years ended December 31, 2020 and 2021, we generated approximately 71% and 73% of our revenues, respectively, excluding maintenance renewals, from existing customers.
 
 
Maintenance Renewal Rates. We believe our maintenance renewal rates are an important metric to measure our ability to provide significant value to our existing customers. We generate incremental maintenance revenues when our customers renew their maintenance contracts. We measure the maintenance renewal rate of our customers over a trailing 12-month period, based on a dollar renewal rate of contracts expiring during that time period. For each of the years ended December 31, 2020 and 2021, our maintenance renewal rate was over 90%. Our key strategies to maintain our renewal rate include continuing to provide more valuable features and network device coverage in our product updates, focusing on the quality and reliability of our customer service and support and ensuring our customers receive value from our products.
 
 
Sales to Large Organizations. In the year ended December 31, 2021, large organizations, which we define as those comprising the Global 2000, accounted for 64% of our revenues, compared to 63% of our revenues in the year ended December 31, 2020, in each case excluding maintenance renewals. Sales to large organizations involve a distinct set of opportunities and challenges. Large organizations sales are characterized by longer sales cycles and additional time and resources spent on a potential customer.
 
For the years ended December 31, 2020 and 2021, the average spend for all customers, excluding maintenance renewals, was $102,000 and $117,648, respectively. During those years, the average spend for Global 2000 customers, excluding maintenance renewals, was $155,000 and $193,123, respectively; and the average spend for non-Global 2000 customers, excluding maintenance renewals, was $67,000 and $69,936, respectively. We define average spend as total sales, excluding maintenance renewals, for the relevant customer group (i.e., all customers, Global 2000 customers or non-Global 2000 customers) divided by the number of customers belonging to such customer group.
 
 
Seasonality. We generally expect an increase in business activity in the fourth quarter, driven by our customers’ buying patterns. We believe that these seasonal trends will continue to affect our quarterly results. The loss or delay of one or more large transactions in a quarter could impact our anticipated results of operations for that quarter and future quarters for which revenues from that transaction is delayed.
 
 
Non-GAAP Gross Profit, non-GAAP Operating Income (Loss) and Non-GAAP Net Loss. We believe that providing non-GAAP financial measures that exclude, as applicable, share-based compensation expense and certain non-recurring costs, as well as, the tax effect of these non-GAAP adjustments, allows for more meaningful comparisons between our operating results from period to period. These non-GAAP financial measures are an important tool for financial and operational decision-making and for evaluating our operating results over different periods.
 
We define Non-GAAP gross profit, Non-GAAP operating income (loss) and Non-GAAP net loss as follows:
 
 
“Non-GAAP gross profit” as gross profit excluding share-based compensation expense.
 
 
“Non-GAAP operating income (loss)” as operating income (loss) excluding share-based compensation expense, shelf registration costs and one-time expenses associated with the reorganization of one of our subsidiaries.
 
 
“Non-GAAP net loss” as net loss excluding share-based compensation expense, shelf registration costs and one-time expenses associated with the reorganization of one of our subsidiaries and the tax effect of these non-GAAP adjustments.

43


The following tables show the applicable non-GAAP financial measure along with the comparable GAAP financial measure.

   
Year ended December 31,
 
   
2020
   
2021
 
   
(in thousands)
 
Gross profit
 
$
80,587
   
$
87,837
 
Non-GAAP gross profit
   
82,611
     
89,649
 
 
               
Operating loss
 
$
(33,925
)
 
$
(36,329
)
Non-GAAP operating loss
   
(18,452
)
   
(22,433
)
 
               
Net loss
 
$
(35,406
)
 
$
(36,926
)
Non-GAAP net loss
   
(20,634
)
   
(25,820
)
 
The following tables reconcile gross profit, operating loss and net loss, the most directly comparable U.S. GAAP measures, to non-GAAP gross profit, non-GAAP operating income (loss) and non-GAAP net loss for the periods presented:
 
   
Year ended December 31,
 
   
2020
   
2021
 
   
(in thousands)
 
Reconciliation of Gross Profit to Non-GAAP Gross Profit:
           
Gross profit
 
$
80,587
   
$
87,837
 
Add:
               
Share-based compensation expense
 
$
2,024
   
$
1,812
 
Non-GAAP gross profit
 
$
82,611
   
$
89,649
 
 
   
Year ended December 31,
 
   
2020
   
2021
 
   
(in thousands)
 
Reconciliation of Operating Loss to Non-GAAP Operating Loss:
           
Operating loss
 
$
(33,925
)
 
$
(36,329
)
Add:
               
Share-based compensation expense
 
$
15,025
   
$
13,896
 
                 
Shelf registration costs
   
126
     
-
 
One-time reorganization charges
   
322
     
-
 
Non-GAAP operating loss
 
$
(18,452
)
 
$
(22,433
)
 
44



   
Year ended December 31,
 
   
2020
   
2021
 
   
(in thousands)
 
Reconciliation of Net Loss to Non-GAAP Net Loss:
           
Net loss
 
$
(35,406
)
 
$
(36,329
)
Add:
               
Share-based compensation expense
 
$
15,025
   
$
13,896
 
                 
Shelf registration costs
   
126
     
-
 
One-time reorganization charges
   
322
     
-
 
Taxes on income related to non-GAAP adjustments
   
(701
)
   
(2,790
)
Non-GAAP net loss
 
$
(20,634
)
 
$
(25,820
)

Because of varying available valuation methodologies, subjective assumptions and the variety of equity instruments that can impact a company’s non-cash expense, we believe that providing non-GAAP financial measures that exclude non-cash share-based compensation expense allows for more meaningful comparisons between our operating results from period to period. In addition, we believe that providing non-GAAP financial measures that exclude shelf registration costs and one-time expenses associated with the reorganization of one of our subsidiaries allows for more meaningful comparisons between our operating results from period to period since these non-recurring costs are not representative or indicative of our ongoing operations. We also believe that the tax effects related to the non-GAAP adjustments set forth above do not reflect the performance of our core business and would impact period-to-period comparability.

Other companies, including companies in our industry, may calculate non-GAAP gross profit, non-GAAP operating income (loss) and non-GAAP net income (loss) differently or not at all, which reduces the usefulness of these non-GAAP financial measures for comparison. These non-GAAP financial measures should be considered along with other financial performance measures, including gross profit, operating income (loss) and net income (loss), and our financial results presented in accordance with U.S. GAAP. We urge investors to review the reconciliation of our non-GAAP financial measures to the comparable U.S. GAAP financial measures included below, and not to rely on any single financial measure to evaluate our business.
 
Transition to Term-Based Subscription License Business Model
 
In February 2021, we announced our transition to a term-based subscription license business model.  This strategic initiative had a positive impact on our business, and we believe it will increase our recurring revenues and will result in higher visibility over time, supporting our long-term future growth plans. As we continue our transition to a term-based subscription license business model, we expect a greater portion of our products to be delivered through term-based subscription licenses. Shifts in the mix of whether our solutions are sold as term-based subscription licenses could result in fluctuations in our bookings and revenues. We also expect that maintenance revenues associated with perpetual license contracts will decline over the long term as we will sell fewer perpetual licenses. In addition, we anticipate that the shift toward a recurring revenue business will result in an increase in annualized recurring revenues. Our subscription license renewal rate is an important parameter that will help us to achieve our long-term goals. Our key strategies to ensure high renewals rates, both for subscription licenses and maintenance agreements, include focusing on the quality and reliability of our product and customer service and support, ensuring our customers receive value from our products, as well as providing valuable software upgrades and enhancements when and if they are available.
 
 
Annualized recurring revenues. We consider annualized recurring revenues (“ARR”) as a performance indicator which is defined as the annualized value of active term-based subscription license contracts, SaaS contracts and maintenance contracts related to perpetual licenses in effect at the end of a period. Such contracts are annualized by dividing the total contract value by the number of months of its term and multiplying by twelve (12). As of December 31, 2020 and 2021, ARR was approximately $60 million and $72 million, respectively. The annualized value of contracts is a legal and contractual determination made by assessing the contractual terms with our customers. ARR is not determined by reference to historical revenues, deferred revenues or any other GAAP financial measure over any period. ARR is not a forecast of future revenues and should not be perceived as such. Our ARR, can be impacted by contract start and end dates and renewal rates and does not include revenue associated with the sales of perpetual software licenses, hardware, or professional services.

45


COVID-19 Impacts
 
In light of the ongoing spread of COVID-19, including the global emergence of new variants, government and public health authorities continue to recommend measures, and companies otherwise are taking voluntary efforts as preventative measures, to attempt to contain and mitigate the effects of the virus. Current efforts include social distancing, travel restrictions, shutdowns, quarantine requirements, restrictions on trade, as well as other measures directed at or impacting businesses. In response to these measures, we have made certain adjustments to our operations as we continue to provide our offerings to current and prospective customers. For example, we continue to employ a hybrid remote-work arrangement by permitting the majority of our employees to work remotely while maintaining a limited onsite presence in our offices worldwide.

As a preventative measure to mitigate uncertainties associated with COVID-19, we have continued to take certain cost reduction measures, including shifting our customer events to virtual-only platforms, which resulted in realized savings in fiscal years 2020 and 2021 as a result of our placing restrictions on travel and limiting in-person events.

While during the beginning stages of the COVID-19 pandemic we experienced a slow-down in our business, resulting in decreased revenues for fiscal year 2020 as compared to fiscal year 2019, we experienced signs of recovery starting in the second half of fiscal year 2020 and continuing through fiscal year 2021. For the year ended December 31, 2021, we experienced moderate growth, with an increase in revenue of 10% as compared to fiscal year 2020. However, we cannot estimate if the signs of recovery will continue or were temporary (in which case we may go back to experiencing a slowdown in our business).

As the COVID-19 pandemic has caused more organizations to shift to a remote workforce, we believe the value and scalability of our security management products and services have become even more appealing to customers who seek to operate safely and for the long-term in a virtual world. In particular, as has proven evident over the last fiscal year, we have experienced an increased desire by organizations to protect their networks and achieve regulatory compliance. Companies around the world now have employees working remotely from potentially vulnerable home networks, accessing critical on-premises data stores and infrastructure through VPNs and sharing information on cloud environments. As these remote working conditions have created and continue to create vulnerable conditions for cyberattacks, we aim to continue developing and marketing our products and solutions to help protect data and infrastructure against attackers. Further, we believe that enterprises understand that a data-centric approach to security is critical and that these elevated risks are expected to remain in the long-term

We continue to monitor, assess and respond to the implications of the COVID-19 pandemic on our operations and our customers, partners and suppliers. In addition, we continue to actively evaluate and respond to new developments relating to the evolving COVID-19 pandemic, which has and is expected to result in continued significant global, social and business disruptions.

While we believe that the impact of the COVID-19 pandemic has not had an immediate material adverse impact on our financial performance has subsided, our business may yet be negatively impacted by the pandemic, its duration and the ability to contain the virus and its variant strains ultimately remain unknown. The extent to which COVID-19 impacts our business going forward will depend on numerous evolving factors that we cannot reliably predict, including the duration and scope of the pandemic, the efficiency of available vaccines and the availability of such vaccines to the worldwide population, governmental, business, and individuals' actions in response to the pandemic, and the impact on economic activity including the possibility of a recession or financial market instability. For a discussion of the risks surrounding this uncertainty and its potential impacts on our business, including management’s accounting estimates and assumptions, see “Item 3.D. Risk Factors.—COVID-19, including the efforts to mitigate its impact, have, and may continue to have an impact on our business, liquidity, results of operations, financial condition and price of our securities”.

Components of Statements of Operations
 
Revenues
 
We derive our revenues from the following:
 
Product Revenues. We generate product revenues from sales of our software licenses and third-party hardware to new customers and sales of additional licenses and third-party hardware to existing customers. We generate the vast majority of our revenues through sales of software with less than 4% of our revenues generated through sales of third-party hardware. In the year ended December 31, 2020, we primarily sold our software through perpetual license agreements and, to a lesser extent, term-based license agreements. In 2021 we primarily sold our software through term-based license agreements. As a percentage of total revenues, we expect our product revenues to vary from quarter to quarter based on seasonal and cyclical factors. We are focused on acquiring new customers as well as increasing product revenues from our existing customers.
 
Maintenance and Professional Services Revenues. We generate maintenance and professional services revenues by selling maintenance contracts and, to a lesser extent, by providing professional services to our customers. Maintenance includes software updates and technical support. Our contracts with customers for software licenses include maintenance for a specified term. We recognize revenues associated with maintenance on a straight-line basis over the specified maintenance period. Professional services consist of deployment services for our products, and implementation of our solutions and their integration in the customer’s environment.
 
46


We recognize revenues associated with professional services as we perform the services. As a percentage of total revenues, we expect our maintenance and professional services revenues to vary from quarter to quarter based on fluctuations in license sales, maintenance renewal rates, professional services attach rates and cyclical factors. The increase in maintenance is attributable to the growth in our software license sales to new and existing customers.
 
See Note 2 to our consolidated financial statements “Significant Accounting Policies—Revenue recognition” for more information.
 
Cost of Revenues and Gross Profit
 
Our total cost of revenues is comprised of the following:
 
Cost of Product Revenues. Cost of product revenues consist primarily of personnel costs (including share-based compensation) associated with the processing and delivery of our software licenses to customers and, to a lesser extent, the purchase and delivery of third-party hardware, as well as other overhead costs. There is no direct cost of revenues associated with our software products because we deliver our software products electronically. Electronic delivery occurs when we provide the customer with access to the software and license key via a secure portal. Our cost of product revenues is primarily impacted by the number of personnel involved in the delivery of our products, as well as our third-party hardware revenues.
 
Cost of Maintenance and Professional Services Revenues. Cost of maintenance and professional services revenues consist primarily of personnel costs for those responsible for providing maintenance and support and professional services to our global customer base. Such personnel costs consist of salaries, benefits, bonuses and share-based compensation.
 
Gross profit is total revenues less total cost of revenues. Gross margin is gross profit expressed as a percentage of total revenues. Our gross margin fluctuates from quarter-to-quarter based on the total revenue amount for the quarter, the mix of product revenues and maintenance and professional services revenues. We expect our gross margins to continue to fluctuate.
 
Operating Expenses
 
Our operating expenses consist of research and development expenses, sales and marketing expenses and general and administrative expenses. For each category, personnel costs are the most significant component of our operating expenses. Personnel costs consist of salaries and employee benefits (including vacation expenses, bonuses and share-based compensation). Sales commissions account for a significant portion of our sales and marketing compensation costs.
 
Research and Development. Research and development expenses consist primarily of personnel costs attributable to our research and development personnel, subcontractors and consultants, as well as allocated overhead costs. We expense research and development expenses as incurred. We expect to continue to invest in our research and development and other long-term strategic initiatives, as we plan to further strengthen our technology platform and enhance our current and future product and service offerings.
 
Sales and Marketing. Sales and marketing expenses are the largest component of our operating expenses and consist primarily of personnel costs, including variable compensation, as well as marketing and business development costs (including marketing campaigns and tradeshows), travel expenses and allocated overhead costs. We expect sales and marketing expenses will continue to increase in absolute dollars and account for the majority of our operating costs as we expand our international sales and marketing efforts.
 
General and Administrative. General and administrative expenses consist primarily of personnel-related costs, including share-based compensation expense, for our executive, finance, IT, human resources, legal and administrative personnel. General and administrative expenses also include external legal, accounting, directors and officer’s insurance expenses, other professional service fees and allocated overhead. We expect that general and administrative expenses will increase in absolute dollars in the near term as we continue to support the company needs and our operations as a public company, including maintaining compliance with the Sarbanes-Oxley Act and related regulations.
 
Financial Income (expense), Net
 
Financial income (expense), net, consists primarily of bank charges, interest earned on our cash, cash equivalents restricted bank deposits and marketable securities, amortization of premium or accretion of discount on our marketable securities and foreign currency exchange fluctuations. Foreign currency exchange fluctuations reflect gains or losses related to transactions denominated in currencies other than the U.S. dollar, particularly the NIS, the Euro and the GBP. As a result of our global presence, we expect to continue to incur expenses in currencies other than the U.S. dollar. As such, we expect our exposure to fluctuations in foreign currencies to continue.

47

 
Taxes on Income
 
The standard corporate tax rate in Israel for 2021 and thereafter was 23%. We have net operating loss carry forwards. As of December 31, 2021, our net operating loss carry forwards for Israeli tax purposes amounted to approximately $110 million. Under Israeli law, net operating losses can be carried forward indefinitely and offset against certain future taxable income. We expect that if or when we become profitable, we will generate the substantial majority of our taxable income in Israel. However, no tax benefit was recorded for the years ended December 31, 2020 and 2021 for the deferred tax assets of the Israeli entity, since we have recorded a full valuation allowance against these deferred tax assets which are less likely than not to be realized.
 
In addition, we are entitled to tax benefits under the Investment Law in Israel in respect of our status as a Benefited Enterprise. Under the Investment Law, our effective tax rate to be paid with respect to our Israeli taxable income as a Benefited Enterprise may be lower than the standard corporate tax rate. The tax benefit period for the Benefited Enterprise program under the Investment Law is expected to end in 2022. The availability of these tax benefits is subject to certain requirements, including making specified investments in property and equipment, and financing a percentage of investments with share capital. If we do not meet these requirements in the future, the tax benefits may be canceled and we could be required to refund any tax benefits that we have already received.
 
Our subsidiaries currently generate taxable income. To the extent that we generate taxable income in Israel, our effective tax rate will be a weighted average rate based on the applicable U.S., European, Australian and Israeli tax rates.


A.
Operating Results
 
We are providing within this section a supplemental discussion that compares our historical statement of operations data in accordance with accounting principles generally accepted in the United States, or GAAP. The below tables provide data for each of the years ended December 31, 2021 and 2020. The following discussion and analysis are based on our consolidated financial statements including the related notes, and should be read in conjunction with them. Our consolidated financial statements are provided in “Item 18 – Financial Statements”.
 
For discussion related to our results of operations for the year ended December 31, 2020 compared to the year ended December 31, 2019, refer to Part I, Item 5. “Operating and Financial Review and Prospects” in our annual report on Form 20-F for the fiscal year ended December 31, 2020, which was originally filed with the SEC on March 2, 2021, and subsequently by amendment on March 8, 2021.
 
48


Comparison of Period to Period Results of Operations
 
Results of Operations
 
The following tables summarize our results of operations in dollars and as a percentage of our total revenues for the periods indicated. The period-to-period comparison of results is not necessarily indicative of results for future periods.
 
   
Year ended December 31,
 
   
2020
   
2021
 
   
Amount
   
%
   
Amount
   
%
 
   
(Dollars in thousands)
 
Revenues:
                       
Product
 
$
38,690
     
38.4
%
 
$
46,593
     
42.0
%
Maintenance and professional services
   
62,144
     
61.6
     
64,356
     
58.0
 
Total revenues
   
100,834
     
100.0
     
110,949
     
100.0
 
Cost of revenues:
                               
Product
   
2,940
     
2.9
     
3,291
     
3.0
 
Maintenance and professional services
   
17,307
     
17.2
     
19,821
     
17.9
 
Total cost of revenues(1)
   
20,247
     
20.1
     
23,112
     
20.8
 
Gross profit
   
80,587
     
79.9
     
87,837
     
79.2
 
Operating expenses:
                               
Research and development(1)
   
34,978
     
34.7
     
39,584
     
35.7
 
Sales and marketing(1)
   
59,484
     
59.0
     
60,378
     
54.4
 
General and administrative(1)
   
20,050
     
19.9
     
24,204
     
21.8
 
Total operating expenses
   
114,512
     
113.6
     
124,166
     
111.9
 
Operating loss
 
$
(33,925
)
   
(33.6
)
 
$
(36,329
)
   
(32.7
)
Financial income (loss), net
   
114
     
0.1
     
(1,104
)
   
(1.0
)
Loss before taxes on income
 
$
(33,811
)
   
(33.5
)
 
$
(37,433
)
   
(33.7
)
Taxes on income
   
(1,595
)
   
(1.6
)
   
507
     
(0.5
)
Net loss
 
$
(35,406
)
   
35.1
%
 
$
(36,926
)
   
(33.3
)%
 
(1)
Includes share-based compensation expense as follows:
 
   
Year ended December 31,
 
   
2020
   
2021
 
   
(in thousands)
 
Share-based Compensation Expense:
           
Cost of revenues
 
$
2,024
   
$
1,812
 
Research and development
   
4,437
     
3,867
 
Sales and marketing
   
4,635
     
3,772
 
General and administrative
   
3,929
     
4,445
 
Total share-based compensation expenses
 
$
15,025
   
$
13,896
 


49

 
Comparison of the Years Ended December 31, 2020 and 2021
 
Revenues
 
   
Year ended December 31,
             
   
2020
   
2021
   
Change
 
   
Amount
   
Amount
   
Amount
   
%
 
   
(Dollars in thousands)
       
Revenues:
                       
Product
 
$
38,690
   
$
46,593
   
$
7,903
     
20.4
%
Maintenance and support
   
50,794
     
53,975
     
3,181
     
6.3
%
Professional services
   
11,350
     
10,381
     
(969
)
   
(8.5
)%
Total revenues
 
$
100,834
   
$
110,949
   
$
10,115
     
10.0
%
 
Revenues increased by $10.1 million, or 10.0%, from $100.8 million in 2020 to $110.9 million in 2021. The increase in total revenues was driven by an increase in product and maintenance and support revenues across all regions and was partially offset by decrease in professional services revenues. The increase in total revenues was also reflected by $9.9 million increase in revenues from existing customers.
 
Product revenues increased by $7.9 million, or 20.4%, from $38.7 million in 2020 to $46.6 million in 2021. This increase was driven by increase sales volumes to new and existing customers, which increased by $2.2 million and $5.7 million, respectively. The substantial majority of our product revenues was attributable to sales of term-based subscription licenses.
 
Maintenance and support revenues grew by $3.2 million, or 6.3%, from $50.8 million in 2020 to $54.0 million in 2021. This increase was driven by revenues from maintenance and support contracts renewals, which accounted for $3.8 million of this increase partially offsets from initial maintenance and support contracts which accounted for $0.6 million decrease.
 
Professional services revenues decreased by $1.0 million, or 8.5%, from $11.4 million in 2020 to $10.4 million in 2021. This decrease was attributable to the timing of projects deployment by our professional services teams and the customers.
 
Geographic Breakdown of Revenues
 
The following table sets forth the geographic breakdown of our revenues by region for the periods indicated:
 
   
Year ended December 31,
 
   
2020
   
2021
 
   
Amount
   
%
   
Amount
   
%
 
   
(in thousands)
             
Americas
 
$
54,645
     
54.2
%
 
$
56,908
     
51.3
%
EMEA
   
40,114
     
39.8
     
46,980
     
42.3
 
APAC
   
6,075
     
6.0
     
7,061
     
6.4
 
Total
 
$
100,834
     
100.0
%
 
$
110,949
     
100
%
 
The Americas accounted for the majority of our revenues in each of the years ended December 31, 2020 and 2021. EMEA also accounted for a significant portion of our revenues in each of the years ended December 31, 2020 and 2021, with revenues generated in Germany representing 29% and 30%, respectively, of EMEA revenues.
 

50

Cost of Revenues
 
   
Year ended December 31,
             
   
2020
   
2021
   
Change
 
   
Amount
   
Amount
   
Amount
   
%
 
   
(Dollars in thousands)
       
Cost of revenues:
                               
                                 
Product
 
$
2,940
     
3,291
   
$
351
      11.9
%
Maintenance and professional services
   
17,307
     
19,821
     
2,514
      14.5  
Total cost of revenues
 
$
20,247
     
23,112
   
$
2,865
     
14.2
%
 
Cost of revenues increased by $2.9 million, or 14.2%, from $20.2 million in 2020 to $23.1 million in 2021. This increase was primarily driven by the increase in compensation costs and hardware related costs.
 
Cost of product revenues increased by $0.4 million, or 12%, from $2.9 million in 2020 to $3.3 million in 2021.
 
Cost of maintenance and professional services revenues increased by $2.5 million, or 14.5%, from $17.3 million in 2020 to $19.8 million in 2021. The increase in cost of maintenance and professional services revenues was driven primarily by an increase in increase in compensation costs resulting from salary updates and an increase of the number of employees on our services, support and fulfillment teams on an annual-average basis, as well as an increase in related overhead costs, as we remain committed to support our increased sales of our services offerings.

Gross Profit
 
   
Year ended December 31,
     
   
2020
   
2021
   
Gross Profit Change
 
   
Gross Profit
   
Gross Margin
   
Gross Profit
   
Gross Margin
   
Amount
   
%
 
Gross profit
 
$
80,587
     
79.9
%
 
$
87,837
     
79.2
%
 
$
7,250
     
(0.9)
%
 
Gross profit decreased by $7.3 million, or 0.7%, from $80.6 million in 2020 to $87.8 million in 2021. Gross margins decreased from 79.9% to 79.2% during the same period. This decrease was driven by as higher costs of revenues in 2021 compared to 2020, as discussed above.
 
Operating Expenses
 
   
Year ended December 31,
       
   
2020
   
2021
   
Change
 
   
Amount
   
Amount
   
Amount
   
%
 
   
(Dollars in thousands)
       
Operating expenses:
                       
Research and development
 
$
34,978
   
$
39,584
   
$
4,606
     
13.2
%
Sales and marketing
   
59,484
     
60,378
     
894
      1.5  
General and administrative
   
20,050
     
24,204
     
4,154
     
20.7
 
Total operating expenses
 
$
114,512
   
$
124,166
   
$
9,654
     
8.4
%
 
51


Total operating expenses increased by $9.7 million, or 8.4%, from $114.5 million in 2020 to $124.2 million in 2021.
 
Research and Development. Research and development expenses increased by $4.6 million, or 13.2%, from $35.0 million in 2020 to $39.6 million in 2021. This increase was primarily attributable to an increase of $4.3 million in compensation expenses. The increase in compensation expenses was primarily driven by salary updates, and unfavorable impact of foreign exchange rate fluctuations (mainly the NIS in relation to the U.S. dollar). The increase in research and development expenses reflects our plans to invest in strategic initiatives that further strengthen our technology platform and enhance our current and future product and service offerings in a competitive environment.
 
Sales and Marketing. Sales and marketing expenses increased by $0.9 million, or 1.5%, from $59.5 million in 2020 to $60.4 million in 2021. This increase was primarily attributable to an increase of $0.8 million in compensation expenses and an increase of $0.6 million for investments in marketing programs. This increase was partially offset by a decrease in travel expenses.
 
General and Administrative. General and administrative expenses increased by $4.2 million, or 20.7%, from $20.1 million in 2020 to $24.2 million in 2021. This increase was primarily attributable to an increase of $2.9 million in compensation costs, which includes a $0.4 million increase in share-based compensation expense as we grew our general and administrative teams in order to scale and support the business needs as a public company. Our general and administrative headcount has increased from 63 in 2020 to 68 in 2021, on an annual-average basis. The remaining increase in general and administrative expense of $1.2 million was primarily due to increase in our directors and officers insurance, as well as accounting and legal and allocated IT and facilities costs.

Financial Income (expense), Net

   
Year ended December 31,
       
   
2020
   
2021
   
Change
 
   
Amount
   
Amount
   
Amount
   
%
 
   
(Dollars in thousands)
       
Financial Income (expense), net
 
$
114
   
$
(1,104
)
 
$
(1,218
)
   
(1,068
)%
 
Financial expense, net for the year ended December 31, 2021 were $1.1 million. Financial income, net for the year ended December 31, 2020 were $0.1 million. Our financial income (expense), net was impacted by exchange rate fluctuations in the foreign currencies against the U.S. dollar and our derivatives and hedging activities, which resulted in an expense of $0.9 million for the year ended December 31, 2021 compared to minimal financial expense, net in the year ended December 31, 2020.
 
Taxes on Income
 
   
Year ended December 31,
       
   
2020
   
2021
   
Change
 
   
Amount
   
Amount
   
Amount
   
%
 
   
(Dollars in thousands)
       
Taxes on income
 
$
(1,595
)
 
$
507
   
$
2,102
     
(132
)%
 
Taxes on income for the year ended December 31, 2020 amounted to $1.6 million. Income tax benefit for the year ended December 31, 2021 amounted to $0.5 million. Our effective tax rate in 2021 was primarily impacted by tax benefits associated with stock-based compensation of our US subsidiary and our full valuation allowance against potential future benefits for deferred tax assets of our Israeli entity, including loss carryforwards generated in Israel.

In addition, our effective tax rate is based on recurring factors, including the geographic mix of foreign taxable income and loss, as well as nonrecurring items that may not be predictable. See Note 11 to our consolidated financial statements included elsewhere in this annual report for a full reconciliation of our effective tax rate to the Israeli statutory rate of 23% and for further explanation of our provision for income taxes.
 
52


Application of Critical Accounting Policies and Estimates
 
Our consolidated financial statements have been prepared in accordance with GAAP. The preparation of these consolidated financial statements requires us to make estimates and assumptions that affect the reported amounts of assets, liabilities, revenue, expenses, and related disclosures. We base our estimates on historical experience and on various other assumptions that we believe are reasonable under the circumstances. We evaluate our estimates and assumptions on an ongoing basis. Actual results may differ from these estimates. To the extent that there are material differences between these estimates and our actual results, our future financial statements will be affected.
 
The critical accounting policies requiring estimates, assumptions, and judgments that we believe have the most significant impact on our consolidated financial statements are described below.
 
Revenue Recognition
 
We determine the appropriate revenue recognition for our contracts with customers by analyzing the type, terms and conditions of each contract. We classify the revenue components as products according to the attributes of the underlying components.
 
We sell our on-premises software licenses through both perpetual and term-based license agreements. Our products offer the same functionality whether our customers receive them through a perpetual or term-based license. We deliver our software licenses electronically. Electronic delivery occurs when we provide the channel partner or customer with access to our software and license key via a secure portal. We generally recognize revenues from on-premises software licenses upfront when we make the software available to the channel partner or, if we are selling directly, customer. We recognize hardware sales upon delivery.
 
We generally recognize revenues from software sold through term-based license agreements upfront, upon delivery to the channel partner or, if we are selling directly, customer. We defer the associated maintenance revenues and recognize them over the contract period. Assuming we expect to recover the costs, we capitalize all incremental costs we incur to obtain a contract with a customer that we would not have incurred if we had not obtained the contract. We include amortization expense in sales and marketing expenses in our consolidated statements of operations. We amortize costs incurred in obtaining a contract as a sales and marketing expense on a straight-line basis over the expected period of benefit. We periodically review these costs for impairment.
 
Our contract payment terms typically range between 30 and 120 days. We assess collectability based on several factors, including collection history.
 
Our contracts with customers for software licenses include maintenance and may also include training and/or professional services. Maintenance consists of fees for providing software updates and technical support for our products for a specified term. We recognize maintenance revenues ratably over the contractual service period. We bill for professional services on a fixed fee basis and recognize revenues as we perform the services. We defer payments received in advance of services performed and recognize such payments when we perform the related services.
 
In contracts with multiple performance obligations, we account for individual performance obligations separately if they are distinct. We allocate the transaction price to each performance obligation based on its relative standalone selling price out of the total consideration of the contract. For maintenance and support contracts, we determine the standalone selling price based on the price at which we separately sell a renewal contract. We determine the standalone selling price for sales of licenses using the residual approach. For professional services, we determine the standalone selling prices based on the price at which we separately sell those services.
 
Share-Based Compensation
 
We measure and recognize share-based compensation expense in our consolidated financial statements based on the grant date fair value of the award. We recognize the grant date fair value of the award as an expense based on the graded vesting attribution method over the requisite service period (primarily a four-year period).
 
We estimated the grant date fair value of share options for the years ended December 31, 2019 and 2020 using the Black-Scholes option-pricing model. Our use of the Black-Scholes option-pricing model requires the input of highly subjective assumptions, including estimated fair value of our ordinary share price, expected share price volatility and expected term. The fair value of restricted stock units ("RSU") is based on the closing market value of the underlying shares at the date of grant.
 
Following our initial public offering on April 11, 2019, our ordinary shares are publicly traded, and therefore we currently base the value of our ordinary shares on their market price.
 
 
Risk-Free Interest Rate. We base the risk-free interest rate on the implied yield on currently available U.S. treasury zero-coupon securities with a remaining term equal to the expected life of our options.
 
 
Dividend Yield. We base dividend yield on our historical experience and expectation of no future dividend payouts. We have historically not paid cash dividends and have no foreseeable plans to pay cash dividends in the future.
 

53


 
Expected Volatility. We base expected share price volatility on the historical volatility of the ordinary shares of comparable companies that are publicly traded, as well as the historical volatility of the Company’s ordinary shares.
 
 
Expected Term. The expected term of options granted represents the period of time that options granted are expected to be outstanding. The expected option term is calculated using the simplified method, as we concluded that currently our historical share option exercise experience does not provide an adequate basis to estimate our expected option term.
 
Any changes in these highly subjective assumptions would significantly impact our share-based compensation expense.
 
Income Taxes
 
We account for income taxes using the asset and liability approach, which requires the recognition of taxes payable or refundable for the current year and the deferred tax liabilities and assets for the future tax consequences of events that we have recognized in our financial statements or tax returns.
 
We measure current and deferred tax liabilities and assets based on provisions of the relevant tax law. We reduce the measurement of deferred tax assets, if necessary, by the amount of any tax benefits that we do not expect to realize. We classify interest and penalties relating to uncertain tax positions within taxes on income.
 
Accounts Receivable
 
We present accounts receivable in our consolidated balance sheets net of allowance for credit losses for potential uncollectible amounts. We estimate the collectability of accounts receivable balances and adjust the allowance for credit losses based on our assessment of collectability by reviewing accounts receivable on an aggregated basis where similar characteristics exist and on an individual basis when it identifies specific customers with known disputes or collectability issues. We also consider a number of factors to assess collectability, including the past due status, creditworthiness of the specific customer, payment history and reasonable and supportable forecasts of future economic conditions.
 
When revenue recognition criteria are not met for a sale transaction that has been billed, we do not recognize deferred revenues on our balance sheet or the related account receivable.
 
Derivative Instruments
 
We carry out transactions involving foreign currency exchange derivative financial instruments. These transactions are designed to hedge our exposure in currencies other than the U.S. dollar, and are not designated as an accounting hedge. We are primarily exposed to foreign exchange risk with respect to recognized assets and liabilities and anticipated transactions denominated in the NIS, Euro and British Pound, including payroll expenses. Going forward we may consider to designate transactions involving foreign currency exchange derivative financial instruments as an accounting hedge.
 
New and Revised Financial Accounting Standards
 
Under the JOBS Act, we meet the definition of an “emerging growth company.” As such, we may avail ourselves of an extended transition period for complying with new or revised accounting standards. However, we have chosen to “opt out” of such extended transition period, and as a result, we will comply with new or revised accounting standards on the relevant dates on which adoption of such standards is required for non-emerging growth companies. Our decision to opt out of the extended transition period for complying with new or revised accounting standards is irrevocable.

54

 

B.
Liquidity and Capital Resources
 
As of December 31, 2021, we had $89.4 million of cash and cash equivalents, restricted bank deposits, short-term marketable securities and long-term marketable securities, compared to $104.0 million as of December 31, 2020. The majority of our cash and cash equivalents, restricted bank deposits and marketable securities are held in banks in Israel and the United States. Our marketable securities primarily consist of highly-rated corporate debt securities and U.S. government agency securities. We believe that our existing cash and cash equivalents, restricted bank deposits, short-term marketable securities and long-term marketable securities will be sufficient to fund our operations, as well as our working capital and capital expenditures needs for at least the next 12 months. Our future capital requirements will depend on many factors, including our rate of revenue growth, which may be impacted, among other factors, by our transition to term-based subscription license business model, the expansion of our sales and marketing activities, the timing and extent of spending to support product development efforts and expansion into new geographic locations, the timing of introductions of new products and enhancements to existing products and the continuing market acceptance of our products and services. For information on our future operating lease obligations, including beyond the next 12 months, see Note 7 to our consolidated financial statements included elsewhere in this annual report.

For discussion related to our financial condition for the year ended December 31, 2019, refer to Part I, Item 5. “Operating and Financial Review and Prospects” in our annual report on Form 20-F for the fiscal year ended December 31, 2020, which was originally filed with the SEC on March 2, 2021, and subsequently by amendment on March 8, 2021.
 
Net Cash Used in Operating Activities
 
Cash used by operating activities was $14.2 million for the year ended December 31, 2021. This was primarily due to an increased net loss of $36.9 million adjusted by non-cash charges of $16.3 million, primarily relating to share-based compensation of $13.9 million and depreciation expense of $1.9 million, as well as a favorable impact of $6.4 million resulting from the net changes in our operating assets and liabilities. Changes in operating assets and liabilities included (i) a $9.4 million increase in deferred revenues representing unearned amounts resulting primarily from increased maintenance and support  sales and (ii) a $3.6 million increase in employee and payroll accrued expenses offset by (a) a $2.2 million increase in prepaid expenses and other current assets, (b) a $2.5 million increase in accounts receivables and (c) a $2.3 million increase in deferred costs.
 
Cash used by operating activities was $17.4 million for the year ended December 31, 2020. This was primarily due to an increased net loss of $35.4 million adjusted by non-cash charges of $15.6 million, primarily relating to share-based compensation of $15.0 million and depreciation expense, as well as a favorable impact of $2.4 million resulting from the net changes in our operating assets and liabilities. Changes in operating assets and liabilities included (i) a $2.2 million increase in deferred revenues representing unearned amounts resulting primarily from increased maintenance and support sales and (ii) a $4.3 million increase in employee and payroll accrued expenses and operating lease liabilities, net, partially offset by (a) a $2.6 million increase in deferred taxes and other non-current assets, (b) a $0.5 million increase in accounts receivables and (c) a $0.7 million decrease in trade payables and other accounts payables.

55

 
Net Cash Used in Investing Activities
 
Investing activities for the year ended December 31, 2021 have consisted primarily of investment in capital expenditures to purchase property and equipment.
 
During the year ended December 31, 2021, net cash used in investing activities was $1.5 million was attributable to purchase of capital expenditures to purchase property and equipment of $1.7 million, partially offset by net proceeds of marketable securities of $0.2 million.
 
During the year ended December 31, 2020, net cash used in investing activities was $44.4 million was attributable to net purchases of marketable securities of $42.3 million and $2.1 million purchase of capital expenditures to purchase property and equipment for our leased offices.
 
Net Cash Provided by Financing Activities
 
Net cash provided by financing activities was $1.9 million in the year ended December 31, 2021, consisting of $2.4 million in proceeds from the exercise of employee share options, partially offset by the changes in its related withholding amounts.
 
Net cash provided by financing activities was $0.7 million in the year ended December 31, 2020, consisting of $1.4 million in proceeds from the exercise of employee share options, partially offset by the changes in its related withholding amounts.
 
C.    Research and Development, Patents and Licenses, etc.
 
We conduct our research and development activities primarily in Israel. As of December 31, 2021 our research and development personnel included 181 employees and contractors.
 
For a description of our research and development policies, see “Item 4.B. Business Overview—Research and development.”
 
D.    Trend Information
 
Other than as disclosed elsewhere in this annual report, we are not aware of any trends, uncertainties, demands, commitments or events for the period from January 1, 2021 to December 31, 2021 that are reasonably likely to have a material adverse effect on our net revenue, income, profitability, liquidity or capital resources, or that caused the disclosed financial information to be not necessarily indicative of future operating results or financial condition.
 

E.
Critical Accounting Estimates
 
See “Application of Critical Accounting Policies and Estimates” in “Item 5.A. Operating Review and Financial Prospects—Operating results.”
 
56


ITEM 6. DIRECTORS, SENIOR MANAGEMENT AND EMPLOYEES
 

A.
Directors and Senior Management
 
The following table sets forth the name, age and position of each of our executive officers and directors:
 
Name
 
Age
 
Position
Executive Officers
       
Reuven Kitov
 
48
 
Chief Executive Officer, Co-Founder and Chairman of the Board
Reuven Harrison
 
52
 
Chief Technology Officer, Co-Founder and Director
Jack Wakileh
 
50
 
Chief Financial Officer
Yoram Gronich
 
53
 
Senior Vice President of Products and Engineering
Shay Dayan
 
40
 
Vice President of Research and Development
Raymond Brancato
 
57
 
Chief Revenue Officer
         
Non-Employee Directors
       
Tom Schodorf (1)(4)
 
63
 
Lead Independent Director
Ohad Finkelstein (4)
 
61
 
Director
Yuval Shachar (3)(4)
 
59
 
Director
Yair Shamir (3)(4)
 
76
 
Director
Edouard Cukierman (4)
 
57
 
Director
Peter Campbell (1)(2)(4)
 
57
 
Director
Dafna Gruber (1)(2)(3)(4)
 
57
 
Director
Brian Gumbel (2)(4)
 
46
 
Director

(1)
Member of our audit committee.
(2)
Member of our compensation committee.
(3)
Member of our nominating and corporate governance committee.
(4)
Independent director under NYSE rules.
 

57


Reuven Kitov is our Chief Executive Officer, Co-Founder and Chairman of the board of directors, which positions he has held since co-founding Tufin in January 2005. Prior to co-founding Tufin, Mr. Kitov held key project management and development roles at Check Point Software Technologies, Inc. from 1998 to 2003. Mr. Kitov holds a Bachelor of Science degree in Computer Science from the University of Maryland in College Park, Maryland.
 
Reuven Harrison is our Chief Technology Officer, Co-Founder and a director, which positions he has held since co-founding Tufin in January 2005. Prior to co-founding Tufin, Mr. Harrison held key software developer positions at Check Point Software Technologies, Inc. from 1999 to 2003, as well as other key positions at Capsule Tech, Inc. from 1997 to 1999 and ECS Inc. from 1991 to 1996. Mr. Harrison holds a Bachelor of Arts degree in Mathematics and Philosophy from Tel Aviv University in Israel.
 
Jack Wakileh is our Chief Financial Officer, which position he has held since July 2013. Prior to joining Tufin, Mr. Wakileh worked as a financial and business consultant for various technology companies from 2010 to 2013. He was a Co-Founder of iSpade Technologies Ltd. and was Chief Financial Officer from 2008 to 2010, Co-Chief Executive Officer of LEADIP Systems Ltd. from 2006 to 2007 and Chief Financial Officer of VCON Telecommunications Ltd. from 1999 to 2005 prior to which he held the Corporate Controller position. Mr. Wakileh holds a Bachelor of Arts degree in Accounting and Economics from Tel Aviv University in Israel and is a Certified Public Accountant.
 
Yoram Gronich is our Senior Vice President of Products and Engineering, which position he has held since September 2021. Before that, he was our Vice President of Research and Development from September 2008 to September 2021. Prior to joining Tufin, Mr. Gronich held software management and engineering positions at Symantec Corporation from 2005 to 2008 and project management and team leader roles at Check Point Software Technologies, Inc. from 2002 to 2005. Mr. Gronich holds a Master of Science degree in Electrical Engineering and a Bachelor of Science degree in Physics and Computer Science each from Tel Aviv University in Israel.
 
Shay Dayan is our Vice President of Research and Development, which position he has held since September 2021. Prior to that and since August 2009, Mr. Dayan held several roles in Tufin’s research and development department, including Team Leader, Group Manager, Chief Architect, Director of system architecture and Chief Technology Officer of cloud products. From August 2006 until August 2009, he was a development Team Leader at Radware Ltd. Mr. Dayan holds a Bachelor of Science degree in Computer Science from Tel Aviv University in Israel.
 
Raymond Brancato joined Tufin in January 2021 as our Chief Revenue Officer. He joined Tufin from AnyVision, an artificial intelligence company, where he was Chief Revenue Officer from March 2019 to January 2021. Prior to AnyVision, he held senior sales leadership positions over the course of 10 years with CA Technologies, including Vice President, Senior Vice President and General Manager of Business Unit Sales. Prior to that, he was Vice President of Sales, Americas at Kabira Technologies from April 2007 to March 2009, Director of Sales at BMC Software from November 2002 to April 2007, and Vice President of Sales at Remedy from December 2000 to November 2002. He holds a Bachelor of Science degree in Finance and Management Science from the University of South Carolina.
 
Tom Schodorf  has served as a member of our board of directors since 2019. Mr. Schodorf founded View Consulting LLC, specializing in advisory services for the technology industry, in 2014. He previously served as Senior Vice President of Sales and Field Operations of Splunk Inc. (traded on Nasdaq) from October 2009 to March 2014, and prior to that, he held various sales and executive management positions at BMC Software and IBM. Mr. Schodorf has also been a director of Quali and Behavox since 2021, of Egnyte since 2018 where he is a member of the Compensation Committee, of OutSystems since 2017 where he is also Chairman of the Compensation Committee, of Rapid7 since 2016 where he is a member of the Compensation Committee, and of Kaseya since 2014. Mr. Schodorf holds a Masters of Business Administration degree from the University of Dayton in Dayton, Ohio and a Bachelor of Science in Business Administration from the Ohio State University in Columbus, Ohio. 
 
Ohad Finkelstein has served as a director since January 2011. Mr. Finkelstein serves as Managing Partner of Danli Capital, an investment advisory firm that he founded in 2017. Mr. Finkelstein is the Co-Founding Partner of Marker LLC, which he founded in 2011. Prior to that, from 2005 to 2011, he led international investment for Venrock, an Israeli venture capital firm. He served as the Chairman, Chief Executive Officer and President at Interoute Communications Limited from 1999 to 2003. Mr. Finkelstein holds a Bachelor of Arts degree in Political Science and International Marketing from the University of California, Los Angeles.
 
58


Yuval Shachar has served as a director since October 2009. Mr. Shachar is the Executive Chairman and Co-Founder of Team8, a venture capital firm specializing in incubation of security companies. Mr. Shachar serves as Founding Venture Partner of Innovation Endeavors, which he joined at its inception, previously serving as an investment partner of its predecessor fund from 2013. Mr. Shachar served as Co-Founding Partner of Marker LLC and its predecessors from 2011. From 2004 to 2009, he served as General Manager of a Cisco business unit in its Service Provider group. Prior to that, Mr. Shachar served as Co-Founder, President and CEO of P-Cube (which was acquired by Cisco), and co-founded each of Pentacom and Infogear (which were each acquired by Cisco). From 1995 to 1998, Mr. Shachar served as Vice President of Research and Development at VocalTec Ltd. (which completed an IPO on The Nasdaq Stock Market, or Nasdaq, in 1996), and previously held key engineering and management positions at National Semiconductors. Mr. Shachar holds a Bachelor of Science degree in Mathematics and Computer Science from Tel Aviv University in Israel.
 
Yair Shamir has served as a director from 2007 to 2013 and again from October 2018 to present. Mr. Shamir has been a Founding and Managing Partner of Catalyst Investments since its establishment from 1999 to 2013 and again from 2015 to present. Mr. Shamir was elected as a member of the Israeli Parliament (Knesset) and served as Minister of Agriculture of the State of Israel from 2013 to 2015. Mr. Shamir served as the Chairman of the Israeli Road Safety Authorities from September 2018 until November 2020. Prior to that, he served as the Chairman of Board of N.T.A. – Metropolitan Mass Transit System until August 2018. Mr. Shamir served as the Chairman of Israel’s National Roads Company from 2011 to 2012. Mr. Shamir served as the Chairman of Israel Aerospace Industries Ltd. from 2005 until 2011. From 2004 to 2007, Mr. Shamir was the Chairman of Shamir Optical Industry Ltd. From 2004 to 2005, Mr. Shamir served as the Chairman of EL AL. From 1997 to 2004, Mr. Shamir served as the Chief Executive Officer and Chairman of VCON Telecommunications Ltd. Mr. Shamir was a board member of DSP Group Corporation from 2005 to 2013. Mr. Shamir holds a Bachelor of Science degree in Electronics Engineering from the Technion, Israel Institute of Technology in Haifa, Israel.
 
Edouard Cukierman has served as a director since 2014. Mr. Cukierman has been a Founding and Managing Partner of Catalyst Investments since its establishment in 1999, and has served as the Chairman of Cukierman & Co. Investment House since its establishment. Prior to establishing and managing Catalyst Investments, Mr. Cukierman was the President and Chief Executive Officer of Astra Technological Investments, a Venture Capital Fund established in 1993. Mr. Cukierman serves as a board member of Dori Media Group. He is also is the Founder of the GoforIsrael annual conference. Mr. Cukierman served as a Reserve Officer of the Crisis & Hostage Negotiation Team and IDF Spokesman Unit. Mr. Cukierman holds a Master of Business Administration degree from INSEAD University in Fontainebleau, France and a Bachelor of Science degree from the Technion, Israel Institute of Technology in Haifa, Israel.
 
Peter Campbell has served as a director since 2019 and served as an external director under the Israeli Companies Law between July 2019 and May 2020. Mr. Campbell served as Chief Financial Officer of Mimecast Ltd. (traded on Nasdaq) from 2006 to 2019, where he also served as a director from 2007 to 2015. He previously served as Chief Financial Officer of SR Telecom Inc., where he was employed from 2002 to 2006. Prior to that, Mr. Campbell was an auditor at Ernst & Young LLP in Canada. Mr. Campbell is currently a director and chairman of the audit committee of Latch inc. (traded on Nasdaq) and a director and chairman of the audit committee of Dataiku. Mr. Campbell holds a Bachelor of Commerce degree and a Graduate Diploma in accounting from the John Molson School of Business at Concordia University in Canada, where he also served as a lecturer.
 
Dafna Gruber has served as a member of our board of directors since 2019 and served as an external director, as such term is defined under the Israeli Companies Law. Ms. Gruber serves as the chief financial officer of Netafim Ltd., a private company. Prior to that as chief financial officer in various companies including Aqua security Ltd. Landa Corporation Ltd. and Clal Industries Ltd.  From 2007 until 2015, Ms. Gruber served as the chief financial officer of Nice Systems Ltd., a public company traded on Nasdaq and TASE. From 1996 until 2007, Ms. Gruber was part of Alvarion Ltd., a public company traded on Nasdaq and TASE, mostly as chief financial officer. Ms. Gruber currently serves as an external director or independent director of several public companies, including Nova Measuring Instruments Ltd, ICL group Ltd and Cellebrite DI Ltd.  Ms. Gruber is a certified public accountant and holds a Bachelor’s degree in Accounting and Economics from Tel Aviv University, Israel.
 
Brian Gumbel has served as a director since 2019. Mr. Gumbel currently serves as the Chief Revenue Officer of Armis Inc. Prior to joining Armis, he served as the Chief Revenue Officer for Sisense from October 2019 to April 2020. He previously served as the Senior Vice President of Worldwide Sales at Forescout Technologies Inc., where he held senior management positions from October 2015 to October 2019. Previously, he led sales and operations at Tanium as the Vice President for Americas East and Canada from February 2014 to October 2015. Prior to that, he worked at McAfee from 2007 to 2014 ultimately serving as the Vice President for Americas East and Canada, and at Cisco from 2000 to 2007 in various sales and leadership positions. Mr. Gumbel holds a Bachelor of Science degree in Biology from Marist College in Poughkeepsie, New York.
 
59



B.
Compensation
 
Compensation of Directors and Executive Officers
 
The aggregate compensation expensed, including share-based compensation and other compensation expensed by us and our subsidiaries, to our directors and executive officers with respect to the year ended December 31, 2021, was $8.2 million. This amount includes approximately $0.4 million set aside or accrued to provide pension, severance, retirement, or similar benefits.
 
The table below sets forth the compensation paid to our five most highly compensated office holders (as defined in the Israeli Companies Law and described under “Board Practices—Disclosure of Compensation of Executive Officers” below) during or with respect to the year ended December 31, 2021. We refer to the five individuals for whom disclosure is provided herein as our “Covered Executives.”
 
For purposes of the table and the summary below, “compensation” includes base salary, bonuses, equity-based compensation, retirement or termination payments, benefits and perquisites such as car, phone and social benefits and any undertaking to provide such compensation.
 
Summary Compensation Table

Information Regarding the Covered Executive(1)
 
Name and Principal Position(2)
 
Base Salary
   
Benefits and Perquisites(3)
   
Variable Compensation(4)
   
Equity-Based Compensation(5)
   
Total
 
   
Raymond Brancato, Chief Revenue Officer
 
$
320,075
   
$
59,485
   
$
351,726
   
$
1,473,151
   
$
2,204,437
 
Reuven Kitov, Chief Executive Officer
 
$
300,000
   
$
46,297
   
$
288,667
   
$
658,937
   
$
1,293,901
 
Jack Wakileh, Chief Financial Officer
 
$
289,966
   
$
139,162
   
$
130,322
   
$
460,938
   
$
1,020,388
 
Yoram Gronich, Senior Vice President of Products and Engineering
 
$
266,362
   
$
124,945
   
$
70,173
   
$
388,992
   
$
850,472
 
Reuven Harrison, Chief Technology Officer
 
$
269,731
   
$
69,711
   
$
84,097
   
$
340,314
   
$
763,853
 

(1)
In accordance with Israeli law, all amounts reported in the table are in terms of cost to our company, as recorded in our financial statements.
 
 
(2)
All current executive officers listed in the table are full-time employees. Cash compensation amounts denominated in currencies other than the U.S. dollar were converted into U.S. dollars at the average conversion rate for the year ended December 31, 2021.
 
 
(3)
Amounts reported in this column include benefits and perquisites, including those mandated by applicable law. Such benefits and perquisites may include, to the extent applicable to each executive, payments, contributions and/or allocations for savings funds, pension, severance, vacation, car or car allowance, medical insurances and benefits, risk insurances (such as life, disability and accident insurances), convalescence pay, payments for social security, tax gross-up payments and other benefits and perquisites consistent with our guidelines.
 
 
(4)
Amounts reported in this column refer to Variable Compensation such as earned commission, incentive and bonus payments as recorded in our financial statements for the year ended December 31, 2021.
 
 
(5)
Amounts reported in this column represent the expense recorded in our financial statements for the year ended December 31, 2021 with respect to equity-based compensation. Assumptions and key variables used in the calculation of such amounts are described in Note 10 to our audited consolidated financial statements, which are included in this annual report.
 
60


Employment Agreements with Executive Officers
 
We have entered into written employment agreements with each of our executive officers. These agreements provide for notice periods of varying duration for termination of the agreement by us or by the relevant executive officer, during which time the executive officer will continue to receive base salary and benefits. These agreements also contain customary provisions regarding noncompetition, confidentiality of information and assignment-of-inventions. However, the enforceability of the noncompetition provisions may be limited under applicable law.
 
Directors’ Service Contracts
 
There are no arrangements or understandings between us, on the one hand, and any of our directors, on the other hand, providing for benefits upon termination of their employment or service as directors of our company.
 
Equity Incentive Plans
 
2007 Israeli Share Option Plan
 
Effective Date and Shares Reserved.
 
On October 21, 2007, our board of directors adopted the 2007 Israeli Share Option Plan(the “2007 Plan”). The 2007 Plan generally allowed us to grant options to our employees, directors, officers, consultants, advisors and any other person providing services to us or any of our affiliates. In May 2017, we extended the terms of options held by certain holders under the 2007 Plan by an additional 10 years. Unless earlier terminated pursuant to the original terms of the 2007 Plan, all granted but unexercised options will expire and cease to be exercisable at 5:00 p.m. Israel time on the 10th anniversary of the vesting commencement date of such options. We no longer make awards under the 2007 Plan. As of February 23, 2022, options to purchase a total of 2,047,600 shares were outstanding under the 2007 Plan.
 
Plan Administration. The 2007 Plan may be administered by our board of directors or a committee thereof. Subject to Israeli law and our amended and restated articles of association or any resolution to the contrary by our board of directors, the administrator is authorized, in its sole and absolute discretion, to exercise all powers and authorities specifically granted to it under the 2007 Plan or necessary or advisable in the administration of the 2007 Plan.
 
Vesting Terms and Conditions of the Options. Unless otherwise determined by the administrator, options under the 2007 Plan vest and become exercisable as follows: 25% of the shares covered by the options vested on the first anniversary of the vesting commencement date, 1/3 of the remaining shares vest on each subsequent anniversary of the vesting commencement date and all options become fully vested by the fourth anniversary of the vesting commencement date.
 
Israeli Tax Law. Unless otherwise determined by the administrator, any underlying shares issued upon exercise of options (granted through the “capital gains track through a trustee” in accordance with Section 102(b)(2) of the Israeli Income Tax Ordinance (New Version), 1961(the “Israeli Tax Ordinance”), will be held by a trustee until the lapse of the holding period (as defined in the 2007 Plan), or, subject to a tax ruling, until the earlier of a merger (as defined in the 2007 Plan) or an initial public offering. We appointed a trustee to hold the allocated options and underlying shares issued upon the exercise off such options in a trust on behalf of each applicable Israeli grantee. No underlying shares or additional rights we issue to the trustee will be held for a period longer than 20 years after the end of the term of the options.
 
Termination of Employment or Service. In the event that the employment or service of a grantee terminates (other than by reason of death, disability retirement or for cause), all options of such grantee that are vested but unexercised on the date of the termination may be exercised unless earlier terminated in accordance with their terms and if not previously expired, no later than the earlier of (i) 90 days after such termination and (ii) the term of the option. All other granted options will expire upon such termination. In the event of a grantee’s death during employment or service, or in the event of a grantee’s termination due to retirement or disability, all of the grantee’s vested but unexercised options will be exercisable until the earlier of (i) 180 days after the date of termination of employment and (ii) the term of the option. In the event of a grantee’s termination for cause, all options, whether vested or unvested, will expire.
 
Merger. In the event of a merger transaction (as defined in the 2007 Plan), the administrator in its sole discretion, will decide (i) if and how the unvested options will be canceled, replaced or accelerated, (ii) if and how vested options will be exercised, replaced and/or sold by us or the trustee on the behalf of Israeli participants and (iii) how underlying shares issued upon exercise of the options and held by the trustee on behalf of Israeli participants will be replaced and/or sold by the trustee on behalf of the Israeli participant.

61

 
2008 U.S. Stock Plan
 
Effective Date and Shares Reserved. On May 25, 2008, our board of directors adopted the 2008 U.S. Stock Plan(the “2008 Plan”). The 2008 Plan generally allowed us to grant no statutory share options, incentive share options that satisfied the requirements of Section 422 of the Code, and the sale or award of shares to our employees, outside directors and consultants and those of Tufin Software North America, Inc., as well as any of our other subsidiaries. We no longer make awards under the 2008 Plan. As of February 23, 2022, options to purchase a total of 343,658 shares were outstanding under the 2008 Plan.
 
Plan Administration. The 2008 Plan may be administered by one or more committees of the board of directors. The entire board of directors may administer the 2008 Plan if no committee is otherwise appointed. Subject to the provisions of the 2008 Plan, the board of directors will have full authority and discretion to take any actions it deems necessary or advisable for the administration of the 2008 Plan. All decisions, interpretations and other actions of the board of directors will be final and binding on all participants.

Terms and Conditions of Awards. Any shares issued upon exercise of an option or awarded or sold under the 2008 Plan may be subject to the special forfeiture conditions, rights of repurchase, rights of first refusal and other transfer restrictions as the board of directors may determine.
 
Options. The 2008 Plan requires that options have an exercise price that is not less than 100% of the fair market value of a share on the grant date. Incentive share options granted to an employee owning more than 10% of our or any of our subsidiaries’ combined voting power will have an exercise price of at least 110% of the fair market value of the share on the grant date. The expiration date of an option may be no later than the 10th anniversary of the date of grant (or the fifth anniversary in the case of incentive share options granted to employees who, at the time of grant, own more than 10% of our or any of our subsidiaries’ combined voting power).
 
Change in Control. In the event that we are a party to a merger, consolidation, exchange of shares, sale of all or substantially all of its assets or like event, all outstanding options will be subject to the applicable transaction agreement, which will provide for one or more of the following: (i) the continuation of our outstanding options (if we are the surviving corporation); (ii) the assumption of the outstanding option by the surviving corporation or its parent in a manner that complies with Section 424(a) of the Code; (iii) the substitution by the surviving corporation or its parent of new options for the outstanding options in a manner that complies with Section 424(a) of the Code; or (iv) the cancelation of the outstanding options without the payment of any consideration.
 
2018 U.S. Equity-Based Incentive Plan
 
Effective Date and Shares Reserved. On April 9, 2018, our board of directors adopted the 2018 U.S. Equity-Based Incentive Plan (the “2018 Plan”). The 2018 Plan generally allowed us to grant options to our employees, directors, executive officers, consultants, advisors and any other person providing services to us or any of our affiliates who are U.S. citizens or who are resident aliens of the United States for U.S. federal income tax purposes. We no longer make awards under the 2018 Plan. As of February 23, 2022 options to purchase a total of 79,778 shares were outstanding under the 2018 Plan.
 
Plan Administration. The 2018 Plan may be administered by a committee of the board of directors. The entire board of directors may administer the 2018 Plan if no committee is otherwise appointed. Subject to the provisions of the 2018 Plan, the administrator of the 2018 Plan has full authority and discretion to take any actions it deems necessary or advisable for the administration of the 2018 Plan. All decisions, interpretations and other actions of the administrator of the 2018 Plan will be final and binding on all participants, unless otherwise determined by the board of directors.
 
Options. The 2018 Plan allows for the grant of nonqualified share options and incentive share options that satisfy the requirements of Section 422 of the Code. Each award will be evidenced by an option agreement that will govern such award’s terms and conditions. Only our employees or employees of our parent or subsidiaries are eligible to receive incentive share options. The 2018 Plan requires that incentive share options have an exercise price that is not less than 100% of the fair market value of a share on the grant date and that nonqualified share options have an exercise price equal to the fair market value of a share on the grant date unless the committee administering the 2018 Plan specifies otherwise and the option complies with Section 409A of the Code. Incentive share options granted to an employee owning more than 10% of our or our and our subsidiaries’ combined voting power will have an exercise price of at least 110% of the fair market value of the shares on the grant date. The expiration date of an option may be no later than the 10th anniversary of the date of grant, unless otherwise determined by the committee administering the 2018 Plan (or the fifth anniversary in the case of incentive share options granted to employees who, at the time of grant, own more than 10% of our or our parent’s or subsidiaries’ combined voting power).

62

 
Termination of Employment or Service. In the event that the employment or service of a grantee terminates (other than by reason of death, disability or retirement), all awards of such grantee that are unvested at the time of such termination will terminate on the date of such termination, and all awards of such grantee that are vested and exercisable at the time of such termination may, unless earlier terminated in accordance with their terms, be exercised within 12 months after the date of such termination (or such different period as the committee administering the 2018 Plan will prescribe). In the event of a grantee’s death during employment or service or within three months following such grantee’s termination, or in the event of a grantee’s termination due to disability, all of the grantee’s vested awards may be exercised at any time within one year after such death or disability. In the event of a grantee’s retirement, all of the grantee’s vested awards, unless earlier terminated in accordance with their terms, may be exercised at any time within the three month period following such retirement. If we (or our affiliate, when applicable) terminate the grantee’s employment or service for cause, or if at any time during the exercise period, facts or circumstances arise or are discovered with respect to the grantee that would have constituted cause, all awards theretofore granted to such grantee will, to the extent not theretofore exercised, terminate on the date of such termination (or on such subsequent date on which such facts or circumstances arise or are discovered, as the case may be) unless otherwise determined by the committee administering the 2018 Plan.
 
Merger or Sale. In the event of a merger or sale, unless otherwise determined by the committee administering the 2018 Plan in its sole and absolute discretion, any award then outstanding will be assumed or will be substituted by us or by the successor corporation in the merger or sale or by any affiliate thereof under substantially the same terms as the award. In the event that awards are not assumed or substituted for equivalent awards, the committee administering the 2018 Plan may (i) provide for a grantee to have the right to exercise an award, or otherwise accelerate vesting of an award, as to all or part of the shares covered thereby, including shares covered by the award which would not otherwise be exercisable or vested, and/or (ii) provide for the cancelation of each outstanding award at the closing of the merger or sale, and payment to the grantee. In the event of a merger or sale, the committee administering the 2018 Plan may, without the consent of the grantee, amend, modify or terminate awards as the committee will deem in good faith to be appropriate.
 
2019 Equity-Based Incentive Plan
 
Effective Date and Shares Reserved. On February 28, 2019, our board of directors approved our 2019 Equity-Based Incentive Plan(the “2019 Plan”), which became effective upon shareholder approval on March 21, 2019. Our 2019 Plan replaced our 2007 Plan and our 2018 Plan(the “Prior Plans”), under which further grants will not be made. The 2019 Plan generally allows for the grant of options, restricted shares, restricted share units and other share-based awards to our and our affiliates’ employees, directors, officers, consultants and advisors. The 2019 Plan enables us to issue awards under varying tax regimes, including Section 102 and Section 3(i) awards pursuant to the Israeli Tax Ordinance and incentive stock options within the meaning of Section 422 of the Code. The maximum aggregate number of shares that may be issued pursuant to awards under the 2019 Plan is the sum of (a) 1,833,333 shares plus (b) on January 1 of each calendar year during the term of the 2019 Plan commencing in 2020, a number of shares equal to the lesser of: (i) an amount determined by our board of directors, if so determined prior to the January 1 of the calendar year in which the increase will occur, (ii) 5% of the total number of shares outstanding on December 31 of the immediately preceding calendar year and (iii) 5,000,000 shares.
 
Additionally, any share (i) underlying an award under the 2019 Plan or the Prior Plans (in an amount not to exceed 813,515 shares under the Prior Plans) that has expired, or was canceled, terminated, forfeited, repurchased or settled in cash in lieu of issuance of shares, for any reason, without having been exercised, (ii) tendered to pay the exercise price of an award (or the exercise price or other purchase price of any option or other award under the Prior Plans), or withholding tax obligations with respect to an award (or any awards under the Prior Plans), or (iii) subject to an award (or any award under the Prior Plans) that is not delivered to a grantee because such shares are withheld to pay the exercise price (or of any award under the Prior Plans), or withholding tax obligations with respect to such award (or such other award) will automatically be available for grant under the 2019 Plan. As of February 23, 2022, options to purchase a total of 2,068,509 shares and 2,453,049   unvested RSUs were outstanding under the 2019 Plan. In addition, our board of directors approved the grant of 1,679,300 RSUs to certain of our employees, which grant became effective on March 1, 2022.
 
Plan Administration. Either our board of directors or a committee established by our board of directors administers the 2019 Plan, and such administrator will have full authority in its discretion to determine (i) eligible grantees, (ii) grants of awards and setting the terms and provisions of award agreements (which need not be identical) and any other agreements or instruments under which awards are made, including the number of shares underlying each award and the class of shares underlying each award (if more than one class was designated by our board of directors), (iii) the time or times at which awards will be granted, (iv) the terms, conditions and restrictions applicable to each award (which need not be identical) and any shares acquired upon the exercise or (if applicable) vesting thereof, (v) to accelerate, continue, extend or defer the exercisability of any award or the vesting thereof, including with respect to the period following a grantee’s termination of employment or other service, (vi) the interpretation of the 2019 Plan and any award agreement and the meaning, interpretation and applicability of terms referred to in applicable laws, (vii) policies, guidelines, rules and regulations relating to and for carrying out the 2019 Plan, and any amendment, supplement or rescission thereof, as it may deem appropriate, (viii) to adopt supplements to, or alternative versions of, the 2019 Plan, including, without limitation, as it deems necessary or desirable to comply with the laws of, or to accommodate the tax regime or custom of, foreign jurisdictions whose citizens or residents may be granted awards, (ix) the fair market value of the shares or other property, (x) the tax track (capital gains, ordinary income track or any other track available under the Section 102 of the Israeli Tax Ordinance) for the purpose of Section 102 to the Israeli Tax Ordinance, (xi) the authorization and approval of conversion, substitution, cancelation or suspension under and in accordance with the 2019 Plan of any or all awards or shares, (xii) the amendment, modification, waiver or supplement of the terms of each outstanding award (with the consent of the applicable grantee, if such amendments refers to the increase of the exercise price of awards or reduction of the number of shared underlying an award (but, in each case, other than as a result of an adjustment or exercise of rights in accordance with the provisions of the 2019 Plan) unless otherwise provided under the terms of the 2019 Plan, (xiii) without limiting the generality of the foregoing, and subject to the provisions of applicable law, to grant to a grantee who is the holder of an outstanding award, in exchange for the cancelation of such award, a new award having an exercise price lower than that provided in the award so canceled and containing such other terms and conditions as the committee may prescribe in accordance with the provisions of the 2019 Plan or to set a new exercise price for the same award lower than that previously provided in the award, (xiv) to correct any defect, supply any omission or reconcile any inconsistency in the 2019 Plan or any award agreement and all other determinations and take such other actions with respect to the 2019 Plan or any award as it may deem advisable to the extent not inconsistent with the provisions of the 2019 Plan or applicable law, (xv) to designate any of our officers or other persons to manage the day to day administration of the awards granted under the 2019 Plan or authorize any of them to act on behalf of the committee with respect to any matter, right, obligation, determination or election which is the responsibility of or which is allocated to the committee herein, (xvi) to determine that awards, shares issuable upon the exercise or (if applicable) vesting of awards and/or any securities issued or distributed with respect thereto, shall be allocated or issued to, or held by, the representative in trust for the benefit of the grantees and (xvii) any other matter which is necessary or desirable for, or incidental to, the administration of the 2019 Plan and any award thereunder. The board of directors and the committee need not take the same action or determination with respect to all awards, with respect to certain types of awards, with respect to all service providers or any certain type of service providers and actions and determinations may differ as among the grantees, and as between the grantees and any other holders of our securities. The board of directors may, at any time, suspend, terminate, modify, or amend the 2019 Plan, whether retroactively or prospectively.
 
63


Types and Terms and Conditions of Awards. The committee may grant awards intended to qualify as an incentive stock option, non-qualified stock option, Section 102 award, Section 3(i) award, or other designations under other regimes. The 2019 Plan generally requires that incentive stock options have an exercise price that is not less than 100% of the fair market value of a share underlying such options or 110% in case of an employee who at the time of the grant owns shares possessing more than 10% of the total combined voting power of all classes of our shares or of any of our subsidiaries on the date of grant of such options or such other price as may be determined pursuant to the Code. The exercise price of any other awards granted will be determined by the committee.
 
The exercise period of an option award will be 10 years from the date of grant of the award unless otherwise determined by the committee, but subject to the vesting and the early termination provisions, provided that the period of an incentive stock option granted to an employee who at the time of the grant owns shares possessing more than 10% of the total combined voting power of all classes of our shares or of any of our subsidiaries, shall not exceed five years from the date of grant. Except as described below, an award generally may not be exercised unless the grantee is then in our employ or service and unless the grantee has remained continuously so employed since the date of grant of the award and throughout the vesting dates. In the event that the employment or service of a grantee terminates (other than by reason of death, disability or retirement), unless otherwise determined by the committee, all awards of such grantee that are unvested at the time of such termination shall terminate on the date of such termination, and all awards of such grantee that are vested and exercisable at the time of such termination may, unless earlier terminated in accordance with their terms, be exercised within up to three months after the date of such termination (or such different period as the committee will prescribe), but in any event no later than the date of expiration of the award’s term as set forth in the award agreement or pursuant to this 2019 Plan. In the event of a grantee’s death during employment or service or within three months following such grantee’s termination, (or such longer period as determined by the committee), or in the event of a grantee’s termination due to disability, all of the grantee’s vested awards may be exercised at any time within one year after such death or disability (or such longer period as determined by the committee). In the event of a grantee’s retirement, all of the grantee’s vested awards, unless earlier terminated in accordance with their terms, may be exercised at any time within the three month period following such retirement (or such different period as the committee shall prescribe). If we (or our affiliate, when applicable) terminate the grantee’s employment or service for cause (as defined in the 2019 Plan), or if at any time during the exercise period (whether prior to and after termination of employment or service, and whether or not the grantee’s employment or service is terminated by either party as a result thereof), facts or circumstances arise or are discovered with respect to the grantee that would have constituted cause, all awards theretofore granted to such grantee (whether vested or not) shall, to the extent not theretofore exercised, terminate on the date of such termination (or on such subsequent date on which such facts or circumstances arise or are discovered, as the case may be) unless otherwise determined by the committee.
 
Section 102 of the Israeli Tax Ordinance allows our employees, directors and executive officers who are not controlling shareholders and are Israeli residents for tax purposes to receive favorable tax treatment for share-based awards. Section 102 includes two alternatives for tax treatment involving the issuance of awards to a trustee for the benefit of the grantees and also includes an additional alternative for the issuance of awards directly to the grantee. We elected the “capital gain track” pursuant to Section 102(b)(2) of the Israeli Tax Ordinance for grants to eligible Israeli grantees as provided above, which may allow favorable tax treatment for such grantees. In order to comply with the terms of the capital gain track, all awards granted under the 2019 Plan and subject to the provisions of Section 102 of the Israeli Tax Ordinance, as well as the shares issued upon exercise of such awards and any rights granted thereunder, including bonus shares, must be registered in the name of a trustee selected by the board and held in trust for the benefit of the relevant grantee for the requisite period prescribed by the Israeli Tax Ordinance or such longer period as set by the committee. The trustee may release these awards or shares to the holders thereof after the expiration of the required statutory holding period, provided that the trustee has received an acknowledgment from the Israeli Tax Authority that the grantee paid all applicable taxes, or the trustee and/or us and/or our affiliate withholds all applicable taxes and compulsory payments due. Our non-employee service providers and controlling shareholders may only be granted options or RSUs under Section 3(i) of the Israeli Tax Ordinance, which will be taxed as ordinary income upon the exercise of such awards into shares.
 
The administrator may grant restricted share units, or RSUs, under the 2019 Plan, which are awards covering a number of shares that are settled, if vested, by issuance of those shares. The award agreement for any restricted shares granted will provide the vesting schedule and purchase price, if any, for the restricted shares. If a grantee’s employment or services to us or any of our affiliates terminates for any reason prior to the vesting of such grantee’s restricted shares, any shares that remain subject to vesting will be forfeited by such grantee. No payment of exercise price (subject to applicable law and the terms of the award agreement) will be required as consideration for RSUs.
 
64


The administrator may grant other awards under the 2019 Plan, including shares (which may, but need not, be restricted shares), cash, a combination of cash and shares, awards denominated in share units, and share appreciation rights. However, to qualify as Section 102 or Section 3(i) awards pursuant to the Israeli Tax Ordinance, the award must be share-based compensation only and not cash compensation or any award that is settled in cash.
 
Adjustment Provisions. In the event of a division or subdivision of our outstanding share capital, any distribution of bonus shares (share split), consolidation or combination of our share capital (reverse stock split), reclassification with respect to our shares or any similar recapitalization events, a merger (including, a reverse merger and a reverse triangular merger), consolidation, amalgamation or like transaction of us with or into another corporation, reorganization (which may include a combination or exchange of shares, spin-off or other corporate divestiture or division, or other similar occurrences), the committee shall have the authority to make, without the need for a consent of any holder of an award, such adjustments as determined by the committee to be appropriate, in its discretion, in order to adjust (i) the number and class of shares reserved and available for grants of awards, (ii) the number and class of shares covered by outstanding awards, (iii) the exercise price per share covered by any award, (iv) the terms and conditions concerning vesting and exercisability and the term and duration of the outstanding awards and (v) any other terms of the award that in the opinion of the committee should be adjusted.
 
In the event of (i) a sale of all or substantially all of our assets, or a sale (including an exchange) of all or substantially all of our shares, to any person, or a purchase by any of our shareholders or by an affiliate of such shareholder, of all or substantially all of our shares held by all or substantially all other shareholders or by other shareholders who are not affiliated with such acquiring party; (ii) a merger (including, a reverse merger and a reverse triangular merger), consolidation, amalgamation or like transaction of us with or into another corporation; (iii) a scheme of arrangement for the purpose of effecting such sale, merger, consolidation, amalgamation or other transaction; (iv) change in board event, which means any time at which individuals who, as of the effective date of the 2019 Plan, constitute the incumbent board cease for any reason to constitute at least a majority of the board; provided, however, that any individual becoming a director subsequent to the effective date of the 2019 Plan whose election, or nomination for election by our shareholders, was approved by a vote of at least a majority of the directors then comprising the incumbent board shall be considered as though such individual were a member of the incumbent board, but excluding, for this purpose, any such individual whose initial assumption of office occurs as a result of an actual or threatened election contest with respect to the election or removal of directors or other actual or threatened solicitation of proxies or consents by or on behalf of a person other than the board; (v) approval by our shareholders of a complete liquidation or dissolution of the company; or (vi) such other transaction or set of circumstances that is determined by the board (being the incumbent board in case of a change in board event), in its discretion, to be a transaction subject to these provisions of the 2019 Plan; excluding any of the above transactions in clauses (i) through (v) if the board (being the incumbent board in case of a change in board event) determines that such transaction should be excluded from the definition hereof and the applicability of this provision of the 2019 Plan, any award then outstanding will be assumed or will be substituted by us or by the successor corporation in such change in control or by any affiliate thereof, as determined by the committee in its discretion, under terms as determined by the committee or the terms of the 2019 Plan applied by the successor corporation to such assumed or substituted award, unless otherwise determined by the sole and absolute discretion of the committee. Regardless of whether awards are assumed or substituted the committee may (but will not be obligated to), in its sole discretion: (a) provide for grantees to have the right to exercise their awards or otherwise for the acceleration of vesting of award in respect of all or part of the shares covered by the awards which would not otherwise be exercisable or vested, under such terms and conditions as the committee will determine, including the cancelation of all unexercised awards (whether vested or unvested) upon or immediately prior to the closing of the change in control; and/or (b) provide for the cancelation of each outstanding and unexercised award at or immediately prior to the closing of the change in control, and payment to the grantees of an amount in cash, our shares, the acquirer or of a corporation or other business entity which is a party to the change in control or other property, as determined by the committee to be fair in the circumstances, and subject to such terms and conditions as determined by the committee. Notwithstanding the foregoing, in the event of change in control, the committee may determine, in its sole discretion, that upon completion of such change in control, the terms of any award be otherwise amended, modified or terminated, as the committee deems in good faith to be appropriate.
 
Miscellaneous Provisions. Awards under the 2019 Plan are not transferable other than by will or by the laws of descent and distribution or to a grantee’s designated beneficiary, unless, in the case of awards other than incentive stock options, otherwise determined by our committee or under the 2019 Plan, and generally expire 10 years following the grant date. The board of directors may at any time amend, suspend, terminate or modify the 2019 Plan and the administrator may at any time modify or amend any award under the 2019 Plan.
 

C.
Board Practices
 
Corporate Governance Practices
 
Under the Israeli Companies Law, companies incorporated under the laws of the State of Israel whose shares are publicly traded, including companies with shares listed on NYSE, are considered public companies under Israeli law and are required to comply with various corporate governance requirements under Israeli law relating to matters such as external directors, the audit committee, the compensation committee and an internal auditor. This is the case even though our shares are not listed on a stock exchange in Israel. Subject to certain exceptions, these requirements are in addition to the corporate governance requirements imposed by NYSE rules and other applicable provisions of U.S. securities laws to which we are subject (as a foreign private issuer). Under NYSE rules, a foreign private issuer, such as us, may generally follow its home country rules of corporate governance in lieu of the comparable NYSE corporate governance requirements, except for certain matters, including the composition and responsibilities of the audit committee and the independence of its members within the meaning of the rules and regulations of the SEC.
 

65


We currently comply with the rules generally applicable to U.S. domestic companies listed on NYSE. We may in the future decide to use the foreign private issuer exemption with respect to certain NYSE corporate governance requirements.
 
Board of Directors and Executive Officers
 
Under the Israeli Companies Law, our board of directors determines our policies and supervises the performance of our chief executive officer. Our board of directors may exercise all powers and may take all actions that are not specifically granted to our shareholders or to management. Our executive officers are responsible for our day-to-day management. Our executive officers serve at the discretion of our board of directors, subject to the terms of their respective employment agreements.
 
Independent Directors
 
We comply with NYSE rules, which require that a majority of our directors are independent. Our board of directors has determined that all of our directors, other than Reuven Kitov and Reuven Harrison, qualify as independent under such rules.
 
Board Composition and Election
 
Under our amended and restated articles of association, the number of directors on our board of directors must be no less than six and no more than 10, including any director appointed by one or both of our founders, or a founder director, pursuant to the appointment rights described under “—Appointment Rights.” The minimum and maximum number of directors may be changed, at any time and from time to time, by a special vote of the holders of at least 66 2/3% of our outstanding shares.
 
Other than any founder director, our directors are divided into three classes with staggered three-year terms. Each class of directors consists, as nearly as possible, of 1/3 of the total number of directors constituting the entire board of directors (other than any founder director). At each annual general meeting of our shareholders, the election or re-election of directors following the expiration of the term of office of the directors of that class of directors is for a term of office that expires on the third annual general meeting following such election or re-election, such that at each annual general meeting the term of office of only one class of directors will expire. Each director, aside from any founder director, holds office until the annual general meeting of our shareholders for the year in which his or her term expires and until his or her successor is duly appointed, unless the tenure of such director expires earlier pursuant to the Israeli Companies Law upon the occurrence of certain events or unless removed from office by a vote of the holders of at least 66 2/3% of the total voting power of our shareholders at a general meeting of our shareholders in accordance with our amended and restated articles of association.
 
Our directors who are not founder directors are divided among the three classes as follows:
 
 
the Class I directors consist of Edouard Cukierman, Reuven Harrison and Yuval Shachar, and their terms will expire at our annual general meeting of shareholders to be held in 2023;
 
 
the Class II directors, consist of Ohad Finkelstein, Reuven Kitov and Brian Gumbel and their terms will expire at our annual general meeting of shareholders to be held in 2024; and
 
 
the Class III directors consist of Yair Shamir, Tom Schodorf, Dafna Gruber and Peter Campbell and their terms will expire at our annual general meeting of shareholders to be held in 2022.

External Directors
 
Under the Israeli Companies Law, companies incorporated under the laws of the State of Israel that are public companies, including companies with shares listed on NYSE, are required to appoint at least two external directors.
 
66

Pursuant to regulations enacted under the Israeli Companies Law, the board of directors of a public company whose shares are listed on certain non-Israeli stock exchanges, including NYSE, that do not have a controlling shareholder (as such term is defined in the Israeli Companies Law), may, subject to certain conditions, elect to “opt-out” of the requirements of the Israeli Companies Law regarding the election of external directors and to the composition of the audit committee and compensation committee, provided that the company complies with the requirements as to director independence and audit committee and compensation committee composition applicable to companies that are incorporated in the jurisdiction in which its stock exchange is located. In May 2020, our board of directors elected to opt-out of the Israeli Companies Law requirements to appoint external directors and related Israeli Companies Law rules concerning the composition of the audit committee and compensation committee.
 
The foregoing exemptions will continue to be available to us so long as: (i) we do not have a “controlling shareholder” (as such term is defined under the Israeli Companies Law), (ii) our shares are traded on a U.S. stock exchange, including NYSE, and (iii) we comply with NYSE rules applicable to domestic U.S. companies. If in the future we were to have a controlling shareholder, we would again be required to comply with the requirements relating to external directors and composition of the audit committee and compensation committee.
 
Under the Israeli Companies Law, the term “controlling shareholder” means a shareholder with the ability to direct the activities of the company, other than by virtue of being an office holder. A shareholder is presumed to be a controlling shareholder if the shareholder holds 50% or more of the voting rights in a company or has the right to appoint the majority of the directors of the company or its general manager. For the purpose of approving transactions with controlling shareholders, the term “controlling shareholder” also includes any shareholder that holds 25% or more of the voting rights of the company if no other shareholder holds more than 50% of the voting rights in the company.
 
Lead Independent Director
 
As approved by our board of directors, for so long as the same person serves both as our Chief Executive Officer and Chairman of the Board, the non-executive board members will select a Lead Independent Director from among the independent directors of the Board. If at any meeting of the Board the Lead Independent Director is not present, a majority of the independent members of the Board present will select an independent member of the Board to act as Lead Independent Director for the purpose and duration of such meeting. The authorities and responsibilities of the Lead Independent Director include, but are not limited to, the following:
 
 
Presiding at all meetings of the Board of Directors at which the Chairman is not present, including executive sessions of the independent directors;
 
 
Serving as a liaison between the Chairman and the independent directors;
 
 
Having the authority to recommend that the Board of Directors retain consultants or advisers that report directly to the Board of Directors;
 
 
Approving information sent to the Board of Directors;
 
 
Approving meeting agendas for the Board of Directors;
 
 
Approving meeting schedules to assure that there is sufficient time for discussion of all agenda items;
 
 
Having the authority to call meetings of the independent directors; and
 
 
If requested by major shareholders, ensuring that he is available for consultation and direct communication.
 
As Mr. Reuven Kitov is currently the Company’s Co-Founder, Chairman of the Board of Directors and Chief Executive Officer, the non-executive board members elected Tom Schodorf to be the Lead Independent Director.
 
Appointment Rights
 
Under our amended and restated articles of association, our founders, Reuven Kitov and Reuven Harrison, jointly have the right to appoint one director to our board of directors so long as they each hold voting control over 2% of our outstanding ordinary shares. Pursuant to an agreement between them, Reuven Kitov will designate the director to be appointed in this instance subject to prior consultation with Reuven Harrison. If only one of the founders holds voting control over 2% of our outstanding ordinary shares, such founder has the sole right to appoint one director. The appointment rights of our founders are suspended if either founder is otherwise serving on our board of directors. The term of office for a founder director expires if the appointment rights are suspended or if the founders or founder, as the case may be, no longer holds the requisite voting control.
 
67


Under our amended and restated articles of association, our board of directors may appoint new directors to fill vacancies (whether such vacancy is due to a director no longer serving or due to the number of directors serving being less than the maximum required in our amended and restated articles of association). Our amended and restated articles of association provide that the term of a director appointed by our board of directors to fill any vacancy will be for the remaining term of office of the director(s) whose office(s) have been vacated. See “Item 6.C. Board Practices—External Directors” for a description of the exemption from the requirements under the Israeli Companies Law to appoint external directors.
 
Other Considerations
 
Under the Israeli Companies Law, the chief executive officer of a public company may not serve as the chairman of the board of directors of that company unless approved by a special majority of shareholders. However, if the roles of chief executive officer and chairman of the board of directors are held by the same person and this arrangement was approved by the company’s shareholders prior to its initial public offering and is described in the company’s initial public offering prospectus, shareholder approval is only required upon the lapse of the fifth anniversary of the initial public offering. Reuven Kitov, our Chief Executive Officer, also serves as our Chairman of the board of directors, as was approved by our shareholders in 2019 prior to our initial public offering. We may, at the conclusion of the five-year period, and again thereafter, seek further shareholder approval for the renewal of such dual role for up to an additional three years at a time.
 
In addition, under the Israeli Companies Law, our board of directors must determine the minimum number of directors who are required to have “accounting and financial expertise.” Under applicable regulations, a director with accounting and financial expertise is a director who, by reason of his or her education, professional experience and skill, possesses an expertise in and understanding of financial and accounting matters and financial statements. He or she must be able to thoroughly comprehend the financial statements of the company and initiate debate regarding the manner in which financial information is presented. In determining the number of directors required to have such expertise, the board of directors must consider, among other things, the type and size of the company and the scope and complexity of its operations. Our board of directors has determined that we require at least one director with the requisite accounting and financial expertise, and it has determined Dafna Gruber has such expertise.
 
There are no familial relationships among any of our office holders (including directors).
 
Audit Committee
 
Israeli Companies Law Requirements
 
Under the Israeli Companies Law, the board of directors of a public company must appoint an audit committee comprised of at least three directors. Our audit committee consists of three independent directors, Tom Schodorf (Lead Independent Director), Peter Campbell and Dafna Gruber.
 
Listing Requirements
 
Under NYSE corporate governance requirements, we are required to maintain an audit committee consisting of at least three independent directors, all of whom are financially literate and one of whom has accounting or related financial management expertise.
 
Our audit committee consists of Dafna Gruber, Peter Campbell and Tom Schodorf. Peter Campbell serves as the chairperson of our audit committee. All members of our audit committee meet the requirements for financial literacy under the applicable rules and regulations of the SEC and NYSE corporate governance rules. Our board of directors has determined in its business judgment that each of Peter Campbell and Dafna Gruber are audit committee financial experts as defined by the SEC rules and has the requisite accounting or related financial management expertise as required by NYSE corporate governance requirements. Each of Dafna Gruber, Peter Campbell and Tom Schodorf is “independent” as such term is defined in Rule 10A-3(b)(1) under the Exchange Act and NYSE corporate governance requirements for audit committee members.
 
Approval of Transactions with Related Parties
 
The approval of the audit committee is required to effect specified actions and transactions with office holders and controlling shareholders and their relatives, or in which they have a personal interest. See “Item 6.C. Board Practices—Fiduciary Duties and Approval of Specified Related Party Transactions and Compensation under Israeli Law.” The audit committee may not approve an action or a transaction with a controlling shareholder or with an office holder unless, among other things, at the time of approval the audit committee meets the composition requirements under the Israeli Companies Law.
 
68


Audit Committee Role
 
Our board of directors has adopted an audit committee charter that sets forth the responsibilities of the audit committee consistent with the Israeli Companies Law, SEC rules and NYSE corporate governance requirements, which include, among other responsibilities:
 
 
retaining and terminating our independent auditors, subject to board of directors and shareholder ratification;
 
 
overseeing the independence, compensation and performance of the company’s independent auditors;
 
 
the appointment, compensation, retention and oversight of any accounting firm engaged for the purpose of preparing or issuing an audit report or performing other audit services;
 
 
pre-approval of audit and non-audit services to be provided by the independent auditors;
 
 
reviewing with management and our independent directors our financial statements prior to their submission to the SEC; and
 
 
approval of certain transactions with office holders and controlling shareholders, as described below, and other related party transactions.

Additionally, under the Israeli Companies Law, the role of the audit committee includes the identification of irregularities in our business management, among other things, by consulting with the internal auditor or our independent auditors and suggesting an appropriate course of action to the board of directors. In addition, the audit committee or the board of directors, as set forth in the articles of association of the company, is required to approve the yearly or periodic work plan proposed by the internal auditor. The audit committee is required to assess the company’s internal audit system and the performance of its internal auditor. The Israeli Companies Law also requires that the audit committee assess the scope of the work and compensation of the company’s external auditor. In addition, the audit committee is required to determine whether certain related party actions and transactions are “material” or “extraordinary” for the purpose of the requisite approval procedures under the Israeli Companies Law and whether certain transactions with a controlling shareholder will be subject to a competitive procedure (regardless of whether such transactions are deemed extraordinary transactions) and to set forth the approval process for transactions that are “non-negligible” (meaning, transactions with a controlling shareholder that are classified by the audit committee as non-negligible, even though they are not deemed extraordinary transactions), as well as determining which types of transactions would require the approval of the audit committee, optionally based on criteria which may be determined annually in advance by the audit committee.
 
The audit committee charter states that the audit committee is empowered to conduct or authorize investigations into any matters within its scope of responsibilities.
 
Compensation Committee
 
Under the Israeli Companies Law, the board of directors of any public company must appoint a compensation committee. Our compensation committee consists of three independent directors, Peter Campbell, Dafna Gruber and Brian Gumbel. Peter Campbell serves as the chairman of our compensation committee.
 
Listing Requirements
 
Under SEC and NYSE rules, there are heightened independence standards for members of the compensation committee, including a prohibition against the receipt of any compensation from us other than standard supervisory board member fees. Although foreign private issuers are not required to meet this heightened standard or the requirements general for a compensation committee, our board of directors has determined that all of our compensation committee members meet this heightened standard and other independence requirements. Each of Peter Campbell, Dafna Gruber and Brian Gumbel is “independent” under the NYSE corporate governance requirements for compensation committee members.
 
Compensation Committee Role
 
Our board of directors has adopted a compensation committee charter that sets forth the responsibilities of the compensation committee consistent with the Israeli Companies Law, SEC rules and NYSE corporate governance requirements, which include, among other responsibilities:
 
 
recommending to the board of directors the compensation policy for directors and executive officers, and to recommend to the board of directors once every three years whether the compensation policy that had been approved should be extended for a period of more than three years;
 
 
recommending to the board of directors updates to the compensation policy, from time to time, and examine its implementation;
 
 
deciding whether to approve the terms of office and employment of directors and executive officers that require approval of the compensation committee;
 
 
deciding whether the compensation terms of the chief executive officer, which were determined pursuant to the compensation policy, will be exempted from approval by the shareholders because such approval would harm the ability to engage the chief executive officer; and
 
 
administering and, where applicable, recommending to our board of directors regarding the awarding of employee equity grants.

69

 
Compensation Policy
 
In general, under the Israeli Companies Law, a public company must have a compensation policy approved by the board of directors after receiving and considering the recommendations of the compensation committee. In addition, the compensation policy requires the approval of the general meeting of the shareholders, which approval requires one of the following: (i) the majority of shareholder votes counted at a general meeting including the majority of all of the votes of those shareholders who are non-controlling shareholders and do not have a personal interest in the approval of the compensation policy, who vote at the meeting (excluding abstentions) or (ii) the total number of votes against the proposal among the shareholders mentioned in clause (i) above does exceed 2% of the voting rights in the company. However, under special circumstances, the board of directors may override the shareholders’ decision and approve the compensation policy despite the objection of the shareholders on the condition that the compensation committee and then the board of directors decide, on the basis of detailed arguments and after discussing again the compensation policy, that approval of the compensation policy, despite the objection of the meeting of shareholders, is for the benefit of the company.
 
If a company that initially offers its securities to the public adopts a compensation policy in advance of its initial public offering, and describes it in its prospectus, as we did in the prospectus for our initial public offering, then such compensation policy shall be deemed a validly adopted policy in accordance with the Israeli Companies Law requirements described above. Furthermore, if the compensation policy is set in accordance with the aforementioned relief, then it will remain in effect for term of five years from the date such company has become a public company.
 
The compensation policy must be based on certain considerations, include certain provisions and needs to reference certain matters as set forth in the Israeli Companies Law.
 
The compensation policy must serve as the basis for decisions concerning the financial terms of employment or engagement of office holders, including exculpation, insurance, indemnification or any monetary payment or obligation of payment in respect of employment or engagement. The compensation policy must relate to certain factors, including advancement of the company’s objectives, business plan and long-term strategy, and creation of appropriate incentives for office holders. It must also consider, among other things, the company’s risk management, size and the nature of its operations. The compensation policy must furthermore consider the following additional factors:
 
 
the education, skills, experience, expertise and accomplishments of the relevant office holder;
 
 
the office holder’s position, responsibilities and prior compensation agreements with that office holder;
 
 
the ratio between the cost of the terms of employment of an office holder and the cost of the employment of other employees of the company, including employees employed through contractors who provide services to the company, in particular the ratio between such cost, the average and median salary of the employees of the company, as well as the impact of such disparities on the work relationships in the company;
 
 
if the terms of employment include variable components—the possibility of reducing variable components at the discretion of the board of directors and the possibility of setting a limit on the value of non-cash variable equity-based components; and
 
 
if the terms of employment include severance compensation—the term of employment or office of the office holder, the terms of his or her compensation during such period, the company’s performance during the such period, his or her individual contribution to the achievement of the company goals and the maximization of its profits and the circumstances under which he or she is leaving the company.
 
70


The compensation policy must also include:
 
 
with regard to variable components:
 
 
with the exception of office holders who report directly to the chief executive officer, determining the variable components on long-term performance basis and on measurable criteria; however, the company may determine that an immaterial part of the variable components of the compensation package of an office holder’s shall be awarded based on non-measurable criteria, if such amount is not higher than three monthly salaries per annum, while taking into account such office holder contribution to the company; and
 
 
the ratio between variable and fixed components, as well as the limit of the values of variable components at the time of their grant;
 
 
a condition under which the office holder will return to the company, according to conditions to be set forth in the compensation policy, any amounts paid as part of his or her terms of employment, if such amounts were paid based on information later to be discovered to be wrong, and such information was restated in the company’s financial statements;
 
 
the minimum holding or vesting period of variable equity-based components to be set in the terms of office or employment, as applicable, while taking into consideration long-term incentives; and
 
 
a limit to retirement grants.
 
Our compensation policy, which was adopted and approved on March 21, 2019 and amended on July 29, 2020 and July 15, 2021, is designed to promote retention and motivation of directors and executive officers, incentivize superior individual excellence, align the interests of our directors and executive officers with our long-term performance and provide a risk management tool. To that end, a portion of an executive officer compensation package is targeted to reflect our short- and long-term goals, as well as the executive officer’s individual performance. On the other hand, our compensation policy includes measures designed to reduce the executive officer’s incentives to take excessive risks that may harm us in the long-term, such as limits on the value of cash bonuses and equity-based compensation, limitations on the ratio between the variable and the total compensation of an executive officer and minimum vesting periods for equity-based compensation.
 
Our compensation policy also addresses each of our executive officers’ individual characteristics (such as his or her respective position, education, scope of responsibilities and contribution to the attainment of our goals) as the basis for compensation variation among our executive officers, and considers the internal ratios between compensation of our executive officers and directors and other employees. Pursuant to our compensation policy, the compensation that may be granted to an executive officer may include: base salary, annual bonuses and other cash bonuses (such as a signing bonus and special bonuses with respect to any special achievements, such as outstanding personal achievement, outstanding personal effort or outstanding company performance), equity-based compensation, benefits and retirement and termination of service arrangements. All cash bonuses are limited to a maximum amount linked to the executive officer’s base salary. In addition, the total variable compensation components (cash bonuses and equity-based compensation) may not exceed 95% of each executive officer’s total compensation package with respect to any given calendar year.
 
An annual cash bonus may be awarded to executive officers upon the attainment of pre-set periodic objectives determined by the compensation committee and individual targets. The annual cash bonus, which may be granted to our executive officers other than our chief executive officer, is based on performance objectives and a discretionary evaluation of the executive officer’s overall performance by our chief executive officer and subject to minimum thresholds. The annual cash bonus that may be granted to executive officers other than our chief executive officer may be based entirely on a discretionary evaluation. Furthermore, the performance objectives are recommended by our chief executive officer and approved by our compensation committee (and, if required by law, by our board of directors).
 
The performance measurable objectives of our chief executive officer are determined annually by our compensation committee and board of directors, and include the weight to be assigned to each achievement in the overall evaluation. A less significant portion of the chief executive officer’s annual cash bonus may be based on a discretionary evaluation of the chief executive officer’s overall performance by the compensation committee and the board of directors based on quantitative and qualitative criteria.
 
The equity-based compensation under our compensation policy for our executive officers (including members of our board of directors) is designed in a manner consistent with the underlying objectives in determining the base salary and the annual cash bonus, with its main objectives being to enhance the alignment between the executive officers’ interests with our long-term interests and those of our shareholders and to strengthen the retention and the motivation of executive officers in the long term. Our compensation policy provides for executive officer compensation in the form of share options or other equity-based awards, such as restricted shares and restricted share units, in accordance with our equity incentive plans then in place. All equity-based incentives granted to executive officers shall be subject to vesting periods in order to promote long-term retention of the executive officers. The equity-based compensation shall be granted from time to time and be individually determined and awarded according to the performance, educational background, prior business experience, qualifications, role and the personal responsibilities of the executive officer.
 
71


In addition, our compensation policy contains compensation recovery provisions which allows us under certain conditions to recover bonuses paid in excess, enables our chief executive officer to approve an immaterial change in the terms of employment of an executive officer (provided that the changes of the terms of employment are in accordance our compensation policy) and allows us to exculpate, indemnify and insure our executive officers and directors subject to certain limitations set forth thereto.
 
Our compensation policy also provides for compensation to the members of our board of directors either (i) in accordance with the amounts provided in the Israeli Companies Regulations (Rules Regarding the Compensation and Expenses of an External Director) of 2000, as amended by the Israeli Companies Regulations (Relief for Public Companies Traded in Stock Exchange Outside of Israel) of 2000, as such regulations may be amended from time to time, or (ii) in accordance with the amounts determined in our compensation policy.
 
Nominating and Corporate Governance Committee
 
Our nominating and corporate governance committee consists of Dafna Gruber, Yuval Shachar and Yair Shamir. Yuval Shachar serves as the chairperson of our nominating and corporate governance committee.
 
Listing Requirements
 
Under NYSE corporate governance requirements, we are required to maintain a nominating and corporate governance committee composed only of independent directors, but may opt out as a foreign private issuer. Our board of directors has determined that all of our nominating and corporate governance committee members meet such standards. Each of Dafna Gruber, Yuval Schachar and Yair Shamir is “independent” under NYSE corporate governance requirements.
 
Nominating and Corporate Governance Committee Role
 
Our board of directors has adopted a nominating and corporate governance committee charter that sets forth the responsibilities of the nominating and corporate governance committee consistent with the Israeli Companies Law, SEC rules and NYSE corporate governance requirements, which include, among other responsibilities:
 
 
supporting and advising our board of directors in selecting director nominees, consistent with the criteria approved by our board of directors, who are best able to fulfill the responsibilities of a director;
 
 
overseeing the evaluation of our board of directors and our management; and
 
 
otherwise taking a leadership role in shaping our corporate governance establishing and maintaining effective corporate governance policies and practices, including developing and recommending to our board of directors a set of corporate governance guidelines applicable to our company.
 
Internal Auditor
 
Under the Israeli Companies Law, the board of directors of a public company must appoint an internal auditor based on the recommendation of the audit committee. The role of the internal auditor is, among other things, to examine whether a company’s actions comply with applicable law and orderly business procedure. Under the Israeli Companies Law, the internal auditor may not be an interested party or an office holder or a relative of an interested party or of an office holder, nor may the internal auditor be the company’s independent auditor or the representative of the same.
 
An “interested party” is defined in the Israeli Companies Law as (i) a holder of 5% or more of the issued share capital or voting power in a company, (ii) any person or entity who has the right to designate one or more directors or to designate the chief executive officer of the company or (iii) any person who serves as a director or as a chief executive officer of the company.
 
Chaikin, Cohen, Rubin & Co. has been appointed as our internal auditor.
 
72

 
Fiduciary Duties and Approval of Specified Related Party Transactions and Compensation under Israeli Law
 
Fiduciary Duties of Office Holders
 
The Israeli Companies Law imposes a duty of care and a duty of loyalty on all office holders of a company. The duty of care requires an office holder to act with the degree of skill and care with which a reasonable office holder in the same position would have acted under the same circumstances. The duty of care includes, among other things, a duty to use reasonable means, in light of the circumstances, to obtain:
 
 
information on the advisability of a given action brought for his or her approval or performed by virtue of his or her position; and
 
 
all other important information pertaining to such action.
 
The duty of loyalty incumbent on an office holder requires him or her to act in good faith and for the benefit of the company, and includes, among other things, the duty to:
 
 
refrain from any act involving a conflict of interest between the performance of his or her duties in the company and his or her other duties or personal affairs;
 
 
refrain from any activity that is competitive with the business of the company;
 
 
refrain from exploiting any business opportunity of the company for the purpose of gaining a personal advantage for himself or herself or others; and
 
 
disclose to the company any information or documents relating to the company’s affairs which the office holder received as a result of his or her position as an office holder.
 
Disclosure of Personal Interests of an Office Holder and Approval of Certain Transactions
 
Under the Israeli Companies Law, a company may approve an act specified above which would otherwise constitute a breach of the office holder’s fiduciary duty, provided that the office holder acted in good faith, the act or its approval does not harm the company, and the office holder discloses to the company his or her personal interest in the transaction (including any significant fact or document) a reasonable time before the approval of such act. Any such approval is subject to the terms of the Israeli Companies Law, setting forth, among other things, the appropriate bodies of the company required to provide such approval, and the methods of obtaining such approval.
 
The Israeli Companies Law requires that an office holder promptly disclose to the company any direct or indirect personal interest that he or she may have and all related material information or documents known to him or her relating to any existing or proposed transaction by the company. An interested office holder’s disclosure must be made promptly and, in any event, no later than the first meeting of the board of directors at which the transaction is considered. An office holder is not obliged to disclose such information if the personal interest of the office holder derives solely from the personal interest of his or her relative in a transaction that is not considered an extraordinary transaction.
 
If the transaction is an extraordinary transaction, the office holder must also disclose any personal interest held by:
 
 
the office holder’s relatives (spouse, siblings, parents, grandparents, descendants, spouse’s descendants and the spouses of any of these people); or
 
 
any company in which the office holder or his or her relatives holds 5% or more of the shares or voting rights, serves as a director or general manager or has the right to appoint at least one director or the general manager.
 
Under the Israeli Companies Law, unless the articles of association of a company provide otherwise, a transaction with an office holder or with a third party in which the office holder has a personal interest, which is not an extraordinary transaction, requires approval by the board of directors or a committee authorized by the board of directors. Our amended and restated articles of association provide that such a transaction, which is not an extraordinary transaction, shall be approved by the board of directors or a committee of the board of directors or any other body or person (which has no personal interest in the transaction) authorized by the board of directors. If the transaction considered is an extraordinary transaction with an office holder or third party in which the office holder has a personal interest, then audit committee approval is required prior to approval by the board of directors. Under specific circumstances, shareholder approval may also be required. For the approval of compensation arrangements with directors and executive officers, see “Item 6.B. Compensation—Compensation of Directors and Executive Officers.”
 
Any persons who have a personal interest in the approval of a transaction that is brought before a meeting of the board of directors or the audit committee may not be present at the meeting or vote on the matter. However, if the chairman of the board of directors or the chairman of the audit committee, as applicable, has determined that the presence of an office holder with a personal interest is required, such office holder may be present at the meeting for the purpose of presenting the matter. Notwithstanding the foregoing, a director who has a personal interest may be present at the meeting of the board of directors or the audit committee (as applicable) and vote on the matter if a majority of the members of the board of directors or the audit committee (as applicable) have a personal interest in the approval of such transaction. If a majority of the directors at a board of directors meeting have a personal interest in the transaction, such transaction also generally requires approval of the shareholders of the company.
 
73


A “personal interest” is defined under the Israeli Companies Law as the personal interest of a person in an action or in a transaction of the company, including the personal interest of such person’s relative or the interest of any other corporate body in which the person and/or such person’s relative is a director or general manager, a 5% shareholder or holds 5% or more of the issued and outstanding share capital of the company or of its voting rights, or has the right to appoint at least one director or the general manager, but excluding a personal interest stemming solely from the fact of holding shares in the company. A personal interest also includes (i) a personal interest of a person who votes according to a proxy of another person, including in the event that the other person has no personal interest, and (ii) a personal interest of a person who gave a proxy to another person to vote on his or her behalf regardless of whether the discretion of how to vote lies with the person voting.
 
An “extraordinary transaction” is defined under the Israeli Companies Law as any of the following:
 
 
a transaction other than in the ordinary course of business;
 
 
a transaction that is not on market terms; or
 
 
a transaction that may have a material impact on the company’s profitability, assets or liabilities.
 
Disclosure of Personal Interests of a Controlling Shareholder and Approval of Transactions
 
Pursuant to the Israeli Companies Law, the disclosure requirements that apply to an office holder also apply to a controlling shareholder of a public company. Extraordinary transactions with a controlling shareholder or in which a controlling shareholder has a personal interest, including a private placement in which a controlling shareholder has a personal interest, and the terms of engagement of the company, directly or indirectly, with a controlling shareholder or a controlling shareholder’s relative (including through a corporation controlled by a controlling shareholder), regarding the company’s receipt of services from the controlling shareholder, and if such controlling shareholder is also an office holder or employee of the company, regarding his or her terms of employment, require the approval of each of (i) the audit committee (or the compensation committee with respect to the terms of the engagement as an office holder or employee, including insurance, indemnification and compensation), (ii) the board of directors and (iii) the shareholders, in that order. In addition, the shareholder approval must fulfill one of the following requirements:
 
 
a majority of the shares held by shareholders who have no personal interest in the transaction and are voting at the meeting must be voted in favor of approving the transaction, excluding abstentions; or
 
 
the shares voted by shareholders who have no personal interest in the transaction who vote against the transaction represent no more than 2% of the voting rights in the company.
 
Such majority determined in accordance with the majority requirement described above is hereinafter referred to as the Compensation Special Majority Requirement.
 
Any such transaction for which the term is more than three years must be approved in the same manner every three years, unless with respect to certain transactions as permitted by the Israeli Companies Law, the audit committee has determined that a longer term is reasonable under the circumstances. In addition, transactions with a controlling shareholder or a controlling shareholder’s relative who serves as an executive officer in a company, directly or indirectly (including through a corporation under his control), involving the receipt of services by a company or their compensation can have a term of five years from the company’s initial public offering under certain circumstances.
 
The Israeli Companies Law requires that every shareholder that participates, in person or by proxy, in a vote regarding a transaction with a controlling shareholder, must indicate in advance or in the ballot whether or not that shareholder has a personal interest in the vote in question. Failure to so indicate generally results in the invalidation of that shareholder’s vote.
 
Disclosure of Compensation of Executive Officers
 
For so long as we qualify as a foreign private issuer, we are not required to comply with the proxy rules applicable to U.S. domestic filers, including the requirement applicable to emerging growth companies to disclose the compensation of our chief executive officer and other two most highly compensated executive officers on an individual, rather than an aggregate, basis. Nevertheless, regulations promulgated under the Israeli Companies Law require us to disclose in the proxy statement for the annual general meeting of our shareholders (or to include a reference therein to other previously furnished public disclosure) the annual compensation of our five most highly compensated executive officers on an individual, rather than an aggregate, basis. This disclosure will not be as extensive as that required of a U.S. domestic issuer.
 
74


Compensation of Directors and Executive Officers
 
Directors. Under the Israeli Companies Law, the compensation of our directors requires the approval of our compensation committee, the subsequent approval of the board of directors and, unless exempted under regulations promulgated under the Israeli Companies Law, the approval of the shareholders at a general meeting. If the compensation of our directors is inconsistent with our compensation policy, then, provided that those provisions that must be included in the compensation policy according to the Israeli Companies Law have been considered by the compensation committee and board of directors, and provided that shareholder approval is obtained by the Compensation Special Majority Requirement.
 
Executive Officers (other than the Chief Executive Officer). The Israeli Companies Law requires the approval of the compensation of a public company’s executive officers (other than the chief executive officer) in the following order: (i) the compensation committee, (ii) the company’s board of directors and (iii) if such compensation arrangement is inconsistent with the company’s compensation policy, the company’s shareholders (the Compensation Special Majority Requirement). However, if the shareholders of the company do not approve a compensation arrangement with an executive officer that is inconsistent with the company’s compensation policy, the compensation committee and board of directors may override the shareholders’ decision if each of the compensation committee and the board of directors provide detailed reasons for their decision.
 
Chief Executive Officer. The Israeli Companies Law requires the approval of the compensation of a public company’s chief executive officer in the following order: (i) the company’s compensation committee, (ii) the company’s board of directors and (iii) the company’s shareholders (the Compensation Special Majority Requirement). However, if the shareholders of the company do not approve the compensation arrangement with the chief executive officer, the compensation committee and board of directors may override the shareholders’ decision if each of the compensation committee and the board of directors provide a detailed report for their decision. The approval of each of the compensation committee and the board of directors should be in accordance with the company’s compensation policy; however, in special circumstances, they may approve compensation terms of a chief executive officer that are inconsistent with such policy provided that they have considered those provisions that must be included in the compensation policy according to the Israeli Companies Law and that shareholder approval was obtained (by a special majority vote as discussed above with respect to the approval of director compensation). In addition, the compensation committee may waive the shareholder approval requirement with regards to the approval of the engagement terms of a candidate for the chief executive officer position, if the compensation committee determines that the compensation arrangement is consistent with the company’s compensation policy, and that the chief executive officer did not have a prior business relationship with the company or a controlling shareholder of the company and that subjecting the approval of the engagement to a shareholder vote would impede the company’s ability to employ the chief executive officer candidate.
 
Duties of Shareholders
 
Under the Israeli Companies Law, a shareholder has a duty to refrain from abusing its power in the company and to act in good faith and in an acceptable manner in exercising its rights and performing its obligations to the company and other shareholders, including, among other things, when voting at meetings of shareholders on the following matters:
 
 
an amendment to the articles of association;
 
 
an increase in the company’s authorized share capital;
 
 
a merger; and
 
 
the approval of related party transactions and acts of office holders that require shareholder approval.
 
A shareholder also has a general duty to refrain from discriminating against other shareholders.
 
The remedies generally available upon a breach of contract also apply to a breach of the shareholder duties mentioned above, and in the event of discrimination against other shareholders, additional remedies may be available to the injured shareholder.
 
In addition, any controlling shareholder, any shareholder that knows that its vote can determine the outcome of a shareholder vote and any shareholder that, under a company’s articles of association, has the power to appoint or prevent the appointment of an office holder, or any other power with respect to a company, is under a duty to act with fairness towards the company. The Israeli Companies Law does not describe the substance of this duty except to state that the remedies generally available upon a breach of contract also apply in the event of a breach of the duty to act with fairness, taking the shareholder’s position in the company into account.

75


Approval of Private Placements
 
Under the Israeli Companies Law and the regulations promulgated thereunder, a private placement of securities of an Israeli public company whose shares are traded solely outside of Israel does not require approval at a general meeting of the shareholders of a company; provided however, that in special circumstances, such as a private placement, which is intended to obviate the need to conduct a special tender offer or a private placement which qualifies as a related party transaction, for which approval at a general meeting of the shareholders of a company is required. See “Item 10.B. Memorandum and Articles of Association—Acquisitions under Israeli Law.”
 
However, we are subject to NYSE corporate governance requirements relating to private placements.
 
Exculpation, Insurance and Indemnification of Directors and Officers
 
Under the Israeli Companies Law, a company may not exculpate an office holder from liability for a breach of the duty of loyalty. An Israeli company may exculpate an office holder in advance from liability to the company, in whole or in part, for damages caused to the company as a result of a breach of duty of care but only if a provision authorizing such exculpation is included in its articles of association. Our amended and restated articles of association include such a provision. The company may not exculpate in advance a director from liability arising from a breach of his or her duty of care in connection with a prohibited dividend or distribution to shareholders.
 
As permitted under the Israeli Companies Law, our amended and restated articles of association provide that we may indemnify an office holder in respect of the following liabilities, payments and expenses incurred for acts performed by him or her as an office holder, either in advance of an event or following an event:
 
 
a monetary liability incurred by or imposed on the office holder in favor of another person pursuant to a court judgment, including pursuant to a settlement confirmed as judgment or arbitrator’s decision approved by a competent court. However, if an undertaking to indemnify an office holder with respect to such liability is provided in advance, then such an undertaking must be limited to events which, in the opinion of the board of directors, can be foreseen based on the company’s activities when the undertaking to indemnify is given, and to an amount or according to criteria determined by the board of directors as reasonable under the circumstances, and such undertaking shall detail the abovementioned foreseen events and amount or criteria;
 
 
reasonable litigation expenses, including reasonable attorneys’ fees, which were incurred by the office holder as a result of an investigation or proceeding filed against the office holder by an authority authorized to conduct such investigation or proceeding, provided that such investigation or proceeding was either (i) concluded without the filing of an indictment against such office holder and without the imposition on him of any monetary obligation in lieu of a criminal proceeding, (ii) concluded without the filing of an indictment against the office holder but with the imposition of a monetary obligation on the office holder in lieu of criminal proceedings for an offense that does not require proof of criminal intent or (iii) in connection with a monetary sanction;
 
 
reasonable litigation expenses, including attorneys’ fees, incurred by the office holder or which were imposed on the office holder by a court (i) in a proceeding instituted against him or her by the company, on its behalf, or by a third party, (ii) in connection with criminal indictment of which the office holder was acquitted or (iii) in a criminal indictment which the office holder was convicted of an offense that does not require proof of criminal intent;
 
 
expenses he or she incurs as a result of administrative proceedings that may be instituted against him or her under Israeli securities laws, if applicable, and payments made to injured persons under specific circumstances thereunder; and
 
 
any other matter in respect of which it is permitted or will be permitted under applicable law to indemnify an office holder in the company.
 
76


As permitted under the Israeli Companies Law, our amended and restated articles of association provide that we may insure an office holder against the following liabilities incurred for acts performed by him or her as an office holder:
 
 
a breach of the duty of loyalty to the company, provided that the office holder acted in good faith and had a reasonable basis to believe that the act would not harm the company;
 
 
a breach of duty of care to the company or to another person, to the extent such a breach arises out of the negligent conduct of the office holder;
 
 
a monetary liability imposed on the office holder in favor of a third party;
 
 
expenses he or she incurs as a result of administrative proceedings that may be instituted against him or her under the Israeli securities laws if applicable, and payments made to injured persons under specific circumstances thereunder; and

 
any other matter in respect of which it is permitted or will be permitted under applicable law to insure the liability of an office holder in the company.
 
Under the Israeli Companies Law, a company may not indemnify, exculpate or insure an office holder against any of the following:
 
 
a breach of the duty of loyalty, except for indemnification and insurance for a breach of the duty of loyalty to the company to the extent that the office holder acted in good faith and had a reasonable basis to believe that the act would not prejudice the company;

 
a breach of duty of care committed intentionally or recklessly, excluding a breach arising out of the negligent conduct of the office holder;
 
 
an act or omission committed with intent to derive illegal personal benefit; or
 
 
a fine, monetary sanction or forfeit levied against the office holder.
 
Under the Israeli Companies Law, exculpation, indemnification and insurance of office holders must be approved by the compensation committee and the board of directors and, with respect to directors or controlling shareholders, their relatives and third parties in which controlling shareholders have a personal interest, also by the shareholders.
 
Our amended and restated articles of association permit us to exculpate, indemnify and insure our office holders to the fullest extent permitted or to be permitted by law. Our office holders are currently covered by a directors’ and officers’ liability insurance policy. As of the date of this annual report, no claims for directors’ and officers’ liability insurance have been filed under this policy and we are not aware of any pending or threatened litigation or proceeding involving any of our office holders, including our directors, in which indemnification is sought.
 
We have entered into agreements with each of our current office holders exculpating them from a breach of their duty of care to us to the fullest extent permitted by law, subject to limited exceptions, and undertaking to indemnify them to the fullest extent permitted by law, subject to limited exceptions, including to the extent that these liabilities are not covered by insurance. This indemnification is limited, with respect to any monetary liability imposed in favor of a third party, to events determined as foreseeable by the board of directors based on our activities. The maximum aggregate amount of indemnification that we may pay to our office holders based on such indemnification agreement is the greater of (i) 25% of our total shareholders’ equity pursuant to our most recent financial statements as of the time of the actual payment of indemnification and (ii) $40.0 million (as may be increased from time to time by shareholders’ approval); provided, however, that in relation to indemnification claimed in connection with a public offering of our securities, the amount, if higher, shall be equal to the aggregate proceeds from the sale by the Company and/or any shareholder of the Company in connection with such public offering. Such indemnification amounts are in addition to any insurance amounts. Each office holder who agrees to receive this letter of indemnification also gives his approval to the termination of all previous letters of indemnification that we have provided to him or her in the past, if any. However, in the opinion of the SEC, indemnification of office holders for liabilities arising under the Securities Act is against public policy and therefore unenforceable.
 
77


Employment and Consulting Agreements with Executive Officers
 
We have entered into written employment or service agreements with each of our executive officers. See “Item 7.B. Related Party Transactions—Employment Agreements.”
 

D.
Employees
 
As of December 31, 2021, we had 542 employees, independent consultants and independent contractors, of which 282 were in located in Israel, 159 were located in the United States, 27 were located in the United Kingdom and approximately 74 were located across 19 other countries. Set forth below is a breakdown of our global workforce of employees, independent consultants and independent contractors by category of activity as of the dates indicated:
 
   
As of December 31,
 
   
2019
   
2020
   
2021
 
Services, support and fulfillment
   
98
     
97
     
100
 
Research and development
   
187
     
177
     
171
 
Sales and marketing
   
223
     
194
     
198
 
General and administrative
   
60
     
65
     
73
 
Total
   
568
     
533
     
542
 
 
With respect to our Israeli employees, Israeli labor laws govern the length of the workday, minimum wages for employees, procedures for hiring and dismissing employees, determination of severance pay, annual leave, sick days, advance notice of termination of employment, equal opportunity and anti-discrimination laws and other conditions of employment. Subject to certain exceptions, Israeli law generally requires severance pay upon the retirement, death or dismissal of an employee, and requires us and our employees to make payments to the National Insurance Institute, which is similar to the U.S. Social Security Administration. Our Israeli employees have pension plans that comply with the applicable Israeli legal requirements, and we make monthly contributions to severance pay funds for all Israeli employees, which cover potential severance pay obligations.
 
Extension orders issued by the Israeli Ministry of Economy and Industry (formerly the Israeli Ministry of Industry, Trade and Labor) apply to our employees in Israel and affect matters such as, living adjustments to salaries, length of working hours and week, recuperation pay, travel expenses, and pension rights. We have never experienced labor-related work stoppages or strikes and believe that our relations with our employees are satisfactory.
 

E.
Share Ownership
 
For information regarding the share ownership of our directors and executive officers, please refer to “Item 6.B. Compensation” and “Item 7.A. Major Shareholders.”

78

 
ITEM 7. MAJOR SHAREHOLDERS AND RELATED PARTY TRANSACTIONS
 

A.
Major Shareholders
 
The following table sets forth information with respect to the beneficial ownership of our shares as of February 23, 2022 by:
 
 
each person or entity known by us to own beneficially more than 5% of our outstanding shares;
 
 
each of our directors and executive officers individually; and
 
 
all of our directors and executive officers as a group.
 
The beneficial ownership of ordinary shares is determined in accordance with the rules of the SEC and generally includes any ordinary shares over which a person exercises sole or shared voting or investment power, or the right to receive the economic benefit of ownership. For purposes of the table below, we deem shares subject to options or warrants that are currently exercisable or exercisable within 60 days of February 23, 2022 to be outstanding and to be beneficially owned by the person holding the options or warrants for the purposes of computing the percentage ownership of that person but we do not treat them as outstanding for the purpose of computing the percentage ownership of any other person. The percentage of shares beneficially owned is based on 37,921,019 ordinary shares outstanding as of February 23, 2022.
 
As of February 23, 2022, we had 5 holders of record of our ordinary shares in the United States, including Cede & Co., the nominee of The Depository Trust Company. These shareholders held an aggregate of 33,996,364, or 89.7%, of our ordinary shares outstanding as of February 23, 2022. The number of record holders in the United States is not representative of the number of beneficial holders nor is it representative of where such beneficial holders are resident, since many of these ordinary shares were held by brokers or other nominees.
 
All of our shareholders, including the shareholders listed below, have the same voting rights attached to their ordinary shares. See “Item 10.B. Memorandum and Articles of Association—Voting Rights and Conversion.” Unless otherwise noted below, each shareholder’s address is Tufin Software Technologies Ltd., 5 HaShalom Road, ToHa Tower, Tel Aviv 6789205, Israel.
 
   
Shares Beneficially Owned
 
Name of Beneficial Owner
 
Number
   
%
 
Directors and Executive Officers
           
Reuven Kitov (1)
   
1,971,853
     
5.2
%
Reuven Harrison
   
1,736,191
     
4.6
%
Jack Wakileh
   
*
     
*
 
Yoram Gronich
   
*
     
*
 
Shay Dayan
   
*
     
*
 
Raymond Brancato
   
*
     
*
 
Ohad Finkelstein (2)
   
500,280
     
1.3
%
Yuval Shachar (3)
   
623,147
     
1.6
%
Yair Shamir
   
*
     
*
 
Edouard Cukierman
   
*
     
*
 
Peter Campbell
   
*
     
*
 
Dafna Gruber
   
*
     
*
 
Tom Schodorf
   
*
     
*
 
Brian Gumbel
   
*
     
*
 
All directors and executive officers as a group (14 persons) (4)
   
4,552,493
     
12.0
%
Principal Shareholders