10-K 1 g87654e10vk.txt INTERNET SECURITY SYSTEMS, INC. -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- UNITED STATES SECURITIES AND EXCHANGE COMMISSION WASHINGTON, D.C. 20549 --------------------- FORM 10-K (MARK ONE) [X] ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 FOR THE FISCAL YEAR ENDED DECEMBER 31, 2003 OR [ ] TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 FOR THE TRANSITION PERIOD FROM ____________ TO ____________
Commission file number 0-23655 INTERNET SECURITY SYSTEMS, INC. (Exact name of Registrant as Specified in Its Charter) DELAWARE 58-2362189 (State or other jurisdiction of (I.R.S. Employer Identification No.) incorporation or organization) 6303 BARFIELD ROAD 30328 ATLANTA, GEORGIA (Zip code) (Address of principal executive offices)
Registrant's telephone number, including area code: (404) 236-2600 Securities registered pursuant to Section 12(b) of the Act: None Securities registered pursuant to Section 12(g) of the Act: COMMON STOCK, $0.001 PAR VALUE PREFERRED STOCK PURCHASE RIGHTS (Title of Class) Indicate by check mark whether the Registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the Registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes [X] No [ ] Indicate by check mark if disclosure of delinquent filers pursuant to Item 405 of Regulation S-K is not contained herein, and will not be contained, to the best of Registrant's knowledge, in definitive proxy or information statements incorporated by reference in Part III of this Form 10-K or any amendment to this Form 10-K. [X] Indicate by check mark whether the registrant is an accelerated filer (as defined in Exchange Act Rule 12b-2). Yes [X] No [ ] The aggregate market value of the voting stock held by non-affiliates of the Registrant, based upon the closing sale price of Common Stock on June 30, 2003 as reported on the Nasdaq National Market, was approximately $454 million (affiliates being, for these purposes only, directors, executive officers and holders of more than 5% of the Registrant's Common Stock). As of February 27, 2004, the Registrant had 50,199,839 outstanding shares of Common Stock. DOCUMENTS INCORPORATED BY REFERENCE Portions of the Proxy Statement for the Registrant's Annual Meeting of Stockholders to be held on May 24, 2004 are incorporated by reference into Part III of this Form 10-K. -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- In this Form 10-K, the words "Internet Security Systems," "ISS," "the Company," "we," "our," "ours," and "us" refer to Internet Security Systems, Inc., and its subsidiaries. This Annual Report on Form 10-K contains forward-looking statements. Forward-looking statements can be identified by the use of words such as "may," "will," "should," "could," "continue," "future," "potential," "believe," "project," "plan," "intend," "seek," "estimate," "predict", "expect", "anticipate" and similar expressions, or the negative of such terms, or other comparable terminology. Forward-looking statements also include the assumptions underlying or relating to any of the foregoing statements. Our actual results could differ materially from those anticipated in these forward-looking statements as a result of various factors, including those set forth below under the caption "Risk Factors" and those otherwise described from time to time in our Securities and Exchange Commission reports filed after this Form 10-K. All forward-looking statements included in this Form 10-K are based on information available to ISS on the date hereof. We assume no obligation (except where required by law) to update any forward-looking statements for any events or circumstances occurring after the date of this Form 10-K. Internet Security Systems, Network ICE, Proventia, System Scanner, Wireless Scanner, SiteProtector, SecurePartner and X-Press Update are trademarks and service marks, BlackICE is a licensed trademark and the Internet Security Systems logo, X-Force, RealSecure, Internet Scanner, and Database Scanner are registered trademarks and service marks, of Internet Security Systems, Inc. or its wholly-owned subsidiaries. Each trademark, trade name or service mark of any other company appearing herein belongs to its holder. PART I ITEM 1. BUSINESS INTRODUCTION OVERVIEW Internet Security Systems, Inc. is an established world leader in network and information security providing products and services that help to protect businesses from network and system risks. We offer a proactive line of security solutions that provide protection against a variety of ever-changing threats for gateways, networks, servers and desktops, and includes security software and appliances, managed security services, consulting and training services and online security research, advisory and other knowledge services. This comprehensive line of products and services are designed specifically for the enterprise, service providers, risk management, small business and consumer markets. Our threat protection solutions go beyond basic access control to deliver multiple layers of defense that detect, prevent and respond to threats before those threats cause damage to our customers' business operations. Our products are designed to meet the need for comprehensive, cost-effective detection, prevention and response arising from attacks, misuse and security policy violations while promoting the confidentiality, privacy, integrity and availability of proprietary information. Our family of products is a critical element of an active Internet and networking security program within today's world of global connectivity, enabling organizations to proactively monitor, detect and respond to risks to enterprise information. Our managed services offerings focus primarily on remote management of our best-of-breed security technology including security assessment and intrusion protection systems. We focus on serving as the trusted security provider to our customers by maintaining within our products the latest counter-measures to security risks, creating new innovative products, and providing professional and managed services. ISS was founded in 1994 and is headquartered in Atlanta, Georgia. The mailing address for our headquarters is 6303 Barfield Road, Atlanta, Georgia, 30328, and our telephone number at that location is (404) 236-2600. Our website can be found at www.iss.net. We make available free of charge through our website our Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q, and Current Reports on Form 8-K, and amendments to those reports, as soon as reasonably practicable after we file them electronically with, or furnish them to, the Securities and Exchange Commission. Our Corporate Governance Guidelines and Code of Conduct are also available on our website and are available in print to any stockholder 1 who mails a request to our headquarters, attention to the Corporate Secretary. Our website also contains other corporate governance-related documents that may be found of interest to stockholders. The information on our website is not incorporated by reference in this Form 10-K. INDUSTRY BACKGROUND Online security is of growing importance to today's businesses, as organizations of all sizes and markets become increasingly reliant on Internet-based technology to conduct day-to-day operations. Businesses adopt these Internet-based technologies to streamline operations and create new business opportunities. To capitalize on the benefits of the Internet, businesses must open their networks to business partners, customers and their mobile workforce, significantly increasing the value and vulnerability of their online assets. The more that organizations and consumers depend on networks to conduct business, the greater the risk of business interruption, negative publicity, theft of proprietary or private information, liability for damages to others, and other costly business losses. The gateways, networks, servers and desktops that make online commerce work are inherently vulnerable to online threats. A threat is any tool or technique that can be used to damage the data stored on a network, server or desktop, or to compromise those resources for unauthorized use. The tools used to attack online resources and the sophistication of these threats continues to increase. At the same time, the technological sophistication needed to launch an attack continues to decrease. MARKETS We provide products and services to a variety of customers. We view our primary customer markets as enterprise, service provider and risk management customers. We also have products for consumers and small offices. Our primary markets are addressed through our direct sales efforts and through various partners, including system integrators, value-added resellers and distributors. ENTERPRISE Enterprise market customers generally have annual revenues exceeding $100 million. Our enterprise software, appliances and services solutions provide proactive protection against online business interruption and loss, all designed to operate with minimal administration or interference with normal network operations. These comprehensive protection offerings merge gateway, network, server and desktop protection into an integrated threat management environment. This combination of software, appliances and services enables centralized management across multiple locations and network segments, including wireless networks, branch offices and mobile workers. Most importantly, our proactive approach keeps staff informed about newly discovered security issues, ensuring that the protection solution can be updated to account for newly evolved threats. SERVICE PROVIDER We provide best-of-breed technology and a proven track record in network security management for service providers looking to establish online security as part of a broad-based, Internet-oriented business solution. We partner with service providers that want to resell managed security services and are seeking a well-known, credible and stable partner in the security industry, an established ability to bring partners to market, and a comprehensive services portfolio. Our advanced security management software solutions, extensive experience protecting customer networks and industry leading ability to collect and analyze threat trends from around the world in our Global Threat Operations Center (GTOC) allow us to partner with organizations looking to bundle a security management component within a broader set of business services. 2 PRODUCTS AND SERVICES ENTERPRISE PROTECTION Enterprise solutions include Proventia(TM) multi-function protection products, RealSecure(R) software and Managed Services. Our products and services protect the entire infrastructure, from the perimeter to the core. Our centrally managed family of Proventia protection products ranges from detection up to completely unified and proactive multi-function appliances, combining firewall, intrusion prevention and anti-virus technologies. The Proventia multi-function protection family streamlines and simplifies security by unifying security technologies on a single engine. In 2003, we continued to market our REALSECURE PROTECTION PLATFORM, a unique software offering that encompasses vulnerability assessment and threat detection, prevention and response across networks, servers and desktops, all coordinated through the SITEPROTECTOR(TM) centralized management platform. In addition, our Managed Services extends this protection strategy through managed security offerings and expert 24/7 monitoring, support and response management for situations where additional flexibility and support are required. Extensive professional services and emergency response services provide an appropriate, effective security solution, regardless of business environment. Key components of our enterprise protection products include: GATEWAY PROTECTION -- Unifies critical security technologies, including firewall, virtual private network (VPN), anti-virus and intrusion prevention, within a single appliance and management system to protect against known and unknown threats, worms and viruses. Proventia M Series Multi-Function Appliances -- Provide complete protection at the gateway and network level in a single all-in-one appliance without jeopardizing network bandwidth or availability. NETWORK PROTECTION -- Utilizes industry-leading intrusion detection and prevention technologies to protect corporate networks from attack and misuse. Proventia G Series Intrusion Prevention Appliances -- Proactively block malicious attacks from entering the network, including denial of service, backdoors and hybrid threats. Attacks are blocked in real-time, minimizing the need for active administrator involvement in most security events. Proventia A Series Intrusion Detection Appliances -- Deliver our market-leading RealSecure network intrusion detection, forensics, and response technology in an easy-to-use, cost effective, rapidly deployed appliance format. RealSecure Network 10/100 Software -- Provides intelligent, automated integration of threat assessment, intrusion detection, and data analysis within a self-contained, centrally managed application. RealSecure Network Gigabit Software -- Provides intelligent, automated integration of threat assessment, intrusion detection, and data analysis within a self-contained, centrally managed application for line operations at gigabit speeds. SERVER PROTECTION -- Defends servers and applications against unauthorized access and a broad array of threats by combining intrusion prevention with firewall capabilities. RealSecure Server Software -- Provides automated, real-time intrusion protection by analyzing events, host logs, and inbound and outbound network activity on critical enterprise servers to block malicious activity from damaging critical assets. DESKTOP PROTECTION -- Protects fixed, remote and mobile desktops against unauthorized access and a broad array of threats by combining intrusion prevention, firewall capabilities, application protection and VPN compatibility. RealSecure Desktop Software -- Provides real-time protection against malicious activity by analyzing application, network and VPN behavior on desktops. 3 SITEPROTECTOR MANAGEMENT CONSOLE -- Scalable, centralized management and reporting for enterprise deployments of Internet Security Systems' protection products. Significantly reduces demand on staff and other operational resources. SITEPROTECTOR SECURITYFUSION(TM) MODULE -- Uses advanced data correlation and analysis to rapidly and automatically derive the likelihood of a successful attack from aggregated vulnerability assessment information. SITEPROTECTOR THIRD PARTY MODULE -- Interfaces with market-leading firewalls such as CheckPoint and Cisco PIX to automate the collection of audit and intrusion detection events into SiteProtector's central management system for advanced analysis. VULNERABILITY ASSESSMENT SOFTWARE In addition to our gateway, network, server, and desktop protection products, we also offer security assessment and policy compliance solutions for proactive measurement of online risk. These offerings include: INTERNET SCANNER(R) SOFTWARE -- Provides comprehensive network vulnerability assessment for measuring online risk. SYSTEM SCANNER(TM) SOFTWARE -- Ensures policy compliance and detects vulnerabilities that leave servers open to compromise. DATABASE SCANNER(R) SOFTWARE -- Assesses online business risks by identifying security exposures in leading database applications. WIRELESS SCANNER(TM) SOFTWARE -- Provides automated detection and security analyses of mobile networks utilizing 802.11b WLAN (Wi-Fi) access points and clients. CONSUMER AND SMALL OFFICE SOFTWARE We offer powerful, affordable firewall and intrusion detection protection software solutions providing fast, accurate protection for the consumer and small office product market. Our products include: BLACKICE(TM) PC PROTECTION SOFTWARE -- Provides comprehensive personal firewall and intrusion protection for individual PCs. BLACKICE SERVER PROTECTION SOFTWARE -- Provides comprehensive firewall and intrusion protection capabilities for individual servers. X-FORCE(R) SERVICES The X-Force organization, our industry leading group of security experts dedicated to proactive counter intelligence and public education, delivers timely, accurate information for anyone interested in protecting online assets against attack or misuse. This proactive approach suffuses all our offerings, from research and development to products and services, including publicly available information and product support. Our X-Force organization provides information on threats through three complementary online publications: - Security Advisories contain new vulnerability research developed by the X-Force itself, as well as solutions to manage or resolve the threat. - Security Alerts are timely compilations of threat information, both from us and from other external resources. - Security Alert Summaries are weekly publications containing short descriptions of security issues identified and researched during the past week. Each issue in the Alert Summary is linked to detailed information in the online X-Force Database. 4 The X-Force organization begins this process through our Global Threat Operations Center. This specialized threat intelligence facility collects security trend information from five state-of-the-art Security Operations Centers operating on three continents to analyze the nature and severity of any threat in real-time. The X-Force then proactively helps deliver our solutions to market via alerts, advisories, product updates, professional services, emergency response services and 24/7 remotely managed security services. In addition, we provide the fee-based X-Force Threat Analysis Service for customers needing immediate, comprehensive notification of the breaking security events. X-Force threat intelligence consists of global and local primary source overviews of evolving threats. This information may be sorted by specific geography, business sector, operating system or attack technique, allowing anyone interested in information protection to evaluate global threat conditions as part of their own security operations. All our service offerings use X-Force threat intelligence as a differentiator, whether as part of a professional services consulting engagement, managed security services, X-Force Education Services or customer support. In addition, X-Force research and development quickly and easily integrates into our software solutions via self-installing X-Press Update(TM) product enhancements. MANAGED SECURITY SERVICES ISS Managed Security Services offer online protection for organizations lacking the time, expertise or appropriate internal resources to secure critical information resources. Our services include: MONITORED AND MANAGED IDS SERVICE -- Unobtrusively monitors client servers and network traffic for potential threats, and responds to attacks or misuse that can damage online information resources. MONITORED AND MANAGED FIREWALL SERVICE -- Flexible, remotely managed firewall service that delivers cost-effective protection that reduces customer staff requirements. Optional features include High Availability capabilities, Monitored Firewall, Client VPN enablement and Site-to-Site VPN. VULNERABILITY MANAGEMENT SERVICE -- Provides real time vulnerability information by examining servers, firewalls, switches and more. Provides comprehensive on-demand security audits that identify, analyze and report on network security vulnerabilities. PROFESSIONAL SECURITY SERVICES Our professional security services combine our advanced technology and experienced security experts to help organizations plan and implement sound security management solutions. Our standards-based methodology covers the complete security management lifecycle, including assessment, design, deployment, management and support, as described below. ASSESSMENT Penetration Test -- Network simulation attack in a controlled environment, resulting in a clear snapshot of an organization's security condition, specific exploitable vulnerabilities and risks as seen from a designated remote Internet location. Information Security Assessment -- Comprehensive evaluation of an organization's information security policies, procedures, controls and mechanisms, as well as its networks, servers, desktops and databases in relation to the globally recognized ISO 17799 standard, which is a comprehensive set of controls comprising best practices in information security established by the International Standards Organization. Security Certification -- Comprehensive and rigorous internal and external evaluation of an organization's information security policies, procedures, controls and mechanisms, as well as networks, servers, desktops and databases, comparing current security standing to the globally recognized ISO 17799 standards. This service includes a two-day interactive, strategic project-planning workshop that results in an actionable plan to achieve and maintain on-going security goals. We provide our clients with a certification of best security practices upon implementation of our recommendations. 5 ISO 17799 and Regulatory Compliance Gap Analysis -- Analysis and documentation of tactical recommendations based upon the globally recognized ISO 17799 standard and regulatory requirements. Wireless Network Assessment -- Security assessment of wireless network environments including both assessment and penetration testing. Application Security Assessment -- Review and evaluation of application security from the client and server perspectives. DESIGN Policy Development -- Rapid development of security policies that map to an organization's business objectives, regulatory issues and industry best practices. Standards & Procedures Development -- Development of written procedures to ensure the repeated correct installation and configuration of operating systems, applications and databases which are essential in reducing risks to the network environment and computing infrastructure. Security Strategy Workshop -- Strategic planning engagement in which we assist customers to develop a specific security strategy based upon best practices, and the customer's specific requirements. Implementation Planning -- Our security specialists work with client staff to determine and plan the most effective and strategic locations in which to install ISS solutions, how to best implement them with minimal impact on current network operations, and how to plan for the ongoing management and maintenance of the security solution. Network Architecture Design -- Assists organizations in designing a secure customized network architecture designed to meet organizational goals now and in the future. Vulnerability Remediation -- A prioritized roadmap that helps clients understand the remediation efforts needed, timeframes and expertise required to quickly remediate the most serious problems and put a long-term security program into place. Vertical & Regulatory Markets Strategy Design -- Provides an organization with a thorough understanding of the impact of regulatory issues on it and develops a plan to achieve regulatory compliance. Security Awareness Program Development -- A short duration, high value engagement that quickly increases employees' security consciousness and helps other security initiatives move forward effectively. DEPLOYMENT Deployment Consulting -- Installation, configuration and tuning for ISS's vulnerability assessment, intrusion detection and enterprise security management solutions. Migration -- Consulting, installation, configuration and tuning services for migrating to new ISS vulnerability assessment, intrusion detection and enterprise security management solutions. MANAGEMENT Emergency Response Services -- Our professional services staff combines leading security research with real-world incident response experience to help organizations prepare for, and respond immediately to, information security breaches. X-Force Threat Analysis Service -- Internet Security Systems' X-Force Threat Analysis Service enables proactive security management through comprehensive evaluation of global online threat conditions and detailed analyses tailored for specific customer needs. The X-Force Threat Analysis Service is a blend of threat information collected from our international network of Security Operations Centers and trusted security intelligence from the X-Force research and development organization. This constantly monitors and advises regarding the nature and severity of external Internet threats. Daily 6 summaries provide current and forecast assessments for active vulnerabilities, viruses/worms and threats, including links to recommended fixes and security advice. SUPPORT ISS Technical Support provides ongoing product support services under license agreements. We believe that providing a high level of customer service and technical support is necessary to achieve rapid product implementation, which, in turn, is essential to customer satisfaction and continued license sales and revenue growth. Accordingly, we are committed to recruiting and maintaining a high-quality technical support team. A team of dedicated certified engineers trained to answer questions on the usage of our products provides telephone and email support worldwide, 24 hours a day, seven days a week (including holidays), from our corporate office in Atlanta. Customers in Asia can also contact ISS Technical Support in the Philippines or Tokyo during local business hours. The ISS Technical Support Team located in Mountain View, California provides email support to our consumer customer base. In the United States and internationally, our resellers and distributors provide telephone support to their customers with additional technical assistance from us. For our managed services security solutions, customer support is available for several offerings up to 24 hours a day, seven days a week. Technical support is offered via phone, email or secure Web form and includes access to an online knowledge base as well as direct contact with qualified support personnel. X-FORCE EDUCATION SERVICES Internet Security Systems' X-Force Education Services division provides hands-on, real-world security management courses that empower the IT staff of our clients to take control of their information security. Our courses are based on ISS' best-of-breed security protection solutions, critical security topics and real-world experience, preparing our customers for the security tasks that they will face. Our experienced instructors offer educational programs for security professionals worldwide. By developing and maintaining internal staff knowledge, organizations can maximize the return on their security investments. Classes are delivered at our Atlanta corporate training center, regional offices around the world, authorized training centers, and client sites. GEOGRAPHIC SEGMENTS We provide our network security management solutions in three geographic areas: the Americas (United States, Canada, Latin America and South America), EMEA (Europe, Middle East and Africa) and Asia/Pacific. These geographic areas represent our three reportable segments. The accounting policies of the reportable geographic segments are the same as described under the caption "Critical Accounting Policies" in "Management's Discussion and Analysis of Financial Condition and Results of Operations" and in our consolidated financial statements, and are applied consistently across the segments. Revenues, as a percentage of total revenues, for each segment are as follows:
2001 2002 2003 ---- ---- ---- Americas.................................................... 71% 72% 69% EMEA........................................................ 15 15 19 Asia/Pacific................................................ 14 13 12
PRODUCT DEVELOPMENT We employ a three-pronged product development strategy to achieve our goal of providing comprehensive security coverage for monitoring, detection and response. First, we provide regular security updates to our products that are based on our X-Force vulnerability and threat database. These updates are usually provided as part of separate maintenance agreements sold with the product license. 7 Second, we continue to develop new best-of-breed security products to protect gateways, networks, servers and desktops. Historically, existing products are updated to add new features and improve functionality. These enhancements are available to customers through our software maintenance program. Third, to complement our network, server and desktop products and provide more comprehensive network security coverage, we continue to develop additional enterprise-level security management features that are included in our SiteProtector management console. SiteProtector is intended to help customers protect their networks, servers and desktops by continuously measuring and analyzing the status of their security- in real time and across the enterprise-and is designed to operate with our network, server and desktop products. We develop our products to operate in heterogeneous computing environments. Products are compatible with other vendors' products across a broad range of platforms, including HP-UX, IBM AIX, Linux, Sun Solaris and Microsoft Windows. Starting in the second quarter of 2003, we began to aggressively transition our product development efforts from primarily software-based products towards hardware-based products that deliver integrated network protection solutions on ISS-branded Linux-based servers. These integrated appliances improve protection and flexibility for customers, and reduce costs through simple procurement, deployment and management. Our network products are also offered for specific hardware vendor platforms, including appliances from Nokia, Crossbeam and ISS branded appliances through various partners. We have incorporated a modular design in our software products to permit plug-and-play capabilities, although customers often use our professional services or our strategic partners to install and configure products for use in larger or more complex network systems. Research and development expenses were $35.4 million, $35.3 million, and $41.8 million in 2001, 2002 and 2003, respectively. All product development activities are conducted at either our principal offices in Atlanta or at our research and development facilities in Mountain View, California. Late in 2003, we closed our research and development facilities in Reading, England and Sydney, Australia, consolidating affected projects into our Atlanta operations. As of December 31, 2003, 275 personnel were employed in product development teams. Our personnel include members of the Computer Security Institute, Forum for Incident Response and Security Technicians (FIRST), Georgia Tech Industrial Partners Association, Georgia Tech Information Security Center and the International Computer Security Association (ICSA), enabling us to actively participate in the development of industry standards in the emerging market for network and Internet security systems and products. PRICING We use a range of fee structures to license our products, depending on the type of product and the intended use. We license our vulnerability assessment products, Internet Scanner, System Scanner, Wireless Scanner and Database Scanner based on the number of devices being assessed. The pricing provides low entry points for departmental users without limiting our revenue potential from customers with large networks. Pricing for our threat detection and response products, including the RealSecure line of software agents, is based on the number of copies deployed on the network. Thus, licensing fees for our products are ultimately determined by the size of the customer's network, as size dictates the number of devices to be assessed or the number of copies to be deployed. Management software is sold on a capacity basis. The license fee for the management software is determined by the size of the sensor/detector and scanner purchase. This capacity-based pricing structure provides customers with the ability to license as much management as they require. In addition to license fees, customers purchase maintenance agreements in conjunction with their initial purchase of a software license, with annual maintenance fees typically equal to 20% of the product's license fee. Maintenance agreements include annually renewable telephone support, product updates, access to our X-Force Security Alerts and error corrections. Our continuing research into new security risks and resulting product updates provide significant ongoing value. We provide customers with a regular stream of security updates, known as X-Press Updates, as part of this maintenance agreement. X-Press Updates serve to keep our products up to date with the latest vulnerabilities and threats that are present in Internet environments. As a result, a substantial majority of our customers renew their maintenance agreements. We have historically 8 sold fully paid perpetual licenses with a renewable annual maintenance agreement and have licensed our products on a subscription basis, including maintenance, for one or two year periods. We are currently evaluating other alternatives for customers desiring longer-term arrangements or multi-year commitments. Customers who use our products to provide information technology assessment services are offered subscription license agreements, typically with a one-year term. Our Proventia multi-function appliances offer more optional components for the customer, all tightly integrated and managed from a single easy-to-use web-based console application. After buying the appliance and maintenance, the customer can choose optional content subscriptions for intrusion prevention and anti-virus. Annual subscription prices vary by the number of users protected by the appliances. The customer can also choose to purchase optional add-on functionality such as the Virtual Private Networking module. Fees for our Proventia product line are comprised of three components: 1) a platform fee which includes the hardware and a license to the underlying software; 2) software and hardware maintenance, which includes technical support and repair; and, 3) content subscriptions which provide security updates. A variety of appliance models are offered to fit different customer environments. Monitoring fees for managed security services are determined by the complexity of the monitoring arrangement and by the number of devices being monitored. The pricing is scalable, allowing for customers to start with basic security monitoring services and expand as the business grows. Contracts are for a minimum one-year term and are typically billed monthly as services are performed. Our professional services fees are calculated either on a fixed-fee basis or an hourly rate per consultant based on the scope of the engagement, market sector and geographical territory. Educational services are calculated on a per-class basis. CUSTOMERS As of December 31, 2003, we had more than 11,000 business customers and maintained operations in 22 countries. No customer accounted for more than 10% of our consolidated revenues in 2001, 2002 or 2003. Target customers include both public and private sector organizations, as well as consumers, that use Internet protocol enabled information systems. Business customers represent a broad spectrum of organizations within diverse sectors, including financial services, technology, telecommunications, and government and information technology services. SALES AND MARKETING Sales Organization Our sales organization is divided regionally among the Americas, EMEA and the Asia/Pacific regions. In the Americas, we market our products through a combination of our direct sales organization and through various partners, including system integrators, value-added resellers and distributors. The direct sales organization for the Americas consists of regionally based sales representatives and sales engineers, and a telesales organization located in Atlanta. We maintain a number of domestic sales offices in various cities throughout the United States and in Canada, Mexico and Brazil. As of December 31, 2003, we employed approximately 177 people in the Americas sales organization. The regionally based direct sales representatives focus on opportunities with large organizations, and frequently these opportunities are worked in concert with one or more partners. Included as part of the sales organization is a channel management group that drives incremental revenue through selected channel partners and acts as the liaison between the direct sales representatives and the channel partners. In the EMEA and Asia/Pacific regions, most of our sales occur through authorized resellers. Internationally we have established regional sales offices in several countries in Europe as well as in Egypt, Japan, Australia and Singapore. Personnel in these offices are responsible for market development, including managing our relationships with resellers, assisting them in winning and supporting key customer accounts, acting as a liaison between the end user and our marketing and product development organizations and providing consulting and training services. As of December 31, 2003, approximately 324 employees were 9 located in our EMEA and Asia/Pacific regional offices. We expect to continue to expand our field organization into additional countries in these regions. SecurePartner(TM) Program Channel Sales A key element of our marketing strategy is to establish our products, services and information security methodologies as the leading approach for information protection and security management for the enterprise, service provider and risk management markets. We have implemented a multi-faceted program to leverage the use of corporate, product and service brands to increase acceptance of our offerings through relationships with various distribution and reseller channel partners. We typically enter into written agreements with resellers, distributors, managed service providers, internet service providers, large global consulting firms and OEMs. These agreements generally do not provide for firm dollar commitments from the parties, but are intended to establish the basis upon which the parties will work together to achieve mutually beneficial objectives. Distributors To accommodate the large number of smaller resellers, a two-tier distribution model has been established to ensure appropriate access to ISS products and support. We provide direct, focused support to these distributors, who in turn, support an extensive community of smaller resellers and consultancies as well as provide products to our resellers. Resellers We maintain the resources to train and support security consultants, systems integrators and product and service resellers who match our offerings with their own complementary products and services. By reselling our solutions, our resellers provide additional value for specific market and industry segments, while maintaining our ongoing commitment to quality products and customer satisfaction. There are three different levels of reseller opportunities: - Premier Partners. Premier Partners are typically security consultants, value-added resellers (VARs) and systems integrators with focused security practices. Many Premier Partners are experienced in the sales and implementation of leading protection, authentication and encryption technologies. Premier Partners must achieve the highest level of resales to attain and maintain Premier Partner status. These partners leverage their expertise with our vulnerability assessment and enterprise protection products. Premier Partners receive direct distribution of our products, sales and technical training, access to market development funds, monthly regular SecurePartner email newsletters, other partner-only communications, access to the ISS Partner Resource Center Web site and a listing on our Partner Web pages. - Authorized Partners. Authorized Partners generally consist of organizations that provide security focused consulting and/or integration services. Authorized Partners are also required to maintain a specified level of resale, although at a more modest level than Premier Partners. Authorized Partners typically purchase ISS products and services though our distributors but can take advantage of a select number of the benefits that Premier Partners enjoy. - Corporate Resellers. Although we have numerous reseller partners, certain of these relationships generate unique and significant leverage for us in targeted markets. Our corporate resellers provide broad awareness of our brands through enhanced marketing activity, access to large sales forces and access to larger, more strategic customer opportunities. Alliance Partners We work closely with leading global organizations to expand the breadth and depth of their offerings to include product and service solutions from ISS. These partners include managed service providers, internet service providers consulting organizations, and OEMs. Most of these providers integrate and manage one or 10 more our products as part of a larger service offering, or resell our Managed Security Services as an extension of its core offerings. Original Equipment Manufacturers Agreements with OEMs enable them to incorporate our products into their own product offerings to enhance their security features and functionality. We receive royalties or other consideration from OEM vendors and increased acceptance of our products under these arrangements, which, in turn, are intended to promote sales of our other products to the OEM's customers. Marketing Programs We conduct a number of marketing programs to support the sale and distribution of our products and services. These programs are designed to inform existing and potential end-user customers and resellers about the capabilities and benefits of our products and services. Marketing activities include: Public relations, industry analyst relations and education; publication of technical and educational articles in both print and online media, through our white papers, and through our own print and online newsletters and/or magazines; direct mail and email; participation in industry tradeshows; product/technology conferences, seminars, and web casts; competitive analysis; sales training; advertising and development and distribution of marketing literature; and maintenance of our Web site. COMPETITION The market for network security monitoring, detection, prevention and response solutions is intensely competitive, and we expect competition to increase in the future. We believe that the principal competitive factors affecting the market for information security include security effectiveness, manageability, technical features, performance, ease of use, price, scope of product offerings, professional services capabilities, distribution relationships and customer service and support. Although we believe that our solutions generally compete favorably with respect to such factors, we cannot guarantee that we will compete successfully against current or potential competitors, especially those with significantly greater financial resources or brand name recognition. INTELLECTUAL PROPERTY We rely primarily on copyright, trademark, patent and trade secret laws, confidentiality procedures and contractual provisions to protect our intellectual property and other proprietary rights. We have obtained one United States patent, one Taiwanese patent and have a number of patent applications pending in the United States and certain foreign jurisdictions. We believe that the technological and creative skills of our personnel, new product developments, frequent product enhancements, our name recognition, our professional services capabilities and delivery of reliable product maintenance are essential to establishing and maintaining a technology leadership position. We cannot assure you that our competitors will not develop technologies that are similar to ours. We generally license our software products to end users in object code (machine-readable) format. Some of our customers have required us to maintain a source-code escrow account with a third-party software escrow agent, and a failure by us to perform our obligations under any of the related license and maintenance agreements, or our insolvency, could result in the release of our product source code to such customers. The standard form license agreement for our software products allows the end user to use our products solely on the end user's computer equipment for the end user's internal purposes, and the end user is generally prohibited from sublicensing or transferring the products. Despite our efforts to protect our intellectual property, unauthorized parties may attempt to copy aspects of our products or to obtain and use information that we regard as proprietary. Policing unauthorized use of our products is difficult. While we cannot determine the extent to which piracy of our software products occurs, we expect software piracy to be a persistent problem. In addition, the laws of some foreign countries do not protect our proprietary rights to as great an extent as do the laws of the United States and many foreign countries do not enforce these laws as diligently as U.S. government agencies and private parties. See "Management's Discussion and Analysis of Financial Condition and Results of Operations -- Risk Factors." 11 EMPLOYEES As of December 31, 2003, we had 1,148 employees, of whom 275 were engaged in product research and development, 320 were engaged in sales and marketing, 266 were engaged in customer service and support, 98 were engaged in professional services, and 189 were engaged in administrative functions. We believe that we have good relations with our employees. ITEM 2. PROPERTIES We currently lease three buildings totaling approximately 302,000 square feet in Atlanta, Georgia for our headquarters and research and development facility. The lease on these three buildings expires in May 2013. We lease additional office space in Chicago, Illinois; Mountain View, California; Southfield, Michigan; New York, New York; Paramus, New Jersey and Washington, D.C., as well as small executive suites in a number of United States cities. In addition, we lease office space in Sao Paulo and Rio, Brazil; Brussels, Belgium; London, England; Paris, France; Stuttgart, Germany; Stockholm, Sweden; Milan, Rome and Padova, Italy; Madrid, Spain; Zurich, Switzerland; Amsterdam, Netherlands; Warsaw, Poland; Cairo, Egypt; Manila, Philippines; Seoul, Korea; Brisbane, Australia; Singapore; Osaka and Tokyo, Japan. We believe that our existing facilities are adequate for our current needs and that additional space will be available as needed. ITEM 3. LEGAL PROCEEDINGS The Company and certain of its officers and directors were named as defendants in a consolidated amended complaint that was filed in the United States District Court for the Northern District of Georgia on October 9, 2002. The lawsuit purports to be brought on behalf of a class of investors who purchased the Company's stock during the period from April 5, 2001 through August 14, 2001 (the "Class Period"). The lawsuit alleges violations of the federal securities laws, including Sections 10(b) and 20(a) of the Securities Exchange Act of 1934, as amended, and Rule 10b-5 thereunder. The complaint generally alleges that the Company and the individual defendants violated the anti-fraud provisions of the federal securities laws and caused the Company's stock to trade at artificially high prices by making misrepresentations relating to the Company's financial condition and prospects during the Class Period. The complaint seeks damages in an unspecified amount. On September 3, 2003, the court dismissed the consolidated amended complaint. The plaintiffs have moved the court to reconsider its dismissal order and to grant them leave to amend their complaint. The Company and the individual defendants have opposed those motions. The court has not yet ruled. The Company believes that the court's order dismissing the action was appropriate and further that the Company has meritorious defenses and intends to continue defending the action vigorously. ITEM 4. SUBMISSION OF MATTERS TO A VOTE OF SECURITY HOLDERS No matter was submitted to a vote of our stockholders during the fourth quarter of 2003. 12 PART II ITEM 5. MARKET FOR REGISTRANT'S COMMON EQUITY AND RELATED STOCKHOLDER MATTERS Our Common Stock is quoted on the NASDAQ National Market under the symbol "ISSX". The following table lists the high and low per share sales prices for the Common Stock as reported by the NASDAQ National Market for the periods indicated:
2003: HIGH LOW ----- ------ ------ First Quarter............................................... $24.20 $ 9.89 Second Quarter.............................................. 17.23 9.85 Third Quarter............................................... 15.69 10.84 Fourth Quarter.............................................. 19.07 12.41
2002: HIGH LOW ----- ------ ------ First Quarter............................................... $41.49 $21.75 Second Quarter.............................................. 25.57 10.26 Third Quarter............................................... 18.58 11.20 Fourth Quarter.............................................. 26.77 11.64
As of February 27, 2004, there were 50,199,839 shares of our Common Stock outstanding held by 255 stockholders of record. We have never declared nor paid cash dividends on our capital stock. We intend to retain any earnings for use in our business and do not anticipate paying any cash dividends in the foreseeable future. Our Board of Directors will determine future dividends, if any. On October 29, 2003, ISS announced a voluntary option exchange program intended to reduce the number of outstanding options. Stock options with exercise prices exceeding $30 per share were eligible. Our directors and five most senior executive officers, including the chief executive officer, are not eligible to participate in the program. Approximately 783,000 of the 1,343,000 eligible option shares with exercise prices between $30 and $83 per share have elected to participate in the program. New options will be issued at the rate of 2.5 old option shares for each new option share. The exercise price per share for new options will be priced at the Nasdaq National Market closing price six months and a day after the cancellation of old options, which is currently expected to be May 27, 2004. This transaction is exempt from registration under Section 3(a)(9) of the Securities Act of 1933. 13 ITEM 6. SELECTED CONSOLIDATED FINANCIAL DATA The financial data set forth below for each of the three years in the period ended December 31, 2003 and as of December 31, 2003 and 2002 has been derived from the audited consolidated financial statements appearing elsewhere in this Annual Report on Form 10-K. The financial data for the years ended December 31, 1999 and 2000 and as of December 31, 1999, 2000 and 2001 has been derived from audited financial statements not included herein. This data should be read in conjunction with the consolidated financial statements and notes thereto, and with Item 7, "Management's Discussion and Analysis of Financial Condition and Results of Operations".
YEAR ENDED DECEMBER 31, --------------------------------------------------- 1999 2000 2001 2002 2003 ------- -------- -------- -------- -------- (AMOUNTS IN THOUSANDS, EXCEPT PER SHARE AMOUNTS) CONSOLIDATED STATEMENT OF OPERATIONS DATA: Revenues Product licenses and sales............. $74,050 $119,703 $122,385 $121,093 $107,117 Subscriptions.......................... 24,141 41,706 66,687 92,945 112,855 Professional services.................. 18,296 33,566 34,487 29,247 25,809 ------- -------- -------- -------- -------- Total revenues...................... 116,487 194,975 223,559 243,285 245,781 Cost of revenues Cost of licenses and sales............. 18,842 22,653 13,439 6,688 9,528 Cost of subscriptions and services..... 18,858 36,771 50,708 51,133 48,686 ------- -------- -------- -------- -------- Total cost of revenues.............. 37,700 59,424 64,147 57,821 58,214 Research and development................. 20,412 31,316 35,413 35,280 41,843 Sales and marketing...................... 43,124 68,032 92,001 93,679 87,452 General and administrative............... 9,230 14,481 20,442 24,271 22,661 Charge for in-process research and development............................ -- -- 2,910 18,537 -- Amortization of goodwill................. 318 479 26,505 -- -- Amortization and write-off of intangibles and stock-based compensation........... 674 674 5,227 5,674 6,015 Operating income (loss).................. 2,700 20,569 (24,158) 8,023 29,596 Other income (expense), net.............. -- -- 15,132 3,859 (1,967) Net income (loss)........................ $ 7,490 $ 18,315 $(15,458) $ 1,779 $ 19,737 Diluted net income (loss) per share...... $ 0.17 $ 0.41 $ (0.34) $ 0.04 $ 0.39
DECEMBER 31, ---------------------------------------------------- 1999 2000 2001 2002 2003 -------- -------- -------- -------- -------- (AMOUNTS IN THOUSANDS) CONSOLIDATED BALANCE SHEET DATA: Cash and marketable securities.......... $126,783 $132,148 $163,167 $202,316 $238,181 Working capital......................... 127,135 145,133 149,080 187,387 223,885 Goodwill, less accumulated amortization.......................... 2,775 3,167 197,060 200,464 201,303 Total assets............................ 184,845 240,240 500,984 546,568 581,282 Stockholders' equity.................... 155,153 188,389 426,935 464,556 486,343
14 ITEM 7. MANAGEMENT'S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS The following Management's Discussion and Analysis of Financial Condition and Results of Operations should be read in conjunction with the Consolidated Financial Statements and related Notes thereto included elsewhere in this Form 10-K. Except for the historical financial information, many of the matters discussed in this Item 7 may be considered "forward-looking" statements. Such forward-looking statements are not guarantees of future performance and involve a number of risks and uncertainties. Many of the risks and uncertainties are described below under the caption "Risk Factors". OVERVIEW We are focused on protecting gateways, networks, servers and desktops against an ever-changing spectrum of threats, with a comprehensive line of products and services designed specifically for the enterprise, service provider, risk management, small business and consumer markets. These threat protection solutions go beyond basic access control to deliver multiple layers of defense that detect, prevent and respond to threats prior to those threats causing damage to our customers' business operations. Our family of products is a critical element of an active Internet and networking security program within today's world of global connectivity, enabling organizations to proactively monitor, detect and respond to risks to enterprise information. Prior to 2003, our products were exclusively software, providing intrusion detection and vulnerability assessment solutions. In 2003, we began to sell a new line of products called Proventia, which includes an appliance pre-loaded and configured with our network-based software solutions for intrusion detection and in-line intrusion prevention. Initial customer response has been positive, with this line representing 45% of product and license sale revenues for the fourth quarter of 2003. We believe this new product line is critical to growing our product sales and the ongoing subscription revenues associated with such sales. In the fourth quarter of 2003, our product offering expanded to further include a multi-function Proventia appliance that includes, in addition to intrusion protection, firewall, virtual private network, and anti-virus protection. We expect the addition of content filtering and anti-spam to this product line in the first half of 2004. We believe this expanded product offering significantly increases our market opportunity as well as our risk from broader competition. While there were some sales of this product in 2003, our expectations for future revenue growth are dependent on successfully penetrating both our existing intrusion protection market and new network security markets with this multi-function appliance. Our managed services offerings currently provide remote management of our best-of-breed security technology, focusing on security assessment and intrusion detection systems, and include firewalls, VPNs, anti-virus and URL filtering software. We focus on serving as the trusted security provider to our customers by maintaining within our existing products the latest counter-measures to security risks, creating new innovative products based on our customers' needs and providing professional and managed services. In an effort to create differentiation, we emphasize the management of our own products, which has allowed us to announce a new offering in early 2004 called managed protection services. We expect this new service to provide guaranteed protection to customers who meet the requirements of the program. The program provides for a fixed cash payment if the protection system is compromised by an exploit for which protection is guaranteed. Many factors will affect our future financial performance, especially our ability to differentiate our offerings from competitors that include much larger companies with greater marketing capabilities, financial resources and brand recognition. In order to continue to create such differentiation, we expect to continue to expand our domestic and international sales and marketing operations, seek acquisition candidates and alliances with partners whose products, technologies or services capabilities are complementary to our solutions; and improve our internal operating and financial infrastructure in support of our strategic goals and objectives. At the same time, we expect to adjust our organization size in light of changing economic conditions and maintain emphasis on controlling discretionary spending and capital expenditures. While we believe in the long-term success of our business solutions, our prospects must be considered in light of the 15 recent experience, risks and difficulties that are frequently encountered by companies serving rapidly evolving markets. See "Risk Factors". CRITICAL ACCOUNTING POLICIES The consolidated financial statements were prepared in conformity with accounting principles generally accepted in the United States. As such, management is required to make certain estimates, judgments and assumptions it believes are reasonable based upon the information available. These estimates and assumptions affect the reported amounts of assets and liabilities at the date of the financial statements and the reported amounts of revenues and expenses during the periods presented. The significant accounting policies which management believes are the most critical to aid in fully understanding and evaluating our reported financial results include the following: Revenue recognition We recognize software license revenue under Statement of Position ("SOP") 97-2, Software Revenue Recognition, as modified by SOP 98-9, Software Revenue Recognition with Respect to Certain Transactions, when the following criteria have been met: - persuasive evidence of an arrangement exists; - delivery has occurred or services have been rendered; - price is fixed or determinable; and - collection is probable. Product licenses and sales include revenue from sales of perpetual software licenses and products. We recognize perpetual software license revenues upon (1) delivery of software or, if the customer has evaluation software, delivery of the software key and (2) issuance of the related license, assuming that no significant vendor obligations or customer acceptance rights exist. Where payment terms are extended over periods greater than 12 months, revenue is recognized as such amounts become due and payable. Product sales consist primarily of appliances sold in conjunction with ISS licensed software. These sales are recognized upon shipment to the customer provided all other revenue recognition criteria are met. Sales of enterprise products are generated both through direct sales to end-users as well as through various partners, including system integrators, value-added resellers and distributors. License revenue is recognized when the sale has occurred for an identified end user through electronic delivery of a software key that is necessary to operate the product, provided all other revenue recognition criteria are met. At the point of delivery, the end-user has no right of return. Subscription revenues include product support and content updates, term licenses, and managed service arrangements. Renewable product support and content updates are separate components of software licenses and appliances sold. Term licenses allow customers to use our products and receive product support coverage and content updates for a specified period, generally 12 months. We generally invoice for product support, content updates and term licenses at the beginning of the term and recognize revenue ratably over the subscription term. Security monitoring and management services for information assets and systems are part of managed services and associated revenues are recognized and billed as such services are provided. Historically, our appliance and software sales have been accounted for primarily as revenue at the time of sale, with product support and content updates generally representing between 20% and 30% of the license or product amount. With the introduction of the multi-function appliance, we expect to significantly alter this ratio, as the majority of the initial price paid by the customer will be for content provided for a specified term. This will result in the subscription component being recorded initially in deferred revenues and recognized over the term as subscription revenue. Professional services revenues include fee-based service engagements and training. Service engagements are typically billed on either a fixed fee or time-and-materials basis and focus primarily on security 16 assessments of customer networks and the development of customers' security policies. These offerings are intended to support our goal of providing products and managed services. We prefer to have our partners provide these services where practical. We recognize such professional services revenues as the related services are rendered. Multiple element arrangements can include any combination of our products or services listed above. When some elements are delivered prior to others in an arrangement, all revenue is deferred until the delivery of the last element unless all of the following exist: - vendor specific objective evidence (VSOE) of fair value of the undelivered elements; - the functionality of the delivered elements is not dependent on the undelivered elements; and - delivery of the delivered elements represents the culmination of the earnings process. When these criteria have been met, we allocate revenue to the delivered software product using the residual method. Under the residual method, we allocate discounts inherent in the arrangement entirely to the product that is initially delivered and recognize the other elements as they are delivered based on the vendor specific objective evidence, which is typically determined by the company selling those elements separately. Our historical rate of product returns by customers of our software products is negligible. We do not have sufficient experience with our newly-introduced Proventia appliance products to make a meaningful estimate of product return rates for these products. We offer evaluation software available via download from our website and evaluation units for appliance-based products that allow potential customers to see the functionality of the products on their own networks. We did not have any transactions in 2001, 2002 or 2003 involving reciprocal arrangements where goods or services were purchased from an organization at the same time that we licensed software or provided services to that organization. Allowance for doubtful accounts Our sales are global, with customers located in the United States, Europe, Latin America and Asia/Pacific regions. We perform periodic credit evaluations of our customer's financial condition and do not require collateral. We provide for estimated credit losses as such losses become probable. We evaluate specific accounts when we become aware of a situation where a customer may not be able to meet its financial obligations due to deterioration of its liquidity or financial viability, credit ratings or bankruptcy. The allowance for doubtful accounts is established based on the best facts available to us and is reevaluated and adjusted as additional information is received. At December 31, 2003, the allowance for doubtful accounts totaled $2.8 million, or 4.0% of the $69.4 million of total trade receivables. This 4.0% allowance percentage of receivables reflects our practice to leave accounts on our general ledger and provide reserves pending final resolution of collectibility rather than write-off such accounts. Our bad debt expense for the year ended December 31, 2003 amounted to $1.1 million. This was a decrease from $1.6 million in 2001 and $2.1 million in 2002. The economic conditions in the Asia/Pacific region, especially in Korea and China, increased our bad debt expense in 2002 by $1.0 million based on an internal evaluation of the outstanding receivables in this region. During 2002, we also decreased the provision by $400,000 for allowances specifically established in prior years for two customers that were successfully collected in 2002. The lower provision for 2003 is directly attributable to the absence of any significant new identified exposures. We continued to monitor the Asia situation identified in 2002. In January 2004, a new distributor for China assumed the rights and the obligations of the distribution agreement for ISS products from the old distributor. In connection with this agreement, we modified the new distributor's obligations, which resulted in an additional $200,000 of bad debt expense recorded in the fourth quarter of 2003 and the write-off of $1.1 million against the allowance account. We have a firm repayment schedule with the new distributor, a public company with a liquid balance sheet, and expect that the outstanding balance of $2.4 million at January 31, 2004 is collectible. While actual credit losses have historically been within management's expectations and the provisions established, we cannot guarantee that we will continue to experience the same credit loss rates we have in the 17 past. If the financial condition of our customers were to deteriorate, resulting in an impairment of their ability to make payments, additional allowances may be required. Impairment of goodwill and Other Acquisition-related Intangibles We review goodwill for impairment on an annual basis or on an interim basis whenever events or changes in circumstances indicate that the carrying amount of an asset may not be recoverable. All other long-lived and intangible assets are reviewed for impairment whenever events or circumstances indicate that the carrying amount of an asset may not be recoverable. Such impairment loss would be measured as the difference between the carrying amount of the asset and its fair value based on the present value of estimated future cash flows. Significant judgment is required in the forecasting of future operating results, which are used in the preparation of projected cash flows. Due to uncertain market conditions and potential changes in our strategy and products, it is possible that forecasts used to support our intangible assets may change in the future which could result in significant non-cash charges that would adversely affect our results of operations. We currently have goodwill and other acquisition related intangibles of approximately $211 million, with $195 million of goodwill related to our June 2001 acquisition of Network ICE. The determination of whether or not goodwill is impaired involves significant judgments based upon short and long-term projections of future performance. We have concluded that this amount is realizable based on forecasted discounted cash flows through 2007 and on our stock market valuation. Neither method indicated that our goodwill had been impaired and, as a result, we did not record any impairment losses related to goodwill during the year ended December 31, 2003. Other intangibles of approximately $10 million are principally software form the Network ICE acquisition that is a primary component in most of our current product offerings. ACQUISITIONS We believe that our total solutions approach will positively impact all of our revenue categories. This includes our products and managed services offerings, as well as product support, professional services and training. While we expect the expansion of these product and service offerings to originate primarily from internal development, our strategy includes acquiring products, technologies and service capabilities that fit within our strategy and could potentially accelerate the timing of the commercial introduction of such products and technologies. In January 2004, we acquired Cobion, AG ("Cobion"), a privately held company based in Kassel, Germany. Cobion provides content filtering and anti-spam technology that protects individuals and enterprises against unwanted Web content, spam, misuse of information and lost productivity. The purchase price was approximately $33 million in cash plus the direct costs of acquisition. We intend to continue to sell the Cobion product on a stand-alone basis as well as include the technology in our multi-function Proventia appliance in 2004. In October 2002, we completed the acquisition of privately held vCIS, Inc. ("vCIS") of Santa Clara, California, a developer of patent-pending, next-generation, pre-emptive behavioral inspection technology. The technology prevents malicious code from executing and causing damage before it has an opportunity to interact with the enterprise network. The aggregate purchase price was $19.6 million and was primarily allocated to in-process research and development. In-process research and development had not yet reached technological feasibility and was required to be expensed at the time of acquisition under generally accepted accounting principles ("GAAP"). As a result, we incurred an expense of $18.5 million in the fourth quarter of 2002. Of the remaining purchase price, $1.2 million was allocated to the assembled workforce, which is being amortized over three years, $200,000 was allocated to net tangible assets, principally fixed assets, and $300,000 of liabilities were assumed. In the fourth quarter of 2003 we committed to a plan to close the research and development facility in Sydney, Australia, transferred knowledge of the product to our Atlanta-based personnel, and wrote off the remaining approximately $700,000 of the intangible asset related to the vCIS workforce. In August 2002, Internet Security Systems KK ("ISS KK"), our Asia-Pacific subsidiary, acquired a distributor in Singapore, TriSecurity Holdings Pte Ltd. ("TriSecurity"). TriSecurity was the sole distributor 18 for ISS KK in Southeast Asia, including India, and its business was almost exclusively focused on ISS solutions. This acquisition provides our Asia-Pacific subsidiary direct support capabilities for their customers in Southeast Asia and allows ISS KK to expand its capabilities in this growing market. The consideration consisted of 1,000 shares of ISS KK stock and approximately $1.2 million of cash. Goodwill of approximately $4.0 million related to the purchase was recorded. During the first quarter of 2003, ISS KK amended the agreement and agreed to make payment of 245 shares of ISS KK in each of the first quarters of 2004 and 2005, relating to annual contingent consideration payments defined in the 2002 purchase agreement. The additional consideration of $626,000, based on current fair market value of the shares, was recorded as additional goodwill and additional paid-in-capital at such time. When such shares are actually issued, a gain or loss will be recognized to the extent of any difference between the $626,000 fair value of the shares to be issued and the book value of those shares. In June 2001, we acquired Network ICE Corporation ("Network ICE"), a privately-held corporation based in San Mateo, California. Network ICE was a leading developer of desktop intrusion protection technology and highly scalable security management systems. The merger was accounted for as a purchase and, accordingly, the operating results of Network ICE are included in the consolidated financial statements of ISS from the date of acquisition. Substantially all of the aggregate purchase price of $237.6 million was allocated to goodwill, with the remainder allocated to identified intangibles, including in-process research and development, developed technology, customer relationships, and to deferred compensation related to stock options assumed. RESULTS OF OPERATIONS The following table sets forth our consolidated historical operating information, as a percentage of total revenues, for the periods indicated:
YEAR ENDED DECEMBER 31, ------------------------- 2001 2002 2003 ----- ----- ----- Consolidated Statements of Operations Data: Product licenses and sales................................ 55% 50% 44% Subscriptions............................................. 30 38 46 Professional services..................................... 15 12 10 --- --- --- Total revenues.................................... 100 100 100 --- --- --- Cost of revenues: Product licenses and sales................................ 6 3 4 Subscriptions and professional services................... 23 21 20 --- --- --- Total cost of revenues............................ 29 24 24 Research and development.................................... 16 15 17 Sales and marketing......................................... 41 39 36 General and administrative.................................. 9 10 9 Write-off of lease obligation............................... 1 -- -- Charge for in-process research and development.............. 1 8 -- Amortization and write-off of intangibles & stock based compensation.............................................. 2 2 2 Amortization of goodwill.................................... 12 -- -- --- --- --- Total costs and expenses.......................... 111 98 88 --- --- --- Operating income (loss)..................................... (11)% 2% 12%
19 REVENUES Product licenses and sales Product licenses and sales, including perpetual licenses and sales of partner software and hardware appliances, reflect a decreasing trend for the last three years. They also continue to be a decreasing source of revenue generation at 55% of total revenues in 2001, 50% in 2002 and 44% in 2003 as subscription revenues grew significantly. We believe that the general economic slowdown in information technology spending contributed to the decrease in product licenses and sales as well as the cost and complexity of deploying and managing software based solutions for networks. In the second quarter of 2003, we began to ship our first Proventia network protection appliance (the Proventia A Series Appliance) which provides intrusion detection capabilities to customers. The Proventia family of appliances collectively provides unified, multi-function protection capabilities designed to identify and prevent many forms of attack with minimal user intervention. They are designed to operate in demanding network environments while being easy to deploy, easy to use and centrally managed, all in an effort to make our solution more cost-effective. Revenues from our Proventia appliance line represented 10% of total revenues for the year ended December 31, 2003. In the fourth quarter of 2003, we introduced and shipped our in-line intrusion protection Proventia appliance (the Proventia G Series Appliance) and the multi-function appliance (the Proventia M Series Appliance) that initially includes firewall, virtual private network anti-virus and intrusion protection capabilities. In the fourth quarter, Proventia represented 45% of our product and license revenues, which produced a reversal in the quarterly trend of reduced product and license revenues. Our future growth is dependent on a continuation of the positive market response to our Proventia family of products. In 2004, we expect to extend Proventia to our server and desktop solutions that will continue to be delivered as software offerings. This expected growth is critical as it represents not only product and license revenues, but also subscription revenues from product support and content. Our present product roadmap focuses our development on product offerings and enhancements that will continue to improve central control and manageability, easier deployment and more refined information and broader Proventia appliance offerings. We expect that this focus will make our products more cost effective to implement and maintain and will increase the future level of product licenses and sales. Subscriptions Subscriptions revenue represented 30% of total revenues in 2001, 38% of total revenues in 2002 and 46% in 2003. Subscription revenues consist of product support and content updates, term licenses of products and security-monitoring fees for managed services offerings. The increase in subscriptions revenue as a percentage of total revenues was primarily due to an increase in product content and support revenues, the largest component, which grew from 20% of total revenues in 2001 to 27% in 2002 and to 31% in 2003. Product content and support includes hardware support of our Proventia appliances, software updates, technical support and security content that includes advisory updates from X-Force, our internal team of security experts. We continue to increase our software client base that generates product content and support revenues, through a combination of contracts associated with new product licenses and renewal of existing contracts. Managed services revenues accounted for 11% of total revenues in the year 2003, as compared with 8% in the year 2002 and 6% in the year 2001. We believe these increases were due to a strong demand in the market for proven, financially sound, managed security service providers. We are marketing managed services both directly to end users and through partners, including a number of new arrangements with integrators and service providers that include managed services as a part of their service offerings to their customers. We also expect sales of managed services to continue to increase as a percentage of total revenues over time as we focus our efforts on marketing new, innovative offerings, such as our Managed Protection Services, to new and existing customers. Managed Protection Services is a premium service combining vulnerability assessment, managed protection and other professional services. 20 Professional services Professional services revenue decreased both in absolute dollars and as a percentage of total revenue from 15% in 2001 to 12% in 2002 and to 10% in 2003. During 2001 we began narrowing our consulting offerings to focus on services that directly contribute to our protection platform strategy. This strategy continued in 2002 as we focused on high-value offerings that utilize our X-Force expertise, and chose to use partners to provide deployment and other offerings where appropriate. In 2003, we believe that entities continued to curtail costs and limit spending of discretionary dollars on professional services in current economic times, which resulted in flat to lower levels of demand for these services. In addition, we continued the strategy that promotes professional services through our systems integrator and channel partner relationships. Although we continue to offer training classes at our Atlanta headquarters and customers' premises, our primary focus is to deliver course materials to our customers through authorized training centers. Geographic regions Geographically, we derived the majority of our revenues from sales to customers within the Americas region. Revenues by region represented the following percentages of total revenues:
2001 2002 2003 ---- ---- ---- Americas.................................................... 71% 72% 69% EMEA........................................................ 15% 15% 19% Asia/Pacific................................................ 14% 13% 12%
Revenues in EMEA benefited from volume growth combined with a strengthening currency throughout 2003, since products are primarily sold in the Euro currency. Asia/Pacific remained consistent with 2002, decreasing minimally, we believe, because of difficult economic conditions in portions of the region in 2003. The financial data for each segment can be found in Note 11 to the Consolidated Financial Statements. COSTS AND EXPENSES Personnel Personnel and related costs represent our largest expense category. Our headcount has fluctuated between approximately 1,150 and 1,250 over the last 3 years as we acquired and integrated acquisitions and continually refined our business targets in light of difficult economic conditions during these years. Cost of product licenses and sales Cost of product licenses and sales consists of several components. Costs associated with licensing our software products are minor. The substantial portion of our cost of product licenses and sales represents the hardware cost of our Proventia appliances and payments to partners for their products that we sell or integrate with our managed service offerings. This cost, as a percentage of product licenses and sales, decreased from 11% in 2001 to 6% in 2002 and increased to 9% in 2003. The decrease from 2001 to 2002 was a result of a movement away from the direct sales of third-party products that had been a more significant part of our revenues as a result of a 1999 acquisition. The increase from 2002 to 2003 was connected with the introduction of the Proventia appliance line in the second quarter of 2003 and we expect the increase in cost of product licenses and sales to continue to increase in future periods as sales of the Proventia appliances increase and become a larger component of our product licenses and sales. Cost of subscriptions and professional services Cost of subscriptions and professional services includes the cost of our technical support personnel who provide assistance to customers under product support agreements, the security operations center ("SOC") costs of providing managed security monitoring services and the costs related to our professional services and training. These costs increased modestly from $50.7 million in 2001 to $51.1 million in 2002 followed by a 21 decrease to $48.7 million in 2003. As a percentage of subscription and professional services revenues, the costs decreased from 50% in 2001 to 42% in 2002 and 35% in 2003. Costs associated with our technical support personnel and our security operations centers increased in 2002 and 2003 as we added personnel to handle additional customers. We gained efficiencies in our security operations centers and restructured our support groups to be more productive so personnel increased at a much lower rate than revenue growth, contributing to the decrease in those costs as a percentage of total revenues. While we continue to seek increased productivity, we do expect to increase costs with a continued increase in revenues in the future. Offsetting this increase of costs associated with our technical support personnel and our security operations centers was a decrease in costs associated with our professional services and education services. Cost decreases accompanied the decrease in revenues that occurred through a continued narrowing of our consulting offerings to focus on services that directly contribute to our protection platform strategy, the outsourcing of educational training outside of Atlanta to authorized partners, and a decrease in the number of training classes related to third-party products. Research and development Research and development expenses consist of salary and related costs of research and development personnel, including costs for employee benefits, and depreciation on computer equipment. These costs include those associated with maintaining and expanding the X-Force, our internal team of security experts. We believe our primary research and product development and managed service offerings are important to retaining our leadership position in the market. We continue to add functionality to our product family, providing gateway, network, server and desktop-based solutions, as well as to our security management applications. These improvements as well as new offerings are intended to provide our customers with more powerful and easier-to-use solutions for security management across the enterprise. Included among new releases and major enhancements in 2003 were: - Proventia A Series models (A201, A604 and A1204) -- network threat detection appliance for aggregate network bandwidth from 200 Mbps to 1200 Mbps on 1 to 4 network segments. - Proventia G Series models (G100 and G200) -- network threat protection appliance for aggregate network bandwidth from 100 Mbps to 200 Mbps on a particular network segment. - Proventia M Series model (M50) -- unified firewall, VPN, anti-virus, and intrusion detection and prevention in one appliance, under one management system, to protect at the network and the gateway. - RealSecure Server Sensor 7.0 -- assesses host security to detect and report system security weaknesses, and provides intrusion prevention and response. - RealSecure(R) Desktop 7.0 -- provides protection against malicious activity by analyzing application and network (including VPN) behavior on desktops. - RealSecure Internet Scanner 7.0 -- added improved accuracy and new ease-of-use features to our network assessment solution. - RealSecure SiteProtector 2.0 -- unifies the management of protection across networks, servers and desktops to increase customers' ability to effectively detect, prevent and respond to today's ever-changing spectrum of threats. Research and development expenses were $35.4 million in 2001, $35.3 million in 2002 and $41.8 million in 2003. These costs fluctuated as a percentage of total revenues from 16% in 2001 to 15% in 2002 and 17% in 2003. In 2002 we continued to provide new product offerings and enhancements without an increase in research and development expenses. Our development group headcount increased in the fourth quarter of 2002 due to 22 the addition of 20 engineers from the vCIS acquisition. The increase in 2003 in both absolute dollars and percentage of revenues is due to the increase in the number of our development personnel focused on our Proventia offerings. Throughout 2003, we also reorganized and consolidated our efforts for security content, protection agent frameworks, management infrastructure and multifunction appliance delivery to enhance operational and development efficiency. This resulted in closing our engineering operations in Reading, U.K. and Sydney, Australia in the fourth quarter of 2003. The Reading office was closed November 30, 2003 and all costs associated with the closing of this facility were charged to expense in 2003. The Sydney office will remain open through the first half of 2004, with a small number of key employees. The costs of severance associated with all terminated employees from the Sydney office were expensed in 2003. The normal operating costs of keeping the office open into 2004 will be expensed as incurred. These exit costs, which totaled $1.5 million, increased research and development expenses by 1% of total revenues in 2003 to 16%. While we are committed to continue our investment in X-Force research and development capabilities, which we believe distinguishes ISS from its competitors, we intend to seek leverage in future periods in the research and development area while enhancing current technologies and developing new technologies. Sales and marketing Sales and marketing expenses consist of salaries, travel expenses, commissions, advertising, maintenance of our website, trade show expenses, costs of recruiting sales and marketing personnel and costs of marketing materials. Sales and marketing expenses were $92.0 million in 2001, $93.7 million in 2002 and $87.5 million in 2003. Gaining leverage in sales and marketing was a key objective for us in 2002, and we were able to decrease these expenses as a percentage of total revenues from 41% in 2001 to 39% in 2002. This occurred largely because we resized our operations globally in the third quarter of 2001, resulting in personnel reductions and decreases in various operating expenses, followed by further reduction in the third quarter of 2002 in areas such as Latin America and Europe where revenue demand did not support our cost base. Marketing costs increased in 2002 as we launched our first television and print advertising campaign designed to demonstrate the multitude of threats that can compromise the security of a company's networks, servers or desktops. This campaign was aimed at increasing awareness of the ISS brand, especially at the mainstream business market. In 2003, sales and marketing expenses decreased in both absolute dollars to $87.5 million and as a percentage of total revenue to 36%. These decreases occurred as a result of a full year impact of 2002 sales headcount reductions as well as selective decreases during 2003. Additionally, we incurred lower commissions due to the decrease in total product license and sales revenues. Finally, marketing costs were at a lower level, as we did not continue our television and print advertising campaign in 2003. We expect to continue to achieve leverage in our sales efforts by focusing our direct touch sales force on large customers that are served either directly by us or through large systems integrators. This channel, which includes systems integrators, value-added resellers and distributors, will continue to be of increasing importance to us. We intend to use its capabilities to reach larger customers through joint selling efforts and to reach departmental and small companies, especially for our Proventia multi-function appliance, which we believe has much more appeal to these companies. General and administrative General and administrative expenses of $20.4 million in 2001, $24.3 million in 2002 and $22.7 million in 2003, represented approximately 9% of our total revenues in 2001, 10% in 2002 and 9% in 2003. General and administrative expenses consist of personnel-related costs for executive, administrative, finance and human resources, internal information systems and other support services costs, and legal, accounting and other professional service fees. The increase in general and administrative expenses from 2001 to 2002 includes non-recurring expenses associated with a relocation of our Asia/Pacific headquarters in Tokyo during the second quarter of 2002. 23 Costs included lease termination costs, including remaining rent payments, write-off of leasehold improvements and moving costs. These costs increased general and administrative expenses by 1% of total revenues in 2002. Charge for in-process research and development We have reflected charges of $2.9 million in 2001 and $18.5 million in 2002 for the write-offs of in-process research and development costs associated with the Network ICE acquisition in June 2001 and the vCIS acquisition in October 2002. In-process research and development had not reached technological feasibility based on identifiable technological risk factors which indicated that even though successful completion was expected, it was not assured at the acquisition date and was immediately charged to operations. vCIS was developing a protection kernel that uses behavior analysis technology to identify viruses, Trojans, worms, and other forms of malicious code. The technology operates on behavior of malicious code rather than on individual signatures of malicious code. It conducts real time assessments of all executable program files, in a safe environment, and cleans the files before they are allowed to execute within an actual system. At the time the merger transaction was concluded, the vCIS technology had not reached technological feasibility, vCIS had no marketable product and vCIS had not identified any alternative uses for the technology at its current stage of development. We continue to work on the development of the product and had not used this technology in our product line as of the end of 2003. Amortization We incurred amortization expense related to intangible assets and stock-based compensation of $5.2 million in 2001, $5.7 million in 2002 and $6.0 million in 2003. These intangible assets and stock-based compensation resulted from acquisitions accounted for under the purchase method of accounting and are amortized over their useful lives. Due to the closing of our Reading, UK and Sydney, Australia research and development facilities in late 2003, the expense in 2003 includes a $738,000 charge related to our workforce reductions at these facilities. Interest income Net interest income decreased from $6.3 million in 2001 to $3.2 million in 2002 and to $2.7 million in 2003. The decrease in interest income year over year resulted from lower market rates of interest on debt securities. The market rate of interest paid on investment-grade commercial paper and similar investments dropped from approximately 4.5% during 2001 to approximately 2% during 2002 and dropped to approximately 1% for 2003. As a result, interest income decreased despite an increase in cash and cash equivalents and interest-bearing marketable securities. Other income (expense), net Other income and expense is primarily the result of issuance of stock in subsidiary companies and the results of investment in and the acquisition of distributors. In accordance with Staff Accounting Bulletin No. 51 ("SAB 51"), we have recorded gains when shares in our Japanese subsidiary have been issued in connection with its 2001 initial public offering, a 2002 acquisition of a Singapore-based distributor and option exercises in 2002 and 2003. Additionally, our Japan subsidiary took a minority position in a number of private companies, which ultimately produced a $1.9 million realized gain in 2002, and a $2.2 million impairment loss in 2003. At December 31, 2003, our Japan subsidiary has only one remaining investment for $700,000, which is carried at cost and has been deemed to not be impaired. Provision for income taxes We recorded a provision for income taxes of $12.5 million in 2001, $13.1 million in 2002, and $11.2 million in 2003. While income tax expense was recorded on domestic income for each year, taxes payable were reduced by deductions related to the value of employee exercise of stock options. The tax benefit 24 for the use of these stock option deductions was recorded as additional paid-in capital. Taxes paid generally relate to foreign operations. As of December 31, 2003, we had net operating loss carryforwards of approximately $21.8 million related to stock option deductions that expire in varying amounts between 2011 and 2021. The tax benefit for this carryforward will be recorded as additional paid-in-capital when it is realized. We also have approximately $7.7 million of research and development tax credit carryforwards, which expire between 2011 and 2023 and foreign tax credit carryforwards of $2.8 million that expire between 2006 and 2008. LIQUIDITY AND CAPITAL RESOURCES Our financial position remained strong throughout 2003. Our cash and cash equivalents and marketable security investments increased from $202.3 million at December 31, 2002 to $238.2 million at December 31, 2003. Our investments in marketable securities consist solely of high rated debt obligations with maturities of 12 months or less. During 2003, we met our working capital needs and capital equipment needs with cash provided by operations. Cash provided by operations in 2003 totaled $48.7 million compared to $48.9 million in 2002 and $39.4 million in 2001. Accounts receivable, net of acquisitions, increased $9.9 million in 2003 compared to an increase of $5.2 million in 2002 and a decrease of $9.3 million in 2001. These changes were primarily the result of changes in sales levels in the fourth quarter of the respective periods, increasing from 2001 to 2002 and from 2002 to 2003. We measure our accounts receivable management by our daily sales outstanding. This is a measurement of accounts receivable divided by billings in the quarter, represented by the sum of revenues plus the change in the deferred revenues liability account balance. This measurement was 78, 77 and 81 days at December 31, 2001, 2002 and 2003, respectively, each within our publicly stated target range of 75 to 85 days. Our investing activities of $4.8 million in 2003 resulted from our capital purchases, which decreased to $7.2 million compared to $10.9 million in 2002. Our spending is primarily for improved computer hardware for new and existing employees and investment in infrastructure hardware and software applications. Investing activities also included changes in our marketable securities that have quality characteristics similar to cash equivalents, except their maturities when we acquire them are longer than three months. The cash flow statement included the purchase of $76.5 million of intermediate term marketable securities, primarily interest-bearing government obligations and commercial paper, offset by net proceeds from the maturity of marketable securities of $76.6 million. Our financing activities used $13.7 million of cash in 2003, principally due to the repurchase of our common stock under an authorized plan to repurchase up to $50 million. Through December 31, 2003, we had repurchased a total of $18.4 million, including the purchase of 1,177,000 shares of our common stock on the open market during 2003 at an aggregate cost of $16.3 million. At December 31, 2003, we had $238.2 million of cash and cash equivalents and marketable securities; primarily money market accounts and investment grade commercial paper. An additional $12.8 million of commercial paper investments are pledged as collateral for stand-by letters of credit related to the operating leases of our facilities and are shown on the balance sheet as restricted marketable securities. We believe that such cash and cash equivalents and marketable securities will be sufficient to meet our working capital needs and capital expenditures for the foreseeable future. Furthermore, we are not aware of any trends, events, or uncertainties that are reasonably likely to result in any significant change to our liquidity. From time to time, we evaluate possible acquisition and investment opportunities in businesses, products or technologies that are complementary to ours. In the event we determine to pursue such opportunities, we may use our available cash and cash equivalents and marketable securities for this purpose. In January 2004, we used approximately $40 million of cash in acquiring Cobion and the license of development source code from another party. 25 Off-Balance Sheet Arrangements Payments for certain of our operating leases are secured by two collateralized stand-by letters of credit totaling approximately $10.3 million at December 31, 2003. The stand-by letters of credit are annually renewable over the duration of the applicable leases. These stand-by letters of credit guarantee our payment obligations on the leases. If we default on the lease payments, the landlords can claim against the letters of credit. We, in turn, would be liable to the letter of credit issuers. Our stand-by letters of credit are collateralized by securities worth $12.8 million at December 31, 2003. Other than these non-cancelable operating leases, we have no off-balance sheet financing arrangements, any relationships with "structured finance" or "special purpose" entities, or any contractual obligations with unconsolidated entities that are reasonably likely to impact our liquidity. Contractual Commitments The following table summarizes our significant contractual obligations at December 31, 2003, and the effect such obligations are expected to have on our liquidity and cash flows in future periods. This table excludes amounts already recorded on our balance sheet as current liabilities at December 31, 2003 (amounts in thousands):
PAYMENTS DUE BY PERIOD -------------------------------------------------------- TOTAL LESS THAN 1 YEAR 1-3 YEARS 3-5 YEARS AFTER 5 YEARS ------- ---------------- --------- --------- ------------- Operating lease obligations................ $89,831 $13,514 $25,053 $17,174 $34,090 Other........................ 968 484 484 -- -- ------- ------- ------- ------- ------- Total contractual cash obligations................ $90,799 $13,998 $25,537 $17,174 $34,090 ======= ======= ======= ======= =======
Other obligations consist of payments due under an existing software licensing agreement. The expected timing and payment of the obligations above is estimated based on current information. Timing of payments and actual amounts paid may be different depending on the timing of receipt of goods or services or changes to agreed-upon amounts for some obligations. RISK FACTORS There are many factors that affect ISS' business and the results of its operations, some of which are beyond ISS' control. The following is a description of some of the important factors that may cause the actual results of ISS' operations in future periods to differ materially from those currently expected or desired. We encourage you to read this section carefully. We Operate in a Rapidly Evolving Market We operate in a rapidly evolving market and must, among other things: - respond to competitive developments; - continue to upgrade and expand our product and services offerings; and - continue to attract, retain and motivate our employees. We cannot be certain that we will successfully address these issues. As a result, we cannot assure our investors that we will be able to continue to operate profitably in the future. We introduced our new Proventia appliance line, beginning with the A Series in April 2003. The G Series and M Series were introduced in the fourth quarter of 2003. As a result of our limited history with these products, it may be difficult to plan or project our revenues accurately. The revenue and income potential of these products is unproven and the markets addressed by these products are volatile. If these products fail to gain market acceptance, our revenue could be below our expectations and our operating results could be adversely affected. 26 Our Future Operating Results Will Likely Fluctuate Significantly We cannot predict our future revenues and operating results with certainty. However, we do expect our future revenues and operating results to fluctuate due to a combination of factors, including: - the growth in the acceptance of, and activity on, the Internet and the world wide web, particularly by corporate, institutional and government users; - the extent to which the public perceives that unauthorized access to and use of online information are threats to network security; - customer budgets; - the volume and timing of orders, including seasonal trends in customer purchasing; - our ability to develop new and enhanced product, managed service and professional service offerings; - the introduction and acceptance rate of ISS branded appliances, including increased cost of goods sold and inventory costs; - our ability to accurately forecast and produce demanded quantities of our appliance products and models; - availability of component parts of appliance products and reliance on contract manufacturers to produce such products; - our ability to provide scalable managed services offerings through our partners in a cost effective manner; - foreign currency exchange rates that affect our international operations; - product and price competition in our markets; and - general economic conditions, both domestically and in our foreign markets. We increasingly focus our efforts on sales of enterprise-wide security solutions, which consist of our entire product suite and related professional services, and managed security services, rather than on the sale of component products. As a result, each sale requires substantial time and effort from our sales and support staff. In addition, the revenues associated with particular sales vary significantly depending on the number of products licensed by a customer, the number of devices used by the customer and the customer's relative need for our professional services. Large individual sales, or even small delays in customer orders, can cause significant variation in our license revenues and results of operations for a particular period. The timing of large orders is usually difficult to predict and, like many software and services companies, many of our customers typically complete transactions in the last month of a quarter. We cannot predict our operating expenses based on our past results. Instead, we establish our spending levels based in large part on our expected future revenues. As a result, if our actual revenues in any future period fall below our expectations, our operating results likely will be adversely affected because very few of our expenses vary with our revenues. Because of the factors listed above, we believe that our quarterly and annual revenues, expenses and operating results likely will vary significantly in the future. Our ability to provide timely guidance and meet the expectations of investors with respect to our operating and financial results is impacted by the tendency of a majority of our sales to be completed in the last month of a quarter. We may not be able to determine whether we will experience material deviations from guidance or expectations until the end of a quarter. Dependence on Third Party Suppliers and Manufacturers We carry little inventory of our appliance products and we rely on suppliers to deliver necessary components to our contract manufacturers in a timely manner based on the forecasts we provide. We currently purchase some Proventia appliance components and contract manufacturing services from single or limited 27 sources. If shortages occur, supplies are interrupted, or we under forecast sales of demanded models, we may not be able to deliver products to our customers and our revenue and operating results would be adversely affected. Because our supply of hardware is based on short-term forecasts and purchase orders, our contract manufacturers are not obligated to purchase components for greater quantities over longer periods. We provide six-month forecasts of our demand to our contract manufacturer. If we overestimate our requirements, we or our contract manufacturers may have excess inventory, which could increase our costs. If we underestimate our requirements, our contract manufacturers may have an inadequate component inventory and, based on lead times, this could interrupt manufacturing and result in delays in shipments and revenues. We Face Intense Competition in Our Market The market for network security monitoring, detection, prevention and response solutions is intensely competitive, and we expect competition to increase in the future. We cannot guarantee that we will compete successfully against our current or potential competitors, especially those with significantly greater financial resources or brand name recognition. Our chief competitors generally fall within the following categories: - large companies, including Symantec Corp., Cisco Systems, Inc., Netscreen Technologies, Inc. (which is being acquired by Juniper Networks, Inc.), and Network Associates, Inc., that sell competitive products and offerings, as well as other large software companies that have the technical capability and resources to develop competitive products; - software or hardware network infrastructure companies like Cisco Systems, Inc. and Juniper Networks, Inc. that could integrate features that are similar to our products into their own products; - relatively smaller software companies offering relatively limited applications for network and Internet security; and - small and large companies with competitive offerings to components of our managed services offerings. Mergers or consolidations among these competitors, or acquisitions of small competitors by larger companies, represent risks. For example, Symantec Corp., Cisco Systems, Inc., and Network Associates, Inc. have acquired smaller companies that have intrusion prevention technologies during the past several years, and Juniper Networks, Inc. announced that it is acquiring Netscreen Technologies, Inc. These acquisitions will make these entities potentially more formidable competitors to us if such products and offerings are effectively integrated. Large companies may have advantages over us because of their longer operating histories, greater name recognition, larger customer bases or greater financial, technical and marketing resources. As a result, they may be able to adapt more quickly to new or emerging technologies and changes in customer requirements. They can also devote greater resources to the promotion and sale of their products than we can. In addition, these companies have reduced and could continue to reduce, the price of their security monitoring, detection and response products and managed security services, which increases pricing pressures within our market. Several companies currently sell software and hardware products (such as encryption, firewall, operating system security and virus detection software) that our customers and potential customers have broadly adopted. Some of these companies sell products that perform the same functions as some of our products. In addition, the vendors of operating system software or networking hardware may enhance their products to include the same kinds of functions that our products currently provide. The widespread inclusion of comparable features to our software in operating system software or networking hardware could render our products less competitive or obsolete, particularly if such features are of a high quality. Even if security functions integrated into operating system software or networking hardware are more limited than those of our products, a significant number of customers may accept more limited functionality to avoid purchasing additional products. In addition, with the introduction of our multi-function M Series Proventia appliance, we have offerings that compete with vendors of firewalls, VPN's, anti-virus systems, and content and spam filtering. This offering is competitive with a broader spectrum of network security companies, as well as those that also offer multi-function appliances or broad product suites, like Symantec Corp. 28 For the above reasons, we may not be able to compete successfully against our current and future competitors. Increased competition may result in price reductions, reduced gross margins and loss of market share. We Face Rapid Technological Change in Our Industry and Frequent Introductions of New Products Rapid changes in technology pose significant risks to us. We do not control nor can we influence the forces behind these changes, which include: - the extent to which businesses and others seek to establish more secure networks; - the extent to which hackers and others seek to compromise secure systems; - evolving computer hardware and software standards; - changing customer requirements; and - frequent introductions of new products and product enhancements. To remain successful, we must continue to change, adapt and improve our products in response to these and other changes in technology. Our future success hinges on our ability to both continue to enhance our current line of products and professional services and to introduce new products and services that address and respond to innovations in computer hacking, computer technology and customer requirements. We cannot be sure that we will successfully develop and market new products that do this. Any failure by us to timely develop and introduce new products, to enhance our current products or to expand our professional services capabilities in response to these changes could adversely affect our business, operating results and financial condition. Our products involve very complex technology, and as a consequence, major new products and product enhancements require a long time to develop and test before going to market. Because this amount of time is difficult to estimate, we have had to delay the scheduled introduction of new and enhanced products in the past and may have to delay the introduction of new and enhanced products in the future. The techniques computer hackers use to gain unauthorized access to, or to sabotage, networks and intranets are constantly evolving and increasingly sophisticated. Furthermore, because new hacking techniques are usually not recognized until used against one or more targets, we are unable to anticipate most new hacking techniques. To the extent that new hacking techniques harm our customers' computer systems or businesses, affected or prospective customers may believe that our products are ineffective, which may cause them or prospective customers to reduce or avoid purchases of our products. Risks Associated with Our Global Operations The expansion of our international operations includes our presence in dispersed locations throughout the world, including throughout Europe and the Asia/Pacific and Latin America regions. Our international presence and expansion exposes us to risks not present in our U.S. operations, such as: - the difficulty in managing an organization spread over various countries located across the world; - compliance with, and unexpected changes in, a wide range of complex regulatory requirements in countries where we do business; - duties and tariffs imposed on importation of our products in other jurisdictions where other manufacturers may not bear those same costs; - increased financial accounting and reporting burdens; - potentially adverse tax consequences; - fluctuations in foreign currency exchange rates resulting in losses or gains from transactions and expenses denominated in foreign currencies; 29 - reduced protection for intellectual property rights in some countries; - reduced protection for enforcement of creditor and contractual rights in some countries; and - import and export license requirements and restrictions on the import and export of certain technology, especially encryption technology and trade restrictions. Despite these risks, we believe that we must continue to expand our operations in international markets to support our growth. To this end, we intend to establish additional foreign sales operations, expand our existing offices, hire additional personnel, expand our international sales channels and customize our products for local markets. If we fail to execute this strategy, our international sales growth will be limited. Our Networks, Products and Services May be Targeted by Hackers Like other companies, our websites, networks, information systems, products and services may be targets for sabotage, disruption or misappropriation by hackers. As a leading network security solutions company, we are a high profile target. Although we believe we have sufficient controls in place to prevent disruption and misappropriation, and to respond to such situations, we expect these efforts by hackers to continue. If these efforts are successful, our operations, reputation and sales could be adversely affected. We Must Successfully Integrate Acquisitions As part of our growth strategy, we have and may continue to acquire or make investments in companies with products, technologies or professional services capabilities complementary to our solutions. When engaging in acquisitions, we could encounter difficulties in assimilating or completing the development of the technologies, new personnel and operations into our company. These difficulties may disrupt our ongoing business, distract our management and employees, increase our expenses and adversely affect our results of operations. These difficulties could also include accounting requirements, such as impairment charges related to goodwill or expensing in-process research and development costs. We cannot be certain that we will successfully overcome these risks with respect to any future acquisitions or that we will not encounter other problems in connection with our recent or any future acquisitions. In addition, any future acquisitions may require us to incur debt or issue equity securities. The issuance of equity securities could dilute the investment of our existing stockholders. Our Proprietary Rights May be Difficult to Enforce We rely primarily on copyright, trademark, patent and trade secrets laws, confidentiality procedures and contractual provisions to protect our proprietary rights. We have obtained one United States patent and have a number of patent applications pending, as well as numerous trademarks and trademark applications pending. There can be no assurance that patents will be issued from pending applications, or that claims allowed on any patents will be sufficiently broad to protect our technology. There can be no assurance that any issued patents will not be challenged, invalidated or circumvented, or that any rights granted under these patents will actually provide competitive advantages to us. Despite our efforts to protect our proprietary rights, unauthorized parties may attempt to copy aspects of our products or to obtain and use information that we regard as proprietary. Policing unauthorized use of our products is difficult. While we cannot determine the extent to which piracy of our software products occurs, we expect software piracy to be a persistent problem. In addition, the laws of some foreign countries do not protect our proprietary rights to as great an extent as do the laws of the United States, and many foreign countries do not enforce these laws as diligently as U.S. government agencies and private parties. If we are unable to protect our proprietary rights to the totality of the features in our software and products (including aspects of our software and products protected other than by patent rights), we may find ourselves at a competitive disadvantage to others who need not incur the additional expense, time and effort required to create the innovative products that have enabled us to be successful. 30 We May Be Found to Infringe the Proprietary Rights of Others Third parties may assert claims or initiate litigation related to exclusive patent, copyright, trademark and other intellectual property rights to technologies that are relevant to our business. Because of the large number of patents in the Internet, networking, security and software fields, the secrecy of some pending patents and the rapid rate of issuance of new patents, it is not economically practical (or even possible) to determine in advance whether a product (or any of its components) infringe or will infringe the patent rights of others. Third party asserted claims and/or initiated litigation can include claims against us or our manufacturers, suppliers, or customers, alleging infringement of their proprietary rights with respect to our existing or future products (or components of those products). Regardless of the merit of these claims, they can be time-consuming, result in costly litigation and diversion of technical and management personnel, or require us to develop a non-infringing technology or enter into license agreements. There can be no assurance that licenses will be available on acceptable terms and conditions, if at all, in these circumstances, or that any indemnification that might be available to us would be adequate to cover our costs of defense. Furthermore, because of the potential for large judgments, which are not necessarily predictable, it is not unusual to find even arguably unmeritorious claims settled for significant funds. If any infringement or other intellectual property claim made against us by a third party is successful, or if we fail to develop non-infringing technology or license the proprietary rights on commercially reasonable terms and conditions, our business, operating results, financial condition and liquidity could be materially and adversely affected. Some Provisions in the ISS Certificate of Incorporation and Bylaws Make a Takeover of ISS Difficult Our certificate of incorporation and bylaws contain provisions that could have the effect of making it more difficult for a third party to acquire, or of discouraging a third party from attempting to acquire, control of ISS. These provisions: - establish a classified board of directors; - create preferred stock purchase rights that grant to holders of common stock the right to purchase shares of Series A Junior Preferred Stock in the event that a third party acquires 20% or more of the voting power of our outstanding common stock; - prohibit the right of our stockholders to act by written consent; - limit calling special meetings of stockholders; and - impose a requirement that holders of 66 2/3% of the outstanding shares of common stock are required to amend the provisions relating to the classification of our board of directors and action by written consent of stockholders. ITEM 7A. QUANTITATIVE AND QUALITATIVE DISCLOSURES ABOUT MARKET RISK INTEREST RATE SENSITIVITY The primary objective of our investment activities is to preserve principal while at the same time maximizing the income we receive from our investments without significantly increasing risk. Some of the securities in which we invest may be subject to market risk. This means that a change in prevailing interest rates may cause the principal amount of the investment to fluctuate. For example, if we hold a security that was issued with a fixed interest rate at the then-prevailing rate and the prevailing interest rate later rises, the market value of our investment will probably decline. To minimize this risk, we maintain our portfolio of cash equivalents and marketable securities in a variety of high-quality relatively short-term investments, including commercial paper and overnight repurchase agreements. As of December 31, 2003, $27.1 million of our securities mature in more than three months and $19.2 million of our securities mature in more than six months, but in all cases less than one year. 31 RISK ASSOCIATED WITH FOREIGN EXCHANGE RATES ISS is subject to foreign exchange risk as a result of exposures to changes in currency exchange rates. Our foreign operations are, for the most part, naturally hedged against exchange rate fluctuations since both revenues and expenses of each foreign affiliate are denominated in the same currency. Therefore, we do not engage in formal hedging activities, but we do periodically review the potential impact of this risk to ensure that the risk of significant potential losses remains minimal. As a result, an unfavorable change in the exchange rate for any particular foreign subsidiary would result in lower revenues and expenses with regards to operating results, and lower assets and liabilities with regards to the balance sheet. The Company's operating results are affected by changes in exchange rates between the U.S. Dollar and the Euro and the Japanese Yen. When the U.S. Dollar strengthens against these foreign currencies, the value of our non-functional currency revenues decreases. When the U.S. Dollar weakens, the value of our functional currency revenues increases. Since much of our international operating expenses are also incurred in local currencies, which is the foreign subsidiaries functional currency, the impact of exchange rates on net income or loss is relatively less than the impact on revenue. Although our operating and pricing strategies take into account changes in exchange rates over time, our results of operations may be affected significantly in the short term by fluctuations in foreign currency exchange rates. During 2003, the Company recorded a net foreign exchange gain of $813,000. The nature and extent of the foreign currency risk faced by the Company depends on many factors that cannot be accurately predicted. These factors include significant changes in foreign currency market conditions, the Company's inability to match foreign currency denominated revenues with costs denominated in the same currency, and changes in the amount or mix of revenues denominated in various foreign currencies. As a result of material unforeseen changes in these factors, the Company's foreign currency risk could have a greater impact on the Company's results of operations in the future. ITEM 8. CONSOLIDATED FINANCIAL STATEMENTS AND SUPPLEMENTARY DATA
PAGE ---- INTERNET SECURITY SYSTEMS, INC. Report of Independent Auditors.............................. 37 Consolidated Balance Sheets as of December 31, 2002 and 2003...................................................... 38 Consolidated Statements of Operations for the Years Ended December 31, 2001, 2002 and 2003.......................... 39 Consolidated Statements of Stockholders' Equity for the Years Ended December 31, 2001, 2002 and 2003.............. 40 Consolidated Statements of Cash Flows for the Years Ended December 31, 2001, 2002 and 2003.......................... 41 Notes to Consolidated Financial Statements.................. 42 2. Consolidated Financial Statement Schedules Schedule II -- Valuation and Qualifying Accounts............ 63
Schedules other than the one listed above are omitted as the required information is inapplicable or the information is presented in the consolidated financial statements or related notes. ITEM 9. CHANGES IN AND DISAGREEMENTS WITH ACCOUNTANTS ON ACCOUNTING AND FINANCIAL DISCLOSURE None. ITEM 9A. CONTROLS AND PROCEDURES ISS' management with the participation of the Chief Executive Officer and Chief Financial Officer evaluated the effectiveness of ISS' disclosure controls and procedures (as such term is defined in Rules 13a-15(e) and 15d-15(e) under the Securities Exchange Act of 1934, as amended (the "Exchange Act)) as of the end of the period covered by this annual report (the "Evaluation Date"). Based on such 32 evaluation, such officers have concluded that, as of the Evaluation Date, ISS' disclosure controls and procedures were effective to provide reasonable assurance that information required to be disclosed in the reports ISS files under the Exchange Act is recorded, processed, summarized and reported on a timely basis. There have not been any changes in ISS' internal controls over financial reporting during the quarter ended December 31, 2003 that have materially affected, or are reasonably likely to materially affect, such controls. 33 PART III ITEM 10. DIRECTORS AND EXECUTIVE OFFICERS OF THE REGISTRANT DIRECTORS AND EXECUTIVE OFFICERS See the Proxy Statement for the Company's 2004 Annual Meeting of Stockholders, under the headings "Proposal One: Election of Directors", "Executive Officers", and "Section 16(a) Beneficial Reporting Compliance", which information is incorporated herein by reference. CODE OF CONDUCT AND CODE OF ETHICS FOR FINANCIAL PROFESSIONALS The Company has adopted a Code of Conduct and a Code of Ethics for Financial Professionals which apply to its Chief Executive Officer, Chief Financial Officer, and Principal Accounting Officer. These documents are available on the "Investor Relations -- Corporate Governance" portion of our website at www.iss.net\About ISS. INCORPORATION OF OTHER INFORMATION BY REFERENCE For information on audit committee financial experts see the Proxy Statement for the Company's 2004 Annual Meeting of Stockholders, under the heading "Audit Committee", which information is incorporated herein by reference. ITEM 11. EXECUTIVE COMPENSATION See the Proxy Statement for the Company's 2004 Annual Meeting of Stockholders, under the headings "Director Compensation" and "Executive Compensation", which information is incorporated herein by reference. ITEM 12. SECURITY OWNERSHIP OF CERTAIN BENEFICIAL OWNERS AND MANAGEMENT AND RELATED STOCKHOLDER MATTERS See the Proxy Statement for the Company's 2004 Annual Meeting of Stockholders, under the headings "Security Ownership of Management and Principal Stockholders" and "Equity Compensation Plans", which information is incorporated herein by reference. ITEM 13. CERTAIN RELATIONSHIPS AND RELATED TRANSACTIONS See the Proxy Statement for the Company's 2004 Annual Meeting of Stockholders, under the heading "Certain Relationships and Related Transactions", which information is incorporated herein by reference. ITEM 14. PRINCIPAL ACCOUNTANT FEES AND SERVICES See the Proxy Statement for the Company's 2004 Annual Meeting of Stockholders, under the headings "Audit Fees", "Audit-Related Fees", "Tax Fees", "All Other Fees" and "Fee Pre-approval Policy", which information is incorporated herein by reference. 34 PART IV ITEM 15. EXHIBITS, FINANCIAL STATEMENT SCHEDULES AND REPORTS ON FORM 8-K (a) The following documents are filed as part of this report: 1. Consolidated Financial Statements. See Index to Financial Statements on page 32 2. Financial Statement Schedules See Index to Financial Statements on page 32 3. Exhibits. The exhibits to this Annual Report on Form 10-K have been included only with the copy of this Annual Report on Form 10-K filed with the Securities and Exchange Commission. Copies of individual exhibits will be furnished to stockholders upon written request to the Company and payment of a reasonable fee.
EXHIBIT NUMBER DESCRIPTION OF EXHIBIT ------- ---------------------- 2.1 -- Agreement and Plan of Merger by and among Internet Security Systems, Inc., ISS Acquisition Corp. II, Network ICE Corporation and certain selling shareholders of Network ICE Corporation (filed as Exhibit 2.1 to the Company's Quarterly Report on Form 10-Q dated May 11, 2001 and incorporated by reference herein). 3.1 -- Restated Certificate of Incorporation (filed as Exhibit 3.1 to the Company's Quarterly Report on Form 10-Q, dated November 14, 2000 and incorporated by reference herein). 3.2 -- Bylaws (filed as Exhibit 3.2 to the Company's Registration Statement on Form S-1, Registration No. 333-44529 (the "Form S-1") and incorporated by reference herein). 3.3 -- Certificate of Designations of Series A Junior Participating Preferred Stock dated July 24, 2002 facility (filed as Exhibit 3.3 to the Company's Annual Report on Form 10-K, dated March 28, 2003 and incorporated by reference herein). 4.1 -- Specimen Common Stock certificate (filed as Exhibit 4.3 to the Company's Registration Statement on Form S-8, Registration No. 333-100954, dated November 1, 2002 and incorporated by reference herein). 4.2 -- Form of Rights Certificate (filed as Exhibit 4.2 to the Company's Current Report on Form 8-K dated July 24, 2002 and incorporated by reference herein). 4.3 -- See Exhibits 3.1 and 3.2 for provisions of the Certificate of Incorporation and Bylaws of the Company defining the rights of holders of the Company's Common Stock. 4.4 -- 1999 Network ICE Stock Option Plan (filed as Exhibit 4.1 to the Company's Registration Statement on Form S-8, Registration No. 333-62658 (the "Form S-8"), filed on June 8, 2001 and incorporated by reference herein). 4.5 -- Restated 1995 Stock Incentive Plan (as amended and restated as of May 23, 2001) (filed as Exhibit 4.2 to the Form S-8 filed June 8, 2001 and incorporated by reference herein). 4.6 -- Netrex, Inc. 1998 Stock Plan (filed as Exhibit 99.15 to the Company's Registration Statement on Form S-8, Registration Statement No. 333-89563, filed October 22, 1999 and incorporated by reference herein). 4.7 -- vCIS, Inc. 2001 Stock Plan (filed as to Exhibit 4.1 to the Company's Registration Statement on Form S-8, Registration Statement No. 333-100954, filed November 1, 2002 and incorporated by reference herein). 10.1 -- Stock Exchange Agreement dated December 9, 1997 (filed as Exhibit 10.4 to the Form S-1 and incorporated by reference herein). 10.2 -- Forms of Non-Employee Director Compensation Agreement, Notice of Stock Option Grants and Stock Option Agreement (filed as Exhibit 10.6 to the Form S-1 and incorporated by reference herein). 10.3 -- Form of Indemnification Agreement for directors and certain officers (filed as Exhibit 10.8 to the Form S-1 and incorporated by reference herein).
35
EXHIBIT NUMBER DESCRIPTION OF EXHIBIT ------- ---------------------- 10.4 -- Lease for Atlanta headquarters and research and development facility (filed as Exhibit 10.10 to the Company's Annual Report on Form 10-K, dated March 30, 2000 and incorporated by reference herein). 10.5 -- Amendments to Lease for Atlanta headquarters facility (filed as Exhibit 10.5 to the Company's Annual Report on Form 10-K, dated March 28, 2003 and incorporated by reference herein). 10.6 -- Letter Agreement dated August 18, 2000 with Lawrence Costanza (filed as Exhibit 10.14 to the Company's Annual Report on Form 10-K, dated March 30, 2001 and incorporated by reference herein). 10.7 -- Rights Agreement dated July 18, 2002 with SunTrust Bank, as Rights Agent, regarding Preferred Share Purchase Rights (filed as Exhibit 4.1 to the Company's Current Report on Form 8-K dated July 24, 2002 and incorporated by reference herein). 10.8 -- Form of Retention Agreement (filed as Exhibit 10.1 to the Company's Quarterly Report on Form 10-Q filed November 5, 2003 and incorporated by reference herein). 11** -- Computation of Per Share Earnings 21.1* -- Subsidiaries of the Company. 23.1* -- Consent of Ernst & Young LLP. 24.1* -- Power of Attorney, pursuant to which amendments to this Annual Report on Form 10-K may be filed, is included on the signature page contained in Part IV of the Form 10-K. 31.1* -- Certification of principal executive officer pursuant to Section 302 of the Sarbanes-Oxley Act of 2002. 31.2* -- Certification of principal financial officer pursuant to Section 302 of the Sarbanes-Oxley Act of 2002. 32.1* -- Certification Pursuant to 18 U.S.C. Section 1350. as Adopted Pursuant to Section 906 of the Sarbanes-Oxley Act of 2002 32.2* -- Certification Pursuant to 18 U.S.C. Section 1350. as Adopted Pursuant to Section 906 of the Sarbanes-Oxley Act of 2002
--------------- * Identifies those filed with this Form 10-K. ** Data required by SFAS No. 128, "Earnings Per Share", is provided in Note 4 to the consolidated financial statements in this report. (b) Reports on Form 8-K On October 21, 2003 ISS furnished a report on Form 8-K pursuant to Item 12 thereof relating to a press release regarding its financial results for the quarter ended September 30, 2003 and providing its Business Outlook for the quarter ending December 31, 2003 and fiscal year ending December 31, 2003. 36 REPORT OF INDEPENDENT AUDITORS The Board of Directors and Stockholders Internet Security Systems, Inc. We have audited the accompanying consolidated balance sheets of Internet Security Systems, Inc. as of December 31, 2002 and 2003, and the related consolidated statements of operations, stockholders' equity, and cash flows for each of the three years in the period ended December 31, 2003. Our audits also included the financial statement schedule listed in the Index at Item 15(a). These financial statements and schedule are the responsibility of the Company's management. Our responsibility is to express an opinion on these financial statements and schedule based on our audits. We conducted our audits in accordance with auditing standards generally accepted in the United States. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. We believe that our audits provide a reasonable basis for our opinion. In our opinion, the financial statements referred to above present fairly, in all material respects, the consolidated financial position of Internet Security Systems, Inc. as of December 31, 2002 and 2003, and the consolidated results of its operations and its cash flows for each of the three years in the period ended December 31, 2003, in conformity with accounting principles generally accepted in the United States. Also, in our opinion, the related financial statement schedule, when considered in relation to the basic financial statements taken as a whole, presents fairly in all material respects the information set forth therein. As discussed in Note 1 to the consolidated financial statements, in 2002 the Company ceased amortization of goodwill in accordance with Statement of Financial Accounting Standards No. 142, Goodwill and Other Intangible Assets. /s/ Ernst & Young LLP Atlanta, Georgia February 26, 2004 37 INTERNET SECURITY SYSTEMS, INC. CONSOLIDATED BALANCE SHEETS
DECEMBER 31, --------------------------- 2002 2003 ------------ ------------ ASSETS Current assets: Cash and cash equivalents................................. $148,317,000 $184,551,000 Marketable securities..................................... 53,999,000 53,630,000 Accounts receivable, less allowance for doubtful accounts of $2,790,000 in 2002 and $2,755,000 in 2003........... 56,700,000 66,588,000 Inventory................................................. 1,055,000 750,000 Prepaid expenses and other current assets................. 7,000,000 10,732,000 ------------ ------------ Total current assets.............................. 267,071,000 316,251,000 Property and equipment: Computer equipment........................................ 38,403,000 45,261,000 Office furniture and equipment............................ 21,446,000 21,311,000 Leasehold improvements.................................... 21,183,000 21,674,000 ------------ ------------ 81,032,000 88,246,000 Less accumulated depreciation............................. 39,313,000 52,427,000 ------------ ------------ 41,719,000 35,819,000 Restricted cash and marketable securities................... 14,690,000 12,760,000 Goodwill, less accumulated amortization of $27,381,000...... 200,464,000 201,303,000 Other intangible assets, less accumulated amortization of $9,223,000 in 2002 and $13,499,000 in 2003................ 15,384,000 9,728,000 Other assets................................................ 7,240,000 5,421,000 ------------ ------------ Total assets...................................... $546,568,000 $581,282,000 ============ ============ LIABILITIES AND STOCKHOLDERS' EQUITY Current liabilities: Accounts payable.......................................... $ 1,765,000 $ 5,145,000 Accrued expenses.......................................... 22,332,000 26,092,000 Deferred revenues......................................... 55,587,000 61,129,000 ------------ ------------ Total current liabilities......................... 79,684,000 92,366,000 Other non-current liabilities............................... 2,328,000 2,573,000 Commitments and contingencies Stockholders' equity: Preferred stock; $.001 par value; 20,000,000 shares authorized, none issued or outstanding.................... -- -- Common stock; $.001 par value; 120,000,000 shares authorized, 49,544,000 and 49,841,000 shares issued in 2002 and 2003, respectively............................... 50,000 50,000 Additional paid-in capital.................................. 463,779,000 475,062,000 Deferred compensation....................................... (702,000) (92,000) Accumulated other comprehensive income...................... 949,000 7,452,000 Retained earnings........................................... 2,514,000 22,251,000 Treasury stock, at cost (133,000 and 1,310,000 shares in 2002 and 2003, respectively).............................. (2,034,000) (18,380,000) ------------ ------------ Total stockholders' equity........................ 464,556,000 486,343,000 ------------ ------------ Total liabilities and stockholders' equity........ $546,568,000 $581,282,000 ============ ============
See accompanying notes. 38 INTERNET SECURITY SYSTEMS, INC. CONSOLIDATED STATEMENTS OF OPERATIONS
YEAR ENDED DECEMBER 31, ------------------------------------------ 2001 2002 2003 ------------ ------------ ------------ Revenues: Product licenses and sales....................... $122,385,000 $121,093,000 $107,117,000 Subscriptions.................................... 66,687,000 92,945,000 112,855,000 Professional services............................ 34,487,000 29,247,000 25,809,000 ------------ ------------ ------------ 223,559,000 243,285,000 245,781,000 Costs and expenses: Cost of revenues: Product licenses and sales.................... 13,439,000 6,688,000 9,528,000 Subscriptions and professional services....... 50,708,000 51,133,000 48,686,000 ------------ ------------ ------------ Total cost of revenues........................ 64,147,000 57,821,000 58,214,000 Research and development......................... 35,413,000 35,280,000 41,843,000 Sales and marketing.............................. 92,001,000 93,679,000 87,452,000 General and administrative....................... 20,442,000 24,271,000 22,661,000 Write-off of lease obligation.................... 1,072,000 -- -- Charge for in-process research and development... 2,910,000 18,537,000 -- Amortization and write-off of other intangibles and stock-based compensation.................. 5,227,000 5,674,000 6,015,000 Amortization of goodwill......................... 26,505,000 -- -- ------------ ------------ ------------ 247,717,000 235,262,000 216,185,000 ------------ ------------ ------------ Operating income (loss)............................ (24,158,000) 8,023,000 29,596,000 Interest income.................................... 6,250,000 3,242,000 2,683,000 Minority interest.................................. (336,000) (187,000) (157,000) Other income (expense), net........................ 15,132,000 3,859,000 (1,967,000) Foreign currency exchange gain (loss).............. 175,000 (82,000) 813,000 ------------ ------------ ------------ Income (loss) before income taxes.................. (2,937,000) 14,855,000 30,968,000 Provision for income taxes......................... 12,521,000 13,076,000 11,231,000 ------------ ------------ ------------ Net income (loss).................................. $(15,458,000) $ 1,779,000 $ 19,737,000 ============ ============ ============ Basic net income (loss) per share of Common Stock............................................ $ (0.34) $ 0.04 $ 0.40 ============ ============ ============ Diluted net income (loss) per share of Common Stock............................................ $ (0.34) $ 0.04 $ 0.39 ============ ============ ============ Weighted average shares: Basic............................................ 45,649,000 48,456,000 49,155,000 ============ ============ ============ Diluted.......................................... 45,649,000 49,158,000 50,018,000 ============ ============ ============
See accompanying notes. 39 INTERNET SECURITY SYSTEMS, INC. CONSOLIDATED STATEMENTS OF STOCKHOLDERS' EQUITY
RETAINED COMMON STOCK ADDITIONAL COMPREHENSIVE EARNINGS -------------------- PAID-IN DEFERRED INCOME (ACCUMULATED SHARES AMOUNT CAPITAL COMPENSATION (LOSS) DEFICIT) ---------- ------- ------------ ------------ ------------- ------------ Balance at December 31, 2000....... 42,415,000 42,000 172,985,000 (86,000) (745,000) 16,193,000 Comprehensive income (loss): Net loss........................ (15,458,000) Translation adjustment.......... (1,567,000) Issuance of Common Stock: Exercise of stock options....... 1,108,000 2,000 14,012,000 Employee stock purchase plan.... 75,000 2,267,000 Acquisition..................... 4,311,000 4,000 227,815,000 (6,231,000) Amortization of deferred compensation.................... 2,169,000 Adjustment to deferred compensation and repurchase of unvested shares from terminated employees....................... (38,000) (2,208,000) 2,163,000 Tax benefit related to employee options......................... 15,578,000 ---------- ------- ------------ ----------- ----------- ------------ Balance at December 31, 2001....... 47,871,000 48,000 430,449,000 (1,985,000) (2,312,000) 735,000 Comprehensive income: Net income...................... 1,779,000 Translation adjustment.......... 3,261,000 Issuance of Common Stock: Exercise of stock options....... 586,000 1,000 3,696,000 Employee stock purchase plan.... 126,000 2,095,000 Acquisition..................... 966,000 1,000 16,857,000 (153,000) Amortization of deferred compensation.................... 1,094,000 Adjustment to deferred compensation and repurchase of unvested shares from terminated employees....................... (5,000) (352,000) 342,000 Tax benefit related to employee options......................... 11,034,000 Purchases of treasury stock (133,000 shares)................ ---------- ------- ------------ ----------- ----------- ------------ Balance at December 31, 2002....... 49,544,000 50,000 463,779,000 (702,000) 949,000 2,514,000 Comprehensive income: Net income...................... 19,737,000 Translation adjustment.......... 6,503,000 Issuance of Common Stock: Exercise of stock options....... 133,000 1,011,000 Employee stock purchase plan.... 152,000 1,609,000 Amortization of deferred compensation.................... 359,000 Restricted stock awards........... 13,000 213,000 Deferred acquisition payment...... 625,000 Adjustment to deferred compensation and repurchase of unvested shares from terminated employees....................... (1,000) (252,000) 251,000 Tax benefit related to employee options......................... 8,077,000 Purchases of treasury stock (1,177,000 shares).............. ---------- ------- ------------ ----------- ----------- ------------ Balance at December 31, 2003....... 49,841,000 $50,000 $475,062,000 $ (92,000) $ 7,452,000 $22,251,000 ========== ======= ============ =========== =========== ============ COMPREHENSIVE TOTAL TREASURY INCOME STOCKHOLDERS' STOCK (LOSS) EQUITY ------------ ------------- ------------- Balance at December 31, 2000....... -- 188,389,000 Comprehensive income (loss): Net loss........................ $(15,458,000) (15,458,000) Translation adjustment.......... (1,567,000) (1,567,000) ------------ $(17,025,000) ============ Issuance of Common Stock: Exercise of stock options....... 14,014,000 Employee stock purchase plan.... 2,267,000 Acquisition..................... 221,588,000 Amortization of deferred compensation.................... 2,169,000 Adjustment to deferred compensation and repurchase of unvested shares from terminated employees....................... (45,000) Tax benefit related to employee options......................... 15,578,000 ------------ ------------ Balance at December 31, 2001....... -- 426,935,000 Comprehensive income: Net income...................... $ 1,779,000 1,779,000 Translation adjustment.......... 3,261,000 3,261,000 ------------ $ 5,040,000 ============ Issuance of Common Stock: Exercise of stock options....... 3,697,000 Employee stock purchase plan.... 2,095,000 Acquisition..................... 16,705,000 Amortization of deferred compensation.................... 1,094,000 Adjustment to deferred compensation and repurchase of unvested shares from terminated employees....................... (10,000) Tax benefit related to employee options......................... 11,034,000 Purchases of treasury stock (133,000 shares)................ (2,034,000) (2,034,000) ------------ ------------ Balance at December 31, 2002....... (2,034,000) 464,556,000 Comprehensive income: Net income...................... $ 19,737,000 19,737,000 Translation adjustment.......... 6,503,000 6,503,000 ------------ $ 26,240,000 ============ Issuance of Common Stock: Exercise of stock options....... 1,011,000 Employee stock purchase plan.... 1,609,000 Amortization of deferred compensation.................... 359,000 Restricted stock awards........... 213,000 Deferred acquisition payment...... 625,000 Adjustment to deferred compensation and repurchase of unvested shares from terminated employees....................... (1,000) Tax benefit related to employee options......................... 8,077,000 Purchases of treasury stock (1,177,000 shares).............. (16,346,000) (16,346,000) ------------ ------------ Balance at December 31, 2003....... $(18,380,000) $486,343,000 ============ ============
See accompanying notes. 40 INTERNET SECURITY SYSTEMS, INC. CONSOLIDATED STATEMENTS OF CASH FLOWS
YEAR ENDED DECEMBER 31, ------------------------------------------- 2001 2002 2003 ------------- ------------ ------------ OPERATING ACTIVITIES Net income (loss)........................................... $ (15,458,000) $ 1,779,000 $ 19,737,000 Adjustments to reconcile net income (loss) to net cash provided by operating activities: Depreciation.............................................. 11,302,000 14,019,000 13,114,000 Amortization of goodwill.................................. 26,505,000 -- -- Amortization and write-off of intangibles and stock based compensation............................................ 5,227,000 5,674,000 6,015,000 Accretion of discount on marketable securities............ 355,000 204,000 276,000 Amortization of restricted stock awards................... -- -- 124,000 Minority interest......................................... 336,000 187,000 157,000 Charge for in-process research and development............ 2,910,000 18,537,000 -- Other non-cash expense.................................... 86,000 -- -- Income tax benefit from exercise of stock options......... 8,159,000 10,581,000 8,077,000 Impairment of investment.................................. -- -- 2,230,000 Gain on issuance of subsidiary stock...................... (15,252,000) (2,560,000) (249,000) Changes in assets and liabilities, excluding the effects of acquisitions: Accounts receivable..................................... 9,346,000 (5,164,000) (9,888,000) Inventory............................................... 507,000 713,000 305,000 Prepaid expenses and other assets....................... (3,015,000) (2,008,000) (3,863,000) Accounts payable and accrued expenses................... 443,000 (2,031,000) 7,100,000 Deferred revenues....................................... 7,903,000 8,975,000 5,542,000 ------------- ------------ ------------ Net cash provided by operating activities.......... 39,354,000 48,906,000 48,677,000 ------------- ------------ ------------ INVESTING ACTIVITIES Acquisitions, net of cash received.......................... (7,495,000) (3,461,000) -- Purchases of marketable securities.......................... (116,843,000) (81,115,000) (76,493,000) Net proceeds from maturity of marketable securities......... 127,297,000 82,041,000 76,587,000 (Additions to) release of restricted cash and marketable securities................................................ -- (2,190,000) 1,930,000 Purchases of property and equipment......................... (31,682,000) (10,911,000) (7,212,000) Net proceeds from issuance of subsidiary stock.............. 16,529,000 -- 376,000 ------------- ------------ ------------ Net cash used in investing activities.............. (12,194,000) (15,636,000) (4,812,000) ------------- ------------ ------------ FINANCING ACTIVITIES Proceeds from exercise of stock options..................... 14,013,000 3,697,000 1,011,000 Proceeds from employee stock purchase plan.................. 2,267,000 2,095,000 1,609,000 Repurchase of unvested stock................................ (45,000) (10,000) (3,000) Purchases of treasury stock................................. -- (2,034,000) (16,346,000) ------------- ------------ ------------ Net cash provided by (used in) financing activities... 16,235,000 3,748,000 (13,729,000) ------------- ------------ ------------ Foreign currency impact on cash............................. (1,567,000) 3,261,000 6,098,000 ------------- ------------ ------------ Net increase in cash and cash equivalents................... 41,828,000 40,279,000 36,234,000 Cash and cash equivalents at beginning of year.............. 66,210,000 108,038,000 148,317,000 ------------- ------------ ------------ Cash and cash equivalents at end of year.................... $ 108,038,000 $148,317,000 $184,551,000 ============= ============ ============ SUPPLEMENTAL CASH FLOW DISCLOSURE Income taxes paid........................................... $ 2,273,000 $ 4,040,000 $ 2,041,000 ============= ============ ============
See accompanying notes. 41 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS DECEMBER 31, 2003 1. SIGNIFICANT ACCOUNTING POLICIES DESCRIPTION OF BUSINESS The business of Internet Security Systems, Inc. and its subsidiaries ("ISS") is focused on protecting gateways, networks, servers and desktops against an ever-changing spectrum of threats, with a comprehensive line of products and services designed specifically for the particular needs of enterprise, service provider, risk management, small business and consumer markets. PRINCIPLES OF CONSOLIDATION The consolidated financial statements include the accounts of Internet Security Systems, Inc. and its majority-owned subsidiaries. All significant intercompany and investment accounts and transactions have been eliminated in consolidation. Certain prior year amounts have been reclassified to conform to current year presentation. ISS's shares are traded on the NASDAQ National Market under the ticker symbol "ISSX". In addition, ISS has various other subsidiaries in the Americas, Europe and the Asia/Pacific regions with primary marketing and sales responsibilities for ISS's products and services in their respective markets. ISS is organized as, and operates in, a single business segment that provides products, technical support, managed security services, professional security services and education services as components of providing security management solutions. ISS is organized around geographic areas: the Americas (United States, Canada, South America and Latin America), EMEA (Europe, Middle East and Africa) and Asia/Pacific. These geographic areas represent ISS' three reportable segments (see Note 11). FOREIGN CURRENCY TRANSLATIONS The functional currency of ISS' foreign subsidiaries is the local currency. Assets and liabilities denominated in foreign currencies are translated using the exchange rate on the balance sheet dates. The translation adjustments resulting from this process are shown separately as a component of stockholders' equity. Revenues and expenses are translated using average exchange rates for the period. Transaction gains and losses are included in the results of operations. USE OF ESTIMATES The preparation of financial statements in conformity with accounting principles generally accepted in the United States requires management to make estimates and assumptions that affect the amounts reported in the financial statements and accompanying notes. Actual results may differ from those estimates, and such differences may be material to the consolidated financial statements. REVENUE RECOGNITION Revenue is recognized under Statement of Position ("SOP") 97-2, Software Revenue Recognition, as modified by SOP 98-9, Software Revenue Recognition with Respect to Certain Transactions, when the following criteria have been met: - persuasive evidence of an arrangement exists; - delivery has occurred or services have been rendered; - price is fixed or determinable; and - collection is probable. 42 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 1. SIGNIFICANT ACCOUNTING POLICIES -- (CONTINUED) Product licenses and sales include revenue from sales of perpetual software licenses and products. We recognize perpetual software license revenues upon (1) delivery of software or, if the customer has evaluation software, delivery of the software key and (2) issuance of the related license, assuming that no significant vendor obligations or customer acceptance rights exist. Where payment terms are extended over periods greater than 12 months, revenue is recognized as such amounts become due and payable. Product sales consist primarily of appliances sold in conjunction with ISS licensed software. These sales are recognized upon shipment to the customer provided all other revenue recognition criteria are met. Sales of enterprise products are generated both through direct sales to end-users as well as through various partners, including system integrators, value-added resellers and distributors. License revenue is recognized when the sale has occurred for an identified end user through electronic delivery of a software key that is necessary to operate the product, provided all other revenue recognition criteria are met. At the point of key delivery, the end-user has no right of return. Subscription revenues include product support and content updates, term licenses, and managed service arrangements. Renewable product support and content update is a separate component of each perpetual license agreement and appliance sold in conjunction with ISS products. Term licenses allow customers to use our products and receive product support coverage and content updates for a specified period, generally 12 months. We generally invoice for product support, content updates and term licenses at the beginning of the term and recognize revenue ratably over the subscription term. Security monitoring and management services of information assets and systems are part of managed services and associated revenues are recognized and billed as such services are provided. Historically, our appliance and software sales have been accounted for primarily as revenue at the time of sale, with product support and content updates generally representing between 20% and 30% of the upfront revenue amount. With the introduction of the multi-function appliance, we expect to significantly alter this ratio, as the majority of the initial price paid by the customer will be for content provided for a specified term. This will results in the subscription component being recorded in deferred revenues and recognized over the term as subscription revenue. Professional services revenues include fee-based service engagements and training. Service engagements, typically billed on either a fixed fee or time-and-materials basis, primarily focus on security assessments of customer networks and the development of customers' security policies. We have these offerings to support our primary goal of providing products and managed services, desiring to have such services provided by our partners where practical. We recognize such professional services revenues as the related services are rendered. Multiple element arrangements can include any combination of our products or services. When some elements are delivered prior to others in an arrangement, all revenue is deferred until the delivery of the last element unless there is all of the following: - vendor specific objective evidence (VSOE) of fair value of the undelivered elements; - the functionality of the delivered elements is not dependent on the undelivered elements; and - delivery of the delivered elements represents the culmination of the earnings process. When these criteria have been met, we allocate revenue to the delivered software product using the residual method. Under the residual method, we allocate discounts inherent in the arrangement entirely to the product that is initially delivered and recognize the other elements as they are delivered based on the vendor specific objective evidence, which is typically determined by the Company selling those elements separately. 43 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 1. SIGNIFICANT ACCOUNTING POLICIES -- (CONTINUED) COST OF REVENUES Cost of revenues includes the cost of product licenses and sales and the cost of subscriptions and professional services. Cost of product licenses and sales includes the costs associated with licensing software and the hardware cost associated with appliances. These costs are incurred upon recognition of the associated product revenues. Cost of subscriptions and professional services includes the cost of the technical support group that provides assistance to customers with product support agreements, the operations center costs of providing managed services and the costs related to the professional services and training staff. CASH AND CASH EQUIVALENTS Cash equivalents include all highly liquid investments with original maturities of three months or less when purchased. Such amounts are stated at cost, which approximates market value. MARKETABLE SECURITIES Marketable securities consist of debt instruments of U.S. government agencies and corporate commercial paper. All such marketable securities have a maturity of less than twelve months. These investments are classified as available-for-sale and reported at fair market value. The amortized cost of securities classified as available-for-sale is adjusted for amortization of premiums and accretion of discounts to maturity. Such amortization is included in interest income. Unrealized gains and losses on available-for-sale securities were immaterial for 2002 and 2003. Realized gains and losses, and declines in value judged to be other-than-temporary are included in net securities gains (losses) and are included in results of operations. Interest on securities classified as available-for-sale is included in interest income (see Note 3). CONCENTRATIONS OF CREDIT AND SUPPLIER RISK Product revenues are concentrated in the software industry, which is highly competitive and rapidly changing. Significant technological changes in the industry or customer requirements, or the emergence of competitive products with new technologies or capabilities could adversely affect operating results. In addition, fluctuations of the U.S. dollar against foreign currencies or changes in local regulatory or economic conditions could adversely affect operating results. We carry little inventory of our appliance products and we rely on suppliers to deliver necessary components to our contract manufacturers in a timely manner based on the forecasts we provide. We currently purchase some Proventia appliance components and contract manufacturing services from single or limited sources. Financial instruments that potentially subject ISS to significant concentrations of credit risk consist principally of cash and cash equivalents, marketable securities and accounts receivable. ISS maintains cash and cash equivalents in short-term money market accounts with financial institutions and in short-term, investment grade commercial paper. Marketable securities consist of United States government agency securities and investment grade commercial paper. ISS's sales are global, primarily to companies located in the Americas, Europe, and the Asia/Pacific regions. ISS performs periodic credit evaluations of its customer's financial condition and does not require collateral. Accounts receivable are due principally from large U.S. companies under stated contract terms. ISS also has receivables from its European and Asia/Pacific operations, which are principally from its partners in such regions. This includes various markets such as China and Korea where difficulties associated with doing business exposes the Company to associated credit risk. ISS provides for estimated credit losses as such losses become probable. In January 2004, a new distributor for China assumed the rights and the obligations 44 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 1. SIGNIFICANT ACCOUNTING POLICIES -- (CONTINUED) of a distribution agreement for ISS products from a previous distributor. In connection with this agreement, we modified the old distributor's obligations, which resulted in an additional $200,000 of bad debt expense recorded in the fourth quarter and the write off of $1.1 million against the allowance account. We have a firm repayment schedule with the new distributor and the Company believes the remaining receivables balance of $2.4 million at January 31, 2004 is collectible. FAIR VALUE OF FINANCIAL INSTRUMENTS The carrying amounts reported in the balance sheets for cash and cash equivalents, marketable securities, accounts receivable and accounts payable approximate their fair values. PROPERTY AND EQUIPMENT Property and equipment are stated at cost less accumulated depreciation. Depreciation is computed using the straight-line method for financial reporting purposes on the basis of the following estimated useful lives: three years for computer equipment, five to seven years for office furniture and equipment and over the shorter of the estimated useful life or the term of the lease for leasehold improvements. INVENTORY Inventory consists of finished goods purchased for resale and is recorded at the lower of cost or market. Cost is determined using the first-in, first-out (FIFO) method. PREPAIDS AND OTHER CURRENT ASSETS Prepaids and other current assets consist of invoices that have been paid previous to the service being provided. These are then expensed over the period of service indicated. Included in this balance at December 31, 2003 is a $1,000,000 advance related to a license of source code completed in January 2004. GOODWILL AND INTANGIBLES Goodwill represents the excess acquisition cost over the fair value of net assets acquired. On January 1, 2002, ISS adopted SFAS No. 142, Goodwill and Other Intangible Assets ("SFAS 142"). Under this statement, goodwill is no longer amortized but is subject to annual impairment tests (or more frequent tests if impairment indicators arise). The Company performed impairment tests of goodwill as required, evaluating recoverability based on a combination of forecasted discounted cash flows and stock market valuation. Goodwill was determined not to be impaired in 2003 based on such tests. Prior to the adoption of SFAS 142, the Company amortized the Network ICE goodwill over five years and other goodwill over periods ranging from 2 to 10 years. 45 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 1. SIGNIFICANT ACCOUNTING POLICIES -- (CONTINUED) Goodwill and intangible assets are comprised of the following, as of the dates indicated:
DECEMBER 31, --------------------------------------------------------- 2002 2003 --------------------------- --------------------------- GROSS GROSS CARRYING ACCUMULATED CARRYING ACCUMULATED AMOUNT AMORTIZATION AMOUNT AMORTIZATION ------------ ------------ ------------ ------------ Goodwill..................... $227,845,000 $(27,381,000) $228,684,000 $(27,381,000) ============ ============ ============ ============ Amortized intangible assets: Core technology............ $ 3,853,000 $ (2,039,000) $ 3,853,000 $ (2,521,000) Developed technology....... 17,808,000 (5,654,000) 17,808,000 (9,576,000) Work force................. 1,380,000 (216,000) -- -- Customer relationships..... 1,566,000 (1,314,000) 1,566,000 (1,402,000) ------------ ------------ ------------ ------------ Total.............. $ 24,607,000 $ (9,223,000) $ 23,227,000 $(13,499,000) ============ ============ ============ ============
The change in the carrying amount of goodwill from December 31, 2002 to December 31, 2003 was the result of currency translation adjustments. Adoption of the non-amortization provisions of SFAS 142 as of January 1, 2001 would have decreased the net loss for the year ended December 31, 2001 by $26.5 million, resulting in earnings per diluted share of $0.24. The Company amortizes intangible assets over their estimated useful lives of eight years for core technology, five years for developed technology, three to six years for work force and three years for customer relationships. Amortization expense of intangible assets is as follows:
YEAR ENDED DECEMBER 31, ----------------------- 2002 2003 ---------- ---------- Core technology............................................. $ 482,000 $ 482,000 Developed technology........................................ 3,167,000 3,922,000 Work force.................................................. 100,000 426,000 Customer relationships...................................... 830,000 88,000 ---------- ---------- Total............................................. $4,579,000 $4,918,000 ========== ==========
As part of the closing of the UK and Sydney research and development facilities as described in Note 13, the Company wrote-off the unamortized balances in the related work force intangibles totaling $738,000. The estimated future amortization expense of intangible assets as of December 31, 2003 is as follows:
AMOUNT ---------- Fiscal year: 2004...................................................... $4,043,000 2005...................................................... 3,897,000 2006...................................................... 1,788,000 ---------- Total............................................. $9,728,000 ==========
Long-lived assets include property and equipment, other intangibles, and other assets. In accordance with SFAS No. 144 "Accounting for the Impairment or Disposal of Long-Lived Assets" ("SFAS 144"), the Company regularly evaluates whether events and circumstances have occurred which indicate that the 46 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 1. SIGNIFICANT ACCOUNTING POLICIES -- (CONTINUED) carrying amount of long-lived assets may warrant revision or may not be recoverable. When factors indicate that long-lived assets should be evaluated for possible impairment, the Company uses an estimate of the future undiscounted net cash flows of the related business over the remaining life of the asset in measuring whether the carrying amount of the related asset is recoverable. To the extent these projections indicate that future undiscounted net cash flows are not sufficient to recover the carrying amounts of the related assets, the underlying assets are written down by charges to the expense so the carrying amount is equal to fair value, primarily determined based on future discounted cash flows. In the opinion of management, the Company's long-lived assets are appropriately valued at December 31, 2003 and 2002. RESEARCH AND DEVELOPMENT COSTS Research and development costs are charged to expense as incurred. ISS has not capitalized any such development costs under Statement of Financial Accounting Standards ("SFAS") No. 86, Accounting for the Costs of Computer Software to Be Sold, Leased, or Otherwise Marketed, because the costs incurred between the attainment of technological feasibility for the related software product through the date when the product is available for general release to customers has been insignificant. ADVERTISING COSTS ISS incurred advertising costs of $2,636,000 in 2001, $6,265,000 in 2002 and $3,477,000 in 2003, which are expensed as incurred and are included in sales and marketing expense in the statements of operations. STOCK-BASED COMPENSATION Statement of Financial Accounting Standard 123, Accounting for Stock-Based Compensation ("SFAS 123"), as amended by SFAS 148, Accounting for Stock-Based Compensation -- Transition and Disclosure, establishes accounting and reporting standards for stock-based employee compensation plans. As permitted by SFAS 123, ISS continues to account for stock-based compensation in accordance with Accounting Principles Board Opinion No. 25, Accounting for Stock Issued to Employees ("APB 25"), and has elected the pro forma disclosure alternative of SFAS 123. 47 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 1. SIGNIFICANT ACCOUNTING POLICIES -- (CONTINUED) Although SFAS 123 allows the Company to continue to follow APB 25 guidelines, the following is pro forma net loss and pro forma net loss per share for the periods indicated as if the Company had adopted SFAS 123. The following table illustrates the effect on net income per share if the provisions of SFAS 123 had been applied. The pro forma impact of applying SFAS 123 as illustrated below will not necessarily be representative of the pro forma impact in future years. Pro forma information is as follows:
YEARS ENDED DECEMBER 31, ------------------------------------------ 2001 2002 2003 ------------ ------------ ------------ Net income (loss), as reported............ $(15,458,000) $ 1,779,000 $ 19,737,000 Pro forma stock compensation expense computed under the fair value method, net of income taxes..................... (27,975,000) (28,589,000) (28,099,000) ------------ ------------ ------------ Pro forma net loss........................ $(43,433,000) $(26,810,000) $ (8,362,000) ============ ============ ============ Basic net income (loss) per share of Common Stock, as reported............... $ (0.34) $ 0.04 $ 0.40 ============ ============ ============ Diluted net income (loss) per share of Common Stock, as reported............... $ (0.34) $ 0.04 $ 0.39 ============ ============ ============ Pro forma basic and diluted net loss per share of Common Stock................... $ (0.95) $ (0.55) $ (0.17) ============ ============ ============
Inputs used for the fair value method for our employee stock options are as follows:
YEARS ENDED DECEMBER 31, -------------------------- 2001 2002 2003 ------- ------- ------ Volatility.................................................. 128% 122% 75% Weighted-average expected lives (in years).................. 5 5 5 Expected dividend yields.................................... -- -- -- Weighted-average risk-free interest rates................... 4.51% 4.20% 2.54% Weighted-average fair value per share of options granted.... $27.76 $21.56 $6.90
The Black-Scholes option valuation model was developed for use in estimating the fair value of traded options that have no vesting restrictions and are fully transferable. In addition, option valuation models require the input of highly subjective assumptions including the expected stock price volatility. When necessary, volatility is adjusted to reflect the expected volatility over the expected life of the options. Because employee stock options have characteristics different from those of traded options, and because the changes in the subjective input assumptions can materially affect the fair value estimate, management believes that the existing models do not necessarily provide a reliable single measure of the fair value of its employee stock options. In 2003, 13,000 restricted shares were issued to the non-employee directors. The fair value of the shares at the date of grant is recognized as compensation expense ratably over the vesting period, which amounted to $124,000 of compensation expense in 2003. ACCOUNTING FOR ISSUANCES OF STOCK BY A SUBSIDIARY When one of the Company's subsidiaries issues shares of its stock at an amount different than the Company's carrying value for the subsidiary's stock, the Company records the difference as a gain or loss in the consolidated statements of operations, in accordance with SEC Staff Accounting Bulletin No. 51, if the 48 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 1. SIGNIFICANT ACCOUNTING POLICIES -- (CONTINUED) transaction meets the following conditions: (1) the sale of such shares is not a part of a broader corporate reorganization contemplated or planned by the Company; (2) the Company does not intend to spin-off the related subsidiary to stockholders; (3) reacquisition of shares is not contemplated at the time of issuance; and (4) the subsidiary is not a newly-formed, non-operating entity, a research and development start-up or development stage entity, or an entity whose ability to continue in existence is in question. The Company accounts for sales that do not meet these criteria as capital transactions. ACCUMULATED OTHER COMPREHENSIVE INCOME Accumulated other comprehensive income at December 31, 2003, 2002 and 2001 consists of the cumulative foreign currency translation adjustment. INCOME (LOSS) PER SHARE Basic net income (loss) per share was computed by dividing net income (loss) by the weighted average number of shares outstanding of Common Stock. Diluted net income per share was computed by dividing net income by the weighted average shares outstanding including common equivalents (when dilutive) (see Note 10). RECENTLY ISSUED ACCOUNTING STANDARDS In July 2002, the Financial Accounting Standards Board ("FASB") issued Statement of Financial Accounting Standard No. 146, Accounting for Costs Associated with Exit or Disposal Activities ("SFAS 146"). SFAS 146 addresses financial accounting and reporting for costs associated with exit or disposal activities and nullifies Emerging Issues Task Force ("EITF") Issue No. 94-3, Liability Recognition for Certain Employee Termination Benefits and Other Costs to Exit an Activity (including Certain Costs Incurred in a Restructuring). The provisions of SFAS 146 are effective for exit or disposal activities that are initiated after December 31, 2002, with early application encouraged. The Company adopted SFAS 146 for exit activities initiated after December 31, 2002 (see Note 13). In November 2002, the EITF of the FASB issued EITF 00-21, Revenue Arrangements with Multiple Deliverables, which addresses certain aspects of the accounting for arrangements that involve the delivery or performance of multiple products, services and/or rights to use assets. Under EITF 00-21, revenue arrangements with multiple deliverables should be divided into separate units of accounting if the deliverables meet certain criteria, including whether the fair value of the delivered items can be determined and whether there is evidence of fair value of the undelivered items. In addition, the consideration should be allocated among the separate units of accounting based on their fair values, and the applicable revenue recognition criteria should be considered separately for each of the separate units of accounting. The Company adopted the provisions of EITF 00-21 for all revenue arrangements entered into after June 30, 2003. The adoption of EITF No. 00-21 did not have an impact on the Company's financial position, results of operations or liquidity. In November 2002, the FASB issued Financial Interpretation No. 45, Guarantor's Accounting and Disclosure Requirements for Guarantees, Including Indirect Guarantees of Indebtedness of Others ("FIN 45"), which is an interpretation of SFAS Nos. 5, 57, and 107 and rescission of FASB Interpretation No. 34. FIN 45 requires that a guarantor recognize, at the inception of a guarantee, a liability for the fair value of the obligation undertaken by issuing the guarantee. FIN 45 also requires additional disclosures to be made by a guarantor in its interim and annual financial statements about its obligations under certain guarantees it has issued. The accounting requirements for the initial recognition of guarantees are applicable on a 49 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 1. SIGNIFICANT ACCOUNTING POLICIES -- (CONTINUED) prospective basis for guarantees issued or modified after December 31, 2002. The following is a summary of agreements that are determined to be within the scope of FIN 45: (1) Our sales agreements with customers generally contain infringement indemnity provisions. Under these agreements, we agree to indemnify, defend and hold harmless the customer in connection with patent, copyright or trade secret infringement claims made by third parties with respect to the customer's authorized use of our products and services. The indemnity provisions generally provide for our control of defense and settlement and cover costs and damages finally awarded against the customer, as well as our modification of the product so it is no longer infringing or, if it cannot be corrected, return of the product for a partial refund that reflects the reasonable value of prior use. Our sales agreements with customers sometimes also contain indemnity provisions for death, personal injury or property damage caused by our personnel or contractors in the course of performing services to customers. Under these agreements, we agree to indemnify, defend and hold harmless the customer in connection with death, personal injury and property damage claims made by third parties with respect to actions of our personnel or contractors. The indemnity provisions generally provide for our control of defense and settlement and cover costs and damages finally awarded against the customer. The indemnity obligations contained in sales agreements generally have no specified expiration date and no specified monetary limitation on the amount of award covered. We have not previously incurred costs to settle claims or pay awards under these indemnification obligations. As a result, we believe the estimated fair value of these obligations is nominal. Accordingly, we have no liabilities recorded for these agreements as of December 31, 2003. (2) We warrant that our software products will perform in all material respects in accordance with our standard published specifications in effect at the time of delivery of the licensed products to the customer for ninety days. We also warrant that for one year after shipment, all hardware will be free from defects in materials and workmanship under normal authorized use, consistent with the instructions contained in the product documentation. Additionally, we warrant that our services will be performed consistent with generally accepted industry standards or specific service levels through completion of the agreed upon services. If necessary, we would provide for the estimated cost of product and service warranties based on specific warranty claims and claim history, however, we have not incurred significant recurring expense under our product or service warranties and hardware warranties are covered by the manufacturer warranties. As a result, we believe the estimated fair value of these agreements is nominal. Accordingly, we have no liabilities recorded for these agreements as of December 31, 2003. (3) Payments for certain operating leases for our office space are secured by collateralized standby letters of credit totaling $10.3 million at December 31, 2003. These standby letters of credit guarantee payments on certain lease obligations and are renewed annually unless cancelled by either party. The lease obligations have terms that expire at various dates through 2013. The beneficiary of the standby letters of credit can draw on the letters of credit if we default on the related lease obligation. Each standby letter of credit is collateralized by securities. At December 31, 2003, $12.8 million of commercial paper investments are pledged as collateral and are shown on the balance sheet as restricted cash and marketable securities. In December 2003, the FASB issued FIN 46 (revised 2003), Consolidation of Variable Interest Entities, an Interpretation of Accounting Research Bulletin No. 51, ("FIN 46"). FIN 46 requires the consolidation of variable interest entities in which an enterprise absorbs a majority of the entity's expected losses, receives a majority of the entity's expected residual returns, or both, as a result of ownership, contractual or other financial interests in the entity. The FASB has deferred the effective date for applying the provisions of Interpretation No. 46 for interests in certain variable interest entities or potential variable interest entities 50 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 1. SIGNIFICANT ACCOUNTING POLICIES -- (CONTINUED) created before February 1, 2003 until the end of the first interim period ending after March 15, 2004. We are still assessing the impact of Interpretation No. 46 on arrangements that we have with certain entities. 2. BUSINESS COMBINATIONS AND ASSET ACQUISITIONS On October 30, 2002, ISS acquired 100% of the outstanding stock of vCIS, Inc., a privately held corporation based in Santa Clara, California. vCIS was a development-stage company focused on the development of software designed to enhance the security of a computing environment by detecting and defeating malicious code, including viruses, worms and trojans, in real-time using behavior analysis technology. ISS issued approximately 966,000 shares of ISS Common Stock for all of the outstanding vCIS stock and assumed all of the outstanding vCIS stock options resulting in approximately 35,000 additional ISS shares being reserved for outstanding grants under the vCIS stock option plan. In addition, ISS made a series of cash investments in vCIS prior to the date of merger totaling $1,945,000. The investments were in the form of a convertible line of credit note that allowed ISS to convert the balance due to equity in vCIS at a rate consistent with the lowest price offered to other investors in any new equity financing offered by vCIS. The combined fair value of common stock issued, options assumed, cash investments and acquisition costs, consisting of approximately $800,000 of legal and accounting fees, was approximately $19.6 million. The fair value of common stock issued was determined based on the average closing price of ISS stock on August 23, 2002 and the two trading days before and after this date. The merger was accounted for as a purchase and, accordingly, the operating results of vCIS are included in the consolidated financial statements of ISS from the date of acquisition. The aggregate purchase price was allocated based on a valuation of the vCIS assets, intangibles and in-process research and development. The vCIS acquisition did not meet the definition of a business under EITF 98-3, Determining Whether a Nonmonetary Transaction Involves Receipt of Productive Assets or of a Business. As required by paragraph 9 of SFAS 142, the excess purchase price was allocated to the assets acquired in proportion to their relative values. The final allocation was as follows: Net liabilities of vCIS..................................... $ (100,000) In-process research and development......................... 18,500,000 Assembled workforce......................................... 1,200,000 ----------- $19,600,000 ===========
The tangible assets of vCIS acquired in the merger consisted primarily of cash and fixed assets. The liabilities of vCIS assumed in the merger consisted primarily of accounts payable and accrued expenses. In-process research and development valued at approximately $18.5 million had not reached technological feasibility based on identifiable risk factors, which indicated that even though successful completion was expected, it was not assured as of the acquisition date and was immediately charged to operations. Accordingly, under current accounting standards, such amount was expensed. In August 2002, Internet Security Systems KK ("ISS KK") acquired privately held TriSecurity Holdings Pte Ltd. ("TriSecurity"), a primary ISS KK distributor in Singapore. In exchange for all of the outstanding shares of TriSecurity, ISS KK issued approximately 1,000 shares of ISS KK stock and paid approximately $1.2 million of cash. Goodwill of approximately $4.0 million related to the purchase was recorded. The operating results of ISS include the operating results of TriSecurity Holdings Pte Ltd. since the date of acquisition. During the first quarter of 2003, ISS KK amended the agreement and agreed to make payment of 245 shares of ISS KK in each of the first quarters of 2004 and 2005, relating to annual contingent consideration payments defined in the 2002 purchase agreement. The additional consideration of $626,000, based on current fair market value of the shares, was recorded as additional goodwill and additional paid-in- 51 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 2. BUSINESS COMBINATIONS AND ASSET ACQUISITIONS -- (CONTINUED) capital at such time. When such shares are actually issued, a gain or loss will be recognized to the extent of any difference between the $626,000 fair value of the shares to be issued and the book value of those shares. In June 2001, ISS acquired 100% of the outstanding stock of Network ICE Corporation, a privately held corporation based in San Mateo, California ("Network ICE"). Network ICE is a leading developer of desktop intrusion protection technology and highly scalable security management systems. ISS issued approximately 4,311,000 shares of ISS common stock for all of the outstanding Network ICE common stock and assumed all of the outstanding Network ICE stock options resulting in approximately 289,000 additional ISS shares being reserved for outstanding grants under the Network ICE Stock Plan. The combined fair value of common stock issued, options assumed and acquisition costs was approximately $237.6 million based on the average closing price of our common stock on the merger agreement date of April 30, 2001 and the two days before and after April 30, 2001. Acquisition costs of approximately $8.0 million consisted primarily of financial advisory, legal and accounting fees. The Company adopted a plan to restructure Network ICE whereby 46 Network ICE employees were terminated over a six-month period following the acquisition. As a result, $1.8 million of severance costs were included in the acquisition costs for severance related to these terminations. At December 31, 2001, all such terminations and related severance payments had been completed. The merger was accounted for as a purchase and, accordingly, the operating results of Network ICE are included in the consolidated financial statements of ISS from the date of acquisition. The adjusted aggregate purchase price was allocated based on a valuation report of the Network ICE intangibles and in-process research and development was as follows: Net tangible liabilities of Network ICE..................... $ (4,020,000) In-process research and development......................... 2,910,000 Customer relationships...................................... 2,490,000 Technology.................................................. 17,030,000 Deferred income taxes....................................... (7,418,000) Deferred compensation....................................... 6,231,000 Goodwill.................................................... 220,398,000 ------------ $237,621,000 ============
The tangible assets of Network ICE acquired in the merger consisted primarily of cash, accounts receivable and fixed assets. The liabilities of Network ICE assumed in the merger consisted primarily of accounts payable and accrued expenses and deferred revenue. In-process research and development of approximately $2.9 million had not reached technological feasibility based on identifiable technological risk factors, which indicated that even though successful completion was expected, it was not assured as of the acquisition date and was immediately charged to operations. The following table summarizes unaudited pro forma results of operations as if the acquisitions of vCIS and Network ICE were concluded as of the beginning of the periods presented. The adjustments to the historical data reflect the following: (i) amortization of goodwill in 2001 and intangibles, (ii) write off of in-process research and development, and (iii) deferred stock compensation. This pro forma information is not 52 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 2. BUSINESS COMBINATIONS AND ASSET ACQUISITIONS -- (CONTINUED) necessarily indicative of what combined operations would have been if ISS had control of such combined businesses for the periods presented.
DECEMBER 31, --------------------------- 2001 2002 ------------ ------------ (UNAUDITED) Revenue.................................................. $229,276,000 $243,285,000 Net loss................................................. $(44,160,000) $ (790,000) Basic and diluted net loss per share of Common Stock..... $ (0.97) $ (0.02)
3. MARKETABLE SECURITIES The following is a summary of available-for-sale marketable securities as of December 31:
2002 2003 ----------- ----------- Unrestricted: U.S. corporate commercial paper........................... $53,999,000 $53,630,000 Restricted: U.S. corporate commercial paper........................... 14,690,000 12,760,000 ----------- ----------- $68,689,000 $66,390,000 =========== ===========
As of December 31, 2002 and 2003, the cost of marketable securities approximated fair value. The contractual maturities of all of these investments were less than one year as of December 31, 2003. Cash and marketable securities of $12,760,000 at December 31, 2003 and $14,690,000 at December 31, 2002 were restricted as collateral for letters of credit issued in relation to operating leases for facilities and classified as restricted marketable securities. 4. STOCK OPTION PLANS ISS's Incentive Stock Plan (the "Plan") provides for the granting of qualified or nonqualified options to purchase shares of ISS's Common Stock. Under the Plan, at December 31, 2003 there were 16,435,875 shares reserved for future issuance which increases automatically on the first trading day of each year by an amount equal to 4% of the number of shares of Common Stock outstanding on the last trading day of the preceding year. An additional 160,000 shares have been reserved for non-statutory options issued in 1997 to non- employee directors. In October 2002, as a result of the acquisition of vCIS, the Company assumed all outstanding vCIS stock options. Each vCIS stock option assumed is subject to the same terms and conditions as the original grant and generally vest over three to four years and expires ten years from the date of grant. Each option was adjusted at a ratio of 0.04770 shares of ISS common stock for each one share of vCIS common stock. In June 2001, as a result of the acquisition of Network ICE, the Company assumed all outstanding Network ICE stock options. Each Network ICE stock option assumed is subject to the same terms and conditions as the original grant and generally vests over four years and expires ten years from the date of grant. Each option was adjusted at a ratio of 0.13529 shares of ISS common stock for each one share of Network ICE common stock. 53 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 4. STOCK OPTION PLANS -- (CONTINUED) A summary of ISS's stock option activity is as follows:
2001 2002 2003 --------------------- --------------------- --------------------- WEIGHTED WEIGHTED WEIGHTED AVERAGE AVERAGE AVERAGE NUMBER OF EXERCISE NUMBER OF EXERCISE NUMBER OF EXERCISE SHARES PRICE SHARES PRICE SHARES PRICE ---------- -------- ---------- -------- ---------- -------- Outstanding at beginning of year.... 5,252,000 $36.54 5,004,000 $36.98 6,756,000 $31.64 Granted........................... 1,663,000 32.15 3,773,000 25.33 2,898,000 11.14 Exercised......................... (1,108,000) 12.65 (587,000) 6.30 (136,000) 7.50 Canceled.......................... (1,092,000) 46.52 (1,469,000) 42.82 (1,881,000) 39.95 Assumed........................... 289,000 14.79 35,000 0.94 -- -- ---------- ---------- ---------- Outstanding at end of year.......... 5,004,000 36.98 6,756,000 31.64 7,637,000 22.26 ========== ========== ========== Exercisable at end of year.......... 1,386,000 22.74 2,032,000 32.06 2,840,000 28.19 ========== ========== ==========
All vCIS and Network ICE options assumed by ISS were included in the purchase price based on their fair value. The intrinsic value of the unvested options has been allocated to deferred compensation and is being amortized over the remaining vesting periods of the related options. The Company recorded deferred compensation of approximately $6.2 million for the Network ICE options in June 2001 and approximately $153,000 in October 2002 for the vCIS options. Amortization of deferred compensation was $2.1 million in 2001, $1.1 million in 2002 and $361,000 in 2003. The following table summarizes information about stock options outstanding at December 31, 2003:
OPTIONS FULLY OPTIONS OUTSTANDING VESTED AND EXERCISABLE ---------------------------- ----------------------- NUMBER OF WEIGHTED NUMBER OPTIONS AVERAGE EXERCISABLE WEIGHTED OUTSTANDING AT REMAINING AT AVERAGE DECEMBER 31, CONTRACTUAL DECEMBER 31, EXERCISE RANGE OF EXERCISE PRICES 2003 LIFE 2003 PRICE ------------------------ -------------- ----------- ------------ -------- $.08-9.11............................. 538,000 5.87 413,000 $ 5.18 $10.00-19.19.......................... 3,402,000 8.95 366,000 13.80 $20.03-24.06.......................... 1,318,000 7.98 582,000 20.94 $25.20-34.97.......................... 1,580,000 7.58 1,006,000 31.49 $39.75-58.94.......................... 502,000 6.83 277,000 57.06 $60.25-85.63.......................... 297,000 6.25 196,000 67.53
On October 29, 2003, ISS announced a voluntary option exchange program intended to reduce the number of outstanding options. Stock options with exercise prices exceeding $30 per share were eligible. ISS' directors and five most senior executive officers, including the chief executive officer, are not eligible to participate in the program. Approximately 783,000 option shares, of the 1,343,000 eligible, with exercise prices between $30 and $83 per share have elected into the program. New options will be issued at the rate of 2.5 old option shares for one new option share. The exercise price per share for new options will be priced at the Nasdaq National Market closing price six months and a day after the cancellation of old options, which is currently expected to be May 27, 2004. 5. ADOPTION OF SHAREHOLDER RIGHTS PLAN On July 11, 2002, the Board of Directors adopted a shareholder rights plan and authorized and declared a dividend of one preferred share purchase right (a "Right") for each outstanding share of Common Stock, par value $.001 per share, of the Company. The dividend was paid on July 29, 2002 to the stockholders of record 54 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 5. ADOPTION OF SHAREHOLDER RIGHTS PLAN -- (CONTINUED) on that date. Stock issued subsequent to July 29, 2002 will be issued with an attached Right. Each Right will initially represent the right, under certain circumstances, to purchase one one-thousandth of a share of Series A Junior Participating Preferred Stock (the "Junior Preferred Stock") at a purchase price of $80 per one one-thousandth of a share. If a person or group acquires beneficial ownership of 20% or more of the then outstanding shares of the Company's Common Stock (an "Acquiring Person"), the holder of a Right, upon exercise of the Right, will thereafter have the right to receive, in lieu of shares of Junior Preferred Stock, shares of the Company's Common Stock (or, in certain circumstances, cash, property or other securities of the Company) having a value equal to twice the purchase price of the Right. The Rights expire on July 11, 2012. Generally, the Board of Directors may redeem the Rights at a price of $.001 per Right (subject to adjustment) at any time prior to the earlier of (i) the close of business on the tenth business day following the date a person becomes an Acquiring Person or (ii) the expiration date of the Rights. Prior to any person or group becoming an Acquiring Person, the Company may amend the Rights Agreement at any time. In addition, the Company has retention agreements with certain officers of the Company which provide for severance payments upon a termination that is a result of a change in control, as described in the agreements. 6. OTHER INCOME (EXPENSE) AND MINORITY INTEREST Other expense for 2003 includes a $2.2 million write off of an investment made by ISS KK in a China distributor. The Company completed an impairment analysis on the China distributor's March 2003 annual financial results issued and made available in the fourth quarter of 2003. Upon reviewing these results, the Company determined the investment was impaired and concluded that a write-off of the entire investment was appropriate. Other income for 2002 includes a gain of $2.6 million related to the issuance of subsidiary shares in connection with the acquisition of TriSecurity Holdings Pte Ltd. The Company reported a gain on the difference between the fair market value of the shares issued and the book value of those shares, in accordance with SEC Staff Accounting Bulletin No. 51 and company policy. A gain of $1.9 million was recorded in 2002 on the sale by the ISS KK of an investment in an ISS distributor in Japan. The shares of the publicly traded company were acquired when the distributor was privately held and were subsequently sold on the open market. In September 2001, ISS KK sold newly issued shares in an initial public offering ("IPO") on the Japan over-the-counter market. These newly issued shares represented approximately 10% of the previously outstanding shares of our Asia/Pacific subsidiary. Other income in 2001 includes a gain on the subsidiary IPO of $13.6 million. Other income also includes $1.6 million generated from the March 2001 sale of approximately 2% of the outstanding shares of our Asia/Pacific subsidiary to employees and key partners. These amounts represent the difference between proceeds received and the underlying basis in the stock less the minority interest in such gains, in accordance with SEC Staff Accounting Bulletin No. 51. Minority interest totaled $336,000 in 2001, $187,000 in 2002 and $157,000 in 2003. Minority interest in earnings of consolidated subsidiary represent the minority shareholders' share of the after-tax net income or loss of the consolidated subsidiary, ISS KK. 7. COMMITMENTS AND CONTINGENCIES ISS has non-cancelable operating leases for facilities that expire at various dates through 2013. The Company has shorter-term leases for office space in other locations and various computer equipment leases. 55 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 7. COMMITMENTS AND LITIGATION -- (CONTINUED) The Company also has obligations for payments under an agreement for software used in our computer equipment. The future payments under this agreement amount to $484,000 in 2004 and 2005. Future minimum payments under non-cancelable operating leases with initial terms of one year or more consisted of the following at December 31, 2003:
NON-CANCELABLE OPERATING LEASES ---------------- 2004....................................................... 13,514,000 2005....................................................... 13,025,000 2006....................................................... 12,028,000 2007....................................................... 9,077,000 2008....................................................... 8,097,000 Thereafter................................................. 34,090,000 ----------- Total minimum lease payments..................... $89,831,000 ===========
Rent expense was approximately $6,806,000, $12,008,000, and $14,469,000 for the years ended December 31, 2001, 2002 and 2003, respectively. The Company and certain of its officers and directors were named as defendants in a consolidated amended complaint that was filed in the United States District Court for the Northern District of Georgia on October 9, 2002. The lawsuit purports to be brought on behalf of a class of investors who purchased the Company's stock during the period from April 5, 2001 through August 14, 2001 (the "Class Period"). The lawsuit alleges violations of the federal securities laws, including Sections 10(b) and 20(a) of the Securities Exchange Act of 1934, as amended, and Rule 10b-5 thereunder. The complaint generally alleges that the Company and the individual defendants violated the anti-fraud provisions of the federal securities laws and caused the Company's stock to trade at artificially high prices by making misrepresentations relating to the Company's financial condition and prospects during the Class Period. The complaint seeks damages in an unspecified amount. On September 3, 2003, the court dismissed the consolidated amended complaint. The plaintiffs have moved the court to reconsider its dismissal order and to grant them leave to amend their complaint. The Company and the individual defendants have opposed those motions. The court has not yet ruled. The Company believes that the court's order dismissing the action was appropriate and further that the Company has meritorious defenses and intends to continue defending the action vigorously. 8. INCOME TAXES For financial reporting purposes, the provision for income taxes includes the following components:
YEAR ENDED DECEMBER 31, --------------------------------------- 2001 2002 2003 ----------- ----------- ----------- Federal income taxes.......................... $ 8,899,000 $10,404,000 $ 8,069,000 State income taxes............................ 696,000 637,000 1,377,000 Foreign income taxes.......................... 2,926,000 2,035,000 1,785,000 ----------- ----------- ----------- Total provision for income taxes.... $12,521,000 $13,076,000 $11,231,000 =========== =========== ===========
56 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 8. INCOME TAXES -- (CONTINUED) ISS' income tax provisions consist of the following:
YEAR ENDED DECEMBER 31, --------------------------------------- 2001 2002 2003 ----------- ----------- ----------- Current....................................... $12,521,000 $13,076,000 $12,792,000 Deferred...................................... -- -- (1,561,000) ----------- ----------- ----------- $12,521,000 $13,076,000 $11,231,000 =========== =========== ===========
Pre-tax income (loss) attributable to foreign and domestic operations is summarized below:
YEAR ENDED DECEMBER 31, ---------------------------------------- 2001 2002 2003 ------------ ----------- ----------- U.S. operations.............................. $ 3,799,000 $15,376,000 $27,838,000 Japan operations............................. 5,808,000 2,455,000 694,000 EMEA operations.............................. (12,174,000) (2,136,000) 1,424,000 Other........................................ (370,000) (840,000) 1,012,000 ------------ ----------- ----------- $ (2,937,000) $14,855,000 $30,968,000 ============ =========== ===========
A reconciliation of the provision for income taxes to the statutory federal income tax rate is as follows:
YEAR ENDED DECEMBER 31, --------------------------------------- 2001 2002 2003 ----------- ----------- ----------- Federal income taxes at 35% applied to pretax income (loss)............................... $(1,028,000) $ 5,200,000 $10,839,000 State income taxes, net of federal income tax benefit..................................... 696,000 637,000 1,377,000 Intangibles................................... 9,170,000 -- -- Research and development tax credits.......... (1,100,000) (1,496,000) (1,300,000) Foreign operations............................ 2,634,000 1,441,000 (19,000) Deferred compensation......................... 729,000 383,000 127,000 Write-off of in-process research and development................................. 1,019,000 6,488,000 -- Other......................................... 346,000 423,000 207,000 Change in valuation allowance................. 55,000 -- -- ----------- ----------- ----------- $12,521,000 $13,076,000 $11,231,000 =========== =========== ===========
57 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 8. INCOME TAXES -- (CONTINUED) Deferred income taxes reflect the net income tax effects of temporary differences between the carrying amounts of assets and liabilities for financial reporting purposes and the amounts used for income tax purposes. Significant components of the Company's net deferred income taxes are as follows:
DECEMBER 31, --------------------------- 2002 2003 ------------ ------------ Deferred income tax liabilities: Amortization........................................... $ 4,766,000 $ 2,766,000 Gain on issuance of subsidiary stock................... 6,407,000 6,502,000 ------------ ------------ Total deferred income tax liabilities.......... 11,173,000 9,268,000 Deferred income tax assets: Depreciation........................................... 108,000 232,000 Accrued liabilities.................................... 1,075,000 710,000 Allowance for doubtful accounts........................ 623,000 1,237,000 Deferred revenue....................................... -- 506,000 Loss from impairment of investment..................... -- 936,000 Net operating loss carryforwards....................... 20,128,000 8,290,000 Foreign tax credit carryforwards....................... 1,937,000 2,814,000 Research and development tax credit carryforwards...... 5,983,000 7,662,000 ------------ ------------ Total deferred income tax assets............... 29,854,000 22,387,000 ------------ ------------ Net deferred tax income tax asset.............. 18,681,000 13,119,000 Less valuation allowance............................... (18,681,000) (11,558,000) ------------ ------------ Net deferred income tax assets................. $ -- $ 1,561,000 ============ ============
The change in valuation allowance is primarily a result of changes in deferred income tax assets and liabilities for which the related benefit or provision was charged to stockholders' equity. Therefore, such change in the valuation allowance is not included in the rate reconciliation above. The Company has recognized a deferred income tax asset related to its Asia/Pacific operations because management's evaluation of all of the available evidence indicates that the asset is more likely than not to be realized. Net deferred income tax assets are included in other assets in the Consolidated Balance Sheets. The Company has not recognized any benefit from the future use of the deferred income tax assets related to its Americas operations because management's evaluation of all the available evidence in assessing the realizability of the tax benefits of such loss carryforwards indicates that the underlying assumptions of future profitable operations contain risks that do not provide sufficient assurance to recognize such tax benefits currently. The net deferred income tax assets subject to valuation allowance include approximately $18,681,000 and $11,163,000 at December 31, 2002 and 2003, respectively, of assets that were created by or are subject to valuation allowance as a result of stock option deductions. While income tax expense will be recorded on any future pre-tax profits from United States operations, these deferred tax assets would reduce the related income taxes payable. This reduction in income taxes payable in future periods would be recorded as additional paid-in capital. An additional $395,000 of net deferred income tax assets subject to valuation allowance resulted from operating losses in Brazil. The Company has approximately $21,816,000 of net operating loss carryforwards for federal income tax purposes that expire in varying amounts between 2011 and 2021. The net operating loss carryforwards may be subject to certain limitations in the event of a change in ownership. The Company also has approximately 58 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 8. INCOME TAXES -- (CONTINUED) $7,662,000 of research and development tax credit carryforwards that expire between 2011 and 2023 and foreign tax credit carryforwards of $2,814,000 that expire between 2006 and 2008. 9. EMPLOYEE STOCK AND BENEFIT PLANS ISS sponsors a 401(k) plan that covers substantially all employees over 18 years of age. Participating employees may contribute up to 15% of their pre-tax salary, but not more than statutory limits. The Company matches 25% of participant contributions up to 3% of their pre-tax salary. Matching contributions of $290,000 in 2001, $288,000 in 2002 and $437,000 in 2003 were charged to expense. Effective July 1, 1999, the Company implemented an employee stock purchase plan (the "Plan") for all eligible employees. Under the Plan, shares of the Company's Common Stock may be purchased at six-month intervals at 85% of the lower of the fair market value on the first or the last day of each six-month period. Employees may purchase shares with aggregate fair value up to 10% of their gross compensation during a six-month period. Employees purchased 75,000 shares at an average price of $30.40 per share in 2001, 126,000 shares at an average price of $16.61 per share in 2002 and 150,000 shares at an average price of $10.53 per share. At December 31, 2003, 210,000 shares of the Company's Common Stock were reserved for future issuance. 10. INCOME (LOSS) PER SHARE The following table sets forth the computation of basic and diluted net income (loss) per share:
YEAR ENDED DECEMBER 31, ---------------------------------------- 2001 2002 2003 ------------ ----------- ----------- Numerator: Net income (loss).......................... $(15,458,000) $ 1,779,000 $19,737,000 Denominator: Denominator for basic net income (loss) per share -- weighted average shares........ 45,649,000 48,456,000 49,155,000 Effect of dilutive stock options........... -- 702,000 863,000 ------------ ----------- ----------- Denominator for diluted net income (loss) per share -- weighted average shares.... 45,649,000 49,158,000 50,018,000 ------------ ----------- ----------- Basic net income (loss) per share............ $ (0.34) $ 0.04 $ 0.40 ============ =========== =========== Diluted net income (loss) per share.......... $ (0.34) $ 0.04 $ 0.39 ============ =========== ===========
For the year ended December 31, 2001, 1,364,000 weighted-average options were not included in the above calculations as their effect on loss per share was anti-dilutive. 11. SEGMENT AND GEOGRAPHIC INFORMATION ISS conducts business in one operating segment; providing information security management solutions. The Company does, however, prepare operating results for internal use on a geographic basis. These geographical based operating costs consist of direct sales expenses, infrastructure to support its employee and customer and partner base, supporting billing and financial systems and a management team. Corporate expenses that are not charged directly to the other segments include research and development, general and administrative costs that support the global organization, amortization of intangibles, stock based compensation and goodwill and costs that are one-time in nature, such as acquired in-process research and development. 59 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 11. SEGMENT AND GEOGRAPHIC INFORMATION -- (CONTINUED) The accounting policies of the segments are the same as those described in the summary of significant accounting policies. There are no inter-segment sales. Our chief executive officer and chief financial officer evaluate performance based on operating profit or loss from operations, and trade accounts receivable for each segment. Other than trade accounts receivable, assets and liabilities are not discretely allocated or reviewed by segment. In accordance with SFAS No. 131, "Disclosures about Segments of an Enterprise and Related Information", the Company has included a summary of the segment financial information reported internally. The geographic segments are the Americas, EMEA, and the Asia/Pacific region.
AMERICAS EMEA ASIA/PACIFIC UNALLOCATED TOTAL ------------ ----------- ------------ ------------ ------------ AS OF OR FOR THE YEAR ENDED DECEMBER 31, 2003 REVENUES FROM EXTERNAL CUSTOMERS: Product licenses and sales................... $ 69,540,000 $22,961,000 $14,616,000 $ -- $107,117,000 Subscriptions................................ 82,755,000 19,580,000 10,520,000 -- 112,855,000 Professional services........................ 15,997,000 4,390,000 5,422,000 -- 25,809,000 ------------ ----------- ----------- ------------ ------------ Total revenue.......................... 168,292,000 46,931,000 30,558,000 -- 245,781,000 COST OF REVENUES: Product licenses and sales................... 7,437,000 1,136,000 955,000 -- 9,528,000 Subscriptions and professional services...... 32,629,000 7,209,000 8,848,000 -- 48,686,000 ------------ ----------- ----------- ------------ ------------ Total cost of revenues................. 40,066,000 8,345,000 9,803,000 -- 58,214,000 OPERATING EXPENSES............................. 58,909,000 21,271,000 7,272,000 70,519,000 157,971,000 ------------ ----------- ----------- ------------ ------------ TOTAL EXPENSES................................. 98,975,000 29,616,000 17,075,000 70,519,000 216,185,000 ------------ ----------- ----------- ------------ ------------ SEGMENT OPERATING INCOME (LOSS)................ $ 69,317,000 $17,315,000 $13,483,000 $(70,519,000) $ 29,596,000 ============ =========== =========== ============ ============ ACCOUNTS RECEIVABLE............................ $ 38,046,000 $17,605,000 $10,937,000 $ -- $ 66,588,000 ============ =========== =========== ============ ============ AS OF OR FOR THE YEAR ENDED DECEMBER 31, 2002 REVENUES FROM EXTERNAL CUSTOMERS: Product licenses and sales................... $ 82,456,000 $19,459,000 $19,178,000 $ -- $121,093,000 Subscriptions................................ 71,224,000 12,952,000 8,769,000 -- 92,945,000 Professional services........................ 20,301,000 5,228,000 3,718,000 -- 29,247,000 ------------ ----------- ----------- ------------ ------------ Total revenue.......................... 173,981,000 37,639,000 31,665,000 -- 243,285,000 COST OF REVENUES: Product licenses and sales................... 6,633,000 -- 55,000 -- 6,688,000 Subscriptions and professional services...... 34,652,000 8,249,000 8,232,000 -- 51,133,000 ------------ ----------- ----------- ------------ ------------ Total cost of revenues................. 41,285,000 8,249,000 8,287,000 -- 57,821,000 OPERATING EXPENSES............................. 63,477,000 20,624,000 9,578,000 83,762,000 177,441,000 ------------ ----------- ----------- ------------ ------------ TOTAL EXPENSES................................. 104,762,000 28,873,000 17,865,000 83,762,000 235,262,000 ------------ ----------- ----------- ------------ ------------ SEGMENT OPERATING INCOME (LOSS)................ $ 69,219,000 $ 8,766,000 $13,800,000 $(83,762,000) $ 8,023,000 ============ =========== =========== ============ ============ ACCOUNTS RECEIVABLE............................ $ 33,945,000 $13,459,000 $ 9,296,000 $ -- $ 56,700,000 ============ =========== =========== ============ ============ AS OF OR FOR THE YEAR ENDED DECEMBER 31, 2001 REVENUES FROM EXTERNAL CUSTOMERS: Product licenses and sales................... $ 81,527,000 $18,284,000 $22,574,000 $ -- $122,385,000 Subscriptions................................ 53,654,000 8,020,000 5,013,000 -- 66,687,000 Professional services........................ 24,421,000 6,971,000 3,095,000 -- 34,487,000 ------------ ----------- ----------- ------------ ------------ Total revenue.......................... 159,602,000 33,275,000 30,682,000 -- 223,559,000 COST OF REVENUES: Product licenses and sales................... 12,737,000 593,000 109,000 -- 13,439,000 Subscriptions and professional services...... 37,575,000 7,392,000 5,741,000 -- 50,708,000 ------------ ----------- ----------- ------------ ------------ Total cost of revenues................. 50,312,000 7,985,000 5,850,000 -- 64,147,000 OPERATING EXPENSES............................. 60,663,000 22,033,000 9,305,000 91,569,000 183,570,000 ------------ ----------- ----------- ------------ ------------ TOTAL EXPENSES................................. 110,975,000 30,018,000 15,155,000 91,569,000 247,717,000 ------------ ----------- ----------- ------------ ------------ SEGMENT OPERATING INCOME (LOSS)................ $ 48,627,000 $ 3,257,000 $15,527,000 $(91,569,000) $(24,158,000) ============ =========== =========== ============ ============ ACCOUNTS RECEIVABLE............................ $ 30,581,000 $10,792,000 $ 8,886,000 $ -- $ 50,259,000 ============ =========== =========== ============ ============
60 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 12. QUARTERLY FINANCIAL RESULTS (UNAUDITED) Summarized quarterly results for the two years ended December 31, 2002 and 2003 are as follows:
FIRST SECOND THIRD FOURTH ----------- ----------- ----------- ------------ 2002 by quarter: Revenues...................... $58,377,000 $60,031,000 $61,768,000 $ 63,109,000 Operating income (loss)....... 5,307,000 4,306,000 7,358,000 (8,948,000) Net income (loss)............. 3,369,000 4,125,000 6,341,000 (12,056,000) Net income (loss) per share: Basic......................... $ 0.07 $ 0.09 $ 0.13 $ (0.25) Diluted....................... $ 0.07 $ 0.08 $ 0.13 $ (0.25) 2003 by quarter: Revenues...................... $59,453,000 $59,125,000 $60,087,000 $ 67,116,000 Operating income.............. 7,873,000 6,902,000 7,542,000 7,279,000 Net income.................... 5,362,000 4,891,000 5,035,000 4,449,000 Net income per share: Basic......................... $ 0.11 $ 0.10 $ 0.10 $ 0.09 Diluted....................... $ 0.11 $ 0.10 $ 0.10 $ 0.09
Because of the method used in calculating per share data, the quarterly per share data will not necessarily total the per share data as computed for the year. 13. EXIT OR DISPOSAL ACTIVITIES In response to the competitive climate for protection systems that require platform focus, the Company reorganized and consolidated its efforts for security content, protection agent frameworks, management infrastructure and multifunction appliance delivery to enhance operational and development efficiency. In the fourth quarter of 2003, the Company committed to a plan of cost reduction and exit activities aggregating $1.5 million through the closing of its engineering operations in Reading, U.K. and Sydney, Australia. These costs are included in research and development expenses in the statement of operations. Additionally, the Company incurred approximately $326,000 of cost associated with consolidating certain European managed service operational responsibilities into U.S. operations. These exit costs are included in the EMEA costs of subscriptions and services in the statement of operations. The Reading office was closed effective November 30, 2003 and all costs associated with the closing of this facility were charged to expense in 2003. The Sydney office will remain open through the first half of 2004, with a small number of key employees. The costs of severance associated with terminated employees were expensed in 2003. The following is a summary of the exit costs associated with engineering operations and managed services:
ONE-TIME TERMINATION BENEFITS CONTRACT TERMINATION OTHER TOTAL ----------- -------------------- --------- ----------- Fourth quarter 2003 provision................... $ 1,406,000 $ 298,000 $ 156,000 $ 1,860,000 Cash payments............... (1,254,000) (114,000) (43,000) (1,411,000) Non-cash charges............ -- -- (82,000) (82,000) ----------- --------- --------- ----------- Accrual at December 31, 2003.......................... $ 152,000 $ 184,000 $ 31,000 $ 367,000
61 INTERNET SECURITY SYSTEMS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 13. EXIT OR DISPOSAL ACTIVITIES -- (CONTINUED) One-time termination benefits consisted of severance and benefits for involuntarily terminated employees. The contract termination costs include costs for remaining lease payments on vacated facilities and costs associated with vacating the facility. Other costs consisted primarily of write-off of abandoned fixed assets and the write-off of leasehold improvements related to the vacated facilities. The Company expects to utilize the balance of the exit cots by June 30, 2004. 14. SUBSEQUENT EVENTS In January 2004, the Company announced the acquisition of Cobion, AG, a privately held company based in Kassel, Germany. Cobion provides content filtering and anti-spam technology that protects individuals and enterprises against unwanted Web content, spam, misuse of information and lost productivity. The Company acquired Cobion for approximately $33 million in cash, including the direct costs of acquisition. 62 SCHEDULE II VALUATION AND QUALIFYING ACCOUNTS
BALANCE AT BEGINNING OF BALANCE AT YEAR PROVISION WRITE-OFFS END OF YEAR ------------ ----------- ----------- ----------- 2001 Allowance for Doubtful Accounts..... $ 1,188,000 $ 1,596,000 $ (221,000) $ 2,563,000 =========== =========== =========== =========== Valuation allowance on net deferred income tax assets................. $33,023,000 $ -- $(5,911,000) $27,112,000 =========== =========== =========== =========== 2002 Allowance for Doubtful Accounts..... $ 2,563,000 $ 2,101,000 $(1,874,000) $ 2,790,000 =========== =========== =========== =========== Valuation allowance on net deferred income tax assets................. $27,112,000 $ -- $(8,431,000) $18,681,000 =========== =========== =========== =========== 2003 Allowance for Doubtful Accounts..... $ 2,790,000 $ 1,150,000 $(1,185,000) $ 2,755,000 =========== =========== =========== =========== Valuation allowance on net deferred income tax assets................. $18,681,000 $ -- $(7,123,000) $11,558,000 =========== =========== =========== ===========
63 SIGNATURES Pursuant to the requirements of the Section 13 or 15(d) of the Securities Exchange Act of 1934, the Registrant has duly caused this Report to be signed on its behalf by the undersigned, thereunto duly authorized. INTERNET SECURITY SYSTEMS, INC. By: /s/ RICHARD MACCHIA ------------------------------------ Richard Macchia Senior Vice President and Chief Financial Officer Dated: March 15, 2004 POWER OF ATTORNEY KNOW ALL PERSONS BY THESE PRESENTS, that each person whose signature appears below hereby severally constitutes and appoints, Thomas E. Noonan, Richard Macchia and Maureen Richards, and each or any of them, his true and lawful attorney-in-fact and agent, each with the power of substitution and resubstitution, for him in any and all capacities, to sign any and all amendments to this Annual Report (Form 10-K) and to file the same, with exhibits thereto and other documents in connection therewith, with the Securities and Exchange Commission, hereby ratifying and confirming all that each said attorney-in-fact and agent, or his substitute or substitutes, may lawfully do or cause to be done by virtue hereof. Pursuant to the requirements of the Securities Exchange Act of 1934, this Report has been signed below by the following persons on behalf of the Registrant and in the capacities and on the dates indicated.
NAME TITLE DATE ---- ----- ---- /s/ THOMAS E. NOONAN Chairman, President and Chief March 15, 2004 ----------------------------------------------------- Executive (Principal Thomas E. Noonan Executive Officer) /s/ CHRISTOPHER W. KLAUS Chief Technology Officer, March 15, 2004 ----------------------------------------------------- Secretary and Director Christopher W. Klaus /s/ RICHARD MACCHIA Senior Vice President and March 15, 2004 ----------------------------------------------------- Chief Financial Officer Richard Macchia /s/ MAUREEN RICHARDS Vice President, Corporate March 15, 2004 ----------------------------------------------------- Controller and Principal Maureen Richards Accounting Officer /s/ RICHARD S. BODMAN Director March 15, 2004 ----------------------------------------------------- Richard S. Bodman /s/ ROBERT E. DAVOLI Director March 15, 2004 ----------------------------------------------------- Robert E. Davoli /s/ SAM NUNN Director March 15, 2004 ----------------------------------------------------- Sam Nunn
64
NAME TITLE DATE ---- ----- ---- /s/ KEVIN J. O'CONNOR Director March 15, 2004 ----------------------------------------------------- Kevin J. O'Connor /s/ DAVID N. STROHM Director March 15, 2004 ----------------------------------------------------- David N. Strohm
65