10-K 1 g81468e10vk.txt INTERNET SECURITY SYSTEMS, INC. -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- UNITED STATES SECURITIES AND EXCHANGE COMMISSION WASHINGTON, D.C. 20549 --------------------- FORM 10-K (MARK ONE) [X] ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 FOR THE FISCAL YEAR ENDED DECEMBER 31, 2002 OR [ ] TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 FOR THE TRANSITION PERIOD FROM ____________TO ____________
Commission file number 0-23655 INTERNET SECURITY SYSTEMS, INC. (Exact Name of Registrant as Specified in Its Charter) DELAWARE 58-2362189 (State or other jurisdiction of (I.R.S. Employer Identification No.) incorporation or organization) 6303 BARFIELD ROAD 30328 ATLANTA, GEORGIA (Zip code) (Address of principal executive offices)
Registrant's telephone number, including area code: (404) 236-2600 Securities registered pursuant to Section 12(b) of the Act: None Securities registered pursuant to Section 12(g) of the Act: COMMON STOCK, $0.001 PAR VALUE PREFERRED STOCK PURCHASE RIGHTS (Title of Class) Indicate by check mark whether the Registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the Registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes [X] No [ ] Indicate by check mark if disclosure of delinquent filers pursuant to Item 405 of Regulation S-K is not contained herein, and will not be contained, to the best of Registrant's knowledge, in definitive proxy or information statements incorporated by reference in Part III of this Form 10-K or any amendment to this Form 10-K. [ ] Indicate by check mark whether the registrant is an accelerated filer (as defined in Exchange Act Rule 12b-2). Yes [X] No [ ] The aggregate market value of the voting stock held by non-affiliates of the Registrant, based upon the closing sale price of Common Stock on June 30, 2002 as reported on the NASDAQ National Market, was approximately $330 million (affiliates being, for these purposes only, directors, executive officers and holders of more than 5% of the Registrant's Common Stock). As of March 12, 2003, the Registrant had 49,633,772 outstanding shares of Common Stock. DOCUMENTS INCORPORATED BY REFERENCE Portions of the Proxy Statement for the Registrant's Annual Meeting of Stockholders to be held on May 28, 2003 are incorporated by reference into Part III of this Form 10-K. -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- FORWARD-LOOKING STATEMENTS This report contains forward-looking statements that involve risks and uncertainties. The statements contained in this report that are not historical statements of fact are forward-looking statements within the meaning of Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934. Forward-looking statements include, among other things, statements regarding our expectations, beliefs, intentions or strategies regarding the future. All forward-looking statements included in this report are based on information available to us up to and including the date of this document, and we expressly disclaim any obligation to update or alter our forward-looking statements, whether as a result of new information, future events or otherwise. Our actual results could differ significantly from those anticipated in these forward-looking statements as a result of certain factors, including those set forth below, under "Management's Discussion and Analysis of Financial Condition and Results of Operations -- Risk Factors" and elsewhere in this report. PART I ITEM 1. BUSINESS INTRODUCTION OVERVIEW Internet Security Systems, Inc. ("ISS" or the "Company") is a security software pioneer and global leader in information protection solutions dedicated to protecting online assets. This proactive line of defense protects networks, servers and desktops against an ever-changing spectrum of threats. Our security management solutions include software products, managed security services, professional services made up of both consulting and training services and online security research, advisory and other knowledge services. We offer a comprehensive line of products and services aimed primarily at enterprise organizations and service providers. These threat protection solutions go beyond basic access control to deliver multiple layers of defense that detect, prevent and respond to threats to our customers' business operations. Our products are designed to meet the need for comprehensive, cost-effective detection, prevention and response arising from attacks, misuse and security policy violations while promoting the confidentiality, privacy, integrity and availability of proprietary information. Our family of software products is a critical element of an active Internet and networking security program within today's world of global connectivity, enabling organizations to proactively monitor, detect and respond to risks to enterprise information. Our managed services offerings focus primarily on remote management of our best-of-breed security technology including security assessment and intrusion protection systems. We focus on serving as the trusted security provider to our customers by maintaining within our products the latest counter-measures to security risks, creating new innovative products, and providing professional and managed services. ISS was founded in 1994 and is headquartered in Atlanta, Georgia. The mailing address for our headquarters is 6303 Barfield Road, Atlanta, Georgia, 30328, and our telephone number at that location is (404) 236-2600. The ISS web site can be found at www.iss.net. INDUSTRY BACKGROUND GROWTH OF ONLINE ASSETS AND RISKS Online security is of growing importance to today's businesses, as organizations of all sizes and markets become increasingly reliant on Internet-based technology to conduct day-to-day operations. Businesses adopt these Internet-based technologies to streamline operations and create new business opportunities. To capitalize on the benefits of the Internet, businesses must open their networks to business partners, customers and their mobile workforce, significantly increasing the value and vulnerability of their online assets. The networks, servers and desktops that make online commerce work are inherently vulnerable to online threats. A threat is any tool or technique that can be used to damage the data stored on a network, server or 1 desktop, or to compromise those resources for unauthorized use. The tools used to attack online resources and the sophistication of these threats continues to increase. At the same time, the technological sophistication needed to launch an attack continues to decrease. The more that organizations and consumers depend on networks to conduct business, the greater the risk of business interruption, negative publicity, theft of proprietary or private information, liability for damages to others, and other costly business losses. The Computer Security Institute reported in the 2002 CSI/FBI Computer Crime and Security Survey conducted with the Federal Bureau of Investigation that 90% of the 503 respondents (U.S. corporations, government agencies, financial institutions, medical institutions and universities) detected security breaches in a twelve-month period, with 80% acknowledging financial losses due to computer breaches. Interestingly, 90% of respondents reported using anti-virus software, 89% reported using firewalls and 60% reported using intrusion detection. The 223 respondents who were willing and/or able to quantify financial losses as a result of computer breaches reported approximately $455,848,000 in losses. ISS PROTECTION SOLUTIONS Our protection solutions protect against online threats. They provide proactive detection of active attacks against information resources, prevent unnecessary security vulnerabilities, and provide for rapid, appropriate response when a security event takes place. Our protection solutions help minimize our customers' risk from online threats. We believe that there are three key processes to effectively manage online risk: - Identify security exposures and active threats, with responses appropriate to the severity of the risk and the potential for loss; - Implement scalable, centralized security management across complex extended enterprise infrastructure of larger customers. For other organizations, utilize either an internally managed software solution or expert external managed security services (or both) to provide efficient oversight and control; and - Utilize a proactive source of security alerts, advisories and other security information services to counteract the dynamic nature of risk. These solutions can be managed internally by customer personnel, or can be managed externally as part of a managed solution provided by ISS. Each solution often includes professional services or an education component. In response to this broad-based business need, we provide a wide range of proactive protection that spans networks, servers and desktops, including fixed, remote, mobile and wireless devices. All offerings are built around the need for comprehensive, cost-effective detection, prevention and response. These flexible solutions scale from individual PCs to multinational enterprises, with detection, prevention and response across the breadth of the threat spectrum. MARKETS We provide products and services to a variety of customers. We view our primary customer markets as enterprise, service provider, and risk management customers. We also have products for consumers and small offices. Our primary markets are addressed through our direct sales efforts and through various partners, including system integrators, value-added resellers and distributors. Consumer and small office markets are served through distribution channel arrangements. We provide enhanced levels of detection, protection and response to our primary market through our DYNAMIC THREAT PROTECTION(TM) process. Dynamic Threat Protection is based on the long-accepted industry knowledge that routine, preventative maintenance is superior to the "break/fix" alternative. Dynamic Threat Protection helps businesses transform from a reactive to a proactive security posture. As a result, organizations that implement Dynamic Threat Protection significantly reduce risk, simplify security and save substantial time and money. 2 Dynamic Threat Protection delivers highly integrated operations that in turn create faster response times, focus administrator attention on areas needing the most immediate attention and anticipate security exposures before they become business liabilities. In short, we believe that Dynamic Threat Protection provides three distinct advantages for organizations looking for an additional level of security: Accuracy -- Dynamic Threat Protection rapidly and accurately detects attacks and reduces false positives. Performance -- Dynamic Threat Protection operates at increasingly rapid line speeds across the network, and scales from workgroups to multinational organizations with many locations. Low Total Cost of Ownership (TCO) -- Dynamic Threat Protection significantly lowers TCO by using advanced data collection, correlation and analysis to minimize the need for manual intervention in the security process and automate the discovery and repair of potential security exposures. In summary, we believe that Dynamic Threat Protection reduces the critical time lag between when a new threat emerges and security staff is able to respond to that threat. This key advantage gives security staff the ability to quickly and easily concentrate their efforts on the most urgent issues first. In addition, it extends protection over time from the most urgent risks on the most important networks and systems to prevention and protection for less critical areas. ENTERPRISE Enterprise market customers generally have annual revenues exceeding $100 million. Our enterprise software and services solutions provide proactive centrally deployed and managed protection against online business interruption and loss, all designed to operate with minimal administration or interference with normal network operations. These comprehensive protection offerings merge network, server and desktop protection into an integrated threat management environment. This combination of software and services enables centralized management across multiple locations and network segments, including wireless networks, branch offices and mobile workers. Most importantly, our proactive approach keeps staff informed about newly discovered security issues, ensuring that the protection solution can be updated to account for newly evolved threats. Enterprise solutions include the REALSECURE(R) PROTECTION PLATFORM, a unique software offering that encompasses vulnerability assessment and threat detection, prevention and response across networks, servers and desktops, all coordinated through the REALSECURE(R) SITEPROTECTOR(TM) centralized management platform. In addition, our Managed Protection Services extends this protection strategy through managed security offerings and expert 24/7 monitoring, support and response management, for situations where additional flexibility and support are required. Extensive professional services and emergency response services provide an appropriate, effective security solution, regardless of business environment. SERVICE PROVIDER We provide best-of-breed technology and a proven track record in network security management for service providers looking to establish online security as part of a broad-based, Internet-oriented business solution. We partner with service providers that want to resell managed security services and are seeking a well-known, credible and stable partner in the security industry, an established ability to bring partners to market, and a comprehensive services portfolio. Our advanced security management software solutions, extensive experience protecting customer networks, and unique ability to collect and analyze threat trends from around the world in our Global Threat Operations Center (GTOC) allow us to partner with organizations looking to bundle a security management component within a broader set of business services. 3 RISK MANAGEMENT Online business operations, like their physical counterparts, require careful risk management practices. However, traditional security and insurance offerings do not address unique online risks. Our SECURE STEPS(SM) program provides scalable, affordable risk management solutions based on Internet Security Systems' Managed Protection Services that are intended to establish the security practices necessary to assist our customers in obtaining insurance coverage for online business operations. Secure Steps includes a specialized set of managed security services that adds comprehensive recovery and security forensics to document and analyze security events should a breach occur. When combined with cyber-insurance coverage, Secure Steps is an important component of a broad-based enterprise risk management strategy. Secure Steps delivers critical security solutions designed for organizations needing an integrated, cost-efficient online risk management solution. Participation in Secure Steps assists insurance underwriters with the underwriting process and is intended to pre-qualify businesses for third-party cyber-insurance coverage for online business operations. We do not ourselves sell insurance coverage or any other insurance services. We also have other specialized security assessment programs that help organizations with self-managed security ascertain that their security practices are suitable for cyber-insurance programs. PRODUCTS AND SERVICES ENTERPRISE PROTECTION The RealSecure Protection Platform, the core of our enterprise protection offerings, significantly improves protection across networks, servers and desktops, while reducing complexity and cost. This unique solution integrates intrusion detection and response, vulnerability assessment, policy compliance, and data collection and analysis, all coordinated through the RealSecure SiteProtector centralized management structure. Key components include: REALSECURE NETWORK PROTECTION -- Provides a wide range of specialized protection agents for networks and gateways, all tightly integrated into a centralized operational and management framework. RealSecure Network 10/100 -- Provides intelligent, automated integration of threat assessment, intrusion detection, active blocking and data analysis within a self-contained, centrally managed application. RealSecure Network Gigabit -- Provides intelligent, automated integration of threat assessment, intrusion detection, active blocking and data analysis within a self-contained, centrally managed application for line operations at gigabit speed. RealSecure for Nokia Appliance -- Provides powerful, automated, real time intrusion protection for computer networks through an easily deployed, appliance-style solution. RealSecure Guard -- An inline intrusion protection filter designed specifically for mission critical connections that protects across network segments. REALSECURE SERVER PROTECTION -- Defends servers and applications against unauthorized access and a broad array of threats by combining intrusion detection and response with firewall capabilities. RealSecure Server -- Provides intelligent, automated integration of threat assessment, intrusion detection, active blocking and data analysis for servers within a self-contained, centrally managed application. REALSECURE DESKTOP PROTECTION -- Guards fixed, remote and mobile corporate desktops against unauthorized access and a broad array of threats by combining intrusion detection and response with firewall capabilities and virtual private network (VPN) compatibility. RealSecure Desktop -- Provides intelligent, automated integration of threat assessment, intrusion detection, application protection, active blocking and data analysis for desktops within a self-contained, centrally managed application. 4 REALSECURE SITEPROTECTOR -- Scalable, centralized security deployment, management and reporting for enterprise RealSecure deployments that significantly reduce demands on staff and other operational resources. REALSECURE SITEPROTECTOR SECURITY FUSION MODULE -- Uses advanced data correlation and analysis to rapidly and automatically derive the likelihood of a successful attack from aggregated vulnerability assessment information. PRE-EMPTIVE BEHAVIORAL INSPECTION TECHNOLOGY -- VCIS, INC. ACQUISITION In October 2002, we acquired vCIS, Inc. ("vCIS"), a development stage company focused on the development of patent-pending, next-generation, pre-emptive behavioral inspection technology. This technological concept prevents malicious code from executing and causing damage before it has an opportunity to interact with the enterprise network. The vCIS acquisition is consistent with our strategy of offering threat protection solutions that actively detect, prevent and respond to security risks at every potential point of compromise on desktops, servers and networks. Specifically, vCIS technology is expected to enhance the application protection feature in our desktop and server protection offerings. Combined with our current offerings, customers will be able to control -- via policy -- how known programs operate on their host systems while effectively preventing unknown or untrusted applications from executing. The combination affords strong proactive application controls, serving as an adjunct to deploying and managing signatures, and dramatically reduces false positives. We identified three potential applications for the technology that currently have completion time tables in either the latter part of 2003 or the first half of 2004. These assumptions have a degree of uncertainty given that this is new, unproven technology. VULNERABILITY ASSESSMENT In addition to the RealSecure Protection Platform, we also offer security assessment and policy compliance solutions for proactive measurement of online risk. These comprehensive and complimentary offerings include: INTERNET SCANNER(R) -- Provides comprehensive network vulnerability assessment for measuring online risk. SYSTEM SCANNER(TM) -- Ensures policy compliance and detects vulnerabilities that leave servers open to compromise. DATABASE SCANNER(R) -- Assesses online business risks by identifying security exposures in leading database applications. WIRELESS SCANNER(TM) -- Provides automated detection and security analyses of mobile networks utilizing 802.11b WLAN (Wi-Fi) access points and clients. CONSUMER AND SMALL OFFICE PRODUCTS We offer powerful, affordable solutions providing fast, accurate protection for a wide range of information protection needs for the consumer and small office product market. Our products include: BLACKICE(TM) PC PROTECTION -- Provides comprehensive personal firewall and intrusion protection for individual PCs. BLACKICE(TM) SERVER PROTECTION -- Provides comprehensive firewall and intrusion protection capabilities for individual servers. X-FORCE(TM) SERVICES The X-Force organization, our industry leading group of security experts dedicated to proactive counter intelligence and public education, delivers timely, accurate information for anyone interested in protecting 5 online assets against attack or misuse. This proactive approach suffuses all our offerings, from research and development to products and services, including publicly available information and product support. Our X-Force organization delivers breaking information on threats through three complementary online publications: - Security Advisories contain new vulnerability research developed by the X-Force itself, as well as solutions to manage or resolve the threat. - Security Alerts are timely compilations of threat information, both from us and from other, external resources. - Security Alert Summaries are weekly publications containing short descriptions of security issues identified and researched during the past week. Each issue in the Alert Summary is linked to detailed information in the online X-Force Database. The X-Force organization begins this process through our Global Threat Operations Center. This specialized threat intelligence facility collects security trend information from five state-of-the-art Security Operations Centers operating on three continents to analyze the nature and severity of any threat in real-time. The X-Force then proactively helps deliver our solutions to market via alerts, advisories, product updates, professional services, emergency response services and 24/7 remotely managed security services. In addition, we provide the fee based X-Force Threat Analysis Service for customers needing immediate, comprehensive notification of the breaking security events. X-Force threat intelligence consists of both global and local primary source overviews of evolving threats. This information may be sorted by specific geography, business sector, operating system or attack technique, allowing anyone interested in information protection to evaluate global threat conditions as part of their own security operations. All our service offerings use X-Force threat intelligence as a differentiator, whether as part of a professional services consulting engagement, managed security services, X-FORCE(TM) EDUCATION SERVICES education offerings or customer support. In addition, X-Force research and development quickly and easily integrates into Internet Security Systems' software solutions via self-installing X-PRESS UPDATE(TM) product enhancements. MANAGED SECURITY SERVICES ISS Managed Security Services offers online protection for organizations lacking the time, expertise or appropriate internal resources to secure critical information resources. Our services include: MANAGED INTRUSION PROTECTION SERVICE -- Unobtrusively monitors client servers and network traffic for potential threats, and responds to attacks or misuse that can damage online information resources. MANAGED FIREWALL SERVICE -- Flexible, remotely managed firewall service that delivers cost-effective protection that reduces customer staff requirements. Optional features include High Availability capabilities, Monitored Firewall, Client VPN enablement and Site-to-Site VPN. HIGH AVAILABILITY MANAGED FIREWALL SERVICE -- Remotely managed firewall that utilizes a robust architecture to maximize uptime for critical business operations. CLIENT VPN SERVICE -- Extends our managed firewall offerings by establishing secured network resources for remote operations including users, partners, vendors and customers. MANAGED SITE-TO-SITE VPN SERVICE -- Leverages our managed firewall services to create efficient trust relationships for online business operations acting across multiple networks. MANAGED REMOTE SCANNING -- Performs remotely managed, scheduled and on-demand assessments of the network perimeter. Uses the Internet Scanner(TM) application to identify vulnerabilities and recommend fixes. 6 MANAGED SECURITY SERVICES CUSTOMER PORTAL -- Complements our Managed Security Services offerings by providing customers with a powerful, interactive information reporting and analysis tool for maintaining effective security practices. PROFESSIONAL SECURITY SERVICES Our professional security services combine our extensive intellectual capital, best-of-breed technology and experienced security experts to help organizations plan and implement sound security management solutions. Our standards-based methodology covers the complete security management lifecycle, including assessment, design, deployment, management, and support. ASSESS X-Force Penetration Test -- A network attack simulation event in which security experts attempt to break into a network mimicking the techniques used by malicious attackers. Available in three variations: Light Perimeter, Full Perimeter and Internal. Information Security Assessment -- Comprehensive evaluation of security posture from an external and internal perspective, including an in-depth evaluation of a client's security architecture, policies and procedures, threats and vulnerabilities, and technical security controls and mechanisms. Wireless Network Security Assessment -- Security assessment of wireless network environments including both assessment and penetration testing. Application Security Assessment -- Review and evaluation of application security from the client and server perspectives. DESIGN Protection Policy Development -- Helps a client design and adopt an information protection policy that reflects its business objectives, environment and culture. Solutions Deployment Planning -- Help a client understand the architecture of its existing and future networks. Our security specialists work with client staff to determine and plan the most effective and strategic locations in which to install our solutions, how to best implement them with minimal impact on current network operations, and how to plan for the ongoing management and maintenance of the security solution. Network Security Architecture Design -- Our security professionals assist clients in developing a network security architecture design based on assessment requirements and industry best practices. DEPLOY Internet Security Systems Solutions Deployment -- Installation, configuration and tuning for our vulnerability assessment, intrusion detection and enterprise security management solutions which we encourage to be a competency of our security partners that can be delivered into our customer base. MANAGE Emergency Response Services -- Our professional services staff combines leading security research with real-world incident response experience to help organizations prepare for, and respond immediately to, information security breaches. Vulnerability Remediation Services -- Our experienced professional services staff work with a client to plan and implement vulnerability remediation. 7 Staff Augmentation & Support -- Designed for organizations in which: - A fully managed solution is not an option, but onsite management from a security expert is needed. - Security engagement needs are not clearly defined, but onsite management from a security expert would be beneficial. - Additional support is needed while the organization is in the process of hiring an individual for a security role. SUPPORT Technical Support ISS Technical Support provides ongoing product support services under license agreements. Maintenance contracts are sold to customers for a one-year term, or longer periods, at the time of the initial product license and may be renewed for additional periods. Under our maintenance agreements with our customers, we provide, without additional charge, telephone support, electronic support, documentation, our X-Force Security Alerts and Advisories, X-Press Updates, access to an online Knowledgebase, and other product updates and error corrections, as available. Customers with current maintenance agreements may download available product updates from our Web site. We believe that providing a high level of customer service and technical support is necessary to achieve rapid product implementation, which, in turn, is essential to customer satisfaction and continued license sales and revenue growth. Accordingly, we are committed to recruiting and maintaining a high-quality technical support team. A team of dedicated certified engineers trained to answer questions on the usage of our products provides telephone and email support worldwide, 24 hours a day, seven days a week (including holidays), from our corporate office in Atlanta. Customers in Asia can also contact ISS Technical Support in the Philippines or Tokyo during local business hours. The ISS Technical Support Team located in Mountain View, California provides email support to our consumer customer base. In the United States and internationally, our resellers and distributors provide telephone support to their customers with additional technical assistance from us. For our managed services security solutions, customer support is available for several offerings up to 24 hours a day, seven days a week. Technical support is offered via phone, email or secure Web form and includes access to an online knowledge base as well as direct contact with qualified support personnel. Education Our X-Force Education Services organization offers hands-on, real-world security management and certification training. Our content rich materials and experienced instructors educate security professionals with courses delivered in classrooms located around the world as well as through on-site, customized programs. By developing and maintaining internal staff knowledge, organizations can maximize the return on their security investments. During 2003, we will begin offering classes through our X-Force Education Services Authorized Training Center Program in addition to continuing to provide such courses at our Atlanta headquarters training center and on-site at customer locations. The Authorized Training Center Program will offer quality education to customers from certified facilities located across the U.S. By working with training facilities throughout the country, the ISS Authorized Training Center Program provides education consistent with ISS standards, but now available at additional locations. All Authorized Training Centers will be ISS-certified to verify the quality of the courses as part of the X-Force Protection Certification program. GEOGRAPHIC SEGMENTS We provide our security management solutions in three geographic areas: the Americas (United States, Canada, Latin America and South America), EMEA (Europe, Middle East and Africa) and Asia/Pacific. These geographic areas represent our three reportable segments. The accounting policies of the reportable 8 geographic segments are the same as described in the summary of our critical accounting policies in Management's Discussion and Analysis of Financial Condition and Results of Operations and significant accounting policies in our financial statements and are applied consistently across the segments. Revenues, as a percent of total revenues, for each segment are as follows:
2000 2001 2002 ---- ---- ---- Americas.................................................... 79% 71% 72% EMEA........................................................ 13 15 15 Asia/Pacific................................................ 8 14 13
PRODUCT DEVELOPMENT We develop our products to operate in heterogeneous computing environments. Products are compatible with other vendors' products across a broad range of platforms, including HP-UX, IBM AIX, Linux, Sun Solaris and Microsoft Windows. Our network sensor software products are also offered for specific hardware vendor platforms like the Nokia appliance and the recently announced RealSecure network protection software for the Crossbeam appliance. The Nokia appliance is a proven platform for RealSecure Network Protection, providing for rapid deployment. The appliance from Crossbeam Systems, Inc. provides a single, high availability, multi-segment application platform, while also offering expansion options for firewalling, antivirus, and web content filtering applications. In addition, we are planning the release of ISS branded network appliances, beginning in the first half of 2003, using the Linux operating system and incorporating network protection software. We have incorporated a modular design in our software products to permit plug-and-play capabilities, although customers often use our professional services or our strategic partners to install and configure products for use in larger or more complex network systems. We employ a three-pronged product development strategy to achieve our goal of providing comprehensive security coverage for monitoring, detection and response. First, we provide regular security updates to our products that are based on our vulnerability and threat database. These updates are usually provided as part of separate maintenance agreements sold with the product license. Second, we continue to develop new best-of-breed security products to protect networks, servers and desktops. Historically, existing products are updated to add new features and improve functionality. These enhancements are available to customers through our software maintenance program. Third, to complement our network, server and desktop products and provide more comprehensive network security coverage, we continue expanding existing products by developing additional enterprise-level security management products, including our RealSecure SiteProtector and Security Fusion products. These products are intended to help customers protect their networks, servers and desktops by continuously measuring and analyzing the status of their security, monitoring and protecting from security risks in real time across the enterprise network. These RealSecure enterprise management products operate with our network, server and desktop products, allowing modular implementation. Expenses for product development were $31.3 million, $35.4 million, and $35.3 million in 2000, 2001 and 2002, respectively. All product development activities are conducted at either our principal offices in Atlanta or at our research and development facilities in Mountainview, California, Reading, England and Sydney, Australia. At December 31, 2002, 297 personnel were employed in product development teams. Our personnel include members of the Computer Security Institute, Forum for Incident Response and Security Technicians (FIRST), Georgia Tech Industrial Partners Association, Georgia Tech Information Security Center and the International Computer Security Association (ICSA), enabling us to actively participate in the development of industry standards in the emerging market for network and Internet security systems and products. PRICING We use a range of fee structures to license our products, depending on the type of product and the intended use. We license our vulnerability assessment products, Internet Scanner, System Scanner, Wireless Scanner and Database Scanner based on the number of devices being assessed. The pricing provides low entry points for departmental users without limiting our revenue potential from customers with large networks. 9 Pricing for our threat detection and response products, including the RealSecure line of software agents, is based on the number of copies deployed on the network. Thus, licensing fees for our products are ultimately determined by the size of the customer's network, as size dictates the number of devices to be assessed or the number of copies to be deployed. Management software is sold on a capacity basis. The license fee for the management software is determined by the size of the sensor/detector and scanner purchase. This capacity-based pricing structure provides customers with the ability to license as much management as they require. In addition to license fees, customers purchase maintenance agreements in conjunction with their initial purchase of a software license, with annual maintenance fees typically equal to 20% of the product's license fee. Maintenance agreements include annually renewable telephone support, product updates, access to our X-Force Security Alerts and error corrections. Our continuing research into new security risks and resulting product updates provide significant ongoing value. We provide customers with a regular stream of security updates, known as X-Press Updates, as part of this maintenance agreement. X-Press Updates serve to keep our products up to date with the latest vulnerabilities and threats that are present in Internet environments. As a result, a substantial majority of our customers renew their maintenance agreements. We have historically sold fully-paid perpetual licenses with a renewable annual maintenance agreement and, have licensed our products on a subscription basis, including maintenance, for one or two year periods and are exploring other alternatives for customers desiring longer term arrangements or multi-year commitments. Customers who use our products to provide information technology assessment services are offered subscription license agreements, typically with a one-year term. Monitoring fees for managed security services are determined by the complexity of the monitoring arrangement and by the number of devices being monitored. The pricing is scalable, allowing for customers to start with basic security monitoring services and expand as the business grows. Contracts are for a minimum one-year term and are typically billed monthly as services are performed. Our professional services fees are calculated either on a fixed-fee basis or an hourly rate per consultant based on the scope of the engagement, market sector and geographical territory. Educational services are calculated on a per-class basis. CUSTOMERS As of December 31, 2002, Internet Security Systems had more than 11,000 business customers, and maintained operations in 22 countries. No customer accounted for more than 10% of our consolidated revenues in 2000, 2001 or 2002. Target customers include both public and private sector organizations, as well as consumers, that use Internet protocol enabled information systems. Business customers represent a broad spectrum of organizations within diverse sectors, including financial services, technology, telecommunications, government, and information technology services. SALES AND MARKETING Sales Organization Our sales organization is divided regionally among the Americas, EMEA and the Asia/Pacific regions. In the Americas, we market our products through our direct sales organization and through various partners, including system integrators, value-added resellers and distributors. The direct sales organization for the Americas consists of regionally based sales representatives and sales engineers, and a telesales organization, located in Atlanta. We maintain a number of domestic sales offices in various cities throughout the United States and in Canada, Mexico and Brazil. As of December 31, 2002, we employed approximately 172 people in the Americas sales organization. The regionally based direct sales representatives focus on opportunities with large organizations. Included as part of the sales organization is a channel management group that drives incremental revenue through selected channel partners and acts as the liaison between the direct sales representatives and the channel partners. In the EMEA and Asia/Pacific regions, the substantial portion of our sales occurs through authorized resellers. Internationally we have established regional sales offices in several countries in Europe as well as in Egypt, Japan, Australia and Singapore. Personnel in these offices are responsible for market development, 10 including managing our relationships with resellers, assisting them in winning and supporting key customer accounts, acting as a liaison between the end user and our marketing and product development organizations and providing consulting and training services. As of December 31, 2002, approximately 376 employees were located in our European and Asia/Pacific regional offices. We expect to continue to expand our field organization into additional countries in these regions. SecurePartner(TM) Program Channel Sales A key element of our marketing strategy is to establish our products, services and information security methodologies as the leading approach for information protection and security management for the enterprise, service provider and risk management markets. We have implemented a multi-faceted awareness program to leverage the use of corporate, product and service brands to increase acceptance of our offerings through relationships with various distribution and reseller channel partners. We typically enter into written agreements with resellers, distributors, managed service providers, Internet service providers and OEMs. These agreements generally do not provide for firm dollar commitments from the parties, but are intended to establish the basis upon which the parties will work together to achieve mutually beneficial objectives. Distributors To accommodate the large number of smaller resellers that cannot qualify under the SecurePartner Program, a two-tier distribution model has been established to ensure appropriate access to ISS products and support. ISS provides direct, focused support to these distributors, who in turn, support an extensive community of smaller resellers and consultancies as well as provide product to our resellers. Resellers We maintain the SECUREPARTNER(TM) program to train and support security consulting practices, systems integrators and product and service resellers who match our offerings with their own complementary products and services. By reselling our solutions, our resellers provide additional value for specific market and industry segments, while maintaining our ongoing commitment to quality software and customer satisfaction. There are three different levels of reseller opportunities: - Premier Partners. Premier Partners are typically security consultants, value-added resellers (VARs) and systems integrators with focused security practices. Many Premier Partners are experienced in the sales and implementation of leading firewall, authentication and encryption technologies. Premier Partners maintain the highest level of resale. These partners leverage their expertise with our vulnerability assessment and enterprise protection products. Premier Partners receive direct distribution of our products, sales and technical training, access to market development funds, use of our Web site for placing orders, monthly regular SecurePartner email newsletters, security information from the ISS X-Force and other partner-only communications and, access to the ISS Partner Resource Center Web site and a listing on our Partner Web page(s). - Authorized Partners. Authorized Partners generally consist of organizations that provide security focused consulting and/or integration services. Authorized Partners are also required to maintain a specified level of resale, although at a more modest level than Premier Partners. Authorized Partners can take advantage of many of the same benefits that Premier Partners enjoy, including purchasing products directly from ISS, sales and technical training, Web site access in order to place orders and partner-only communications and a listing on our Partner Web page(s). - Corporate Resellers. Although we have numerous reseller partners, certain of these relationships generate unique and significant leverage for us in targeted markets. Our corporate resellers provide broad awareness of our brands through enhanced marketing activity, access to large sales forces and access to larger, more strategic customer opportunities. Service Providers Internet Security Systems works closely with leading global organizations to expand the breadth and depth of their offerings to include product and service solutions from ISS. Each of these providers integrates 11 and manages one or more ISS technology products as part of a larger service offering, or resells ISS' Managed Security Services as an extension of its core offerings. Original Equipment Manufacturers Agreements with OEMs enable them to incorporate our products into their own product offerings to enhance their security features and functionality. We receive royalties or other consideration from OEM vendors and increased acceptance of our products under these arrangements, which, in turn, are intended to promote sales of our other products to the OEM's customers. Marketing Programs We conduct a number of marketing programs to support the sale and distribution of our products. These programs are designed to inform existing and potential end-user customers and resellers about the capabilities and benefits of our products. Marketing activities include: - Press relations, industry analyst relations and education; - Publication of technical and educational articles in both print and online media, through our white papers, and through our own print and online newsletters and/or magazines; - Direct mail and email; - Participation in industry tradeshows; - Product/technology conferences, seminars, and web casts; - Competitive analysis; - Sales training; - Advertising and development and distribution of marketing literature; and - Maintenance of our Web site. COMPETITION The market for network security monitoring, detection and response solutions is intensely competitive, and we expect competition to increase in the future. We believe that the principal competitive factors affecting the market for information security include security effectiveness, manageability, technical features, performance, ease of use, price, scope of product offerings, professional services capabilities, distribution relationships and customer service and support. Although we believe that our solutions generally compete favorably with respect to such factors, we cannot guarantee that we will compete successfully against current or potential competitors, especially those with significantly greater financial resources or brand name recognition. INTELLECTUAL PROPERTY AND TRADEMARKS We rely primarily on copyright, trademark, patent and trade secret laws, confidentiality procedures and contractual provisions to protect our intellectual property and other proprietary rights. We have obtained one United States patent and have a number of patent applications pending in the United States and certain foreign jurisdictions. We believe that the technological and creative skills of our personnel, new product developments, frequent product enhancements, our name recognition, our professional services capabilities and delivery of reliable product maintenance are essential to establishing and maintaining a technology leadership position. We cannot assure you that our competitors will not develop technologies that are similar to ours. We generally license our software products to end users in object code (machine-readable) format. Some of our customers have required us to maintain a source-code escrow account with a third-party software escrow agent, and a failure by us to perform our obligations under any of the related license and maintenance agreements, or our insolvency, could result in the release of our product source code to such customers. The standard form license agreement for our software products allows the end user to use our products solely on the end user's computer equipment for the end user's internal purposes, and the end user is generally prohibited from sublicensing or transferring the products. 12 Despite our efforts to protect our intellectual property, unauthorized parties may attempt to copy aspects of our products or to obtain and use information that we regard as proprietary. Policing unauthorized use of our products is difficult. While we cannot determine the extent to which piracy of our software products occurs, we expect software piracy to be a persistent problem. In addition, the laws of some foreign countries do not protect our proprietary rights to as great an extent as do the laws of the United States and many foreign countries do not enforce these laws as diligently as U.S. government agencies and private parties. Internet Security Systems, the Internet Security Systems logo, Network ICE, ICEpac, System Scanner, Wireless Scanner, SiteProtector, ADDME, AlertCon, ActiveAlert, FireCell, FlexCheck, SecurePartner, SecureU, X-Force and X-Press Update are trademarks and service marks, BlackICE is a licensed trademark and Secure Steps, SAFEsuite, RealSecure, Internet Scanner, Database Scanner, Online Scanner, the Network ICE logo and ICEcap are registered trademarks and service marks, of Internet Security Systems, Inc. or its wholly-owned subsidiaries. EMPLOYEES As of December 31, 2002, we had 1,215 employees, of whom 297 were engaged in product research and development, 326 were engaged in sales and marketing, 271 were engaged in customer service and support, 141 were engaged in professional services, and 180 were engaged in administrative functions. We believe that we have good relations with our employees. ITEM 2. PROPERTIES We currently lease two buildings totaling approximately 240,000 square feet in Atlanta, Georgia for our headquarters and research and development facility. A third building totaling approximately 62,000 square feet is currently under construction and is scheduled for completion in June of 2003. The lease on these three buildings expires in May 2013. We lease additional office space in Chicago, Illinois; Mountainview, California; Southfield, Michigan; New York, New York; and Washington, D.C., as well as small executive suites in a number of United States cities. In addition, we lease office space in Sao Paulo and Rio, Brazil; Brussels, Belgium; London and Reading, England; Paris, France; Stuttgart, Germany; Stockholm and Helsinborg, Sweden; Milan, Rome and Padova, Italy; Madrid, Spain; Zurich, Switzerland; Amsterdam, Netherlands; Warsaw, Poland; Cairo, Egypt; Manila, Philippines; Seoul, Korea; Sydney and Brisbane, Australia; Singapore; Osaka, Japan; and Tokyo, Japan. We believe that our existing facilities are adequate for our current needs and that additional space will be available as needed. ITEM 3. LEGAL PROCEEDINGS Beginning on September 28, 2001, the Company and certain of its officers and directors were named as defendants in several lawsuits alleging violations of the federal securities laws, including Sections 10(b) and 20(a) of the Securities Exchange Act of 1934, as amended, and Rule 10b-5 thereunder. Six such actions were filed in the United States District Court for the Northern District of Georgia. All six actions have been consolidated into a single case and the court has appointed lead plaintiffs and lead plaintiff's counsel. The consolidated amended complaint was filed October 9, 2002 and purports to be brought on behalf of a class of investors who purchased the Company's stock during the period from April 5, 2001 through August 14, 2001 (the "Class Period"). The complaint generally alleges that the Company and the individual defendants violated the anti-fraud provisions of the federal securities laws and caused the Company's stock to trade at artificially high prices by making misrepresentations relating to the Company's financial condition and prospects during the Class Period. The complaint seeks damages in an unspecified amount. On December 11, 2002, the Company and the individual defendants moved to dismiss the consolidated amended complaint under the Private Securities Litigation Reform Act of 1995. The Court has not yet ruled on that motion. The Company believes that it has meritorious defenses and intends to defend the actions vigorously. ITEM 4. SUBMISSION OF MATTERS TO A VOTE OF SECURITY HOLDERS No matter was submitted to a vote of our stockholders during the fourth quarter of 2002. 13 PART II ITEM 5. MARKET FOR REGISTRANT'S COMMON EQUITY AND RELATED STOCKHOLDER MATTERS Our Common Stock is quoted on the NASDAQ National Market under the symbol "ISSX". The following table lists the high and low per share sales prices for the Common Stock as reported by the NASDAQ National Market for the periods indicated:
2002: HIGH LOW ----- ------ ------ First Quarter............................................... $41.49 $21.75 Second Quarter.............................................. 25.57 10.26 Third Quarter............................................... 18.58 11.20 Fourth Quarter.............................................. 26.77 11.64
2001: HIGH LOW ----- ------ ------ First Quarter............................................... $80.19 $25.25 Second Quarter.............................................. 62.46 19.75 Third Quarter............................................... 51.49 8.35 Fourth Quarter.............................................. 38.85 9.42
As of March 12, 2003, there were 49,633,772 shares of our Common Stock outstanding held by 289 stockholders of record. We have never declared nor paid cash dividends on our capital stock. We intend to retain any earnings for use in our business and do not anticipate paying any cash dividends in the foreseeable future. Our Board of Directors will determine future dividends, if any. In October 2002, we issued approximately 966,000 shares of Common Stock as consideration for all the issued and outstanding stock of privately held vCIS. We also assumed all of the outstanding vCIS stock options, which totaled approximately 35,000 shares of ISS common stock. These shares were issued in a transaction exempt from registration under the Securities Act of 1933, as amended. In June 2001, we issued approximately 4,311,000 shares of Common Stock as consideration for all the issued and outstanding stock of privately held Network ICE Corporation. We also assumed all of the outstanding Network ICE stock options, which totaled approximately 289,000 shares of ISS common stock. These shares were issued in a transaction exempt from registration under the Securities Act of 1933, as amended. In August 2000, we issued approximately 29,100 shares of Common Stock as consideration for all the issued and outstanding stock of privately held ISYI, Inc. These shares were issued in a transaction exempt from registration under the Securities Act of 1933, as amended. On July 18, 2002 we announced our plan to repurchase up to $50 million of Common Stock utilizing cash on hand and cash flow generated from operations over the next twelve months. As of December 31, 2002 we had repurchased approximately 133,000 shares of Common Stock at a cost of approximately $2,034,000. On July 11, 2002, the Board of Directors adopted a shareholder rights plan and authorized and declared a dividend of one preferred share purchase right (a "Right") for each outstanding share of Common Stock of the Company. The dividend was paid on July 29, 2002 to the stockholders of record on that date. Stock issued subsequent to July 29, 2002 will be issued with an attached Right. Each Right will initially represent the right, under certain circumstances, to purchase one one-thousandth of a share of Series A Junior Participating Preferred Stock (the "Junior Preferred Stock") at a purchase price of $80 per one one-thousandth of a share. If a person or group acquires beneficial ownership of 20% or more of the then outstanding shares of the Company's Common Stock (an "Acquiring Person"), the holder of a Right, upon exercise of the Right, will thereafter have the right to receive, in lieu of shares of Junior Preferred Stock, shares of the Company's Common Stock (or, in certain circumstances, cash, property or other securities of the Company) having a value equal to twice the purchase price of the Right. 14 The Rights expire on July 11, 2012. Generally, the Board of Directors may redeem the Rights at a price of $.001 per Right (subject to adjustment) at any time prior to the earlier of (i) the close of business on the tenth business day following the date a person becomes an Acquiring Person or (ii) the expiration date of the Rights. Prior to any person or group becoming an Acquiring Person, the Company may amend the Rights Agreement at any time. 15 ITEM 6. SELECTED CONSOLIDATED FINANCIAL DATA The financial data set forth below for each of the three years in the period ended December 31, 2002 and as of December 31, 2001 and 2002 has been derived from the audited consolidated financial statements appearing elsewhere in this Annual Report on Form 10-K. The financial data for the years ended December 31, 1998 and 1999 and as of December 31, 1998, 1999 and 2000, has been derived from audited financial statements not included herein. This data should be read in conjunction with the consolidated financial statements and notes thereto, and with Item 7, Management's Discussion and Analysis of Financial Condition and Results of Operations.
YEAR ENDED DECEMBER 31, --------------------------------------------------- 1998 1999 2000 2001 2002 ------- -------- -------- -------- -------- (AMOUNTS IN THOUSANDS, EXCEPT PER SHARE AMOUNTS) CONSOLIDATED STATEMENT OF OPERATIONS DATA: Revenues..................................... $57,088 $116,487 $194,975 $223,559 $243,285 Merger costs................................. -- 2,329 -- -- -- Write-off of lease obligation................ -- -- -- 1,072 -- Charge for in-process research and development................................ 802 -- -- 2,910 18,537 Amortization of goodwill..................... 77 318 479 26,505 -- Amortization of intangibles and stock-based compensation............................... 153 674 674 5,227 5,674 Operating income (loss)...................... (6,105) 2,700 20,569 (24,158) 8,023 Other income, net............................ -- -- -- 15,132 3,859 Net income (loss)............................ $(3,893) $ 7,490 $ 18,315 $(15,458) $ 1,779 ======= ======== ======== ======== ======== Basic net income (loss) per share............ $ (0.12) $ 0.19 $ 0.44 $ (0.34) $ 0.04 ======= ======== ======== ======== ======== Diluted net income (loss) per share.......... $ (0.12) $ 0.17 $ 0.41 $ (0.34) $ 0.04 ======= ======== ======== ======== ========
DECEMBER 31, --------------------------------------------------- 1998 1999 2000 2001 2002 ------- -------- -------- -------- -------- (AMOUNTS IN THOUSANDS) CONSOLIDATED BALANCE SHEET DATA: Working capital.............................. $53,157 $127,135 $145,133 $149,080 $187,387 Goodwill, less accumulated amortization...... 3,094 2,775 3,167 197,060 200,464 Total assets................................. 84,724 184,845 240,240 500,984 546,568 Stockholders' equity......................... 66,505 155,153 188,389 426,935 464,556
16 ITEM 7. MANAGEMENT'S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS The following discussion should be read in conjunction with the Consolidated Financial Statements and related Notes thereto included elsewhere in this Annual Report on Form 10-K. Except for the historical financial information, the matters discussed in this document may be considered "forward-looking" statements. Such statements include declarations regarding our current intent, belief or expectations. Such forward-looking statements are not guarantees of future performance and involve a number of risks and uncertainties. Actual results may differ materially from those indicated by such forward-looking statements. Among the important factors that could cause actual results to differ materially from those indicated by such forward-looking statements as a result of certain factors, including, but not limited to, those set forth under the "Risk Factors" heading below. OVERVIEW We are a global leader in information protection solutions dedicated to protecting online assets. Our proactive line of defense solutions protects networks, servers and desktops against an ever-changing spectrum of threats, with a comprehensive line of products and services designed specifically for the particular needs of enterprise, service provider and risk management markets. These threat protection solutions go beyond basic access control to deliver multiple layers of defense that detect, prevent and respond to threats prior to those threats causing damage to our customers' business operations. We provide a wide range of proactive protection solutions that spans networks, servers and desktops, built around the need for comprehensive, cost-effective detection, prevention and response arising from attacks, misuse and security policy violations, all while promoting the confidentiality, privacy, integrity and availability of proprietary information. Our family of products is a critical element of an active Internet and networking security program within today's world of global connectivity, enabling organizations to proactively monitor, detect and respond to risks to enterprise information. Our line of products is designed specifically for the particular needs of enterprise, service provider, risk management, small business and consumer markets. Our managed services offerings currently provide remote management of our best-of-breed security technology, focusing on security assessment and intrusion detection systems, and include firewalls, VPNs, anti-virus and URL filtering software. We focus on serving as the trusted security provider to our customers by maintaining within our existing products the latest counter-measures to security risks, creating new innovative products based on our customers' needs and providing professional and managed services. Many factors affect financial performance, and past performance is no assurance of similar future performance. We expect, in the long-term, to continue to expand our domestic and international sales and marketing operations; increase our investment in product development including our proprietary threat and vulnerability database and managed services capabilities; seek acquisition candidates and alliances with partners whose products, technologies or services capabilities are complementary to our solutions; and improve our internal operating and financial infrastructure in support of our strategic goals and objectives. At the same time, we expect to adjust our organization size in light of changing economic conditions and maintain emphasis on controlling discretionary spending and capital expenditures. While we believe in the long-term success of our business solutions, our prospects must be considered in light of the recent experience, risks and difficulties that are frequently encountered by companies in new and rapidly evolving markets. See "Risk Factors". CRITICAL ACCOUNTING POLICIES The consolidated financial statements were prepared in conformity with accounting principles generally accepted in the United States. As such, management is required to make certain estimates, judgments and assumptions it believes are reasonable based upon the information available. These estimates and assumptions affect the reported amounts of assets and liabilities at the date of the financial statements and the reported amounts of revenues and expenses during the periods presented. The significant accounting policies which 17 management believes are the most critical to aid in fully understanding and evaluating our reported financial results include the following: Revenue recognition Revenue is recognized under Statement of Position ("SOP") 97-2 as modified by SOP 98-9, when the following criteria have been met: - persuasive evidence of an arrangement exists; - delivery has occurred or services have been rendered; - price is fixed or determinable; and - collection is probable. We recognize perpetual license revenues upon (1) delivery of software or, if the customer has evaluation software, delivery of the software key and (2) issuance of the related license, assuming that no significant vendor obligations or customer acceptance rights exist. Where payment terms are extended over periods greater than 12 months, revenue is recognized as such amounts become due and payable. Product sales consist of (1) appliances sold in conjunction with ISS licensed software and (2) software developed by third-party partners, combined in some instances with associated hardware appliances and partner maintenance services. These sales are recognized upon shipment to the customer provided all other revenue recognition criteria are met. License sales of enterprise products are generated both through a direct sales force and through various partners, including system integrators, value-added resellers and distributors. License revenue is recognized when the end user sale has occurred, provided all other revenue recognition criteria are met, which is identified through electronic delivery of a software key that is necessary to operate the product. At the point of key delivery, the end-user has no right of return. License sales of consumer and small office products are made through a distributor to retail establishments and are sold directly to customers via the Internet. License revenue for sales made through resellers and distributors are recognized only when the product is delivered to the end user provided all other revenue recognition criteria are met. Subscription revenues include maintenance, term licenses, and managed service arrangements. Annual renewable maintenance is a separate component of each perpetual license agreement for ISS products with revenue recognized ratably over the maintenance term. Term licenses allow customers to use our products and receive maintenance coverage for a specified period, generally 12 months. We recognize revenues from these term agreements ratably over the subscription term. Security monitoring services of information assets and systems are part of managed services and revenues are recognized as such services are provided. Professional services revenues include fee-based service engagements and training. Service engagements, typically billed on a time-and-materials basis, primarily focus on security assessments of customer networks and the development of customers' security policies. We recognize such professional services revenues as the related services are rendered. Multiple element arrangements can include any combination of hardware, software or services. When some elements are delivered prior to others in an arrangement, revenue is deferred until the delivery of the last element unless there is all of the following: - vendor specific objective evidence (VSOE) of fair value of the undelivered elements; - the functionality of the delivered elements is not dependent on the undelivered elements; and - delivery of the delivered elements represents the culmination of the earnings process. Our historical rate of return for our software products is negligible. We offer demonstration software available via download from our website that allows potential customers to see the functionality of the 18 products on their own networks. We did not have any transactions in 2000, 2001 or 2002 involving reciprocal arrangements where goods or services were purchased from an organization at the same time that we licensed software or provided services to that organization. Allowance for doubtful accounts Our sales are global, with customers located in the United States, Europe, Latin America and the Asia/Pacific regions. We perform periodic credit evaluations of our customer's financial condition and do not require collateral. Credit risk with respect to trade accounts receivable are limited due to the large number of entities that comprise the Company's customer base. We provide for estimated credit losses as such losses become probable. We evaluate specific accounts when we become aware of a situation where a customer may not be able to meet its financial obligations due to deterioration of its liquidity or financial viability, credit ratings or bankruptcy. The allowance for doubtful accounts is established based on the best facts available to us and is reevaluated and adjusted as additional information is received. At December 31, the 2002 allowance for doubtful accounts totals 4.7% of the $56.7 million of net trade receivables. Our provision for doubtful accounts for the year ended December 31, 2002 amounted to $2.1 million. This was an increase from $600,000 in 2000 and $1.6 million in 2001. Weakness in overall global economic conditions in 2001 increased our exposure to uncollectible accounts, explaining the increase in the provision from 2000. The economic conditions in the Asia/Pacific region, primarily in the northeast Asian markets of Japan, Korea and China, increased our exposure to uncollectible accounts in 2002. We performed an internal evaluation of the outstanding receivables in this region and increased our provision by approximately $500,000 at December 31, 2002 for such estimated losses. During 2002, we decreased the provision by $400,000 for allowances specifically established for two customers that were successfully collected in 2002. Finally during 2002, in response to the difficult current economic conditions, we wrote off approximately $1.9 million of receivables that were deemed uncollectible due to the deteriorating condition of certain customers. While actual credit losses have historically been within management's expectations and the provisions established, we cannot guarantee that we will continue to experience the same credit loss rates we have in the past. If the financial condition of our customers were to deteriorate, resulting in an impairment of their ability to make payments, additional allowances may be required. Impairment of goodwill In July 2001, the Financial Accounting Standards Board issued Statement of Financial Accounting Standards No. 142 ("SFAS No. 142"), Goodwill and Other Intangible Assets. The Company adopted SFAS No. 142 as of January 1, 2002. SFAS No. 142 requires companies to cease amortizing goodwill and establish a new method for testing goodwill for impairment. We review goodwill for impairment on an annual basis or on an interim basis whenever events or changes in circumstances indicate that the carrying amount of an asset may not be recoverable. All other long-lived and intangible assets are reviewed for impairment whenever events or circumstances indicate that the carrying amount of an asset may not be recoverable. Such impairment loss would be measured as the difference between the carrying amount of the asset and its fair value based on the present value of estimated future cash flows. Significant judgment is required in the forecasting of future operating results, which are used in the preparation of projected cash flows. Due to uncertain market conditions and potential changes in our strategy and products, it is possible that forecasts used to support our intangible assets may change in the future which could result in significant non-cash charges that would adversely affect our results of operations and financial condition. We currently have intangible assets related to goodwill of approximately $200 million, with $195 million related to our June 2001 acquisition of Network ICE. The determination of whether or not this asset is impaired involves significant judgments based upon short and long-term projections of future performance. We have concluded that this amount is realizable based on forecasted discounted cash flows through 2006 and on our stock market valuation. Neither method indicated that our goodwill had been impaired and as a result, we did not record any impairment losses related to goodwill during the year ended December 31, 2002. 19 ACQUISITIONS We believe that our total solutions approach will positively impact all of our revenue categories. This includes our products and managed services offerings, as well as maintenance and professional services and training. While we expect the expansion of these product and service offerings to originate primarily from internal development, our strategy includes acquiring products, technologies and service capabilities that fit within our strategy and potentially accelerate the timing of the commercial introduction of such products and technologies. On October 30, 2002, we completed the acquisition of privately held vCIS of Santa Clara, California, a developer of patent-pending, next-generation, pre-emptive behavioral inspection technology. The technology prevents malicious code from executing and causing damage before it has an opportunity to interact with the enterprise network. The aggregate purchase price was $19.6 million and was primarily allocated to in-process research and development. In-process research and development had not yet reached technological feasibility and was required to be expensed at the time of acquisition under generally accepted accounting principles ("GAAP"). As a result we incurred an expense of $18.5 million in the fourth quarter of 2002. Of the remaining purchase price, $1.2 million was allocated to the assembled workforce, which is being amortized over 3 years, $200,000 was allocated to net tangible assets, principally fixed assets, and $300,000 of liabilities were assumed. In August 2002, Internet Security Systems KK ("ISS KK"), our Asia-Pacific subsidiary, acquired a distributor in Singapore, TriSecurity Holdings Pte Ltd. ("TriSecurity"). TriSecurity was the sole distributor for ISS KK in Southeast Asia, including India, and its business was almost exclusively focused on ISS solutions. This acquisition provides our Asia-Pacific subsidiary direct support capabilities for their customers in Southeast Asia and allows ISS KK to expand its capabilities in this growing market. The consideration consisted of 1,000 shares of ISS KK stock and approximately $1.2 million of cash. Goodwill of approximately $4.0 million related to the purchase was recorded. There is additional annual contingent consideration dependent on the achievement of specified increasing levels of revenues and operating profits through 2004. The total maximum additional consideration at December 31, 2002 is 490 shares of ISS KK stock and any shares issued will be recorded as additional purchase price. On June 5, 2001, we acquired 100% of the outstanding stock of Network ICE Corporation, a privately held corporation based in San Mateo, California. Network ICE was a leading developer of desktop intrusion protection technology and highly scalable security management systems. The merger was accounted for as a purchase and, accordingly, the operating results of Network ICE are included in the consolidated financial statements of ISS from the date of acquisition. Substantially all of the aggregate purchase price of $237.6 million was allocated to goodwill, with the remainder allocated to identified intangibles, including in-process research and development, developed technology, customer relationships, and to deferred compensation related to stock options assumed. 20 RESULTS OF OPERATIONS The following table sets forth our consolidated historical operating information, as a percentage of total revenues, for the periods indicated:
YEAR ENDED DECEMBER 31, ------------------------- 2000 2001 2002 ----- ----- ----- Consolidated Statements of Operations Data: Product licenses and sales............................... 62% 55% 50% Subscriptions............................................ 21 30 38 Professional services.................................... 17 15 12 --- --- --- Total revenues................................... 100 100 100 --- --- --- Cost of revenues: Product licenses and sales............................... 12 6 3 Subscriptions and professional services.................. 19 23 21 --- --- --- Total cost of revenues........................... 31 29 24 Research and development................................... 16 16 15 Sales and marketing........................................ 35 41 39 General and administrative................................. 7 9 10 Write-off of lease obligation.............................. -- 1 -- Charge for in-process research and development............. -- 1 8 Amortization of intangibles & stock based compensation..... -- 2 2 Amortization of goodwill................................... -- 12 -- --- --- --- Total costs and expenses......................... 89 111 98 --- --- --- Operating income (loss).................................... 11% (11)% 2% === === ===
REVENUES Product licenses and sales Product licenses and sales, including perpetual licenses and sales of partner software and hardware appliances, have been relatively flat at between $119 million and $122 million for the last three years. They continue to be the primary, but decreasing, source of revenue generation at 62% of total revenues in 2000, 55% in 2001 and 50% in 2002 as subscription revenues have grown significantly. Within this revenue category, perpetual licenses of our products have grown each year, but the increase has been offset by the decrease in sales of third-party products. The movement away from direct sales of third-party products was a conscious effort to simplify our business by focusing on our own ISS solutions. The business of selling third-party products arose from our Netrex acquisition in 1999. We continue the sales of third-party products as part of our managed services offerings, otherwise de-emphasizing the direct sales of third party products. Third-party product revenues decreased as a percentage of total revenues from 16% in 2000 to 8% in 2001 and 3% in 2002. It is our intent to limit future third-party sales to current MSS related offerings or delivery of ISS solutions in appliance offerings that are planned for 2003. Subscriptions Subscriptions revenue represented 21% of total revenues in 2000 and increased to 30% of total revenues in 2001 and to 38% in 2002. Subscription revenues consist of maintenance, term licenses of product usage and security-monitoring fees for managed services offerings. The increase in subscriptions revenue as a percentage of total revenues was primarily due to an increase in maintenance revenues, the largest component, which grew from 13% of total revenues in 2000 to 20% in 2001 and to 27% in 2002. We continue to increase our software client base that generates maintenance revenues, through a combination of maintenance contracts associated with new product licenses and a high renewal rate of existing contracts. 21 Managed services revenues accounted for 8% of total revenues in the year 2002, as compared with 6% in the year 2001 and 4% in the year 2000. This increase was a result of our continued focus on our intrusion protection offerings, partially offset by decreasing non-core service offerings during 2001. Specifically, we eliminated a security offering combined with internet service provider services in the last quarter of 2001, and eliminated contracts where the partner contracted for capacity, but did not achieve the underlying end-user contracts. In addition, we have had some customers bring firewall management in-house. As a result, management of our products is a larger portion of our managed services business, which we perceive as providing long-term value to our customers. Professional services Professional services revenue decreased both in absolute dollars and as a percentage of total revenue from 15% in 2001 to 12% in 2002. This followed an increase in absolute dollars in 2001, but a decrease from 17% of revenues in 2000 to 15% in 2001. During 2001 we began narrowing our consulting offerings to focus on services that directly contribute to our protection platform strategy. This strategy continued in 2002 as we focused on high-value offerings that utilize our X-Force expertise, and choose to use partners to provide deployment and other offerings where appropriate. At the same time, services were impacted by decreased customer spending as entities curtailed costs in the second half of 2001 and continued to limit discretionary dollars on professional services in 2002. Over the past three years we have also decreased the number of education classes related to third-party products and increased our emphasis on courses related to ISS solutions. In the future, we intend to have more of our developed course materials delivered to our customers through authorized training centers rather than at our locations. Geographic regions Geographically, we derived the majority of our revenues from sales to customers within the Americas region. Revenues by region represented the following percentages of total revenues:
2000 2001 2002 ---- ---- ---- Americas.................................................... 79% 71% 72% EMEA........................................................ 13% 15% 15% Asia/Pacific................................................ 8% 14% 13%
Revenues in EMEA and Asia/Pacific for 2002 remained consistent with 2001, with Asia/Pacific down minimally due to difficult economic conditions in portions of the region in the latter part of 2002. The financial data for each segment can be found in Note 10 to the Consolidated Financial Statements in Item 14. COSTS AND EXPENSES Personnel and related costs represent our largest expense category. We consistently increased our quarterly headcount for several years until July 2001, when we resized the business as the result of disappointing sales results in the quarter ended June 30, 2001. This resizing included personnel reductions in all areas of the business and decreases in various operating expenses, with emphasis also on controlling discretionary spending and capital expenditures. Cost of product licenses and sales Cost of product licenses and sales consists of several components. Costs associated with licensing our products are minor. Substantially all of the cost of product licenses and sales represents payments to partners for their products that we integrate with our products or directly provide to our customers as part of a single solution source. Costs of product revenues as a percentage of total revenues decreased from 12% in 2000 to 6% in 2001 and to 3% in 2002, as sales of partner software and hardware appliances represented a lower percentage of total revenues. The continued decrease as a percent of revenue is consistent with our movement 22 away from the direct sales of third-party products, except where related to ISS managed services or associated with the delivery of ISS products, such as future appliance offerings. Cost of subscriptions and professional services Cost of subscriptions and services includes the cost of our technical support personnel who provide assistance to customers under maintenance agreements, the security operations center ("SOC") costs of providing managed security monitoring services and the costs related to our professional services and training. These costs as a percentage of total revenues were 19% in 2000, 23% in 2001 and 21% in 2002. The percentage increase in cost of subscriptions and professional services from 19% in 2000 to 23% in 2001 is a result of our significant commitment to subscription and professional services revenues. We expanded our managed security offering capabilities in terms of automated systems, number of managed security operations centers and personnel resources. We made an increased investment in automated systems and personnel resources for our Asia/Pacific SOC, which began operating in the third quarter of 2001. We added professional services capabilities and more automated technical support programs throughout 2000 and early 2001. As we narrowed the scope of our professional service and educational offerings in the latter half of 2001, we reduced personnel in the consulting and education groups to achieve appropriate gross margins at expected revenue levels. As a result of our effort to focus on core professional services combined with the difficult economic conditions, costs associated with our professional services and education services decreased as a percentage of total revenues from 2001 to 2002. Costs were controlled through a reduction in personnel that began in the third quarter of 2001, a narrowing of our consulting offerings to focus on services that directly contribute to our protection platform strategy, and a decrease in the number of training classes related to third party products. Costs associated with our technical support personnel and our security operations centers increased in 2002 to handle our increasing customer base. As our subscription revenue base increased we added personnel to handle additional customers under maintenance agreements and under managed security monitoring services, but at a much lower rate than revenue growth. We gained efficiencies in our security operations centers and restructured our support groups to be more productive. While we continue to seek increased productivity, we do expect to increase costs with a continued increase in revenues in the future. Research and development Research and development expenses consist of salary and related costs of research and development personnel, including costs for employee benefits, and depreciation on computer equipment. These costs include those associated with maintaining and expanding the X-Force, our internal team of security experts. We believe our primary research and product development and managed service offerings are important to retaining our leadership position in the market. We continue to add functionality to our product family, providing network, server and desktop-based solutions, as well as to our security management applications. In 2002, we provided enhancements to our RealSecure Protection platform by releasing RealSecure Network Protector 7.0, RealSecure Server Sensor 3.5 and RealSecure Desktop Protector 3.5. These releases provided several enhancements, including the combining of signature-based and anomaly detection technologies, improved scalability and the ability to block network traffic as well as new protection from malicious application execution. In the first quarter of 2002, we released RealSecure SiteProtector 1.0, an integrated centralized enterprise management console system of our network, server and desktop protection agents. We also provided enhancements to our vulnerability assessment products as well as RealSecure Guard, RealSecure Sentry and RealSecure Gigabit Sentry. These improvements as well as new offerings are intended to provide our customers with more powerful and easier-to-use solutions for security management across the enterprise. Research and development expenses increased in absolute dollars from $31.3 million in 2000 to $35.4 million in 2001 and remained constant at 16% of total revenues in both fiscal years. This increase in absolute dollars is primarily due to the increase in the number of our development personnel focused on our 23 best-of-breed products, enterprise applications, managed services offerings and research for future product offerings, including the addition of approximately 20 engineers from the June 2001 Network ICE acquisition. In 2002, these expenses decreased slightly in absolute dollars to $35.3 million, and decreased to 15% of total revenues as we were able to gain leverage by continuing to provide new product offerings and enhancements without an increase in research and development expenses. Our development group headcount increased in the fourth quarter of 2002 due to the addition of 20 engineers from the vCIS acquisition. While we are committed to continue our investment in X-Force research capabilities that we believe to be a differentiator for ISS, we intend to continue to seek more leverage in the research and development area while enhancing current technologies and developing new technologies. Sales and marketing Sales and marketing expenses consist of salaries, travel expenses, commissions, advertising, maintenance of our website, trade show expenses, costs of recruiting sales and marketing personnel and costs of marketing materials. Sales and marketing expenses were $68.0 million in 2000, $92.0 million in 2001 and $93.7 million in 2002. Sales and marketing expenses increased to 41% of total revenues in 2001 from 35% in 2000 due to several factors. More difficult economic conditions in 2001 resulted in increased sales and marketing efforts in order to achieve our targets, especially after our disappointing results for the second quarter of 2001. Additionally, we incurred severance costs in the third quarter of 2001 as a result of our headcount reduction. Gaining leverage in sales and marketing was a key objective for us in 2002, and we were able to decrease these expenses as a percentage of total revenues to 39% in 2002. This occurred partly because we resized our operations in the third quarter of 2001, resulting in personnel reductions and decreases in various operating expenses. In areas where revenue demand did not support our cost base, such as Latin America and Europe, we reduced headcount further in the third quarter of 2002. At the same time, we have increased headcount where we believe there are near-term opportunities, such as our United States public sector, which handles opportunities on the federal, state and local levels. We also continue to achieve leverage in our sales and marketing efforts by focusing our direct sales force and continued expansion of the channel as a source of product sales. The channel continues to be an important source of global revenue for us as we use its capabilities to reach not just departmental and small companies, but larger customers as well. Although we decreased our sales and marketing expenses as a percentage of total revenues, we did increase our advertising costs. In the first half of 2002, we launched our first television and print advertising campaign designed to demonstrate the multitude of threats that can compromise the security of a company's networks, servers or desktops. This campaign was aimed at increasing awareness of the ISS brand, especially at the mainstream business market. We intend to continue to expand our channel sales capabilities, focus on controlling discretionary spending and capital expenditures and adjust our organization in light of economic conditions. While we expect to continue to gain leverage in our sales and marketing costs in the future, our ability to do so will be largely dependent on economic and competitive conditions in future periods. General and administrative General and administrative expenses of $14.5 million in 2000, $20.4 million in 2001 and $24.3 million in 2002, represented approximately 7% of our total revenues in 2000, 9% in 2001 and 10% in 2002. General and administrative expenses consist of personnel-related costs for executive, administrative, finance and human resources, internal information systems and other support services costs, and legal, accounting and other professional service fees. The increase in these expenses from 2000 to 2001 is partially attributable to our efforts, through additional employees and systems, to enhance our management's ability to obtain and analyze information about our domestic and international operations, and to support a larger employee base, as well as the expansion of our facilities. In November 2000 we began occupying our corporate headquarters in Atlanta and 24 moved the balance of our Atlanta personnel in the first quarter of 2001, incurring expenses associated with the move. The third quarter of 2001 included severance, contract termination and office consolidation costs that caused general and administrative costs to increase in this period. The increase in general and administrative expenses from 2001 to 2002 includes non-recurring expenses associated with a relocation of our Asia/Pacific headquarters in Tokyo during the second quarter of 2002. Costs included lease termination costs, including remaining rent payments, write-off of leasehold improvements and moving costs. Excluding this impact, general and administrative expenses remained at 9% of total revenues in 2002. Write-off of lease obligation In the first quarter of 2001, we completed the relocation of our Atlanta personnel into our corporate headquarters. We recorded a $1.1 million charge resulting from the write-off of the remaining lease obligation through June 2002 on our previous Atlanta headquarters office space. This non-recurring expense originated in the first quarter of 2001, as available subleased space in the area grew substantially in the quarter as the result of layoffs, closures and consolidations, reducing the prospects of subleasing our old space. Charge for in-process research and development We have reflected charges of $2.9 million in 2001 and $18.5 million in 2002 for the write-offs of in-process research and development costs associated with the Network ICE acquisition in June 2001 and the vCIS acquisition in October 2002. In-process research and development had not reached technological feasibility based on identifiable technological risk factors which indicated that even though successful completion was expected, it was not assured at the acquisition date and was immediately charged to operations. vCIS was developing a protection kernel that uses behavior analysis technology to identify viruses, Trojans, worms, and other forms of malicious code. The technology operates on classes of viruses rather than on individual viruses. It conducts real time assessments of all executable program files, in a safe environment, and cleans the files before they are allowed to execute within an actual system. At the time the merger transaction was concluded, the vCIS technology had not reached technological feasibility. vCIS had no marketable product and several key components of the technology had not been completed. Furthermore, the company has not identified any alternative uses for the technology at its current stage of development. The value of the vCIS in-process technology was estimated using the excess-earnings method, a form of the income approach that quantifies the cash flow attributable to intangible assets. The excess-earnings method captures the value of an intangible asset by discounting to present value the earnings of the asset that remain after a deduction for a return on contributory assets. Contributory assets normally include working capital, fixed assets, and other intangible assets. After a fair return on tangible and other intangible assets is subtracted, the remaining excess cash flow is attributed to the intangible asset being valued. The excess-earnings method explicitly recognizes that the current value of an investment is premised upon the expected receipt of future economic benefits, such as cost savings, periodic income, or sale proceeds. Indications of value are developed by discounting future net cash flows attributed to the technologies to their present value at a rate that reflects the current return requirements of the market and, in the case of the in-process technology, the risks inherent in the completion of the development efforts. For purposes of valuing the in-process research and development, ISS management projected revenue and costs for the vCIS business. The company identified three potential applications for the technology that had differing time tables for completion. In identifying the potential future cash flow from the technology, the first two applications were assumed to be generally available in early to mid 2003, while the last of the three was assumed to be generally available at the beginning of 2004. Total cost to complete the technology for use in all three applications was assumed to be $3.5 million. These assumptions have a degree of uncertainty given that this is new, unproven 25 technology. As evidence of such uncertainty, the timing of the availability of these applications has been extended to either the latter part of 2003 or the first half of 2004. The technology was assumed to have a total life of 15 years, however, revenue attributable to the technology was assumed to begin decreasing after approximately 8 years. Revenue attributable to the technology was assumed to be $4.9 million for 2003 and is assumed to grow at various rates averaging approximately 40% until 2011 when it begins decreasing. We have assumed costs of goods sold, including cost of providing support, to be 15% of revenue. In addition, general and administrative expenses are assumed to be 7.5% of revenue and selling and marketing expenses are assumed to be 30% of revenue. When computing the discounted cash flows associated with each potential application, we adjusted the discount rate to reflect the different level of risk associated with longer development cycle. In other words, because the third application required more additional development that the other two, there is a higher level of risk that this project will ultimately be successful. An independent investor would require a higher rate of return to compensate for this additional risk. The discount rate used to determine present value was 42% for the two earlier applications, and 55% for the last application. Amortization We incurred amortization expense related to intangible assets and stock-based compensation of $674,000 in 2000, $5.2 million in 2001 and $5.7 million in 2002. These intangible assets and stock-based compensation resulted from acquisitions accounted for under the purchase method of accounting and are amortized over their useful lives. The increase from 2000 to 2001 resulted from our June 2001 acquisition of Network ICE. Intangibles from acquisitions will continue to be amortized over their useful lives. Effective January 1, 2002, under the provisions of SFAS 142 goodwill will no longer be amortized, but will be subject to annual tests for impairment. Based on the results of our impairment analysis for 2002, amortization charges related to goodwill were eliminated in 2002 after totaling $26.5 million in 2001. Interest income Net interest income decreased from $8.4 million in 2000 to $6.3 million in 2001 and to $3.2 million in 2002. The decrease in interest income year over year resulted from lower market rates of interest on debt securities. The market rate of interest paid on investment quality commercial paper and similar investments dropped from approximately 6.5% during 2000 to approximately 4.5% during 2001 and dropped to approximately 2% for 2002. As a result, interest income decreased despite an increase in cash and cash equivalents and interest-bearing marketable securities. Minority interest Minority interest totaled $336,000 in 2001 and $187,000 in 2002. Minority interest represents the portion of earnings that would be distributed to shares not held by us if the Asia-Pacific subsidiary declared a dividend equal to its earnings. This minority interest was created from the March 2001 sales of approximately 2% of the outstanding shares of the Asia-Pacific Rim subsidiary to employees and key partners and the September 2001 sales of newly issued shares equal to approximately 10% of its previously outstanding shares in an initial public offering on the Japan over-the counter market. Other income, net Other income of $15.1 million in 2001 includes a gain of $13.6 million from an initial public offering on the Japan over-the-counter market by our subsidiary responsible for Asia/Pacific operations. Proceeds of the IPO were retained by the subsidiary. The gain represents the amount by which the offering price exceeded the carrying amount of subsidiary stock in accordance with Staff Accounting Bulletin No. 51 ("SAB 51"). It also includes a $1.6 million gain from the sale of approximately 2% of the outstanding shares of our Asia/Pacific subsidiary that was recorded in March 2001 in accordance with SAB 51. As part of the planning for an IPO in Japan of a minority interest in our Asia/Pacific subsidiary, which was completed in September 2001, options were granted in the subsidiary as a means of key employee retention and approximately 2% of the outstanding 26 shares were sold to employees and key partners. The gain represents the difference between proceeds received and the underlying basis in the stock. In 2002, other income of $3.9 million includes a third quarter gain of $2.6 million related to the issuance of subsidiary shares in connection with the acquisition of TriSecurity Holdings Pte Ltd. The Company reported a gain on the difference between the fair market value of the shares issued and the book value of those shares in accordance with SAB 51 adopted by the company. It also includes a $1.9 million gain recorded in the second quarter of 2002 on the sale of an investment in an ISS distributor in Japan. The shares of the publicly traded company were acquired when the distributor was privately held and were subsequently sold on the open market. Foreign currency exchange gain (loss) The exchange loss of $331,000 in 2000 and $82,000 in 2002 and the exchange gain of $175,000 in 2001 are a result of fluctuations in currency exchange rates between the U.S. Dollar and other currencies, primarily the Euro and the Japanese Yen and changes in value of assets and liabilities that are denominated in foreign currencies. Provision for income taxes We recorded a provision for income taxes of $10.3 million in 2000, $12.5 million in 2001, and $13.1 million in 2002. While income tax expense was recorded on domestic income for each year, taxes payable were reduced by deductions related to the value of employee exercise of stock options. The tax benefit for the use of these stock option deductions was recorded as additional paid-in capital. Taxes paid generally relate to foreign operations. The effective tax rate was 36%, (426)%, and 88% for 2000, 2001, and 2002, respectively. The effective rates for 2001 and 2002 differ from the statutory rate due to the impact of acquisition related intangibles that are not deductible for income tax purposes. As of December 31, 2002, we had net operating loss carryforwards of approximately $53 million related to stock option deductions that expire in varying amounts between 2011 and 2021. The tax benefit for this carryforward will be recorded as additional paid-in-capital when it is realized. We also have approximately $6 million of research and development tax credit carryforwards, which expire between 2011 and 2022 and foreign tax credit carryforwards of $1.9 million that expire between 2006 and 2007. LIQUIDITY AND CAPITAL RESOURCES Our financial position remained strong throughout 2002 despite a general economic downturn. Our cash and cash equivalents and marketable security investments increased from $163.1 million at December 31, 2001 to $202.3 million at December 31, 2002. Our investments in marketable securities consist solely of highly rated debt obligations with maturities of 12 months or less. During 2002, we met our working capital needs and capital equipment needs with cash provided by operations. Cash provided by operations in 2002 totaled $48.9 million compared to $39.4 million in 2001 and $20.5 million in 2000. Accounts receivable, net of acquisitions, increased $5.2 million in 2002 compared to a decrease of $9.3 million in 2001 and an increase of $28.7 million in 2000. These changes were primarily the result of changes in sales levels in the fourth quarter of the respective periods, decreasing from 2000 to 2001 and increasing from 2001 to 2002. We measure our accounts receivable management by our daily sales outstanding (DSO). This is a measurement of accounts receivable divided by billings in the quarter, represented by the sum of revenues plus the change in the deferred revenues liability account balance. This measurement was 77, 78 and 77 days at December 31, 2000, 2001 and 2002, respectively. Our investing activities of $15.6 million in 2002 included the purchase of $81.1 million of intermediate term marketable securities, primarily interest-bearing government obligations and commercial paper, offset by net proceeds from the maturity of marketable securities of $82.0 million. These assets have quality characteristics similar to cash equivalents, except their maturities when we acquire them are longer than three 27 months. Since the initial phase of our Atlanta headquarters facility was completed in 2001 and the growth in our employment has slowed, we were able to decrease our equipment investment. We invested in equipment totaling $10.9 million in 2002 compared to $31.7 million in 2001, as we provided existing and new personnel with improved computer hardware and incurred leasehold improvement costs related primarily to a new Asia/Pacific headquarters in Tokyo. Our financing activities provided $3.7 million of cash in 2002. Our financing activities consisted of proceeds from the exercise of stock options by our employees and from the issuance of common stock through our Employee Stock Purchase Plan, and the use of cash to repurchase shares of our common stock. In July 2002 we announced our plan to repurchase up to $50 million of our common stock over the following twelve months utilizing cash on hand and cash flow generated from operations. In 2002 we purchased 133,000 shares of our common stock on the open market at an aggregate cost of $2.0 million. Other than our non-cancelable operating leases for office space, we have no off-balance sheet financing arrangements, any relationships with "structured finance" or "special purpose" entities, or any contractual obligations that would impact our liquidity. Payments for certain operating leases are secured by three collateralized stand-by letters of credit totaling approximately $11.3 million. The stand-by letters of credit are annually renewable over the duration of the applicable leases. We do not anticipate utilizing these stand-by letters of credit to provide any liquidity needs. At December 31, 2002, we had $202.3 million of cash and cash equivalents and marketable securities, consisting primarily of money market accounts and investment grade commercial paper. An additional $14.7 million of commercial paper investments are pledged as collateral for stand-by letters of credit related to the operating leases of our facilities and are shown on the balance sheet as restricted marketable securities. We believe that such cash and cash equivalents and marketable securities will be sufficient to meet our working capital needs and capital expenditures for the foreseeable future. Furthermore, we are not aware of any trends, events, or uncertainties that are reasonably likely to result in any significant change to our liquidity. From time to time, we evaluate possible acquisition and investment opportunities in businesses, products or technologies that are complementary to ours. In the event we determine to pursue such opportunities, we may use our available cash and cash equivalents and marketable securities for this purpose. Pending such uses, we will continue to invest our available cash in investment grade, interest-bearing investments. RISK FACTORS Forward-looking statements are inherently uncertain as they are based on various expectations and assumptions concerning future events and are subject to known and unknown risks and uncertainties. Our forward-looking statements contained in this Annual Report and elsewhere should be considered in light of the following important risk factors. Variations from our stated intentions or failure to achieve objectives could cause actual results to differ from those projected in our forward-looking statements. With respect to our business outlook published in our earnings press release each quarter, you may continue to rely on the revenue and earnings expectations prior to the start of our "quiet period" unless we have published a notice stating otherwise. Toward the end of each quarter, we have a "quiet period" when we will not comment concerning the previously published financial expectations, and we disclaim any obligation to update during the quiet period. The public should not rely on previously published expectations during the "quiet period". The "quiet period" runs from the 15th of the last month of the quarter until our earnings release during the first month of the following quarter. We otherwise undertake no obligation to update publicly any forward-looking statements for any reason, even if new information becomes available or other events occur in the future. We Operate in a Rapidly Evolving Market We operate in a new and rapidly evolving market and must, among other things: - respond to competitive developments; - continue to upgrade and expand our product and services offerings; and - continue to attract, retain and motivate our employees. 28 We cannot be certain that we will successfully address these issues. As a result, we cannot assure our investors that we will be able to continue to operate profitably in the future. Our Future Operating Results Will Likely Fluctuate Significantly We cannot predict our future revenues and operating results with certainty. However, we do expect our future revenues and operating results to fluctuate due to a combination of factors, including: - the growth in the acceptance of, and activity on, the Internet and the world wide web, particularly by corporate, institutional and government users; - the extent to which the public perceives that unauthorized access to and use of online information are threats to network security; - the volume and timing of orders, including seasonal trends in customer purchasing; - our ability to develop new and enhanced product and managed service offerings and expand our professional services capabilities; - the introduction of ISS branded appliances, including increased cost of goods sold; - our ability to provide scalable managed services offerings through our partners in a cost effective manner; - foreign currency exchange rates that affect our international operations; - product and price competition in our markets; and - general economic conditions, both domestically and in our foreign markets. We increasingly focus our efforts on sales of enterprise-wide security solutions, which consist of our entire product suite and related professional services, and managed security services, rather than on the sale of component products. As a result, each sale requires substantial time and effort from our sales and support staff. In addition, the revenues associated with particular sales vary significantly depending on the number of products licensed by a customer, the number of devices used by the customer and the customer's relative need for our professional services. Large individual sales, or even small delays in customer orders, can cause significant variation in our license revenues and results of operations for a particular period. The timing of large orders is usually difficult to predict and, like many software and services companies, many of our customers typically complete transactions in the last month of a quarter. We cannot predict our operating expenses based on our past results. Instead, we establish our spending levels based in large part on our expected future revenues. As a result, if our actual revenues in any future period fall below our expectations, our operating results likely will be adversely affected because very few of our expenses vary with our revenues. Because of the factors listed above, we believe that our quarterly and annual revenues, expenses and operating results likely will vary significantly in the future. Our ability to provide timely guidance and meet the expectations of investors with respect to our operating and financial results is impacted by the tendency of a majority of our sales to be completed in the last month of a quarter. We may not be able to determine whether we will experience material deviations from guidance or expectations until the end of a quarter. We Face Intense Competition in Our Market The market for network security monitoring, detection and response solutions is intensely competitive, and we expect competition to increase in the future. We cannot guarantee that we will compete successfully against our current or potential competitors, especially those with significantly greater financial resources or brand name recognition. Our chief competitors generally fall within one of five categories: - internal information technology departments of our customers and the consulting firms that assist them in formulating security systems; 29 - relatively smaller software companies offering relatively limited applications for network and Internet security; - large companies, including Symantec Corp. and Cisco Systems, Inc., that sell competitive products and offerings, as well as other large software companies that have the technical capability and resources to develop competitive products; - software or hardware companies like Cisco Systems, Inc. that could integrate features that are similar to our products into their own products; and - small and large companies with competitive offerings to components of our managed services offerings. Mergers or consolidations among these competitors, or acquisitions of small competitors by larger companies, represent risks. For example, Symantec's acquired Recourse Technologies and Riptech Inc. in the third quarter of 2002 and Cisco recently announced agreements to acquire Psionic Software, Inc. and Okena, Inc. These acquisitions will make these entities potentially more formidable competitors to us if such products and offerings are effectively integrated. Large companies may have advantages over us because of their longer operating histories, greater name recognition, larger customer bases or greater financial, technical and marketing resources. As a result, they may be able to adapt more quickly to new or emerging technologies and changes in customer requirements. They can also devote greater resources to the promotion and sale of their products than we can. In addition, these companies have reduced and could continue to reduce, the price of their security monitoring, detection and response products and managed security services, which increases pricing pressures within our market. Several companies currently sell software products (such as encryption, firewall, operating system security and virus detection software) that our customers and potential customers have broadly adopted. Some of these companies sell products that perform the same functions as some of our products. In addition, the vendors of operating system software or networking hardware may enhance their products to include the same kinds of functions that our products currently provide. The widespread inclusion of comparable features to our software in operating system software or networking hardware could render our products obsolete, particularly if such features are of a high quality. Even if security functions integrated into operating system software or networking hardware are more limited than those of our software, a significant number of customers may accept more limited functionality to avoid purchasing additional software. For the above reasons, we may not be able to compete successfully against our current and future competitors. Increased competition may result in price reductions, reduced gross margins and loss of market share. We Face Rapid Technological Change in Our Industry and Frequent Introductions of New Products Rapid changes in technology pose significant risks to us. We do not control nor can we influence the forces behind these changes, which include: - the extent to which businesses and others seek to establish more secure networks; - the extent to which hackers and others seek to compromise secure systems; - evolving computer hardware and software standards; - changing customer requirements; and - frequent introductions of new products and product enhancements. To remain successful, we must continue to change, adapt and improve our products in response to these and other changes in technology. Our future success hinges on our ability to both continue to enhance our current line of products and professional services and to introduce new products and services that address and respond to innovations in computer hacking, computer technology and customer requirements. We cannot be sure that we will successfully develop and market new products that do this. Any failure by us to timely develop and introduce new products, to enhance our current products or to expand our professional services 30 capabilities in response to these changes could adversely affect our business, operating results and financial condition. Our products involve very complex technology, and as a consequence, major new products and product enhancements require a long time to develop and test before going to market. Because this amount of time is difficult to estimate, we have had to delay the scheduled introduction of new and enhanced products in the past and may have to delay the introduction of new and enhanced products in the future. The techniques computer hackers use to gain unauthorized access to, or to sabotage, networks and intranets are constantly evolving and increasingly sophisticated. Furthermore, because new hacking techniques are usually not recognized until used against one or more targets, we are unable to anticipate most new hacking techniques. To the extent that new hacking techniques harm our customers' computer systems or businesses, affected or prospective customers may believe that our products are ineffective, which may cause them or prospective customers to reduce or avoid purchases of our products. Risks Associated with Our Global Operations The expansion of our international operations includes our presence in dispersed locations throughout the world, including throughout Europe and the Asia/Pacific and Latin America regions. Our international presence and expansion exposes us to risks not present in our U.S. operations, such as: - the difficulty in managing an organization spread over various countries located across the world; - compliance with, and unexpected changes in, a wide range of complex regulatory requirements in countries where we do business; - increased financial accounting and reporting burdens and complexities and potentially adverse tax consequences; - excess taxation due to overlapping tax structures; - fluctuations in foreign currency exchange rates resulting in losses or gains from transactions and expenses denominated in foreign currencies; - reduced protection for intellectual property rights in some countries; - reduced protection for enforcement of creditor and contractual rights in some countries; and - import and export license requirements and restrictions on the import and export of certain technology, especially encryption technology and trade restrictions. We rely on distributors extensively in the Asia/Pacific region for the sale and distribution of our products. Further, countries in the Asia/Pacific region, particularly China, Japan and Korea, have experienced weakness in their currency, banking and equity markets. These weaknesses could continue to adversely affect our distributors' ability to pay us and adversely affect demand for our products in the Asia/Pacific region. Despite these risks, we believe that we must continue to expand our operations in international markets to support our growth. To this end, we intend to establish additional foreign sales operations, expand our existing offices, hire additional personnel, expand our international sales channels and customize our products for local markets. If we fail to execute this strategy, our international sales growth will be limited. Our Networks, Products and Services May be Targeted by Hackers Like other companies, our websites, networks, information systems, products and services may be targets for sabotage, disruption or misappropriation by hackers. As a leading network security solutions company, we are a high profile target. Although we believe we have sufficient controls in place to prevent disruption and misappropriation, and to respond to such situations, we expect these efforts by hackers to continue. If these efforts are successful, our operations, reputation and sales could be adversely affected. 31 We Must Successfully Integrate Acquisitions As part of our growth strategy, we have and may continue to acquire or make investments in companies with products, technologies or professional services capabilities complementary to our solutions. When engaging in acquisitions, we could encounter difficulties in assimilating or completing the development of the technologies, new personnel and operations into our company. These difficulties may disrupt our ongoing business, distract our management and employees, increase our expenses and adversely affect our results of operations. These difficulties could also include accounting requirements, such as impairment charges related to goodwill or expensing in-process research and development costs as occurred in the fourth quarter of 2002 related to the acquisition of vCIS. We cannot be certain that we will successfully overcome these risks with respect to any future acquisitions or that we will not encounter other problems in connection with our recent or any future acquisitions. In addition, any future acquisitions may require us to incur debt or issue equity securities. The issuance of equity securities could dilute the investment of our existing stockholders. We Depend on Our Intellectual Property Rights and Use Licensed Technology We rely primarily on copyright, trademark, patent and trade secrets laws, confidentiality procedures and contractual provisions to protect our proprietary rights. We have obtained one United States patent and have a number of patent applications pending, as well as numerous trademarks and trademark applications pending. We believe that the technological and creative skills of our personnel, new product developments, frequent product enhancements, our name recognition, our professional services capabilities and delivery of reliable product maintenance are essential to establishing and maintaining our technology leadership position. We cannot assure you that our competitors will not develop technologies that are similar to ours. Despite our efforts to protect our proprietary rights, unauthorized parties may attempt to copy aspects of our products or to obtain and use information that we regard as proprietary. Policing unauthorized use of our products is difficult. While we cannot determine the extent to which piracy of our software products occurs, we expect software piracy to be a persistent problem. In addition, the laws of some foreign countries do not protect our proprietary rights to as great an extent as do the laws of the United States, and many foreign countries do not enforce these laws as diligently as U.S. government agencies and private parties. Some Provisions in the ISS Certificate of Incorporation and Bylaws Make a Takeover of ISS Difficult Our certificate of incorporation and bylaws contain provisions that could have the effect of making it more difficult for a third party to acquire, or of discouraging a third party from attempting to acquire, control of ISS. These provisions: - establish a classified board of directors; - create preferred stock purchase rights that grant to holders of common stock the right to purchase shares of Series A Junior Preferred Stock in the event that a third party acquires 20% or more of the voting power of our outstanding common stock; - prohibit the right of our stockholders to act by written consent; - limit calling special meetings of stockholders; and - impose a requirement that holders of 66 2/3% of the outstanding shares of common stock are required to amend the provisions relating to the classification of our board of directors and action by written consent of stockholders. ITEM 7A. QUANTITATIVE AND QUALITATIVE DISCLOSURES ABOUT MARKET RISK INTEREST RATE SENSITIVITY The primary objective of our investment activities is to preserve principal while at the same time maximizing the income we receive from our investments without significantly increasing risk. Some of the securities in which we invest may be subject to market risk. This means that a change in prevailing interest 32 rates may cause the principal amount of the investment to fluctuate. For example, if we hold a security that was issued with a fixed interest rate at the then-prevailing rate and the prevailing interest rate later rises, the market value of our investment will probably decline. To minimize this risk, we maintain our portfolio of cash equivalents and marketable securities in a variety of high-quality relatively short-term investments, including commercial paper and overnight repurchase agreements. As of December 31, 2002, $16.2 million of our securities mature in more than three months and $14.8 million of our securities mature in more than six months, but in all cases less than one year. RISK ASSOCIATED WITH FOREIGN EXCHANGE RATES ISS is subject to foreign exchange risk as a result of exposures to changes in currency exchange rates. Our foreign operations are, for the most part, naturally hedged against exchange rate fluctuations since both revenues and expenses of each foreign affiliate are denominated in the same currency. Therefore, we do not engage in formal hedging activities, but we do periodically review the potential impact of this risk to ensure that the risk of significant potential losses remains minimal. As a result, an unfavorable change in the exchange rate for any particular foreign subsidiary would result in lower revenues and expenses with regards to operating results, and lower assets and liabilities with regards to the balance sheet. The Company's operating results are affected by changes in exchange rates between the U.S. Dollar and the Euro and the Japanese Yen. When the U.S. Dollar strengthens against these foreign currencies, the value of our non-functional currency revenues decreases. When the U.S. Dollar weakens, the value of our functional currency revenues increases. Since much of our international operating expenses are also incurred in local currencies, which is the foreign subsidiaries functional currency, the impact of exchange rates on net income or loss is relatively less than the impact on revenue. Although our operating and pricing strategies take into account changes in exchange rates over time, our results of operations may be affected significantly in the short term by fluctuations in foreign currency exchange rates. During 2002, the Company recorded a net foreign exchange loss of $82,000. The nature and extent of the foreign currency risk faced by the Company depends on many factors that cannot be accurately predicted. These factors include significant changes in foreign currency market conditions, the Company's inability to match foreign currency denominated revenues with costs denominated in the same currency, and changes in the amount or mix of revenues denominated in various foreign currencies. As a result of material unforeseen changes in these factors, the Company's foreign currency risk could have a greater impact on the Company's results of operations in the future. ITEM 8. CONSOLIDATED FINANCIAL STATEMENTS AND SUPPLEMENTARY DATA See the index to Consolidated Financial Statements at Item 15. ITEM 9. CHANGES IN AND DISAGREEMENTS WITH ACCOUNTANTS ON ACCOUNTING AND FINANCIAL DISCLOSURE None. 33 PART III ITEM 10. DIRECTORS AND EXECUTIVE OFFICERS OF THE REGISTRANT The information required by this Item is incorporated by reference to our definitive Proxy Statement for the annual meeting of stockholders to be held on May 28, 2003 (the "Proxy Statement") under the sections captioned "Proposal 1 -- Election of Directors," "Executive Compensation -- Directors and Executive Officers" and "Compliance with Section 16(a) of the Securities Exchange Act of 1934." ITEM 11. EXECUTIVE COMPENSATION The information required by this Item is incorporated by reference to the Proxy Statement under the section captioned "Executive Compensation." ITEM 12. SECURITY OWNERSHIP OF CERTAIN BENEFICIAL OWNERS AND MANAGEMENT The information required by this Item is incorporated by reference to the Proxy Statement under the section captioned "Principal Stockholders." EQUITY COMPENSATION PLANS A summary of our stockholder approved and non-approved equity compensation plans as of December 31, 2002 was as follows (in thousands, except exercise price):
NUMBER OF SECURITIES NUMBER OF SECURITIES TO BE WEIGHTED AVERAGE REMAINING AVAILABLE FOR ISSUED UPON EXERCISE OF EXERCISE PRICE OF ISSUANCE UNDER EQUITY PLAN CATEGORY OUTSTANDING OPTIONS OUTSTANDING OPTIONS COMPENSATION PLANS ------------- -------------------------- ------------------- ----------------------- Equity compensation plans approved by security holders*.................. 6,521,000 $32.45 3,545,000 Equity compensation plans not approved by security holders................... 235,000 $ 9.27 310,000 ---------- -------- Total............. 6,756,000 $31.64 3,855,000 ========== ========
--------------- * Our Restated 1995 Stock Incentive Plan contains an "evergreen" provision whereby the number of shares available for issuance increases automatically on the first trading day of each calendar year by 4% of the shares of our common stock outstanding on the last trading day of the immediately preceding calendar year, subject to a maximum annual increase of 2,600,000 shares. Our non-stockholder approved equity compensation plans include the following: - 1999 Employee Stock Purchase Plan - Non-qualified stock options granted to non-employee directors - Options assumed in connection with our acquisition of Netrex, Inc - Options assumed in connection with our acquisition of Network ICE, Corporation - Options assumed in connection with our acquisition of vCIS, Inc. The following is a description of the material features of each of these plans: 1999 Employee Stock Purchase Plan Effective July 1, 1999 ISS implemented an employee stock purchase plan for all eligible employees. Under this plan, shares of ISS Common Stock may be purchased at six-month intervals at 85% of the lower of the fair market value on the first or last day of each six-month period. Employees may purchase shares with aggregate fair value up to 10% of their gross compensation during a six-month period. 34 A total of 400,000 shares of common stock are authorized and reserved for issuance under the plan. The share reserve will increase on the first trading day of each calendar year, beginning in 2000, by 50,000 shares. At December 31, 2002 240,000 shares of ISS Common Stock had been issued and 310,000 shares remained available under the plan. Non-qualified stock options granted to non-employee directors On December 8, 1997 the Board of Directors granted to each of the four non-employee directors a non-statutory option to purchase 40,000 shares of Common Stock outside of the Restated 1995 Stock Incentive Plan, on the same terms as if those options had been granted under the Restated 1995 Stock Incentive Plan. ISS reserved 160,000 shares of Common Stock for issuance under these options. As of December 31, 2002, 80,000 of these options remained outstanding. Options assumed in connection with our acquisition of Netrex, Inc. In August 1999, as a result of our acquisition of Netrex, Inc. we assumed all outstanding Netrex, Inc. stock options. As a result approximately 510,000 shares of ISS Common Stock were reserved for outstanding grants under the Netrex Stock Plan. Each option is subject to the same terms and conditions of the original grant and generally vest over four years and expire ten years from the date of grant. No further options may be granted under the Netrex plan. As of December 31, 2002, approximately 14,000 options were outstanding. Options assumed in connection with our acquisition of Network ICE Corporation In June 2001, as a result of our acquisition of Network ICE, we assumed all outstanding Network ICE stock options. As a result approximately 289,000 shares of ISS Common Stock were reserved for outstanding grants under the Network ICE Stock Plan. Each option is otherwise subject to the same terms and conditions of the original grant and generally vest over four years and expire ten years from the date of grant. No further options may be granted under the Network ICE plan. As of December 31, 2002, approximately 113,000 options were outstanding. Options assumed in connection with our acquisition of vCIS, Inc. In October 2002, as a result of our acquisition of vCIS, Inc. we assumed all outstanding vCIS, Inc. stock options. As a result approximately 35,000 shares of ISS Common Stock were reserved for outstanding grants under the vCIS Stock Plan. Each option is otherwise subject to the same terms and conditions of the original grant and generally vest over four years and expire ten years from the date of grant. No further options may be granted under the vCIS plan. As of December 31, 2002, approximately 27,000 options were outstanding. ITEM 13. CERTAIN RELATIONSHIPS AND RELATED TRANSACTIONS The information required by this Item is incorporated by reference to the Proxy Statement under the section captioned "Executive Compensation -- Certain Transactions with Management." ITEM 14. CONTROLS AND PROCEDURES ISS' Chief Executive Officer and Chief Financial Officer have evaluated the effectiveness of ISS' disclosure controls and procedures (as such term is defined in Rules 13a-14(c) and 15d-14(c) under the Securities Exchange Act of 1934, as amended (the "Exchange Act)) as of a date within 90 days prior to the filing date of this annual report (the "Evaluation Date"). Based on such evaluation, such officers have concluded that, as of the Evaluation Date, ISS' disclosure controls and procedures are effective in alerting them on a timely basis to material information relating to ISS required to be included in ISS' periodic filings under the Exchange Act. Since the Evaluation Date, there have not been any significant changes in ISS' internal controls or in other factors that could significantly affect such controls. 35 PART IV ITEM 15. EXHIBITS, FINANCIAL STATEMENT SCHEDULES AND REPORTS ON FORM 8-K (a) The following documents are filed as part of this Form 10-K: 1. Consolidated Financial Statements. The following consolidated financial statements of Internet Security Systems, Inc. are filed as part of this Form 10-K on the pages indicated:
PAGE ---- INTERNET SECURITY SYSTEMS, INC. Report of Independent Auditors.............................. 38 Consolidated Balance Sheets as of December 31, 2001 and 2002...................................................... 39 Consolidated Statements of Operations for the Years Ended December 31, 2000, 2001 and 2002.......................... 40 Consolidated Statements of Stockholders' Equity for the Years Ended December 31, 2000, 2001 and 2002.............. 41 Consolidated Statements of Cash Flows for the Years Ended December 31, 2000, 2001 and 2002.......................... 42 Notes to Consolidated Financial Statements.................. 43 2. Consolidated Financial Statement Schedules Schedule II -- Valuation and Qualifying Accounts............ 60
Schedules other than the one listed above are omitted as the required information is inapplicable or the information is presented in the consolidated financial statements or related notes. 3. Exhibits. The exhibits to this Annual Report on Form 10-K have been included only with the copy of this Annual Report on Form 10-K filed with the Securities and Exchange Commission. Copies of individual exhibits will be furnished to stockholders upon written request to the Company and payment of a reasonable fee.
EXHIBIT NUMBER DESCRIPTION OF EXHIBIT ------- ---------------------- 2.1 -- Agreement and Plan of Merger by and among Internet Security Systems, Inc., ISS Acquisition Corp. II, Network ICE Corporation and certain selling shareholders of Network ICE Corporation incorporated by reference to Form 10-Q for Quarter Ending March 31, 2001. 3.1 -- Restated Certificate of Incorporation (filed as Exhibit 3.1 to the Company's Quarterly Report on Form 10-Q, dated November 14, 2000 and incorporated by reference herein). 3.2 -- Bylaws (filed as Exhibit 3.2 to the Company's Registration Statement on Form S-1, Registration No. 333-44529 (the "Form S-1") and incorporated by reference herein). 3.3* -- Certificate of Designations of Series A Junior Participating Preferred Stock dated July 24, 2002. 4.1 -- Specimen Common Stock certificate (filed as Exhibit 4.3 to the Company's Registration Statement on Form S-8, Registration No. 333-100954, dated November 1, 2002 and incorporated by reference herein). 4.2 -- Form of Rights Certificate (filed as Exhibit 4.2 to the Company's Current Report on Form 8-K dated July 24, 2002 and incorporated by reference herein. 4.3 -- See Exhibits 3.1 and 3.2 for provisions of the Certificate of Incorporation and Bylaws of the Company defining the rights of holders of the Company's Common Stock. 4.4 -- 1999 Network ICE Stock Option Plan, incorporated by reference to Exhibit 4.1 to Form S-8, Registration No. 333-62658, filed on June 8, 2001. 4.5 -- Restated 1995 Stock Incentive Plan (as amended and restated as of May 23, 2001) incorporated by reference to Exhibit 4.2 to Form S-8, Registration No. 333-62658, filed June 8, 2001. 4.6 -- Netrex, Inc. 1998 Stock Plan incorporated by reference to Exhibit 99.15 to Form S-8, Registration Statement No. 333-89563, filed October 22, 1999.
36
EXHIBIT NUMBER DESCRIPTION OF EXHIBIT ------- ---------------------- 4.7 -- vCIS, Inc. 2001 Stock Plan incorporated by reference to Exhibit 4.1 to Form S-8, Registration Statement No. 333-100954, filed November 1, 2002. 10.1 -- Stock Exchange Agreement dated December 9, 1997 (filed as Exhibit 10.4 to the Form S-1 and incorporated by reference herein). 10.2 -- Forms of Non-Employee Director Compensation Agreement, Notice of Stock Option Grants and Stock Option Agreement (filed as Exhibit 10.6 to the Form S-1 and incorporated by reference herein). 10.3 -- Form of Indemnification Agreement for directors and certain officers (filed as Exhibit 10.8 to the Form S-1 and incorporated by reference herein). 10.4 -- Lease for Atlanta headquarters and research and development facility (filed as Exhibit 10.10 to the Company's Annual Report on Form 10-K, dated March 30, 2000 and incorporated by reference herein). 10.5* -- Amendments to Lease for Atlanta headquarters facility. 10.6 -- Letter Agreement dated August 18, 2000 with Lawrence Costanza (filed as Exhibit 10.14 to the Company's Annual Report on Form 10-K, dated March 30, 2001 and incorporated by reference herein) 10.7 -- Rights Agreement dated July 18, 2002 with SunTrust Bank, as Rights Agent, regarding Preferred Share Purchase Rights (filed as Exhibit 4.1 to the Company's Current Report on Form 8-K dated July 24, 2002 and incorporated by reference herein). 21.1* -- Subsidiaries of the Company. 23.1* -- Consent of Ernst & Young LLP. 24.1* -- Power of Attorney, pursuant to which amendments to this Annual Report on Form 10-K may be filed, is included on the signature page contained in Part IV of the Form 10-K. 99.1* -- Certification Pursuant to 18 U.S.C. Section 1350. as Adopted Pursuant to Section 906 of the Sarbanes-Oxley Act of 2002 99.2* -- Certification Pursuant to 18 U.S.C. Section 1350. as Adopted Pursuant to Section 906 of the Sarbanes-Oxley Act of 2002
--------------- * Identifies those filed with this Form 10-K. (b) Reports on Form 8-K ISS filed a report on Form 8-K on November 4, 2002, as amended on January 13, 2003, with respect to the acquisition of vCIS Inc. 37 REPORT OF INDEPENDENT AUDITORS The Board of Directors and Stockholders Internet Security Systems, Inc. We have audited the accompanying consolidated balance sheets of Internet Security Systems, Inc. as of December 31, 2001 and 2002, and the related consolidated statements of operations, stockholders' equity, and cash flows for each of the three years in the period ended December 31, 2002. Our audits also included the financial statement schedule listed in the Index at Item 15(a). These financial statements and schedule are the responsibility of the Company's management. Our responsibility is to express an opinion on these financial statements and schedule based on our audits. We conducted our audits in accordance with auditing standards generally accepted in the United States. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. We believe that our audits provide a reasonable basis for our opinion. In our opinion, the financial statements referred to above present fairly, in all material respects, the consolidated financial position of Internet Security Systems, Inc. as of December 31, 2001 and 2002, and the consolidated results of its operations and its cash flows for each of the three years in the period ended December 31, 2002, in conformity with accounting principles generally accepted in the United States. Also, in our opinion, the related financial statement schedule, when considered in relation to the basic financial statements taken as a whole, presents fairly in all material respects the information set forth therein. As discussed in Note 1 to the consolidated financial statements, in 2002 the Company ceased amortization of goodwill in accordance with Statement of Financial Accounting Standards No. 142, Goodwill and Other Intangible Assets. /s/ Ernst & Young LLP Atlanta, Georgia January 21, 2003 38 INTERNET SECURITY SYSTEMS, INC. CONSOLIDATED BALANCE SHEETS
DECEMBER 31, --------------------------- 2001 2002 ------------ ------------ ASSETS Current assets: Cash and cash equivalents................................. $108,038,000 $148,317,000 Marketable securities..................................... 55,129,000 53,999,000 Accounts receivable, less allowance for doubtful accounts of $2,563,000 and $2,790,000, respectively............. 50,259,000 56,700,000 Inventory................................................. 1,768,000 1,055,000 Prepaid expenses and other current assets................. 6,018,000 7,000,000 ------------ ------------ Total current assets.............................. 221,212,000 267,071,000 Property and equipment: Computer equipment........................................ 31,043,000 38,403,000 Office furniture and equipment............................ 20,872,000 21,446,000 Leasehold improvements.................................... 17,835,000 21,183,000 ------------ ------------ 69,750,000 81,032,000 Less accumulated depreciation............................. 25,254,000 39,313,000 ------------ ------------ 44,496,000 41,719,000 Restricted marketable securities............................ 12,500,000 14,690,000 Goodwill, less accumulated amortization of $27,381,000...... 197,060,000 200,464,000 Other intangible assets, less accumulated amortization of $4,644,000 and $9,223,000, respectively................... 19,722,000 15,384,000 Other assets................................................ 5,994,000 7,240,000 ------------ ------------ Total assets...................................... $500,984,000 $546,568,000 ============ ============ LIABILITIES AND STOCKHOLDERS' EQUITY Current liabilities: Accounts payable.......................................... $ 3,553,000 $ 1,765,000 Accrued expenses.......................................... 20,440,000 22,332,000 Deferred revenues......................................... 48,139,000 55,587,000 ------------ ------------ Total current liabilities......................... 72,132,000 79,684,000 Other non-current liabilities............................... 1,917,000 2,328,000 Commitments and contingencies Stockholders' equity: Preferred stock; $.001 par value; 20,000,000 shares authorized, none issued or outstanding................. -- -- Common stock; $.001 par value; 120,000,000 shares authorized, 47,871,000 and 49,544,000 shares issued and outstanding, respectively.............................. 48,000 50,000 Additional paid-in capital................................ 430,449,000 463,779,000 Deferred compensation..................................... (1,985,000) (702,000) Accumulated other comprehensive income (loss)............. (2,312,000) 949,000 Retained earnings......................................... 735,000 2,514,000 Treasury stock, at cost (none and 133,000 shares, respectively).......................................... -- (2,034,000) ------------ ------------ Total stockholders' equity........................ 426,935,000 464,556,000 ------------ ------------ Total liabilities and stockholders' equity........ $500,984,000 $546,568,000 ============ ============
See accompanying notes. 39 INTERNET SECURITY SYSTEMS, INC. CONSOLIDATED STATEMENTS OF OPERATIONS
YEAR ENDED DECEMBER 31, ------------------------------------------ 2000 2001 2002 ------------ ------------ ------------ Revenues: Product licenses and sales....................... $119,703,000 $122,385,000 $121,093,000 Subscriptions.................................... 41,706,000 66,687,000 92,945,000 Professional services............................ 33,566,000 34,487,000 29,247,000 ------------ ------------ ------------ 194,975,000 223,559,000 243,285,000 Costs and expenses: Cost of revenues: Product licenses and sales.................... 22,653,000 13,439,000 6,688,000 Subscriptions and professional services....... 36,771,000 50,708,000 51,133,000 ------------ ------------ ------------ Total cost of revenues........................ 59,424,000 64,147,000 57,821,000 Research and development......................... 31,316,000 35,413,000 35,280,000 Sales and marketing.............................. 68,032,000 92,001,000 93,679,000 General and administrative....................... 14,481,000 20,442,000 24,271,000 Write-off of lease obligation.................... -- 1,072,000 -- Charge for in-process research and development... -- 2,910,000 18,537,000 Amortization of other intangibles and stock-based compensation.................................. 674,000 5,227,000 5,674,000 Amortization of goodwill......................... 479,000 26,505,000 -- ------------ ------------ ------------ 174,406,000 247,717,000 235,262,000 ------------ ------------ ------------ Operating income (loss)............................ 20,569,000 (24,158,000) 8,023,000 Interest income.................................... 8,415,000 6,250,000 3,242,000 Minority interest.................................. -- (336,000) (187,000) Other income, net.................................. -- 15,132,000 3,859,000 Foreign currency exchange gain (loss).............. (331,000) 175,000 (82,000) ------------ ------------ ------------ Income (loss) before income taxes.................. 28,653,000 (2,937,000) 14,855,000 Provision for income taxes......................... 10,338,000 12,521,000 13,076,000 ------------ ------------ ------------ Net income (loss).................................. $ 18,315,000 $(15,458,000) $ 1,779,000 ============ ============ ============ Basic net income (loss) per share of Common Stock............................................ $ 0.44 $ (0.34) $ 0.04 ============ ============ ============ Diluted net income (loss) per share of Common Stock............................................ $ 0.41 $ (0.34) $ 0.04 ============ ============ ============ Weighted average shares: Basic............................................ 41,892,000 45,649,000 48,456,000 ============ ============ ============ Diluted.......................................... 45,099,000 45,649,000 49,158,000 ============ ============ ============
See accompanying notes. 40 INTERNET SECURITY SYSTEMS, INC. CONSOLIDATED STATEMENTS OF STOCKHOLDERS' EQUITY
RETAINED COMMON STOCK ADDITIONAL COMPREHENSIVE EARNINGS -------------------- PAID-IN DEFERRED INCOME (ACCUMULATED SHARES AMOUNT CAPITAL COMPENSATION (LOSS) DEFICIT) ---------- ------- ------------ ------------ ------------- ------------ Balance at December 31, 1999....... 40,980,000 $41,000 $157,467,000 $ (288,000) $ 100,000 $(2,167,000) Comprehensive income (loss): Net income...................... 18,315,000 Translation adjustment.......... (845,000) Issuance of Common Stock: Exercise of stock options....... 1,367,000 1,000 5,507,000 Employee stock purchase plan.... 39,000 1,634,000 Pooling-of-interests............ 29,000 45,000 Amortization of deferred compensation.................... 202,000 Tax benefit related to employee options......................... 8,377,000 ---------- ------- ------------ ----------- ----------- ------------ Balance at December 31, 2000....... 42,415,000 42,000 172,985,000 (86,000) (745,000) 16,193,000 Comprehensive income (loss): Net loss........................ (15,458,000) Translation adjustment.......... (1,567,000) Issuance of Common Stock: Exercise of stock options....... 1,108,000 2,000 14,012,000 Employee stock purchase plan.... 75,000 2,267,000 Acquisition..................... 4,311,000 4,000 227,815,000 (6,231,000) Repurchased 38,478 shares of common stock................... (38,000) (45,000) Amortization of deferred compensation.................... 2,169,000 Adjustment to deferred compensation for terminated employees....................... (2,163,000) 2,163,000 Tax benefit related to employee options......................... 15,578,000 ---------- ------- ------------ ----------- ----------- ------------ Balance at December 31, 2001....... 47,871,000 48,000 430,449,000 (1,985,000) (2,312,000) 735,000 Comprehensive income (loss): Net income...................... 1,779,000 Translation adjustment.......... 3,261,000 Issuance of Common Stock: Exercise of stock options....... 586,000 1,000 3,696,000 Employee stock purchase plan.... 126,000 2,095,000 Acquisition..................... 966,000 1,000 16,857,000 (153,000) Repurchased 4.974 shares of unvested common stock.......... (5,000) (10,000) Amortization of deferred compensation.................... 1,094,000 Adjustment to deferred compensation for terminated employees....................... (342,000) 342,000 Tax benefit related to employee options......................... 11,034,000 Purchases of treasury stock (133,000 shares)................ ---------- ------- ------------ ----------- ----------- ------------ Balance at December 31, 2002....... 49,544,000 $50,000 $463,779,000 $ (702,000) $ 949,000 $ 2,514,000 ========== ======= ============ =========== =========== ============ COMPREHENSIVE TOTAL TREASURY INCOME STOCKHOLDERS' STOCK (LOSS) EQUITY ----------- ------------- ------------- Balance at December 31, 1999....... $ -- $155,153,000 Comprehensive income (loss): Net income...................... $ 18,315,000 18,315,000 Translation adjustment.......... (845,000) (845,000) ------------ $ 17,470,000 ============ Issuance of Common Stock: Exercise of stock options....... 5,508,000 Employee stock purchase plan.... 1,634,000 Pooling-of-interests............ 45,000 Amortization of deferred compensation.................... 202,000 Tax benefit related to employee options......................... 8,377,000 ----------- ------------ Balance at December 31, 2000....... -- 188,389,000 Comprehensive income (loss): Net loss........................ $(15,458,000) (15,458,000) Translation adjustment.......... (1,567,000) (1,567,000) ------------ $(17,025,000) ============ Issuance of Common Stock: Exercise of stock options....... 14,014,000 Employee stock purchase plan.... 2,267,000 Acquisition..................... 221,588,000 Repurchased 38,478 shares of common stock................... (45,000) Amortization of deferred compensation.................... 2,169,000 Adjustment to deferred compensation for terminated employees....................... Tax benefit related to employee options......................... 15,578,000 ----------- ------------ Balance at December 31, 2001....... -- 426,935,000 Comprehensive income (loss): Net income...................... $ 1,779,000 1,779,000 Translation adjustment.......... 3,261,000 3,261,000 ------------ $ 5,040,000 ============ Issuance of Common Stock: Exercise of stock options....... 3,697,000 Employee stock purchase plan.... 2,095,000 Acquisition..................... 16,705,000 Repurchased 4.974 shares of unvested common stock.......... (10,000) Amortization of deferred compensation.................... 1,094,000 Adjustment to deferred compensation for terminated employees....................... Tax benefit related to employee options......................... 11,034,000 Purchases of treasury stock (133,000 shares)................ (2,034,000) (2,034,000) ----------- ------------ Balance at December 31, 2002....... $(2,034,000) $464,556,000 =========== ============
See accompanying notes. 41 INTERNET SECURITY SYSTEMS, INC. CONSOLIDATED STATEMENTS OF CASH FLOWS
YEAR ENDED DECEMBER 31, -------------------------------------------- 2000 2001 2002 ------------- ------------- ------------ OPERATING ACTIVITIES Net income (loss)........................................... $ 18,315,000 $ (15,458,000) $ 1,779,000 Adjustments to reconcile net income (loss) to net cash provided by operating activities: Depreciation.............................................. 6,329,000 11,302,000 14,019,000 Amortization of goodwill.................................. 479,000 26,505,000 -- Amortization of intangibles and stock based compensation............................................ 674,000 5,227,000 5,674,000 Accretion of discount on marketable securities............ (1,088,000) 355,000 204,000 Minority interest......................................... -- 336,000 187,000 Charge for in-process research and development............ -- 2,910,000 18,537,000 Other non-cash expense.................................... 166,000 86,000 -- Income tax benefit from exercise of stock options......... 8,377,000 8,159,000 10,581,000 Gain on issuance of subsidiary stock...................... -- (15,252,000) (2,560,000) Changes in assets and liabilities, excluding the effects of acquisitions: Accounts receivable..................................... (28,679,000) 9,346,000 (5,164,000) Inventory............................................... (1,802,000) 507,000 713,000 Prepaid expenses and other assets....................... (4,664,000) (3,015,000) (2,008,000) Accounts payable and accrued expenses................... 7,900,000 443,000 (2,031,000) Deferred revenues....................................... 14,520,000 7,903,000 8,975,000 ------------- ------------- ------------ Net cash provided by operating activities.......... 20,527,000 39,354,000 48,906,000 ------------- ------------- ------------ INVESTING ACTIVITIES Acquisitions, net of cash received.......................... (1,262,000) (7,495,000) (3,461,000) Purchases of marketable securities.......................... (141,097,000) (116,843,000) (81,115,000) Net proceeds from maturity of marketable securities......... 132,940,000 127,297,000 82,041,000 Purchase of restricted marketable securities................ -- -- (2,190,000) Purchases of property and equipment......................... (20,291,000) (31,682,000) (10,911,000) Net proceeds from sale of subsidiary stock.................. -- 16,529,000 -- ------------- ------------- ------------ Net cash used in investing activities.............. (29,710,000) (12,194,000) (15,636,000) ------------- ------------- ------------ FINANCING ACTIVITIES Payments on long-term debt and capital leases............... (993,000) -- -- Proceeds from exercise of stock options..................... 5,507,000 14,013,000 3,697,000 Proceeds from employee stock purchase plan.................. 1,634,000 2,267,000 2,095,000 Repurchase of unvested stock................................ -- (45,000) (10,000) Purchases of treasury stock................................. -- -- (2,034,000) ------------- ------------- ------------ Net cash provided by financing activities............. 6,148,000 16,235,000 3,748,000 ------------- ------------- ------------ Foreign currency impact on cash............................. (845,000) (1,567,000) 3,261,000 ------------- ------------- ------------ Net increase (decrease) in cash and cash equivalents........ (3,880,000) 41,828,000 40,279,000 Cash and cash equivalents at beginning of year.............. 70,090,000 66,210,000 108,038,000 ------------- ------------- ------------ Cash and cash equivalents at end of year.................... $ 66,210,000 $ 108,038,000 $148,317,000 ============= ============= ============ SUPPLEMENTAL CASH FLOW DISCLOSURE Interest paid............................................... $ 50,000 $ -- $ -- ============= ============= ============ Income taxes paid........................................... $ 446,000 $ 2,273,000 $ 4,040,000 ============= ============= ============
42 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS DECEMBER 31, 2002 1. SIGNIFICANT ACCOUNTING POLICIES DESCRIPTION OF BUSINESS The business of Internet Security Systems, Inc. and its subsidiaries ("ISS") is focused on protecting networks, servers and desktops against an ever-changing spectrum of threats, with a comprehensive line of products and services designed specifically for the particular needs of enterprise, consumer and service provider markets. Internet Security Systems, Inc. was incorporated in the State of Delaware on December 8, 1997 to be a holding company for Internet Security Systems, Inc., a Georgia company incorporated in 1994 to design, market, and sell computer network security assessment software. ISS's shares are traded on the NASDAQ National Market under the ticker symbol "ISSX". In addition, ISS has various other subsidiaries in the Americas, Europe and the Asia/Pacific regions with primary marketing and sales responsibilities for ISS's products and services in their respective markets. ISS is organized as, and operates in, a single business segment that provides products, technical support, managed security services, professional security services and education services as components of providing security management solutions. ISS is organized around geographic areas: the Americas (United States, Canada, South America and Latin America), EMEA (Europe, Middle East and Africa) and Asia/Pacific. These geographic areas represent ISS' three reportable segments (see Note 11). BASIS OF CONSOLIDATION The consolidated financial statements include the accounts of Internet Security Systems, Inc. and its majority-owned subsidiaries. All significant intercompany and investment accounts and transactions have been eliminated in consolidation. FOREIGN CURRENCY TRANSLATIONS The functional currency of ISS' foreign subsidiaries is the local currency. Assets and liabilities denominated in foreign currencies are translated using the exchange rate on the balance sheet dates. The translation adjustments resulting from this process are shown separately as a component of stockholders' equity. Revenues and expenses are translated using average exchange rates for the period. Transaction gains and losses are included in results of operations. USE OF ESTIMATES The preparation of financial statements in conformity with accounting principles generally accepted in the United States requires management to make estimates and assumptions that affect the amounts reported in the financial statements and accompanying notes. Actual results may differ from those estimates, and such differences may be material to the consolidated financial statements. REVENUE RECOGNITION Revenue is recognized under Statement of Position ("SOP") 97-2 as modified by SOP 98-9, when the following criteria have been met: - persuasive evidence of an arrangement exists; - delivery has occurred or services have been rendered; - price is fixed or determinable; and - collection is probable. 43 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 1. SIGNIFICANT ACCOUNTING POLICIES -- (CONTINUED) ISS recognizes perpetual license revenue upon (1) delivery of software or, if the customer has evaluation software, delivery of the software key and (2) issuance of the related license, assuming that no significant vendor obligations or customer acceptance rights exist. Where payment terms are extended over periods greater than 12 months, revenue is recognized as such amounts become due and payable. Product sales consist of (1) appliances sold in conjunction with ISS licensed software and (2) software developed by third-party partners, combined in some instances with associated hardware appliances and partner maintenance services. These sales are recognized upon shipment to the customer provided all other revenue recognition criteria are met. License sales of enterprise products are generated both through a direct sales force and through various partners, including system integrators, value-added resellers and distributors. License revenue is recognized when the end user sale has occurred, provided all other revenue recognition criteria are met, which is identified through electronic delivery of a software key that is necessary to operate the product. At the point of key delivery, the end-user has no right of return. License sales of consumer and small office products are made through a distributor to retail establishments and are sold directly to customers via the Internet. License revenue for sales made through resellers and distributors are recognized only when the product is delivered to the end user provided all other revenue recognition criteria are met. Subscription revenues include maintenance, term licenses, and managed service arrangements. Annual renewable maintenance is a separate component of each perpetual license agreement for ISS products with revenue recognized ratably over the maintenance term. Term licenses allow customers to use our products and receive maintenance coverage for a specified period, generally 12 months. We recognize revenues from these term agreements ratably over the subscription term. Security monitoring services of information assets and systems are part of managed services and revenues are recognized as such services are provided. Professional services revenues include fee-based service engagements and training. Service engagements, typically billed on a time-and-materials basis, primarily focus on security assessments of customer networks and the development of customers' security policies. We recognize such professional services revenues as the related services are rendered. Multiple element arrangements can include any combination of hardware, software or services. When some elements are delivered prior to others in an arrangement, revenue is deferred until the delivery of the last element unless there is all of the following: - vendor specific objective evidence (VSOE) of fair value of the undelivered elements; - the functionality of the delivered elements is not dependent on the undelivered elements; and - delivery of the delivered elements represents the culmination of the earnings process. COST OF REVENUES Cost of revenues includes the cost of product licenses and sales and the cost of subscriptions and professional services. Cost of product licenses and sales are incurred upon recognition of the associated product revenues. Cost of subscriptions and professional services includes the cost of the technical support group that provides assistance to customers with maintenance agreements, the operations center costs of providing managed services and the costs related to the professional services and training staff. 44 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 1. SIGNIFICANT ACCOUNTING POLICIES -- (CONTINUED) CASH AND CASH EQUIVALENTS Cash equivalents include all highly liquid investments with original maturities of three months or less when purchased. Such amounts are stated at cost, which approximates market value. MARKETABLE SECURITIES Marketable securities consist of debt instruments of U.S. government agencies and corporate commercial paper. All such marketable securities have a maturity of less than twelve months. These investments are classified as available-for-sale and reported at fair market value. The amortized cost of securities classified as available-for-sale is adjusted for amortization of premiums and accretion of discounts to maturity. Such amortization is included in interest income. Unrealized gains and losses on available-for-sale securities were immaterial for 2001 and 2002. Realized gains and losses, and declines in value judged to be other-than-temporary are included in net securities gains (losses) and are included in results of operations. Interest on securities classified as available-for-sale is included in interest income (see Note 3). CONCENTRATIONS OF CREDIT RISK Product revenues are concentrated in the software industry, which is highly competitive and rapidly changing. Significant technological changes in the industry or customer requirements, or the emergence of competitive products with new technologies or capabilities could adversely affect operating results. In addition, fluctuations of the U.S. dollar against foreign currencies or changes in local regulatory or economic conditions could adversely affect operating results. Financial instruments that potentially subject ISS to significant concentrations of credit risk consist principally of cash and cash equivalents, marketable securities and accounts receivable. ISS maintains cash and cash equivalents in short-term money market accounts with three financial institutions and in short-term, investment grade commercial paper. Marketable securities consist of United States government agency securities and investment grade commercial paper. ISS's sales are global, primarily to companies located in the Americas, Europe, and the Asia/Pacific regions. ISS performs periodic credit evaluations of its customer's financial condition and does not require collateral. Accounts receivable are due principally from large U.S. companies under stated contract terms. ISS also has receivables from its European and Asia/Pacific operations, which are principally from its partners in such regions. This includes partners in the Northeast Asia markets, which includes China, Japan and Korea, and current economic weakness and difficulties associated with doing business in these markets exposes the Company to associated credit risk. ISS provides for estimated credit losses as such losses become probable. Such losses have been within management's expectations. FAIR VALUE OF FINANCIAL INSTRUMENTS The carrying amounts reported in the balance sheets for cash and cash equivalents, marketable securities, accounts receivable and accounts payable approximate their fair values. PROPERTY AND EQUIPMENT Property and equipment are stated at cost less accumulated depreciation. Depreciation is computed using the straight-line method for financial reporting purposes on the basis of the following estimated useful lives: three years for computer equipment, five to seven years for office furniture and equipment and over the term of the lease for leasehold improvements. 45 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 1. SIGNIFICANT ACCOUNTING POLICIES -- (CONTINUED) INVENTORY Inventory consists of finished goods purchased for resale and is recorded at the lower of cost or market. Cost is determined using the first-in, first-out (FIFO) method. GOODWILL AND INTANGIBLES Goodwill represents the excess acquisition cost over the fair value of net assets acquired. On January 1, 2002, ISS adopted SFAS No. 142, Goodwill and Other Intangible Assets ("SFAS 142"). Under this statement, goodwill is no longer amortized but is subject to annual impairment tests (or more frequent tests if impairment indicators arise). The Company performed impairment tests of goodwill as required, evaluating recoverability based on a combination of forecasted discounted cash flows and stock market valuation. Goodwill was determined not to be impaired in 2002 based on such tests. Prior to the adoption of SFAS 142 the Company amortized the Network ICE goodwill over five years and other goodwill over periods ranging from 2 to 10 years. Goodwill and intangible assets are comprised of the following, as of the dates indicated:
DECEMBER 31, --------------------------------------------------------- 2001 2002 --------------------------- --------------------------- GROSS GROSS CARRYING ACCUMULATED CARRYING ACCUMULATED AMOUNT AMORTIZATION AMOUNT AMORTIZATION ------------ ------------ ------------ ------------ Goodwill........................ $224,441,000 $(27,381,000) $227,845,000 $(27,381,000) ============ ============ ============ ============ Amortized intangible assets: Core technology............... 3,853,000 (1,557,000) 3,853,000 (2,039,000) Developed technology.......... 17,808,000 (2,487,000) 16,857,000 (5,654,000) Work force.................... 215,000 (116,000) 1,407,000 (216,000) Customer relationships........ 2,490,000 (484,000) 2,490,000 (1,314,000) ------------ ------------ ------------ ------------ Total................. $ 24,366,000 $ (4,644,000) $ 24,607,000 $ (9,223,000) ============ ============ ============ ============
The Company amortizes intangible assets over their estimated useful lives of eight years for core technology, five years for developed technology, three to six years for work force and three years for customer relationships. Amortization expense of intangible assets is as follows:
YEAR ENDED DECEMBER 31, ------------------------- 2001 2002 ------------ ---------- Goodwill.................................................... $ 26,505,000 $ -- Core technology............................................. 482,000 482,000 Developed technology........................................ 2,142,000 3,167,000 Work force.................................................. 36,000 100,000 Customer relationships...................................... 484,000 830,000 ============ ========== Total............................................. $ 29,649,000 $4,579,000 ============ ==========
46 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 1. SIGNIFICANT ACCOUNTING POLICIES -- (CONTINUED) The estimated future amortization expense of intangible assets as of December 31, 2002 is as follows:
AMOUNT ----------- Fiscal year: 2003...................................................... $ 5,111,000 2004...................................................... 4,495,000 2005...................................................... 4,057,000 2006...................................................... 1,721,000 ----------- Total............................................. $15,384,000 ===========
The following table presents a reconciliation of previously reported net income (loss) and net income (loss) per share to the amounts adjusted for the exclusion of the amortization of goodwill:
YEAR ENDED DECEMBER 31, ------------------------- 2001 2002 ------------ ---------- Net income (loss), reported................................ $(15,458,000) $1,779,000 Amortization of goodwill................................. 26,505,000 -- ------------ ---------- Net income, as adjusted.................................... 11,047,000 1,779,000 ============ ========== Basic net income (loss) per share of Common Stock, as reported................................................. $ (0.34) $ 0.04 Amortization of goodwill................................... 0.58 -- ------------ ---------- Basic net income per share, as adjusted.................... $ 0.24 $ 0.04 ============ ========== Diluted net income (loss) per share of Common Stock, as reported................................................. $ (0.34) $ 0.04 Amortization of goodwill................................... 0.58 -- ------------ ---------- Diluted net income per share of Common Stock, as adjusted................................................. $ 0.24 $ 0.04 ============ ==========
RESEARCH AND DEVELOPMENT COSTS Research and development costs are charged to expense as incurred. ISS has not capitalized any such development costs under Statement of Financial Accounting Standards ("SFAS") No. 86, Accounting for the Costs of Computer Software to Be Sold, Leased, or Otherwise Marketed, because the costs incurred between the attainment of technological feasibility for the related software product through the date when the product is available for general release to customers has been insignificant. ADVERTISING COSTS ISS incurred advertising costs of $2,175,000 in 2000, $2,636,000 in 2001 and $6,265,000 in 2002, which are expensed as incurred and are included in sales and marketing expense in the statements of operations. STOCK BASED COMPENSATION SFAS 123, Accounting for Stock-Based Compensation ("SFAS 123"), establishes accounting and reporting standards for stock-based employee compensation plans. As permitted by SFAS 123, ISS continues to account for stock-based compensation in accordance with APB Opinion No. 25, Accounting for Stock Issued to Employees, and has elected the pro forma disclosure alternative of SFAS 123. 47 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 1. SIGNIFICANT ACCOUNTING POLICIES -- (CONTINUED) Although SFAS 123 allows the Company to continue to follow APB 25 guidelines, the following is pro forma net loss and pro forma net loss per share as if the Company had adopted SFAS 123. The pro forma impact of applying SFAS 123 in fiscal 2002, 2001 and 2000 will not necessarily be representative of the pro forma impact in future years. Pro forma information is as follows:
YEARS ENDED DECEMBER 31, ------------------------------------------ 2000 2001 2002 ------------ ------------ ------------ Net income (loss), as reported............. $ 18,315,000 $(15,458,000) $ 1,779,000 Pro forma stock compensation expense computed under the fair value method, net of income taxes.......................... (26,318,000) (27,975,000) (28,589,000) ------------ ------------ ------------ Pro forma net loss......................... (8,003,000) (43,433,000) (26,810,000) ============ ============ ============ Basic net income (loss) per share of Common Stock, as reported....................... $ 0.44 $ (0.34) $ 0.04 ============ ============ ============ Diluted net income (loss) per share of Common Stock, as reported................ $ 0.41 $ (0.34) $ 0.04 ============ ============ ============ Pro forma basic and diluted net loss per share of Common Stock.................... $ (0.19) $ (0.95) $ (0.55) ============ ============ ============
Inputs used for the fair value method for our employee stock options are as follows:
YEARS ENDED DECEMBER 31, ------------------------ 2000 2001 2002 ------ ------ ------ Volatility................................................. 129% 128% 122% Weighted-average expected lives (in years)................. 5 5 5 Expected dividend yields................................... -- -- -- Weighted-average risk-free interest rates.................. 6.27% 4.51% 4.20% Weighted-average fair value per share of options granted... $59.25 $27.76 $21.56
The Black-Scholes option valuation model was developed for use in estimating the fair value of traded options that have no vesting restrictions and are fully transferable. In addition, option valuation models require the input of highly subjective assumptions including the expected stock price volatility. Because employee stock options have characteristics different from those of traded options, and because the changes in the subjective input assumptions can materially affect the fair value estimate, in management's opinion, the existing models do not necessarily provide a reliable single measure of the fair value of its employee stock options. ACCOUNTING FOR ISSUANCES OF STOCK BY A SUBSIDIARY When a subsidiary of the Company issues shares of its stock at an amount different than the Company's carrying value for the subsidiary's stock, the Company records the difference as a gain or loss in the consolidated statements of operations, in accordance with SEC Staff Accounting Bulletin No. 51, if the transaction meets the following conditions: (1) the sale of such shares is not a part of a broader corporate reorganization contemplated or planned by the Company; (2) the Company does not intend to spin-off the related subsidiary to stockholders; (3) reacquisition of shares is not contemplated at the time of issuance; and (4) the subsidiary is not a newly-formed, non-operating entity, a research and development start-up or development stage entity, or an entity whose ability to continue in existence is in question. The Company accounts for sales that do not meet these criteria as capital transactions. 48 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 1. SIGNIFICANT ACCOUNTING POLICIES -- (CONTINUED) INCOME (LOSS) PER SHARE Basic net income (loss) per share (see Note 10) was computed by dividing net income (loss) by the weighted average number of shares outstanding of Common Stock. Diluted net income per share was computed by dividing net income by the weighted average shares outstanding, including common equivalents (when dilutive). RECENTLY ISSUED ACCOUNTING STANDARDS In June 2002, the FASB issued Statement No. 146, Accounting for Costs Associated with Exit or Disposal Activities. This Statement addresses financial accounting and reporting for costs associated with exit or disposal activities and nullifies Emerging Issues Task Force (EITF) Issue No. 94-3, Liability Recognition for Certain Employee Termination Benefits and Other Costs to Exit an Activity (including Certain Costs Incurred in a Restructuring). The provisions of this Statement are effective for exit or disposal activities that are initiated after December 31, 2002, with early application encouraged. The Company does not expect the adoption to have a material impact on the Company's financial position or results of operations. In December 2002, the FASB issued Statement No. 148, Accounting for Stock-Based Compensation-Transition and Disclosure ("SFAS 148"), which amends SFAS 123, to provide alternative methods of transition for a voluntary change to the fair value based method of accounting for stock-based employee compensation. In addition, SFAS 148 amends the disclosure requirements of SFAS 123 to require prominent disclosures in both annual and interim financial statements about the method of accounting for stock-based employee compensation and the effect of the method used on reported results. The transition guidance and annual disclosure provisions of SFAS 148 are effective for fiscal years ending after December 15, 2002, with earlier application permitted in certain circumstances. The adoption of this statement did not have a material impact on the Company's financial position or results of operations as the Company has not elected to change to the fair value based method of accounting for stock-based employee compensation. 2. BUSINESS COMBINATIONS AND ASSET ACQUISITIONS On October 30, 2002, ISS acquired 100% of the outstanding stock of vCIS, Inc., a privately held corporation based in Santa Clara, California. vCIS is a development-stage company focused on the development of software designed to enhance the security of a computing environment by detecting and defeating malicious code, including viruses, worms and trojans, in real-time using behavior analysis technology. ISS issued approximately 966,000 shares of ISS Common Stock for all of the outstanding vCIS stock and assumed all of the outstanding vCIS stock options resulting in approximately 35,000 additional ISS shares being reserved for outstanding grants under the vCIS stock option plan. In addition, ISS made a series of cash investments in vCIS prior to the date of merger totaling $1,945,000. The investments were in the form of a convertible line of credit note that allowed ISS to convert the balance due to equity in vCIS at a rate consistent with the lowest price offered to other investors in any new equity financing offered by vCIS. The combined fair value of common stock issued, options assumed, cash investments and acquisition costs, consisting of approximately $800,000 of legal and accounting fees, is approximately $19.6 million. The fair value of common stock issued was determined based on the average closing price of ISS stock on August 23, 2002 and the two trading days before and after this date. 49 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 2. BUSINESS COMBINATIONS AND ASSET ACQUISITIONS -- (CONTINUED) The merger was accounted for as a purchase and, accordingly, the operating results of vCIS are included in the consolidated financial statements of ISS from the date of acquisition. The aggregate purchase price was allocated based on a valuation of the vCIS assets, intangibles and in-process research and development. vCIS does not meet the definition of a business under EITF 98-3, Determining Whether a Nonmonetary Transaction Involves Receipt of Productive Assets or of a Business. As required by paragraph 9 of SFAS 142, the excess purchase price is allocated to the assets acquired in proportion to their relative values. The final allocation is as follows: Net liabilities of vCIS..................................... $ (100,000) In-process research and development......................... 18,500,000 Assembled workforce......................................... 1,200,000 ----------- $19,600,000 ===========
The tangible assets of vCIS acquired in the merger consist primarily of cash and fixed assets. The liabilities of vCIS assumed in the merger consist primarily of accounts payable and accrued expenses. In-process research and development valued at approximately $18.5 million had not reached technological feasibility based on identifiable risk factors, which indicated that even though successful completion was expected, it was not assured as of the acquisition date and was immediately charged to operations. Accordingly, under current accounting standards, such amount was expensed. On August 1, 2002 Internet Security Systems KK acquired privately held TriSecurity Holdings Pte Ltd. ("TriSecurity"), a primary ISS KK distributor in Singapore. In exchange for all of the outstanding shares of TriSecurity, ISS KK issued approximately 1,000 shares of ISS KK stock and paid approximately $1.2 million of cash. Goodwill of approximately $4.0 million related to the purchase was recorded. There is additional annual contingent consideration dependent on the achievement of specified increasing levels of revenues and operating profits through 2004. The total maximum additional consideration at December 31, 2002 is 490 shares of ISS KK stock, which had a fair value of approximately $806,000 at December 31, 2002, and any shares issued will be recorded as additional purchase price. The operating results of ISS include the operating results of TriSecurity Holdings Pte Ltd. since the date of acquisition. On June 5, 2001, ISS acquired 100% of the outstanding stock of Network ICE Corporation, a privately held corporation based in San Mateo, California ("Network ICE"). Network ICE is a leading developer of desktop intrusion protection technology and highly scalable security management systems. ISS issued approximately 4,311,000 shares of ISS common stock for all of the outstanding Network ICE common stock and assumed all of the outstanding Network ICE stock options resulting in approximately 289,000 additional ISS shares being reserved for outstanding grants under the Network ICE Stock Plan. The combined fair value of common stock issued, options assumed and acquisition costs was approximately $237.6 million based on the average closing price of our common stock on the merger agreement date of April 30, 2001 and the two days before and after April 30, 2001. Acquisition costs of approximately $8 million consist primarily of financial advisory, legal and accounting fees. The Company adopted a plan to restructure Network ICE whereby 46 Network ICE employees were terminated over a six-month period following the acquisition. As such $1.8 million of severance costs were included in the acquisition costs for severance related to these terminations. At December 31, 2001 all such terminations and related severance payments had been completed. 50 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 2. BUSINESS COMBINATIONS AND ASSET ACQUISITIONS -- (CONTINUED) The merger was accounted for as a purchase and, accordingly, the operating results of Network ICE are included in the consolidated financial statements of ISS from the date of acquisition. The adjusted aggregate purchase price was allocated based on a valuation report of the Network ICE intangibles and in-process research and development as follows: Net tangible liabilities of Network ICE..................... $ (4,020,000) In-process research and development......................... 2,910,000 Customer relationships...................................... 2,490,000 Technology.................................................. 17,030,000 Deferred income taxes....................................... (7,418,000) Deferred compensation....................................... 6,231,000 Goodwill.................................................... 220,398,000 ------------ $237,621,000 ============
The tangible assets of Network ICE acquired in the merger consisted primarily of cash, accounts receivable and fixed assets. The liabilities of Network ICE assumed in the merger consisted primarily of accounts payable and accrued expenses and deferred revenue. In-process research and development of approximately $2.9 million had not reached technological feasibility based on identifiable technological risk factors, which indicated that even though successful completion was expected, it was not assured as of the acquisition date and was immediately charged to operations. The following table summarizes unaudited pro forma results of operations as if the acquisitions of vCIS and Network ICE were concluded as of the beginning of the periods presented. The adjustments to the historical data reflect the following (i) amortization of goodwill and intangibles, (ii) write off of in-process research and development, and (iii) deferred stock compensation. This pro forma information is not necessarily indicative of what combined operations would have been if ISS had control of such combined businesses for the periods presented.
DECEMBER 31, ------------------------------------------ 2000 2001 2002 ------------ ------------ ------------ (UNAUDITED) Revenue...................................... $204,887,000 $229,276,000 $243,285,000 Net loss..................................... $(35,352,000) $(44,160,000) $ (790,000) Basic and diluted net loss per share of Common Stock............................... $ (0.77) $ (0.97) $ (0.02)
In August 2000, ISS acquired privately held ISYI of Padova, Italy. ISYI is a leader in advanced network security services in the Italian market place and an early provider of remote security monitoring services. In exchange for all the outstanding stock of ISYI, approximately 29,100 shares of ISS common stock were issued in a transaction exempt from registration under the Securities Act of 1933. The transaction was accounted for using the pooling-of-interests method of accounting; however, this transaction was not material to ISS's consolidated operations and financial position and, therefore, the operating results of ISS have not been restated for this transaction. The operating results of ISS include the results of operations of ISYI since the date of acquisition. 51 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 3. MARKETABLE SECURITIES The following is a summary of available-for-sale marketable securities as of December 31:
2001 2002 ----------- ----------- Unrestricted: U.S. corporate commercial paper........................... $53,144,000 $53,999,000 Debt instruments of U.S. government agencies.............. 1,985,000 -- Restricted: U.S. corporate commercial paper........................... 12,500,000 14,690,000 ----------- ----------- $67,629,000 $68,689,000 =========== ===========
As of December 31, 2001 and 2002 the cost of marketable securities approximated fair value. The contractual maturities of all of these investments were less than one year as of December 31, 2002. Marketable securities of $14,690,000 at December 31, 2002 and $12,500,000 at December 31, 2001 are restricted as collateral for letters of credit issued in relation to operating leases for facilities and classified as restricted marketable securities. 4. STOCK OPTION PLANS ISS's Incentive Stock Plan (the "Plan") provides for the granting of qualified or nonqualified options to purchase shares of ISS's Common Stock. Under the Plan, at December 31, 2002 there are 14,454,122 shares reserved for future issuance which increases automatically on the first trading day of each year by an amount equal to 4% of the number of shares of Common Stock outstanding on the last trading day of the preceding year. An additional 160,000 shares have been reserved for non-statutory options issued in 1997 to non- employee directors. In October 2002, as a result of the acquisition of vCIS, the Company assumed all outstanding vCIS stock options. Each vCIS stock option assumed is subject to the same terms and conditions as the original grant and generally vest over three to four years and expires ten years from the date of grant. Each option was adjusted at a ratio of 0.04770 shares of ISS common stock for each one share of vCIS common stock. In June 2001, as a result of the acquisition of Network ICE, the Company assumed all outstanding Network ICE stock options. Each Network ICE stock option assumed is subject to the same terms and conditions as the original grant and generally vests over four years and expires ten years from the date of grant. Each option was adjusted at a ratio of 0.13529 shares of ISS common stock for each one share of Network ICE common stock. A summary of ISS's stock option activity is as follows:
2000 2001 2002 --------------------- --------------------- --------------------- WEIGHTED WEIGHTED WEIGHTED AVERAGE AVERAGE AVERAGE NUMBER OF EXERCISE NUMBER OF EXERCISE NUMBER OF EXERCISE SHARES PRICE SHARES PRICE SHARES PRICE ---------- -------- ---------- -------- ---------- -------- Outstanding at beginning of year......... 5,067,000 $13.58 5,252,000 $36.54 5,004,000 $36.98 Granted................................ 2,253,000 67.88 1,663,000 32.15 3,773,000 25.33 Exercised.............................. (1,366,000) 4.63 (1,108,000) 12.65 (587,000) 6.30 Canceled............................... (702,000) 33.61 (1,092,000) 46.52 (1,469,000) 42.82 Assumed................................ -- -- 289,000 14.79 35,000 0.94 ---------- ---------- ---------- Outstanding at end of year............... 5,252,000 36.54 5,004,000 36.98 6,756,000 31.64 ========== ========== ========== Exercisable at end of year............... 1,430,000 13.24 1,386,000 22.74 2,032,000 32.06 ========== ========== ==========
All vCIS and Network ICE options assumed by ISS were included in the purchase price based on their fair value. The intrinsic value of the unvested options has been allocated to deferred compensation and is being 52 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 4. STOCK OPTION PLANS -- (CONTINUED) amortized over the remaining vesting periods of the related options. The Company recorded deferred compensation of approximately $6.2 million for the Network ICE options in June 2001 and approximately $153,000 in October 2002 for the vCIS options. Amortization of deferred compensation was $2.1 million in 2001 and $1.1 million in 2002. The following table summarizes information about stock options outstanding at December 31, 2002:
OPTIONS FULLY OPTIONS OUTSTANDING VESTED AND EXERCISABLE ---------------------------- ----------------------- NUMBER OF WEIGHTED NUMBER OPTIONS AVERAGE EXERCISABLE WEIGHTED OUTSTANDING AT REMAINING AT AVERAGE DECEMBER 31, CONTRACTUAL DECEMBER 31, EXERCISE RANGE OF EXERCISE PRICES 2002 LIFE 2002 PRICE ------------------------ -------------- ----------- ------------ -------- $.08-9.11............................. 667,000 7.01 410,000 $ 4.44 $10.00-19.19.......................... 857,000 8.58 222,000 11.78 $20.03-24.06.......................... 1,625,000 8.98 187,000 21.97 $25.20-34.97.......................... 2,111,000 8.58 659,000 30.72 $39.75-58.94.......................... 548,000 7.77 190,000 56.18 $60.25-85.63.......................... 948,000 7.46 364,000 70.53
5. ADOPTION OF SHAREHOLDER RIGHTS PLAN On July 11, 2002, the Board of Directors adopted a shareholder rights plan and authorized and declared a dividend of one preferred share purchase right (a "Right") for each outstanding share of Common Stock, par value $.001 per share, of the Company. The dividend was paid on July 29, 2002 to the stockholders of record on that date. Stock issued subsequent to July 29, 2002 will be issued with an attached Right. Each Right will initially represent the right, under certain circumstances, to purchase one one-thousandth of a share of Series A Junior Participating Preferred Stock (the "Junior Preferred Stock") at a purchase price of $80 per one one-thousandth of a share. If a person or group acquires beneficial ownership of 20% or more of the then outstanding shares of the Company's Common Stock (an "Acquiring Person"), the holder of a Right, upon exercise of the Right, will thereafter have the right to receive, in lieu of shares of Junior Preferred Stock, shares of the Company's Common Stock (or, in certain circumstances, cash, property or other securities of the Company) having a value equal to twice the purchase price of the Right. The Rights expire on July 11, 2012. Generally, the Board of Directors may redeem the Rights at a price of $.001 per Right (subject to adjustment) at any time prior to the earlier of (i) the close of business on the tenth business day following the date a person becomes an Acquiring Person or (ii) the expiration date of the Rights. Prior to any person or group becoming an Acquiring Person, the Company may amend the Rights Agreement at any time. 6. OTHER INCOME AND MINORITY INTEREST Other income for 2002 includes a gain of $2.6 million related to the issuance of subsidiary shares in connection with the acquisition of TriSecurity Holdings Pte Ltd. The Company reported a gain on the difference between the fair market value of the shares issued and the book value of those shares, in accordance with Staff Accounting Bulletin No. 51 and company policy. A gain of $1.9 million was recorded in 2002 on the sale by the Company's Asia/Pacific subsidiary of an investment in an ISS distributor in Japan. The shares of the publicly traded company were acquired when the distributor was privately held and were subsequently sold on the open market. 53 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 6. OTHER INCOME AND MINORITY INTEREST -- (CONTINUED) In September 2001 the Asia/Pacific subsidiary sold newly issued shares in an initial public offering ("IPO") on the Japan over-the-counter market. These newly issued shares represented approximately 10% of the previously outstanding shares of our Asia/Pacific subsidiary. Other income in 2001 includes a gain on the subsidiary IPO of $13.6 million from this initial public offering. Other income also includes $1.6 million generated from the March 2001 sale of approximately 2% of the outstanding shares of our Asia/Pacific subsidiary to employees and key partners. These amounts represent the difference between proceeds received and the underlying basis in the stock less the minority interest in such gains, in accordance with Staff Accounting Bulletin No. 51. Minority interest totaled $336,000 in 2001 and $187,000 in 2002. Minority interest represents the portion of earnings that would be distributed to shares not held by the Company if the Asia/Pacific subsidiary declared a dividend equal to its earnings. 7. COMMITMENTS AND LITIGATION ISS has non-cancelable operating leases for facilities that expire at various dates through 2013. ISS has a lease for its corporate headquarters, which it began to occupy in various stages beginning in November 2000 and will continue through December 2003. The Company has shorter-term leases for office space in other locations and various computer equipment. Future minimum payments under non-cancelable operating leases with initial terms of one year or more consisted of the following at December 31, 2002:
NON-CANCELABLE OPERATING LEASES ---------------- 2003....................................................... $12,531,000 2004....................................................... 12,266,000 2005....................................................... 11,440,000 2006....................................................... 10,897,000 2007....................................................... 8,739,000 Thereafter................................................. 42,021,000 ----------- Total minimum lease payments..................... $97,894,000 ===========
Rent expense was approximately $4,939,000, $6,806,000 and $12,008,000 for the years ended December 31, 2000, 2001 and 2002, respectively. Beginning on September 28, 2001, the Company and certain of its officers and directors were named as defendants in several lawsuits alleging violations of the federal securities laws, including Sections 10(b) and 20(a) of the Securities Exchange Act of 1934, as amended, and Rule 10b-5 thereunder. Six such actions were filed in the United States District Court for the Northern District of Georgia. All six actions have been consolidated into a single case and the court has appointed lead plaintiffs and lead plaintiff's counsel. The consolidated complaint was filed October 9, 2002 and purports to be brought on behalf of a class of investors who purchased the Company's stock during the period from April 5, 2001 through August 14, 2001 (the "Class Period"). The complaint generally alleges that the Company and the individual defendants violated the anti-fraud provisions of the federal securities laws and caused the Company's stock to trade at artificially high prices by making misrepresentations relating to the Company's financial condition and prospects during the Class Period. The complaint seeks damages in an unspecified amount. On December 11, 2002, the Company and the individual defendants moved to dismiss the consolidated amended complaint under the Private Securities Litigation Reform Act of 1995. The Court has not yet ruled on that motion. The Company believes that it has meritorious defenses and intends to defend the actions vigorously. 54 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 8. INCOME TAXES For financial reporting purposes, the provision for income taxes includes the following components, all of which are current:
YEAR ENDED DECEMBER 31, --------------------------------------- 2000 2001 2002 ----------- ----------- ----------- Federal income taxes............................ $ 8,421,000 $ 8,899,000 $10,404,000 State income taxes.............................. 691,000 696,000 637,000 Foreign income taxes............................ 1,226,000 2,926,000 2,035,000 ----------- ----------- ----------- Total provision for income taxes...... $10,338,000 $12,521,000 $13,076,000 =========== =========== ===========
Pre-tax income (loss) attributable to foreign and domestic operations is summarized below:
YEAR ENDED DECEMBER 31, ---------------------------------------- 2000 2001 2002 ----------- ------------ ----------- U.S. operations................................ $26,226,000 $ 3,799,000 $15,376,000 Japan operations............................... 3,156,000 5,808,000 2,455,000 EMEA operations................................ (437,000) (12,174,000) (2,136,000) Other.......................................... (292,000) (370,000) (840,000) ----------- ------------ ----------- $28,653,000 $ (2,937,000) $14,855,000 =========== ============ ===========
A reconciliation of the provision for income taxes to the statutory federal income tax rate is as follows:
YEAR ENDED DECEMBER 31, --------------------------------------- 2000 2001 2002 ----------- ----------- ----------- Federal income taxes at 35% applied to pretax income (loss)................................. $10,029,000 $(1,028,000) $ 5,200,000 State income taxes, net of federal income tax benefit....................................... 691,000 696,000 637,000 Intangibles..................................... 57,000 9,170,000 -- Research and development tax credits............ (1,104,000) (1,100,000) (1,496,000) Foreign operations.............................. 223,000 2,634,000 1,441,000 Deferred compensation........................... -- 729,000 383,000 Write-off of in-process research and development................................... -- 1,019,000 6,488,000 Other........................................... 672,000 346,000 423,000 Change in valuation allowance................... (230,000) 55,000 -- ----------- ----------- ----------- $10,338,000 $12,521,000 $13,076,000 =========== =========== ===========
Deferred income taxes reflect the net income tax effects of temporary differences between the carrying amounts of assets and liabilities for financial reporting purposes and the amounts used for income tax 55 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 8. INCOME TAXES -- (CONTINUED) purposes. The net income tax effect has been computed using a combined statutory rate of 38% for federal and state taxes. Significant components of ISS's net deferred income taxes are as follows:
DECEMBER 31, --------------------------- 2001 2002 ------------ ------------ Deferred income tax liabilities: Amortization........................................... $ 5,913,000 $ 4,766,000 Gain on issuance of subsidiary stock................... 5,876,000 6,407,000 ------------ ------------ Total deferred income tax liabilities.......... 11,789,000 11,173,000 Deferred income tax assets: Depreciation........................................... 400,000 108,000 Accrued liabilities.................................... 122,000 1,075,000 Allowance for doubtful accounts........................ 853,000 623,000 Net operating loss carryforwards....................... 32,039,000 20,128,000 Foreign tax credit carryforwards....................... 1,000,000 1,937,000 Research and development tax credit carryforwards...... 4,487,000 5,983,000 ------------ ------------ Total deferred income tax assets............... 38,901,000 29,854,000 ------------ ------------ Net deferred tax income tax asset.............. 27,112,000 18,681,000 Less valuation allowance............................... (27,112,000) (18,681,000) ------------ ------------ Net deferred income tax assets................. $ -- $ -- ============ ============
For financial reporting purposes, a valuation allowance has been recognized to reduce the net deferred income tax assets to zero. In 2002, the change in valuation allowance is a result of changes in deferred income tax assets and liabilities for which the related benefit or provision was charged to stockholders' equity. Therefore, such change in the valuation allowance is not included in the rate reconciliation above. ISS has not recognized any benefit from the future use of the deferred income tax assets because management's evaluation of all the available evidence in assessing the realizability of the tax benefits of such loss carryforwards indicates that the underlying assumptions of future profitable operations contain risks that do not provide sufficient assurance to recognize such tax benefits currently. The net deferred income tax assets include approximately $27,112,000 and $18,681,000 at December 31, 2001 and 2002, respectively, of assets that were created by or are subject to valuation allowance as a result of stock option deductions. While income tax expense will be recorded on any future pre-tax profits from United States operations, these deferred tax assets would reduce the related income taxes payable. This reduction in income taxes payable in future periods would be recorded as additional paid-in capital. ISS has approximately $53,000,000 of net operating loss carryforwards for federal income tax purposes that expire in varying amounts between 2011 and 2021. The net operating loss carryforwards may be subject to certain limitations in the event of a change in ownership. ISS also has approximately $5,983,000 of research and development tax credit carryforwards that expire between 2011 and 2022 and foreign tax credit carryforwards of $1,937,000 that expire between 2006 and 2007. 9. EMPLOYEE STOCK AND BENEFIT PLANS ISS sponsors a 401(k) plan that covers substantially all employees over 18 years of age. Participating employees may contribute up to 15% of their pre-tax salary, but not more than statutory limits. ISS matches 25% of participant contributions up to 3% of their pre-tax salary. Matching contributions were $196,000 in 2000, $290,000 in 2001 and $288,000 in 2002 and were charged to expense. 56 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 9. EMPLOYEE STOCK AND BENEFIT PLANS -- (CONTINUED) Effective July 1, 1999 ISS implemented an employee stock purchase plan (the "Plan") for all eligible employees. Under the Plan, shares of ISS's Common Stock may be purchased at six-month intervals at 85% of the lower of the fair market value on the first or the last day of each six-month period. Employees may purchase shares with aggregate fair value up to 10% of their gross compensation during a six-month period. During 2001 employees purchased 75,000 shares at an average price of $30.40 per share and during 2002 employees purchased 126,000 shares at an average price of $16.61 per share. At December 31, 2002, 310,000 shares of ISS Common Stock were reserved for future issuance. 10. INCOME (LOSS) PER SHARE The following table sets forth the computation of basic and diluted net income (loss) per share:
YEAR ENDED DECEMBER 31, ---------------------------------------- 2000 2001 2002 ----------- ------------ ----------- Numerator: Net income (loss).......................... $18,315,000 $(15,458,000) $ 1,779,000 ----------- ------------ ----------- Denominator: Denominator for basic net income (loss) per share -- weighted average shares........ 41,892,000 45,649,000 48,456,000 Effect of dilutive stock options........... 3,207,000 -- 702,000 ----------- ------------ ----------- Denominator for diluted net income (loss) per share -- weighted average shares.... 45,099,000 45,649,000 49,158,000 ----------- ------------ ----------- Basic net income (loss) per share............ $ 0.44 $ (0.34) $ 0.04 =========== ============ =========== Diluted net income (loss) per share.......... $ 0.41 $ (0.34) $ 0.04 =========== ============ ===========
For the year ended December 31, 2001, 1,364,000 weighted average options were not included in the above calculations as their effect on loss per share was anti-dilutive. 11. SEGMENT AND GEOGRAPHIC INFORMATION ISS conducts business in one operating segment; namely providing information security management solutions. The Company does, however, prepare information for internal use on a geographic basis. This information consists of the operating results of each geographic segment. The segment operating costs reported internally generally consist of direct sales expenses, an executive team and infrastructure to support its employee and customer and partner base, and supporting billing and financial systems. Unallocated corporate expenses include research and development, general and administrative costs that support the global organization, amortization of intangibles, stock based compensation and goodwill and costs that are one-time in nature, such as acquired in-process research and development, that are not charged directly to the other segments. The accounting policies of the segments are the same as those described in the summary of significant accounting policies. There are no intersegment sales. Our chief executive officer and chief financial officer evaluate performance based on operating profit or loss from operations, and trade accounts receivable for each segment. Other than trade accounts receivable, assets and liabilities are not discretely allocated or reviewed by segment. Goodwill is allocated to the segments in accordance with the requirements of SFAS 142. We do not allocate or review goodwill by segment for internal reporting purposes. 57 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 11. SEGMENT AND GEOGRAPHIC INFORMATION -- (CONTINUED) In accordance with Statement of Financial Accounting Standards No. 131, "Disclosures about Segments of an Enterprise and Related Information", the Company has included a summary of the segment financial information reported internally. The geographic segments are the Americas, Europe, Middle East and Africa ("EMEA"), and the Asia/Pacific region.
AMERICAS EMEA ASIA/PAC UNALLOCATED TOTAL ------------ ----------- ----------- ------------ ------------ AS OF OR FOR THE YEAR ENDED DECEMBER 31, 2002 REVENUES FROM EXTERNAL CUSTOMERS: Product licenses and sales....................... $ 82,456,000 $19,459,000 $19,178,000 $ -- $121,093,000 Subscriptions.................................... 71,224,000 12,952,000 8,769,000 -- 92,945,000 Professional services............................ 20,301,000 5,228,000 3,718,000 -- 29,247,000 ------------ ----------- ----------- ------------ ------------ Total revenue.............................. 173,981,000 37,639,000 31,665,000 -- 243,285,000 COST OF REVENUES: Product licenses and sales....................... 6,633,000 -- 55,000 -- 6,688,000 Subscriptions and professional services.......... 34,652,000 8,249,000 8,232,000 -- 51,133,000 ------------ ----------- ----------- ------------ ------------ Total cost of revenues..................... 41,285,000 8,249,000 8,287,000 -- 57,821,000 OPERATING EXPENSES................................. 63,477,000 20,624,000 9,578,000 83,762,000 177,441,000 ------------ ----------- ----------- ------------ ------------ TOTAL EXPENSES..................................... 104,762,000 28,873,000 17,865,000 83,762,000 235,262,000 ------------ ----------- ----------- ------------ ------------ SEGMENT OPERATING INCOME (LOSS).................... $ 69,219,000 $ 8,766,000 $13,800,000 $(83,762,000) $ 8,023,000 ============ =========== =========== ============ ============ ACCOUNTS RECEIVABLE................................ $ 33,945,000 $13,459,000 $ 9,296,000 $ -- $ 56,700,000 ============ =========== =========== ============ ============ GOODWILL........................................... $165,878,000 $ 6,456,000 $28,130,000 $ -- $200,464,000 ============ =========== =========== ============ ============ AS OF OR FOR THE YEAR ENDED DECEMBER 31, 2001 REVENUES FROM EXTERNAL CUSTOMERS: Product licenses and sales....................... $ 81,527,000 $18,284,000 $22,574,000 $ -- $122,385,000 Subscriptions.................................... 53,654,000 8,020,000 5,013,000 -- 66,687,000 Professional services............................ 24,421,000 6,971,000 3,095,000 -- 34,487,000 ------------ ----------- ----------- ------------ ------------ Total revenue.............................. 159,602,000 33,275,000 30,682,000 -- 223,559,000 COST OF REVENUES: Product licenses and sales....................... 12,737,000 593,000 109,000 -- 13,439,000 Subscriptions and professional services.......... 37,575,000 7,392,000 5,741,000 -- 50,708,000 ------------ ----------- ----------- ------------ ------------ Total cost of revenues..................... 50,312,000 7,985,000 5,850,000 -- 64,147,000 OPERATING EXPENSES................................. 60,663,000 22,033,000 9,305,000 91,569,000 183,570,000 ------------ ----------- ----------- ------------ ------------ TOTAL EXPENSES..................................... 110,975,000 30,018,000 15,155,000 91,569,000 247,717,000 ------------ ----------- ----------- ------------ ------------ SEGMENT OPERATING INCOME (LOSS).................... $ 48,627,000 $ 3,257,000 $15,527,000 $(91,569,000) $(24,158,000) ============ =========== =========== ============ ============ ACCOUNTS RECEIVABLE................................ $ 30,581,000 $10,792,000 $ 8,886,000 $ -- $ 50,259,000 ============ =========== =========== ============ ============ GOODWILL........................................... $163,179,000 $10,662,000 $23,219,000 $ -- $197,060,000 ============ =========== =========== ============ ============ FOR THE YEAR ENDED DECEMBER 31, 2000 REVENUES FROM EXTERNAL CUSTOMERS: Product licenses and sales....................... $ 91,516,000 $15,627,000 $12,560,000 $ -- $119,703,000 Subscriptions.................................... 33,728,000 5,929,000 2,049,000 -- 41,706,000 Professional services............................ 27,348,000 4,358,000 1,860,000 -- 33,566,000 ------------ ----------- ----------- ------------ ------------ Total revenue.............................. 152,592,000 25,914,000 16,469,000 -- 194,975,000 COST OF REVENUES: Product licenses and sales....................... 22,629,000 24,000 -- -- 22,653,000 Subscriptions and professional services.......... 28,447,000 6,143,000 2,181,000 -- 36,771,000 ------------ ----------- ----------- ------------ ------------ Total cost of revenues..................... 51,076,000 6,167,000 2,181,000 -- 59,424,000 OPERATING EXPENSES................................. 50,418,000 11,614,000 6,000,000 46,950,000 114,982,000 ------------ ----------- ----------- ------------ ------------ TOTAL EXPENSES..................................... 101,494,000 17,781,000 8,181,000 46,950,000 174,406,000 ------------ ----------- ----------- ------------ ------------ SEGMENT OPERATING INCOME (LOSS).................... $ 51,098,000 $ 8,133,000 $ 8,288,000 $(46,950,000) $ 20,569,000 ============ =========== =========== ============ ============
58 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 12. QUARTERLY FINANCIAL RESULTS (UNAUDITED) Summarized quarterly results for the two years ended December 31, 2001 and 2002 are as follows:
FIRST SECOND THIRD FOURTH ----------- ------------ ------------ ------------ 2001 by quarter: Revenues.................... $61,155,000 $ 51,710,000 $ 52,734,000 $ 57,960,000 Operating income (loss)..... 6,875,000 (11,278,000) (13,295,000) (6,460,000) Net income (loss)........... 6,541,000 (5,610,000) (6,088,000) (10,301,000) Net income (loss) per share: Basic....................... $ 0.15 $ (0.13) $ (0.13) $ (0.22) Diluted..................... $ 0.15 $ (0.13) $ (0.13) $ (0.22) 2002 by quarter: Revenues.................... $58,377,000 $ 60,031,000 $ 61,768,000 $ 63,109,000 Operating income (loss)..... 5,307,000 4,306,000 7,358,000 (8,948,000) Net income (loss)........... 3,369,000 4,125,000 6,341,000 (12,056,000) Net income (loss) per share: Basic....................... $ 0.07 $ 0.09 $ 0.13 $ (0.25) Diluted..................... $ 0.07 $ 0.08 $ 0.13 $ (0.25)
Because of the method used in calculating per share data, the quarterly per share data will not necessarily total the per share data as computed for the year. 59 SCHEDULE II VALUATION AND QUALIFYING ACCOUNTS
BALANCE AT BEGINNING OF BALANCE AT YEAR PROVISION WRITE-OFFS END OF YEAR ------------ ----------- ----------- ----------- 2000 Allowance for Doubtful Accounts............. $ 848,000 $ 556,000 $ (216,000) $ 1,188,000 =========== =========== =========== =========== Valuation allowance on net deferred income tax assets................................ $12,247,000 $20,776,000 $ -- $33,023,000 =========== =========== =========== =========== 2001 Allowance for Doubtful Accounts............. $ 1,188,000 $ 1,596,000 $ (221,000) $ 2,563,000 =========== =========== =========== =========== Valuation allowance on net deferred income tax assets................................ $33,023,000 $ -- $(5,911,000) $27,112,000 =========== =========== =========== =========== 2002 Allowance for Doubtful Accounts............. $ 2,563,000 $ 2,101,000 $(1,874,000) $ 2,790,000 =========== =========== =========== =========== Valuation allowance on net deferred income tax assets................................ $27,112,000 $ -- $(8,431,000) $18,681,000 =========== =========== =========== ===========
60 SIGNATURES Pursuant to the requirements of the Section 13 or 15(d) of the Securities Exchange Act of 1934, the Registrant has duly caused this Report to be signed on its behalf by the undersigned, thereunto duly authorized. INTERNET SECURITY SYSTEMS, INC. By: /s/ RICHARD MACCHIA ------------------------------------ Richard Macchia Vice President and Chief Financial Officer By: /s/ MAUREEN RICHARDS ------------------------------------ Maureen Richards Corporate Controller and Chief Accounting Officer Dated: March 28, 2003 POWER OF ATTORNEY KNOW ALL PERSONS BY THESE PRESENTS, that each person whose signature appears below hereby severally constitutes and appoints, Thomas E. Noonan, Richard Macchia and Maureen Richards, and each or any of them, his true and lawful attorney-in-fact and agent, each with the power of substitution and resubstitution, for him in any and all capacities, to sign any and all amendments to this Annual Report (Form 10-K) and to file the same, with exhibits thereto and other documents in connection therewith, with the Securities and Exchange Commission, hereby ratifying and confirming all that each said attorney-in-fact and agent, or his substitute or substitutes, may lawfully do or cause to be done by virtue hereof. Pursuant to the requirements of the Securities Exchange Act of 1934, this Report has been signed below by the following persons on behalf of the Registrant and in the capacities and on the dates indicated.
NAME TITLE DATE ---- ----- ---- /s/ THOMAS E. NOONAN Chairman, President and Chief March 28, 2003 ----------------------------------------------------- Executive (Principal Thomas E. Noonan Executive Officer) /s/ CHRISTOPHER W. KLAUS Chief Technology Officer, March 28, 2003 ----------------------------------------------------- Secretary and Director Christopher W. Klaus /s/ RICHARD MACCHIA Vice President and Chief March 28, 2003 ----------------------------------------------------- Financial Officer Richard Macchia /s/ RICHARD S. BODMAN Director March 28, 2003 ----------------------------------------------------- Richard S. Bodman /s/ ROBERT E. DAVOLI Director March 28, 2003 ----------------------------------------------------- Robert E. Davoli /s/ SAM NUNN Director March 28, 2003 ----------------------------------------------------- Sam Nunn
61
NAME TITLE DATE ---- ----- ---- /s/ KEVIN J. O'CONNOR Director March 28, 2003 ----------------------------------------------------- Kevin J. O'Connor /s/ DAVID N. STROHM Director March 28, 2003 ----------------------------------------------------- David N. Strohm
62 CERTIFICATION OF CHIEF EXECUTIVE OFFICER I, Thomas E. Noonan, Chief Executive Officer and President of Internet Security Systems, Inc., certify that: 1. I have reviewed this annual report on Form 10-K of Internet Security Systems, Inc. ("Registrant"); 2. Based on my knowledge, this annual report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statements made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this annual report; 3. Based on my knowledge, the financial statements, and other financial information included in this annual report, fairly present in all material respects the financial condition, results of operations and cash flows of Registrant as of, and for, the periods presented in this annual report; 4. Registrant's other certifying officers and I are responsible for establishing and maintaining disclosure controls and procedures (as defined in Exchange Act Rules 13a-14 and 15d-14) for Registrant and have: a. designed such disclosure controls and procedures to ensure that material information relating to Registrant, including its consolidated subsidiaries, is made known to us by others within those entities, particularly during the period in which this annual report is being prepared; b. evaluated the effectiveness of Registrant's disclosure controls and procedures as of a date within 90 days prior to the filing date of this annual report (the "Evaluation Date"); and c. presented in this annual report our conclusions about the effectiveness of the disclosure controls and procedures based on our evaluation as of the Evaluation Date; 5. Registrant's other certifying officers and I have disclosed, based on our most recent evaluation, to Registrant's auditors and the audit committee of Registrant's board of directors (or persons performing the equivalent functions): a. all significant deficiencies in the design or operation of internal controls which could adversely affect Registrant's ability to record, process, summarize and report financial data and have identified for Registrant's auditors any material weaknesses in internal controls; and b. any fraud, whether or not material, that involves management or other employees who have a significant role in Registrant's internal controls; and 6. Registrant's other certifying officers and I have indicated in this annual report whether there were significant changes in internal controls or in other factors that could significantly affect internal controls subsequent to the date of our most recent evaluation, including any corrective actions with regard to significant deficiencies and material weaknesses. /s/ THOMAS E. NOONAN -------------------------------------- Thomas E. Noonan Chief Executive Officer and President March 28, 2003 63 CERTIFICATION OF CHIEF FINANCIAL OFFICER I, Richard Macchia, Vice President and Chief Financial Officer of Internet Security Systems, Inc., certify that: 1. I have reviewed this annual report on Form 10-K of Internet Security Systems, Inc. ("Registrant"); 2. Based on my knowledge, this annual report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statements made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this annual report; 3. Based on my knowledge, the financial statements, and other financial information included in this annual report, fairly present in all material respects the financial condition, results of operations and cash flows of Registrant as of, and for, the periods presented in this annual report; 4. Registrant's other certifying officers and I are responsible for establishing and maintaining disclosure controls and procedures (as defined in Exchange Act Rules 13a-14 and 15d-14) for Registrant and have: a. designed such disclosure controls and procedures to ensure that material information relating to Registrant, including its consolidated subsidiaries, is made known to us by others within those entities, particularly during the period in which this annual report is being prepared; b. evaluated the effectiveness of Registrant's disclosure controls and procedures as of a date within 90 days prior to the filing date of this annual report (the "Evaluation Date"); and c. presented in this annual report our conclusions about the effectiveness of the disclosure controls and procedures based on our evaluation as of the Evaluation Date; 5. Registrant's other certifying officers and I have disclosed, based on our most recent evaluation, to Registrant's auditors and the audit committee of Registrant's board of directors (or persons performing the equivalent functions): a. all significant deficiencies in the design or operation of internal controls which could adversely affect Registrant's ability to record, process, summarize and report financial data and have identified for Registrant's auditors any material weaknesses in internal controls; and b. any fraud, whether or not material, that involves management or other employees who have a significant role in Registrant's internal controls; and 6. Registrant's other certifying officers and I have indicated in this annual report whether there were significant changes in internal controls or in other factors that could significantly affect internal controls subsequent to the date of our most recent evaluation, including any corrective actions with regard to significant deficiencies and material weaknesses. /s/ RICHARD MACCHIA -------------------------------------- Richard Macchia Vice President and Chief Financial Officer March 28, 2003 64