S-1 1 d908531ds1.htm S-1 S-1
Table of Contents

As filed with the Securities and Exchange Commission on June 11, 2015.

Registration Statement No. 333-          

 

 

 

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

WASHINGTON, D.C. 20549

 

 

FORM S-1

REGISTRATION STATEMENT

UNDER

THE SECURITIES ACT OF 1933

 

 

RAPID7, INC.

(Exact name of registrant as specified in its charter)

 

 

 

Delaware 7372 35-2423994

(State or other jurisdiction of

incorporation or organization)

 

(Primary Standard Industrial

Classification Code Number)

 

(I.R.S. Employer

Identification Number)

100 Summer Street Boston, Massachusetts 02110

Tel: (617) 247-1717

(Address, including zip code, and telephone number, including area code, of registrant’s principal executive offices)

 

 

Corey Thomas

President and Chief Executive Officer

Rapid7, Inc.

100 Summer Street

Boston, Massachusetts 02110

Tel: (617) 247-1717

(Name, address, including zip code, and telephone number, including area code, of agent for service)

Copies to:

 

Nicole Brookshire, Esq.

Richard Segal, Esq.

Cooley LLP

500 Boylston Street

Boston, Massachusetts 02116

(617) 937-2300

 

Christopher Austin, Esq.

Orrick, Herrington & Sutcliffe LLP

51 West 52nd Street

New York, NY 10019

(212) 506-5000

Approximate date of commencement of proposed sale to the public: As soon as practicable after the effective date of this registration statement.

 

 

If any of the securities being registered on this Form are to be offered on a delayed or continuous basis pursuant to Rule 415 under the Securities Act of 1933, as amended, check the following box.  ¨

If this Form is filed to register additional securities for an offering pursuant to Rule 462(b) under the Securities Act, check the following box and list the Securities Act registration statement number of the earlier effective registration statement for the same offering.  ¨

If this Form is a post-effective amendment filed pursuant to Rule 462(c) under the Securities Act, check the following box and list the Securities Act registration statement number of the earlier effective registration statement for the same offering.  ¨

If this Form is a post-effective amendment filed pursuant to Rule 462(d) under the Securities Act, check the following box and list the Securities Act registration number of the earlier effective registration statement for the same offering.  ¨

 

 

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer or a smaller reporting company. See the definitions of “large accelerated filer,” “accelerated filer” and “smaller reporting company” in Rule 12b-2 of the Exchange Act.

 

Large Accelerated Filer  ¨   Accelerated Filer  ¨   Non-accelerated Filer  x   Smaller Reporting Company  ¨

 

 

CALCULATION OF REGISTRATION FEE

 

 

Title of Securities Being Registered    Proposed Maximum
Aggregate
Offering Price(1)(2)
   Amount of
Registration Fee

    Common Stock, $0.01 par value per share

   $80,000,000    $9,296

 

 

(1)

In accordance with Rule 457(o) under the Securities Act of 1933, as amended, the number of shares being registered and the proposed maximum offering price per share are not included in this table.

(2)

Estimated solely for purposes of computing the amount of the registration fee pursuant to Rule 457(o) under the Securities Act of 1933, as amended. Includes the offering price of shares that the underwriters have the option to purchase to cover over-allotments, if any.

 

 

The registrant hereby amends this Registration Statement on such date or dates as may be necessary to delay its effective date until the registrant shall file a further amendment that specifically states that this Registration Statement shall thereafter become effective in accordance with Section 8(a) of the Securities Act of 1933, as amended, or until the Registration Statement shall become effective on such date as the Securities and Exchange Commission, acting pursuant to said Section 8(a), may determine.

 

 

 


Table of Contents

The information in this prospectus is not complete and may be changed. We may not sell these securities until the registration statement filed with the Securities and Exchange Commission is effective. This prospectus is not an offer to sell these securities and we are not soliciting offers to buy these securities in any state where the offer or sale is not permitted.

 

PROSPECTUS (Subject to Completion)

Issued                 , 2015

                                         Shares

 

LOGO

COMMON STOCK

 

 

Rapid7, Inc. is offering             shares of its common stock. This is our initial public offering and no public market currently exists for our common stock. We anticipate that the initial public offering price of our common stock will be between $             and $             per share.

 

 

We have applied to list our common stock on the NASDAQ Global Market under the symbol “RPD.”

 

 

We are an “emerging growth company” under the U.S. federal securities laws and are subject to reduced public company reporting requirements. Investing in our common stock involves risks. See “Risk Factors” beginning on page 13.

 

 

PRICE $                 A SHARE

 

 

 

      

Price to
Public

      

Underwriting
Discounts and
Commission

      

Proceeds to
Rapid7, Inc.

 

Per Share

       $                 $                 $         

Total

       $                           $                           $                   

We have granted the underwriters the right to purchase up to an additional             shares of our common stock to cover over-allotments.

The Securities and Exchange Commission and state securities regulators have not approved or disapproved of these securities or determined if this prospectus is truthful or complete. Any representation to the contrary is a criminal offense.

The underwriters expect to deliver the shares of our common stock to purchasers on                 , 2015.

 

 

 

MORGAN STANLEY   BARCLAYS

 

PACIFIC CREST SECURITIES   WILLIAM BLAIR   RAYMOND JAMES   COWEN AND COMPANY

 

 

                , 2015


Table of Contents

LOGO


Table of Contents

LOGO


Table of Contents

TABLE OF CONTENTS

 

 

 

 

You should rely only on the information contained in this document and any free writing prospectus we provide to you. Neither we nor the underwriters have authorized anyone to provide any information or to make any representations other than those contained in this prospectus or in any free writing prospectuses we have prepared. We take no responsibility for, and can provide no assurance as to the reliability of, any other information that others may give you. This prospectus is an offer to sell only the shares offered hereby, but only under circumstances and in jurisdictions where it is lawful to do so. The information contained in this prospectus is current only as of its date.

Through and including                 , 2015 (25 days after the date of this prospectus), all dealers that effect transactions in our common stock, whether or not participating in this offering, may be required to deliver a prospectus. This is in addition to the dealer’s obligation to deliver a prospectus when acting as an underwriter and with respect to unsold allotments or subscriptions.

For investors outside the United States: We have not and the underwriters have not done anything that would permit this offering, or possession or distribution of this prospectus in any jurisdiction where action for that purpose is required, other than in the United States. Persons outside the United States who come into possession of this prospectus must inform themselves about, and observe any restrictions relating to, the offering of the shares of common stock and the distribution of this prospectus outside of the United States.


Table of Contents

PROSPECTUS SUMMARY

This summary highlights information contained elsewhere in this prospectus and does not contain all of the information that you should consider in making your investment decision. Before investing in our common stock, you should carefully read this entire prospectus, including our consolidated financial statements and the related notes and the information set forth under the sections titled “Risk Factors,” “Special Note Regarding Forward-Looking Statements,” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” in each case included in this prospectus. Unless the context otherwise requires, we use the terms “Rapid7,” “company,” “our,” “us,” and “we” in this prospectus to refer to Rapid7, Inc. and, where appropriate, our consolidated subsidiaries.

RAPID7, INC.

Rapid7 is a leading provider of security data and analytics solutions that enable organizations to implement an active, analytics-driven approach to cyber security. Our security data and analytics platform was purpose built for today’s increasingly complex and chaotic IT environment. We combine our extensive experience in security data and analytics and deep insight into attacker behaviors and techniques to make sense of the wealth of data available to organizations about their IT environments and users. There has been an explosion of increasingly sophisticated cyber attacks as the proliferation of mobile devices, cloud-based applications and solutions relying on user credentials has eliminated the boundaries that previously defined an organization’s network perimeter and expanded the threat surface that organizations must now defend. Our powerful and proprietary analytics enable organizations to contextualize and prioritize the threats facing their physical, virtual and cloud assets, including those posed by the behaviors of their users. Leveraging our security data and analytics platform, our solutions enable organizations to strategically and dynamically manage their cyber security exposure. Our solutions empower organizations to prevent attacks by providing visibility into vulnerabilities and to rapidly detect compromises, respond to breaches and correct the underlying causes of attacks. This balanced and analytics-focused approach ultimately better secures organizations’ environments and reduces the likelihood of, and risks associated with, cyber attacks. We believe our technology and solutions revolutionize the practice of cyber security and are central and critical to implementing a modern security program.

With our security data and analytics platform at our core, we are pioneering active, analytics-driven solutions to cyber security that enable organizations to find and eliminate critical weaknesses and detect attacks in their IT environments. Our threat exposure management offerings include our industry-leading vulnerability management products, which we enhance with deep security analytics capabilities to quickly deliver contextual risk prioritization, critical threat awareness and impactful remediation guidance. Similarly, we added analytics and automation to traditional manual penetration testing to be able to deliver robust ongoing attack simulation solutions that provide organizations with visibility into real-world threats. By providing and combining analytics and actionable insights related to both an organization’s attack surface and the dynamic threat landscape, our security data and analytics platform enables organizations to manage their threat exposure above and beyond traditional vulnerability management products on the market. Further leveraging our technology platform and analytics capabilities, we recently introduced our incident detection product to provide organizations with the ability to rapidly detect and respond to cyber security incidents and breaches. To complement our incident detection product, we also recently introduced our incident response services, which provide our customers with critical access to our security experts and experience, enabling them to accelerate incident response and containment. We also offer security advisory services that help organizations develop a holistic approach to their cyber security programs and advance their cyber security program maturity. All of our products have been designed with an intuitive user interface, focused on ease-of-use and fast time-to-value for our customers.

Cyber security has become a strategic imperative for organizations globally, driven by increased focus by boards of directors and senior management in the wake of numerous recent high profile breaches and data thefts. Organizations are increasingly at risk of being compromised, with the number of reported security incidents

 

 

1


Table of Contents

within enterprises increasing 48% in 2014 over the prior year, according to a report by PricewaterhouseCoopers LLP. There are three converging macro drivers that are changing the cyber security landscape for organizations and driving the increase in cyber breaches. First, mobile and connected devices, cloud-based applications and more open and interconnected networks have increased IT complexity, expanding the exploitable attack surface across an organization and resulting in more sources of potential vulnerability. Second, there has been a dramatic change in the tools available to cyber attackers. Attackers can now purchase highly effective and easy-to-use software at very low cost that is designed to circumvent traditional prevention-based tools, thereby lowering the bar for nearly anyone to launch advanced cyber attacks. Third, the economic motives for attackers are more compelling, with new, vibrant markets providing attackers an efficient and effective way to monetize stolen customer information and employee data.

The confluence of these factors has rendered the old model of “block and protect” prevention-based cyber security programs ineffective. These traditional “block and protect” approaches to cyber security typically rely disproportionately on network perimeter protection tools such as firewalls and antivirus software to stop attackers. However, as the network perimeter rapidly disappears, the effectiveness of these legacy solutions diminishes greatly. Further, preventative solutions are generally not able to identify or deter attacks that involve stolen or weak credentials, which are used in 76% of cyber attacks according to the 2013 Verizon Data Breach Investigations Report. When an attacker gains access to an organization’s network through compromised credentials or otherwise, the attacker can freely exploit assets within the breached environment until they are detected, which took a median of 205 days in 2014 according to a report by Mandiant. The decreasing effectiveness of a traditional prevention-focused approach to cyber security is causing a significant shift to a new model that uses an active, analytics-driven approach to reduce and manage risks to the organization. This new model disrupts the historical focus on “block and protect” solutions and balances organizations’ investments in prevention, detection and correction to reduce the likelihood of, and risks associated with, cyber attacks. Effective implementation of this new model demands data and analytics to assess the effectiveness of tools and programs, identify attacker behaviors and prioritize and remediate exposures. Rapid7 empowers organizations to better secure their dynamic IT environments by providing the security data and analytics that are at the core of a holistic and active, analytics-driven approach to cyber security.

As of March 31, 2015, we had more than 3,900 customers, including over 30% of the organizations in the Fortune 1000. We have experienced strong revenue growth with revenue increasing from $31.0 million in 2011 to $76.9 million in 2014, representing a 35% compound annual growth rate. We have strong visibility to our revenue as 53% of the revenue recognized in 2014 was recorded on our balance sheet as deferred revenue as of December 31, 2013 and 85% of the revenue recognized in the first quarter of 2015 was recorded on our balance sheet as deferred revenue as of December 31, 2014. We incurred a net loss of $32.6 million in 2014 as we continued to invest for growth given our large market opportunity.

Industry Background

Increasing Cyber Security Breaches Driven by a Rapidly Evolving and Dynamic Threat Landscape

IT professionals face a rapidly evolving and dynamic threat landscape and an increasingly fragmented mosaic of security technology vendors offering point solutions to prevent specific threats and protect against specific attack vectors. Forced to make choices and allocate budgets with limited information, IT professionals are often left feeling overwhelmed. At the same time, threats continue to escalate due to three converging macro drivers:

Increasingly Complex IT Environment is Expanding Organizations’ Attack Surfaces. IT departments are required to deliver more applications faster, often in the cloud, in order to meet growing user demands for innovation and productivity tools. As a result, it has become increasingly difficult for IT departments to secure the increasing number of systems against the growing number of known security vulnerabilities. Increasing user empowerment has also led to an increase in the number of applications and devices that individual users can

 

 

2


Table of Contents

access with their credentials, which further expands the attack surface of an organization exposed to potential cyber criminals. Firewalls and other traditional prevention-based techniques are less capable of protecting this complex and expanded attack surface, leaving IT professionals overwhelmed by new threats and looking for new technologies and ways to respond.

Weaponized Malware Evades Traditional Prevention-Based Tools and Expands the Cyber Attacker Universe. There are sophisticated software toolkits and malware that can be used to launch a cyber attack, which are readily available online for free or at a low cost. These toolkits are specifically designed to circumvent the preventative security measures typically put in place by organizations, allowing cyber criminals with rudimentary IT knowledge to launch sophisticated attacks on enterprise users and networks. With this weaponized software, cyber attacks are no longer just the domain of advanced attackers, and the number of security breaches is rapidly increasing.

A Vibrant Cyber-Crime Economy Further Incents Cyber Attackers. Economic incentives for attackers continue to become more compelling, as new and vibrant black markets for stolen data, including credit card information, email account information and healthcare information, enable attackers to efficiently and effectively monetize stolen information. This more recent dynamic has led to a proliferation of data from successful attacks being offered for sale by cyber criminals, and the formation of a lucrative and growing underground economy.

Enterprise Security Shifting from Passive “Block and Protect” to Actively-Managed Security Programs

Organizations have traditionally taken a passive approach to cyber security, relying on deploying “block and protect” security tools aimed at thwarting attackers at the perimeter of the network. However, sophisticated software-enabled technologies and techniques are increasingly used by attackers to evade prevention-based security solutions. Additionally, the explosion of cloud-based applications and mobile devices accessing enterprise data are blurring the previously rigid lines that once defined enterprise network boundaries. Without these boundaries, prevention-based tools are easily circumvented by cyber criminals. Equally problematic for today’s organizations, traditional “block and protect” solutions are ineffective against cyber attacks using compromised user credentials. Many users have administrator-level credentials on their devices to maximize their productivity, but these credentials are relatively easily stolen and can be exploited by attackers in order to gain access to an organization’s network, assets and information. Use of stolen credentials in cyber attacks is becoming a significant issue, and once an attacker has gained access to an IT system with valid credentials, most prevention-based technologies cannot identify the threat. Without knowledge of a breach, IT professionals cannot react to limit the damage and attackers may have months to explore an organization’s network and steal critical data before being detected.

In light of high profile and costly security breaches, IT professionals are increasingly focused on developing comprehensive security programs to better protect their organizations against attacks. An actively-managed approach to an organization’s cyber security program improves the program’s overall effectiveness by focusing on analytics and an understanding of risks and threats in context. This approach further assists IT professionals in allocating security budgets to the specific tools that enable organizations to process and analyze significant amounts of data in real time to quickly identify, understand and react to attacks and breaches as they occur. Through security data and analytics, organizations can recognize behavior patterns associated with breaches, even if the attack vector is completely novel. The organization can then develop and improve its cyber security programs in order to reduce its exposures and better detect and respond to compromises using a holistic approach that balances investments in prevention, detection and correction. Analytics provides the critical context and prioritization to underlying security data to facilitate effective, informed and proactive decisions that allow for the systemic and dynamic management of security programs across each of these areas. An active, analytics-driven security program can prevent attacks through increased visibility into vulnerabilities, rapidly detecting and responding to compromises and correcting the underlying causes of attacks.

 

 

3


Table of Contents

Our Market Opportunity

According to Gartner, Inc., advanced targeted attacks make prevention-centric strategies obsolete. Securing enterprises in 2020 will require a shift to information- and people-centric security strategies, combined with pervasive internal monitoring and sharing of security intelligence. Accordingly, we believe that our market opportunity is large and growing and will be positively impacted by the ongoing shift in security spending from a traditional passive, “block and protect” approach to an active, analytics-driven approach to cyber security. Gartner, Inc. estimates that by 2020, 60% of enterprise information security budgets will be allocated for rapid detection and response approaches – up from less than 10% in 2014.

Our estimate, based on International Data Corporation data, is that the overall market for security data and analytics is a $12.6 billion opportunity in 2015. Included in our estimates are all or a portion of the markets for Security and Vulnerability Management, Network Intrusion Detection and Prevention, Endpoint Security Suites and Security Services. We believe that our market opportunity will grow as organizations continue to move away from prevention-based solutions and toward analytics-driven security environments.

Benefits of Our Solutions

We are a leading provider of security data and analytics solutions that enable organizations to implement an active, analytics-driven approach to cyber security. Key benefits of our solutions include:

 

  l   

Decreased Risk of Security Breach. Our technology platform and solutions provide IT professionals with a complete view of their dynamic attack surface and automatically assess an organization’s vulnerabilities relative to the evolving threat landscape. We provide robust and relevant analytics and insight into attacker behaviors and techniques so that IT professionals are able to identify and prioritize risks effectively to reduce risks and ultimately create a more secure IT environment for their organization.

 

  l   

Enhanced Attack Preparedness. Our solutions allow our customers to test their defenses by simulating real-world attacks on their IT environments, using the same techniques and exploits as attackers. Our attack simulation solutions leverage our security data and analytics expertise as well as the insights from our community of thousands of active Metasploit users, who provide us with real-time, real-world insight into attacker behavior across the global IT attack surface.

 

  l   

Fast, Effective and Confident Intrusion Response. Our product offerings can help mitigate the impact of a breach by automatically identifying the root cause of a breach and providing clear and actionable insight into effective mitigation and correction. Our solutions provide timely, prioritized and clear analysis and instructions to IT professionals so that they can quickly, confidently and effectively respond to cyber security breaches.

 

  l   

A Continually Relevant and Effective Security Program. Our solutions are continually relevant as they evolve with, and react to, the dynamic threat landscape. Guided by our holistic approach balancing prevention, detection and correction solutions, we provide strategic, technology-agnostic guidance tailored to an organization’s security maturity and optimized to an organization’s IT environment.

Our Competitive Strengths

We have developed the following key competitive advantages that we believe will allow us to maintain a leadership position in the market for security data and analytics:

 

  l   

Automated Data Collection from the Endpoint to the Cloud. Our technology platform provides robust data collection capabilities across multiple data sources, from endpoint information, to user behaviors, to

 

 

4


Table of Contents
 

cloud activity. The platform collects data through an agentless architecture, which allows our platform to amass data from multiple sources quickly and without significant customer installation expertise.

 

  l   

Customer-Specific Security Analytics. Our technology platform collects and organizes data from each customer’s unique IT environment, which allows us to systemically and automatically profile the key risks specific to each customer.

 

  l   

Robust and Relevant Knowledge of Attacker Activity. We maintain the Metasploit open source framework, which is used to simulate attacks and test an organization’s defense against real-world threats. Our ties to the security research community through Metasploit provide us with real-time insight into new attacks and exploits. The size and accuracy of our exploit database and the speed at which our threat exposure management offerings are updated provides significant value to IT professionals looking to secure their networks in a dynamic and evolving threat environment.

 

  l   

Intuitive Product Design Focused on Speed to Insight. Our solutions are designed for ease-of-use by IT professionals, from the integration of our underlying technology platform to the clean user interface of our solutions. This enables our customers to develop actionable insights quickly and with limited training, providing them with a fast time-to-value.

 

  l   

Deep Security Domain Expertise Across Technology, Operations and People. We leverage our deep domain expertise in security data and analytics to better serve our customers, who frequently have limited ability to carry deep expertise in-house. We aim to serve as a trusted security advisor to our customers, encompassing a powerful combination of technology, services and operations expertise to support our customers’ success in managing their cyber security exposure.

 

  l   

User Behavior Analytics. Within our technology platform, our behavioral analytics tools and prioritization engine triangulate on the most important data to determine suspicious user behaviors and potentially compromised user credentials while reducing false signals and alerts. These powerful user-centric analytics allow IT professionals to make informed and proactive decisions about how to respond.

Our Growth Strategy

Our mission is to deliver security data and analytics that revolutionize the practice of cyber security. Key elements of our growth strategy include:

 

  l   

Drive New Customer Additions. We intend to continue to invest in building our global sales and go-to-market organizations, as we believe that most organizations with IT infrastructure would benefit from our products and services, regardless of size or industry.

 

  l   

Increase Customer Economics and Success. We have a dedicated customer success team focused on engagement and education to drive customer loyalty and increased purchases of our solutions. We believe that enterprise customers will increase their spending with us as they continue to shift their cyber security programs to security data and analytics-centric strategies.

 

  l   

Continue to Expand Internationally. We will continue to increase our international sales, service and support organizations to target additional sales across Europe and Asia and will also continue to expand our number of channel partners internationally.

 

  l   

Continue to Innovate with Our Products and Technology Platform. We plan to build upon our current performance and technology leadership in security data and analytics to enhance our technology platform and product capabilities.

 

 

5


Table of Contents
  l   

Serve as the Hub for Cyber Security. Our robust and comprehensive data collection capabilities, deep understanding of the attacker, analytics-driven approach and industry leadership through our Metasploit community position us to fundamentally change the way that organizations approach cyber security. We expect to continue to offer new analytics-based solutions for cyber security operations and that third-party application developers will continue to leverage our data collection and analytics capabilities.

Selected Risks Affecting Our Business

Our business is subject to numerous risks and uncertainties, including those highlighted in the section titled “Risk Factors” immediately following this prospectus summary. These risks include, among others, the following:

 

  l   

We are a rapidly growing company, which makes it difficult to evaluate our future prospects and may increase the risk that we will not be successful.

 

  l   

If we are unable to sustain our revenue growth rate, we may not achieve or maintain profitability in the future.

 

  l   

If our products or professional services fail to detect vulnerabilities or incorrectly detect vulnerabilities, or if our products contain undetected errors or defects, our brand and reputation could be harmed, which could have an adverse effect on our business and results of operations.

 

  l   

We face intense competition in our market.

 

  l   

The market for our products and professional services is new and unproven and may not grow.

 

  l   

If we do not continue to innovate and offer products and professional services that address the dynamic threat landscape, we may not remain competitive, and our revenue and operating results could suffer.

 

  l   

Our business and operations are experiencing rapid growth, and if we do not appropriately manage our future growth, or are unable to scale our systems and processes, our operating results may be negatively affected.

 

  l   

We are subject to governmental export and import controls that could impair our ability to compete in international markets or subject us to liability if we are not in compliance with applicable laws.

 

  l   

Assertions by third parties of infringement or other violations by us of their intellectual property rights, whether or not correct, could result in significant costs and harm our business and operating results.

 

  l   

Concentration of ownership among our existing directors, executive officers and holders of 5% or more of our outstanding common stock may prevent new investors from influencing significant corporate decisions.

Corporate Information

We were initially incorporated in July 2000 in Delaware. Rapid7 LLC, a limited liability company organized under the laws of the Commonwealth of Massachusetts, was formed in January 2004. In August 2004, pursuant to an exchange agreement among Rapid7 LLC and the stockholders of Rapid7, Inc., the stockholders exchanged their shares in Rapid7, Inc. for equity interests in Rapid7 LLC, after which Rapid7, Inc. was dissolved. In August 2008, Rapid7 LLC was merged with and into Rapid7 LLC, a newly-formed Delaware limited liability company. Rapid7, Inc. was reincorporated in Delaware in October 2011. In a series of transactions in November 2011, equity holders of Rapid7 LLC exchanged their equity interests in Rapid7 LLC for capital stock in Rapid7, Inc. and Rapid7 LLC became a wholly-owned subsidiary of Rapid7, Inc., which is the registrant and issuer of the shares of common stock in this offering.

 

 

6


Table of Contents

Following this offering, our directors, executive officers and holders of more than 5% of our common stock, some of whom are represented on our board of directors, together with their affiliates will beneficially own             % of the voting power of our outstanding capital stock.

Our principal executive offices are located at 100 Summer Street, Boston, Massachusetts. Our telephone number is (617) 247-1717. Our website address is www.rapid7.com. The information contained on, or that can be accessed through, our website is not incorporated by reference into this prospectus, and you should not consider any information contained on, or that can be accessed through, our website as part of this prospectus or in deciding whether to purchase our common stock.

“Rapid7,” the Rapid7 logo, and other trademarks or service marks of Rapid7, Inc. appearing in this prospectus are the property of Rapid7, Inc. This prospectus contains additional trade names, trademarks and service marks of others, which are the property of their respective owners. Solely for convenience, trademarks and trade names referred to in this prospectus may appear without the ® or TM symbols.

Implications of Being an Emerging Growth Company

We qualify as an “emerging growth company” as defined in the Jumpstart Our Business Startups Act of 2012, or the JOBS Act. An emerging growth company may take advantage of specified reduced reporting and other burdens that are otherwise applicable generally to public companies. These provisions include:

 

  l   

a requirement to have only two years of audited financial statements and only two years of related selected financial data and management’s discussion and analysis of financial condition and results of operations disclosure;

 

  l   

an exemption from the auditor attestation requirement in the assessment of our internal control over financial reporting pursuant to the Sarbanes-Oxley Act of 2002, or the Sarbanes-Oxley Act;

 

  l   

an exemption from new or revised financial accounting standards until they would apply to private companies and from compliance with any new requirements adopted by the Public Company Accounting Oversight Board requiring mandatory audit firm rotation;

 

  l   

reduced disclosure about the emerging growth company’s executive compensation arrangements; and

 

  l   

no requirement to seek nonbinding advisory votes on executive compensation or golden parachute arrangements.

We may take advantage of some or all these provisions until we are no longer an emerging growth company. We will remain an emerging growth company until the earlier to occur of (1) the last day of the fiscal year (a) following the fifth anniversary of the completion of this offering, (b) in which we have total annual gross revenues of at least $1.0 billion or (c) in which we are deemed to be a “large accelerated filer” under the rules of the U.S. Securities and Exchange Commission, which means the market value of our common stock that is held by non-affiliates exceeds $700 million as of the prior June 30th and (2) the date on which we have issued more than $1.0 billion in non-convertible debt during the prior three-year period.

We are choosing to “opt out” of the provision of the JOBS Act that permits emerging growth companies to take advantage of an extended transition period to comply with new or revised accounting standards applicable to public companies and, as a result, we will comply with new or revised accounting standards as required when they are adopted. This decision to opt out of the extended transition period is irrevocable.

We have elected to adopt certain of the reduced disclosure requirements available to emerging growth companies. As a result of these elections, the information that we provide in this prospectus may be different than the information you may receive from other public companies in which you hold equity interests. In addition, it is possible that some investors will find our common stock less attractive as a result of these elections, which may result in a less active trading market for our common stock and higher volatility in our stock price.

 

 

7


Table of Contents

THE OFFERING

 

Common stock offered by us

            shares

 

Common stock to be outstanding after this offering

            shares

 

 

Over-allotment option

We have granted the underwriters an option, exercisable for 30 days after the date of this prospectus, to purchase up to an additional             shares from us to cover over-allotments.

 

Use of proceeds

We estimate that we will receive net proceeds of approximately $         million, assuming an initial public offering price of $         per share, the midpoint of the price range set forth on the cover page of this prospectus, after deducting the underwriter discounts and commissions and estimated offering expenses payable by us. The principal purposes of this offering are to increase our financial flexibility, create a public market for our common stock, and facilitate our future access to the capital markets. We expect to use the net proceeds of this offering for working capital and other general corporate purposes. We also intend to use $         million of the net proceeds to pay all remaining outstanding principal and interest, together with a termination fee, under our term loan with Silicon Valley Bank. Further, we may use a portion of the proceeds from this offering for acquisitions or strategic investments in complementary businesses or technologies, although we do not currently have any plans for any such acquisitions or investments. These expectations are subject to change. See “Use of Proceeds” for additional information.

 

Risk factors

See “Risk Factors” and the other information included in this prospectus for a discussion of factors you should carefully consider before deciding to invest in our common stock.

 

Proposed NASDAQ Global Market symbol

“RPD”

The number of shares of our common stock that will be outstanding after this offering is based on                 shares of common stock outstanding as of March 31, 2015, and excludes:

 

  l   

4,006,962 shares of common stock issuable upon the exercise of options outstanding as of March 31, 2015, at a weighted-average exercise price of $5.44 per share;

 

  l   

200,000 shares of common stock issuable upon the exercise of warrants outstanding as of March 31, 2015, at an exercise price of $10.00 per share;

 

 

8


Table of Contents
  l   

                shares of our common stock reserved for future issuance pursuant to our 2015 Equity Incentive Plan, or 2015 Plan, which will become effective prior to the completion of this offering and will include provisions that automatically increase the number of shares of common stock reserved for issuance thereunder each year; and

 

  l   

                shares of common stock reserved for future issuance under our 2015 Employee Stock Purchase Plan, which will become effective prior to the completion of this offering and will include provisions that automatically increase the number of shares of common stock reserved for issuance thereunder each year.

Unless otherwise indicated, this prospectus reflects and assumes the following:

 

  l   

the conversion of all of our outstanding shares of our preferred stock into an aggregate of 16,382,615 shares of our common stock immediately prior to the closing of this offering;

 

  l   

                additional shares of common stock to be issued upon the conversion of all of our outstanding shares of our Series D preferred stock immediately prior to the closing of this offering pursuant to provisions of our certificate of incorporation as currently in effect, assuming an initial public offering price of $         per share, the midpoint of the price range set forth on the cover page of this prospectus, and which shares are referred to in this prospectus as the Additional Series D Conversion Shares;

 

  l   

the filing and effectiveness of our amended and restated certificate of incorporation in Delaware and the adoption of our amended and restated bylaws, each of which will occur immediately prior to the completion of this offering;

 

  l   

no exercise of outstanding options or warrants after March 31, 2015; and

 

  l   

no exercise by the underwriters of their over-allotment option to purchase additional shares of our common stock.

Additional Series D Conversion Shares

Holders of outstanding shares of our Series D preferred stock have the right to be issued additional shares of common stock upon the conversion of their shares of Series D preferred stock in an initial public offering, which we refer to as the Additional Series D Conversion Shares, regardless of the initial public offering price. The number of shares of our common stock to be issued as Additional Series D Conversion Shares depends on the initial public offering price of our common stock. Based on the assumed initial public offering price of $        per share, the midpoint of the price range set forth on the cover page of this prospectus, we will issue                  Additional Series D Conversion Shares. For illustrative purposes only, the table below shows the number of Additional Series D Conversion Shares that would be issuable at various initial public offering prices, as well as the total number shares of our common stock that would be outstanding after this offering as a result:

 

 Assumed Initial Public Offering Price ($) 

 

 Additional Series D Conversion Shares (#) 

 

Estimated Total Shares of

Common Stock
    Outstanding After this Offering (#)    

 

 

9


Table of Contents

SUMMARY CONSOLIDATED FINANCIAL AND OTHER DATA

We derived the summary consolidated statements of operations data for the years ended December 31, 2012, 2013 and 2014 from our audited consolidated financial statements included elsewhere in this prospectus. We derived the summary consolidated statement of operations data for the three months ended March 31, 2014 and 2015 and the summary consolidated balance sheet data as of March 31, 2015 from our unaudited financial statements included elsewhere in this prospectus. We have prepared the unaudited financial statements on the same basis as the audited financial statements, and the unaudited financial data include, in our opinion, all adjustments, consisting only of normal recurring adjustments, that we consider necessary for a fair presentation of our financial position and results of operations for these periods. Our historical results are not necessarily indicative of the results to be expected in the future.

When you read this summary consolidated financial data, it is important that you read it together with the historical consolidated financial statements and related notes to those statements, as well as “Selected Consolidated Financial Data” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” included elsewhere in this prospectus.

 

     Year Ended December 31,     Three Months Ended
March 31,
 
             2012                  2013                      2014                     2014                 2015      
     (in thousands, except share and per share data)  
                                       (unaudited)  

Consolidated Statements of Operations Data:

                    

Revenue:

                    

Products

     $ 29,414        $ 38,633        $ 47,030        $ 10,615        $ 13,645   

Maintenance and support

       9,727          14,017          19,016          4,145          5,799   

Professional services

       6,903          7,380          10,834          1,976          4,127   
    

 

 

     

 

 

     

 

 

     

 

 

     

 

 

 

Total revenue

  46,044      60,030      76,880      16,736      23,571   

Cost of revenue:(1)

Products

  1,691      4,048      4,557      1,239      1,546   

Maintenance and support

  2,069      3,388      4,495      988      1,210   

Professional services

  4,462      5,442      9,420      1,631      3,736   
    

 

 

     

 

 

     

 

 

     

 

 

     

 

 

 

Total cost of revenue

  8,222      12,878      18,472      3,858      6,492   

Operating expenses:(1)

Research and development

  17,820      21,411      25,570      6,120      6,414   

Sales and marketing

  23,278      31,779      49,007      11,004      13,230   

General and administrative

  9,436      12,586      12,972      3,482      4,053   
    

 

 

     

 

 

     

 

 

     

 

 

     

 

 

 

Total operating expense

  50,534      65,776      87,549      20,606      23,697   
    

 

 

     

 

 

     

 

 

     

 

 

     

 

 

 

Loss from operations

  (12,712   (18,624   (29,141   (7,728   (6,618

Interest income (expense), net

  (71   (122   (2,802   (695   (685

Other income (expense), net

  (29   43      (305   41      (305
    

 

 

     

 

 

     

 

 

     

 

 

     

 

 

 

Loss before income taxes

  (12,812   (18,703   (32,248   (8,382   (7,608

Provision for (benefit from) income taxes

  (418   170      379      96      74   
    

 

 

     

 

 

     

 

 

     

 

 

     

 

 

 

Net loss

  (12,394   (18,873   (32,627   (8,478   (7,682

Accretion of preferred stock to redemption value(2)

  (25,606   (33,553   (52,336   (12,178   (11,273
    

 

 

     

 

 

     

 

 

     

 

 

     

 

 

 

Net loss attributable to common stockholders

$ (38,000 $ (52,426 $ (84,963 $ (20,656 $ (18,955
    

 

 

     

 

 

     

 

 

     

 

 

     

 

 

 
Net loss per share attributable to common stockholders, basic and diluted(2) $ (3.09 $ (4.18 $ (6.65 $ (1.62 $ (1.50
    

 

 

     

 

 

     

 

 

     

 

 

     

 

 

 
Weighted-average common shares outstanding, basic and diluted   12,308,428      12,549,266      12,770,916      12,716,675      12,642,188   
Pro forma net loss per share attributable to common stockholders, basic and diluted(3) $      $      $      $      $     
    

 

 

     

 

 

     

 

 

     

 

 

     

 

 

 
Pro forma weighted-average common shares outstanding, basic and diluted(3)

 

 

10


Table of Contents

 

  (1) Includes stock-based compensation expense and depreciation and amortization expense as follows:

 

     Year Ended December 31,      Three Months Ended
March 31,
 
           2012                  2013                  2014                  2014                  2015        
     (in thousands)  
                          (unaudited)  

Stock-based compensation expense:

              

Cost of revenue

   $ 61       $         67       $         167       $         39       $         49   

Research and development

     375         426         499         120         144   

Sales and marketing

     293         249         496         119         115   

General and administrative

     991         1,305         997         250         267   
  

 

 

    

 

 

    

 

 

    

 

 

    

 

 

 

Total stock-based compensation expense

   $ 1,720       $ 2,047       $ 2,159       $ 528       $ 575   
  

 

 

    

 

 

    

 

 

    

 

 

    

 

 

 

Depreciation and amortization expense:

              

Cost of revenue

   $ 547       $ 1,107       $ 1,275       $ 291       $ 352   

Research and development

     406         649         1,093         217         241   

Sales and marketing

     444         675         1,396         294         371   

General and administrative

     132         200         376         76         170   
  

 

 

    

 

 

    

 

 

    

 

 

    

 

 

 

Total depreciation and amortization expense

   $         1,529       $ 2,631       $ 4,140       $ 878       $ 1,134   
  

 

 

    

 

 

    

 

 

    

 

 

    

 

 

 

 

  (2)

See Note (11) to our consolidated financial statements appearing elsewhere in this prospectus for further details on the calculation of accretion of preferred stock to redemption value and basic and diluted net loss per share attributable to common stockholders.

 

  (3)

Pro forma basic and diluted net loss per share represents net loss divided by the pro forma weighted-average shares of common stock outstanding. Pro forma weighted-average shares outstanding reflects the conversion of all outstanding shares of preferred stock (using the if-converted method) into common stock as though the conversion had occurred on the first day of the relevant period.

 

     As of March 31, 2015  
     Actual     Pro
forma(1)
         Pro forma as    
adjusted(2)(3)
 
     (in thousands)  
     (unaudited)  

Consolidated Balance Sheet Data:

       

Cash

   $         33,343      $                    $                

Working capital, excluding deferred revenue

     45,927        

Total assets

     79,382        

Total deferred revenue

     88,643        

Total debt

     17,009        

Total liabilities

     121,345        

Redeemable convertible preferred stock

     222,871        

Accumulated deficit

     (261,435     

Total stockholders’ (deficit) equity

     (264,834     

 

 

(1) Pro forma consolidated balance sheet data reflects the automatic conversion of all outstanding shares of preferred stock into common stock immediately prior to the closing of this offering, including the Additional Series D Conversion Shares. See “Prospectus Summary—The Offering” for a description of the Additional Series D Conversion Shares as the number of Additional Series D Conversion Shares that will be issued depends on the initial public offering price of our common stock.

(2) Pro forma as adjusted consolidated balance sheet data reflects the pro forma items described immediately above plus our sale of                 shares of common stock in this offering at an assumed initial public offering price of $         per share, the midpoint of the price range set forth on the cover page of this prospectus, after deducting underwriting discounts and commissions and estimated offering expenses payable by us.

 

 

11


Table of Contents

(3) Pro forma as adjusted consolidated balance sheet data is illustrative only and will change based on the actual initial public offering price and other terms of this offering determined at pricing. Each $1.00 increase or decrease in the assumed initial public offering price of $         per share, the midpoint of the price range set forth on the cover page of this prospectus, would increase or decrease pro forma as adjusted cash, total assets and total stockholders’ (deficit) equity by approximately $            , assuming that the number of shares offered by us, as set forth on the cover page of this prospectus, remains the same, and after deducting underwriting discounts and commissions payable by us. We may also increase or decrease the number of shares we are offering. Each 1,000,000 share increase or decrease in the number of shares offered by us would increase or decrease pro forma as adjusted cash, total assets and total stockholders’ (deficit) equity by approximately $         million, assuming that the assumed initial public offering price remains the same, and after deducting underwriting discounts and commissions payable by us.

Key Metrics

We regularly monitor a number of financial and operating metrics in order to measure our current performance and estimate our future performance. For a description of how we calculate these financial and operating metrics as well as their uses, see “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Key Metrics.”

 

    Year End December 31,     Three Months Ended
March 31,
 
    2012     2013     2014     2014     2015  
    (dollars in thousands)  
                                        (unaudited)  

Total revenue

  $          46,044      $          60,030      $          76,880      $          16,736      $          23,571   

Year-over-year growth

      49       30       28       23       41

Operating cash flow

  $          (691   $          (613   $          (3,356   $          (2,139   $          (3,012

Deferred revenue

  $          44,728      $          59,855      $          85,056      $          61,137      $          88,643   

Number of customers

      2,255          2,733          3,733          2,860          3,902   

 

 

12


Table of Contents

RISK FACTORS

Investing in our common stock involves a high degree of risk. You should consider carefully the risks and uncertainties described below, together with all of the other information in this prospectus, including our consolidated financial statements and related notes, before deciding whether to purchase shares of our common stock. If any of the following risks is realized, our business, financial condition, results of operations and prospects could be materially and adversely affected. In that event, the price of our common stock could decline, and you could lose part or all of your investment.

Risks Related to Our Business and Industry

We are a rapidly growing company, which makes it difficult to evaluate our future prospects and may increase the risk that we will not be successful.

We are a rapidly growing company. Our ability to forecast our future operating results is subject to a number of uncertainties, including our ability to plan for and model future growth. We have encountered and will continue to encounter risks and uncertainties frequently experienced by growing companies in rapidly evolving industries. If our assumptions regarding these uncertainties, which we use to plan our business, are incorrect or change in reaction to changes in our markets, or if we do not address these risks successfully, our operating and financial results could differ materially from our expectations, our business could suffer and the trading price of our stock may decline.

If we are unable to sustain our revenue growth rate, we may not achieve or maintain profitability in the future.

From the year ended December 31, 2011 to the year ended December 31, 2014, our revenue grew from $31.0 million to $76.9 million, which represents a compounded annual growth rate of approximately 35%. Although we have experienced rapid growth historically and currently have high renewal rates, we may not continue to grow as rapidly in the future and our renewal rates may decline. Any success that we may experience in the future will depend in large part on our ability to, among other things:

 

  l   

maintain and expand our customer base;

 

  l   

increase revenues from existing customers through increased or broader use of our products and professional services within their organizations;

 

  l   

improve the performance and capabilities of our products through research and development;

 

  l   

continue to develop our cloud-based solutions;

 

  l   

maintain the rate at which customers purchase our content subscriptions and maintenance and support;

 

  l   

continue to successfully expand our business domestically and internationally; and

 

  l   

successfully compete with other companies.

If we are unable to maintain consistent revenue or revenue growth, our stock price could be volatile, and it may be difficult to achieve and maintain profitability. You should not rely on our revenue for any prior quarterly or annual periods as any indication of our future revenue or revenue growth.

 

13


Table of Contents

We have not been profitable historically and may not achieve or maintain profitability in the future.

We have posted a net loss in each year since inception, including net losses of approximately $12.4 million in 2012, $18.9 million in 2013, $32.6 million in 2014 and $7.7 million in the three months ended March 31, 2015. As of March 31, 2015, we had an accumulated deficit of $261.4 million. While we have experienced significant revenue growth in recent periods, we are not certain whether or when we will obtain a high enough volume of sales of our products and professional services to sustain or increase our growth or achieve or maintain profitability in the future. We also expect our costs to increase in future periods, which could negatively affect our future operating results if our revenue does not increase. In particular, we expect to continue to expend substantial financial and other resources on:

 

  l   

research and development related to our offerings, including investments in our research and development team;

 

  l   

sales and marketing, including a significant expansion of our sales organization, both domestically and internationally;

 

  l   

continued international expansion of our business;

 

  l   

expansion of our professional services organization; and

 

  l   

general administration expenses, including legal and accounting expenses related to being a public company.

These investments may not result in increased revenue or growth in our business. If we are unable to increase our revenue at a rate sufficient to offset the expected increase in our costs, our business, financial position and results of operations will be harmed, and we may not be able to achieve or maintain profitability over the long term. Additionally, we may encounter unforeseen operating expenses, difficulties, complications, delays and other unknown factors that may result in losses in future periods. If our revenue growth does not meet our expectations in future periods, our financial performance may be harmed, and we may not achieve or maintain profitability in the future.

If our products or professional services fail to detect vulnerabilities or incorrectly detect vulnerabilities, or if our products contain undetected errors or defects, our brand and reputation could be harmed, which could have an adverse effect on our business and results of operations.

If our products or professional services fail to detect vulnerabilities in our customers’ cyber security infrastructure, or if our products or professional services fail to identify and respond to new and increasingly complex methods of cyber attacks, our business and reputation may suffer. There is no guarantee that our products or professional services will detect all vulnerabilities, especially in light of the rapidly changing security landscape to which we must respond. Additionally, our products may falsely detect vulnerabilities or threats that do not actually exist. For example, our Metasploit offering relies on information provided by an active community of more than 45,000 security researchers as of April 2015, who contribute new exploits, attacks and vulnerabilities. If the information from these third parties is inaccurate, the potential for false indications of security vulnerabilities increases. These false positives, while typical in the industry, may impair the perceived reliability of our offerings and may therefore adversely impact market acceptance of our products and professional services and could result in negative publicity, loss of customers and sales and increased costs to remedy any problem.

Our products may also contain undetected errors or defects when first introduced or as new versions are released. We have experienced these errors or defects in the past in connection with new products and product upgrades and we expect that these errors or defects will be found from time to time in the future in new or enhanced products after commercial release. Defects may cause our products to be vulnerable to attacks, cause them to fail

 

14


Table of Contents

to detect vulnerabilities, or temporarily interrupt customers’ networking traffic. Any errors, defects, disruptions in service or other performance problems with our products may damage our customers’ business and could hurt our reputation. If our products or professional services fail to detect vulnerabilities for any reason, we may incur significant costs, the attention of our key personnel could be diverted, our customers may delay or withhold payment to us or elect not to renew or other significant customer relations problems may arise. We may also be subject to liability claims for damages related to errors or defects in our products. A material liability claim or other occurrence that harms our reputation or decreases market acceptance of our products may harm our business and operating results.

An actual or perceived security breach or theft of the sensitive data of one of our customers, regardless of whether the breach is attributable to the failure of our products or professional services, could adversely affect the market’s perception of our offerings and subject us to legal claims.

We face intense competition in our market.

The market for cyber security solutions is highly fragmented, intensely competitive and constantly evolving. We compete with an array of established and emerging security software and services vendors. With the introduction of new technologies and market entrants, we expect the competitive environment to remain intense going forward. Our competitors include: vulnerability management and assessment vendors, including Qualys and Tenable Network Security; diversified security software and services vendors, including McAfee (a subsidiary of Intel), IBM and HP; security services specialists, including Mandiant (a subsidiary of FireEye); and providers of point solutions that compete with some of the features present in our solutions.

Some of our actual and potential competitors have advantages over us, such as longer operating histories, significantly greater financial, technical, marketing or other resources, stronger brand and business user recognition, larger intellectual property portfolios and broader global distribution and presence. In addition, our industry is evolving rapidly and is becoming increasingly competitive. Larger and more established companies may focus on cyber security and could directly compete with us. Smaller companies could also launch new products and services that we do not offer and that could gain market acceptance quickly.

Our competitors may be able to respond more quickly and effectively than we can to new or changing opportunities, technologies, standards or customer requirements. With the introduction of new technologies, the evolution of our offerings and new market entrants, we expect competition to intensify in the future. In addition, some of our larger competitors have substantially broader product offerings and can bundle competing products and services with other software offerings. As a result, customers may choose a bundled product offering from our competitors, even if individual products have more limited functionality than our solutions. These competitors may also offer their products at a lower price as part of this larger sale, which could increase pricing pressure on our offerings and cause the average sales price for our offerings to decline. These larger competitors are also often in a better position to withstand any significant reduction in capital spending, and will therefore not be as susceptible to economic downturns.

Furthermore, our current and potential competitors may establish cooperative relationships among themselves or with third parties that may further enhance their resources and product and services offerings in the markets we address. In addition, current or potential competitors may be acquired by third parties with greater available resources. As a result of such relationships and acquisitions, our current or potential competitors might be able to adapt more quickly to new technologies and customer needs, devote greater resources to the promotion or sale of their products and services, initiate or withstand substantial price competition, take advantage of other opportunities more readily or develop and expand their product and service offerings more quickly than we do. For all of these reasons, we may not be able to compete successfully against our current or future competitors.

 

15


Table of Contents

The market for our products and professional services is new and unproven and may not grow.

We believe our future success will depend in large part on the growth, if any, in the market for cyber security data and analytics. This market is nascent, and as such, it is difficult to predict important market trends, including the potential growth, if any. To date, the majority of enterprise spend on cyber security has been on threat protection products, such as network, endpoint and web security that are designed to stop threats from penetrating corporate networks. Organizations that use these security products may believe that their existing security solutions sufficiently protect access to their sensitive business data. Therefore, they may continue allocating their cyber security budgets to these products and may not adopt our products and professional services in addition to, or in lieu of, such traditional products. Further, sophisticated cyber attackers are skilled at adapting to new technologies and developing new methods of gaining access to organizations’ sensitive business data, and changes in the nature of advanced cyber threats could result in a shift in IT budgets away from products and professional services such as ours. In addition, while recent high visibility attacks on prominent enterprises and governments have increased market awareness of the problem of cyber attacks, if cyber attacks were to decline, or enterprises or governments perceived that the general level of cyber attacks have declined, our ability to attract new customers and expand our sale to existing customers could be materially and adversely affected. If products and professional services such as ours are not viewed by organizations as necessary, or if customers do not recognize the benefit of our offerings as a critical layer of an effective cyber security strategy, our revenue may not grow as quickly as expected, or may decline, and the trading price of our stock could suffer. It is therefore difficult to predict how large the market will be for our solutions.

In addition, it is difficult to predict customer adoption and renewal rates, customer demand for our products and professional services, the size and growth rate of the market for cyber security data analytics, the entry of competitive products or the success of existing competitive products. Any expansion in our market depends on a number of factors, including the cost, performance and perceived value associated with our offerings and those of our competitors. If these offerings do not achieve widespread adoption or there is a reduction in demand for solutions in our market caused by a lack of customer acceptance, technological challenges, competing technologies and products, decreases in corporate spending, weakening economic conditions, or otherwise, it could result in reduced customer orders, early terminations, reduced renewal rates or decreased revenue, any of which would adversely affect our business operations and financial results. You should consider our business and prospects in light of the risks and difficulties we encounter in this new and unproven market.

Forecasts of our market and market growth may prove to be inaccurate, and even if the markets in which we compete achieve the forecasted growth, there can be no assurance that our business will grow at similar rates, or at all.

Growth forecasts included in this prospectus relating to our market opportunity and the expected growth in the market for information and data security analytics are subject to significant uncertainty and are based on assumptions and estimates which may prove to be inaccurate. Even if these markets meet our size estimates and experience the forecasted growth, we may not grow our business at similar rates, or at all. Our growth is subject to many factors, including our success in implementing our business strategy, which is subject to many risks and uncertainties. Accordingly, the forecasts of market growth included in this prospectus should not be taken as indicative of our future growth.

Organizations may be reluctant to purchase cyber security data analytics offerings that are cloud-based due to the actual or perceived vulnerability of cloud solutions.

Some organizations have been reluctant to use cloud solutions for cyber security, such as UserInsight, because they have concerns regarding the risks associated with the reliability or security of the technology delivery model associated with this solution. If we or other cloud service providers experience security incidents, breaches of customer data, disruptions in service delivery or other problems, the market for cloud solutions as a whole may be negatively impacted.

 

16


Table of Contents

If we do not continue to innovate and offer products and professional services that address the dynamic threat landscape, we may not remain competitive, and our revenue and operating results could suffer.

The cyber security market is characterized by rapid technological advances, changes in customer requirements, frequent new product introductions and enhancements and evolving industry standards. Our success also depends on continued innovation to provide features that make our products and professional services responsive to the dynamic threat landscape. While we continue to invest significant resources in research and development in order to ensure that our products continue to address the cyber security risks that our customers face, the introduction of products and services embodying new technologies could render our existing products or services obsolete or less attractive to customers. In addition, developing new products and product enhancements is expensive and time consuming, and there is no assurance that such activities will result in significant cost savings, revenue or other expected benefits. If we spend significant time and effort on research and development and are unable to generate an adequate return on our investment, our business and results of operations may be materially and adversely affected. Further, we may not be able to successfully anticipate or adapt to changing technology or customer requirements or the dynamic threat landscape on a timely basis, or at all.

To date, we have derived a substantial majority of our revenue from customers using our threat exposure management offerings. If we are unable to renew or increase sales of our threat exposure management offerings, or if we are unable to increase sales of our other offerings, our business and operating results could be adversely affected.

Although we have recently introduced new products and professional services, we derive and expect to continue to derive a substantial majority of our revenue from customers using certain of our threat exposure management offerings, Nexpose and Metasploit. Approximately two-thirds of our revenue was attributable to Nexpose in each of the last three fiscal years. As a result, our operating results could suffer due to:

 

  l   

any decline in demand for our threat exposure management offerings;

 

  l   

failure of our threat exposure management offerings to detect vulnerabilities in our customers’ IT environments;

 

  l   

the introduction of products and technologies that serve as a replacement or substitute for, or represent an improvement over, our threat exposure management offerings;

 

  l   

technological innovations or new standards that our threat exposure management offerings do not address;

 

  l   

sensitivity to current or future prices offered by us or competing solutions; and

 

  l   

our inability to release enhanced versions of our threat exposure management offerings on a timely basis in response to the dynamic threat landscape.

Our inability to renew or increase sales of our threat exposure management offerings, including content subscriptions and maintenance and support, or a decline in prices of our threat exposure management offerings would harm our business and operating results more seriously than if we derived significant revenues from a variety of offerings. For example, our sales and marketing of our UserInsight product for incident detection and response is relatively new, and it is uncertain whether UserInsight will gain market acceptance. We are also investing heavily in the expansion of our security advisory services offerings, which we believe will help drive demand for our other products in addition to being a stand-alone service. Any factor adversely affecting sales of our products or professional services, including release cycles, market acceptance, competition, performance and reliability, reputation and economic and market conditions, could adversely affect our business and operating results.

 

17


Table of Contents

If Metasploit were to be used by attackers to exploit vulnerabilities in the cyber security infrastructures of third parties, our reputation and business could be harmed.

Although Metasploit is a penetration testing tool that is intended to allow organizations to test the effectiveness of their cyber security programs, Metasploit also has the potential to be used to exploit vulnerabilities in the cyber security infrastructures of third parties. There is no guarantee that Metasploit will only be used defensively or for research purposes, and any actual or perceived security breach or theft of sensitive data in which Metasploit is believed to have been used could adversely affect perception of, and demand for, our offerings. Further, to the extent that the identification of new exploits and vulnerabilities by the Metasploit community enhances the knowledge base of cyber attackers or enables them to undertake new forms of attacks, we could suffer negative publicity and loss of customers and sales, as well as possible legal claims.

A component of our growth strategy is dependent on our continued international expansion, which adds complexity to our operations.

We market and sell our products and professional services throughout the world and have personnel in many parts of the world. For the year ended December 31, 2014, international operations generated 12% of our revenue. Our growth strategy is dependent, in part, on our continued international expansion. We expect to conduct a significant amount of our business with organizations that are located outside the United States, particularly in Europe and Asia. We cannot assure you that our expansion efforts into international markets will be successful in creating further demand for our products and professional services outside of the United States or in effectively selling our products and professional services in the international markets that we enter. Our current international operations and future initiatives will involve a variety of risks, including:

 

  l   

foreign currency exchange fluctuations;

 

  l   

trade and foreign exchange restrictions;

 

  l   

economic or political instability in foreign markets;

 

  l   

greater difficulty in enforcing contracts, accounts receivable collection and longer collection periods;

 

  l   

changes in regulatory requirements, including, but not limited to data privacy, data protection and data security regulations;

 

  l   

difficulties and costs of staffing and managing foreign operations;

 

  l   

the uncertainty and limitation of protection for intellectual property rights in some countries;

 

  l   

costs of compliance with foreign laws and regulations and the risks and costs of non-compliance with such laws and regulations;

 

  l   

costs of compliance with U.S. laws and regulations for foreign operations, including the Foreign Corrupt Practices Act, import and export control laws, tariffs, trade barriers, economic sanctions and other regulatory or contractual limitations on our ability to sell or provide our solutions in certain foreign markets, and the risks and costs of non-compliance;

 

  l   

heightened risks of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of, and irregularities in, financial statements;

 

  l   

the potential for political unrest, acts of terrorism, hostilities or war;

 

18


Table of Contents
  l   

management communication and integration problems resulting from cultural differences and geographic dispersion;

 

  l   

costs associated with language localization of our products; and

 

  l   

costs of compliance with multiple and possibly overlapping tax structures.

Our business, including the sales of our products and professional services by us and our channel partners, may be subject to foreign governmental regulations, which vary substantially from country to country and change from time to time. Our failure, or the failure by our channel partners, to comply with these regulations could adversely affect our business. Further, in many foreign countries it is common for others to engage in business practices that are prohibited by our internal policies and procedures or U.S. regulations applicable to us. Although we have implemented policies and procedures designed to comply with these laws and policies, there can be no assurance that our employees, contractors, channel partners and agents have complied, or will comply, with these laws and policies. Violations of laws or key control policies by our employees, contractors, channel partners or agents could result in delays in revenue recognition, financial reporting misstatements, fines, penalties or the prohibition of the importation or exportation of our products and could have a material adverse effect on our business and results of operations. If we are unable to successfully manage the challenges of international expansion and operations, our business and operating results could be adversely affected.

As a cyber security provider, we are a target of cyber attacks that could adversely impact our reputation and operating results.

We sell cyber security and data analytics products. As a result, we have been and will be a target of cyber attacks designed to impede the performance of our products, penetrate our network security or the security of our cloud platform or our internal systems, or that of our customers, misappropriate proprietary information and/or cause interruptions to our services. For example, because Metasploit serves as an introduction to hacking for many individuals, a successful cyber attack on us may be perceived as a victory for a cyber attacker, thereby increasing the likelihood that we may be a target for attack even absent a financial motive. Further, if our systems are breached, attackers could learn critical information about how our products operate to help protect our customers’ IT infrastructures from cyber risk, thereby making our customers more vulnerable to cyber attacks. In addition, if actual or perceived breaches of our network security occur, they could adversely affect the market perception of our products, negatively affecting our reputation, and may expose us to the loss of our proprietary information or information belonging to our customers, investigations or litigation and possible liability, including injunctive relief and monetary damages. Such security breaches could also divert the efforts of our technical and management personnel. In addition, such security breaches could impair our ability to operate our business and provide products to our customers. If this happens, our reputation could be harmed, our revenue could decline and our business could suffer.

We are dependent on the continued services and performance of our senior management and other key employees, as well as on our ability to successfully hire, train, manage and retain qualified personnel, especially those in sales and marketing and research and development.

Our future performance depends on the continued services and contributions of our senior management, particularly Corey Thomas, our President and Chief Executive Officer, and other key employees to execute on our business plan and to identify and pursue new opportunities and product innovations. We maintain key man insurance on Mr. Thomas, but do not do so for any of our other executive officers or key employees. From time to time, there may be changes in our senior management team resulting from the termination or departure of our executive officers and key employees. Our senior management and key employees are generally employed on an at-will basis, which means that they could terminate their employment with us at any time. The loss of the services of our senior management, particularly Mr. Thomas, or other key employees for any reason could significantly delay or prevent our development or the achievement of our strategic objectives and harm our business, financial condition and results of operations.

 

19


Table of Contents

Our ability to successfully pursue our growth strategy will also depend on our ability to attract, motivate and retain our personnel, especially those in sales and marketing and research and development. We face intense competition for these employees from numerous technology, software and other companies, especially in certain geographic areas in which we operate, and we cannot ensure that we will be able to attract, motivate and/or retain additional qualified employees in the future. If we are unable to attract new employees and retain our current employees, we may not be able to adequately develop and maintain new products or professional services or market our existing products or professional services at the same levels as our competitors and we may, therefore, lose customers and market share. Our failure to attract and retain personnel, especially those in sales and marketing and research and development positions for which we have historically had a high turnover rate, could have an adverse effect on our ability to execute our business objectives and, as a result, our ability to compete could decrease, our operating results could suffer and our revenue could decrease. Even if we are able to identify and recruit a sufficient number of new hires, these new hires will require significant training before they achieve full productivity and they may not become productive as quickly as we would like or at all.

Our business and operations are experiencing rapid growth, and if we do not appropriately manage our future growth, or are unable to scale our systems and processes, our operating results may be negatively affected.

We are a rapidly growing company. To manage future growth effectively, and in connection with our transition to being a public company, we will need to continue to improve and expand our internal information technology systems, financial infrastructure, and operating and administrative systems and controls, which we may not be able to do efficiently, in a timely manner or at all. Any future growth would add complexity to our organization and require effective coordination across our organization. Failure to manage any future growth effectively could result in increased costs, harm our results of operations and lead to investors losing confidence in our internal systems and processes.

Our quarterly operating results may vary from period to period, which could result in our failure to meet expectations with respect to operating results and cause the trading price of our stock to decline.

Our operating results have historically varied from period to period, and we expect that they will continue to do so as a result of a number of factors, many of which are outside of our control, including:

 

  l   

the level of demand for our products and professional services;

 

  l   

customer renewal rates;

 

  l   

the extent to which customers purchase additional products, including content subscriptions and maintenance and support related to our Nexpose, Metasploit and AppSpider products, or professional services;

 

  l   

the level of perceived threats to organizations’ cyber security;

 

  l   

network outages, security breaches, technical difficulties or interruptions with our products;

 

  l   

changes in the growth rate of the markets in which we compete;

 

  l   

the announcement or adoption of new regulations and policy mandates or changes to existing regulations and policy mandates;

 

  l   

the timing and success of new product or professional service introductions by us or our competitors or any other changes in the competitive landscape of our industry, including consolidation among our competitors;

 

  l   

the introduction or adoption of new technologies that compete with our offerings;

 

20


Table of Contents
  l   

the mix of our products and professional services sold during a period;

 

  l   

decisions by potential customers to purchase cyber security products or services from other vendors;

 

  l   

the amount and timing of operating costs and capital expenditures related to the operations and expansion of our business;

 

  l   

the timing of sales commissions relative to the recognition of revenue and the timing of revenue recognition generally;

 

  l   

price competition;

 

  l   

our ability to successfully manage any future acquisitions of businesses, including without limitation the timing of expenses and potential future charges for impairment of goodwill from acquired companies;

 

  l   

our ability to increase, retain and incentivize the channel partners that market and sell our products and professional services;

 

  l   

our continued international expansion and associated exposure to changes in foreign currency exchange rates;

 

  l   

the amount and timing of operating expenses related to the maintenance and expansion of our business, operations and infrastructure;

 

  l   

unforeseen litigation and intellectual property infringement;

 

  l   

the announcement or adoption of new regulations and policy mandates or changes to existing regulations and policy mandates;

 

  l   

the strength of regional, national and global economies;

 

  l   

the impact of natural disasters or manmade problems such as terrorism; and

 

  l   

future accounting pronouncements or changes in our accounting policies.

Each factor above or discussed elsewhere in this prospectus or the cumulative effect of some of these factors may result in fluctuations in our operating results. This variability and unpredictability could result in our failure to meet expectations with respect to operating results, or those of securities analysts or investors, for a particular period. If we fail to meet or exceed expectations for our operating results for these or any other reasons, the market price of our stock could fall and we could face costly lawsuits, including securities class action suits.

We recognize substantially all of our revenue ratably over the term of our agreements with customers and, as a result, downturns or upturns in sales may not be immediately reflected in our operating results.

We recognize substantially all of our revenue ratably over the terms of our agreements with customers, which generally occurs over a one to three-year period. As a result, a substantial portion of the revenue that we report in each period will be derived from the recognition of deferred revenue relating to agreements entered into during previous periods. Consequently, a decline in new sales or renewals in any one period may not be immediately reflected in our revenue results for that period. This decline, however, will negatively affect our revenue in future periods. Accordingly, the effect of significant downturns in sales and market acceptance of our products and potential changes in our rate of renewals may not be fully reflected in our results of operations until future periods. Our model also makes it difficult for us to rapidly increase our revenue through additional sales in any period, as revenue from new customers generally will be recognized over the term of the applicable agreement.

 

21


Table of Contents

We also intend to increase our investment in research and development, sales and marketing, and general and administrative functions and other areas to grow our business. We are likely to recognize the costs associated with these increased investments earlier than some of the anticipated benefits and the return on these investments may be lower, or may develop more slowly, than we expect, which could adversely affect our operating results.

We may be unable to rapidly and efficiently adjust our cost structure in response to significant revenue declines, which could adversely affect our operating results.

Our brand, reputation and ability to attract, retain and serve our customers are dependent in part upon the reliable performance of our products and network infrastructure.

Our brand, reputation and ability to attract, retain and serve our customers are dependent in part upon the reliable performance of our products and network infrastructure. We have experienced, and may in the future experience, disruptions, outages and other performance problems due to a variety of factors, including infrastructure changes, human or software errors, capacity constraints and fraud or security attacks. In some instances, we may not be able to identify the cause or causes of these performance problems within an acceptable period of time.

We utilize third-party data centers located in Boston, Massachusetts, in addition to operating and maintaining certain elements of our own network infrastructure. We also utilize Amazon Web Services for our UserInsight infrastructure. Some elements of this complex system are operated by third parties that we do not control and that could require significant time to replace. We expect this dependence on third parties to continue. More specifically, certain of our products, in particular our Nexpose managed service and UserInsight products, are hosted on Amazon Web Services, which provides us with computing and storage capacity. Interruptions in our systems or the third-party systems on which we rely, whether due to system failures, computer viruses, physical or electronic break-ins, or other factors, could affect the security or availability of our products, network infrastructure and website.

Prolonged delays or unforeseen difficulties in connection with adding capacity or upgrading our network architecture when required may cause our service quality to suffer. Problems with the reliability or security of our systems could harm our reputation. Damage to our reputation and the cost of remedying these problems could negatively affect our business, financial condition, and operating results.

Additionally, our existing data center facilities and third-party hosting providers have no obligations to renew their agreements with us on commercially reasonable terms or at all, and certain of the agreements governing these relationships may be terminated by either party at any time. If we are unable to maintain or renew our agreements with these providers on commercially reasonable terms or if in the future we add additional data center facilities or third-party hosting providers, we may experience costs or downtime as we transition our operations.

Any disruptions or other performance problems with our products could harm our reputation and business and may damage our customers’ businesses. Interruptions in our service delivery might reduce our revenue, cause us to issue credits to customers, subject us to potential liability and cause customers to not renew their purchases or our products.

If we fail to manage our operations infrastructure, our customers may experience service outages and/or delays.

Our future growth is dependent upon our ability to continue to meet the expanding needs of our customers and to attract new customers. As existing customers gain more experience with our products, they may broaden their reliance on our products, which will require that we expand our operations infrastructure. We also seek to maintain excess capacity in our operations infrastructure to facilitate the rapid provision of new customer deployments. In addition, we need to properly manage our technological operations infrastructure in order to

 

22


Table of Contents

support changes in hardware and software parameters and the evolution of our products, all of which require significant lead time. If we do not accurately predict our infrastructure requirements, our existing customers may experience service outages that may subject us to financial penalties, financial liabilities and customer losses. If our operations infrastructure fails to keep pace with increased sales, customers may experience delays as we seek to obtain additional capacity, which could adversely affect our reputation and our revenue.

If our products fail to help our customers achieve and maintain compliance with regulations and/or industry standards, our revenue and operating results could be harmed.

We generate a portion of our revenue from our threat exposure management offerings that help organizations achieve and maintain compliance with regulations and industry standards both domestically and internationally. For example, many of our customers subscribe to our threat exposure management offerings to help them comply with the security standards developed and maintained by the Payment Card Industry Security Standards Council, or the PCI Council, which apply to companies that process, transmit or store cardholder data. In addition, our threat exposure management offerings are used by customers in the health care industry to help them comply with numerous federal and state laws and regulations related to patient privacy. In particular, the Health Insurance Portability and Accountability Act of 1996, or HIPAA, and the 2009 Health Information Technology for Economic and Clinical Health Act include privacy standards that protect individual privacy by limiting the uses and disclosures of individually identifiable health information and implementing data security standards. The foregoing and other state, federal and international legal and regulatory regimes may affect our customers’ requirements for, and demand for, our products and professional services. Governments and industry organizations, such as the PCI Council, may also adopt new laws, regulations or requirements, or make changes to existing laws or regulations, that could impact the demand for, or value of, our products. If we are unable to adapt our products to changing legal and regulatory standards or other requirements in a timely manner, or if our products fail to assist with, or expedite, our customers’ cyber security defense and compliance efforts, our customers may lose confidence in our products and could switch to products offered by our competitors, or threaten or bring legal actions against us. In addition, if laws, regulations or standards related to data security, vulnerability management and other IT security and compliance requirements are relaxed or the penalties for non-compliance are changed in a manner that makes them less onerous, our customers may view government and industry regulatory compliance as less critical to their businesses, and our customers may be less willing to purchase our products. In any of these cases, our revenue and operating results could be harmed.

In addition, government and other customers may require our products to comply with certain privacy, security or other certifications and standards. If our products are late in achieving or fail to achieve or maintain compliance with these certifications and standards, or our competitors achieve compliance with these certifications and standards, we may be disqualified from selling our products to such customers, or may otherwise be at a competitive disadvantage, either of which would harm our business, results of operations, and financial condition.

If our customers are unable to implement our products successfully, customer perceptions of our offerings may be impaired or our reputation and brand may suffer.

Our products are deployed in a wide variety of IT environments, including large-scale, complex infrastructures. Some of our customers have experienced difficulties implementing our products in the past and may experience implementation difficulties in the future. If our customers are unable to implement our products successfully, customer perceptions of our offerings may be impaired or our reputation and brand may suffer.

In addition, in order for our products to achieve their functional potential, our products must effectively integrate into our customers’ IT infrastructures, which have different specifications, utilize varied protocol standards, deploy products from multiple different vendors and contain multiple layers of products that have been added over time. Our customers’ IT infrastructures are also dynamic, with a myriad of devices and endpoints entering and exiting the customers’ IT systems on a regular basis, and our products must be able to effectively adapt to and track these changes.

 

23


Table of Contents

Any failure by our customers to appropriately implement our products or any failure of our products to effectively integrate and operate within our customers’ IT infrastructures could result in customer dissatisfaction, impact the perceived reliability of our products, result in negative press coverage, negatively affect our reputation and harm our financial results.

The continued utility of Metasploit depends in part on the continued contributions from security researchers.

Our Metasploit product relies on information provided by an active community of more than 45,000 security researchers as of April 2015, who contribute new exploits, attacks and vulnerabilities. We expect that the continued contributions from these third parties will both enhance the robustness of Metasploit and also support our sales and marketing efforts. However, to the extent that the information provided by these third parties is inaccurate or malicious, the potential for false indications of security vulnerabilities and susceptibility to attack increases, which could adversely impact market acceptance of our products and professional services and could result in negative publicity, loss of customers and sales and increased costs to remedy any problem. Further, to the extent that our community of third parties is reduced in size or participants become less active, we may lose valuable insight into the dynamic threat landscape and our ability to quickly respond to new exploits, attacks and vulnerabilities may be reduced.

Recent and future acquisitions could disrupt our business and harm our financial condition and operating results.

In order to remain competitive, we have in the past and may in the future seek to acquire additional businesses, products or technologies. The environment for acquisitions in our industry is very competitive and acquisition candidate purchase prices will likely exceed what we would prefer to pay. We also may not find suitable acquisition candidates, and acquisitions we complete may be unsuccessful.

Achieving the anticipated benefits of future acquisitions will depend in part upon whether we can integrate acquired operations, products and technology in a timely and cost-effective manner. The integration process requires, among other things, coordination of administrative, sales and marketing, accounting and finance functions, and expansion of information and management systems. Integration may prove to be difficult due to the necessity of coordinating geographically separate organizations and integrating personnel with disparate business backgrounds and accustomed to different corporate cultures. This process is complex, expensive and time consuming, and may cause an interruption of, or loss of momentum in, product development and sales activities and operations of both companies. Further, we may be unable to retain key personnel of an acquired company following the acquisition. If we are unable to effectively execute acquisitions, our business, financial condition and operating results could be adversely affected.

In addition, we may only be able to conduct limited due diligence on an acquired company’s operations. Following an acquisition, we may be subject to unforeseen liabilities arising from an acquired company’s past or present operations and these liabilities may be greater than the warranty and indemnity limitations that we negotiate. Any unforeseen liability that is greater than these warranty and indemnity limitations could have a negative impact on our financial condition.

We rely on third-party channel partners to generate a substantial amount of our revenue.

Our success is dependent in part upon establishing and maintaining relationships with a variety of channel partners that we utilize to extend our geographic reach and market penetration. We anticipate that we will continue to rely on these partners in order to help facilitate sales of our offerings as part of larger purchases in the United States and to grow our business internationally. For 2012, 2013 and 2014, we derived approximately 30%, 38% and 41%, respectively, of our revenue from sales of products and professional services through channel partners, and the percentage of revenue derived from channel partners may increase in future periods. Our agreements with our channel partners are non-exclusive and do not prohibit them from working with our

 

24


Table of Contents

competitors or offering competing solutions, and some of our channel partners may have more established relationships with our competitors. If our channel partners choose to place greater emphasis on products of their own or those offered by our competitors or do not effectively market and sell our products and professional services, our ability to grow our business and sell our products and professional services, particularly in key international markets, may be adversely affected. In addition, our failure to recruit additional channel partners, or any reduction or delay in their sales of our products and professional services or conflicts between channel sales and our direct sales and marketing activities may harm our results of operations. Finally, even if we are successful, our relationships with channel partners may not result in greater customer usage of our products and professional services or increased revenue.

Failure to maintain high-quality customer support could have a material adverse effect on our business.

Once our products are deployed within our customers’ networks, our customers depend on our technical and other customer support services to resolve any issues relating to the implementation and maintenance of our products. If we do not effectively assist our customers in deploying our products, help our customers quickly resolve post-deployment issues or provide effective ongoing support, our ability to renew or sell additional products or professional services to existing customers would be adversely affected and our reputation with potential customers could be damaged. Further, to the extent that we are unsuccessful in hiring, training and retaining adequate technical and customer success personnel, our ability to provide adequate and timely support to our customers will be negatively impacted, and our customers’ satisfaction with our offerings will be adversely affected.

We rely on third-party software to operate certain functions of our business.

We rely on software vendors to operate certain critical functions of our business, including financial management and human resource management. If these services become unavailable due to extended outages or interruptions or because they are no longer available on commercially reasonable terms or prices, our expenses could increase, our ability to manage our finances could be interrupted and our processes for managing sales of our solutions and supporting our customers could be impaired until equivalent services, if available, are identified, obtained and integrated, all of which could harm our business.

We use third-party software and data that may be difficult to replace or that may cause errors or failures of our solutions, which could lead to lost customers or harm to our reputation and our operating results.

We license third-party software and security and compliance data from various third parties to deliver our offerings. In the future, this software or data may not be available to us on commercially reasonable terms, or at all. Any loss of the right to use any of this software or data could result in delays in the provisioning of our offerings until equivalent technology or data is either developed by us, or, if available, is identified, obtained and integrated, which could harm our business. In addition, any errors or defects in or failures of this third-party software could result in errors or defects in our products or cause our products to fail, which could harm our business and be costly to correct. Many of these providers attempt to impose limitations on their liability for such errors, defects or failures, and if enforceable, we may have additional liability to our customers or third-party providers that could harm our reputation and increase our operating costs.

We will need to maintain our relationships with third-party software and data providers, and to obtain software and data from such providers that do not contain errors or defects. Any failure to do so could adversely impact our ability to deliver effective solutions to our customers and could harm our operating results.

 

25


Table of Contents

Our products contain third-party open source software components, and our failure to comply with the terms of the underlying open source software licenses could restrict our ability to sell our products.

Our products contain software licensed to us by third parties under so-called “open source” licenses, including the GNU General Public License, or GPL, the GNU Lesser General Public License, or LGPL, the BSD License, the Apache License and others. From time to time, there have been claims against companies that distribute or use open source software in their products and services, asserting that such open source software infringes the claimants’ intellectual property rights. We could be subject to suits by parties claiming that what we believe to be licensed open source software infringes their intellectual property rights. Use and distribution of open source software may entail greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or other contractual protections regarding infringement claims or the quality of the code. In addition, certain open source licenses require that source code for software programs that are subject to the license be made available to the public and that any modifications or derivative works to such open source software continue to be licensed under the same terms.

Although we monitor our use of open source software in an effort both to comply with the terms of the applicable open source licenses and to avoid subjecting our products to conditions we do not intend, the terms of many open source licenses have not been interpreted by U.S. courts, and there is a risk that these licenses could be construed in a way that could impose unanticipated conditions or restrictions on our ability to commercialize our products. The terms of certain open source licenses require us to release the source code of our applications and to make our applications available under those open source licenses if we combine or distribute our applications with open source software in a certain manner. In the event that portions of our applications are determined to be subject to an open source license, we could be required to publicly release the affected portions of our source code, re-engineer all, or a portion of, those applications or otherwise be limited in the licensing of our applications. Disclosing our proprietary source code could allow our competitors to create similar products with lower development effort and time and ultimately could result in a loss of sales for us. Disclosing the source code of our proprietary software could also make it easier for cyber attackers and other third parties to discover vulnerabilities in or to defeat the protections of our products, which could result in our products failing to provide our customers with the security they expect. Any of these events could have a material adverse effect on our business, operating results and financial condition.

Our technology alliance partnerships expose us to a range of business risks and uncertainties that could have a material adverse impact on our business and financial results.

We have entered, and intend to continue to enter, into technology alliance partnerships with third parties to support our future growth plans, including with certain of our actual or potential competitors. For example, through these technology alliance partnerships, we integrate with certain third-party application program interfaces, or APIs, which enhance our data collection capabilities in our customers’ IT environments. If these third parties no longer allow us to integrate with their APIs, or if we determine not to maintain these integrations, the functionality of our products may be reduced and our products may not be as marketable to certain potential customers. Technology alliance partnerships require significant coordination between the parties involved, particularly if a partner requires that we integrate its products with our products. Further, we have invested and will continue to invest significant time, money and resources to establish and maintain relationships with our technology alliance partners, but we have no assurance that any particular relationship will continue for any specific period of time or result in new offerings that we can effectively commercialize or enhancements to our existing offerings. In addition, while we believe that entering into technology alliance partnerships with certain of our actual or potential competitors is currently beneficial to our competitive position in the market, such partnerships may also give our competitors insight into our offerings that they may not otherwise have, thereby allowing them to compete more effectively against us.

 

26


Table of Contents

Our sales cycle may be unpredictable.

The timing of sales of our offerings is difficult to forecast because of the length and unpredictability of our sales cycle, particularly with large enterprises and with respect to certain of our products, such as UserInsight. We sell our products primarily to IT departments that are managing a growing set of user and compliance demands, which has increased the complexity of customer requirements to be met and confirmed during the sales cycle and prolonged our sales cycle. Further, the length of time that potential customers devote to their testing and evaluation, contract negotiation and budgeting processes varies significantly, depending on the size of the organization and nature of the product or professional service under consideration. For example, the length of the sales cycle for our threat exposure management offerings typically ranges from one to six months, while sales of our UserInsight product can exceed twelve months because input from an organization’s senior management is often required before a sale of a product such as UserInsight is consummated and because UserInsight has only been broadly commercially available since 2014. In addition, we might devote substantial time and effort to a particular unsuccessful sales effort, and as a result we could lose other sales opportunities or incur expenses that are not offset by an increase in revenue, which could harm our business.

A portion of our revenue is generated by sales to government entities, which are subject to a number of challenges and risks.

Selling to government entities can be highly competitive, expensive and time consuming, and often requires significant upfront time and expense without any assurance that we will win a sale. Government demand and payment for our products and professional services may also be impacted by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our offerings. Government entities also have heightened sensitivity surrounding the purchase of cyber security solutions due to the critical importance of their IT infrastructures, the nature of the information contained within those infrastructures and the fact that they are highly-visible targets for cyber attacks. Accordingly, increasing sales of our products and professional services to government entities may be more challenging than selling to commercial organizations. Further, in the course of providing our products and professional services to government entities, our employees and those of our channel partners may be exposed to sensitive government information. Any failure by us or our channel partners to safeguard and maintain the confidentiality of such information could subject us to liability and reputational harm, which could materially and adversely affect our results of operations and financial performance.

We are exposed to fluctuations in currency exchange rates, which could negatively affect our financial condition and results of operations.

Our reporting currency is the U.S. dollar and we generate a majority of our revenue in U.S. dollars. However, for the year ended December 31, 2014, we incurred approximately 14% of our expenses outside of the United States in foreign currencies, primarily the pound sterling (GBP), principally with respect to salaries and related personnel expenses associated with our sales and research and development operations. Additionally, for the year ended December 31, 2014, 4.1% of our revenue was generated in foreign currencies. Accordingly, changes in exchange rates may have an adverse effect on our business, operating results and financial condition. The exchange rate between the U.S. dollar and foreign currencies has fluctuated substantially in recent years and may continue to fluctuate substantially in the future. The results of our operations may be adversely affected by foreign exchange fluctuations. To date, we have not engaged in any hedging strategies, and any such strategies, such as forward contracts, options and foreign exchange swaps related to transaction exposures that we may implement to mitigate this risk may not eliminate our exposure to foreign exchange fluctuations.

Changes in financial accounting standards may cause an adverse impact our reported results of operations.

A change in accounting standards or practices, particular with respect to revenue recognition, could harm our operating results and may even affect our reporting of transactions completed before the change is effective. New

 

27


Table of Contents

accounting pronouncements and varying interpretations of accounting pronouncements have occurred and may occur in the future. Changes to existing rules or the questioning of current practices may harm our operating results or the way we conduct our business.

Our business is subject to the risks of earthquakes, fire, power outages, floods and other catastrophic events, and to interruption by manmade problems such as terrorism.

A significant natural disaster, such as an earthquake, fire or a flood, or a significant power outage could have a material adverse impact on our business, operating results and financial condition. In addition, natural disasters could affect our channel partners’ ability to perform services for us on a timely basis. In the event we or our channel partners are hindered by any of the events discussed above, our ability to provide our products or professional services to customers could be delayed.

In addition, our facilities and those of our third-party data centers and hosting providers are vulnerable to damage or interruption from human error, intentional bad acts, pandemics, earthquakes, hurricanes, floods, fires, war, terrorist attacks, power losses, hardware failures, systems failures, telecommunications failures and similar events. The occurrence of a natural disaster, power failure or an act of terrorism, vandalism or other misconduct, a decision by a third party to close a facility on which we rely without adequate notice, or other unanticipated problems could result in lengthy interruptions in provision or delivery of our products, potentially leaving our customers vulnerable to cyber attacks. The occurrence of any of the foregoing events could damage our systems and hardware or could cause them to fail completely, and our insurance may not cover such events or may be insufficient to compensate us for the potentially significant losses, including the potential harm to the future growth of our business, that may result from interruptions in our service as a result of system failures.

All of the aforementioned risks may be exacerbated if the disaster recovery plans for us and our third-party data centers and hosting providers prove to be inadequate. To the extent that any of the above results in delayed or reduced customer sales, our business, financial condition and results of operations could be adversely affected.

We may require additional capital to support business growth, and this capital might not be available on acceptable terms, if at all.

We intend to continue to make investments to support our business growth and may require additional funds to respond to business challenges, including the need to develop new features or enhance our products, improve our operating infrastructure or acquire complementary businesses and technologies. Accordingly, we may need to engage in equity or debt financings to secure additional funds. If we raise additional funds through future issuances of equity or convertible debt securities, our existing stockholders could suffer significant dilution, and any new equity securities we issue could have rights, preferences and privileges superior to those of holders of our common stock. Any debt financing that we may secure in the future could involve restrictive covenants relating to our capital raising activities and other financial and operational matters, which may make it more difficult for us to obtain additional capital and to pursue business opportunities, including potential acquisitions. We may not be able to obtain additional financing on terms favorable to us, if at all. If we are unable to obtain adequate financing or financing on terms satisfactory to us when we require it, our ability to continue to support our business growth and to respond to business challenges could be significantly impaired, and our business may be adversely affected.

Risks Related to Government Regulation, Data Collection, Intellectual Property and Litigation

Failure to comply with governmental laws and regulations could harm our business.

Our business is subject to regulation by various federal, state, local and foreign governments. In certain jurisdictions, these regulatory requirements may be more stringent than those in the United States. Noncompliance with applicable regulations or requirements could subject us to investigations, sanctions,

 

28


Table of Contents

mandatory product recalls, enforcement actions, disgorgement of profits, fines, damages, civil and criminal penalties, injunctions or other collateral consequences. If any governmental sanctions are imposed, or if we do not prevail in any possible civil or criminal litigation, our business, results of operations, and financial condition could be materially adversely affected. In addition, responding to any action will likely result in a significant diversion of management’s attention and resources and an increase in professional fees. Enforcement actions and sanctions could harm our business, reputation, results of operations and financial condition.

We are subject to governmental export and import controls that could impair our ability to compete in international markets and/or subject us to liability if we are not in compliance with applicable laws.

Like other U.S.-based IT security products, our products are subject to U.S. export control and import laws and regulations, including the U.S. Export Administration Regulations and various economic and trade sanctions regulations administered by the U.S. Treasury Department’s Office of Foreign Assets Control. Exports of these products must be made in compliance with these laws and regulations. If we were to fail to comply with these laws and regulations, we and certain of our employees could be subject to substantial civil and criminal penalties, including fines for our company and responsible employees or managers, and, in extreme cases, incarceration of responsible employees and managers and the possible loss of export privileges. Complying with export control laws and regulations, including obtaining the necessary licenses or authorizations, for a particular sale may be time-consuming, is not guaranteed and may result in the delay or loss of sales opportunities. Changes in export or import laws and regulations, shifts in the enforcement or scope of existing laws and regulations, or changes in the countries, governments, persons, products or services targeted by such laws and regulations, could also result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential customers. A decreased use of our products or limitation on our ability to export or sell our products could adversely affect our business, financial condition and results of operations.

We also incorporate encryption technology into our products. These encryption products may be exported outside of the United States only with the required export authorizations, including by a license, a license exception or other appropriate government authorizations, including the filing of an encryption registration or product classification request. We previously deployed certain of our Metasploit products prior to obtaining the appropriate export authorizations. As such, we did not fully comply with applicable encryption controls in the U.S. Export Administration Regulations. Further, U.S. export control laws and economic sanctions prohibit the shipment of certain products and services to U.S. embargoed or sanctioned countries, governments or persons. Although we take precautions to prevent our products from being provided to those subject to U.S. sanctions, such measures may be circumvented. We are aware of previous exports in the form of downloads of certain of our Metasploit products by persons and organizations that appear to be located in countries that are the subject of U.S. embargoes, and by certain other persons and organizations without the requisite export authorizations. In September 2014, we initiated and filed a voluntary self-disclosure with the U.S. Department of Commerce’s Bureau of Industry and Security, or BIS, concerning our previous failure to obtain required authorizations for certain exports, as well as apparent historical exports of free and trial software to embargoed countries. In March 2015, we filed a supplement to the voluntary self-disclosure to BIS containing additional information regarding unauthorized exports to certain foreign government end-users. Also in March 2015, we filed a voluntary self-disclosure with the U.S. Department of Treasury’s Office of Foreign Assets Control, or OFAC, concerning exports to embargoed countries. On May 22, 2015, OFAC determined not to pursue a civil monetary penalty against us and issued us a Cautionary Letter to resolve our voluntary self-disclosure. The voluntary self-disclosure submitted to BIS currently remains under review, and we are cooperating with BIS. It is possible that the matters discussed in the BIS voluntary self-disclosure could result in monetary penalties or other penalties being assessed against us.

In addition, various countries regulate the import and domestic use of certain encryption technology, including through import permitting and licensing requirements, and have enacted laws that could limit our ability to distribute our products or could limit our customers’ ability to implement our products in those countries. Encryption products and the underlying technology may also be subject to export control restrictions. Governmental regulation of encryption technology and regulation of imports or exports of encryption products,

 

29


Table of Contents

or our failure to obtain required import or export approval for our products, when applicable, could harm our international sales and adversely affect our revenue. Compliance with applicable laws and regulations regarding the export and import of our products, including with respect to new products or changes in existing products, may create delays in the introduction of our products in international markets, prevent our customers with international operations from deploying our products globally or, in some cases, could prevent the export or import of our products to certain countries, governments, entities or persons altogether.

Finally, there are currently multinational efforts underway as part of the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies, or the Wassenaar Arrangement, to impose additional restrictions on certain cyber security products. To implement the controls under the Wassenaar Arrangement in the United States, on May 20, 2015, BIS published a proposed rule for public comment that would amend the Export Administration Regulations with regard to exports, reexports and transfers (in-country) of “intrusion software,” surveillance items and related software and technology. Under the proposed rule, “intrusion software” and surveillance items are defined broadly and would establish an export license requirement for all countries other than the United States and Canada for many commercially-available penetration testing and network monitoring products, including commercial versions of Metasploit. Obtaining the necessary licenses or authorizations for a particular sale may be time-consuming, is not guaranteed and may result in the delay or loss of sales opportunities. We are evaluating the potential implications of the Wassenaar Arrangement on the commercial versions of Metasploit and plan to submit comments to BIS regarding the proposed rule, which remains subject to public comment, is not currently in effect and may undergo substantial modification before it becomes effective.

Because our products collect and store user and related information, domestic and international privacy and cyber security concerns, and other laws and regulations, could result in additional costs and liabilities to us or inhibit sales of our products.

We, and our customers, are subject to a number of domestic and international laws and regulations that apply to online services and the internet generally. These laws, rules and regulations address a range of issues including data privacy and cyber security, and restrictions or technological requirements regarding the collection, use, storage, protection, retention or transfer of data. The regulatory framework for online services, data privacy and cyber security issues worldwide can vary substantially from jurisdiction to jurisdiction, is rapidly evolving and is likely to remain uncertain for the foreseeable future. Many federal, state and foreign government bodies and agencies have adopted or are considering adopting laws, rules and regulations regarding the collection, use, storage and disclosure of information, web browsing and geolocation data collection, data analytics, cyber security and breach notification procedures. Interpretation of these laws, rules and regulations and their application to our products and professional services in the U.S. and foreign jurisdictions is ongoing and cannot be fully determined at this time.

In the United States, these include rules and regulations promulgated under the authority of the Federal Trade Commission, the Electronic Communications Privacy Act, Computer Fraud and Abuse Act, HIPAA, the Gramm Leach Bliley Act and state breach notification laws, as well as regulator enforcement positions and expectations reflected in federal and state regulatory actions, settlements, consent decrees and guidance documents. Internationally, virtually every jurisdiction in which we operate has established its own data security and privacy legal frameworks with which we, or our customers, must comply, including the Data Protection Directive established in the European Union and the Federal Data Protection Act recently implemented in Germany. Further, many federal, state and foreign government bodies and agencies have introduced, and are currently considering, additional laws and regulations. If passed, we will likely incur additional expenses and costs associated with complying with such laws.

In addition to government regulation, privacy advocates and industry groups may propose new and different self-regulatory standards that either legally or contractually apply to us. Because the interpretation and application of privacy and data protection laws are still uncertain, it is possible that these laws may be interpreted and applied in

 

30


Table of Contents

a manner that is inconsistent with our existing practices or the features of our products. We may also be subject to claims of liability or responsibility for the actions of third parties with whom we interact or upon whom we rely in relation to various services, including but not limited to vendors and business partners. If so, in addition to the possibility of fines, lawsuits and other claims, we could be required to fundamentally change our business activities and practices or modify our products, which could have an adverse effect on our business. Any inability to adequately address privacy concerns, even if unfounded, or comply with applicable privacy or data protection laws, regulations and policies, could result in additional cost and liability to us, damage our reputation, inhibit sales and adversely affect our business.

The costs of compliance with, and other burdens imposed by, the laws, rules, regulations and policies that are applicable to the businesses of our customers may limit the use and adoption of, and reduce the overall demand for, our software. Privacy or cyber security concerns, whether valid or not valid, may inhibit market adoption of our products particularly in certain industries and foreign countries.

Further, there are active legislative discussions regarding the implementation of laws or regulations that could restrict the manner in which security research is conducted and that could restrict or possibly bar the conduct of penetration testing and the use of exploits, which are an essential component of our Metasploit product and our business strategy more generally. Our failure to comply with existing laws, rules or regulations, changes to existing laws or their interpretation, or the imposition of new laws, rules or regulations, could have a material and adverse impact on our business, results of operations, and financial condition.

Failure to protect our proprietary technology and intellectual property rights could substantially harm our business and operating results.

Our future success and competitive position depend in part on our ability to protect our intellectual property and proprietary technologies. To safeguard these rights, we rely on a combination of patent, trademark, copyright and trade secret laws and contractual protections in the United States and other jurisdictions, all of which provide only limited protection and may not now or in the future provide us with a competitive advantage.

As of March 31, 2015, we had four issued patents and 15 patent applications pending in the United States relating to our products. We cannot assure you that any patents will issue from any patent applications, that patents that issue from such applications will give us the protection that we seek or that any such patents will not be challenged, invalidated, or circumvented. Any patents that may issue in the future from our pending or future patent applications may not provide sufficiently broad protection and may not be enforceable in actions against alleged infringers. We have registered the “Rapid7,” “Nexpose” and “Metasploit” names and logos in the United States and certain other countries. We have registrations and/or pending applications for additional marks in the United States and other countries; however, we cannot assure you that any future trademark registrations will be issued for pending or future applications or that any registered trademarks will be enforceable or provide adequate protection of our proprietary rights. We also license software from third parties for integration into our products, including open source software and other software available on commercially reasonable terms. We cannot assure you that such third parties will maintain such software or continue to make it available.

In order to protect our unpatented proprietary technologies and processes, we rely on trade secret laws and confidentiality agreements with our employees, consultants, channel partners, vendors and others. Despite our efforts to protect our proprietary technology and trade secrets, unauthorized parties may attempt to misappropriate, reverse engineer or otherwise obtain and use them. In addition, others may independently discover our trade secrets, in which case we would not be able to assert trade secret rights, or develop similar technologies and processes. Further, the contractual provisions that we enter into may not prevent unauthorized use or disclosure of our proprietary technology or intellectual property rights and may not provide an adequate remedy in the event of unauthorized use or disclosure of our proprietary technology or intellectual property rights. Moreover, policing unauthorized use of our technologies, trade secrets and intellectual property is difficult, expensive and time-consuming, particularly in foreign countries where the laws may not be as

 

31


Table of Contents

protective of intellectual property rights as those in the United States and where mechanisms for enforcement of intellectual property rights may be weak. We may be unable to determine the extent of any unauthorized use or infringement of our solutions, technologies or intellectual property rights.

From time to time, legal action by us may be necessary to enforce our patents and other intellectual property rights, to protect our trade secrets, to determine the validity and scope of the intellectual property rights of others or to defend against claims of infringement or invalidity. Such litigation could result in substantial costs and diversion of resources and could negatively affect our business, operating results and financial condition.

Assertions by third parties of infringement or other violations by us of their intellectual property rights, whether or not correct, could result in significant costs and harm our business and operating results.

Patent and other intellectual property disputes are common in our industry. We are currently involved in a lawsuit brought by a non-practicing entity alleging that we have infringed upon a now-expired patent held by such entity and we may from time to time be involved in other such disputes in the ordinary course of our business. Some companies, including some of our competitors, own large numbers of patents, copyrights and trademarks, which they may use to assert claims against us. Third parties have in the past and may in the future assert claims of infringement, misappropriation or other violations of intellectual property rights against us. They may also assert such claims against our customers or channel partners, whom we typically indemnify against claims that our solutions infringe, misappropriate or otherwise violate the intellectual property rights of third parties. As the numbers of products and competitors in our market increase and overlaps occur, claims of infringement, misappropriation and other violations of intellectual property rights may increase. Any claim of infringement, misappropriation or other violation of intellectual property rights by a third party, even those without merit, could cause us to incur substantial costs defending against the claim and could distract our management from our business.

The patent portfolios of our most significant competitors are larger than ours. This disparity may increase the risk that they may sue us for patent infringement and may limit our ability to counterclaim for patent infringement or settle through patent cross-licenses. In addition, future assertions of patent rights by third parties, and any resulting litigation, may involve patent holding companies or other adverse patent owners who have no relevant product revenues and against whom our own patents may therefore provide little or no deterrence or protection. There can be no assurance that we will not be found to infringe or otherwise violate any third-party intellectual property rights or to have done so in the past.

An adverse outcome of a dispute may require us to:

 

  l   

pay substantial damages, including treble damages, if we are found to have willfully infringed a third party’s patents or copyrights;

 

  l   

cease making, licensing or using solutions that are alleged to infringe or misappropriate the intellectual property of others;

 

  l   

expend additional development resources to attempt to redesign our solutions or otherwise develop non-infringing technology, which may not be successful;

 

  l   

enter into potentially unfavorable royalty or license agreements in order to obtain the right to use necessary technologies or intellectual property rights; and

 

  l   

indemnify our partners and other third parties.

In addition, royalty or licensing agreements, if required or desirable, may be unavailable on terms acceptable to us, or at all, and may require significant royalty payments and other expenditures. Some licenses may also be

 

32


Table of Contents

non-exclusive, and therefore our competitors may have access to the same technology licensed to us. Any of the foregoing events could seriously harm our business, financial condition and results of operations.

Our operating results may be harmed if we are required to collect sales and use or other related taxes for our products and professional services in jurisdictions where we have not historically done so.

Taxing jurisdictions, including state, local and foreign taxing authorities, have differing rules and regulations governing sales and use or other taxes, and these rules and regulations are subject to varying interpretations that may change over time. In particular, significant judgment is required in evaluating our tax positions and our worldwide provision for taxes. While we believe that we are in material compliance with our obligations under applicable taxing regimes, one or more states, localities or countries may seek to impose additional sales or other tax collection obligations on us, including for past sales by us or our channel partners. It is possible that we could face sales tax audits and that such audits could result in tax-related liabilities for which we have not accrued. For example, we are currently subject to audits by the Commonwealth of Massachusetts and the State of Washington. A successful assertion that we should be collecting additional sales or other taxes on our offerings in jurisdictions where we have not historically done so and do not accrue for sales taxes could result in substantial tax liabilities for past sales, discourage customers from purchasing our offerings or otherwise harm our business and operating results.

In addition, our tax obligations and effective tax rates could be adversely affected by changes in the relevant tax, accounting and other laws, regulations, principles and interpretations, including those relating to income tax nexus, by recognizing tax losses or lower than anticipated earnings in jurisdictions where we have lower statutory rates and higher than anticipated earnings in jurisdictions where we have higher statutory rates, by changes in foreign currency exchange rates, or by changes in the valuation of our deferred tax assets and liabilities. Although we believe our tax estimates are reasonable, the final determination of any tax audits or litigation could be materially different from our historical tax provisions and accruals, which could have a material adverse effect on our operating results or cash flows in the period or periods for which a determination is made.

Our intercompany relationships are subject to complex transfer pricing regulations, which may be challenged by taxing authorities.

We generally conduct our international operations through wholly-owned subsidiaries and report our taxable income in various jurisdictions worldwide based upon our business operations in those jurisdictions. Our intercompany relationships are and will continue to be subject to complex transfer pricing regulations administered by taxing authorities in various jurisdictions. The relevant taxing authorities may disagree with our determinations as to the income and expenses attributable to specific jurisdictions. If such a disagreement were to occur, and our position were not sustained, we could be required to pay additional taxes, interest and penalties, which could result in one-time tax charges, higher effective tax rates, reduced cash flows and lower overall profitability of our operations.

Our ability to use net operating losses to offset future taxable income may be subject to certain limitations.

As of December 31, 2014, we had federal and state net operating loss carryforwards, or NOLs, of $71.7 million and $59.1 million, respectively, available to offset future taxable income, which expire in various years beginning in 2029 if not utilized. A lack of future taxable income would adversely affect our ability to utilize these NOLs before they expire. Under the provisions of the Internal Revenue Code of 1986, as amended, or the Internal Revenue Code, substantial changes in our ownership may limit the amount of pre-change NOLs that can be utilized annually in the future to offset taxable income. Section 382 of the Internal Revenue Code, or Section 382, imposes limitations on a company’s ability to use NOLs if a company experiences a more-than-50-percent ownership change over a three-year testing period. Based upon our analysis as of December 31, 2014, we determined that although a small limitation on our historical NOLs exists, we do not expect this limitation to impair our ability to use our NOLs prior to expiration. However, if changes in our ownership occur in the future,

 

33


Table of Contents

our ability to use our NOLs may be further limited. For these reasons, we may not be able to utilize a material portion of the NOLs, even if we achieve profitability. If we are limited in our ability to use our NOLs in future years in which we have taxable income, we will pay more taxes than if we were able to fully utilize our NOLs. This could adversely affect our operating results and the market price of our common stock.

The enactment of legislation implementing changes in the U.S. taxation of international business activities or the adoption of other tax reform policies could materially impact our financial position and results of operations.

Recent changes to U.S. tax laws, including limitations on the ability of taxpayers to claim and utilize foreign tax credits and the deferral of certain tax deductions until earnings outside of the United States are repatriated to the United States, as well as changes to U.S. tax laws that may be enacted in the future, could impact the tax treatment of our foreign earnings. Due to expansion of our international business activities, any changes in the U.S. taxation of such activities may increase our worldwide effective tax rate and adversely affect our financial condition and operating results.

Risk Related to our Common Stock and this Offering

Our stock price may be volatile, and you may lose some or all of your investment.

The initial public offering price for the shares of our common stock will be determined by negotiations between us and the representatives of the underwriters and may not be indicative of the market price of our common stock following this offering. The market price of our common stock may be highly volatile and may fluctuate substantially as a result of a variety of factors, some of which are related in complex ways, including:

 

  l   

actual or anticipated fluctuations in our financial condition and operating results;

 

  l   

variance in our financial performance from expectations of securities analysts;

 

  l   

changes in the prices of our products and professional services;

 

  l   

changes in our projected operating and financial results;

 

  l   

changes in laws or regulations applicable to our products or professional services;

 

  l   

announcements by us or our competitors of significant business developments, acquisitions or new offerings;

 

  l   

our involvement in any litigation;

 

  l   

our sale of our common stock or other securities in the future;

 

  l   

changes in senior management or key personnel;

 

  l   

trading volume of our common stock;

 

  l   

changes in the anticipated future size and growth rate of our market; and

 

  l   

general economic, regulatory and market conditions.

Recently, the stock markets have experienced extreme price and volume fluctuations that have affected and continue to affect the market prices of equity securities of many companies. These fluctuations have often been

 

34


Table of Contents

unrelated or disproportionate to the operating performance of those companies. Broad market and industry fluctuations, as well as general economic, political, regulatory and market conditions, may negatively impact the market price of our common stock. If the market price of our common stock after this offering does not exceed the initial public offering price, you may lose some or all of your investment. In the past, companies that have experienced volatility in the market price of their securities have been subject to securities class action litigation. We may be the target of this type of litigation in the future, which could result in substantial costs and divert our management’s attention.

No public market for our common stock currently exists, and an active public trading market may not develop or be sustained following this offering.

No public market for our common stock currently exists. An active public trading market may not develop following the completion of this offering or, if developed, may not be sustained. The lack of an active market may impair your ability to sell your shares at the time you wish to sell them or at a price that you consider reasonable. The lack of an active market may also reduce the fair value of your shares. An inactive market may also impair our ability to raise capital to continue to fund operations by selling shares and may impair our ability to acquire other companies or technologies by using our shares as consideration.

If securities or industry analysts do not publish research or reports about our business, or publish negative reports about our business, our stock price and trading volume could decline.

The trading market for our common stock will depend, in part, on the research and reports that securities or industry analysts publish about us or our business. We do not have any control over these analysts. If our financial performance fails to meet analyst estimates or one or more of the analysts who cover us downgrade our shares or change their opinion of our shares, our share price would likely decline. If one or more of these analysts cease coverage of our company or fail to regularly publish reports on us, we could lose visibility in the financial markets, which could cause our share price or trading volume to decline.

We do not intend to pay dividends for the foreseeable future and, as a result, your ability to achieve a return on your investment will depend on appreciation in the price of our common stock.

We have never declared or paid any cash dividends on our common stock and do not intend to pay any cash dividends in the foreseeable future. We anticipate that we will retain all of our future earnings for use in the development of our business and for general corporate purposes. Any determination to pay dividends in the future will be at the discretion of our board of directors. Accordingly, investors must rely on sales of their common stock after price appreciation, which may never occur, as the only way to realize any future gains on their investments.

Concentration of ownership among our existing directors, executive officers and holders of 5% or more of our outstanding common stock may prevent new investors from influencing significant corporate decisions.

Following this offering, our directors, executive officers and holders of more than 5% of our common stock, some of whom are represented on our board of directors, together with their affiliates will beneficially own     % of the voting power of our outstanding capital stock. As a result, these stockholders will, immediately following this offering, be able to determine the outcome of matters submitted to our stockholders for approval. Some of these persons or entities may have interests that are different from yours, and this ownership could affect the value of your shares of common stock if, for example, these stockholders elect to delay, defer or prevent a change in corporate control, merger, consolidation, takeover or other business combination. This concentration of ownership may also adversely affect the market price of our common stock.

 

35


Table of Contents

We may invest or spend the proceeds of this offering in ways with which you may not agree or in ways which may not yield a return.

We anticipate that the net proceeds from this offering will be used for working capital and other general corporate purposes, including the payment of our outstanding term loan and associated termination fee. We may also use a portion of the net proceeds to acquire complementary businesses, products or technologies. However, we do not have any agreements or commitments for any acquisitions at this time. Our management will have considerable discretion in the application of the net proceeds, and you will not have the opportunity, as part of your investment decision, to assess whether the proceeds are being used effectively. The net proceeds may be invested with a view towards long-term benefits for our stockholders and this may not increase our operating results or market value. The failure by our management to apply these funds effectively may adversely affect the return on your investment.

Future sales of our common stock in the public market could cause our share price to decline.

After this offering, there will be             shares of our common stock outstanding, assuming no exercise of the underwriters’ over-allotment option. Sales of a substantial number of shares of our common stock in the public market after this offering, or the perception that these sales might occur, could depress the market price of our common stock and could impair our ability to raise capital through the sale of additional equity securities. Of our issued and outstanding shares of our common stock, all of the shares sold in this offering will be freely transferable without restrictions or further registration under the Securities Act of 1933, as amended, or the Securities Act, except for any shares acquired by our affiliates, as defined in Rule 144 under the Securities Act. The remaining              shares outstanding after this offering will be restricted as a result of securities laws, lock-up agreements or other contractual restrictions that restrict transfers for 180 days after the date of this prospectus.

Additionally, following the completion of this offering, stockholders holding approximately             % of our common stock outstanding, will, after the expiration of the lock-up periods specified above, have the right, subject to various conditions and limitations, to include their shares of our common stock in registration statements relating to our securities. If the offer and sale of these shares are registered, they will be freely tradable without restriction under the Securities Act. Shares of common stock sold under such registration statements can be freely sold in the public market. In the event such registration rights are exercised and a large number of shares of common stock are sold in the public market, such sales could reduce the trading price of our common stock. See “Description of Capital Stock—Registration Rights” and “Shares Eligible for Future Sale—Lock-Up Agreements” for a more detailed description of these registration rights and the lock-up period.

We intend to file a registration statement on Form S-8 under the Securities Act to register the total number of shares of our common stock that may be issued under our equity incentive plans. See the information under the heading “Shares Eligible for Future Sale—Form S-8 Registration Statements” for a more detailed description of the shares of common stock that will be available for future sale upon the registration and issuance of such shares, subject to any applicable vesting or lock-up period or other restrictions provided under the terms of the applicable plan and/or the option agreements entered into with the option holders. In addition, in the future we may issue common stock or other securities if we need to raise additional capital. The number of new shares of our common stock issued in connection with raising additional capital could constitute a material portion of the then outstanding shares of our common stock.

You will experience immediate and substantial dilution in the net tangible book value of the shares of common stock you purchase in this offering.

The initial public offering price of our common stock will be substantially higher than the pro forma net tangible book value per share of our common stock, as of March 31, 2015, immediately after this offering. Therefore, if you purchase shares of our common stock in this offering, you will suffer immediate dilution of $             per share, or $             per share if the underwriters exercise their over-allotment option in full, in net tangible book

 

36


Table of Contents

value after giving effect to the sale of common stock in this offering at an assumed public offering price of $             per share, the midpoint of the estimated initial public offering price range set forth on the cover page of this prospectus. See “Dilution.” If outstanding options or warrants to purchase our common stock are exercised in the future, you will experience additional dilution.

We are an “emerging growth company” and we cannot be certain if the reduced disclosure requirements applicable to emerging growth companies will make our common stock less attractive to investors.

We are an “emerging growth company,” as defined in the JOBS Act, and we may take advantage of certain exemptions from various reporting requirements that are applicable to other public companies that are not “emerging growth companies” including, but not limited to, the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act, reduced disclosure obligations regarding executive compensation in our periodic reports and proxy statements, and exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved. We cannot predict if investors will find our common stock less attractive if we choose to rely on these exemptions. If some investors find our common stock less attractive as a result, there may be a less active trading market for our common stock and our stock price may be more volatile.

We will incur increased costs as a result of operating as a public company, and our management will be required to devote substantial time to compliance with our public company responsibilities and corporate governance practices.

As a public company, and particularly after we are no longer an “emerging growth company,” we will incur significant legal, accounting and other expenses that we did not incur as a private company. The Sarbanes-Oxley Act, the Dodd-Frank Wall Street Reform and Consumer Protection Act, the listing requirements of the NASDAQ Stock Market and other applicable securities rules and regulations impose various requirements on public companies. Our management and other personnel will need to devote a substantial amount of time to compliance with these requirements. Moreover, these rules and regulations will increase our legal and financial compliance costs and will make some activities more time-consuming and costly. For example, we expect that these rules and regulations may make it more difficult and more expensive for us to obtain directors’ and officers’ liability insurance, which could make it more difficult for us to attract and retain qualified members of our board of directors. We cannot predict or estimate the amount of additional costs we will incur as a public company or the timing of such costs.

As a result of becoming a public company, we will be obligated to develop and maintain proper and effective internal controls over financial reporting and any failure to maintain the adequacy of these internal controls may adversely affect investor confidence in our company and, as a result, the value of our common stock.

We will be required, pursuant to Section 404 of the Sarbanes-Oxley Act, or Section 404, to furnish a report by management on, among other things, the effectiveness of our internal control over financial reporting for the first fiscal year beginning after the effective date of this offering. This assessment will need to include disclosure of any material weaknesses identified by our management in our internal control over financial reporting. Our independent registered public accounting firm will not be required to attest to the effectiveness of our internal control over financial reporting until our first annual report required to be filed with the SEC following the date we are no longer an “emerging growth company,” as defined in the JOBS Act. We will be required to disclose significant changes made in our internal control procedures on a quarterly basis.

We have commenced the costly and challenging process of compiling the system and processing documentation necessary to perform the evaluation needed to comply with Section 404, and we may not be able to complete our evaluation, testing and any required remediation in a timely fashion. Our compliance with Section 404 will require that we incur substantial accounting expense and expend significant management efforts. We currently do not have an internal audit group, and we will need to hire additional accounting and financial staff with

 

37


Table of Contents

appropriate public company experience and technical accounting knowledge and compile the system and process documentation necessary to perform the evaluation needed to comply with Section 404.

During the evaluation and testing process of our internal controls, if we identify one or more material weaknesses in our internal control over financial reporting, we will be unable to assert that our internal control over financial reporting is effective. We cannot assure you that there will not be material weaknesses or significant deficiencies in our internal control over financial reporting in the future. Any failure to maintain internal control over financial reporting could severely inhibit our ability to accurately report our financial condition or results of operations. If we are unable to conclude that our internal control over financial reporting is effective, or if our independent registered public accounting firm determines we have a material weakness or significant deficiency in our internal control over financial reporting, we could lose investor confidence in the accuracy and completeness of our financial reports, the market price of our common stock could decline, and we could be subject to sanctions or investigations by the NASDAQ Stock Market, the SEC or other regulatory authorities. Failure to remedy any material weakness in our internal control over financial reporting, or to implement or maintain other effective control systems required of public companies, could also restrict our future access to the capital markets.

Anti-takeover provisions in our charter documents and under Delaware law could make an acquisition of us more difficult, limit attempts by our stockholders to replace or remove our current management and limit the market price of our common stock.

Provisions in our amended and restated certificate of incorporation and amended and restated bylaws, as will be in effect upon the completion of this offering, may have the effect of delaying or preventing a change in control or changes in our management. Our amended and restated certificate of incorporation and amended and restated bylaws will include provisions that:

 

  l   

authorize our board of directors to issue preferred stock without further stockholder action and with voting liquidation, dividend and other rights superior to our common stock;

 

  l   

require that any action to be taken by our stockholders be effected at a duly called annual or special meeting and not by written consent, and limit the ability of our stockholders to call special meetings;

 

  l   

establish an advance notice procedure for stockholder proposals to be brought before an annual meeting, including proposed nominations of persons for director nominees;

 

  l   

establish that our board of directors is divided into three classes, with directors in each class serving three-year staggered terms;

 

  l   

require the approval of holders of two-thirds of the shares entitled to vote at an election of directors to adopt, amend or repeal our amended and restated bylaws or amend or repeal the provisions of our amended and restated certificate of incorporation regarding the election and removal of directors and the ability of stockholders to take action by written consent or call a special meeting;

 

  l   

prohibit cumulative voting in the election of directors; and

 

  l   

provide that vacancies on our board of directors may be filled only by a majority of directors then in office, even though less than a quorum.

These provisions may frustrate or prevent any attempts by our stockholders to replace or remove our current management by making it more difficult for stockholders to replace members of our board of directors, which is responsible for appointing the members of our management. In addition, because we are incorporated in Delaware, we are governed by the provisions of Section 203 of the Delaware General Corporation Law, which

 

38


Table of Contents

generally prohibits a Delaware corporation from engaging in any of a broad range of business combinations with any “interested” stockholder for a period of three years following the date on which the stockholder became an “interested” stockholder. Any of the foregoing provisions could limit the price that investors might be willing to pay in the future for shares of our common stock, and they could deter potential acquirers of our company, thereby reducing the likelihood that you would receive a premium for your shares of our common stock in an acquisition.

Our amended and restated certificate of incorporation will designate the Court of Chancery of the State of Delaware as the exclusive forum for certain litigation that may be initiated by our stockholders, which could limit our stockholders’ ability to obtain a favorable judicial forum for disputes with us.

Pursuant to our amended and restated certificate of incorporation, as will be in effect upon the completion of this offering, unless we consent in writing to the selection of an alternative forum, the Court of Chancery of the State of Delaware will be the sole and exclusive forum for (1) any derivative action or proceeding brought on our behalf, (2) any action asserting a claim of breach of a fiduciary duty owed by any of our directors, officers or other employees to us or our stockholders, (3) any action asserting a claim arising pursuant to any provision of the Delaware General Corporation Law, our amended and restated certificate of incorporation or our amended and restated bylaws or (4) any action asserting a claim governed by the internal affairs doctrine. Our amended and restated certificate of incorporation will further provide that any person or entity purchasing or otherwise acquiring any interest in shares of our common stock is deemed to have notice of and consented to the foregoing provision. The forum selection clause in our amended and restated certificate of incorporation may limit our stockholders’ ability to obtain a favorable judicial forum for disputes with us.

 

39


Table of Contents

SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS

This prospectus contains forward-looking statements that involve substantial risks and uncertainties. The forward-looking statements are contained principally in the sections of this prospectus entitled “Prospectus Summary,” “Risk Factors,” “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and “Business,” but are also contained elsewhere in this prospectus. In some cases, you can identify forward-looking statements by the words “anticipate,” “believe,” “continue,” “could,” “estimate,” “expect,” “intend,” “may,” “might,” “objective,” “ongoing,” “plan,” “predict,” “project,” “potential,” “should,” “will,” or “would,” or the negative of these terms, or other comparable terminology intended to identify statements about the future. These statements involve known and unknown risks, uncertainties and other factors that may cause our actual results, levels of activity, performance or achievements to be materially different from the information expressed or implied by these forward-looking statements. Although we believe that we have a reasonable basis for each forward-looking statement contained in this prospectus, we caution you that these statements are based on a combination of facts and factors currently known by us and our expectations of the future, about which we cannot be certain. Forward-looking statements include statements about:

 

  l   

our ability to continue to add new customers, maintain existing customers and sell new products and professional services to new and existing customers;

 

  l   

the effects of increased competition as well as innovations by new and existing competitors in our market;

 

  l   

our ability to adapt to technological change and effectively enhance, innovate and scale our solutions;

 

  l   

our ability to effectively manage or sustain our growth and to attain and sustain profitability;

 

  l   

our ability to diversify our sources of revenue;

 

  l   

potential acquisitions and integration of complementary business and technologies;

 

  l   

our expected use of proceeds;

 

  l   

our ability to maintain, or strengthen awareness of, our brand;

 

  l   

perceived or actual security, integrity, reliability, quality or compatibility problems with our solutions, including related to security breaches in our customers’ systems, unscheduled downtime or outages;

 

  l   

statements regarding future revenue, hiring plans, expenses, capital expenditures, capital requirements and stock performance;

 

  l   

our ability to attract and retain qualified employees and key personnel and further expand our overall headcount;

 

  l   

our ability to grow, both domestically and internationally;

 

  l   

our ability to stay abreast of new or modified laws and regulations that currently apply or become applicable to our business both in the United States and internationally including laws and regulations related to export compliance;

 

  l   

our ability to maintain, protect and enhance our intellectual property;

 

  l   

costs associated with defending intellectual property infringement and other claims; and

 

  l   

the future trading prices of our common stock and the impact of securities analysts’ reports on these prices.

 

40


Table of Contents

We caution you that the foregoing list may not contain all of the forward-looking statements made in this prospectus.

You should refer to the “Risk Factors” section of this prospectus for a discussion of important factors that may cause our actual results to differ materially from those expressed or implied by our forward-looking statements. As a result of these factors, we cannot assure you that the forward-looking statements in this prospectus will prove to be accurate. Furthermore, if our forward-looking statements prove to be inaccurate, the inaccuracy may be material. In light of the significant uncertainties in these forward-looking statements, you should not regard these statements as a representation or warranty by us or any other person that we will achieve our objectives and plans in any specified time frame or at all. We undertake no obligation to publicly update any forward-looking statements, whether as a result of new information, future events or otherwise, except as required by law. The Private Securities Litigation Reform Act of 1995 and Section 27A of the Securities Act do not protect any forward-looking statements that we make in connection with this offering.

You should read this prospectus and the documents that we reference in this prospectus and have filed as exhibits to the registration statement, of which this prospectus is a part, completely and with the understanding that our actual future results may be materially different from what we expect. We qualify all of our forward-looking statements by these cautionary statements.

 

41


Table of Contents

INDUSTRY AND MARKET DATA

Unless otherwise indicated, information contained in this prospectus concerning our industry and the market in which we operate, including our general expectations and market position, market opportunity and market size is based on information from various sources, including independent industry publications by Frost & Sullivan, Gartner, Inc., or Gartner, International Data Corporation, Mandiant, a FireEye, Inc. company, PricewaterhouseCoopers LLP, RAND Corporation and Verizon Communications Inc. The reports published by Gartner and described herein, or the Gartner Reports, represent data, research opinions or viewpoints published, as part of a syndicated service, by Gartner, and are not representations of fact. Each Gartner Report speaks as of its original publication date (and not as of the date of this prospectus) and the opinions expressed in each Gartner Report are subject to change without notice.

In presenting this information, we have also made assumptions based on such data and other similar sources, and on our knowledge of, and in our experience to date in, the markets for our solutions. This information involves a number of assumptions and limitations, and you are cautioned not to give undue weight to such estimates. Although neither we nor the underwriters have independently verified the accuracy or completeness of any third-party information, we believe the market position, market opportunity and market size information included in this prospectus is reliable. The industry in which we operate is subject to a high degree of uncertainty and risk due to a variety of factors, including those described in the “Risk Factors” section. These and other factors could cause results to differ materially from those expressed in the estimates made by the independent parties and by us.

 

42


Table of Contents

USE OF PROCEEDS

We estimate that the net proceeds from our issuance and sale of                 shares of our common stock in this offering will be approximately $         million, or approximately $         million if the underwriters exercise their over-allotment option in full, based upon an assumed initial public offering price of $         per share, the midpoint of the price range set forth on the cover page of this prospectus, after deducting underwriting discounts and commissions and estimated offering expenses payable by us.

Each $1.00 increase or decrease in the assumed initial public offering price of $         per share, the midpoint of the price range set forth on the cover page of this prospectus, would increase or decrease the net proceeds to us from this offering by approximately $         million, assuming that the number of shares offered by us, as set forth on the cover page of this prospectus, remains the same, and after deducting underwriting discounts and commissions payable by us. We may also increase or decrease the number of shares we are offering. Each 1,000,000 share increase or decrease in the number of shares offered by us would increase or decrease the net proceeds to us from this offering by approximately $         million, assuming that the assumed initial price to the public remains the same, and after deducting underwriting discounts and commissions payable by us. We do not expect that a change in the initial price to the public or the number of shares by these amounts would have a material effect on uses of the proceeds from this offering, although it may accelerate the time at which we will need to seek additional capital.

The principal purposes of this offering are to increase our financial flexibility, create a public market for our common stock, and facilitate our future access to the capital markets. Although we have not yet determined with certainty the manner in which we will allocate the net proceeds of this offering, we expect to use the net proceeds from this offering for working capital and other general corporate purposes, including investments in sales and marketing in the United States and internationally and in research and development. We also intend to use $         million of the net proceeds to pay all remaining outstanding principal and interest, together with a termination fee, under our term loan with Silicon Valley Bank, which carries a current interest rate of 12% and expires in December 2017. We may also use a portion of the proceeds from this offering for acquisitions or strategic investments in complementary businesses or technologies, although we do not currently have any plans for any such acquisitions or investments. We have not allocated specific amounts of net proceeds for any of these purposes.

The expected use of net proceeds from this offering represents our intentions based upon our present plans and business conditions. We cannot predict with certainty all of the particular uses for the proceeds of this offering or the amounts that we will actually spend on the uses set forth above. Accordingly, our management will have significant flexibility in applying the net proceeds of this offering. The timing and amount of our actual expenditures will be based on many factors, including cash flows from operations and the anticipated growth of our business. Pending their use, we intend to invest the net proceeds of this offering in a variety of capital-preservation investments, including short- and intermediate-term, interest-bearing investment-grade securities.

 

43


Table of Contents

DIVIDEND POLICY

We have never declared or paid any dividends on our capital stock. We currently intend to retain all available funds and any future earnings for the operation and expansion of our business and, therefore, we do not anticipate declaring or paying cash dividends in the foreseeable future. The payment of dividends will be at the discretion of our board of directors and will depend on our results of operations, capital requirements, financial condition, prospects, contractual arrangements, any limitations on payment of dividends present in our current and future debt agreements and other factors that our board of directors may deem relevant.

 

44


Table of Contents

CAPITALIZATION

The following table sets forth our cash and our capitalization as of March 31, 2015:

 

  l   

on an actual basis;

 

  l   

on a pro forma basis to reflect (1) the conversion of all outstanding shares of our preferred stock into                 shares of common stock immediately prior to the closing of this offering, including the Additional Series D Conversion Shares and (2) the filing of our amended and restated certificate of incorporation, which will become effective immediately prior to the closing of this offering; and

 

  l   

on a pro forma as adjusted basis to reflect (1) the sale of                 shares of common stock in this offering at an assumed initial public offering price of $         per share, the midpoint of the price range set forth on the cover page of this prospectus, after deducting underwriting discounts and commissions and estimated offering expenses payable by us and (2) repayment of our outstanding term loan.

See “Prospectus Summary—The Offering” for a description of the Additional Series D Conversion Shares as the number of Additional Series D Conversion Shares that will be issued depends on the initial public offering price of our common stock.

You should read this table together with “Selected Consolidated Financial Statements,” “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and our consolidated financial statements and the related notes appearing elsewhere in this prospectus.

 

     As of March 31, 2015  
     Actual      Pro Forma      Pro Forma As
Adjusted(1)
 
     (in thousands, except share and per share data)  

Cash

   $           33,343       $                            $                        
  

 

 

    

 

 

    

 

 

 

Debt

  17,009   

Capital lease obligation

  261   

Redeemable convertible preferred stock, $0.01 par value per share; 16,392,603 shares authorized, 16,382,615 shares issued and outstanding, actual; no shares authorized, issued or outstanding, pro forma and pro forma as adjusted

  222,871             

Stockholders’ (deficit) equity:

Preferred stock, $0.01 par value per share; no shares authorized, issued or outstanding, actual; 10,000,000 shares authorized, no shares issued or outstanding, pro forma and pro forma as adjusted

              

Common stock, $0.01 par value per share; 35,700,000 shares authorized, 12,699,802 shares issued and outstanding, actual; 100,000,000 shares authorized,                 shares issued and outstanding, pro forma; 100,000,000 shares authorized,                 shares issued and outstanding, pro forma as adjusted

  127   

Additional paid-in capital

    

Accumulated deficit

  (261,435)   

Treasury stock

  (3,526)   
  

 

 

    

 

 

    

 

 

 

Total stockholders’ (deficit) equity

  (264,834)   
  

 

 

    

 

 

    

 

 

 

Total capitalization

$ (24,693)    $      $     
  

 

 

    

 

 

    

 

 

 

 

  (1)

The pro forma as adjusted information set forth above is illustrative only and will change based on the actual initial public offering price and other terms of this offering determined at pricing. Each $1.00 increase or decrease in the assumed initial public offering price of

 

45


Table of Contents
 

$         per share, the midpoint of the price range set forth on the cover page of this prospectus, would increase or decrease pro forma as adjusted cash, additional paid-in capital, total stockholders’ (deficit) equity and total capitalization by approximately $             million, assuming that the number of shares offered by us, as set forth on the cover page of this prospectus, remains the same, and after deducting underwriting discounts and commissions payable by us. We may also increase or decrease the number of shares we are offering. Each 1,000,000 share increase or decrease in the number of shares offered by us would increase or decrease pro forma as adjusted cash, additional paid-in capital, total stockholders’ (deficit) equity and total capitalization by approximately $             million, assuming that the assumed initial public offering price remains the same, and after deducting underwriting discounts and commissions payable by us.

The number of shares of our common stock shown as issued and outstanding on a pro forma as adjusted basis in the table above is based on the number of shares of our common stock outstanding as of March 31, 2015, and excludes:

 

  l   

4,006,962 shares of common stock issuable upon the exercise of options outstanding as of March 31, 2015, at a weighted-average exercise price of $5.44 per share;

 

  l   

200,000 shares of common stock issuable upon the exercise of warrants outstanding as of March 31, 2015, at an exercise price of $10.00 per share;

 

  l   

                 shares of our common stock reserved for future issuance pursuant to our 2015 Plan which will become effective prior to the completion of this offering and will include provisions that automatically increase the number of shares of common stock reserved for issuance thereunder each year; and

 

  l   

                shares of common stock reserved for future issuance under our 2015 Employee Stock Purchase Plan, which will become effective prior to the completion of this offering and will include provisions that automatically increase the number of shares of common stock reserved for issuance thereunder each year.

 

46


Table of Contents

DILUTION

If you invest in our common stock, your interest will be diluted to the extent of the difference between the initial public offering price per share of our common stock and the pro forma as adjusted net tangible book value per share of our common stock immediately after the completion of this offering.

Our historical net tangible book value as of March 31, 2015 was $(277.1) million, or $(21.82) per share of common stock. Our historical net tangible book value per share represents our total tangible assets less our total liabilities and preferred stock (which is not included within stockholders’ (deficit) equity), divided by the number of shares of common stock outstanding as of March 31, 2015.

Our pro forma net tangible book value as of March 31, 2015 was $                 million, or $         per share of common stock. Pro forma net tangible book value per share represents our total tangible assets less our total liabilities, divided by the number of shares of common stock outstanding as of March 31, 2015, after giving effect to the conversion of all of our outstanding shares of our preferred stock into                 shares of common stock immediately prior to the closing of this offering, including the issuance of the Additional Series D Conversion Shares. See “Prospectus Summary—The Offering” for a description of the Additional Series D Conversion Shares as the number of Additional Series D Conversion Shares that will be issued depends on the initial public offering price of our common stock.

Our pro forma as adjusted net tangible book value represents our pro forma net tangible book value, plus the effect of the sale of                 shares of common stock in this offering at an assumed initial public offering price of $         per share, the midpoint of the price range set forth on the cover page of this prospectus, after deducting underwriting discounts and commissions and estimated offering expenses payable by us. Our pro forma as adjusted net tangible book value as of March 31, 2015 was $                 million, or $         per share of common stock. This amount represents an immediate increase in pro forma as adjusted net tangible book value of $         per share to our existing stockholders and an immediate dilution of $         per share to investors participating in this offering. We determine dilution per share to investors participating in this offering by subtracting pro forma as adjusted net tangible book value per share after this offering from the assumed initial public offering price per share paid by investors participating in this offering.

The following table illustrates this dilution on a per share basis to new investors:

 

Assumed initial public offering price per share

$     

Historical net tangible book value per share as of March 31, 2015

$ (21.82)   

Increase per share attributable to the pro forma transactions described above

Pro forma net tangible book value per share as of March 31, 2015

Increase in pro forma net tangible book value per share attributed to new investors purchasing shares from us in this offering

  

 

 

      

Pro forma as adjusted net tangible book value per share after giving effect to this offering

     

 

 

Dilution in pro forma as adjusted net tangible book value per share to new investors in this offering

$     
     

 

 

The dilution information discussed above is illustrative only and will change based on the actual initial public offering price and other terms of this offering determined at pricing. Each $1.00 increase or decrease in the assumed initial public offering price of $         per share, the midpoint of the price range set forth on the cover page of this prospectus, would increase or decrease the pro forma as adjusted net tangible book value per share by $         per share and the dilution per share to investors participating in this offering by $         per share, assuming that the number of shares offered by us, as set forth on the cover page of this prospectus, remains the same and after deducting underwriting discounts and commissions payable by us. We may also increase or

 

47


Table of Contents

decrease the number of shares we are offering. Each 1,000,000 share increase in the number of shares offered by us, as set forth on the cover page of this prospectus, would increase the pro forma as adjusted net tangible book value per share by $         and decrease the dilution per share to investors participating in this offering by $            , assuming the assumed initial public offering price of $             per share, the midpoint of the price range set forth on the cover page of this prospectus, remains the same and after deducting underwriting discounts and commissions payable by us. Each 1,000,000 share decrease in the number of shares offered by us, as set forth on the cover page of this prospectus, would decrease the pro forma as adjusted net tangible book value per share after this offering by $         and increase the dilution per share to new investors participating in this offering by $            , assuming the assumed initial public offering price of $         per share, the midpoint of the price range set forth on the cover page of this prospectus, remains the same and after deducting underwriting discounts and commissions payable by us. The pro forma as adjusted information discussed above is illustrative only and will adjust based on the actual initial public offering price and other terms of this offering determined at pricing.

If the underwriters exercise their over-allotment option in full to purchase an additional                 shares of our common stock in this offering, the pro forma as adjusted net tangible book value of our common stock would increase to $         per share, representing an immediate increase to existing stockholders of $         per share and an immediate dilution of $         per share to investors participating in this offering.

The following table summarizes as of March 31, 2015, on the pro forma as adjusted basis described above, the number of shares of our common stock, the total consideration and the average price per share (1) paid to us by our existing stockholders and (2) to be paid by investors purchasing our common stock in this offering at an assumed initial public offering price of $         per share, the midpoint of the price range set forth on the cover page of this prospectus, before deducting underwriting discounts and commissions and estimated offering expenses payable by us.

 

     Shares Purchased     Total Consideration     Weighted-
Average Price
Per Share
 
             Number                   Percent                     Amount                     Percent            

Existing stockholders

              $                                     $                         

New investors

          
  

 

 

 

 

   

 

 

   

 

 

   

 

 

 

Total

              100.0 $                    100.0 $     
  

 

 

 

 

   

 

 

   

 

 

   

 

 

 

Except as otherwise indicated, the above discussion and tables assume no exercise of the underwriters’ over-allotment option. If the underwriters exercise their over-allotment option in full, our existing stockholders would own     % and our new investors would own     % of the total number of shares of our common stock outstanding after the completion of this offering.

The tables and calculations above are based on the number of shares of our common stock outstanding as of March 31, 2015, and exclude:

 

  l   

4,006,962 shares of common stock issuable upon the exercise of options outstanding as of March 31, 2015, at a weighted-average exercise price of $5.44 per share;

 

  l   

200,000 shares of common stock issuable upon the exercise of warrants outstanding as of March 31, 2015, at an exercise price of $10.00 per share;

 

  l   

            shares of our common stock reserved for future issuance pursuant to our 2015 Plan which will become effective prior to the completion of this offering and will include provisions that automatically increase the number of shares of common stock reserved for issuance thereunder each year; and

 

48


Table of Contents
  l   

            shares of common stock reserved for future issuance under our 2015 Employee Stock Purchase Plan, which will become effective prior to the completion of this offering and will include provisions that automatically increase the number of shares of common stock reserved for issuance thereunder each year.

To the extent that options or warrants are exercised, new options or other securities are issued under our equity incentive plans, or we issue additional shares of common stock in the future, there will be further dilution to investors participating in this offering. In addition, we may choose to raise additional capital because of market conditions or strategic considerations, even if we believe that we have sufficient funds for our current or future operating plans. If we raise additional capital through the sale of equity or convertible debt securities, the issuance of these securities could result in further dilution to our stockholders.

 

49


Table of Contents

SELECTED CONSOLIDATED FINANCIAL DATA

We derived the selected consolidated statements of operations data for the years ended December 31, 2012, 2013 and 2014 and the selected consolidated balance sheet data as of December 31, 2013 and 2014 from our audited consolidated financial statements included elsewhere in this prospectus. We derived the selected consolidated statements of operations data for the year ended December 31, 2011 and the selected consolidated balance sheet data as of December 31, 2011 and 2012 from our audited consolidated financial statements not included in this prospectus. We derived the selected consolidated statement of operations data for the three months ended March 31, 2014 and 2015 and the selected consolidated balance sheet data as of March 31, 2015 from our unaudited financial statements included elsewhere in this prospectus. We have prepared the unaudited financial statements on the same basis as the audited financial statements, and the unaudited financial data include, in our opinion, all adjustments, consisting only of normal recurring adjustments, that we consider necessary for a fair presentation of our financial position and results of operations for these periods. Our historical results are not necessarily indicative of the results to be expected in the future.

When you read this selected consolidated financial data, it is important that you read it together with the historical consolidated financial statements and related notes to those statements, as well as “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” included elsewhere in this prospectus.

 

    Year Ended December 31,     Three Months Ended
March 31,
 
    2011     2012     2013     2014     2014     2015  
    (in thousands, except share and per share data)  
                            (unaudited)  

Consolidated Statements of Operations Data:

           

Revenue:

           

Products

  $ 19,332      $ 29,414      $ 38,633      $ 47,030      $         10,615      $         13,645   

Maintenance and support

    6,711        9,727        14,017        19,016        4,145        5,799   

Professional services

    4,909        6,903        7,380        10,834        1,976        4,127   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total revenue

    30,952        46,044        60,030        76,880        16,736        23,571   

Cost of revenue:(1)

           

Products

    1,260        1,691        4,048        4,557        1,239        1,546   

Maintenance and support

    1,546        2,069        3,388        4,495        988        1,210   

Professional services

    3,201        4,462        5,442        9,420        1,631        3,736   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total cost of revenue

    6,007        8,222        12,878        18,472        3,858        6,492   

Operating expenses:(1)

           

Research and development

    11,579        17,820        21,411        25,570        6,120        6,414   

Sales and marketing

    19,648        23,278        31,779        49,007        11,004        13,230   

General and administrative

    5,468        9,436        12,586        12,972        3,482        4,053   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total operating expense

    36,695        50,534        65,776        87,549        20,606        23,697   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Loss from operations

    (11,750     (12,712     (18,624     (29,141     (7,728     (6,618

Interest income (expense), net

    (288     (71     (122     (2,802     (695     (685

Other income (expense), net

    (47     (29     43        (305     41        (305
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Loss before income taxes

    (12,085     (12,812     (18,703     (32,248     (8,382     (7,608

Provision for (benefit from) income taxes

    22        (418     170        379        96        74   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Net loss

      (12,107     (12,394     (18,873     (32,627     (8,478     (7,682

Accretion of preferred stock to redemption value(2)

    (12,006     (25,606     (33,553     (52,336     (12,178     (11,273
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Net loss attributable to common stockholders

  $ (24,113   $ (38,000   $ (52,426   $ (84,963   $ (20,656   $ (18,955
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 
Net loss per share attributable to common stockholders, basic and diluted(2)   $ (1.96   $ (3.09   $ (4.18   $ (6.65   $ (1.62   $ (1.50
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 
Weighted-average common shares outstanding, basic and diluted     12,274,938        12,308,428        12,549,266        12,770,916        12,716,675        12,642,188   
Pro forma net loss per share attributable to common stockholders, basic and diluted(3)   $        $        $        $        $        $     
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 
Pro forma weighted-average common shares outstanding, basic and diluted(3)            

 

50


Table of Contents

 

  (1)

Includes stock-based compensation expense and depreciation and amortization expense as follows:

 

     Year Ended December 31,      Three Months Ended
March 31,
 
           2011                  2012                  2013                  2014            2014      2015  
     (in thousands)  
                                 (unaudited)  

Stock-based compensation expense:

                 

Cost of revenue

   $ 100       $ 61       $ 67       $ 167       $ 39       $ 49   

Research and development

     236         375         426         499         120         144   

Sales and marketing

     100         293         249         496         119         115   

General and administrative

     33         991         1,305         997         250         267   
  

 

 

    

 

 

    

 

 

    

 

 

    

 

 

    

 

 

 

Total stock-based compensation expense

   $         469       $         1,720       $          2,047       $         2,159       $         528       $         575   
  

 

 

    

 

 

    

 

 

    

 

 

    

 

 

    

 

 

 

Depreciation and amortization expense:

                 

Cost of revenue

   $ 282       $ 547       $ 1,107       $ 1,275       $ 291       $ 352   

Research and development

     229         406         649         1,093         217         241   

Sales and marketing

     338         444         675         1,396         294         371   

General and administrative

     66         132         200         376         76         170   
  

 

 

    

 

 

    

 

 

    

 

 

    

 

 

    

 

 

 

Total depreciation and amortization expense

   $ 915       $ 1,529       $ 2,631       $ 4,140       $ 878       $ 1,134   
  

 

 

    

 

 

    

 

 

    

 

 

    

 

 

    

 

 

 

 

(2)

See Note (11) to our consolidated financial statements appearing elsewhere in this prospectus for further details on the calculation of accretion of preferred stock to redemption value and basic and diluted net loss per share attributable to common stockholders.

 

(3)

Pro forma basic and diluted net loss per share represents net loss divided by the pro forma weighted-average shares of common stock outstanding. Pro forma weighted-average shares outstanding reflects the conversion of preferred stock (using the if-converted method) into common stock as though the conversion had occurred on the first day of the relevant period.

 

    As of December 31,         As of
March 31,
 
        2011         2012         2013         2014         2015  
    (in thousands)  
                                                (unaudited)  

Consolidated Balance Sheet Data:

     

Cash

    $ 21,255        $ 7,667        $ 20,612        $ 36,823        $ 33,343   

Working capital, excluding deferred revenue

      21,744          12,655          28,206          50,359          45,927   

Total assets

      37,676          41,782          59,855          86,966          79,382   

Total deferred revenue

      28,261          44,728          59,855          85,056          88,643   

Total debt

      96          18          16,318          16,871          17,009   

Total liabilities

      43,017          58,797          92,432          122,230          121,345   

Redeemable convertible preferred stock

      69,343          94,891          128,444          211,598          222,871   

Accumulated deficit

      (74,812       (112,031       (161,149       (243,462       (261,435

Total stockholders’ deficit

      (74,684       (111,906       (161,021       (246,862       (264,834

 

51


Table of Contents

MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS

You should read the following discussion and analysis of our financial condition and results of operations together with our consolidated financial statements and the related notes and other financial information included elsewhere in this prospectus. Some of the information contained in this discussion and analysis or set forth elsewhere in this prospectus, including information with respect to our plans and strategy for our business, includes forward-looking statements that involve risks and uncertainties. You should review the “Risk Factors” section of this prospectus for a discussion of important factors that could cause actual results to differ materially from the results described in or implied by the forward-looking statements contained in the following discussion and analysis.

Overview

Rapid7 is a leading provider of security data and analytics solutions that enable organizations to implement an active, analytics-driven approach to cyber security. Our security data and analytics platform was purpose built for today’s increasingly complex and chaotic IT environment. We combine our extensive experience in security data and analytics and deep insight into attacker behaviors and techniques to make sense of the wealth of data available to organizations about their IT environments and users. There has been an explosion of increasingly sophisticated cyber attacks as the proliferation of mobile devices, cloud-based applications and solutions relying on user credentials has eliminated the boundaries that previously defined an organization’s network perimeter and expanded the threat surface that organizations must now defend. Our powerful and proprietary analytics enable organizations to contextualize and prioritize the threats facing their physical, virtual and cloud assets, including those posed by the behaviors of their users. Leveraging our security data and analytics platform, our solutions enable organizations to strategically and dynamically manage their cyber security exposure. Our solutions empower organizations to prevent attacks by providing visibility into vulnerabilities and to rapidly detect compromises, respond to breaches and correct the underlying causes of attacks. This balanced and analytics-focused approach ultimately better secures organizations’ environments and reduces the likelihood of, and risks associated with, cyber attacks. We believe our technology and solutions revolutionize the practice of cyber security and are central and critical to implementing a modern security program.

We developed our flagship software offering, Nexpose, to address the lack of comprehensive, real-time visibility organizations have over critical points of IT security vulnerability that are frequently targeted for cyber attacks. The data collection and technology architecture underlying this product continues to serve as a key underpinning of our security data and analytics platform. As the security and threat landscape evolved, we believed that it was important to provide organizations with a more fulsome view of their true vulnerability profile by adding external exploit-based insights to our internal vulnerability assessment capabilities. We added these vulnerability validation capabilities that highlight exploits and test security defenses by simulating real-world attacks with our acquisition of Metasploit in 2009.

We continued to invest in and innovate our vulnerability management offerings and added deep security data collection and analytics capabilities to our products. Beginning in 2013, we more fully integrated our Nexpose and Metasploit products and added securities data and analytics capabilities around remediation and attacker insights to create a holistic threat exposure management offering that has significant enhancements over traditional vulnerability assessment tools alone. Our threat exposure management offerings enable organizations to address important cyber security vulnerability needs in today’s IT environment such as contextual risk prioritization, critical threat awareness and impactful remediation guidance.

In 2013, building on the security data collection and analytics at the core of our technology architecture, we further developed our platform and added key user-based and behavioral analytics capabilities. With this technology, we developed and introduced our incident detection and response offerings, including UserInsight and our incident response services, to provide organizations with the ability to rapidly detect and respond to

 

52


Table of Contents

cyber security incidents and breaches. In 2014, we introduced our security advisory services to further support our product offerings and to provide customers with critical security strategy expertise, allowing us to serve as a trusted advisor to help organizations develop a holistic approach to their cyber security programs and implement an analytics-driven security strategy.

We primarily market and sell our products and professional services to global organizations of all sizes, including mid-market businesses, enterprises, non-profits, educational institutions and government agencies. Our customers span a wide variety of industries such as energy, financial services, healthcare and life sciences, manufacturing, media and entertainment, retail, professional services and technology. As of March 31, 2015, we had over 3,900 customers in more than 90 countries, including over 300 of the Fortune 1000. In 2014, 88% of our revenue was derived from customers in North America. Our revenue was not concentrated with any individual customer or group of customers, and no customer represented more than 2% of our revenue in 2012, 2013 or 2014.

We sell our products and services through our direct inside sales team, a direct field sales team established and significantly expanded in 2014 and indirect channel partner relationships. Our sales teams are organized by geography as well as by target organization size. Our global channel partner network complements our sales organization, working closely with our sales teams to extend our geographic reach and to close sales of our offerings as part of larger purchases, particularly in key markets such as Europe, the Middle East and Africa, Asia Pacific and Latin America.

We have experienced strong revenue growth, with revenue increasing from $31.0 million in 2011 to $76.9 million in 2014, representing a 35% compound annual growth rate. We believe that we have high recurring revenue, which provides us with visibility into our future revenue as a result of our customer subscriptions and maintenance and support agreements. 53% of the revenue recognized in 2014 was recorded on our balance sheet as deferred revenue as of December 31, 2013 and 85% of the revenue recognized in the first quarter of 2015 was recorded on our balance sheet as deferred revenue as of December 31, 2014. We incurred a net loss of $32.6 million in 2014, as we continue to invest for growth given what we believe is a large market opportunity for our products and services. From inception to March 31, 2015, we received net proceeds of $93.4 million from the sale of shares of common and preferred stock.

Our Business Model

We have three offerings: (1) threat exposure management, which includes our Nexpose, Metasploit and AppSpider products, (2) incident detection and response, which includes our UserInsight product and our incident response services and (3) security advisory services. Our customers typically engage with us based on their current IT organizational needs, whether to address a current breach or to help them mature their security programs. An organization that has just detected that it has been breached, for example, may initially purchase our incident detection and response products and services, whereas a customer with a new chief information security officer looking to gain insight into the organization’s security environment may initially purchase our threat exposure management solutions, and a customer whose board has mandated a security review may initially purchase our security advisory services.

We generate revenue from selling products, maintenance and support, and professional services. In 2014, 86% of our revenue was derived from sales of products and associated maintenance and support, while the remaining 14% was derived from the sale of professional services. In 2014, 62% of our total revenue was derived from sales of content subscriptions, managed services, cloud-based subscriptions and maintenance and support, which we refer to as recurring revenue. We generally bill customers and collect payment for both our products and services up front.

 

53


Table of Contents

We offer our products through a variety of delivery models to meet the needs of our diverse customer base, including:

 

  l   

Licensed software, including both term and perpetual licenses, and the simultaneous sale of maintenance and support. With the purchase of software licenses, we also offer content subscriptions that provide our customers with real-time access to the latest vulnerabilities and exploits, which are critical for customers in today’s rapidly evolving IT environment and threat landscape.

 

  l   

Cloud-based subscriptions, where our software capabilities are provided to our customers through cloud access and on a SaaS basis.

 

  l   

Managed services, where we operate our software and provide our capabilities on behalf of our customers.

Licensed Software

Our Nexpose, Metasploit and AppSpider products are offered through perpetual or term software licenses, with a substantial majority of our customers selecting a perpetual license. Substantially all customers who purchase software licenses also purchase an agreement for maintenance and support, which generally represents approximately 15% of the software list price per year and provides our customers with telephone and web-based support and ongoing bug fixes and repairs during the term of the maintenance and support agreement.

Importantly, generally all customers also purchase vulnerability and exploit content subscriptions at the time of their software purchase, which generally represents approximately 20% of the software list price per year. These content subscriptions are critical to keeping our customers’ security programs current by providing them with real-time access to the latest vulnerabilities and exploits over time, and differentiate our threat exposure management offerings from typical vulnerability assessment tools.

Our maintenance and support and content subscription agreements are typically for one to three-year terms.

Cloud-Based Subscriptions

Our UserInsight and AppSpider products are offered on a cloud-based subscription basis, generally with one to three-year terms.

Managed Services

Our Nexpose, AppSpider and UserInsight products are offered on a managed service basis, generally pursuant to one to three-year agreements.

Professional Services

We offer different forms of professional services across all of our offerings, including deployment and training services related to our Nexpose, Metasploit, AppSpider and UserInsight software products, incident response services and security advisory services. Customers can purchase our professional services together with our product offerings or on a stand-alone basis pursuant to fixed fee or time-and-materials agreements.

Acquisitions

In August 2009, we acquired all of the outstanding membership interests of Metasploit LLC to complement our Nexpose product with vulnerability validation capabilities that highlight exploits and test security defenses.

In October 2012, we acquired all of the outstanding stock of Mobilisafe, Inc., a mobile vulnerability software company, and have since integrated Mobilisafe’s technology into our technology platform and Nexpose product.

In April 2015, we acquired all of the outstanding stock of NT OBJECTives, Inc. to enhance our threat exposure management solutions with AppSpider to provide robust web application scanning capabilities.

 

54


Table of Contents

Key Factors Affecting Our Performance

Our historical financial performance has been, and we expect our financial performance in the future to be, primarily driven by the following factors:

Market Adoption. We believe our future success will depend in large part on the growth in the market for cyber security data and analytics. To date, the majority of enterprise spend on cyber security has been on threat prevention-centric products, such as network, endpoint and web security that are designed to stop threats from penetrating organizations’ networks. Although organizations have not historically had a specific portion of their IT budgets allocated for security data and analytics products beyond traditional “block and protect” and compliance-oriented spending categories, we believe that organizations are shifting their cyber security spending to a risk-based approach as they recognize that it is not possible to completely prevent attacks, and that they should instead focus more on managing risk and mitigating breaches as they occur. Further, Gartner, Inc. estimates that by 2020, 60% of enterprise information security budgets will be allocated for rapid detection and response approaches – up from less than 10% in 2014. We believe that we are well positioned to capitalize on this expected shift. The degree to which prospective customers recognize the need for security data and analytics solutions that enable organizations to implement an active, analytics driven approach to cyber security, and subsequently allocate budget dollars for our products and professional services, will drive our ability to acquire new customers and increase sales to existing customers, which, in turn, will affect our future financial performance.

Add New Customers. We believe that our ability to add new customers is a key indicator of our increasing market adoption and future revenue potential. Our customer count grew by 21% from 2012 to 2013 and by 37% from 2013 to 2014. In 2014, 59% of our sales orders, excluding renewals, were with new customers. We are intensely focused on continuing to grow our customer base. We have continuously enhanced our technology platform and product offerings with a focus on pioneering active, analytics-driven solutions to cyber security, and we have expanded both our domestic and international sales force to drive new customer acquisition. However, our ability to continue to grow our customer base is dependent upon our ability to compete within the increasingly competitive markets in which we participate.

Maintain Strong Renewal Rates. An important component of our revenue growth strategy is to have our existing customers renew their agreements with us and purchase additional products from us. To assess our performance against this objective, we monitor the renewal rates of our existing customers. We calculate our overall renewal rate by dividing the dollar value of renewed customer agreements, including upsells and cross-sells of additional products, but excluding professional services, on a monthly basis in a trailing 12-month period by the dollar value of the corresponding expiring customer agreements, and then determining the average for the applicable period. We also calculate an expiring renewal rate that does not take into account any upsells or cross-sells. As a result of this methodology, we would not expect our expiring renewal rate to exceed 100%. We believe that we have strong renewal rates. Our overall renewal rate was 109% in 2013 and 111% in 2014 and our expiring renewal rate was 83% in 2013 and 85% in 2014. Our goal is to maintain, and work to increase, our renewal rates over time. However, our renewal rates may decline or fluctuate as a result of a number of factors, including customers’ satisfaction or dissatisfaction with our products and professional services, pricing, economic conditions or overall reductions in our customers’ spending levels.

Increase Sales to Existing Customers. We believe that our current customer base provides us with a significant opportunity to drive incremental sales. We focus on generating more revenue from the products and services that they already purchase from us as they grow and deploy our solutions across other areas of their organizations. We are also focused on cross-selling other products and services in our portfolio to our existing customers. In most cases, customers initially engage with us within a single solution category, threat exposure management, incident detection and response or security advisory services, based on their immediate IT security

 

55


Table of Contents

needs and the maturity of their security program. Once we are in a customer’s IT environment, we are able to gain insight into the robustness of its security programs and vulnerabilities, which allows us to educate the customer about how our other products and professional services can enhance its cyber security posture. In 2014, 41% of our new sales orders, excluding renewals, were from existing customers. Our ability to increase sales to existing customers will depend on a number of factors, including customers’ satisfaction or dissatisfaction with our products and professional services, pricing, economic conditions or overall reductions in our customers’ spending levels.

Invest in Growth. We will continue to focus on long-term revenue growth. We believe that our market opportunity is large and we will continue to invest significantly in sales and marketing to grow our customer base, both domestically and internationally. We also expect to continue to invest in research and development to enhance our technology platform and continue to develop cyber security solutions. We expect to use a portion of the proceeds from this offering to fund these growth strategies.

Key Metrics

We monitor the following key metrics to help us measure and evaluate the effectiveness of our operations:

 

    Year Ended December 31,         Three Months Ended
March 31,
     
    2012         2013         2014         2014         2015      
    (dollars in thousands)      
                                  (unaudited)      

Total revenue

  $ 46,044        $ 60,030        $ 76,880        $ 16,736        $ 23,571     

Year-over-year growth

    49       30       28       23       41  

Operating cash flow

  $ (691     $ (613     $ (3,356     $ (2,139     $ (3,012  

Deferred revenue

  $ 44,728        $ 59,855        $ 85,056        $ 61,137        $ 88,643     

Number of customers

    2,255          2,733          3,733          2,860          3,902     

Total Revenue and Growth. We are focused on driving continued revenue growth through increased sales of our products and professional services to new and existing customers.

Operating Cash Flow. We monitor our operating cash flow as a measure of our overall business performance, which enables us to analyze our financial performance without the effects of certain non-cash items such as stock-based compensation expenses and depreciation and amortization. Additionally, operating cash flow takes into account the increase in deferred revenue as a result of increases in sales of products and services, which reflects the receipt of cash payment for products before they are recognized into revenue. Our operating cash flow is significantly impacted by changes in deferred revenue, timing of commission and bonus payments and collections of accounts receivable.

Deferred Revenue. We believe that deferred revenue is an important metric as it provides visibility into the revenue to be recognized in future periods. Our deferred revenue consists of amounts that have been invoiced to customers but that have not yet been recognized as revenue. Our deferred revenue balance consists of the portion of products, maintenance and support and professional services revenue that will be recognized ratably over the applicable maintenance and support contract period. Revenue from professional services that are sold on a stand-alone basis is recognized as those services are rendered.

Number of Customers. We believe that the size of our customer base is an indicator of our global market penetration and that our net customer additions are an indicator of the growth of our business.

 

56


Table of Contents

Components of Results of Operations

Revenue

We generate revenue primarily from selling products, maintenance and support and professional services through a variety of delivery models to meet the needs of our diverse customer base. We generally bill customers and collect payment for both our products and services up front.

Products

We generate products revenue from the sale of (1) perpetual or term software licenses and associated content subscriptions for our Nexpose, Metasploit and AppSpider products, (2) managed services for our Nexpose, AppSpider and UserInsight products and (3) cloud-based subscriptions for our UserInsight and AppSpider products. We also generate an immaterial amount of appliance revenue that is included in our products revenue and that is associated with hardware sold as part of our Nexpose product to certain customers. Revenue for software licenses and any other products and services that are sold along with the software license is deferred on our balance sheet and recognized as revenue on the consolidated statements of operations ratably over the contractual period of the maintenance and support, which is typically one to three years.

Maintenance and Support

We generate maintenance and support revenue when customers purchase or renew agreements for maintenance and support of their Nexpose, Metasploit and AppSpider deployments. Substantially all customers purchase an agreement for maintenance and support in connection with their purchase of a Nexpose or Metasploit software license. Revenue from maintenance and support is typically recognized ratably over the term of the applicable agreement.

Professional Services

We generate professional service revenue from the sale of deployment and training services related to our products, incident response services and security advisory services. Revenue from professional services sold together with our other offerings is recognized ratably over the term of the applicable agreement. Revenue from professional services sold on a stand-alone basis is recognized as those services are rendered.

Cost of Revenue

Our total cost of revenue consists of the costs of products, maintenance and support and professional services revenue.

Cost of Products

Cost of products consists of personnel and related costs for our content and cloud operations team, including salaries, benefits, bonuses, payroll taxes, stock-based compensation and allocated overhead costs, which consists of IT, information security, facilities and depreciation and is allocated based on relative headcount. Also included in cost of products are software license fees, hosting costs and internet connectivity expenses directly related to delivering our products, as well as amortization of intangible assets.

Cost of Maintenance and Support

Cost of maintenance and support consists of personnel and related costs for our support team, including salaries, benefits, bonuses, payroll taxes, stock-based compensation and allocated overhead.

 

57


Table of Contents

Cost of Professional Services

Cost of professional services consists of personnel and related costs for our professional services team, including salaries, benefits, bonuses, payroll taxes, stock-based compensation, costs of contracted third-party vendors, travel and entertainment expenses and allocated overhead.

We expect our cost of revenue to increase on an absolute dollar basis in the near term as we continue to grow our revenue, but to remain relatively consistent as a percentage of total revenue.

Gross Margin

Gross margin, or gross profit as a percentage of revenue, has been and will continue to be affected by a variety of factors, including the average sales price of our products and services, the mix of products sold, transaction volume growth and the mix of revenue among products and services. We expect our gross margins to fluctuate over time depending on the factors described above.

Operating Expenses

Operating expenses consist of research and development, sales and marketing, and general and administrative expenses.

Research and Development Expense

Research and development expense consists of personnel costs for our research and development team, including salaries, bonuses, stock-based compensation and other related costs. Additional expenses include subcontracting, consulting and professional fees for third-party development resources as well as allocated overhead.

We expect research and development expense to increase on an absolute dollar basis in the near term as we continue to increase investments in our products and technology platform innovation, but to decrease as a percentage of total revenue.

Sales and Marketing Expense

Sales and marketing expense consists of personnel costs for our sales and marketing team, including salaries, commissions, bonuses, stock-based compensation and other related costs. Additional expenses include marketing activities and promotional events, travel and entertainment, training costs and allocated overhead.

We expect sales and marketing expense to increase on an absolute dollar basis in the near term as we continue to increase investments to drive our revenue growth, but to decrease as a percentage of total revenue.

General and Administrative Expense

General and administrative expense consists of personnel costs for our administrative, legal, human resources, finance and accounting team, including salaries, bonuses, stock-based compensation and other related costs. Additional expenses include travel and entertainment, subcontracting, professional fees, insurance and allocated overhead as well as changes in the fair market value of the contingent consideration liability associated with acquisitions, which are subject to revaluation.

We expect general and administrative expense to increase on an absolute dollar basis in the near term as we continue to increase investments to support our growth and as a result of our becoming a public company, but to decrease as a percentage of total revenue.

Interest Income (Expense), Net

Interest income (expense), net consists of interest incurred on our outstanding term loan obligation and related discount amortization offset by interest income on our cash balances.

 

58


Table of Contents

Other Income (Expense), Net

Other income (expense), net consists of unrealized and realized gains and losses related to changes in foreign currency exchange rates.

Provision for (Benefit from) Income Taxes

Provision for (benefit from) income taxes relates primarily to U.S. federal and state, as well as certain foreign jurisdiction, income taxes. We have generated net losses in all periods to date and recorded a full valuation allowance against our deferred tax assets. We expect to maintain a full valuation allowance in the near term. Realization of any of our deferred tax assets depends upon future earnings, the timing and amount of which are uncertain.

Results of Operations

The following table sets forth our selected consolidated statements of operations data:

 

    Year Ended December 31,     Three Months Ended
March 31,
 
          2012                 2013                 2014                 2014                 2015        
    (in thousands)  
                      (unaudited)  

Consolidated Statements of Operations Data:

         

Revenue:

         

Products

  $ 29,414      $ 38,633      $ 47,030      $ 10,615      $ 13,645   

Maintenance and support

    9,727        14,017        19,016        4,145        5,799   

Professional services

    6,903        7,380        10,834        1,976        4,127   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total revenue

  46,044      60,030      76,880      16,736      23,571   

Cost of revenue:(1)

Products

  1,691      4,048      4,557      1,239      1,546   

Maintenance and support

  2,069      3,388      4,495      988      1,210   

Professional services

  4,462      5,442      9,420      1,631      3,736   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total cost of revenue

  8,222      12,878      18,472      3,858      6,492   

Operating expenses:(1)

Research and development

  17,820      21,411      25,570      6,120      6,414   

Sales and marketing

  23,278      31,779      49,007      11,004      13,230   

General and administrative

  9,436      12,586      12,972      3,482      4,053   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total operating expenses

  50,534      65,776      87,549      20,606      23,697   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Loss from operations

  (12,712   (18,624   (29,141   (7,728   (6,618

Interest income (expense), net

  (71   (122   (2,802   (695   (685

Other income (expense), net

  (29   43      (305   41      (305
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Loss before income taxes

  (12,812   (18,703   (32,248   (8,382   (7,608

Provision for (benefit from) income taxes

  (418   170      379      96      74   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Net loss

  (12,394   (18,873   (32,627   (8,478   (7,682

Accretion of preferred stock to redemption value

  (25,606   (33,553   (52,336   (12,178   (11,273
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Net loss attributable to common stockholders

$ (38,000 $ (52,426 $ (84,963 $ (20,656 $ (18,955
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

 

59


Table of Contents

(1)   Cost of revenue and operating expenses include stock-based compensation expense and depreciation and amortization expense as follows:

 

     Year Ended December 31,      Three Months Ended
March 31
 
           2012                  2013                  2014                  2014                  2015        
     (in thousands)  
                          (unaudited)  

Stock-based compensation expense:

              

Cost of revenue

   $ 61       $ 67       $ 167       $ 39       $ 49   

Research and development

     375         426         499         120         144   

Sales and marketing

     293         249         496         119         115   

General and administrative

     991         1,305         997         250         267   
  

 

 

    

 

 

    

 

 

    

 

 

    

 

 

 

Total stock-based compensation expense

   $ 1,720       $ 2,047       $ 2,159       $ 528         575   
  

 

 

    

 

 

    

 

 

    

 

 

    

 

 

 

Depreciation and amortization expense:

              

Cost of revenue

   $ 547       $ 1,107       $ 1,275       $ 291       $ 352   

Research and development

     406         649         1,093         217         241   

Sales and marketing

     444         675         1,396         294         371   

General and administrative

     132         200         376         76         170   
  

 

 

    

 

 

    

 

 

    

 

 

    

 

 

 

Total depreciation and amortization expense

   $ 1,529       $ 2,631       $ 4,140       $ 878       $ 1,134   
  

 

 

    

 

 

    

 

 

    

 

 

    

 

 

 

The following table sets forth our selected consolidated statements of operations data expressed as a percentage of revenue:

 

     Year Ended December 31,     Three Months Ended
March 31,
 
           2012                 2013                 2014                 2014                 2015        
                       (unaudited)  

Consolidated Statements of Operations Data:

          

Revenue:

          

Products

     63.9     64.4     61.2     63.4     57.9

Maintenance and support

     21.1        23.3        24.7        24.8        24.6   

Professional services

     15.0        12.3        14.1        11.8        17.5   
  

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total revenue

  100.0      100.0      100.0      100.0      100.0   

Cost of revenue:

Products

  3.7      6.7      5.9      7.4      6.6   

Maintenance and support

  4.5      5.6      5.8      5.9      5.1   

Professional services

  9.7      9.1      12.3      9.8      15.8   
  

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total cost of revenue

  17.9      21.4      24.0      23.1      27.5   

Operating expenses:

Research and development

  38.7      35.7      33.3      36.6      27.2   

Sales and marketing

  50.6      52.9      63.7      65.7      56.1   

General and administrative

  20.5      21.0      16.9      20.8      17.2   
  

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total operating expenses

  109.8      109.6      113.9      123.1      100.5   
  

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Loss from operations

  (27.7   (31.0   (37.9   (46.2   (28.0

Interest income (expense), net

  (0.1   (0.2   (3.6   (4.2   (3.0

Other income (expense), net

       0.1      (0.4   0.3      (1.3
  

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Loss before income taxes

  (27.8   (31.1   (41.9   (50.1   (32.3

Provision for (benefit from) income taxes

  (0.9   0.3      0.5      0.6      0.3   
  

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Net loss

  (26.9   (31.4   (42.4   (50.7   (32.6

Accretion of preferred stock to redemption value

  (55.6   (55.9   (68.1   (72.7   (47.8
  

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Net loss attributable to common stock holders

  (82.5 )%    (87.3 )%    (110.5 )%    (123.4 )%    (80.4 )% 
  

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

 

60


Table of Contents

Three Months Ended March 31, 2014 and 2015

Revenue

 

     Three Months Ended
March 31,
     2014 v. 2015 Change  
           2014                  2015                  $                  %        
     (dollars in thousands)  

Revenue:

           

Products

   $           10,615       $           13,645       $               3,030                       28.5

Maintenance and support

     4,145         5,799         1,654         39.9   

Professional services

     1,976         4,127         2,151         108.9   
  

 

 

    

 

 

    

 

 

    

Total revenue

$ 16,736    $ 23,571    $ 6,835      40.8
  

 

 

    

 

 

    

 

 

    

Total revenue increased by $6.8 million in three months ended March 31, 2015 compared to the same period in 2014 primarily due to an increase of $6.1 million recognized from our deferred revenue balance. The remaining increase was the result of a net increase of $0.2 million from sales to existing customers and $0.5 million from sales to new customers. The increase in total revenue in the three months ended March 31, 2015 was comprised of $5.3 million from North America and $1.5 million from the rest of the world. Products revenue and maintenance and support revenue increased by $3.0 million and $1.7 million, respectively, primarily due to the same contributors that drove our increase in total revenue. Professional services revenue increased by $2.1 million primarily due to increased demand for deployment, training and security assessment services.

Cost of Revenue

 

     Three Months Ended
March 31,
    2014 v. 2015 Change  
           2014                 2015                 $                  %        
     (dollars in thousands)  

Cost of revenue:

         

Products

   $           1,239      $           1,546      $               307                       24.8

Maintenance and support

     988        1,210        222         22.5   

Professional services

     1,631        3,736        2,105         129.1   
  

 

 

   

 

 

   

 

 

    

Total cost of revenue

$ 3,858    $ 6,492    $ 2,634      68.3
  

 

 

   

 

 

   

 

 

    

Gross margin %:

Products

  88.3   88.7

Maintenance and support

  76.2      79.1   

Professional services

  17.5      9.5   
  

 

 

   

 

 

      

Total gross margin %

  76.9   72.5
  

 

 

   

 

 

      

Total cost of revenue increased by $2.6 million in the three months ended March 31, 2015 compared to the same period in 2014 primarily due to a $2.0 million increase in personnel costs and a $0.4 million increase in allocated overhead both as a result of our increase in headcount from 78 as of March 31, 2014 to 117 as of March 31, 2015 to support our growing customer base. Our increase in total cost of revenue also included a $0.2 million increase in travel and entertainment expenses. The same factors were the primary contributors to the increases in products, maintenance and support and professional services cost of revenue.

Gross margin percentage decreased slightly as we continued our investment in growing our professional services team to help promote adoption of our analytics-driven approach to cyber security.

 

61


Table of Contents

Operating Expenses

Research and Development Expense

 

     Three Months Ended
March 31,
    2014 v. 2015 Change  
           2014                 2015                 $                  %        
     (dollars in thousands)  

Research and development

   $           6,120      $           6,414      $               294                       4.8

% of revenue

     36.6     27.2     

Research and development expense increased by $0.3 million in the three months ended March 31, 2015 compared to the same period in 2014 primarily due to a $0.2 million increase in allocated overhead and a $0.2 million increase in personnel costs, both as a result of our increase in headcount to support our product innovation, partially offset by a $0.1 million decrease in travel and entertainment expense.

Sales and Marketing Expense

 

     Three Months Ended
March 31,
    2014 v. 2015 Change  
           2014                 2015                 $                  %        
     (dollars in thousands)  

Sales and marketing

   $           11,004      $           13,230      $               2,226                       20.2

% of revenue

     65.7     56.1     

Sales and marketing expense increased by $2.2 million in the three months ended March 31, 2015 compared to the same period in 2014 primarily due to a $2.1 million increase in personnel costs, including sales commissions, and a $0.6 million increase in allocated overhead, both as a result of our increase in headcount from 206 as of March 31, 2014 to 245 as of March 31, 2015 to drive additional sales of our products and services, partially offset by a $0.3 million decrease in marketing program expenses, a $0.1 million decrease in professional fees and a $0.1 million decrease in travel and entertainment expenses.

General and Administrative Expense

 

     Three Months Ended
March 31,
    2014 v. 2015 Change  
           2014                 2015                 $                  %        
     (dollars in thousands)  

General and administrative

   $           3,482      $           4,053      $               571                       16.4

% of revenue

     20.8     17.2     

General and administrative expense increased by $0.6 million in the three months ended March 31, 2015 compared to the same period in 2014 primarily due to a $0.8 million increase in personnel costs as a result of our increase in headcount from 52 as of March 31, 2014 to 73 as of March 31, 2015 to support our overall company growth as well as our preparation to operate as a public company. Our general and administrative expense also included a $0.3 million increase in professional fees and a $0.1 million increase in travel and entertainment expenses, partially offset by a $0.6 million decrease in allocated overhead.

Interest Income (Expense), Net

 

     Three Months Ended
March 31,
    2014 v. 2015 Change  
           2014                 2015                 $                  %        
     (dollars in thousands)  

Interest income (expense), net

     $          (695)      $           (685)      $               10                       (1.4)

% of revenue

     (4.2)     (3.0)     

 

62


Table of Contents

Interest income (expense), net decreased slightly in the three months ended March 31, 2015 compared to the same period in 2014 due to interest expense related to capital leases.

Other Income (Expense), Net

 

     Three Months Ended
March 31,
    2014 v. 2015 Change  
           2014                 2015                 $                  %        
     (dollars in thousands)  

Other income (expense), net

   $           41      $       (305)      $       (346)                   NM   

% of revenue

     0.3     (1.3)     

Other income (expense), net changed from de minimis income in the three months ended March 31, 2014 to expense of $0.3 million in the three months ended March 31, 2015 primarily due to unrealized and realized foreign currency fluctuations, specifically in European currencies.

Provision for (Benefit from) Income Taxes

 

     Three Months Ended
March 31,
    2014 v. 2015 Change  
           2014                 2015                 $                  %        
     (dollars in thousands)  

Provision for (benefit from) income taxes

   $           96      $           74      $           (22)                   (22.9)

% of revenue

     0.6     0.3     

Provision for income taxes remained relatively consistent in the three months ended March 31, 2015 compared to the same period in 2014.

Years Ended December 31, 2012, 2013 and 2014

Revenue

 

    Year Ended December 31,     2012 v. 2013 Change     2013 v. 2014 Change  
    2012     2013     2014     $     %     $     %  
    (dollars in thousands)  

Revenue:

             

Products

  $ 29,414      $ 38,633      $ 47,030      $ 9,219        31.3   $ 8,397        21.7

Maintenance and support

    9,727        14,017        19,016        4,290        44.1        4,999        35.7   

Professional services

    6,903        7,380        10,834        477        6.9        3,454        46.8   
 

 

 

   

 

 

   

 

 

   

 

 

     

 

 

   

Total revenue

  $ 46,044      $ 60,030      $ 76,880      $ 13,986        30.4   $ 16,850        28.1
 

 

 

   

 

 

   

 

 

   

 

 

     

 

 

   

2014 Compared to 2013

Total revenue increased by $16.9 million in 2014 compared to 2013 primarily due to an increase of $8.5 million recognized from our deferred revenue balance. The remaining increase was the result of a net increase of $5.2 million from sales to existing customers and $3.2 million from sales to new customers. We added 1,000 net new customers globally in 2014. The increase in total revenue in 2014 was comprised of $13.6 million from North America and $3.3 million from the rest of the world. Products revenue and maintenance and support revenue increased by $8.4 million and $5.0 million, respectively, primarily due to the same contributors that drove our increase in total revenue. Professional services revenue increased by $3.5 million primarily due to increased demand for deployment, training and security assessment services.

 

63


Table of Contents

2013 Compared to 2012

Total revenue increased by $14.0 million in 2013 compared to 2012 primarily due to an increase of $11.2 million recognized from our deferred revenue balance. The remaining increase was the result of a net increase of $3.6 million from sales to existing customers offset by a net decrease of $0.8 million related to sales to new customers. We added 478 net new customers globally in 2013. The increase in total revenue in 2013 was comprised of $12.0 million from North America and $2.0 million from the rest of the world. Products revenue and maintenance and support revenue increased by $9.2 million and $4.3 million, respectively, primarily due to the same contributors that drove our increase in total revenue. Professional services revenue increased by $0.5 million primarily due to slightly increased customer demand for these service offerings.

Cost of Revenue

 

    Year Ended December 31,     2012 v. 2013 Change     2013 v. 2014 Change  
    2012     2013     2014     $     %     $     %  
    (dollars in thousands)  

Cost of revenue:

             

Products

  $ 1,691      $ 4,048      $ 4,557      $ 2,357        139.4   $ 509        12.6

Maintenance and support

    2,069        3,388        4,495        1,319        63.8        1,107        32.7   

Professional services

    4,462        5,442        9,420        980        22.0        3,978        73.1   
 

 

 

   

 

 

   

 

 

   

 

 

     

 

 

   

Total cost of revenue

  $ 8,222      $ 12,878      $ 18,472      $ 4,656        56.6   $ 5,594        43.4
 

 

 

   

 

 

   

 

 

   

 

 

     

 

 

   

Gross margin %:

             

Products

    94.3     89.5     90.3        

Maintenance and support

    78.7        75.8        76.4           

Professional services

    35.4        26.3        13.1           
 

 

 

   

 

 

   

 

 

         

Total gross margin %

    82.1     78.5     76.0        
 

 

 

   

 

 

   

 

 

         

2014 Compared to 2013

Total cost of revenue increased by $5.6 million in 2014 compared to 2013 primarily due to a $4.4 million increase in personnel costs and a $0.6 million increase in overhead allocations, both as a result of our increase in headcount from 67 as of December 31, 2013 to 104 as of December 31, 2014 to support our growing customer base. Our increase in total cost of revenue also included a $0.5 million increase in travel and entertainment expenses and a $0.1 million increase in hardware and hosting costs. The same factors were the primary contributors to the increases in products, maintenance and support and professional services cost of revenue.

Gross margin percentage decreased slightly as we continued our investment in growing our professional services team to help promote adoption of our analytics-driven approach to cyber security.

2013 Compared to 2012

Total cost of revenue increased by $4.7 million in 2013 compared to 2012 primarily due to a $3.4 million increase in personnel costs and a $0.3 million increase in overhead allocations, both as a result of our increase in headcount from 37 as of December 31, 2012 to 67 as of December 31, 2013 to support our growing customer base. Our increase in total cost of revenue also included a $0.8 million increase in hosting costs and amortization of intellectual property. The same factors were the primary contributors to the increases in products, maintenance and support and professional services cost of revenue.

Gross margin percentage decreased primarily due to increased investment in our content operations and our investment in a strategic professional services team to help promote adoption of our analytics-driven approach to cyber security.

 

64


Table of Contents

Operating Expenses

Research and Development Expense

 

    Year Ended December 31,     2012 v. 2013 Change     2013 v. 2014 Change  
    2012     2013     2014     $     %     $     %  
    (dollars in thousands)  

Research and development

  $ 17,820      $ 21,411      $ 25,570      $ 3,591        20.2   $ 4,159        19.4

% of revenue

    38.7     35.7     33.3        

2014 Compared to 2013

Research and development expense increased by $4.2 million in 2014 compared to 2013 primarily due to a $3.4 million increase in personnel costs and a $0.6 million increase in allocated overhead, both as a result of our increase in headcount from 100 as of December 31, 2013 to 114 as of December 31, 2014 to support our product innovation. Our increase in research and development expense also included a $0.1 million increase in travel and entertainment expenses and $0.1 million increase in professional fees. In 2014, we expanded our research and development presence to Belfast, United Kingdom.

2013 Compared to 2012

Research and development expense increased by $3.6 million in 2013 compared to 2012 primarily due to a $2.3 million increase in personnel costs and a $1.0 million increase in allocated overhead, both as a result of our higher average headcount in 2013 to support our continued investment in product functionality, technology platform innovation and new product offerings. Our increase in research and development expense also included a $0.4 million increase in travel and entertainment expenses, partially offset by a $0.1 million decrease in professional fees.

Sales and Marketing Expense

 

    Year Ended December 31,     2012 v. 2013 Change     2013 v. 2014 Change  
    2012     2013     2014     $     %     $     %  
    (dollars in thousands)  

Sales and marketing

  $ 23,278      $ 31,779      $ 49,007      $ 8,501        36.5   $ 17,228        54.2

% of revenue

    50.6     52.9     63.7        

2014 Compared to 2013

Sales and marketing expense increased by $17.2 million in 2014 compared to 2013 primarily due to a $14.2 million increase in personnel costs, including sales commissions, and a $2.6 million increase in allocated overhead, both as a result of our increase in headcount from 173 as of December 31, 2013 to 227 as of December 31, 2014 to drive additional sales of our products and services. In 2014, we invested in lead generation activities as well as trade shows and security regional events to strengthen awareness and educate the IT community about our offerings. Our increase in sales and marketing expense also included a $0.6 million increase in travel and entertainment costs as a result of our increased headcount, partially offset by a $0.2 million decrease in professional fees.

2013 Compared to 2012

Sales and marketing expense increased by $8.5 million in 2013 compared to 2012 primarily due to a $6.1 million increase in personnel costs, including sales commissions, and a $1.0 million increase in allocated overhead, both as a result of our increase in headcount from 113 as of December 31, 2012 to 173 as of December 31, 2013 to drive additional sales of our products and services. Our increase in sales and marketing expense also included a $0.6 million increase in travel and entertainment expenses, a $0.5 million increase in marketing expenses and $0.3 million increase in professional fees.

 

65


Table of Contents

General and Administrative Expense

 

    Year Ended December 31,     2012 v. 2013 Change     2013 v. 2014 Change  
    2012     2013     2014     $     %     $     %  
    (dollars in thousands)  

General and administrative

  $ 9,436      $ 12,586      $ 12,972      $ 3,150        33.4   $ 386        3.1

% of revenue

    20.5     21.0     16.9        

2014 Compared to 2013

General and administrative expense increased by $0.4 million in 2014 compared to 2013 primarily due to a $1.4 million increase in personnel costs as a result of our increase in headcount from 58 as of December 31, 2013 to 66 as of December 31, 2014 to support our overall company growth as well as our preparation to operate as a public company, partially offset by a $0.6 million decrease in professional fees and a $0.1 million decrease in allocated overhead.

2013 Compared to 2012

General and administrative expense increased by $3.2 million in 2013 compared to 2012 primarily due to a $1.1 million reduction in 2012 for the contingent consideration liability associated with an acquisition, a $0.5 million increase in personnel costs and a $0.5 million increase in allocated overhead, both as a result of our increase in headcount from 45 as of December 31, 2012 to 58 as of December 31, 2013 to support our overall company growth. Our general and administrative expense also included a $0.8 million increase in professional fees.

Interest Income (Expense), Net

 

    Year Ended December 31,     2012 v. 2013 Change     2013 v. 2014 Change  
    2012     2013     2014     $     %     $     %  
    (dollars in thousands)  

Interest income (expense), net

  $ (71   $ (122   $ (2,802   $ (51     (71.8 )%    $ (2,680     NM   

        % of revenue

    (0.1 )%      (0.2 )%      (3.6 )%         

2014 Compared to 2013

Interest income (expense), net increased by $2.7 million in 2014 compared to 2013 due to interest expense and discount amortization related to our term loan entered into in December 2013.

2013 Compared to 2012

Interest income (expense), net increased by $0.1 million in 2013 compared to 2012 due to interest expense related to capital leases.

Other Income (Expense), Net

 

    Year Ended December 31,     2012 v. 2013 Change     2013 v. 2014 Change  
    2012     2013     2014     $     %     $     %  
    (dollars in thousands)  

Other income (expense), net

  $ (29   $ 43      $ (305   $ 72        248.3   $ (348     NM   

        % of revenue

        0.1     (0.4 )%         

2014 Compared to 2013

Other income (expense), net changed from de minimis income in 2013 to expense of $0.3 million in 2014 primarily due to unrealized and realized foreign currency fluctuations, specifically in European currencies.

 

66


Table of Contents

2013 Compared to 2012

Other income (expense), net remained relatively consistent in 2013 compared to 2012.

Provision for (Benefit from) Income Taxes

 

    Year Ended December 31,     2012 v. 2013 Change     2013 v. 2014 Change  
    2012     2013     2014     $     %     $     %  
    (dollars in thousands)  

Provision for (benefit from) income taxes

  $ (418   $ 170      $ 379      $ 588        140.7   $ 209        122.9

% of revenue

    (0.9 )%      0.3     0.5        

2014 Compared to 2013

Provision for income taxes increased by $0.2 million in 2014 compared to 2013 due to our increased operations in foreign jurisdictions where we are subject to income taxes on profits arising from our intercompany transfer pricing arrangements.

2013 Compared to 2012

Provision for income taxes increased by $0.6 million in 2013 compared to 2012 due to our increased operations in foreign jurisdictions. In 2012, we released our valuation allowance related to an acquisition.

 

67


Table of Contents

Quarterly Results of Operations

The following table sets forth our unaudited quarterly consolidated statements of operations data for each of the nine quarters in the period ended March 31, 2015. We have prepared the quarterly financial data on the same basis as the audited consolidated financial statements included in this prospectus. In our opinion, the quarterly financial data reflects all adjustments, consisting only of normal recurring adjustments, that we consider necessary for a fair presentation of this data. This quarterly financial data should be read in conjunction with our consolidated financial statements and related notes included elsewhere in this prospectus. Our historical results are not necessarily indicative of the results to be expected in the future.

 

    Three Months Ended  
    March 31,
2013
    June 30,
2013
    September 30,
2013
    December 31,
2013
    March 31,
2014
    June 30,
2014
    September 30,
2014
    December 31,
2014
    March 31,
2015
 
   

(in thousands)

(unaudited)

 

Consolidated Statements of Operations Data:

                 

Revenue:

                 

Products

  $ 8,806      $ 9,404      $ 10,092      $ 10,331      $ 10,615      $ 11,013      $ 12,428      $ 12,974      $ 13,645   

Maintenance and support

    3,050        3,376        3,671        3,920        4,145        4,474        5,011        5,386        5,799   

Professional services

    1,805        1,765        1,688        2,122        1,976        2,393        2,890        3,575        4,127   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total revenue

    13,661        14,545        15,451        16,373        16,736        17,880        20,329        21,935        23,571   

Cost of revenue:

                 

Products

    979        809        1,266        994        1,239        1,022        1,105        1,191        1,546   

Maintenance and support

    790        851        876        871        988        1,152        1,118        1,237        1,210   

Professional services

    1,343        1,271        1,217        1,611        1,631        2,036        2,433        3,320        3,736   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total cost of revenue

    3,112        2,931        3,359        3,476        3,858        4,210        4,656        5,748        6,492   

Operating expenses:

                 

Research and development

    5,265        5,292        5,419        5,435        6,120        6,328        6,330        6,792        6,414   

Sales and marketing

    6,626        6,999        8,157        9,997        11,004        11,561        12,155        14,287        13,230   

General and administrative

    2,523        2,734        3,269        4,060        3,482        3,174        3,136        3,180        4,053   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total operating expense

    14,414        15,025        16,845        19,492        20,606        21,063        21,621        24,259        23,697   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Loss from operations

    (3,865     (3,411     (4,753     (6,595     (7,728     (7,393     (5,948     (8,072     (6,618

Interest income (expense), net

    (2     (32     (20     (68     (695     (703     (703     (701     (685

Other income (expense), net

    (53     4        61        31        41        4        (227     (123     (305
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Loss before income taxes

    (3,920     (3,439     (4,712     (6,632     (8,382     (8,092     (6,878     (8,896     (7,608

Provision for (benefit from) income taxes

    40        40        43        47        96        95        89        99        74   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Net loss

  $ (3,960   $ (3,479   $ (4,755   $ (6,679   $ (8,478   $ (8,187   $ (6,967   $ (8,995   $ (7,682
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Selected Consolidated Balance Sheet Data:

Total deferred revenue

  $ 46,322      $ 49,729      $ 52,734      $ 59,885      $ 61,137      $ 67,388      $ 72,294      $ 85,056      $ 88,643   

 

68


Table of Contents

Quarterly Trends

The sequential increases in our quarterly products, maintenance and support and professional services revenue has resulted primarily from increases in our number of new customers as well as increased revenue from existing customers as they expanded their use of our solutions.

Total costs and expenses generally increased sequentially for the periods presented due primarily to the addition of personnel in connection with the expansion of our business and other related expenses to support our growth. We anticipate these expenses will continue to increase in future periods as we continue to focus on investing in the long-term growth of our business. Our quarterly operating results may fluctuate due to various factors affecting our performance.

Liquidity and Capital Resources

Since our inception, we have generated significant losses and expect to continue to generate losses for the foreseeable future. As of March 31, 2015, we had $33.3 million in cash and an accumulated deficit of $261.4 million.

We believe that our existing cash balance together with cash generated from our operations will be sufficient to meet our working capital expenditure requirements for at least the next 12 months. Our future capital requirements will depend on many factors, including our growth rate, the timing and extent of spending to support research and development efforts, the expansion of sales and marketing activities, particularly internationally, and the introduction of new and enhanced products and professional service offerings. In the event that additional financing is required from outside sources, we may be unable to raise the funds on acceptable terms, if at all. If we are unable to raise additional capital when desired, our business, operating results and financial condition could be adversely affected.

The following table shows a summary of our cash flows for the years ended December 31, 2012, 2013 and 2014 and for the three months ended March 31, 2014 and 2015:

 

    Year Ended December 31,     Three Months Ended
March 31,
 
        2012         2013     2014     2014     2015  
    (in thousands)  
                      (unaudited)  

Cash at beginning of period

  $ 21,255        $         7,667        $         20,612        $    20,612        $    36,823   

Net cash used in operating activities

    (691        (613        (3,356     (2,139     (3,012

Net cash used in investing activities

    (6,924        (2,778        (7,082     (5,014     (573

Net cash (used in) provided by financing activities

    (5,973        16,322           26,669        (31     349   

Effects of exchange rates on cash

              14           (20     1        (244
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Cash at end of period

  $ 7,667        $             20,612        $             36,823        $    13,429        $    33,343   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Sources of Funds

We have financed our operations in large part with equity and debt financing arrangements, including net proceeds of $93.4 million from the sale of shares of common and preferred stock.

Subordinated Loan and Security Agreement with Silicon Valley Bank

We are also party to a subordinated loan and security agreement with Silicon Valley Bank, which we entered into in December 2013, pursuant to which we borrowed $18.0 million. Interest on the outstanding principal balance

 

69


Table of Contents

accrues monthly at a rate of 12% per annum. Interest-only payments are payable from January 2014 through December 2015. Commencing in January 2016, principal payments of $0.8 million per month, along with associated interest, will be payable for a period of 24 months, or until the debt is repaid. Pursuant to the loan agreement, we pledged certain assets as collateral, including our intellectual property and accounts receivable. We intend to repay the full outstanding principal balance, together with all accrued interest and a termination fee, with a portion of the proceeds from this offering. In addition, we have a line of credit with Silicon Valley Bank pursuant to a loan and security agreement, as modified in December 2013, for up to $10.0 million that has no balance drawn as of March 31, 2015.

Uses of Funds

Our historical uses of cash have primarily consisted of cash used for operating activities such as expansion of our sales and marketing operations, research and development activities and other working capital needs.

Operating Activities

Operating activities used $3.0 million of cash in the three months ended March 31, 2015, which reflected growth in revenue, offset by continuing investment in our operations. Cash used in operating activities reflected our net loss of $7.7 million, partially offset by our net decrease in operating assets and liabilities of $2.4 million and non-cash charges of $2.3 million related to depreciation and amortization, stock-based compensation and provision for doubtful accounts. The decrease in our net operating assets and liabilities was primarily due to a $4.2 million decrease in accounts receivable, a $3.6 million increase in deferred revenue from sales of our products and services and a $0.1 million increase in other liabilities, partially offset by a $4.0 million decrease in accrued expenses, a $0.8 million increase in prepaid expenses and other assets and a $0.7 million decrease in accounts payable.

Operating activities used $2.1 million in cash in the three months ended March 31, 2014, which reflected growth in revenue, offset by continuing investment in our operations. Cash used in operating activities reflected our net loss of $8.5 million, partially offset by our net decrease in operating assets and liabilities of $4.6 million and non-cash charges of $1.8 million related to depreciation and amortization, stock-based compensation and provision for doubtful accounts. The decrease in our net operating assets and liabilities was primarily due to a $2.6 million decrease in accounts receivable, a $2.0 million increase in other liabilities, a $1.3 million increase in deferred revenue from sales of our products and services and a $0.3 million increase in accrued expenses, partially offset by a $0.9 million decrease in accounts payable and a $0.7 million increase in prepaid expenses and other assets.

Operating activities used $3.4 million of cash in 2014, which reflected growth in revenue, offset by continuing investment in our operations. Cash used in operating activities reflected our net loss of $32.6 million, offset by our net increase in operating assets and liabilities of $21.6 million and non-cash charges of $7.6 million related to depreciation and amortization, stock-based compensation and provision for doubtful accounts. The increase in our net operating assets and liabilities was primarily due to a $25.2 million increase in deferred revenue from sales of our products and services, a $3.5 million increase in accrued expense, a $2.2 million increase in other liabilities and a $0.6 million increase in accounts payable, partially offset by an increase of $7.1 million in accounts receivable and an increase of $2.2 million in prepaid expenses.

Operating activities used $0.6 million in cash in 2013, which reflected growth in revenue. Cash used in operating activities reflected our net loss of $18.9 million, offset by our increase in operating assets and liabilities of $13.0 million and non-cash charges of $5.2 million related to depreciation and amortization, stock-based compensation, provision for doubtful accounts and deferred income taxes. The increase in our net operating assets and liabilities was primarily due to a $15.1 million increase in deferred revenue from sales of our products and services, a $1.1 million increase in accounts payable due to the growth of our business and a $3.0 million increase in accrued expense as a result of headcount growth, partially offset by a $4.0 million increase in accounts receivable and a $3.1 million payment of contingent consideration.

 

70


Table of Contents

Operating activities used $0.7 million in cash in 2012, which reflected growth in revenue, offset by continuing investment in our operations. Cash used in operating activities reflected our net loss of $12.4 million, offset by our net increase in operating assets and liabilities of $8.4 million and non-cash charges of $3.3 million related to stock-based compensation, depreciation and amortization and provision for doubtful accounts. The increase in our net operating assets and liabilities was primarily due to a $16.5 million increase in deferred revenue from sales of our products and services, partially offset by a $6.6 million increase in accounts receivable and a $1.1 million decrease in contingent liability balances related to acquisitions.

Investing Activities

Investing activities used $0.6 million in cash in the three months ended March 31, 2015 and $5.0 million in cash in the three months ended March 31, 2014, primarily for capital expenditures to purchase property and equipment. In the three months ended March 31, 2014, the capital expenditures primarily related to leasehold improvements for our new corporate headquarters.

Investing activities used $7.1 million in cash in 2014 and $2.8 million in cash in 2013, primarily for capital expenditures to purchase property and equipment, principally related to leasehold improvements for our new corporate headquarters.

Investing activities used $6.9 million in cash in 2012, which consisted of $4.8 million paid in consideration for an acquisition and $2.1 million of capital expenditures.

Financing Activities

Financing activities provided $0.3 million in cash in three months ended March 31, 2015, which consisted primarily of $0.4 million in proceeds from exercises of stock options, partially offset by $0.1 million in payments on capital lease obligations.

Financing activities used de minimis cash in the three months ended March 31, 2014, which consisted of payments on capital lease obligations, partially offset by proceeds from exercises of stock options.

Financing activities provided $26.7 million in cash in 2014, which consisted primarily of $30.8 million in net proceeds from the issuance of shares of Series D preferred stock and $0.5 million in proceeds from exercises of stock options, partially offset by $3.5 million in repurchases of common stock, $0.8 million in payments of contingent consideration related to acquisitions and $0.3 million in payments on capital lease obligations.

Financing activities provided $16.3 million in cash in 2013, which consisted primarily of $18.0 million in proceeds from our term loan borrowing from Silicon Valley Bank and $0.3 million in proceeds from exercises of stock options, partially offset by $1.5 million in payments of contingent consideration related to acquisitions and $0.3 million in payments on capital lease obligations.

Financing activities used $6.0 million of cash in 2012, which consisted primarily of $3.3 million in repurchases of capital stock and $2.6 million in payments of contingent consideration related to acquisitions.

Contractual Obligations and Commitments

The following table summarizes our commitments to settle contractual obligations as of December 31, 2014:

 

     Less than
1 Year
          1 to 3
Years
          3 to 5
Years
          More than
5 Years
          Total   
     (in thousands)  

Term loan payable

   $                —          $      18,000          $           —          $                  —          $      18,000   

Capital leases

     278            70                                  348   

Operating leases

     3,578            7,190            3,524                       14,292   
  

 

 

       

 

 

       

 

 

       

 

 

       

 

 

 

  Total

   $ 3,856          $ 25,260          $ 3,524          $          $ 32,640   
  

 

 

       

 

 

       

 

 

       

 

 

       

 

 

 

 

71


Table of Contents

The commitment amounts in the table above are associated with agreements that are enforceable and legally binding and that specify all significant terms, including fixed or minimum services to be used, fixed, minimum or variable price provisions and the approximate timing of the actions under the agreements. The table does not include obligations under agreements that we can cancel without a significant penalty.

We lease our office facilities under non-cancellable operating leases. As of December 31, 2014, we have leases that expire at various dates through 2019.

Off-Balance Sheet Arrangements

We do not have any relationships with unconsolidated entities or financial partnerships, including entities sometimes referred to as structured finance or special purpose entities that were established for the purpose of facilitating off-balance sheet arrangements or other contractually narrow or limited purposes. We do not engage in off-balance sheet financing arrangements. In addition, we do not engage in trading activities involving non-exchange traded contracts. We therefore believe that we are not materially exposed to any financing, liquidity, market or credit risk that could arise if we had engaged in these relationships.

Critical Accounting Policies

Our consolidated financial statements are prepared in accordance with generally accepted accounting principles in the United States, or GAAP. The preparation of our consolidated financial statements requires us to make estimates, assumptions and judgments that affect the reported amounts of assets, liabilities, revenue, costs and expenses. We base our estimates and assumptions on historical experience and other factors that we believe to be reasonable under the circumstances. We evaluate our estimates and assumptions on an ongoing basis. Our actual results may differ from these estimates. Our most critical accounting policies are summarized below. See Note (2) to our consolidated financial statements beginning on page F-1 of this prospectus for a description of our other significant accounting policies.

Revenue Recognition

We generate revenue primarily from selling products, maintenance and support, and professional services through a variety of delivery models. We generally bill customers and collect payment for both our products and services up front.

We generate products revenue from the sale of (1) perpetual or term software licenses and associated content subscriptions for our Nexpose and Metasploit products, (2) managed services for our Nexpose and UserInsight products and (3) cloud-based subscriptions for our UserInsight product. We also generate an immaterial amount of appliance revenue that is included in our products revenue and that is associated with hardware sold as part of our Nexpose product to certain customers. We generate maintenance and support revenue associated with customers’ purchases of our software licenses for Nexpose and Metasploit. We generate professional service revenue from the sale of our deployment and training services related to our solutions, incident response services and security advisory services.

Revenue is only recognized when all of the following criteria are met:

 

  l   

Persuasive evidence of an arrangement exists. Binding agreements or purchase orders are generally evidence of an arrangement.

 

  l   

Delivery has occurred. Delivery occurs (1) upon delivery of the software license key or when the customer has access to the software product or (2) when we perform the services.

 

  l   

The sales price is fixed or determinable. Fees are considered fixed and determinable when the fees are contractually agreed upon with the customer.

 

72


Table of Contents
  l   

Collectability is probable. Collectability is deemed probable based on review of a number of factors, including creditworthiness and customer payment history. If collectability is not reasonably assured, revenue is deferred until collection becomes reasonably assured, which is generally upon the receipt of payment.

Substantially all of our software licenses are sold in multiple-element arrangements that include maintenance and support, content subscriptions, cloud-based subscriptions, professional services and/or managed services. All of these elements are considered to be software elements other than cloud-based subscriptions, which are non-software elements, and managed services, which can be either software elements or non-software elements. We have determined that we do not have vendor-specific objective evidence, or VSOE, of the selling price for the elements comprising these multiple-element arrangements as our software licenses are generally not sold on a stand-alone basis and we purposefully employ variable pricing for our offerings in order to meet customer purchase requirements along the multiple price points of the demand curve.

When all of the elements of a multiple-element arrangement are software elements, the revenue for software licenses and any other products and services that are sold along with the license is generally deferred on our balance sheet and recognized as revenue on our consolidated statements of operations ratably over the contractual period of the maintenance and support, typically one to three years, which is typically longer than the period over which the professional services are performed. Revenue recognition begins upon delivery of the software license, assuming that all other criteria for revenue recognition have been met.

When a multiple-element arrangement includes both software elements and non-software elements, the total arrangement consideration is first allocated between the software elements and the non-software elements based on each element’s relative selling price as determined using best estimate of selling price, or BESP. The portion of the consideration allocated to non-software elements is deferred and recognized ratably over the term of the arrangement, which is typically the same as the term of the associated software license, assuming all other criteria for revenue recognition have been met. The portion of the consideration allocated to software elements is recognized as described above.

With respect to our managed services and cloud-based subscription offerings sold on a stand-alone basis, we recognize revenue ratably over the term of the managed service agreement or subscription, assuming that the other criteria for revenue recognition are met.

We recognize revenue from professional services sold on a stand-alone basis as those services are rendered.

For purposes of disclosing revenue by class, we allocate the arrangement consideration for multiple-element software arrangements among the individual elements utilizing BESP, as we do not have VSOE or third-party evidence, or TPE, of selling price for any of the elements.

Stock-Based Compensation

We measure and recognize compensation expense for all stock options and restricted stock awards based on the estimated fair value of the award on the grant date. We use the Black-Scholes option pricing model to estimate the fair value of stock option awards. The fair value is recognized as expense, net of estimated forfeitures, over the requisite service period, which is generally the vesting period of the respective award, on a straight-line basis when the only condition to vesting is continued service. If vesting is subject to a market or performance condition, recognition is based on the derived service period of the award. Expense for awards with performance conditions is estimated and adjusted on a quarterly basis based upon the assessment of the probability that the performance condition will be met.

The determination of the grant date fair value of options using the Black-Scholes option pricing model is affected principally by the estimated fair value of our common stock and requires management to make a number of other

 

73


Table of Contents

assumptions, including the expected life of the option, the volatility of the underlying stock, the risk-free interest rate and expected dividends. The assumptions used in our Black-Scholes option-pricing model represent management’s best estimates at the time of grant. These estimates are complex, involve a number of variables, uncertainties and assumptions and the application of management’s judgment, as they are inherently subjective. If any assumptions change, our stock-based compensation expense could be materially different in the future.

These assumptions are estimated as follows:

 

  l   

Fair Value of Common Stock. As our common stock has not historically been publicly traded, we estimated the fair value of common stock. See “—Common Stock Valuations” below.

 

  l   

Expected Term. The expected term represents the period that our stock options are expected to be outstanding. We calculated the expected term using the simplified method based on the average of each option’s vesting term and the contractual period during which the option can be exercised, which is typically 10 years following the date of grant.

 

  l   

Expected Volatility. The expected volatility was based on the historical stock volatility of several of our comparable publicly traded companies over a period of time equal to the expected term of the options, as we do not have any trading history to use the volatility of our own common stock.

 

  l   

Risk-Free Interest Rate. The risk-free interest rate was based on an average of the five and seven-year U.S. Treasury zero-coupon issues for each option grant date with maturities approximately equal to the option’s expected term.

 

  l   

Expected Dividend Yield. We have not paid dividends on our common stock nor do we expect to pay dividends in the foreseeable future.

The following table reflects the weighted average assumptions used to estimate the fair value of options granted during the periods presented:

 

     Year Ended December 31,   Three Months Ended
March 31,
     2012   2013   2014   2014   2015

Expected term (years)

   6.3   6.3   6.3   6.3   6.3

Expected volatility

   52 - 54%   50 - 52%   47 - 49%   49%   45%

Risk-free interest rate

   0.9 - 1.4%   0.9 -1.7%   1.5 - 1.7%   1.5%   1.5%

Expected dividend yield

   —     —     —     —     —  

Common Stock Valuation

Historically, for all periods prior to this offering, the exercise price of options to purchase shares of our common stock was the estimated fair market value of our common stock as determined by our board of directors on each grant date. In order to determine the fair market value of our common stock underlying option grants, our board of directors considered, among other things, valuations of our common stock prepared by unrelated third-party valuation firms in accordance with the guidance provided by the American Institute of Certified Public Accountants 2004 Practice Aid, Valuation of Privately-Held-Company Equity Securities Issued as Compensation, or the Practice Aid. Given the absence of a public trading market of our common stock, our board of directors exercised reasonable judgment and considered a number of objective and subjective factors to determine the best estimate of the fair market value of our common stock, including:

 

  l   

contemporaneous third-party valuations of our common stock;

 

  l   

the prices, rights, preferences and privileges of our preferred stock relative to the common stock;

 

74


Table of Contents
  l   

our business, financial condition and results of operations, including related industry trends affecting our operations;

 

  l   

the likelihood of achieving a liquidity event, such as an initial public offering or sale of our company, given prevailing market conditions;

 

  l   

the lack of marketability of our common stock;

 

  l   

the market performance of comparable publicly traded technology companies; and

 

  l   

the United States and global economic and capital market conditions and outlook.

Based on an assumed initial public offering price of $             per share, the midpoint of the price range set forth on the cover page of this prospectus, the intrinsic value of vested and unvested stock options outstanding as of March 31, 2015 was $             million and $             million, respectively.

The following table summarizes by grant date the number of shares of common stock subject to stock options granted from January 1, 2014 through March 31, 2015, as well as the associated per share exercise price and the estimated fair value per share of our common stock as of the grant date:

Grant Date

   Number of Options Granted      Exercise Price Per
Share of Common
Stock
    Estimated Fair Value
Per Share of Common Stock
 

February 4, 2014

     457,907       $ 7.73      $ 7.73   

April 30, 2014

     197,758         7.73 (1)      8.66 (2) 

September 3, 2014

     126,100         7.73 (1)      8.78 (2) 

October 29, 2014

     10,100         8.78 (1)      9.77 (2) 

February 4, 2015

     619,539         9.77        9.77   

 

(1)

The exercise price per share of common stock was approved by our the board of directors principally based on contemporaneous valuations of our common stock prepared by unrelated third-party valuation firms in accordance with the Practice Aid, among other factors.

 

(2)

In December 2014, we undertook retrospective valuations of the fair market value of our common stock.

Common Stock Valuation Methodology

In valuing our common stock, our board of directors determined the equity value of our business generally using a combination of the income approach and the market approach valuation methods.

The income approach estimates value based on the expectation of future cash flows that a company will generate, such as cash earnings, cost savings, tax deductions and the proceeds from disposition. These future cash flows are discounted to their present values using a discount rate derived based on an analysis of the cost of capital of comparable publicly traded companies in similar lines of business, as of each valuation date, and is adjusted to reflect the risks inherent in our cash flows.

The market approach estimates the fair value of a company by applying market multiples of comparable publicly traded companies in a similar line of business. The market multiples are based on relevant metrics implied by the price that investors have paid for the equity of publicly traded companies. Given our significant focus on investing in and growing our business, we primarily utilized the revenue multiple when performing valuation assessments under the market approach. When considering which companies to include as

 

75


Table of Contents

our comparable industry peer companies, we focused on U.S.-based publicly traded companies that were broadly comparable to us based on consideration of industry, market and line of business. From the comparable companies, a representative market value multiple was determined and applied to our operating results to estimate the value of our company. The market value multiple was determined based on consideration of multiples of revenue to each of the comparable companies’ last twelve-month revenue and the forecasted future twelve-month revenue. In addition, the market approach considers merger and acquisition transactions involving companies similar to the company’s business being valued. Multiples of revenue are calculated for these transactions and then applied to the business being valued, after reduction by an appropriate discount.

Historically, our enterprise value was determined using a weighted average combination of the income approach and the market approach. Once an equity value was determined, we utilized a hybrid of the option pricing method, or OPM, and probability-weighted expected return method, or PWERM, to allocate the overall value of equity to the various share classes.

The OPM treats common stock and convertible preferred stock as call options on a company’s enterprise value with exercise prices based on the liquidation preferences of the convertible preferred stock. Under this method, the common stock only has value if the funds available for distribution to stockholders exceed the value of the liquidation preference at the time of an assumed liquidity event. The value assigned to the common stock is the remaining value after the convertible preferred stock is liquidated. The OPM prices the call option using the Black-Scholes model. The OPM is used when the range of possible future outcomes is difficult to predict.

The PWERM relies on a forward-looking analysis to predict the possible future value of a company. Under this method, discrete future outcomes, including an initial public offering, or IPO, and non-IPO scenarios, are weighted based on the estimated the probability of each scenario. The PWERM is used when discrete future outcomes can be predicted with reasonable certainty based on a probability distribution.

The hybrid method is generally preferred for a company expecting a liquidity event in the near future but where, due to market or other factors, the liquidity event is uncertain. In the application of the hybrid method, we relied on the PWERM to allocate the value of equity under a near-term liquidity scenario and the OPM to allocate the value of equity under a long-term liquidity scenario. The projected equity value relied upon in the PWERM scenario was based on (1) guideline IPO transactions involving companies that were considered broadly comparable to us and (2) our expectation of the pre-money valuation that we needed to achieve to consider an IPO as a viable exit strategy. The projected equity value relied upon in the OPM was based on a weighted average indication of the value using the discounted cash flow method, which is an income approach, and the guideline public company method, which is a market approach.

Contemporaneous Valuations

February 2014 Grants

Our board of directors granted stock options in February 2014 with an exercise price of $7.73 per share, which was also the value per share used for financial reporting purposes. For these stock option grants, our board of directors determined the fair market value of our common stock on the date of grant to be $7.73 per share based on a number of factors, including a contemporaneous third-party valuation as of December 31, 2013 and our earnings history and financial performance, as well as our current prospects and expected operating results. More specifically, our board of directors considered, among other things: (1) the present value of our anticipated future cashflows, (2) the value of our tangible and intangible assets, (3) recent material events, (4) our operating results, (5) the market value of equity interests in substantially similar businesses, which equity interests can be valued through nondiscretionary, objective means, (6) recent arm’s length transactions involving the sale or transfer of our common stock or other equity interests, (7) changes in control premiums or discounts for lack of marketability and (8) other factors that our board of directors deemed material in order to determine in good faith the fair market value per share of our common stock.

 

76


Table of Contents

The valuation as of December 31, 2013 was determined using the hybrid method. The OPM was weighted assuming a 70% probability of occurrence of a long-term liquidity event and the PWERM was weighted assuming a 30% probability of occurrence of an IPO. With respect to the OPM, the enterprise value was determined by using a combination of income and market approaches. An enterprise value under the income approach was estimated based on the estimated present value of our estimated future cash flows, which was weighted at 50% in the OPM. An enterprise value under the market approaches was estimated based on the application of market multiples to our last-twelve-months and forward-looking revenues and comparable market transactions, each of which was weighted at 25%. With respect to the present value of future estimated cash flows under the income approach, we applied a discount rate of 25% and a revenue multiple terminal value that was determined based upon a guideline public company analysis considering companies of relative size, growth and profitability. Finally, our enterprise value reflected a non-marketability discount of 20%. With respect to the PWERM, the enterprise value was estimated based upon a revenue multiple that fell between the range of the 25th percentile and the median of guideline IPO transactions. For the purposes of the PWERM, we estimated an IPO date of June 30, 2015 and used a risk adjusted discount rate of 35%.

April 2014 Grants

Our board of directors granted stock options in April 2014 with an exercise price of $7.73 per share. For these stock option grants, our board of directors determined the fair market value of our common stock on the date of grant to be $7.73 per share based on a number of factors, including a contemporaneous third-party valuation as of December 31, 2013 described above and our earnings history and financial performance, as well as our current prospects and expected operating results. More specifically, our board of directors considered, among other things: (1) the present value of our anticipated future cashflows, (2) the value of our tangible and intangible assets, (3) recent material events, (4) our operating results, (5) the market value of equity interests in substantially similar businesses, which equity interests can be valued through nondiscretionary, objective means, (6) recent arm’s length transactions involving the sale or transfer of our common stock or other equity interests, (7) changes in control premiums or discounts for lack of marketability and (8) other factors that our board of directors deemed material in order to determine in good faith the fair market value per share of our common stock.

Based on the factors noted above, our board of directors concluded that the grant date fair value for the April 2014 option grants did not materially change from the December 31, 2013 valuation.

September 2014 Grants

Our board of directors granted stock options in September 2014 with an exercise price of $7.73 per share. For these stock option grants, our board of directors determined the fair market value of our common stock on the date of grant to be $7.73 per share based on a number of factors, including a contemporaneous third-party valuation as of December 31, 2013 described above and our earnings history and financial performance, as well as our current prospects and expected operating results. More specifically, our board of directors considered, among other things: (1) the present value of our anticipated future cashflows, (2) the value of our tangible and intangible assets, (3) recent material events, (4) our operating results, (5) the market value of equity interests in substantially similar businesses, which equity interests can be valued through nondiscretionary, objective means, (6) recent arm’s length transactions involving the sale or transfer of our common stock or other equity interests, (7) changes in control premiums or discounts for lack of marketability and (8) other factors that our board of directors deemed material in order to determine in good faith the fair market value per share of our common stock.

Based on the factors noted above, our board of directors concluded that the grant date fair value for the September 2014 option grants did not materially change from the December 31, 2013 valuation.

 

77


Table of Contents

October 2014 Grants

Our board of directors granted stock options in October 2014 with an exercise price of $8.78 per share. For these stock option grants, our board of directors determined the fair market value of our common stock on the date of grant to be $8.78 per share based on a number of factors, including a contemporaneous third-party valuation as of September 30, 2014 and our earnings history and financial performance, as well as our current prospects and expected operating results. More specifically, our board of directors considered, among other things: (1) the present value of our anticipated future cashflows, (2) the value of our tangible and intangible assets, (3) recent material events, (4) our operating results, (5) the market value of equity interests in substantially similar businesses, which equity interests can be valued through nondiscretionary, objective means, (6) recent arm’s length transactions involving the sale or transfer of our common stock or other equity interests, (7) changes in control premiums or discounts for lack of marketability and (8) other factors that our board of directors deemed material in order to determine in good faith the fair market value per share of our common stock.

Due to the timing of the October 2014 option grants relative to the third-party valuation of our common stock conducted as of December 31, 2014 discussed below, we determined that it was appropriate to use the fair value of our common stock reflected in the December 31, 2014 valuation to determine our stock-based compensation expense for the October 2014 option grants for financial reporting purposes.

February 2015 Grants

Our board of directors granted stock options in February 2015 with an exercise price of $9.77 per share, which was also the value per share used for financial reporting purposes. For these stock option grants, our board of directors determined the fair market value of our common stock on the date of grant to be $9.77 per share based on a number of factors, including a contemporaneous third-party valuation as of December 31, 2014 and our earnings history and financial performance, as well as our current prospects and expected operating results. More specifically, our board of directors considered, among other things: (1) the present value of our anticipated future cashflows, (2) the value of our tangible and intangible assets, (3) recent material events, (4) our operating results, (5) the market value of equity interests in substantially similar businesses, which equity interests can be valued through nondiscretionary, objective means, (6) recent arm’s length transactions involving the sale or transfer of our common stock or other equity interests, (7) changes in control premiums or discounts for lack of marketability and (8) other factors that our board of directors deemed material in order to determine in good faith the fair market value per share of our common stock.

The valuation as of December 31, 2014 was determined using the hybrid method. The OPM was weighted assuming a 60% probability of occurrence of a long-term liquidity event and the PWERM was weighted assuming a 40% probability of occurrence of an IPO. With respect to the OPM, the enterprise value was determined by using a combination of an income and market approaches. An enterprise value under the income approach was estimated based on the estimated present value of our future cash flows, which was weighted at 50%. An enterprise value under the market approach was based on the application of market multiples to our last-twelve-months and forward-looking revenues, which was weighted at 50%. With respect to the present value of future estimated cash flows under the income approach, we applied a discount rate of 25% and a revenue multiple terminal value that was determined based upon a guideline public company analysis considering companies of relative size, growth and profitability. Finally, our enterprise value reflected a non-marketability discount of 15%. With respect to the PWERM, the enterprise value was estimated based upon a revenue multiple that fell between the range of the 25th percentile and the median of guideline IPO transactions. For the purposes of the PWERM, we estimated an IPO date of December 31, 2015 and used a risk adjusted discount rate of 35%.

The difference in the sale price of our Series D preferred stock issued in December 2014 relative to the contemporaneous fair market value per share of our common stock, as determined by our board of directors, is attributable to the fact that holders our Series D preferred stock are entitled to accruing dividends, liquidation preferences, protective provisions, registration rights and other rights and privileges to which holders of our common stock are not entitled.

 

78


Table of Contents

Retrospective Valuations

In connection with the preparation of the financial statements necessary for the filing of the registration statement of which this prospectus forms a part, in December 2014, we undertook retrospective valuations of the fair market value of our common stock.

March 2014 Valuation

For purposes of calculating stock-based compensation expense for financial reporting purposes, we calculated the fair value of our common stock underlying the April 2014 option grants based on a retrospective third-party valuation as of March 31, 2014. As a result of this retrospective valuation, we determined that the grant date fair market value of the common stock underlying the options granted in April 2014 for financial statement purposes was $8.66 per share.

The valuation as of March 31, 2014 was determined using the hybrid method. The OPM was weighted assuming a 70% probability of occurrence of a long-term liquidity event and the PWERM was weighted assuming a 30% probability of occurrence of an IPO. With respect to the OPM, the enterprise value was determined by using a combination of an income and market approaches. An enterprise value under the income approach was estimated based on the estimated present value of our future cash flows, which was weighted at 50%. An enterprise value under the market approach was based on the application of market multiples to our last-twelve-months and forward-looking revenues, which was weighted at 50%. With respect to the present value of future estimated cash flows under the income approach, we applied a discount rate of 25% and a revenue multiple terminal value that was determined based upon a guideline public company analysis considering companies of relative size, growth and profitability. Finally, our enterprise value reflected a non-marketability discount of 20%. With respect to the PWERM, the enterprise value was estimated based upon a revenue multiple that fell between the range of the 25th percentile and the median of guideline IPO transactions. For the purposes of the PWERM, we estimated an IPO date of September 30, 2015 and used a risk adjusted discount rate of 35%.

September 2014 Valuation

For purposes of calculating stock-based compensation expense for financial reporting purposes, we calculated the fair value of our common stock underlying the September 2014 option grants based on a retrospective third-party valuation as of September 30, 2014. As a result of this retrospective valuation, we determined that the grant date fair market value of the common stock underlying the options granted in September 2014 for financial statement purposes was $8.78 per share.

The valuation as of September 30, 2014 was determined using the hybrid method. The OPM was weighted assuming a 70% probability of occurrence of a long-term liquidity event and the PWERM was weighted assuming a 30% probability of occurrence of an IPO. With respect to the OPM, the enterprise value was determined by using a combination of an income and market approaches. An enterprise value under the income approach was estimated based on the estimated present value of our future cash flows, which was weighted at 50%. An enterprise value under the market approach was based on the application of market multiples to our last-twelve-months and forward-looking revenues, which was weighted at 50%. With respect to the present value of future estimated cash flows under the income approach, we applied a discount rate of 25% and a revenue multiple terminal value that was determined based upon a guideline public company analysis considering companies of relative size, growth and profitability. Finally, our enterprise value reflected a non-marketability discount of 17.5%. With respect to the PWERM, the enterprise value was estimated based upon a revenue multiple that fell between the range of the 25th percentile and the median of guideline IPO transactions. For the purposes of the PWERM, we estimated an IPO date of December 31, 2015 and used a risk adjusted discount rate of 35%.

Following the closing of this offering, the fair value of our common stock will be determined based on the closing price of our common stock on the NASDAQ Global Market.

 

79


Table of Contents

Preferred Stock Valuation Methodology

At any time after November 16, 2018, the holders of (1) a majority of the then-outstanding shares of Series A preferred stock and Series B preferred stock, voting together as a single class on an as-converted basis and (2) a majority of the then-outstanding shares of Series C preferred stock, voting as a single class, may request that we redeem all the outstanding shares of preferred stock. The preferred stock would be redeemed in an amount in cash equal to the greater of (1) the aggregate original issuance price of such preferred stock plus all accrued and unpaid dividends thereon, whether or not declared or (2) the fair market value of such preferred stock. As redemption of the preferred stock is outside our control, all shares of preferred stock have been presented outside of stockholders’ deficit in our consolidated balance sheets. We recognize changes in the redemption value as they occur and adjust the carrying amount of the preferred stock to equal the redemption value at the end of each reporting period.

We determine the fair value of our preferred stock as of each reporting period using the guidance prescribed by the Practice Aid, which is consistent with the way we have valued our common stock described above.

Income Taxes

Income taxes are accounted for using the asset and liability method. Under this method, deferred tax assets and liabilities are recognized for the future tax consequences attributable to differences between the financial statement carrying amounts of existing assets and liabilities and their respective income tax bases, and operating loss and tax credit carryforwards. Valuation allowances are provided when we determine that it is more likely than not that all of, or a portion of, deferred tax assets will not be utilized in the future.

We account for unrecognized tax benefits using a more-likely-than-not threshold for financial statement recognition and measurement of tax positions taken or expected to be taken in a tax return.

Significant judgment is required in determining any valuation allowance recorded against deferred tax assets. In assessing the need for a valuation allowance, we consider all available evidence, including past operating results, estimates of future taxable income and the feasibility of tax planning strategies. In the event that we change our determination as to the amount of deferred tax assets that can be realized, we will adjust our valuation allowance with a corresponding impact to the provision for income taxes in the period in which such determination is made.

Estimates of future taxable income are based on assumptions that are consistent with our plans. Assumptions represent management’s best estimates and involve inherent uncertainties and the application of management’s judgment. Should actual amounts differ from our estimates, the amount of our tax expense and liabilities could be materially impacted.

Goodwill and Other Intangible Assets

Goodwill is an asset representing the future economic benefits arising from other assets acquired in a business combination that are not individually identified and separately recognized. We allocate the cost of an acquired entity to the assets acquired and liabilities assumed based on their estimated fair values at the date of acquisition. The excess of the purchase price for acquisitions over the fair value of the net assets acquired, including other intangible assets, is recorded as goodwill. Goodwill is not amortized but is tested for impairment at least annually or more frequently when events or circumstances occur that indicate that it is more likely than not that an impairment has occurred.

For our goodwill impairment analysis, we operate with a single reporting unit. The two step impairment test begins with an estimation of the fair value of a reporting unit. Goodwill impairment exists when a reporting unit’s carrying value of goodwill exceeds its implied fair value. Significant judgment is applied when goodwill is assessed for impairment. In performing the first step of the goodwill impairment testing and measurement process, we compare our entity-wide estimated fair value to net book value to identify potential impairment. Management estimates the

 

80


Table of Contents

entity-wide fair value utilizing a weighted-average of the income approach using discounted cash flows, guideline public company and guideline transaction methods. If the fair value of the reporting unit is less than the book value, the second step is performed to determine if goodwill is impaired. If we determine through the impairment evaluation process that goodwill has been impaired, an impairment charge would be recorded in our consolidated statements of operations. There has been no impairment of goodwill for any periods presented. In addition, based on the results of our impairment test, our reporting unit was not at risk of having its carrying value, including goodwill, exceed its fair value.

Other intangible assets acquired in a business combination are recognized at fair value using generally accepted valuation methods appropriate for the type of intangible asset and reported separately from goodwill. Intangible assets with definite lives are amortized over the estimated useful lives and are tested for impairment when events or circumstances occur that indicate that it is more likely than not that an impairment has occurred. We test other intangible assets with definite lives for impairment by comparing the carrying amount to the sum of the net undiscounted cash flows expected to be generated by the asset whenever events or changes in circumstances indicate that the carrying amount of the asset may not be recoverable. If the carrying amount of the asset exceeds its net undiscounted cash flows, then an impairment loss is recognized for the amount by which the carrying amount exceeds its fair value. There has been no impairment of other intangible assets for any periods presented.

Recent Accounting Pronouncements

In May 2014, the Financial Accounting Standards Board issued Accounting Standards Update 2014-09, Revenue from Contracts with Customers (Topic 606). This guidance outlines a single, comprehensive model for accounting for revenue from contracts with customers and will become effective in the first quarter of 2017 for public companies with calendar year ends. We are currently evaluating the impact that the standard will have on our consolidated financial statements.

Qualitative and Quantitative Disclosures about Market Risk

Market risk represents the risk of loss that may impact our financial position due to adverse changes in financial market prices and rates. Our market risk exposure is primarily the result of fluctuations in interest rates and foreign exchange rates as well as, to a lesser extent, inflation.

Interest Rate Risk

We are exposed to interest rate risk in the ordinary course of our business. Our cash is held in readily available checking and money market accounts. These securities are not dependent on interest rate fluctuations that may cause the principal amount of these assets to fluctuate. Additionally, the interest rate on our term loan is fixed and we intend to pay the full outstanding principal balance and accrued interest with a portion of the proceeds from this offering. We have a working capital line of credit with an annual interest rate equal to the prime rate plus 1.25%. As of March 31, 2015, there was no outstanding balance on this facility.

Foreign Currency Exchange Risk

Our results of operations and cash flows are subject to fluctuations due to changes in foreign currency exchange rates. Substantially all of our customers enter into contracts that are denominated in U.S. dollars. Our expenses are generally denominated in the currencies of the countries where our operations are located, which is primarily in the United States and to a lesser extent in the United Kingdom, other Euro-zone countries within mainland Europe, Hong Kong, Canada, Singapore and Australia. Our results of operations and cash flows are, therefore, subject to fluctuations due to changes in foreign currency exchange rates and may be adversely affected in the future due to changes in foreign currency exchange rates. The effect of a hypothetical 10% change in foreign currency exchanges rates applicable to our business would not have a material impact on our historical consolidated financial statements. To date, we have not engaged in any hedging strategies. As our international operations grow, we will continue to reassess our approach to manage our risk relating to fluctuations in foreign currency rates.

 

81


Table of Contents

Inflation Risk

We do not believe that inflation had a material effect on our business, financial condition or results of operations in the last three years. If our costs were to become subject to significant inflationary pressures, we may not be able to fully offset such higher costs through price increases. Our inability or failure to do so could harm our business, financial condition and results of operations.

JOBS Act Transition Period

In April 2012, the Jumpstart Our Business Startups Act of 2012, or the JOBS Act, was enacted. Section 107 of the JOBS Act provides that an “emerging growth company” can take advantage of the extended transition period provided in Section 7(a)(2)(B) of the Securities Act for complying with new or revised accounting standards. Thus, an emerging growth company can delay the adoption of certain accounting standards until those standards would otherwise apply to private companies. We have irrevocably elected not to avail ourselves of this extended transition period and, as a result, we will adopt new or revised accounting standards on the relevant dates on which adoption of such standards is required for other public companies.

We are in the process of evaluating the benefits of relying on other exemptions and reduced reporting requirements under the JOBS Act. Subject to certain conditions, as an emerging growth company, we may rely on certain of these exemptions, including without limitation, (i) providing an auditor’s attestation report on our system of internal controls over financial reporting pursuant to Section 404(b) of the Sarbanes-Oxley Act and (ii) complying with any requirement that may be adopted by the Public Company Accounting Oversight Board regarding mandatory audit firm rotation or a supplement to the auditor’s report providing additional information about the audit and the financial statements, known as the auditor discussion and analysis. We will remain an emerging growth company until the earlier to occur of (1) the last day of the fiscal year (a) following the fifth anniversary of the completion of this offering, (b) in which we have total annual gross revenues of at least $1.0 billion or (c) in which we are deemed to be a “large accelerated filer” under the rules of the U.S. Securities and Exchange Commission, which means the market value of our common stock that is held by non-affiliates exceeds $700 million as of the prior June 30th, and (2) the date on which we have issued more than $1.0 billion in non-convertible debt during the prior three-year period.

 

82


Table of Contents

BUSINESS

Overview

Rapid7 is a leading provider of security data and analytics solutions that enable organizations to implement an active, analytics-driven approach to cyber security. Our security data and analytics platform was purpose built for today’s increasingly complex and chaotic IT environment. We combine our extensive experience in security data and analytics and deep insight into attacker behaviors and techniques to make sense of the wealth of data available to organizations about their IT environments and users. There has been an explosion of increasingly sophisticated cyber attacks as the proliferation of mobile devices, cloud-based applications and solutions relying on user credentials has eliminated the boundaries that previously defined an organization’s network perimeter and expanded the threat surface that organizations must now defend. Our powerful and proprietary analytics enable organizations to contextualize and prioritize the threats facing their physical, virtual and cloud assets, including those posed by the behaviors of their users. Leveraging our security data and analytics platform, our solutions enable organizations to strategically and dynamically manage their cyber security exposure. Our solutions empower organizations to prevent attacks by providing visibility into vulnerabilities and to rapidly detect compromises, respond to breaches and correct the underlying causes of attacks. This balanced and analytics-focused approach ultimately better secures organizations’ environments and reduces the likelihood of, and risks associated with, cyber attacks. We believe our technology and solutions revolutionize the practice of cyber security and are central and critical to implementing a modern security program.

With our security data and analytics platform at our core, we are pioneering active, analytics-driven solutions to cyber security that enable organizations to find and eliminate critical weaknesses and detect attacks in their IT environments. Our threat exposure management offerings include our industry-leading vulnerability management products, which we enhance with deep security analytics capabilities to quickly deliver contextual risk prioritization, critical threat awareness and impactful remediation guidance. Similarly, we added analytics and automation to traditional manual penetration testing to be able to deliver robust ongoing attack simulation solutions that provide organizations with visibility into real world threats. By providing and combining analytics and actionable insights related to both an organization’s attack surface and the dynamic threat landscape, our security data and analytics platform enables organizations to manage their threat exposure above and beyond traditional vulnerability management products on the market.

Further leveraging our technology platform and analytics capabilities, we recently introduced our incident detection product to provide organizations with the ability to rapidly detect and respond to cyber security incidents and breaches. Proprietary behavioral and pattern-recognition analytics are central to this capability, which functions in part by automatically mapping an organization’s assets and users relative to the threat landscape, such that aberrant and risky user-specific and asset-specific behaviors are rapidly identified, escalated for investigation and prioritized by threat level. To complement our incident detection product, we also recently introduced our incident response services, which provide our customers with critical access to our security experts and experience, enabling them to accelerate incident response and containment. We also offer security advisory services that help organizations develop a holistic approach to their cyber security programs and advance their cyber security program maturity. All of our products have been designed with an intuitive user interface, focused on ease-of-use and fast time-to-value for our customers.

 

83


Table of Contents

The Rapid7 Security Data and Analytics Evolution

LOGO

Cyber security has become a strategic imperative for organizations globally, driven by increased focus by boards of directors and senior management in the wake of numerous recent high profile breaches and data thefts. Organizations are increasingly at risk of being compromised, with the number of reported security incidents within enterprises increasing 48% in 2014 over the prior year, according to a report by PricewaterhouseCoopers LLP, or PWC. There are three converging macro drivers that are changing the cyber security landscape for organizations and driving the increase in cyber breaches. First, mobile and connected devices, cloud-based applications and more open and interconnected networks have increased IT complexity, expanding the exploitable attack surface across an organization and resulting in more sources of potential vulnerability. Second, there has been a dramatic change in the tools available to cyber attackers. Attackers can now purchase highly effective and easy-to-use software that is designed to circumvent traditional prevention-based tools at very low cost, thereby lowering the bar for nearly anyone to launch advanced cyber attacks. Third, the economic motives for attackers are more compelling, with new, vibrant markets providing attackers an efficient and effective way to monetize stolen customer information and employee data.

The confluence of these factors has rendered the old model of “block and protect” prevention-based cyber security programs ineffective. These traditional “block and protect” approaches to cyber security typically rely disproportionately on network perimeter protection tools such as firewalls and antivirus software to stop attackers. However, as the network perimeter rapidly disappears, the effectiveness of these legacy solutions diminishes greatly. In addition, prevention-centric models are often passive and implemented with a “deploy and forget” mentality, lacking a holistic cyber security strategy. While prevention-based approaches can alert IT professionals to potentially suspicious activity, the data generated is often raw and in “machine form,” making it difficult for an organization to develop actionable insights that reflect a real-time understanding of the organization’s assets, user behavior and the dynamic threat landscape that it faces. Developing these insights has historically been complex and resource intensive, requiring security expertise, data scientists and analytical modeling skills, which many organizations lack. Further, preventative solutions are generally not able to identify or deter attacks that involve stolen or weak credentials, which are used in 76% of cyber attacks according to the 2013 Verizon Data Breach Investigations Report. When an attacker gains access to an organization’s network through compromised credentials or otherwise, the attacker can freely exploit assets within the breached environment until they are detected, which took a median of 205 days in 2014 according to a report by Mandiant.

The decreasing effectiveness of a traditional prevention-focused approach to cyber security is causing a significant shift to a new model that uses an active, analytics-driven approach to reduce and manage risks to the or