007963250065000816P3Y0.00100P1Y0065000816796325000.0050001679826--12-312019FYfalse00001679826us-gaap:CommonStockMember2018-01-012018-12-310001679826us-gaap:CommonStockMember2017-01-012017-12-3100016798262019-10-222019-10-220001679826us-gaap:OverAllotmentOptionMember2019-09-232019-09-2300016798262019-09-232019-09-230001679826us-gaap:CommonStockMember2019-01-012019-12-3100016798262019-09-052019-09-050001679826us-gaap:RetainedEarningsMember2019-12-310001679826us-gaap:AdditionalPaidInCapitalMember2019-12-310001679826us-gaap:AccumulatedOtherComprehensiveIncomeMember2019-12-310001679826us-gaap:AccumulatedOtherComprehensiveIncomeMember2018-12-310001679826us-gaap:RetainedEarningsMember2017-12-310001679826us-gaap:AdditionalPaidInCapitalMember2017-12-310001679826us-gaap:AccumulatedOtherComprehensiveIncomeMember2017-12-310001679826us-gaap:RetainedEarningsMember2016-12-310001679826us-gaap:AdditionalPaidInCapitalMember2016-12-310001679826us-gaap:AccumulatedOtherComprehensiveIncomeMember2016-12-310001679826us-gaap:CommonStockMember2019-12-310001679826us-gaap:CommonStockMember2018-12-310001679826us-gaap:CommonStockMember2017-12-310001679826us-gaap:CommonStockMember2016-12-310001679826us-gaap:IPOMember2019-09-230001679826us-gaap:EmployeeStockOptionMember2018-01-012018-12-310001679826us-gaap:EmployeeStockOptionMember2019-12-310001679826us-gaap:EmployeeStockOptionMember2018-12-310001679826us-gaap:EmployeeStockOptionMemberus-gaap:ShareBasedCompensationAwardTrancheTwoMember2018-01-012018-12-310001679826us-gaap:EmployeeStockOptionMemberus-gaap:ShareBasedCompensationAwardTrancheOneMember2018-01-012018-12-310001679826us-gaap:EmployeeStockOptionMemberus-gaap:ShareBasedCompensationAwardTrancheTwoMember2017-01-012017-12-310001679826us-gaap:EmployeeStockOptionMemberus-gaap:ShareBasedCompensationAwardTrancheOneMember2017-01-012017-12-310001679826ping:OmnibusIncentivePlan2019Member2019-12-310001679826ping:PerformanceAndMarketBasedOptionsMember2018-01-012018-12-310001679826ping:PerformanceAndMarketBasedOptionsMember2017-01-012017-12-310001679826srt:MinimumMemberping:PerformanceAndMarketBasedOptionsMember2018-01-012018-12-310001679826srt:MaximumMemberping:PerformanceAndMarketBasedOptionsMember2018-01-012018-12-310001679826ping:TimeBasedOptionsMember2018-01-012018-12-310001679826srt:MinimumMemberping:PerformanceAndMarketBasedOptionsMember2017-01-012017-12-310001679826srt:MaximumMemberping:PerformanceAndMarketBasedOptionsMember2017-01-012017-12-310001679826ping:TimeBasedOptionsMember2017-01-012017-12-310001679826us-gaap:RestrictedStockUnitsRSUMember2018-12-310001679826us-gaap:RestrictedStockUnitsRSUMember2018-01-012018-12-310001679826us-gaap:RestrictedStockUnitsRSUMember2017-01-012017-12-310001679826srt:MinimumMemberus-gaap:RestrictedStockUnitsRSUMember2019-01-012019-12-310001679826srt:MaximumMemberus-gaap:RestrictedStockUnitsRSUMember2019-01-012019-12-310001679826ping:TimeBasedOptionsMember2019-01-012019-12-310001679826ping:PerformanceAndMarketBasedOptionsMember2019-01-012019-12-3100016798262020-01-012019-12-310001679826ping:AffiliatesOfVistaEquityPartnersMember2019-01-012019-12-310001679826ping:AffiliatesOfVistaEquityPartnersMember2018-01-012018-12-310001679826ping:AffiliatesOfVistaEquityPartnersMember2017-01-012017-12-310001679826us-gaap:NonUsMember2019-01-012019-12-310001679826ping:SubscriptionTermBasedLicensesMember2019-01-012019-12-310001679826ping:SubscriptionSaasAndSupportAndMaintenanceMember2019-01-012019-12-310001679826ping:OneYearSubscriptionTermBasedLicensesMember2019-01-012019-12-310001679826ping:MultiYearSubscriptionTermBasedLicensesMember2019-01-012019-12-310001679826country:US2019-01-012019-12-310001679826us-gaap:NonUsMember2018-01-012018-12-310001679826ping:SubscriptionTermBasedLicensesMember2018-01-012018-12-310001679826ping:SubscriptionSaasAndSupportAndMaintenanceMember2018-01-012018-12-310001679826ping:OneYearSubscriptionTermBasedLicensesMember2018-01-012018-12-310001679826ping:MultiYearSubscriptionTermBasedLicensesMember2018-01-012018-12-310001679826country:US2018-01-012018-12-310001679826us-gaap:NonUsMember2017-01-012017-12-310001679826ping:SubscriptionTermBasedLicensesMember2017-01-012017-12-310001679826ping:SubscriptionSaasAndSupportAndMaintenanceMember2017-01-012017-12-310001679826ping:OneYearSubscriptionTermBasedLicensesMember2017-01-012017-12-310001679826ping:MultiYearSubscriptionTermBasedLicensesMember2017-01-012017-12-310001679826country:US2017-01-012017-12-310001679826ping:AffiliatesOfVistaEquityPartnersMemberus-gaap:IPOMember2019-01-012019-12-310001679826ping:AffiliatesOfVistaEquityPartnersMemberus-gaap:IPOMember2018-01-012018-12-310001679826ping:TermLoan2018Memberus-gaap:IPOMember2019-09-232019-09-230001679826ping:VistaEquityPartnersMember2019-01-012019-12-310001679826ping:VistaEquityPartnersMember2018-01-012018-12-310001679826ping:VistaEquityPartnersMember2017-01-012017-12-310001679826srt:MinimumMemberus-gaap:SoftwareAndSoftwareDevelopmentCostsMember2019-01-012019-12-310001679826srt:MinimumMemberus-gaap:OtherCapitalizedPropertyPlantAndEquipmentMember2019-01-012019-12-310001679826srt:MinimumMemberus-gaap:FurnitureAndFixturesMember2019-01-012019-12-310001679826srt:MaximumMemberus-gaap:SoftwareAndSoftwareDevelopmentCostsMember2019-01-012019-12-310001679826srt:MaximumMemberus-gaap:OtherCapitalizedPropertyPlantAndEquipmentMember2019-01-012019-12-310001679826srt:MaximumMemberus-gaap:LeaseholdImprovementsMember2019-01-012019-12-310001679826srt:MaximumMemberus-gaap:FurnitureAndFixturesMember2019-01-012019-12-310001679826us-gaap:ComputerEquipmentMember2019-01-012019-12-310001679826us-gaap:NonUsMember2019-12-310001679826country:US2019-12-310001679826us-gaap:NonUsMember2018-12-310001679826country:US2018-12-310001679826us-gaap:SoftwareAndSoftwareDevelopmentCostsMember2019-12-310001679826us-gaap:OtherCapitalizedPropertyPlantAndEquipmentMember2019-12-310001679826us-gaap:LeaseholdImprovementsMember2019-12-310001679826us-gaap:FurnitureAndFixturesMember2019-12-310001679826us-gaap:ComputerEquipmentMember2019-12-310001679826us-gaap:SoftwareAndSoftwareDevelopmentCostsMember2018-12-310001679826us-gaap:OtherCapitalizedPropertyPlantAndEquipmentMember2018-12-310001679826us-gaap:LeaseholdImprovementsMember2018-12-310001679826us-gaap:FurnitureAndFixturesMember2018-12-310001679826us-gaap:ComputerEquipmentMember2018-12-310001679826us-gaap:AccumulatedOtherComprehensiveIncomeMember2019-01-012019-12-310001679826us-gaap:AccumulatedOtherComprehensiveIncomeMember2018-01-012018-12-310001679826us-gaap:AccumulatedOtherComprehensiveIncomeMember2017-01-012017-12-310001679826srt:RestatementAdjustmentMemberus-gaap:AccountingStandardsUpdate201602Member2020-01-010001679826us-gaap:RetainedEarningsMember2019-01-012019-12-310001679826us-gaap:RetainedEarningsMember2018-01-012018-12-310001679826us-gaap:RetainedEarningsMember2017-01-012017-12-310001679826us-gaap:RevolvingCreditFacilityMemberping:AffiliatesOfVistaEquityPartnersMember2018-12-310001679826ping:TermLoan2018Memberping:AffiliatesOfVistaEquityPartnersMember2018-12-310001679826ping:Revolver2016Member2016-12-310001679826us-gaap:InProcessResearchAndDevelopmentMember2019-12-310001679826us-gaap:InProcessResearchAndDevelopmentMember2018-12-310001679826ping:TermLoan2018Member2019-01-012019-12-310001679826ping:CreditAgreement2019Member2019-01-012019-12-310001679826us-gaap:RevolvingCreditFacilityMember2018-01-012018-12-310001679826srt:MinimumMemberus-gaap:OrderOrProductionBacklogMember2019-01-012019-12-310001679826srt:MinimumMemberus-gaap:DevelopedTechnologyRightsMember2019-01-012019-12-310001679826srt:MinimumMemberus-gaap:CustomerRelationshipsMember2019-01-012019-12-310001679826srt:MaximumMemberus-gaap:OrderOrProductionBacklogMember2019-01-012019-12-310001679826srt:MaximumMemberus-gaap:DevelopedTechnologyRightsMember2019-01-012019-12-310001679826srt:MaximumMemberus-gaap:CustomerRelationshipsMember2019-01-012019-12-310001679826us-gaap:TradeNamesMember2019-01-012019-12-310001679826us-gaap:NoncompeteAgreementsMember2019-01-012019-12-310001679826srt:MinimumMember2019-01-012019-12-310001679826srt:MaximumMember2019-01-012019-12-310001679826us-gaap:TradeNamesMember2019-12-310001679826us-gaap:SoftwareDevelopmentMember2019-12-310001679826us-gaap:OtherIntangibleAssetsMember2019-12-310001679826us-gaap:DevelopedTechnologyRightsMember2019-12-310001679826us-gaap:CustomerRelationshipsMember2019-12-310001679826us-gaap:TradeNamesMember2018-12-310001679826us-gaap:SoftwareDevelopmentMember2018-12-310001679826us-gaap:OtherIntangibleAssetsMember2018-12-310001679826us-gaap:OrderOrProductionBacklogMember2018-12-310001679826us-gaap:NoncompeteAgreementsMember2018-12-310001679826us-gaap:DevelopedTechnologyRightsMember2018-12-310001679826us-gaap:CustomerRelationshipsMember2018-12-310001679826us-gaap:EmployeeStockOptionMemberus-gaap:IPOMemberus-gaap:ShareBasedCompensationAwardTrancheTwoMember2019-09-220001679826us-gaap:EmployeeStockOptionMemberus-gaap:ShareBasedCompensationAwardTrancheTwoMember2018-12-310001679826us-gaap:RestrictedStockUnitsRSUMember2019-12-310001679826us-gaap:RestrictedStockUnitsRSUMember2019-01-012019-12-3100016798262018-01-012018-01-010001679826us-gaap:ResearchAndDevelopmentExpenseMember2019-12-310001679826us-gaap:IPOMember2018-12-310001679826ping:TermLoan2018Member2019-09-220001679826ping:TermLoan2019Member2019-12-310001679826ping:TermLoan2018Member2018-12-310001679826ping:TermLoan2016Member2017-12-310001679826ping:TermLoan2018Memberping:AffiliatesOfVistaEquityPartnersMember2019-01-012019-12-310001679826ping:TermLoan2018Memberping:AffiliatesOfVistaEquityPartnersMember2018-01-012018-12-310001679826srt:MinimumMemberping:CreditAgreement2019Member2019-12-310001679826ping:TermLoan2018Member2018-01-250001679826ping:TermLoan2016Member2016-06-300001679826srt:MinimumMemberping:CreditAgreement2019Memberus-gaap:LondonInterbankOfferedRateLIBORMember2019-12-012019-12-310001679826srt:MinimumMemberping:CreditAgreement2019Memberus-gaap:BaseRateMember2019-12-012019-12-310001679826srt:MaximumMemberping:CreditAgreement2019Memberus-gaap:LondonInterbankOfferedRateLIBORMember2019-12-012019-12-310001679826srt:MaximumMemberping:CreditAgreement2019Memberus-gaap:BaseRateMember2019-12-012019-12-310001679826ping:CreditAgreement2019Memberping:FederalFundRateMember2019-12-012019-12-310001679826ping:CreditAgreement2019Memberping:AdjustedLondonInterbankOfferedRateMember2019-12-012019-12-310001679826us-gaap:RetainedEarningsMember2018-12-310001679826us-gaap:AdditionalPaidInCapitalMember2018-12-310001679826us-gaap:TechnologyServiceMember2019-01-012019-12-310001679826us-gaap:SubscriptionAndCirculationMember2019-01-012019-12-310001679826us-gaap:TechnologyServiceMember2018-01-012018-12-310001679826us-gaap:SubscriptionAndCirculationMember2018-01-012018-12-310001679826us-gaap:TechnologyServiceMember2017-01-012017-12-310001679826us-gaap:SubscriptionAndCirculationMember2017-01-012017-12-3100016798262019-09-0500016798262019-09-0400016798262016-06-300001679826ping:StockOptionPlan2016Member2016-06-300001679826us-gaap:MoneyMarketFundsMemberus-gaap:FairValueInputsLevel1Memberus-gaap:FairValueMeasurementsRecurringMember2019-12-310001679826us-gaap:MoneyMarketFundsMemberus-gaap:FairValueMeasurementsRecurringMember2019-12-310001679826us-gaap:MoneyMarketFundsMemberus-gaap:FairValueInputsLevel1Memberus-gaap:FairValueMeasurementsRecurringMember2018-12-310001679826us-gaap:MoneyMarketFundsMemberus-gaap:FairValueMeasurementsRecurringMember2018-12-3100016798262017-12-3100016798262016-12-310001679826us-gaap:SoftwareDevelopmentMember2019-01-012019-12-310001679826us-gaap:SoftwareDevelopmentMember2018-01-012018-12-310001679826us-gaap:SoftwareDevelopmentMember2017-01-012017-12-310001679826ping:ShoCardMemberus-gaap:SubsequentEventMember2020-02-282020-02-280001679826ping:ElasticBeamIncMember2018-04-052018-04-050001679826ping:ElasticBeamIncMember2018-01-012018-12-310001679826us-gaap:RestrictedStockUnitsRSUMember2019-01-012019-12-310001679826us-gaap:EmployeeStockOptionMember2019-01-012019-12-310001679826us-gaap:RestrictedStockUnitsRSUMember2018-01-012018-12-310001679826us-gaap:EmployeeStockOptionMember2018-01-012018-12-310001679826us-gaap:EmployeeStockOptionMember2017-01-012017-12-310001679826us-gaap:EmployeeStockOptionMemberus-gaap:ShareBasedCompensationAwardTrancheTwoMember2019-01-012019-12-310001679826us-gaap:EmployeeStockOptionMemberus-gaap:ShareBasedCompensationAwardTrancheOneMember2019-01-012019-12-310001679826us-gaap:SellingAndMarketingExpenseMember2019-01-012019-12-310001679826us-gaap:ResearchAndDevelopmentExpenseMember2019-01-012019-12-310001679826us-gaap:GeneralAndAdministrativeExpenseMember2019-01-012019-12-310001679826ping:LongTermIncentivePlanMember2019-01-012019-12-310001679826ping:CostOfRevenueSubscriptionMember2019-01-012019-12-310001679826ping:CostOfRevenueProfessionalServicesAndOtherMember2019-01-012019-12-310001679826us-gaap:SellingAndMarketingExpenseMember2018-01-012018-12-310001679826us-gaap:ResearchAndDevelopmentExpenseMember2018-01-012018-12-310001679826us-gaap:GeneralAndAdministrativeExpenseMember2018-01-012018-12-310001679826us-gaap:SellingAndMarketingExpenseMember2017-01-012017-12-310001679826us-gaap:ResearchAndDevelopmentExpenseMember2017-01-012017-12-310001679826us-gaap:GeneralAndAdministrativeExpenseMember2017-01-012017-12-310001679826us-gaap:IPOMember2019-10-222019-10-220001679826us-gaap:AdditionalPaidInCapitalMember2019-01-012019-12-310001679826us-gaap:AdditionalPaidInCapitalMember2018-01-012018-12-310001679826us-gaap:AdditionalPaidInCapitalMember2017-01-012017-12-310001679826srt:ParentCompanyMembersrt:ReportableLegalEntitiesMember2019-12-310001679826srt:ParentCompanyMembersrt:ReportableLegalEntitiesMember2018-12-310001679826ping:AffiliatesOfVistaEquityPartnersMember2019-12-310001679826ping:AffiliatesOfVistaEquityPartnersMember2018-12-310001679826ping:VistaEquityPartnersMember2019-12-310001679826ping:VistaEquityPartnersMember2018-12-310001679826srt:MinimumMember2019-12-310001679826us-gaap:EmployeeStockOptionMember2019-01-012019-12-310001679826us-gaap:EmployeeStockOptionMemberus-gaap:IPOMemberus-gaap:ShareBasedCompensationAwardTrancheTwoMember2019-09-232019-09-230001679826us-gaap:EmployeeStockOptionMemberus-gaap:IPOMemberus-gaap:ShareBasedCompensationAwardTrancheTwoMember2019-09-230001679826us-gaap:EmployeeStockOptionMemberus-gaap:IPOMemberus-gaap:ShareBasedCompensationAwardTrancheOneMember2019-09-230001679826ping:LongTermIncentivePlanMemberus-gaap:IPOMember2019-09-230001679826us-gaap:IPOMember2019-09-232019-09-230001679826srt:ParentCompanyMembersrt:ReportableLegalEntitiesMember2018-01-012018-12-310001679826srt:ParentCompanyMembersrt:ReportableLegalEntitiesMember2017-01-012017-12-310001679826srt:MinimumMemberping:LongTermIncentivePlanMember2019-12-3100016798262019-12-3100016798262018-12-310001679826ping:PeriodFromDecember312018UntilJune312021Memberping:Revolver2016Member2016-01-012016-12-310001679826ping:PeriodFromDecember312018Memberping:Revolver2016Member2016-01-012016-12-310001679826srt:MinimumMemberping:CreditAgreement2019Member2019-12-012019-12-310001679826srt:MaximumMemberping:CreditAgreement2019Member2019-12-012019-12-310001679826ping:PeriodFromSeptember302016UntilSeptember302018Memberping:Revolver2016Member2016-01-012016-12-310001679826ping:PeriodFromSeptember302016Memberping:Revolver2016Member2016-01-012016-12-310001679826ping:TermLoan2018Member2018-09-012018-09-010001679826ping:TermLoan2016Member2016-08-032016-08-030001679826ping:TermLoan2018Memberus-gaap:LondonInterbankOfferedRateLIBORMember2018-09-012018-09-010001679826ping:TermLoan2018Memberus-gaap:BaseRateMember2018-09-012018-09-010001679826ping:TermLoan2016Memberus-gaap:LondonInterbankOfferedRateLIBORMember2016-01-012016-12-310001679826ping:TermLoan2016Memberus-gaap:BaseRateMember2016-01-012016-12-310001679826ping:CreditAgreement2019Member2019-12-310001679826us-gaap:RevolvingCreditFacilityMember2018-01-250001679826srt:ParentCompanyMembersrt:ReportableLegalEntitiesMember2019-01-012019-12-310001679826us-gaap:RevolvingCreditFacilityMember2018-01-252018-01-250001679826ping:CreditAgreement2019Member2019-12-012019-12-310001679826ping:ShoCardMemberus-gaap:SubsequentEventMember2020-02-280001679826ping:ElasticBeamIncMember2018-04-050001679826ping:ElasticBeamIncMember2019-01-012019-12-3100016798262018-01-012018-12-3100016798262017-01-012017-12-3100016798262019-06-2800016798262020-03-0200016798262019-01-012019-12-31xbrli:sharesiso4217:USDxbrli:pureping:itemiso4217:USDxbrli:sharesping:segment

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

WASHINGTON, D.C. 20549

_____________________________________

FORM 10-K

_____________________________________

ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the fiscal year ended December 31, 2019

or

TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the transition period from _____ to _____

Commission File Number: 001-39056

_________________________________________________________________

Graphic

PING IDENTITY HOLDING CORP.

(Exact Name of Registrant as Specified in Its Charter)

__________________________________________________________________

Delaware

81-2933383

(State or Other Jurisdiction of Incorporation or Organization)

(I.R.S. Employer Identification Number)

1001 17th Street, Suite 100

Denver, Colorado 80202

(Address of Principal executive offices, including zip code)

(303) 468-2900

(Registrant’s telephone number, including area code)

__________________________________________________________________________________

Securities Registered Pursuant to Section 12(b) of the Act:

Title of each class:

Trading Symbol(s):

Name of each exchange on which registered:

Common Stock, $0.001 par value per share

PING

New York Stock Exchange

Securities Registered Pursuant to Section 12(g) of the Act:

None.

__________________________________________________________________________________

Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act.   Yes   No

Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act.   Yes   No

Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days.   Yes   No

Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files).   Yes   No

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer”, “smaller reporting company” and “emerging growth company” in Rule 12b-2 of the Exchange Act.

Large accelerated filer

Accelerated filer

Non-accelerated filer

Smaller reporting company

Emerging growth company

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act.

Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act).   Yes   No

The registrant was not a public company as of the last business day of its most recently completed second fiscal quarter and therefore, cannot calculate the aggregate market value of its common stock held by non-affiliates as of such date.

On March 2, 2020, the Registrant had 79,731,031 shares of common stock, $0.001 par value, outstanding.

__________________________________________________________________________________

DOCUMENTS INCORPORATED BY REFERENCE

Portions of the information called for by Part III of this Annual Report on Form 10-K is hereby incorporated by reference from the definitive proxy statement for the Registrant’s annual meeting of stockholders, which will be filed with the Securities and Exchange Commission not later than 120 days after the Registrant’s fiscal year ended December 31, 2019.

PING IDENTITY HOLDING CORP.

FORM 10-K

For the Fiscal Year Ended December 31, 2019

TABLE OF CONTENTS

Page

Forward-Looking Statements

4

PART I.

Item 1.

Business

7

Item 1A.

Risk Factors

17

Item 1B.

Unresolved Staff Comments

53

Item 2.

Properties

53

Item 3.

Legal Proceedings

53

Item 4.

Mine Safety Disclosures

53

PART II.

Item 5.

Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities

54

Item 6.

Selected Consolidated Financial Data

57

Item 7.

Management’s Discussion and Analysis of Financial Condition and Results of Operations

59

Item 7A.

Quantitative and Qualitative Disclosures About Market Risk

85

Item 8.

Financial Statements and Supplementary Data

86

Item 9.

Changes in and Disagreements with Accountants on Accounting and Financial Disclosure

125

Item 9A.

Controls and Procedures

125

Item 9B.

Other Information

126

PART III.

Item 10.

Directors, Executive Officers and Corporate Governance

127

Item 11.

Executive Compensation

127

Item 12.

Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters

127

Item 13.

Certain Relationships and Related Transactions, and Director Independence

127

Item 14.

Principal Accounting Fees and Services

127

PART IV.

Item 15.

Exhibits and Financial Statements Schedules

128

Item 16.

Form 10-K Summary

132

Signatures

133

Table of Contents

Forward-Looking Statements

In addition to historical consolidated financial information, this Annual Report on Form 10-K contains “forward-looking statements” within the meaning of the Private Securities Litigation Reform Act of 1995 that involve substantial risks and uncertainties. All statements other than statements of historical fact included in this Annual Report on Form 10-K are forward-looking statements. These statements may include words such as “anticipate,” “estimate,” “expect,” “project,” “plan,” “intend,” “believe,” “may,” “will,” “should,” “can have,” “likely” and other words and terms of similar meaning in connection with any discussion of the timing or nature of future operating or financial performance or other events. For example, all statements we make relating to our estimated and projected costs, expenditures, cash flows, growth rates and financial results or our plans and objectives for future operations, growth initiatives, or strategies are forward-looking statements. All forward-looking statements are subject to risks and uncertainties that may cause actual results to differ materially from those that we expected. Specific factors that could cause such a difference include, but are not limited to, those set forth under Item 1A. “Risk Factors” and other important factors disclosed previously in our other filings with the SEC which include, but are not limited to:

our ability to adapt to rapid technological change, evolving industry standards and changing customer needs, requirements or preferences;
our ability to enhance and deploy our cloud-based offerings while continuing to effectively offer our on-premise offerings;
our ability to maintain or improve our competitive position;
the impact on our business of a network or data security incident or unauthorized access to our network or data or our customers’ data;
the effects on our business if we are unable to acquire new customers, if our customers do not renew their arrangements with us, or if we are unable to expand sales to our existing customers or develop new solutions or solution packages that achieve market acceptance;
our ability to manage our growth effectively, execute our business plan, maintain high levels of service and customer satisfaction or adequately address competitive challenges;
our dependence on our senior management team and other key employees;
our ability to enhance and expand our sales and marketing capabilities;
our ability to attract and retain highly qualified personnel to execute our growth plan;
the risks associated with interruptions or performance problems of our technology, infrastructure and service providers;
our dependence on Amazon Web Services cloud infrastructure services;
the impact of data privacy concerns, evolving regulations of cloud computing, cross-border data transfer restrictions and other domestic and foreign laws and regulations;
the impact of volatility in quarterly operating results;
the risks associated with our revenue recognition policy and other factors may distort our financial results in any given period;
the effects on our customer base and business if we are unable to enhance our brand cost-effectively;
our ability to comply with anti-corruption, anti-bribery and similar laws;
our ability to comply with governmental export and import controls and economic sanctions laws;
our ability to comply with HIPAA;
the potential adverse impact of legal proceedings;
the impact of our frequently long and unpredictable sales cycle;

4

Table of Contents

our ability to identify suitable acquisition targets or otherwise successfully implement our growth strategy;
the impact of a change in our pricing model;
our ability to meet service level commitments under our customer contracts;
the impact on our business and reputation if we are unable to provide high-quality customer support;
our dependence on strategic relationships with third parties;
the impact of adverse general and industry-specific economic and market conditions and reductions in IT and identity spending;
the ability of our platform, solutions and solution packages to interoperate with our customers’ existing or future IT infrastructures;
our dependence on adequate research and development resources and our ability to successfully complete acquisitions;
our dependence on the integrity and scalability of our systems and infrastructures;
our reliance on software and services from other parties;
the impact of real or perceived errors, failures, vulnerabilities or bugs in our solutions;
our ability to protect our proprietary rights;
the impact on our business if we are subject to infringement claim or a claim that results in   a significant damage award;
the risks associated with our use of open source software in our solutions, solution packages and subscriptions;
our reliance on SaaS vendors to operate certain functions of our business;
the risks associated with indemnity provisions in our agreements;
the risks associated with liability claims if we breach our contracts;
the impact of the failure by our customers to pay us in accordance with the terms of their agreements;
our ability to expand the sales of our solutions and solution packages to customers located outside of the United States;
the risks associated with exposure to foreign currency fluctuations;
the impact of Brexit;
the impact of potentially adverse tax consequences associated with our international operations;
the impact of changes in tax laws or regulations;
the impact of the Tax Act;
our ability to maintain our corporate culture;
our ability to develop and maintain proper and effective internal control over financial reporting;
our management team’s limited experience managing a public company;
the risks associated with having operations and employees located in Israel;
the risks associated with doing business with governmental entities;
the impact of catastrophic events on our business;
the impact of the emerging Coronavirus outbreak; and

5

Table of Contents

other factors disclosed in the section entitled ‘‘Risk Factors’’ and elsewhere in this Annual Report.

Given these factors, as well as other variables that may affect our operating results, you should not rely on forward-looking statements, assume that past financial performance will be a reliable indicator of future performance, or use historical trends to anticipate results or trends in future periods. The forward-looking statements included in this Annual Report on Form 10-K relate only to events as of the date hereof. We undertake no obligation to update or revise any forward-looking statement as a result of new information, future events or otherwise, except as otherwise required by law.

6

Table of Contents

PART I.

Item 1. Business

Our Mission

Our mission is to secure the digital world through Intelligent Identity.

Overview

Ping Identity is pioneering Intelligent Identity. We enable secure access to any service, application or application program interface (“API”) from any device. Our Intelligent Identity Platform can leverage artificial intelligence (“AI”) and machine learning (“ML”) to analyze device, network, application and user behavior data to make real-time authentication and security control decisions, enhancing the user experience. Our platform is designed to detect anomalies and automatically insert additional security measures, such as multi-factor authentication, only when necessary. We built our platform to meet the requirements of the most demanding enterprises. Our platform can be deployed across cloud, hybrid and on-premise infrastructures, offers a comprehensive suite of turnkey integrations and is able to scale to millions of identities and thousands of cloud and on-premise applications in a single deployment.

Enterprises are undergoing digital transformation as they seek to create new revenue streams, transition business models and increase customer engagement. Concurrently, enterprises are becoming more distributed as the adoption of cloud, mobile and the Internet of Things (“IoT”) moves data, applications and access requirements beyond the traditional network perimeter. These enterprises must contend with an evolving cyber-threat landscape, new privacy directives and stringent regulatory requirements. As a result, enterprises require Intelligent Identity solutions that proactively ensure the right user has authorized access to resources at the appropriate time.

Our Intelligent Identity Platform can secure all primary use cases, including customer, workforce, partner and IoT. For example, enterprises can use our platform to enhance their customers’ user experience by creating a single ID and login across web and mobile properties. For the year ended December 31, 2019, 42% of our subscription revenue was derived from the customer use case. Enterprises can also use our platform to provide their workforce and commercial partners with secure, seamless access from any device to the applications, data and APIs they need to be productive. Enterprises are increasingly using our platform to manage and authenticate IoT devices, such as connected vehicles and consumer devices.

Our Intelligent Identity Platform is comprised of six solutions that can be purchased individually or as a set of integrated offerings for the customer, workforce, partner or IoT use case:

secure single sign-on (“SSO”);
adaptive multi-factor authentication (“MFA”);
security control for applications and APIs (“Access Security”);
personalized and unified profile directories (“Directory”);
data governance to control access to identity data (“Data Governance”); and
AI and ML powered API security (“API Intelligence”).

We have spent over a decade building a comprehensive suite of turnkey integrations designed to ensure that enterprises can use our platform to secure their applications wall-to-wall, facilitating easier deployment and rapid time-to-value.

7

Table of Contents

We sell our solutions via a subscription model through a direct sales force, with increasing influence from our channel partners. We also utilize channel partners and system integrators to assist our customers in the implementation process. Our SSO, Access Security and Directory solutions typically replace legacy and homegrown systems. We also have significant greenfield opportunities with our MFA, Data Governance and API Intelligence solutions and, increasingly, the IoT use case.

Our land and expand strategy targets enterprises with a specific use case and solution or solution package, and then seeks to grow our footprint with additional use cases, identities, solutions and solution packages. The success of our strategy is validated by our strong dollar-based net retention rates, which were 116% and 115% at December 31, 2018 and 2019, respectively, and our growing number of large customers. At December 31, 2019, we had 38 customers with greater than $1,000,000 in ARR, an increase of 52% from 25 customers at December 31, 2018. Additionally, our customers with ARR over $250,000 increased from 202 at December 31, 2018 to 232 at December 31, 2019, representing a year-over-year growth rate of 15%. The increase of 30 net customers with ARR greater than $250,000 for the 2019 fiscal year is comprised of 13 new customers and 17 existing customers that had ARR grow to exceed $250,000 in 2019. Our total customers increased from 1,284 at December 31, 2018 to 1,361 at December 31, 2019. We have seen strong market demand for our cloud-based offerings and from enterprises deploying our solutions across the customer use case. A number of our customers deploy a combination of our solutions across multiple business units, functions and use cases in their initial purchase. For definitions of ARR and dollar-based net retention rate and descriptions of how we calculate these metrics, see “Management’s Discussion and Analysis of Financial Condition and Results of Operations.”

Our customers include many of the world’s largest enterprises, including over 50% of the Fortune 100. These customers are security-focused, and typically operate in regulated industries, have hybrid IT infrastructures, require turnkey integrations and have demanding scalability requirements. Our solutions secure 12 of the 12 largest U.S. banks (measured by assets), 8 of the 10 largest bio-pharmaceutical companies (measured by revenue), 7 of the 10 largest healthcare plans (measured by revenue) and 5 of the 7 largest U.S. retailers (measured by revenue). Our customer base is diversified, with no one customer or reseller accounting for more than 5% of our total revenue for the year ended December 31, 2019.

Since our inception, we have been an innovator in identity. We pioneered the concept of Intelligent Identity, which leverages AI and ML to analyze device, network, application and user behavior data to secure access and enhance the user experience. We founded Ping Identity with the vision of enabling enterprise security in a highly-connected world, replacing legacy security controls such as web gateways, virtual private networks (“VPNs”) and firewalls. We contributed to or co-authored many of the open identity standards such as SAML, OAuth, SCIM and OpenID Connect, which form the foundation of our industry. We have consistently been recognized as a leader in the Identity and Access Management (“IAM”) industry by Gartner and KuppingerCole.

Our Growth Strategy

The key elements of our growth strategy include:

Increase Sales to Existing Customers. We believe there are significant upsell and cross-sell opportunities within our existing customer base by adding identities and use cases and selling new solutions and solution packages. We have a strong track record of growing sales to our existing customers, as evidenced by our dollar-based net retention rates, which were 115% and 116% at December 31, 2019 and 2018, respectively.
Innovate and Enhance our Offerings. We intend to continue investing in research and development to enhance our existing solutions, add new solution packages and deployment options and expand use cases, such as IoT. We believe these emerging devices present a significant opportunity for us as the number of IoT identities and human-to-machine and machine-to-machine connections continue to increase. Additionally, we may from time to time assess acquisition opportunities to supplement our organic development of new solutions or capabilities.

8

Table of Contents

Expand our Customer Base by Investing in Sales and our Partner Network. We continue to make investments in sales and marketing to grow our customer base and drive broader awareness of our Intelligent Identity Platform. We plan to deepen and expand our joint go-to-market efforts with our channel partners, system integrators and technology partners.
Expand our Customer Base by Targeting New Buyers. We focus our selling efforts on executives such as Chief Information Officers (“CIOs”) and Chief Information Security Officers (“CISOs”) who are often making strategic top-down decisions to purchase our platform. We recently extended our cloud-based offering to target developers who represent a new addressable customer base for us. The ability for developers to directly integrate identity into their applications accelerates the adoption of identity within the enterprise.
Continue to Expand our Global Presence. We have a large and growing international presence and intend to grow our customer base in various international regions by making investments in our sales team globally. For the year ended December 31, 2019, our international revenue was 22% of our total revenue. We expect international sales to be a meaningful revenue contributor in future periods.

Our Intelligent Identity Platform

We enable secure access to any service, application or API from any device. Our Intelligent Identity Platform can leverage AI and ML to analyze device, network and user behavior data to make real-time authentication and security control decisions, enhancing the user experience. Our platform is designed to detect anomalies and automatically insert additional security measures, such as MFA, only when necessary. Our Intelligent Identity Platform provides the following key benefits:

intelligent authentication of users based on contextual signals and risk attributes;
one platform for all primary use cases;
flexible hybrid deployment options;
turnkey integrations across cloud and on-premise applications;
high standards for critical security and resiliency; and
scalable to billions of identities.

Our Intelligent Identity Platform Supports All Primary Use Cases

Customer. Our platform helps enterprises better engage with their customers by providing a consistent, modern, omni-channel user experience through personalized access to all digital services. This enhanced digital experience improves brand loyalty and drives additional revenue, while also strengthening security.
Workforce. Our platform allows enterprises to provide their workforce with seamless and secure access to all of their cloud and on-premise applications and APIs to enable better employee productivity.
Partner. Our platform helps enterprises rapidly connect with partners and manage their access privileges when onboarding and offboarding users.
IoT. Our platform is increasingly being used to manage IoT identities, such as connected vehicles and consumer devices, and authenticate machine-to-machine and human-to-machine interactions.

9

Table of Contents

Deployment Flexibility

We have designed our solutions and solution packages for flexible deployment because every enterprise has different customization, control, security and privacy needs. Our deployment options include:

Cloud. Cloud-first enterprises can consume our Intelligent Identity Platform as software-as-a-service (“SaaS”) or deploy our Intelligent Identity Platform in their cloud.
Hybrid. For hybrid enterprises, our Intelligent Identity Platform can be consumed both in the cloud and on-premise.
On-Premise. For enterprises seeking the highest degree of control over security and privacy, our Intelligent Identity Platform can be deployed in the customer’s data center.

Our Solutions and Solution Packages

Our Intelligent Identity Platform is comprised of six solutions (SSO, MFA, Access Security, Directory, Data Governance and API Intelligence) that can be purchased individually or as a set of integrated offerings for the customer, workforce, partner or IoT use case. Our modular design allows customers to easily integrate with existing applications and infrastructures and does not require an all-or-nothing rip and replace. All of our solutions use open standards for maximum interoperability and extensibility.

We also provide solution packages that include combinations of our most commonly deployed solutions along with Ping Identity professional services. These solution packages enhance our land strategy by accelerating the deployment of large initial purchases in the customer and workforce use cases. We have designed our solution packages based on market demand and the most popular combination of Ping Identity solution deployments. For example, our Customer360 and Workforce360 solution packages include SSO, MFA, Directory and Ping Identity Professional Services and represent a combination of solutions commonly found in our customer base.

Single Sign-On. Our SSO solution allows users to sign on using one set of secure credentials, giving them one-click access to their applications and resources regardless of location. Our SSO solution provides turnkey integrations for a wide range of applications, cloud services, IT infrastructures and directory solutions, including third party directories, as well as our Directory solution. Within our SSO solution, our adaptive authentication policies enable organizations to predictively authenticate users in real-time based on device, network, application and user behavior data. Our advanced SSO features include:

utilization of open-standards such as SAML, OAuth, OIDC, WS-*, SCIM, FIDO2;
support for identity, OpenID Connect Token, and service providers;
advanced protocol translation to maximize interoperability with partners;
flexible authentication mechanisms (Adapters, Policy Tree and SDK);
advanced user identity attribute aggregation (LDAP, JDBC and SDK);
inbound and outbound SaaS user provisioning; and
advanced enterprise SIEM and audit logging.

Multi-Factor Authentication. Our adaptive MFA solution helps optimize the balance between security and user experience by enforcing additional authentication factors as necessary when accessing sensitive resources, conducting high-value transactions and engaging in other elevated risk scenarios. Adaptive MFA allows users to conduct low-value transactions from trusted devices without interruption, while prompting MFA during high-

10

Table of Contents

value transactions, activity from untrusted devices and networks or in response to anomalous behavior. Our MFA solution works across use cases with personal or corporate-owned mobile devices and integrates with enterprise mobility management and mobile device management solutions. Our advanced MFA features include:

multiple authentication factors: one-time passwords that are sent via SMS, email or voice call; secure key; smartwatch; mobile applications for iOS/Android (including biometrics or swipe); and desktop applications;
advanced adaptive authentication policies;
off-line use cases;
FIDO2 compatible devices;
mobile SDK to embed MFA functionality directly within an enterprise’s mobile application; and
support for SSH applications, Windows login/RDP or any RADIUS-compliant VPN server or remote access system.

Access Security. Our Access Security solution allows enterprises to apply a greater depth of security control over their web applications and APIs in any domain for users on any device. We offer a comprehensive policy engine down to the URL level that is designed to ensure only an authorized user can access resources. Our solution evaluates access decisions in real-time based on network, browser and authentication attributes, while continuously validating the risk profile of the user or device. Our advanced Access Security features include:

security for web and API-based resources, either in gateway or agent mode;
integrations with any OpenID Connect identity provider;
Attribute-Based Access Control or Role-Based Access Control;
advanced HTTP header or JSON Web Token identity mappings;
open-standards web session management;
flexible step-up authentication rules;
site authenticators, load-balancing and failover;
access rules (i.e., network range, time range), processing rules (i.e., URL rewriting) or custom rules (Groovy or Java SDK); and
enterprise SIEM and audit logging.

Directory. Our Directory solution securely stores and manages sensitive identity and device data at scale. It includes real-time, bidirectional synchronization capabilities to migrate or sync data from multiple sources into a secure, scalable and unified profile. This single source of data is designed to provide a consistent experience across digital business interactions, no matter where the applications and services are deployed. Our advanced Directory features include:

scalability to millions of identities;
millisecond response times;

11

Table of Contents

advanced data modeling and access features for structured and unstructured data;
real-time data synchronization for easy migration from legacy LDAP directories;
developer-friendly REST APIs;
encryption for maximum security of all data “at rest” (database files, database indexes, log files, backups and exports) and “in transit” (network connections from clients and peer servers);
encryption keys that can be stored independent of encrypted data using enterprise password vaults and hardware security modules;
flexible plugin architecture; and
advanced multi-region and multi-master replication for low latency data access.

Data Governance. Our Data Governance solution provides centralized, fine-grained control over access to sensitive identity and device data across use cases. This enables organizations to restrict internal and external applications from accessing specific identity attributes such as social security numbers, credit card numbers, billing addresses or the entire user profile. Data access policies can evaluate attributes and preferences of the profile being requested, data from other repositories and information about the application and user making the request. Our Data Governance solution enables enterprises to comply with a broad range of regulatory requirements, such as the General Data Protection Regime (the “GDPR”), by restricting data that a user has not consented to share and denying access to personal information that applications and users do not need to perform their tasks. Our advanced Data Governance features include:

centralized policy controls via XACML and JEXL to govern data access;
customer management of opt-in/opt-outs and preferences;
support for LDAP v3 and various other data sources for user and data backend stores; and
support for other OpenID Connect providers as identity providers.

API Intelligence. Our API Intelligence solution can apply AI and ML to continuously inspect, report and act on all API activity. Our solution is purpose-built to recognize and respond to attacks that are designed to exploit the unique vulnerabilities of individual APIs. These attacks often go undetected by traditional security tools, such as application firewalls and API gateways. Our advanced API Intelligence features include:

API traffic monitoring, visibility and security using AI and ML;
automated API discovery;
API deception and honeypot;
API threat detection and blocking; and
deployment in-line or to the side of API gateways.

Our Technology

Our technology has been developed to the highest standards for security, performance, scale and interoperability. Our platform is built on the following core tenets:

12

Table of Contents

Open Standards. We pioneered open identity standards that reduce the cost and complexity of interoperability and integration between IT vendors and partners. We also participated in the creation of many of the Internet Engineering Task Force standards in the identity space and continue to support the evolution and creation of new standards.
Turnkey Integrations. We provide a broad range of out-of-the-box adapters for “first-mile” and “last-mile” integration to cloud and on-premise applications and other systems. For example, we integrate with major enterprise identity systems, such as CA Technologies (now Broadcom), IBM, Oracle and Microsoft, as well as environments and application platforms such as Apache, Java, IIS, NGINX and WebSphere. In addition, we provide an extensive set of SaaS and social identity connectors that provide full integration with API functions. For example, our ServiceNow integration leverages over 20 user attributes. We also have out-of-the-box integrations with a variety of cloud-based and on-premise data sources, adaptive authentication providers and security and intelligence service providers.
Artificial Intelligence and Machine Learning. Our API Intelligence solution utilizes our proprietary AI/ML capabilities to continuously inspect, report and act on all API activity. We are in the process of leveraging and expanding these AI/ML capabilities across our broader platform to deliver Intelligent Identity security based on device, network, application and user behavior data instead of manual rules and policies. Currently, our core identity and access management solutions can be deployed with AI and ML capabilities that we license from a third party. However, we do not actively market or sell the AI and ML capabilities of these solutions. Our platform’s ultimate goal is to deliver password-less, zero-login capabilities to secure access and enhance user experience. See “Risk Factors — Risks Related to our Business — We rely on software and services from other parties. Defects in or the loss of access to software or services from third parties could increase our costs and adversely affect the quality of our solutions.”
Uptime and Availability. We provide critical uptime and offer advanced redundancy features such as off-line modes to ensure services are available even when internet connectivity is lost. Our multi-tenant cloud-based offering is hosted in multiple regions around the world for redundancy and continuity. Our maintenance windows do not require any downtime, and our platform has delivered over 99.9% uptime across our customer base over the past 12 months.
Scalability and Performance. Our platform can scale to millions of identities and thousands of cloud and on-premise applications in a single deployment.
Self-service. Self-service is becoming increasingly important as IT and IAM teams with limited resources seek to provide centralized IAM to the entire enterprise. The ability for developers to directly integrate identity into their applications accelerates the adoption of identity within the enterprise.
Security by Design. We integrate security into all of our solutions. Our security analysts maintain the security of our solutions by monitoring core services, both corporate and customer-facing, for indications of attack or compromise. We partner with trusted third party security firms to perform full-scope assessments and additional architectural reviews of our solutions. We also engage with third-party audit firms to perform SOC2 Type II audits, and ISO 27001-2013 certification of our security program.

Sales and Marketing

Sales

We sell our solutions primarily through direct sales. We have a stratified direct sales organization that is organized by customer size and the type of solution and deployment. Within our sales organization, our strategic account executives focus on the largest and most complex enterprises that typically purchase multiple products or deployment options. In addition, we have account executives that target less complex enterprise customers that typically purchase a single solution or deployment option initially.

13

Table of Contents

Our direct sales are enhanced by collaboration with our channel partners in sourcing new leads, aiding in pre-sale processes such as proof of concepts, demos or requests for proposals and reselling our solutions to customers, as well as collaboration with our system integrators and technology partners. We also leverage a number of our channel partners and system integrators to provide the implementation services for some of our larger and more complex deployments, significantly increasing the time-to-value for our customers and maximizing the efficiency of our go-to-market efforts. For the year ended December 31, 2019, 55% of our new business was influenced by channel partners.

Marketing

We focus our marketing strategy on building brand recognition through thought leadership and differentiated messaging that communicates the business value of our platform. Our efforts include content marketing, social media, SEO, events and public and analyst relations. We convert this brand awareness into our pipeline through campaigns that integrate digital, social, web and field marketing tactics aimed at adding new customers and cross-marketing our solutions into our existing customer base. We host user conferences in select cities around the globe to tap into the power of our passionate customer base and our broader ecosystem. We also founded and host the leading identity industry conference called Identiverse. Identiverse is held annually and attendees include architects, IAM professionals, IT administrators, developers, security professionals and CISOs, as well as technology vendors, system integrators, industry analysts and thought leaders.

Our Customers

At December 31, 2019, we had 1,361 customers. We define a customer as a separate legal entity with an individual subscription agreement and include in our customer count entities which we have sold directly and entities that have purchased one or more solutions from a reseller. Our customer base is comprised of over 50% of the Fortune 100. As of December 31, 2019, our customer base included 12 of the 12 largest U.S. banks (measured by assets), 8 of the 10 largest bio-pharmaceutical companies (measured by revenue), 7 of the 10 largest healthcare plans (measured by revenue) and 5 of the 7 largest U.S. retailers (measured by revenue). Our customer base is diversified, with no one customer or reseller accounting for more than 5% of our total revenue for the year ended December 31, 2019. We have a highly satisfied customer base, as evidenced by our Net Promoter Score of 61 in 2019.

Partnerships and Strategic Relationships

The PingPartner Network is comprised of key partnerships across our solution provider and technology alliance programs. This global network delivers expertise, value-added services and technology that are critical to the success of our customers.

Solution Provider Program

We have built strong relationships with channel partners, system integrators and technology partners that have allowed us to generate new business opportunities and enhance existing practices such as strategic planning, program management, architecture, design, implementation, ongoing change management and support.

Technology Alliance

We have built a broad ecosystem of over 100 technology partners. Our Technology Alliance Partner ecosystem spans the landscape of IAM and related technologies, giving our customers access to comprehensive, cross-application, integrated solutions. Our technology partners expand and extend the value of their solutions, and our solutions, by integrating their technology with our Intelligent Identity Platform. Additionally, our partners provide us with complementary technology and sales and marketing collateral that help us to more effectively sell together.

We partner with Microsoft, and this partnership has led to key product integrations. Through our collaboration, customers can leverage our platform to connect to the Microsoft Azure or Office365 services and enjoy rapid

14

Table of Contents

deployments via our integrations. We also enable non-Microsoft applications and environments to be easily integrated into the Microsoft ecosystem. Lastly, our MFA solution works directly with Microsoft ADFS and AzureAD to provide enterprise-grade adaptive authentication to Microsoft’s cloud-based offerings.

We also partner with AWS to provide provisioning and deployment of our solutions to our customers through this collaboration. We offer AWS single sign-on integration for a leading enterprise cloud experience. We also offer a hybrid deployment that can scale across AWS for enterprise applications.

Professional Services and Customer Support

Professional Services

Our professional services organization helps customers architect, deploy, configure, extend and integrate our platform into their IT environments. We offer a variety of packaged and configured offerings and expert guidance that leverage our best practices and experience, all of which are available for our robust partner community to use or resell. We complement our professional services with formal instructor-led and web-based on-demand training courses.

Customer Support

We offer three tiers of support, each building on the previous tier to most closely align with a customer’s requirements. Support is included for our cloud and on-premise offerings during the term of a customer’s subscription. All support tiers offer maintenance releases, patches and access to our support services and portal. Our support portal offers customers documentation, how-to guides, videos and a community where our customers can ask questions and find answers. Our customer support organization includes experienced, trained personnel and engineering resources located around the world to provide 24x7x365 support for critical issues.

Research and Development

Innovation is at the core of what we do. Approximately one-third of our employees are devoted to research and development. Our research and development efforts are focused on building industry leading solutions, addressing all primary use cases, enhancing deployment flexibility and providing seamless integration across cloud and on-premise applications. We believe that the ongoing and timely development of new solutions and features is imperative to maintaining our competitive position. We continue to invest in our solutions across our development centers in: Denver, Colorado; Austin, Texas; Tel Aviv, Israel; Vancouver, Canada; and Bangalore, India.

Intellectual Property

Our success depends in part on our ability to protect our intellectual property. We rely on copyrights and trade secret laws, confidentiality procedures, employment agreements and proprietary information and invention assignment agreements, trademarks and patents to protect our intellectual property rights.

We control access to, and use of, our solutions and other confidential information through the use of internal and external controls, including contractual protections with employees, contractors, customers and partners, and our software is protected by U.S. and international copyright and trade secret laws. Despite our efforts to protect our trade secrets and proprietary rights through intellectual property rights, licenses and confidentiality agreements, unauthorized parties may still copy or otherwise obtain and use our software and technology, and such risks may increase as we attempt to expand into jurisdictions where such rights are less easily enforced, or are more subject to reverse engineering or misappropriation due to local legal requirements.

As of December 31, 2019, we had 16 issued United States patents and 8 patent applications pending in the United States relating to certain aspects of our technology. Our issued United States patents expire between December 14, 2031 and July 31, 2036. We cannot assure you whether any of our patent applications will result in the issuance of a patent or whether the examination process will require us to narrow our claims. Any of our

15

Table of Contents

existing patents and any that are issued in the future may be contested, circumvented, found unenforceable or invalidated, and we may not be able to prevent third parties from infringing them. In addition, we have international operations and intend to continue to expand these operations, and effective patent, copyright, trademark and trade secret protection may not be available or may be limited in foreign countries.

Competition

We face competition from (1) legacy providers, (2) cloud-only providers and (3) homegrown solutions.

Legacy providers include Broadcom, IBM and Oracle, among others. These providers generally designed their solutions when enterprise applications were monolithic and on-premise. Their solutions utilize proprietary architectures, which require customized features and integrations to scale. Today, these solutions have the reputation of being complex, costly and increasingly fragile. Thus, legacy providers often struggle to offer a single comprehensive solution that spans all IT environments, including cloud and on-premise.

We also compete with cloud-only providers, such as Okta and OneLogin, that primarily focus on the workforce use case. These providers have solutions that are generally geared towards small and medium-sized businesses that have IT infrastructures hosted entirely in the cloud. Large enterprises typically do not have cloud-only infrastructures, and while many are moving components of their IT environments to the cloud, we believe the majority of applications and workloads will continue to reside on-premise. Thus, a cloud-only IAM solution cannot deliver a single comprehensive solution to enterprises that provides wall-to-wall coverage across their complex hybrid IT environments.

Microsoft also competes in our market and has tied its identity services to both Azure and its Office365 offerings. However, we partner with Microsoft to provide SSO, security control and adaptive MFA where non-Microsoft environments require integration or independence is preferred. Microsoft’s integration and interoperability with our solutions benefits enterprises while providing optionality and choice.

We believe the principal competitive factors in the IAM market include: (1) the ability to address all primary use cases from one platform; (2) the ability to deploy in large, complex hybrid IT environments; (3) the ability to integrate easily with all applications (cloud and on-premise); (4) technology uptime, reliability, scalability and performance; (5) the ability to support open standards; and (6) customer, technology and platform support. We believe we compete favorably on these factors.

Employees

As of December 31, 2019, we had a total of 953 full time employees, of which approximately one-third were in research and development. We have a strong corporate culture, high employee engagement and are consistently ranked by third parties as one of the best places to work.

Corporate Information

Our principal executive offices are located at 1001 17th Street, Suite 100, Denver, Colorado 80202. Our telephone number is (303) 468-2900. Our website address is www.pingidentity.com. The information contained on, or that can be accessed through, our website is not incorporated by reference into this annual report, and you should not consider any information contained on, or that can be accessed through, our website as part of this Annual Report on Form 10-K. We are a holding company and all of our business operations are conducted through our subsidiaries. We were incorporated in 2016 as Roaring Fork Holding, Inc. and changed our name to Ping Identity Holding Corp. in connection with our initial public offering (“IPO”).

This Annual Report on Form 10-K includes our trademarks and service marks such as “Ping Identity” and “Identiverse,” which are protected under applicable intellectual property laws and are the property of us or our subsidiaries. This report also contains trademarks, service marks, trade names and copyrights of other companies, such as “Amazon,” “Google” and “Microsoft,” which are the property of their respective owners. Solely for convenience, trademarks and trade names referred to in this report may appear without the ® or ™

16

Table of Contents

symbols, but such references are not intended to indicate, in any way, that we will not assert, to the fullest extent under applicable law, our rights or the rights of the applicable licensor to these trademarks and trade names.

Available Information

We make available, free of charge through our website, our annual reports on Form 10-K, quarterly reports on Form 10-Q and current reports on Form 8-K, and amendments to those reports, filed or furnished pursuant to Sections 13(a) or Section 15(d) of the Securities Exchange Act of 1934, as amended, as soon as reasonably practicable after they have been electronically filed with, or furnished to, the SEC.

The SEC also maintains a website (www.sec.gov) that contains reports, proxy and information statements, and other information regarding issuers that file electronically with the SEC.

Item 1A. Risk Factors

A description of the risks and uncertainties associated with our business is set forth below. You should carefully consider the risks described below, together with the financial and other information contained in this Annual Report on Form 10-K. If any of the following risks actually occurs, our business, financial condition, results of operations, cash flows and prospects could be materially and adversely affected. As a result, the trading price of our common stock could decline and you could lose all or part of your investment in our common stock.

Risks Relating to Our Business

If we fail to adapt to rapid technological change, evolving industry standards and changing customer needs, requirements or preferences, our ability to remain competitive could be impaired.

The IAM market is characterized by rapid technological change, evolving industry standards and changing regulations, as well as changing customer needs, requirements and preferences. The success of our business will depend, in part, on our ability to anticipate, adapt and respond effectively to these changes on a timely and cost-effective basis. In addition, as our customers’ technologies and business plans grow more complex, we expect them to face new and increasing challenges. Our customers require that our platform effectively identify and respond to these challenges without disrupting the performance of our customers’ IT systems or interrupting their business operations. As a result, we must continually modify and improve our offerings in response to changes in our customers’ IT infrastructures and operational needs or end-user preferences. The success of any enhancement to our existing offerings or the deployment of new offerings depends on several factors, including the timely completion and market acceptance of our enhancements or new offerings. Any enhancement to our existing offerings or new offerings that we develop and introduce involves significant commitment of time and resources and is subject to a number of risks and challenges including:

ensuring the timely release of new solutions, solution packages and solution enhancements;
adapting to emerging and evolving industry standards, technological developments by our competitors and customers and changing regulatory requirements;
interoperating effectively with existing or newly-introduced technologies, systems or applications of our existing and prospective customers;
resolving defects, errors or failures in our platform, solutions or solution packages;
extending the operation of our offerings and services to new and evolving platforms, operating systems and hardware products, such as mobile and IoT devices; and
managing new solution, solution package and service strategies for the markets in which we operate.

17

Table of Contents

If we are not successful in managing these risks and challenges, or if our new solutions, solution upgrades and services are not technologically competitive or do not achieve market acceptance, our business, results of operations and financial condition could be adversely affected.

If we are unable to enhance and deploy our cloud-based offerings while continuing to effectively offer our on-premise offerings, our business and operating results could be adversely affected.

Historically, our revenue has been driven predominately by our on-premise offerings. For the year ended December 31, 2019, $161.4 million, or 66%, of our total revenue was from subscription term-based licenses, whereas $63.9 million, or 26%, of our total revenue was from subscription SaaS and support and maintenance. For the year ended December 31, 2018, $133.7 million, or 66%, of our total revenue was from subscription term-based licenses whereas $51.3 million, or 25%, of our total revenue was from subscription SaaS and support and maintenance. For the year ended December 31, 2017, $122.1 million, or 71%, of our total revenue was from subscription term-based licenses whereas $38.1 million, or 22%, of our total revenue was from subscription SaaS and support and maintenance. The remainder of our revenue, or $17.6 million, $16.6 million and $12.3 million for the years ended December 31, 2019, 2018 and 2017, respectively, was attributable to professional services and other. All of our revenue from support and maintenance and a portion of our revenue from professional services is associated with our on-premise offerings. As a result, for the periods presented, the percentage of our total revenue from all revenue sources associated with on-premise offerings was significantly higher than the percentage of our total revenue based solely on subscription term-based licenses and we expect this to remain true for the foreseeable future. We have responded to the increasing market shift toward cloud-based services by developing and introducing additional cloud-based IAM offerings to our customers. While our customers are increasingly adopting our cloud-based offerings, we expect our customers to continue to require substantial on-premise and hybrid offerings. To support hybrid deployment of our offerings, our developers and support team must be trained on and learn multiple environments in which our platform is deployed, which is more expensive than supporting a cloud-only offering. Moreover, we must engineer our software for on-premise, cloud and hybrid deployments, which we expect will cause us additional research and development expense that may impact our operating results. Furthermore, we cannot assure you that the market for cloud-based offerings will develop at a rate or in the manner we expect or that our cloud-based offerings will be competitive with those of more established cloud-based providers or other new market entrants. We are directing a significant portion of our financial and operating resources to implement a robust and secure cloud-based offering for our customers, but even if we continue to make these investments, we may be unsuccessful in growing or implementing our cloud-based offerings in a way that competes successfully against our current and future competitors and in such event our business, results of operations and financial condition could be harmed. Customers may require features and capabilities that our current solutions or solution packages do not have and that we may be unable to develop. If we are unable to develop and deploy cloud-based offerings alongside on-premise offerings that satisfy customer preferences in a timely and cost-effective manner, it may harm our ability to renew subscriptions with existing customers and to create or increase demand for our solutions or solution packages with new customers, and may adversely impact our financial condition and results of operations.

We face intense competition, especially from larger, well-established companies, and we may lack sufficient financial or other resources to maintain or improve our competitive position.

The IAM market is intensely competitive, and we expect competition to increase in the future from established competitors and new market entrants. We face competition from (1) legacy providers, (2) cloud-only providers and (3) homegrown solutions. Legacy providers include Broadcom, IBM and Oracle, among others. We also compete with cloud-only providers, such as Okta and OneLogin that primarily focus on the workforce use case. Microsoft also competes in our market and has tied its identity services to both its Azure and Office365 offerings. With the recent increase in large merger and acquisition transactions in the technology industry, particularly transactions involving cloud-based technologies, there is a greater likelihood that we will compete with other large technology companies in the future. For example, Amazon or Google could acquire or develop an IAM or identity security platform that competes directly with our solutions. These companies have significant name recognition, considerable resources and existing IT infrastructures and powerful economies of scale and scope, which allow them to rapidly develop and deploy new solutions. Many of our existing competitors have, and some of our potential competitors could have, substantial competitive advantages such as greater name

18

Table of Contents

recognition and longer operating histories, larger sales and marketing budgets and resources, broader distribution and established relationships with channel partners and customers, greater customer support resources, greater resources to make acquisitions, lower labor and development costs, larger and more mature intellectual property portfolios and substantially greater financial, technical and other resources.

In addition, some of our larger competitors have substantially broader product offerings and leverage their relationships based on other products they offer or incorporate functionality into existing products to gain business in a manner that discourages users from purchasing our solutions or solution packages, including through selling at zero or negative margins, product bundling or closed technology platforms. Potential customers may also prefer to purchase from their existing suppliers rather than a new supplier regardless of product performance or features. Our larger competitors often have broader product lines and market focus and are less susceptible to downturns in a particular market. Our competitors may also seek to repurpose their existing offerings to provide identity solutions with subscription models. Additionally, start-up companies that innovate and large competitors that are making significant investments in research and development may invent similar or superior products and technologies that compete with our solutions or solution packages.

Consolidation in the markets in which we compete may affect our competitive position. This is particularly true in circumstances where customers are seeking to obtain a broader set of solutions and services than we are currently able to provide. In addition, some of our competitors may enter into new alliances with each other or may establish or strengthen cooperative relationships with system integrators, third-party consulting firms or other parties. Any such consolidation, acquisition, alliance or cooperative relationship could lead to pricing pressure and loss of market share and could result in a competitor with greater financial, technical, marketing, service and other resources, all of which could harm our ability to compete. Furthermore, organizations may be more willing to incrementally add solutions to their existing infrastructure from competitors than to replace their existing infrastructure with our solutions or solution packages. These competitive pressures in our market or our failure to compete effectively may result in fewer orders and reduced revenue and gross margins. Any failure to meet and address these factors could adversely affect our business, results of operations and financial condition.

A network or data security incident may allow unauthorized access to our network or data or our customers’ data, harm our reputation, create additional liability and adversely impact our financial results.

Increasingly, companies are subject to a wide variety of attacks on their networks and systems. In addition to threats from traditional computer hackers, malicious code (such as malware, viruses, worms and ransomware), employee theft or misuse, password spraying, phishing and distributed denial-of-service (“DDOS”) attacks, we now also face threats from sophisticated nation-state and nation-state supported actors who engage in attacks (including advanced persistent threat intrusions) that add to the risks to our internal networks, our platform, our third-party service providers and our customers’ systems and the information that they store and process. Despite significant efforts to create security barriers to safeguard against such threats, it is virtually impossible for us to entirely mitigate these risks. As a well-known provider of IAM solutions, we pose an attractive target for such attacks. The security measures we have integrated into our internal networks and platform, which are designed to detect unauthorized activity and prevent or minimize security breaches, may not function as expected or may not be sufficient to protect our internal networks and platform against certain attacks. In addition, techniques used to sabotage or obtain unauthorized access to networks in which data is stored or through which data is transmitted change frequently and generally are not recognized until launched against a target. As a result, we may be unable to anticipate these techniques or implement adequate preventative measures to prevent an electronic intrusion into our networks.

If a breach of customer data security or unauthorized access to customer systems through our platform were to occur, as a result of third-party action, employee error, malfeasance or otherwise, and the confidentiality, integrity or availability of our customers’ data or systems was disrupted, we could incur significant liability to our customers and to individuals or businesses whose information we process, and our platform may be perceived as less desirable, which could negatively affect our business and damage our reputation. In such event, the potential liability exposure to our customers under our contracts could significantly exceed the revenue associated with those contracts. Our ability to retain existing customers, expand use case and solution or

19

Table of Contents

solution package penetration with existing customers and acquire new customers is dependent upon our reputation as a trusted intelligent security provider. The importance of our reputation in retaining existing business and acquiring new business is heightened by our focus on enterprise customers. In addition, we have a number of customers that operate in highly-regulated industries where our customers’ data is particularly sensitive, such as financial services and healthcare. A network or security breach could damage our relationships with customers, result in the loss of customers across one or more use case, solution or solution package and make it more challenging to acquire new customers and such damage would likely be heightened in the event a network or security breach occurred in the highly-regulated industries we serve. Because techniques used to obtain unauthorized access to, or sabotage, systems change frequently and may not be recognized until launched against a target, we and our customers may be unable to anticipate these techniques or implement adequate preventive measures.

In addition, security incidents impacting our platform or the systems of our third-party service providers could result in a risk of loss or unauthorized access to or disclosure of the information we process on behalf of our customers. This, in turn, could require notification under applicable data privacy regulations, and could lead to litigation, governmental audits and investigations and possible liability, damage our relationships with our existing customers, trigger indemnification and other contractual obligations, cause us to incur investigation, mitigation and remediation expenses, and have a negative impact on our ability to attract and retain new customers. Furthermore, any such incident, including a breach of our customers’ systems, could compromise our networks or networks secured by our solutions, creating system disruptions or slowdowns and exploiting security vulnerabilities of our or our customers’ networks, and the information stored on our or our customers’ systems could be accessed or disclosed without authorization, altered, lost or stolen, which could subject us to liability and cause us financial harm. An actual or perceived breach of our networks, our customers’ networks or other networks secured by our solutions, whether or not due to a vulnerability in our platform, may also undermine confidence in our platform or our industry and result in expenditure of significant resources in efforts to analyze, correct, eliminate or work around errors or defects, delayed or lost revenue, delay in the development or release of new solutions, solution packages or services, an increase in collection cycles for accounts receivable, damage to our brand and reputation, negative publicity, loss of channel partners, customers and sales, increased costs to remedy any problem, increased insurance expense and costly litigation. In addition, if a high profile security incident occurs with respect to another IAM solution provider, our customers and potential customers may lose trust in the value of the IAM solution business model generally, including the security of our solutions, which could adversely impact our ability to retain existing customers or attract new ones, potentially causing a negative impact on our business. Any of these negative outcomes could adversely impact market acceptance of our solutions or solution packages and could adversely affect our business, results of operations and financial condition.

Third parties may attempt to fraudulently induce employees or customers into disclosing sensitive information such as user names, passwords or other information or otherwise compromise the security of our internal networks, electronic systems and/or physical facilities or those of our third-party service providers, in order to gain access to our data or our customers’ data, which could result in significant legal and financial exposure, a loss of confidence in the security of our platform, interruptions or malfunctions in our operations, and, ultimately, harm to our future business prospects and revenue. We may be required to expend significant capital and financial resources to protect against such threats or to alleviate problems caused by breaches in security.

Our future revenue and operating results will be harmed if we are unable to acquire new customers, if our customers do not renew their arrangements with us, or if we are unable to expand sales to our existing customers or develop new solutions and solution packages that achieve market acceptance.

To continue to grow our business, it is important that we continue to acquire new customers. Our success in adding new customers depends on numerous factors, including our ability to (1) offer a compelling Intelligent Identity Platform and effective solutions and solution packages, (2) execute our sales and marketing strategy, (3) attract, effectively train and retain new sales, marketing, professional services and support personnel in the markets we pursue, (4) develop or expand relationships with channel partners, system integrators and technology partners, (5) expand into new geographies and vertical markets, (6) deploy our platform, solutions and solution packages for new customers and (7) provide quality customer support once deployed.

20

Table of Contents

It is important to our continued growth that our customers renew their arrangements when existing contract terms expire. Our customers have no obligation to renew their subscription agreements, and our customers may decide not to renew these agreements with a similar contract period, at the same prices and terms or with the same or a greater number of identities, or at all. Our customer retention and expansion rates may decline or fluctuate as a result of a number of factors, including our customers’ satisfaction with our solutions or solution packages, our customer support and professional services, our prices and pricing plans, the competitiveness of other IAM solutions and services, reductions in our customers’ spending levels, user adoption of our solutions or solution packages, deployment success, utilization rates by our customers, new releases and changes to our solutions and/or solution packages. Additionally, new consolidations, acquisitions, alliances or cooperative relationships involving one or more of our customers may lead such customers not to renew their existing subscriptions with us.

Our ability to increase revenue also depends in part on our ability to increase the number of identities managed by our platform and sell more use cases, solutions and solution packages to our existing and new customers. Our ability to increase sales to existing customers depends on several factors, including their experience with implementing our solutions and solution packages and using our platform and the existing solutions they have implemented, their ability to integrate our solutions and solution packages with existing technologies and our pricing model. As we expand our market reach, we may experience difficulties in gaining traction and raising awareness among potential customers regarding the critical role that our solutions play in securing their businesses and we may face more competitive pressure in such markets.

If our new solutions and/or solution packages do not achieve adequate acceptance in the market or if we fail to effectively incorporate features and capabilities that our customers expect, our competitive position could be impaired, and our potential to generate new revenue or to retain existing revenue could be diminished. The adverse effect on our financial results may be particularly acute because of the significant research, development, marketing, sales and other expenses we will have incurred in connection with the new solutions and solution packages and our ability to introduce compelling new solutions and solution packages that address the requirements of our customers in light of the dynamic IAM market in which we operate.

If we are unable to successfully acquire new customers, retain our existing customers, expand sales to existing customers or introduce new solutions and solution packages, our business, financial condition and operating results could be adversely affected.

If we fail to manage our growth effectively, we may be unable to execute our business plan, maintain high levels of service and customer satisfaction or adequately address competitive challenges.

We have experienced, and may continue to experience, rapid growth and organizational change, which has placed, and may continue to place, significant demands on our management and our operational and financial resources. Additionally, our organizational structure may become more complex as we improve our operational, financial and management controls, as well as our reporting systems and procedures. We may require significant capital expenditures and the allocation of valuable management resources to grow and change in these areas. If we fail to effectively manage our anticipated growth and change, the quality of our platform may suffer, which could negatively affect our brand and reputation and harm our ability to retain and attract customers and employees.

We currently have international operations in the United Kingdom, Canada, Australia, France, Germany, India, Israel, the Netherlands and Switzerland, and we may continue to expand our international operations in these jurisdictions and/or other countries in the future. Our expansion has placed, and our expected future growth will continue to place, a significant strain on our managerial, customer operations, research and development, sales and marketing, administrative, financial and other resources. If we are unable to manage our continued growth successfully, our business and results of operations could suffer.

In addition, as we expand our business, it is important that we continue to maintain a high level of customer service and satisfaction. As our customer base continues to grow, we will need to expand our account management, customer service and other personnel, and our network of channel partners and system integrators, to provide personalized account management and customer service. If we are not able to continue

21

Table of Contents

to provide high levels of customer service, our reputation, as well as our business, results of operations and financial condition, could be adversely affected.

We depend on our senior management team and other key employees, and the loss of one or more of these employees or an inability to attract and retain other highly skilled employees could harm our business.

Our success depends largely upon the continued services of our senior management team and other key employees. We rely on our leadership team in the areas of research and development, operations, security, marketing, sales, customer support, general and administrative functions and on individual contributors in our research and development and operations functions. From time to time, there may be changes in our executive management team resulting from the hiring or departure of executives, which could disrupt our business. We do not have employment agreements with our executive officers or other key personnel that require them to continue to work for us for any specified period and, therefore, they could terminate their employment with us at any time. The loss of one or more the members of our senior management team, or other key employees could harm our business. In particular, the loss of services of our founder and Chief Executive Officer, Andre Durand, could significantly delay or prevent the achievement of our strategic objectives. Changes in our executive management team may also cause disruptions in, and harm to, our business.

Failure to effectively develop and expand our sales and marketing capabilities could harm our ability to increase our customer base and achieve broader market acceptance of our solutions and solution packages.

Our ability to increase our customer base and achieve broader market acceptance of our solutions and solution packages will depend on our ability to expand our sales and marketing operations. Our business will be harmed if our business development efforts do not generate a corresponding increase in revenue. We may not achieve anticipated revenue growth from expanding our direct sales force if we are unable to hire and develop talented direct sales personnel, if our new direct sales personnel are unable to achieve desired productivity levels in a reasonable period of time, or if we are unable to retain our existing direct sales personnel. There is significant competition for sales personnel with the advanced sales skills and technical knowledge we need. Selling our solutions and solution packages to sophisticated enterprise customers requires particularly talented sales personnel with the ability to communicate the transformative potential of our platform.

We must attract and retain highly qualified personnel in order to execute our growth plan.

Competition for highly qualified personnel is intense, especially for engineers experienced in designing and developing software and SaaS offerings and experienced sales professionals. In recent years, recruiting, hiring and retaining employees with expertise in our industry has become increasingly difficult as the demand for cybersecurity and identity professionals has increased as a result of the recent cybersecurity attacks on global corporations and governments. We have, from time to time experienced, and we expect to continue to experience, difficulty in hiring and retaining employees with appropriate qualifications. Many of the companies with which we compete for experienced personnel have greater resources than we have. If we hire employees from competitors or other companies, their former employers may attempt to assert that these employees or we have breached certain legal obligations, resulting in a diversion of our time and resources. If we fail to attract new personnel or fail to retain and motivate our current personnel, our business and future growth prospects could be harmed.

If there are interruptions or performance problems associated with our technology or infrastructure, our existing customers may experience service outages, and our new customers may experience delays in the deployment of our platform.

Our continued growth depends on the ability of our existing and potential customers to access our platform 24 hours a day, seven days a week, without interruption or degradation of performance. We have in the past and may in the future experience disruptions, outages and other performance problems with our infrastructure due to a variety of factors, including infrastructure changes, introductions of new functionality, human or software errors, capacity constraints, DDOS attacks or other security-related incidents. In some instances, we

22

Table of Contents

may not be able to identify the cause or causes of these performance problems immediately or in short order. We may not be able to maintain the level of service uptime and performance required by our customers, especially during peak usage times and as our solutions and solution packages become more complex and our user traffic increases. If our platform is unavailable or if our customers are unable to access our solutions or deploy them within a reasonable amount of time, or at all, our business would be harmed. The adverse effects of any service interruptions on our reputation and financial condition may be disproportionately heightened due to the nature of our business and the fact that our customers expect continuous and uninterrupted access to our solutions and have a low tolerance for interruptions of any duration. Since our customers rely on our solutions to provide and secure access to their IT infrastructures and to support customer-facing applications, any outage on our platform would impair the ability of our customers to operate their businesses, which would negatively impact our brand, reputation and customer satisfaction.

Moreover, we depend on services from various third parties to maintain our cloud infrastructure and deploy our solutions, such as Amazon Web Services (“AWS”) cloud infrastructure services, which hosts our platform. If a service provider fails to provide sufficient capacity to support our platform or otherwise experiences service outages, such failure could interrupt our customers’ access to our services, which could adversely affect their perception of our platform’s reliability and our revenue. Any disruptions in these services, including as a result of actions outside of our control, would significantly impact the continued performance of our solutions. In the future, these services may not be available to us on commercially reasonable terms, or at all. Any loss of the right to use any of these services could result in decreased functionality of our solutions until equivalent technology is either developed by us or, if available from another provider, is identified, obtained and integrated into our infrastructure. If we do not accurately predict our infrastructure capacity requirements, our customers could experience service shortfalls. We may also be unable to effectively address capacity constraints, upgrade our systems as needed and continually develop our technology and network architecture to accommodate actual and anticipated changes in technology.

Our platform is accessed by a large number of customers, often at the same time. As we continue to expand the number of our customers and solutions and solution packages available to our customers, we may not be able to scale our technology to accommodate the increased capacity requirements, which may result in interruptions or delays in service. In addition, the failure of third-party cloud infrastructure providers, third-party internet service providers or other third-party service providers whose services are integrated with our platform to meet our capacity requirements could result in interruptions or delays in access to our platform or impede our ability to scale our operations. In the event that our service agreements are terminated with our cloud infrastructure providers, or there is a lapse of service, interruption of internet service provider connectivity or damage to such providers’ facilities, we could experience interruptions in access to our platform as well as delays and additional expense in arranging new facilities and services.

Any of the above circumstances or events may harm our reputation, cause customers to terminate their agreements with us, impair our ability to obtain subscription renewals from existing customers, impair our ability to grow our customer base, result in the expenditure of significant financial, technical and engineering resources, subject us to financial penalties and liabilities under our service level agreements, and otherwise could adversely affect our business, results of operations and financial condition.

The delivery of our platform depends on AWS cloud infrastructure services.

Our SaaS offerings are hosted solely in AWS and our other offerings utilize the cloud infrastructure offered by AWS. Our operations depend on maintaining the configuration, architecture and interconnection specifications required by AWS. Although we have disaster recovery plans that utilize multiple AWS infrastructure locations, any incident affecting this infrastructure that may be caused by fire, flood, severe storm, earthquake, power loss, telecommunications failures, unauthorized intrusion, computer viruses and disabling devices, natural disasters, war, criminal act, military actions, terrorist attacks and other similar events beyond our control could negatively affect our platform. A prolonged AWS service disruption affecting our platform for any of the foregoing reasons could damage our reputation with current and potential customers, expose us to liability, cause us to lose customers or otherwise harm our business. In addition, since all of our cloud-based offerings utilize AWS cloud infrastructure services, in the event of a prolonged AWS services disruption we may not be able to find an alternative provider on commercially reasonable terms or in a timely manner, if at all. We may also incur

23

Table of Contents

significant costs for using alternative equipment or taking other actions in preparation for, or in reaction to, events that damage the AWS services we use.

AWS enables us to order and reserve server capacity in varying amounts and sizes distributed across multiple regions. AWS provides us with computing and storage capacity pursuant to an agreement that continues until terminated by either party. AWS may terminate the agreement by providing 30 days prior written notice and may, in some cases, terminate the agreement immediately for cause upon notice. If AWS terminates its agreement with us, we may be unable to deploy certain of our solutions and our business, results of operations and financial condition may be adversely affected.

In addition, since all of our cloud-based offerings utilize AWS cloud infrastructure resources, our customers’ satisfaction with our cloud-based offerings is dependent in part upon their perceptions and satisfaction with AWS cloud infrastructure services. Dissatisfaction with AWS cloud infrastructure services could damage our relationships with customers and/or result in the loss of customers across one or more use case, solution or solution package.

Data privacy concerns, evolving regulations of cloud computing, cross-border data transfer restrictions and other domestic and foreign laws and regulations may limit the use and adoption of, or require modification of, our solutions, solution packages and services, which could adversely affect our business.

Laws and regulations related to the provision of services on the Internet are increasing, as federal, state and foreign governments continue to adopt new laws and regulations addressing data privacy and the collection, processing, storage and use of personal information. Internationally, many of the jurisdictions in which we operate have established their own data security and privacy legal frameworks with which we, or our customers, must comply. We have implemented various features and processes intended to enable our customers to better comply with applicable privacy and security requirements, but these features and processes do not guarantee compliance and may not guard against all potential privacy concerns.

For example, the European Union (the “EU”) adopted the GDPR, which became effective and enforceable across all then-current member states of the EU on May 25, 2018. Following the U.K.’s withdrawal from the EU on January 31, 2020, pursuant to the transitional arrangements agreed between the U.K. and EU, the GDPR will continue to have effect in U.K. law, until December 31, 2020, in the same fashion as was the case prior to that withdrawal as if the U.K. remained a member state of the EU for such purposes. Following December 31, 2020, it is likely that the data protection obligations of the GDPR will continue to apply to U.K.-based organization’s processing of personal data in substantially unvaried form and fashion, for at least the short term thereafter. The GDPR applies to any company established in the EU as well as to those outside the EU if they process personal data in relation to the offering of goods or services to individuals in the EU and/or the monitoring of their behavior. The GDPR enhances data protection obligations for both processors and controllers of personal data, including by extending the rights available to affected data subjects, materially expanding the definition of what is expressly noted to constitute personal data, requiring additional disclosures about how personal data is to be used, and imposing limitations on retention of personal data, creating mandatory data breach notification requirements in certain circumstances, and establishing onerous new obligations on services providers who process personal data simply on behalf of others. Under the GDPR, fines of up to €20 million or up to 4% of an undertaking’s total worldwide annual turnover of the preceding financial year, whichever is higher, may be imposed. In addition to administrative fines, a wide variety of other potential enforcement powers are available to competent authorities in respect of potential and suspected violations of the GDPR, including extensive audit and inspection rights, and powers to order temporary or permanent bans on all or some processing of personal data carried out by noncompliant actors. Given the breadth and depth of changes in data protection obligations, complying with its requirements has caused us to expend significant resources and such expenditures are likely to continue into the near future as we respond to new interpretations, additional guidance and potential enforcement actions and patterns, and as we continue to negotiate data processing agreements with our customers and business partners. While we have taken steps to comply with the GDPR, and implementing legislation in applicable member states, including by seeking to establish appropriate lawful bases for the various processing activities we carry out as a controller, reviewing our security procedures, and entering into data processing agreements with relevant customers and business partners, we

24

Table of Contents

cannot assure you that our efforts to achieve and remain in compliance have been, and/or will continue to be, fully successful.

In the United States, California enacted the California Consumer Privacy Act (the “CCPA”), on June 28, 2018, which took effect on January 1, 2020. The CCPA gives California residents expanded rights to access and delete their personal information, opt out of certain personal information sharing and receive detailed information about how their personal information is used. The CCPA provides for civil penalties for violations, as well as a private right of action for data breaches that is expected to increase data breach litigation. The CCPA may increase our compliance costs and potential liability. Some observers have noted that the CCPA could mark the beginning of a trend toward more stringent privacy legislation in the U.S., which could increase our potential liability and adversely affect our business.

Privacy and data protections laws and regulations are subject to new and differing interpretations and there may be significant inconsistency in laws and regulations among the jurisdictions in which we operate or provide our SaaS offerings. Legal and other regulatory requirements could restrict our ability to store and process data as part of our SaaS offerings, or, in some cases, impact our ability to provide our SaaS offerings in certain jurisdictions. Our inability to provide our offerings in certain jurisdictions, particularly China and Russia, as a result of their local data privacy frameworks may result in the loss of business opportunities from customers operating in, or seeking to expand into, those jurisdictions. In addition, we may seek to engage third party support providers in certain jurisdictions in order to comply with our customers’ data privacy concerns and such engagements may be costly.

Privacy and data protection laws and regulations may also impact our customers’ ability to deploy certain of our solutions and solution packages globally, to the extent they utilize our solutions and solution packages for storing personal information that they process. Additionally, if third parties that we work with violate applicable laws or our policies, such violations may also put our customers’ information at risk and could in turn have an adverse effect on our business. The costs of compliance with, and other burdens imposed by, data privacy laws, regulations and standards may require resources to create new solutions or solution packages or modify existing solutions or solution packages, could lead to us being subject to significant fines, penalties or liabilities for noncompliance, could lead to complex and protracted contract negotiations with respect to privacy and data protection terms, and may slow the pace at which we close sales transactions, any of which could harm our business.

The data protection landscape is rapidly evolving, and we expect that there will continue to be new proposed laws, regulations and industry standards concerning privacy, data protection and information security. We cannot yet determine the impact that such future laws, regulations and standards may have on our business. Such laws and regulations are often subject to differing interpretations and may be inconsistent among jurisdictions. Any failure or perceived failure by us to comply with federal, state or foreign laws or regulations, industry standards, contractual obligations or other legal obligations, with respect to any security incident, whether or not resulting in unauthorized access to, or acquisition, release or transfer of personal data or other data, may result in governmental enforcement actions and prosecutions, private litigation, fines and penalties, friction in our customer relationships or adverse publicity, and could cause our customers to lose trust in us, which could have an adverse effect on our reputation and business.

Around the world, there are numerous lawsuits in process against various technology companies that process personal data. If those lawsuits are successful, it could increase the likelihood that we may be exposed to liability for our own policies and practices concerning the processing of personal data and could hurt our business. Furthermore, the costs of compliance with, and other burdens imposed by, laws, regulations and policies concerning privacy and data security that are applicable to the businesses of our customers may limit the use and adoption of our platform and reduce overall demand for it.

In addition, if our platform is perceived to cause, or is otherwise unfavorably associated with, violations of privacy or data security requirements, it may subject us or our customers to public criticism and potential legal liability. Existing and potential laws and regulations concerning privacy and data security and increasing sensitivity of consumers to unauthorized processing of personal data may create negative public reactions to technologies, solutions, solution packages and services such as ours. Public concerns regarding personal data

25

Table of Contents

processing, privacy and security may cause some of our customers’ end users to be less likely to visit their websites or otherwise interact with them. If enough end users choose not to visit our customers’ websites or otherwise interact with them, our customers could stop using our platform. This, in turn, may reduce the value of our service and slow or eliminate the growth of our business.

Our continued development of AI and ML is dependent, in part, on our customers’ willingness to allow us to use their data to develop the necessary algorithms. Concerns about data privacy may discourage customers from allowing us to use their data in this manner, which may limit our ability to continue to leverage AI and ML in our Intelligent Identity Platform.

Our quarterly operating results and other metrics are likely to vary significantly and be unpredictable, which could cause the trading price of our stock to decline.

Our operating results and other metrics have historically varied from period to period, and we expect that they will continue to do so as a result of a number of factors, many of which are outside of our control and may be difficult to predict, including:

the level of demand for our solutions and solution packages, including our newly-introduced solutions and offering of solution packages, and the level of perceived urgency regarding security threats and compliance requirements;
the timing and use of new subscriptions and renewals of existing subscriptions;
the mix of cloud and on-premise offerings sold and the associated contract term;
the extent to which customers subscribe for additional solutions or solution packages, or increase the number of identities or use cases;
significant security breaches of, technical difficulties with, or interruptions to, the delivery and use of our offerings;
customer budgeting cycles and seasonal buying patterns where our customers often time their purchases and renewals of our solutions or solution packages to coincide with their fiscal year end, which is typically June 30 or December 31;
any changes in the competitive landscape of our industry, including consolidation among our competitors, customers, partners or resellers;
timing of costs and expenses during a quarter;
deferral of orders in anticipation of new solutions, solution packages or enhancements announced by us or our competitors;
price competition;
changes in renewal rates and terms in any quarter;
costs related to the acquisition of businesses, talent, technologies or intellectual property by us, including potentially significant amortization costs and possible write-downs;
litigation-related costs, settlements or adverse litigation judgments;
any disruption in our sales channels or termination of our relationship with channel and other strategic partners;

26

Table of Contents

general economic conditions, both domestically and in our foreign markets, and related changes to currency exchange rates;
insolvency or credit difficulties confronting our customers, affecting their ability to purchase or pay for our solutions and solution packages; and
future accounting pronouncements or changes in our accounting policies.

Any one of the factors above or the cumulative effect of some of the factors referred to above may result in significant fluctuations in our financial and other operating results, including fluctuations in our key metrics. This variability and unpredictability could result in our failing to meet the expectations of securities analysts or investors for any period. If we fail to meet or exceed such expectations for these or any other reasons, the market price of our shares could fall substantially and we could face costly lawsuits, including securities class action suits. In addition, a significant percentage of our operating expenses are fixed in nature and based on forecasted revenue and cash flow trends. Accordingly, in the event of revenue shortfalls, we are generally unable to mitigate the negative impact on margins or other operating results in the short term.

We may fail to meet or exceed the expectations of securities analysts and investors, and the market price for our common stock could decline. If one or more of the securities analysts who cover us change their recommendation regarding our stock adversely, the market price for our common stock could decline. Additionally, our stock price may be based on expectations, estimates or forecasts of our future performance that may be unrealistic or may not be achieved. Further, our stock price may be affected by financial media, including press reports and blogs.

Our revenue recognition policy and other factors may distort our financial results in any given period and make them difficult to predict.

Under accounting standards update No. 2014-09 (Topic 606), Revenue from Contracts with Customers (“ASC 606”), we recognize revenue when our customer obtains control of goods or services in an amount that reflects the consideration that we expect to receive in exchange for those goods or services. Our subscription revenue includes subscription term-based license revenue, which is recognized when we transfer control of the term-based license to the customer, and subscription SaaS and support and maintenance revenue, which is recognized ratably over the contract period. Because subscription term-based license revenue is recognized upfront, a single, large license in a given period may distort our operating results for that period. In contrast, the impact of agreements that are recognized ratably may take years to be fully reflected in our financial statements. Consequently, a significant increase or decline in our subscription SaaS and support and maintenance contracts in any one quarter will not be fully reflected in the results for that quarter, but will affect our revenue in future quarters. This also makes it challenging to forecast our revenue for future periods, as both the mix of solutions, solution packages and services we will sell in a given period, as well as the size of contracts, is difficult to predict.

Furthermore, the presentation of our financial results requires us to make estimates and assumptions that may affect revenue recognition. In some instances, we could reasonably use different estimates and assumptions, and changes in estimates are likely to occur from period to period. See “Item 8. Financial Statements — Note 2. Summary of Significant Accounting Policies.”

Given the foregoing factors, our actual results could differ significantly from our estimates, comparing our revenue and operating results on a period-to-period basis may not be meaningful, and our past results may not be indicative of our future performance.

If we fail to enhance our brand cost-effectively, our ability to expand our customer base will be impaired and our business, results of operations and financial condition may be adversely affected.

We believe that developing and maintaining awareness of our brand in a cost-effective manner is critical to achieving widespread acceptance of our existing and future solutions and solution packages and is an important

27

Table of Contents

element in attracting new customers. We believe that the importance of brand recognition will increase as competition in our market increases. Successful promotion of our brand will depend largely on the effectiveness of our marketing efforts and on our ability to develop and deploy high-quality, reliable and differentiated solutions and solution packages to customers. In the past, our efforts to build our brand have involved significant expense. Brand promotion activities may not yield increased revenue, and even if they do, any increased revenue may not offset the expense we incur in building our brand. If we fail to successfully promote and maintain our brand, or incur substantial expense in an unsuccessful attempt to promote and maintain our brand, we may fail to attract new customers or retain our existing customers to the extent necessary to realize a sufficient return on our brand-building efforts, and our business, results of operations and financial condition could be adversely affected.

We are subject to anti-corruption, anti-bribery and similar laws, and non-compliance with such laws can subject us to criminal penalties or significant fines and harm our business and reputation.

We are subject to anti-corruption and anti-bribery and similar laws, such as the U.S. Foreign Corrupt Practices Act of 1977, as amended (the “FCPA”), the U.S. domestic bribery statute contained in 18 U.S.C. § 201, the U.S. Travel Act, the USA PATRIOT Act, the U.K. Bribery Act 2010 and other anti-corruption, anti-bribery and anti-money laundering laws in countries in which we conduct activities. Anti-corruption and anti-bribery laws have been enforced aggressively in recent years and are interpreted broadly and prohibit companies and their employees and agents from promising, authorizing, making, offering, soliciting, or accepting, directly or indirectly, improper payments or other improper benefits to or from any person whether in the public or private sector. As we increase our international sales and business, our risks under these laws may increase. Noncompliance with these laws could subject us to investigations, sanctions, settlements, prosecution, other enforcement actions, disgorgement of profits, significant fines, damages, other civil and criminal penalties or injunctions, adverse media coverage and other consequences. Any investigations, actions or sanctions could adversely affect our business, results of operations and financial condition.

We are subject to governmental export and import controls and economic sanctions laws that could impair our ability to compete in international markets and subject us to liability if we are not in full compliance with applicable laws.

Our business activities are subject to various restrictions under U.S. export and import controls and trade and economic sanctions laws, including the U.S. Commerce Department’s Export Administration Regulations, U.S. Customs regulations and various economic and trade sanctions regulations maintained by the U.S. Treasury Department’s Office of Foreign Assets Control. U.S. export control laws and U.S. economic sanctions laws include prohibitions on the sale or supply of certain products and services to U.S. embargoed or sanctioned countries, governments, persons and entities. Changes in our solutions, solution packages or services or changes in applicable export or import regulations may create delays in the introduction and sale of our solutions and solution packages in international markets, prevent our customers with international operations from deploying our solutions or solution packages or, in some cases, prevent the export or import of our solutions or solution packages to certain countries, governments, or persons altogether. Any decreased use of our solutions and solution packages or limitation on our ability to export or sell our solutions and solution packages would likely adversely affect our business.

Furthermore, we incorporate encryption technology into certain of our solutions. U.S. export control laws require authorization for the export of encryption items. In addition, various countries regulate the import of certain encryption technology, including through import permitting and licensing requirements, and have enacted laws that could limit our ability to deploy our solutions, solution packages and services or could limit our customers’ ability to implement our offerings and services in those countries. Obtaining the necessary authorizations, including any required license, for a particular transaction may be time-consuming, is not guaranteed, and may result in the delay or loss of sales opportunities.

Although we take precautions to prevent our solutions and solution packages from being provided in violation of U.S. export control and economic sanctions laws, our solutions and solution packages may have been in the past, and could in the future be, provided inadvertently in violation of such laws. If we fail to comply with U.S. export control and economic sanctions laws and regulations, we and certain of our employees could be

28

Table of Contents

subject to civil or criminal penalties, including the possible loss of export privileges and monetary penalties. In addition, violations of such laws could result in negative consequences to us, including government investigations, penalties and harm to our reputation.

We function as a HIPAA “business associate” for certain of our customers and, as such, are subject to strict privacy and data security requirements. If we fail to comply with any of these requirements, we could be subject to significant liability, all of which can adversely affect our business as well as our ability to attract and retain new customers.

The Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act (“HITECH”) and their respective implementing regulations, (“HIPAA”), imposes specified requirements relating to the privacy, security and transmission of individually identifiable health information. Among other things, HITECH makes HIPAA’s security standards directly applicable to “business associates.” We function as a business associate for certain of our customers that are HIPAA covered entities and service providers, and in that context we are regulated as a business associate for the purposes of HIPAA. If we are unable to comply with our obligations as a HIPAA business associate, we could face substantial civil and even criminal liability. HITECH imposes four tiers of civil monetary penalties and gives state attorneys general authority to file civil actions for damages or injunctions in federal courts to enforce the federal HIPAA laws and seek attorneys’ fees and costs associated with pursuing federal civil actions. In addition, many state laws govern the privacy and security of health information in certain circumstances, many of which differ from HIPAA and each other in significant ways and may not have the same effect.

As a business associate, we are required by HIPAA to maintain HIPAA-compliant business associate agreements with our customers that are HIPAA covered entities and service providers, as well as our subcontractors that access, maintain, create or transmit individually identifiable health information on our behalf for the rendering of services to our HIPAA covered entity and service provider customers. These agreements impose stringent data security and other obligations on us. If we or our subcontractors are unable to meet the requirements of any of these business associate agreements, we could face contractual liability under the applicable business associate agreement as well as possible civil and criminal liability under HIPAA, all of which can have an adverse impact on our business and generate negative publicity, which, in turn, can have an adverse impact on our ability to attract and retain customers.

We may be the subject of various legal proceedings which could have a material adverse effect on our business, financial condition or results of operations.

In the ordinary course of business, we may be involved in various litigation matters, including but not limited to commercial disputes, employee claims and class actions, and from time to time may be involved in governmental or regulatory investigations or similar matters arising out of our current or future business. Any claims asserted against us, regardless of merit or eventual outcome, could harm our reputation and have an adverse impact on our relationship with our customers and other third parties and could lead to additional related claims. Certain claims may seek injunctive relief, which could disrupt the ordinary conduct of our business and operations or increase our cost of doing business. Our insurance or indemnities may not cover all claims that may be asserted against us, and any claims asserted against us, regardless of merit or eventual outcome, may harm our reputation and cause us to expend resources in our defense. Furthermore, there is no guarantee that we will be successful in defending ourselves in future litigation or similar matters under various laws. Should the ultimate judgments or settlements in any future litigation or investigation significantly exceed our insurance coverage, they could adversely affect our business, results of operations and financial condition.

Our sales cycle is frequently long and unpredictable, and our sales efforts require considerable time and expense.

Since we primarily focus on selling our solutions and solution packages to enterprises, the timing of our sales can be difficult to predict. We and our channel partners are often required to spend significant time and resources to better educate and familiarize potential customers with the value proposition of our platform, solutions and solution packages. Customers often view the purchase of our solutions and solution packages as a strategic decision and significant investment and, as a result, frequently require considerable time to

29

Table of Contents

evaluate, test and qualify our platform, solutions and solution packages prior to purchasing our solutions and/or solution packages. In particular, for customers in highly-regulated industries, the selection of a security solution provider is a critical business decision due to the sensitive nature of these customers’ data, which results in particularly extensive evaluation prior to the selection of information security vendors. During the sales cycle, we expend significant time and money on sales and marketing and contract negotiation activities, which may not result in a sale. Additional factors that may influence the length and variability of our sales cycle include:

the discretionary nature of purchasing and budget cycles and decisions;
lengthy purchasing approval processes;
the industries in which our customers operate;
the evaluation of competing solutions and solution packages during the purchasing process;
time, complexity and expense involved in replacing existing solutions;
announcements or planned introductions of new solutions and solution packages, features or functionality by our competitors or of new solutions, solution packages or offerings by us; and
evolving functionality demands.

If our efforts in pursuing sales and customers are unsuccessful, or if our sales cycles lengthen, our revenue could be lower than expected, which would adversely affect our business, results of operations or financial condition.

Our growth strategy includes the acquisition of other businesses or technologies, and we may not be able to identify suitable acquisition targets or otherwise successfully implement our growth strategy.

In order to expand our business, we have made several acquisitions of businesses, products and technologies and expect to continue making similar acquisitions and possibly larger acquisitions as part of our growth strategy. The success of our future growth strategy will depend in part on our ability to identify, negotiate, complete and integrate the acquisition of businesses or technologies and, if necessary, to obtain satisfactory debt or equity financing to fund those acquisitions. We expect to continue evaluating potential strategic acquisitions of businesses, assets and technologies. However, we may not be able to identify suitable candidates, negotiate appropriate or favorable acquisition terms, obtain financing that may be needed to consummate such transactions or complete proposed acquisitions. Further, there is significant competition for acquisition and expansion opportunities in the IAM industry.

Acquisitions are inherently risky, and any acquisitions we complete may not be successful. Our past acquisitions and any acquisitions that we may undertake in the future involve numerous risks, including, but not limited to, the following:

difficulties in integrating and managing the operations, personnel, procedures, IT systems, technologies and the systems and solutions of the companies we acquire;
diversion of our management’s attention from normal daily operations of our business;
potential loss of key employees, management and engineers of the companies we acquire;
our inability to maintain the key business relationships and the reputations of the businesses we acquire;
the price we pay for any business, asset or technology acquired may overstate the value of that business, asset or technology or otherwise be too high;

30

Table of Contents

uncertainty of entry into markets in which we have limited or no prior experience and in which competitors have stronger market positions;
our dependence on unfamiliar affiliates, resellers and partners of the companies we acquire;
our inability to increase sales from an acquisition for a number of reasons, including our failure to drive demand in our existing customer base for acquired businesses, assets or technologies;
increased costs related to acquired operations and continuing support and development of acquired systems;
our responsibility for the liabilities of the businesses we acquire and the potential failure to properly identify an acquisition target’s liabilities, potential liabilities or risks;
potential goodwill and intangible asset impairment charges and amortization associated with acquired businesses;
failure to achieve acquisition synergies or to properly evaluate a target company’s capabilities;
adverse tax consequences associated with acquisitions;
changes in how we are required to account for our acquisitions under GAAP, including arrangements that we assume from an acquisition;
potential negative perceptions of our acquisitions by customers, financial markets or investors;
failure to obtain any applicable required approvals from governmental authorities under competition and antitrust laws on a timely basis, if at all, which could, among other things, delay or prevent us from completing a transaction, or otherwise restrict our ability to realize the expected financial or strategic goals of an acquisition;
potential increases in our interest expense, leverage and debt service requirements if we incur additional debt to pay for an acquisition, or dilution to our shareholders if we issue shares as consideration for an acquisition; and
our inability to apply and maintain our internal standards, controls, procedures and policies to acquired businesses.

We regularly evaluate potential acquisition candidates and engage in discussions and negotiations regarding potential acquisitions; however, even if we execute a definitive agreement for an acquisition, there can be no assurance that we will consummate the transaction within the anticipated closing timeframe, or at all. Further, acquisitions typically involve the payment of a premium over book- and market-values and, therefore, some dilution of our tangible book value and earnings per common share may occur in connection with any future transaction.

Inherent in any future acquisition is the risk of transitioning company cultures and facilities. The failure to efficiently and effectively achieve such transitions could increase our costs and decrease our profitability. Although we expect that the realization of efficiencies related to the integration of any acquired businesses will offset incremental transaction and acquisition-related costs over time, anticipated financial benefits may not be achieved in the near term, or at all.

Additionally, acquisitions or asset purchases made entirely or partially for cash may reduce our cash reserves or require us to incur additional debt under our credit agreements or otherwise. We may seek to obtain additional cash to fund an acquisition by selling equity or debt securities. We may be unable to secure the equity or debt funding necessary to finance future acquisitions on terms that are acceptable to us. If we finance

31

Table of Contents

acquisitions by issuing equity or convertible debt securities, our existing shareholders will experience ownership dilution.

The occurrence of any of these risks could have a material adverse effect on our business, results of operations or financial condition.

We may need to change our pricing models to compete successfully.

The intense competition we face in the sales of our solutions, solution packages and services and general economic and business conditions can put pressure on us to change our prices. If our competitors offer deep discounts on certain solutions, solution packages or services or develop solutions and/or solution packages that the marketplace considers more valuable than ours, we may need to lower prices or offer other favorable terms in order to compete successfully. Any such changes may reduce margins and could adversely affect operating results. Additionally, the increasing prevalence of cloud and SaaS delivery models offered by us and our competitors may unfavorably impact pricing for both our on-premise and cloud-based offerings, as well as overall demand for our on-premise software and service offerings, which could reduce our revenues and profitability. Our competitors may offer lower pricing on their support offerings, which could put pressure on us to further discount our offering or support pricing. We also must determine the appropriate price of our offerings and services to enable us to compete effectively internationally.

Any broad-based change to our prices and pricing policies could cause our revenue to decline or be delayed as our sales force implements and our customers adjust to new pricing policies. For example, we began providing solution packages that include combinations of our most commonly deployed solutions in March 2020. We or our competitors may bundle solutions in other ways for promotional purposes or as a long-term go-to-market or pricing strategy or provide guarantees of prices and solution and solution package implementations. These practices could, over time, significantly constrain the prices that we can charge for certain of our solutions and solution packages. If we do not adapt our pricing models to reflect changes in customer use of our solutions and solution packages or changes in customer demand, our revenue could decrease.

Our failure to meet certain of our service level commitments could harm our business, results of operations and financial condition.

Our customer agreements contain service level commitments, under which we guarantee specified availability and error resolution times with respect to our solutions. Any failure of or disruption to our infrastructure could make our solutions unavailable to our customers. If we are unable to meet the stated service level commitments to our customers or suffer extended periods of unavailability of our SaaS offerings, we may be contractually obligated to provide affected customers with service credits, or customers could elect to terminate and receive refunds for prepaid amounts related to unused subscriptions. Our revenue, other results of operations and financial condition could be harmed if we suffer unscheduled downtime that exceeds the service level commitments under our agreements with our customers, and any extended service outages could adversely affect our business and reputation as customers may elect not to renew.

If we fail to offer high-quality customer support, our business and reputation will suffer.

Once our solutions and solution packages are deployed, our customers rely on our support services to resolve any issues that may arise. High-quality customer education and customer support is important for the successful marketing and sale of our solutions and solution packages and for the renewal of existing customers. We must successfully assist our customers in deploying our solutions and solution packages, resolving performance issues and addressing interoperability challenges with a customer’s existing network and security infrastructure. Many enterprises, particularly large enterprises, have complex networks and require high levels of focused support, including premium support offerings, to fully realize the benefits of our solutions. Any failure by us to maintain the expected level of support could reduce customer satisfaction and hurt our customer retention, particularly with respect to our large enterprise customers. To the extent that we are unsuccessful in hiring, training and retaining adequate support resources, our ability to provide adequate and timely support to our customers will be negatively impacted, and our customers’ satisfaction with our solutions could be adversely

32

Table of Contents

affected. Given our growth, we may in the future engage third parties to provide support services to our customers. Any failure to properly train or oversee such contractors could result in a poor customer experience, which could have an adverse impact on our reputation and ability to renew subscriptions or engage new customers. In addition, most of our contracts with our larger customers require consent in the event we subcontract the services we provide thereunder. The process of obtaining consent to subcontract support services with these customers could be lengthy and there can be no assurance such consent would be provided.

Furthermore, as we sell our solutions and solution packages internationally, our support organization faces additional challenges, including those associated with delivering support, training and documentation in languages other than English. Any failure to maintain high-quality customer support, or a market perception that we do not maintain high-quality support, could materially harm our reputation, business, financial condition and results of operations, and adversely affect our ability to sell our solutions and solution packages to existing and prospective customers. The importance of high-quality customer support will increase as we expand our business and pursue new customers.

Our growth is substantially dependent on the success of our strategic relationships with channel partners, technology partners and other third parties.

As part of our business development efforts, we anticipate that we will continue to depend on relationships with third parties, such as our channel partners and technology partners, to sell, market, build, operate and deploy our solutions and solution packages. Identifying these partners and maintaining these relationships requires significant time and resources. Our competitors may be effective in providing incentives to channel partners and other third parties to favor their solutions or services over subscriptions to our platform and a substantial number of our agreements with channel partners are non-exclusive such that those channel partners may offer customers the solutions of several different companies, including solutions that compete with ours. Our channel partners may cease marketing or reselling our platform with limited or no notice and without penalty. Our channel partners may also choose to promote our competitors’ solutions versus our own solutions and solution packages. If our technology partners fail to build, deploy or operate our solutions and/or solution packages in a manner that satisfies our customers, or if we fail to adequately negotiate and document the underlying agreement with such technology partners, our customers may seek direct recourse against us or we may be unable to properly support the solution if the relationship with the technology partner is terminated. In addition, given the competitive landscape, acquisitions of our channel or technology partners by a competitor could adversely affect our customers, as these partners may no longer be in a position to sell, market, build, operate and/or deploy our solutions and solution packages. Furthermore, some of these partners may themselves build competitive solutions that are or may become competitive with certain of our solutions and/or solution packages and then elect to no longer support or integrate with our platform. If we are unsuccessful in establishing or maintaining our relationships with critical third parties, our ability to compete in the marketplace or to grow our revenue could be impaired, and our results of operations may suffer. Even if we are successful, we cannot assure you that these relationships will result in increased customer usage of our solutions or increased revenue.

Adverse general and industry-specific economic and market conditions and reductions in IT and identity spending may reduce demand for our solutions and solution packages, which could harm our results of operations.

Our revenue, results of operations, and cash flows depend on the overall demand for our solutions and solution packages. Concerns about the systemic impact of a potential widespread recession (in the United States or internationally), geopolitical issues or the availability and cost of credit could lead to increased market volatility, decreased consumer confidence and diminished growth expectations in the U.S. economy and abroad, which in turn could result in reductions in IT, IAM and identity security spending by our existing and prospective customers. For the year ended December 31, 2019, 31% of our revenue was derived from the financial services industry, including banking. Negative economic conditions, including in the financial services industry, may cause customers to reduce their IT spending. Prolonged economic slowdowns may result in customers delaying or canceling IT projects, choosing to focus on in-house development efforts or seeking to lower their costs by

33

Table of Contents

requesting us to renegotiate existing contracts on less advantageous terms or defaulting on payments due on existing contracts or not renewing at the end of the contract term.

Our customers may merge with other entities who use alternative IAM solutions and, during weak economic times, there is an increased risk that one or more of our customers will file for bankruptcy protection, either of which may harm our revenue, profitability and results of operations. We also face risk from international customers that file for bankruptcy protection in foreign jurisdictions, particularly given that the application of foreign bankruptcy laws may be more difficult to predict. In addition, we may determine that the cost of pursuing any claim may outweigh the recovery potential of such claim. As a result, broadening or protracted extension of an economic downturn could harm our business, revenue, results of operations, and cash flows.

If our platform, solutions and solution packages do not effectively interoperate with our customers’ existing or future IT infrastructures, our business would be harmed.

Our success depends on the interoperability of our platform, solutions and solution packages with our customers’ IT infrastructures, including third-party operating systems, applications, data and devices that we have not developed and do not control. Any changes in such infrastructure, operating systems, applications, data or devices that degrade the functionality of our platform, solutions or solution packages or give preferential treatment to competitive solutions could adversely affect the adoption and usage of our platform. We may not be successful in quickly or cost effectively adapting our platform, solutions or solution packages to operate effectively with these operating systems, applications, data or devices. If it is difficult for our customers to access and use our platform, solutions or solution packages, or if our platform, solutions or solution packages cannot connect a broadening range of applications, data and devices, then our customer growth and retention may be harmed, and our business, results of operations and financial condition could be adversely affected. We rely on open standards for many integrations between our solutions and solution packages and third-party applications that our customers utilize, and in other instances on such third parties making available the necessary tools for us to create interoperability with their applications. If application providers were to move away from open standards, or if a critical, widely-utilized application provider were to adopt proprietary integration standards and not make them available for the purposes of facilitating interoperability with our platform, the utility of our solutions and solution packages for our customers would be decreased.

Our ability to introduce new solutions and features is dependent on adequate research and development resources and our ability to successfully complete acquisitions. If we do not adequately fund our research and development efforts or complete acquisitions successfully, we may not be able to compete effectively and our business and results of operations may be harmed.

To remain competitive, we must continue to offer new solutions and enhancements to our platform. This is particularly true as we further expand and diversify our capabilities. Maintaining adequate research and development resources, such as the appropriate personnel and development technology, to meet the demands of the market is essential. If we elect not to or are unable to develop solutions internally due to certain constraints, such as high employee turnover, lack of management ability or a lack of other research and development resources, we may choose to expand into a certain market or strategy via an acquisition for which we could potentially pay too much or fail to successfully integrate into our operations. Further, many of our competitors expend a considerably greater amount of funds on their respective research and development programs, and those that do not may be acquired by larger companies that would allocate greater resources to our competitors’ research and development programs. Our failure to maintain adequate research and development resources or to compete effectively with the research and development programs of our competitors would give an advantage to such competitors and our business, results of operations and financial condition could be adversely affected. Moreover, there is no assurance that our research and development or acquisition efforts will successfully anticipate market needs and result in significant new marketable solutions or enhancements to our solutions, design improvements, cost savings, revenues or other expected benefits. If we are unable to generate an adequate return on such investments, we may not be able to compete effectively and our business and results of operations may be materially and adversely affected.

34

Table of Contents

Our success depends, in part, on the integrity and scalability of our systems and infrastructures. System interruption and the lack of integration, redundancy and scalability in these systems and infrastructures may result in our business, results of operations and financial condition being adversely affected.

Our success depends, in part, on our ability to maintain the integrity of our systems and infrastructure, including websites, information and related systems. System interruption and a lack of integration and redundancy in our information systems and infrastructure may adversely affect our ability to operate websites, process and fulfill transactions, respond to customer inquiries and generally maintain cost-efficient operations. We may experience occasional system interruptions that make some or all systems or data unavailable or prevent us from efficiently providing access to our platform. Fire, flood, power loss, telecommunications failure, hurricanes, tornadoes, earthquakes, other natural disasters, acts of war or terrorism and similar events or disruptions may damage or interrupt computer, broadband or other communications systems and infrastructure at any time. Any of these events could cause system interruption, delays and loss of critical data, and could prevent us from providing access to our platform.

While we have backup systems for certain aspects of our operations, disaster recovery planning by its nature cannot be sufficient for all eventualities. In addition, we may not have adequate insurance coverage to compensate for losses from a major interruption. If any of these events were to occur, our business, results of operations and financial condition could be adversely affected.

We rely on software and services from other parties. Defects in or the loss of access to software or services from third parties could increase our costs and adversely affect the quality of our solutions.

We rely on third-party computer systems, broadband and other communications systems and service providers in providing access to our platform. Any interruptions, outages or delays in our systems and infrastructure, our business and/or third parties, or deterioration in the performance of these systems and infrastructure, could impair our ability to provide access to our platform. Our business would be disrupted if any of the third-party software or services we utilize, particularly with respect to third-party software or services embedded in our solutions, or functional equivalents thereof, were unavailable due to extended outages or interruptions or because they are no longer available on commercially reasonable terms or prices or at all.

In each case, we would be required to either seek licenses to software or services from other parties and redesign our solutions to function with such software or services or develop these components ourselves, which would result in increased costs and could result in delays in our solution and solution package launches and the release of new solution and solution package offerings until equivalent technology can be identified, licensed or developed, and integrated into our solutions. Furthermore, we might be forced to limit the features available in our current or future solutions. If these delays and feature limitations occur, our business, results of operations and financial condition could be adversely affected.

Real or perceived errors, failures, vulnerabilities or bugs in our solutions, including deployment complexity, could harm our business and results of operations.

Errors, failures, vulnerabilities or bugs may occur in our solutions, especially when updates are deployed or new solutions are rolled out. Our platform is often used in connection with large-scale computing environments with different operating systems, system management software, equipment and networking configurations, which may cause errors or failures of solutions. In addition, deployment of our solutions into complicated, large-scale computing environments may expose errors, failures, vulnerabilities or bugs in our solutions. Any such errors, failures, vulnerabilities or bugs may not be found until after they are deployed to our customers. Real or perceived errors, failures, vulnerabilities or bugs in our solutions could result in negative publicity, loss of customer data, loss of or delay in market acceptance of our solutions, loss of competitive position, or claims by customers for losses sustained by them, all of which could adversely affect our business, results of operations and financial condition.

35

Table of Contents

If we fail to adequately protect our proprietary rights, our competitive position could be impaired and we may lose valuable assets, generate less revenue and incur costly litigation to protect our rights.

Our success is dependent, in part, upon protecting our proprietary information and technology. We rely on a combination of patents, copyrights, trademarks, service marks, trade secret laws and contractual restrictions to establish and protect our proprietary rights. However, the steps we take to protect our intellectual property may be inadequate. We will not be able to protect our intellectual property if we are unable to enforce our rights or if we do not detect unauthorized use of our intellectual property. Despite our precautions, it may be possible for unauthorized third parties to copy our solutions and use information that we regard as proprietary to create solutions that compete with ours. Some license provisions protecting against unauthorized use, copying, transfer and disclosure of our solutions may be unenforceable under the laws of certain jurisdictions and foreign countries. Further, the laws of some countries do not protect proprietary rights to the same extent as the laws of the United States, and mechanisms for enforcement of intellectual property rights in some foreign countries may be inadequate. In addition, certain countries into which we may expand our business may require us to do business through an entity that is partially owned by a local investor, to make available our technologies to state regulators or to grant license rights to local partners in a manner not required by the jurisdictions in which we currently operate. To the extent we expand our international activities, our exposure to unauthorized reverse engineering of our technologies or copying and use of our solutions and proprietary information may increase. Accordingly, despite our efforts, we may be unable to prevent third parties from infringing upon or misappropriating our technology and intellectual property.

We rely in part on trade secrets, proprietary know-how and other confidential information to maintain our competitive position. Although we enter into confidentiality and invention assignment agreements with our employees and consultants and enter into confidentiality agreements with the parties with whom we have strategic relationships and business alliances, no assurance can be given that these agreements will be effective in controlling access to and distribution of our solutions and proprietary information. Further, these agreements do not prevent our competitors from independently developing technologies that are substantially equivalent or superior to our solutions and solution packages.

To protect our intellectual property rights, we may be required to spend significant resources to monitor and protect these rights. Litigation may be necessary in the future to enforce our intellectual property rights and to protect our trade secrets. Such litigation could be costly, time consuming and distracting to management and could result in the impairment or loss of portions of our intellectual property. Furthermore, our efforts to enforce our intellectual property rights may be met with defenses, counterclaims and countersuits attacking the validity and enforceability of our intellectual property rights. Our inability to protect our proprietary technology against unauthorized copying or use, as well as any costly litigation or diversion of our management’s attention and resources, could delay further sales or the implementation of our solutions and solution packages, impair the functionality of our solutions, delay introductions of new solutions and solution packages, result in our substituting inferior or more costly technologies into our solutions, or injure our reputation. In addition, we may be required to license additional technology from third parties to develop and market new solutions and solution packages, and we cannot assure you that we could license that technology on commercially reasonable terms or at all, and our inability to license this technology could harm our ability to compete.

Our results of operations may be harmed if we are subject to an infringement claim or a claim that results in a significant damage award.

Other companies have claimed in the past, and may claim in the future, that we infringe upon their intellectual property rights. A claim may also be made relating to technology that we acquire or license from third parties. Because of constant technological change in the segments in which we compete, the extensive patent coverage of existing technologies, and the rapid rate of issuance of new patents, it is possible that the number of these claims may grow. If we were subject to a claim of infringement, regardless of the merit of the claim or our defenses, the claim could:

require costly litigation to resolve and/or the payment of substantial damages or other amounts to settle such disputes;

36

Table of Contents

require significant management time;
cause us to enter into unfavorable royalty or license agreements, if such arrangements are available at all;
require us to discontinue the sale of some or all of our offerings, or to remove or reduce features or functionality of our solutions and solution packages;
require us to indemnify our customers or third-party service providers; and/or
require us to expend additional development resources to redesign our solutions and/or solution packages.

Any one or more of the above could adversely affect our business, results of operations and financial condition.

Our use of open source software in our offerings could negatively affect our ability to sell our solutions and solution packages and subject us to possible litigation.

We use software modules licensed to us by third-party authors under “open source” licenses in our offerings. Some open source licenses require that users of the applicable software make available source code for modifications or derivative works created using that open source software. If we were to combine our proprietary software with open source software in a certain manner, we could, under certain open source licenses, be required to release or otherwise make available the source code of our proprietary software to the public. This would allow our competitors to create similar products with lower development effort and time and ultimately could result in a loss of sales for us.

Although we monitor our compliance with open source licenses and attempt to protect our proprietary source code from the effects stated above, we may inadvertently use open source software in a manner we do not intend and that could expose us to claims for breach of contract and intellectual property infringement. In addition, the terms of many open source licenses have not been interpreted by United States courts, and there is a risk that these licenses could be construed in a way that could impose unanticipated conditions or restrictions on our ability to commercialize our solutions and solution packages. If we are held to have breached the terms of an open source software license, we could be required to seek licenses from third parties to continue providing our offerings on terms that are not economically feasible, to re-engineer our offerings, to discontinue the sale of our offerings if re-engineering cannot be accomplished on a timely basis, or to make generally available, in source code form, a portion of our proprietary code, any of which could adversely affect our business, results of operations and financial condition. In addition to the risks described above, usage of open source software typically exposes us to greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or assurance of title or controls on the functionality or origin of the software. Many of the risks associated with usage of open source software, such as the lack of warranties or assurances of title, cannot be eliminated, and could, if not properly addressed, negatively affect our business. We have established processes to help alleviate these risks, including a review process for screening requests from our development organizations for the use of open source software, but we cannot be sure that our processes for controlling our use of open source software in our offerings will be effective. Use of open source software may also present additional security risks because the public availability of such software may make it easier for hackers and other third parties to determine how to compromise our offerings.

We rely on SaaS vendors to operate certain functions of our business and any failure of such vendors to provide services to us could adversely impact our business and operations.

We rely on third-party SaaS vendors to operate certain critical functions of our business, including financial management, human resource management and customer relationship management. If these services become unavailable due to extended outages or interruptions or because they are no longer available on commercially reasonable terms or prices, our expenses could increase, our ability to manage our finances could be interrupted and our processes for managing sales of our solutions and solution packages and supporting our

37

Table of Contents

customers could be impaired until equivalent services, if available, are identified, obtained and integrated, all of which could harm our business.

Indemnity provisions in various agreements potentially expose us to substantial liability for intellectual property infringement and other losses.

Our agreements with customers and other third parties may include indemnification or other provisions under which we agree to indemnify them for losses suffered or incurred as a result of claims of intellectual property infringement, damage caused by us to property or persons, or other liabilities relating to or arising from the use of our platform or other acts or omissions. The term of these contractual provisions often survives termination or expiration of the applicable agreement. As we continue to grow, the possibility of infringement claims and other intellectual property rights claims against us may increase. For any intellectual property rights indemnification claim against us or our customers, we may incur significant legal expenses and may have to pay damages, settlement fees, license fees and/or stop using technology found to be in violation of the third-party’s rights. Large indemnity payments could harm our business, results of operations and financial condition. We may also have to seek a license for the infringing or allegedly infringing technology. Such license may not be available on reasonable terms, if at all, and may significantly increase our operating expenses or may require us to restrict our business activities and limit our ability to deploy certain offerings. As a result, we may also be required to develop alternative non-infringing technology, which could require significant effort and expense and/or cause us to alter our platform, solutions or solution packages, which could negatively affect our business. In addition, we may be subject to increased risk of infringement claims as a result of our use of open source software given that our agreements with our customers generally do not exclude open source software from the intellectual property indemnity we contractually agree to provide for our offerings.

From time to time, customers require us to indemnify them for breach of confidentiality, violation of applicable law or failure to implement adequate security measures with respect to their data stored, transmitted, or accessed using our platform. Although we normally contractually limit our liability with respect to such obligations, the existence of such a dispute may have adverse effects on our customer relationship and reputation and we may still incur substantial liability related to them.

Any assertions by a third party, whether or not successful, with respect to such indemnification obligations could subject us to costly and time-consuming litigation, expensive remediation and licenses, divert management attention and financial resources, harm our relationship with that customer and other current and prospective customers, reduce demand for our platform and result in our brand, business, results of operations and financial condition being adversely affected.

We may be subject to liability claims if we breach our contracts and our insurance may be inadequate to cover our losses.

We are subject to numerous obligations in our contracts with our customers and strategic partners. Despite the procedures, systems and internal controls we have implemented to comply with our contracts, we may breach these commitments, whether through a weakness in these procedures, systems and internal controls, negligence or the willful act of an employee or contractor.

Our insurance policies, including our errors and omissions insurance, may be inadequate to compensate us for the potentially significant losses that may result from claims arising from breaches of our contracts, disruptions in our services, including those caused by cybersecurity incidents, failures or disruptions to our infrastructure, catastrophic events and disasters or otherwise. In addition, such insurance may not be available to us in the future on economically reasonable terms, or at all. Further, our insurance may not cover all claims made against us and defending a suit, regardless of its merit, could be costly and divert management’s attention.

Our customers may fail to pay us in accordance with the terms of their agreements, necessitating action by us to compel payment.

If customers fail to pay us under the terms of our agreements, we may be adversely affected both from the inability to collect amounts due and the cost of enforcing the terms of our contracts, including related litigation.

38

Table of Contents

Furthermore, some of our customers may seek bankruptcy protection or other similar relief and fail to pay amounts due to us, or pay those amounts more slowly, either of which could adversely affect our business, results of operations and financial condition.

Because our long-term success depends, in part, on our ability to expand the sales of our solutions and solution packages to customers located outside of the United States, our business will be susceptible to risks associated with international operations.

We currently have international operations in the United Kingdom, Canada, Australia, France, Germany, India, Israel, the Netherlands and Switzerland. For the year ended December 31, 2019, our international revenue was 22% of our total revenue. Any efforts that we may undertake to increase our international revenue may not be successful. In addition, continuing to expand our international footprint with our solutions and solution packages subjects us to new risks, some of which we have not generally faced in the United States. These risks include, among other things:

unexpected costs and errors in the localization of our solutions and solution packages, including translation into foreign languages and adaptation for local practices and regulatory requirements;
difficulties in developing and executing an effective go-to-market strategy in various locations;
lack of familiarity and burdens of complying with foreign laws, legal standards, privacy standards, regulatory requirements, tariffs and other barriers;
laws and business practices favoring local competitors or commercial parties;
costs and liabilities related to compliance with foreign privacy, data protection and information security laws and regulations, including the GDPR, and the risks and costs of noncompliance;
greater risk of a failure of foreign employees, partners, distributors and resellers to comply with both U.S. and foreign laws, including antitrust regulations, anti-bribery laws, export and import control laws, and any applicable trade regulations ensuring fair trade practices;
practical difficulties of enforcing intellectual property rights in countries with fluctuating laws and standards and reduced or varied protection for intellectual property rights in some countries, and specific legal requirements in certain countries that might place us at a greater risk of our technologies being subject to reverse engineering or copying;
unexpected changes in global, economic and political landscapes;
unexpected changes in regulatory requirements, taxes, trade laws, tariffs, export quotas, custom duties or other trade restrictions;
difficulties in managing system integrators and technology partners;
differing technology standards;
longer accounts receivable payment cycles and difficulties in collecting accounts receivable;
difficulties in managing and staffing international operations and differing employer/employee relationships and local employment laws;
political unrest, war, or terrorism, or regional natural disasters, particularly in areas in which we have facilities;

39

Table of Contents

fluctuations in exchange rates that may increase the volatility of our foreign-based revenue; and
potentially adverse tax consequences, including the complexities of foreign value added tax (or other tax) systems and restrictions on the repatriation of earnings.

Additionally, operating in international markets also requires significant management attention and financial resources. We cannot be certain that the investment and additional resources required in establishing operations in other countries will produce desired levels of revenue or profitability.

In addition, some of our business functions, such as research and development, may be siloed geographically, which may adversely affect the integration of our operations on a global scale.

We have limited experience in marketing, selling and supporting our platform abroad. Our limited experience in operating our business internationally increases the risk that any potential future expansion efforts that we may undertake will not be successful. If we invest substantial time and resources to increase our international revenue and are unable to do so successfully and in a timely manner, our business and results of operations will suffer.

We may face exposure to foreign currency exchange rate fluctuations.

Today, our international contracts are usually denominated in local currencies and the majority of our international costs are denominated in local currencies. Over time, an increasing portion of our international contracts may be denominated in local currencies. Therefore, fluctuations in the value of the U.S. dollar and foreign currencies may affect our results of operations when translated into U.S. dollars. We do not currently engage in currency hedging activities to limit the risk of exchange rate fluctuations. However, in the future, we may use derivative instruments, such as foreign currency forward and option contracts, to hedge certain exposures to fluctuations in foreign currency exchange rates. The use of such hedging activities may not offset any or more than a portion of the adverse financial effects of unfavorable movements in foreign exchange rates over the limited time the hedges are in place. Moreover, the use of hedging instruments may introduce additional risks if we are unable to structure effective hedges with such instruments.

Exposure to political developments in the United Kingdom, including the exit from the EU, could harm us.

Following the result of a referendum in 2016, the United Kingdom (the “U.K.”) left the EU on January 31, 2020, commonly referred to as Brexit.  Pursuant to the formal withdrawal arrangements agreed between the U.K. and EU, the U.K. will be subject to a transition period until December 31, 2020 (the “Transition Period”), during which EU rules will continue to apply.  Negotiations between the U.K. and the EU are expected to continue in relation to the customs and trading relationship between the U.K. and the EU following the expiration of the Transition Period.  

The uncertainty concerning the U.K.’s legal, political and economic relationship with the EU after the Transition Period may be a source of instability in the international markets, create significant currency fluctuations, and/or otherwise adversely affect trading agreements or similar cross-border co-operation arrangements (whether economic, tax, fiscal, legal, regulatory or otherwise).  We may also face new regulatory costs and challenges as a result of Brexit (including potentially divergent national laws and regulations between the U.K. and EU) that could have an adverse effect on our operations. For example, the U.K. could lose the benefits of global trade agreements negotiated by the EU on behalf of its members, which may result in increased trade barriers that could make our doing business in the EU and the European Economic Area more difficult.

Our international operations may give rise to potentially adverse tax consequences.

Our corporate structure and associated transfer pricing policies anticipate future growth into the international markets. The amount of taxes we pay in different jurisdictions may depend on the application of the tax laws of the various jurisdictions, including the United States, to our international business activities, changes in tax

40

Table of Contents

rates, new or revised tax laws or interpretations of existing tax laws and policies and our ability to operate our business in a manner consistent with our corporate structure and intercompany arrangements. The taxing authorities of the jurisdictions in which we operate may challenge our methodologies for pricing intercompany transactions, which are generally required to be computed on an arm’s-length basis pursuant to intercompany arrangements or disagree with our determinations as to the income and expenses attributable to specific jurisdictions. If such a challenge or disagreement were to occur, and our position was not sustained, we could be required to pay additional taxes, interest and penalties, which could result in one-time tax charges, higher effective tax rates, reduced cash flows and lower overall profitability of our operations. Our financial statements could fail to reflect adequate reserves to cover such a contingency.

Changes in tax laws or regulations in the various tax jurisdictions we are subject to that are applied adversely to us or our customers could increase the costs of our solutions and solution packages and harm our business.

New income, sales, use or other tax laws, statutes, rules, regulations or ordinances could be enacted at any time. Those enactments could harm our domestic and international business operations, and our business and financial performance. Further, existing tax laws, statutes, rules, regulations or ordinances could be interpreted, changed, modified or applied adversely to us. These events could require us or our customers to pay additional tax amounts on a prospective or retroactive basis, as well as require us or our customers to pay fines and/or penalties and interest for past amounts deemed to be due. If we raise our prices to offset the costs of these changes, existing and potential future customers may elect not to purchase our solutions and/or solution packages in the future. Additionally, new, changed, modified or newly interpreted or applied tax laws could increase our customers’ and our compliance, operating and other costs, as well as the costs of our solutions and solution packages. Further, these events could decrease the capital we have available to operate our business. Any or all of these events could harm our business and financial performance.

Comprehensive tax reform legislation could adversely affect our business and financial condition.

On December 22, 2017, tax reform legislation known as the Tax Cuts and Jobs Act (the “Tax Act”) was enacted in the United States. The Tax Act, among other things, included changes to U.S. federal tax rates, imposed significant additional limitations on the deductibility of interest and net operating loss carryforwards and allowed for the expensing of capital expenditures.  Accounting for the income tax effects of the Tax Act and subsequent guidance issued required complex new calculations to be performed and significant judgments in interpreting the legislation. Additional guidance may be issued on how the provisions of the Tax Act will be applied or otherwise administered that is different from our interpretation, which could result in adjustments to the income tax effects of the Tax Act that we have recorded at December 31, 2019. These adjustments could have a negative impact on our business and financial condition.

If we cannot maintain our corporate culture as we grow, our business may be harmed.

We believe that our corporate culture has been a critical component to our success and that our culture creates an environment that drives and perpetuates our overall business strategy. We have invested substantial time and resources in building our team and we expect to continue to hire aggressively as we expand, including with respect to our international operations. As we grow and mature as a public company and grow internationally, we may find it difficult to maintain our corporate culture. Any failure to preserve our culture could negatively affect our future success, including our ability to recruit and retain personnel and effectively focus on and pursue our business strategy.

As a result of becoming a public company in September 2019, we are obligated to develop and maintain proper and effective internal control over financial reporting in order to comply with Section 404 of the Sarbanes-Oxley Act. We may not complete our analysis of our internal control over financial reporting in a timely manner, or these internal controls may not be determined to be effective, which may adversely affect investor confidence in us and, as a result, the value of our common stock.

Our management is responsible for establishing and maintaining adequate internal control over financial reporting. Internal control over financial reporting is a process designed to provide reasonable assurance

41

Table of Contents

regarding the reliability of financial reporting and the preparation of financial statements in accordance with GAAP. We are in the very early stages of the costly and challenging process of compiling the system and processing documentation necessary to perform the evaluation needed to comply with Section 404 of the Sarbanes-Oxley Act. We may not be able to complete our evaluation, testing and any required remediation in a timely fashion. If we are unable to assert that our internal control over financial reporting is effective, we could lose investor confidence in the accuracy and completeness of our financial reports, which would cause the price of our common stock to decline, and we may be subject to investigation or sanctions by the SEC.

We will be required, pursuant to Section 404 of the Sarbanes-Oxley Act, to furnish a report by management on, among other things, the effectiveness of our internal control over financial reporting as of the end of the fiscal year that coincides with the filing of our second annual report on Form 10-K. This assessment will need to include disclosure of any material weaknesses identified by our management in our internal control over financial reporting. We are required to disclose changes made in our internal control and procedures on a quarterly basis. However, our independent registered public accounting firm will not be required to report on the effectiveness of our internal control over financial reporting pursuant to Section 404 of the Sarbanes-Oxley Act until the later of the year following our first annual report required to be filed with the SEC, or the date we are no longer an “emerging growth company” as defined in the Jumpstart Our Business Startups Act of 2012 (the “JOBS Act”) if we take advantage of the exemptions contained in the JOBS Act. At such time, our independent registered public accounting firm may issue a report that is adverse in the event, in their opinion, that we have not maintained, in all material respects, effective internal control over financial reporting based on criteria established in Internal Control – Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission (“COSO”).

Additionally, the existence of any material weakness or significant deficiency would require management to devote significant time and incur significant expense to remediate any such material weaknesses or significant deficiencies and management may not be able to remediate any such material weaknesses or significant deficiencies in a timely manner. The existence of any material weakness in our internal control over financial reporting could also result in errors in our financial statements that could require us to restate our financial statements, cause us to fail to meet our reporting obligations and cause shareholders to lose confidence in our reported financial information, all of which could materially and adversely affect our business and stock price. To comply with the requirements of being a public company, we may need to undertake various costly and time-consuming actions, such as implementing new internal controls and procedures and hiring accounting or internal audit staff, which may adversely affect our business, financial condition and results of operations.

As was previously disclosed in our Quarterly Report on Form 10-Q for the quarter ended September 30, 2019, we reported a material weakness in controls related to the quarterly accounting for income taxes. During the year ended December 31, 2019, we completed the remediation measures related to our previously reported material weakness. However, completion of remediation does not provide assurance that our remediated controls will continue to operate properly or that our financial statements will be free from error.

Our management team has limited experience managing a public company.

Most members of our management team have limited experience managing a publicly traded company, interacting with public company investors, and complying with the increasingly complex laws pertaining to public companies. Our management team may not successfully or efficiently manage us as a public company that is subject to significant regulatory oversight and reporting obligations under the federal securities laws and the continuous scrutiny of securities analysts and investors. These new obligations and constituents require significant attention from our senior management and could divert their attention away from the day to day management of our business, which could adversely affect our business, results of operations and financial condition.

We face risks associated with having operations and employees located in Israel.

We have an office and employees located in Israel. As a result, political, economic, and military conditions in Israel directly affect our operations. The future of peace efforts between Israel and its Arab neighbors remains uncertain. There has been a significant increase in hostilities and political unrest between Hamas and Israel in

42

Table of Contents

the past few years. The effects of these hostilities and violence on the Israeli economy and our operations in Israel are unclear, and we cannot predict the effect on us of further increases in these hostilities or future armed conflict, political instability or violence in the region. Current or future tensions and conflicts in the Middle East could adversely affect our business, operating results, financial condition and cash flows.

In addition, many of our employees in Israel are obligated to perform annual reserve duty in the Israeli military and are subject to being called for active duty under emergency circumstances. We cannot predict the full impact of these conditions on us in the future, particularly if emergency circumstances or an escalation in the political situation occurs. If many of our employees in Israel are called for active duty for a significant period of time, our operations and our business could be disrupted and may not be able to function at full capacity. Any disruption in our operations in Israel could adversely affect our business.

A portion of our revenue is generated by sales to government entities, which are subject to a number of challenges and risks, such as increased competitive pressures, administrative delays and additional approval requirements.

A portion of our revenue is generated by sales to U.S. and foreign federal, state and local governmental agency customers, and we may in the future increase sales to government entities. Selling to government entities can be highly competitive, expensive and time consuming, often requiring significant upfront time and expense without any assurance that we will complete a sale or imposing terms of sale which are less favorable than the prevailing market terms. Government demand and payment for our solutions, solution packages and services may be impacted by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our solutions and solution packages. Governments routinely investigate and audit government contractors’ administrative processes and any unfavorable audit could result in fines, civil or criminal liability, further investigations, damage to our reputation and debarment from further government business.

Catastrophic events may disrupt our business.

Natural disasters, pandemics or other catastrophic events may cause damage or disruption to our operations, international commerce and the global economy, and thus could harm our business. In the event of a major earthquake, hurricane or catastrophic event such as fire, power loss, telecommunications failure, cyberattack, pandemic, war or terrorist attack, we may be unable to continue our operations and may endure system interruptions, reputational harm, delays in our application development, lengthy interruptions in our solutions, breaches of data security and loss of critical data, all of which could adversely affect our business, results of operations and financial condition. In addition, the insurance we maintain may not be adequate to cover our losses resulting from disasters or other business interruptions.

The emerging Coronavirus outbreak may have a negative impact on worldwide economic activity and our business.

The recent outbreak in China of the Coronavirus Disease 2019 (“COVID-19”), which has been declared by the World Health Organization to be a “public health emergency of international concern,” has spread across the globe and is impacting worldwide economic activity and financial markets. COVID-19 may disrupt our operations and the operations of our suppliers, customers, channel partners and system integrators and other business partners for an indefinite period of time, including as a result of travel restrictions and/or business shutdowns. For example, travel restrictions at our channel partners and system integrators may result in lengthier sales cycles. This is a rapidly evolving situation and the impact of COVID-19 on the global economy and our business is uncertain at this time. While it is not possible at this time to estimate the impact that COVID-19 could have on worldwide economic activity and our business, the continued spread of COVID-19 and the measures taken by the governments, businesses and other organizations in response to COVID-19 could adversely impact our business, financial condition or results of operations.

43

Table of Contents

Risks Relating to Our Indebtedness

Our existing indebtedness could adversely affect our business and growth prospects.

As of December 31, 2019, we had total current and long-term indebtedness outstanding of $52.9 million, including $52.2 million outstanding under our current revolving credit facility (the “2019 Revolving Credit Facility”) and $0.7 million of outstanding letters of credit. On December 12, 2019, we repaid all outstanding borrowings under our then existing term loan facility (our “2018 Term Loan Facility”) and our then existing revolving credit facility (our “2018 Revolving Credit Facility,” and together with the 2018 Term Loan Facility, our “2018 Credit Facilities”) and in connection therewith we entered into a new credit agreement (the “2019 Credit Agreement”) providing for the 2019 Revolving Credit Facility with an initial $150.0 million in commitments for revolving loans. In addition, the 2019 Credit Agreement provides us with the ability to request incremental term loan facilities (our “2019 Term Loan Facility” and, together with the 2019 Revolving Credit Facility, our “2019 Credit Facilities”) in a minimum amount of $10 million for each facility, subject to certain conditions. All obligations under the 2019 Credit Agreement are secured by first priority perfected security interests in substantially all of our assets and the assets of our subsidiaries, subject to permitted liens and other exceptions. Our indebtedness, or any additional indebtedness we may incur, could require us to divert funds identified for other purposes for debt service and impair our liquidity position. If we cannot generate sufficient cash flow from operations to service our debt, we may need to refinance our debt, dispose of assets or issue equity to obtain necessary funds. We do not know whether we will be able to take any of these actions on a timely basis, on terms satisfactory to us or at all.

Our indebtedness, the cash flow needed to satisfy our debt and the covenants contained in our 2019 Credit Agreement have important consequences, including:

limiting funds otherwise available for financing our capital expenditures by requiring us to dedicate a portion of our cash flows from operations to the repayment of debt and the interest on this debt;
limiting our ability to incur additional indebtedness;
limiting our ability to capitalize on significant business opportunities;
making us more vulnerable to rising interest rates; and
making us more vulnerable in the event of a downturn in our business.

Our level of indebtedness may place us at a competitive disadvantage to our competitors that are not as highly leveraged. Fluctuations in interest rates can increase borrowing costs. Increases in interest rates may directly impact the amount of interest we are required to pay and reduce earnings accordingly. In addition, developments in tax policy, such as the disallowance of tax deductions for interest paid on outstanding indebtedness, could have an adverse effect on our liquidity and our business, financial conditions and results of operations. Further, our 2019 Credit Agreement contains customary affirmative and negative covenants and certain restrictions on operations that could impose operating and financial limitations and restrictions on us, including restrictions on our ability to enter into particular transactions and to engage in other actions that we may believe are advisable or necessary for our business.

We expect to use cash flow from operations to meet current and future financial obligations, including funding our operations, debt service requirements and capital expenditures. The ability to make these payments depends on our financial and operating performance, which is subject to prevailing economic, industry and competitive conditions and to certain financial, business, economic and other factors beyond our control.

44

Table of Contents

Despite current indebtedness levels and restrictive covenants, we may still be able to incur substantially more indebtedness or make certain restricted payments, which could further exacerbate the risks associated with our substantial indebtedness.

We may be able to incur significant additional indebtedness in the future. Although the financing documents governing our 2019 Credit Facilities contain restrictions on the incurrence of additional indebtedness and liens, these restrictions are subject to a number of important qualifications and exceptions, and the additional indebtedness and liens incurred in compliance with these restrictions could be substantial.

The financing documents governing our 2019 Credit Facilities permit us to incur certain additional indebtedness, including liabilities that do not constitute indebtedness as defined in the financing documents. We may also consider investments in joint ventures or acquisitions, which may increase our indebtedness. In addition, financing documents governing our 2019 Credit Facilities do not restrict Vista from creating new holding companies that may be able to incur indebtedness without regard to the restrictions set forth in the financing documents governing our 2019 Credit Facilities. If new debt is added to our currently anticipated indebtedness levels, the related risks that we face could intensify.

We may not be able to generate sufficient cash flow to service all of our indebtedness, and may be forced to take other actions to satisfy our obligations under such indebtedness, which may not be successful.

Our ability to make scheduled payments or to refinance outstanding debt obligations depends on our financial and operating performance, which will be affected by prevailing economic, industry and competitive conditions and by financial, business and other factors beyond our control. We may not be able to maintain a sufficient level of cash flow from operating activities to permit us to pay the principal, fees, premium, if any, and interest on the our indebtedness. Any failure to make payments of interest and principal on our outstanding indebtedness on a timely basis would likely result in a reduction of our credit rating, which would also harm our ability to incur additional indebtedness.

If our cash flows and capital resources are insufficient to fund our debt service obligations, we may be forced to reduce or delay capital expenditures, sell assets, seek additional capital or seek to restructure or refinance our indebtedness. Any refinancing of our indebtedness could be at higher interest rates and may require us to comply with more onerous covenants. These alternative measures may not be successful and may not permit us to meet our scheduled debt service obligations. In the absence of such cash flows and resources, we could face substantial liquidity problems and might be required to sell material assets or operations to attempt to meet our debt service obligations. The financing documents governing our 2019 Credit Facilities restrict our ability to conduct asset sales and/or use the proceeds from asset sales. We may not be able to consummate these asset sales to raise capital or sell assets at prices and on terms that we believe are fair and any proceeds that we do receive may not be adequate to meet any debt service obligations then due. If we cannot meet our debt service obligations, the holders of our indebtedness may accelerate such indebtedness and, to the extent such indebtedness is secured, foreclose on our assets. In such an event, we may not have sufficient assets to repay all of our indebtedness.

The terms of the financing documents governing our 2019 Credit Facilities restrict our current and future operations, particularly our ability to respond to changes or to take certain actions.

The financing documents governing our 2019 Credit Facilities contain a number of restrictive covenants that impose significant operating and financial restrictions on us and may limit our ability to engage in acts that may be in our long-term best interests, including restrictions on our ability to:

incur additional indebtedness;
pay dividends on or make distributions in respect of capital stock or repurchase or redeem capital stock;

45

Table of Contents

prepay, redeem or repurchase certain indebtedness;
make loans and investments;
sell or otherwise dispose of assets, including capital stock of restricted subsidiaries;
incur liens;
enter into transactions with affiliates; and
consolidate, merge or sell all or substantially all of our assets.

The restrictive covenants in the financing documents governing our 2019 Credit Facilities require us to maintain specified financial ratios and satisfy other financial condition tests to the extent applicable. Our ability to meet those financial ratios and tests can be affected by events beyond our control.

A breach of the covenants or restrictions under the financing documents governing our 2019 Credit Facilities could result in an event of default under such documents. Such a default may allow the creditors to accelerate the related debt, which may result in the acceleration of any other debt to which a cross-acceleration or cross-default provision applies. In the event the holders of our indebtedness accelerate the repayment, we may not have sufficient assets to repay that indebtedness or be able to borrow sufficient funds to refinance it. Even if we are able to obtain new financing, it may not be on commercially reasonable terms or on terms acceptable to us. As a result of these restrictions, we may be:

limited in how we conduct our business;
unable to raise additional debt or equity financing to operate during general economic or business downturns; or
unable to compete effectively or to take advantage of new business opportunities.

These restrictions, along with restrictions that may be contained in agreements evidencing or governing other future indebtedness, may affect our ability to grow in accordance with our growth strategy.

We may be unable to refinance our indebtedness.

We may need to refinance all or a portion of our indebtedness before maturity. We cannot assure you that we will be able to refinance any of our indebtedness on commercially reasonable terms or at all. There can be no assurance that we will be able to obtain sufficient funds to enable us to repay or refinance our debt obligations on commercially reasonable terms, or at all.

A lowering or withdrawal of the ratings assigned to our debt securities by rating agencies may increase our future borrowing costs and reduce our access to capital.

Our debt currently has a non-investment grade rating, and any rating assigned could be lowered or withdrawn entirely by a rating agency if, in that rating agency’s judgment, future circumstances relating to the basis of the rating, such as adverse changes, so warrant. Any future lowering of our ratings likely would make it more difficult or more expensive for us to obtain additional debt financing.

Our failure to raise additional capital or generate cash flows necessary to expand our operations and invest in new technologies in the future could reduce our ability to compete successfully and harm our results of operations.

We may need to raise additional funds, and we may not be able to obtain additional debt or equity financing on favorable terms or at all. If we raise additional equity financing, our security holders may experience significant

46

Table of Contents

dilution of their ownership interests. If we engage in additional debt financing, we may be required to accept terms that restrict our ability to incur additional indebtedness, force us to maintain specified liquidity or other ratios or restrict our ability to pay dividends or make acquisitions. If we need additional capital and cannot raise it on acceptable terms, or at all, we may not be able to, among other things:

develop and enhance our solutions and solution packages;
continue to expand our solution and solution package development, sales and marketing organizations;
hire, train and retain employees;
respond to competitive pressures or unanticipated working capital requirements; or
pursue acquisition opportunities.

In addition, our 2019 Credit Facilities also limit our ability to incur additional debt and therefore we likely would have to amend our 2019 Credit Facilities or issue additional equity to raise capital. If we issue additional equity, your interest in us will be diluted.

Risks Relating to Our Common Stock

Vista controls us, and its interests may conflict with ours or yours in the future.

At December 31, 2019, Vista beneficially owned approximately 80% of our common stock, which means that, based on its percentage voting power held, Vista controlled the vote of all matters submitted to a vote of our board of directors (our “Board”) or shareholders, which enable it to control the election of the members of the Board and all other corporate decisions. In addition, our bylaws provide that Vista has the right to designate the Chairman of the Board for so long as Vista beneficially owns at least 30% or more of the voting power of the then outstanding shares of our capital stock then entitled to vote generally in the election of directors. Even when Vista ceases to own shares of our stock representing a majority of the total voting power, for so long as Vista continues to own a significant percentage of our stock, Vista will still be able to significantly influence the composition of our Board, including the right to designate the Chairman of our Board, and the approval of actions requiring shareholder approval. Accordingly, for such period of time, Vista will have significant influence with respect to our management, business plans and policies, including the appointment and removal of our officers, decisions on whether to raise future capital and amending our charter and bylaws, which govern the rights attached to our common stock. In particular, for so long as Vista continues to own a significant percentage of our stock, Vista will be able to cause or prevent a change of control of us or a change in the composition of our Board, including the selection of the Chairman of our Board, and could preclude any unsolicited acquisition of us. The concentration of ownership could deprive you of an opportunity to receive a premium for your shares of common stock as part of a sale of us and ultimately might affect the market price of our common stock.

In addition, in connection with our IPO, we entered into a Director Nomination Agreement with Vista that provides Vista the right to designate: (i) all of the nominees for election to our Board for so long as Vista beneficially owns 40% or more of the total number of shares of our common stock it owned on the date of our IPO; (ii) a number of directors (rounded up to the nearest whole number) equal to 40% of the total directors for so long as Vista beneficially owns at least 30% and less than 40% of the total number of shares of our common stock it owned on the date of our IPO; (iii) a number of directors (rounded up to the nearest whole number) equal to 30% of the total directors for so long as Vista beneficially owns at least 20% and less than 30% of the total number of shares of our common stock it owned on the date of our IPO; (iv) a number of directors (rounded up to the nearest whole number) equal to 20% of the total directors for so long as Vista beneficially owns at least 10% and less than 20% of the total number of shares of our common stock it owned on the date of our IPO; and (v) one director for so long as Vista beneficially owns at least 5% and less than 10% of the total number of shares of our common stock it owned on the date of our IPO. The Director Nomination Agreement

47

Table of Contents

also provides that Vista may assign such right to a Vista affiliate. The Director Nomination Agreement prohibits us from increasing or decreasing the size of our Board without the prior written consent of Vista.

Vista and its affiliates engage in a broad spectrum of activities, including investments in the information and business services industry generally. In the ordinary course of their business activities, Vista and its affiliates may engage in activities where their interests conflict with our interests or those of our other shareholders, such as investing in or advising businesses that directly or indirectly compete with certain portions of our business or are suppliers or customers of ours. Our certificate of incorporation provides that none of Vista, any of its affiliates or any director who is not employed by us (including any non-employee director who serves as one of our officers in both his director and officer capacities) or its affiliates has any duty to refrain from engaging, directly or indirectly, in the same business activities or similar business activities or lines of business in which we operate. Vista also may pursue acquisition opportunities that may be complementary to our business, and, as a result, those acquisition opportunities may not be available to us. In addition, Vista may have an interest in pursuing acquisitions, divestitures and other transactions that, in its judgment, could enhance its investment, even though such transactions might involve risks to you.

Upon listing of our shares on the NYSE, we became a “controlled company” within the meaning of the rules of the NYSE and, as a result, we qualify for, and currently rely on, exemptions from certain corporate governance requirements. You will not have the same protections as those afforded to stockholders of companies that are subject to such governance requirements.

The Vista Funds control a majority of the voting power of our outstanding common stock. As a result, we are a “controlled company” within the meaning of the corporate governance standards of the NYSE. Under these rules, a company of which more than 50% of the voting power for the election of directors is held by an individual, group or another company is a “controlled company” and may elect not to comply with certain corporate governance requirements, including:

the requirement that a majority of our Board consist of independent directors;
the requirement that we have a nominating and corporate governance committee that is composed entirely of independent directors with a written charter addressing the committee’s purpose and responsibilities;
the requirement that we have a compensation committee that is composed entirely of independent directors with a written charter addressing the committee’s purpose and responsibilities; and
the requirement for an annual performance evaluation of the nominating and corporate governance and compensation committees.

We intend to continue to utilize these exemptions. As a result, currently, we do not have a majority of independent directors on our Board, our Compensation and Nominating Committee does not consist entirely of independent directors and our Compensation and Nominating Committee is not subject to annual performance evaluations. Accordingly, you will not have the same protections afforded to stockholders of companies that are subject to all of the corporate governance requirements of the NYSE.

For so long as we are an “emerging growth company,” we will not be required to comply with certain public company reporting requirements, which could make our common stock less attractive to investors.

We are an “emerging growth company,” as defined in the JOBS Act. For as long as we continue to be an emerging growth company, we are eligible for certain exemptions from various public company reporting requirements. These exemptions include, but are not limited to, (i) not being required to comply with the auditor attestation requirements of Section 404 of Sarbanes-Oxley, (ii) reduced disclosure obligations regarding executive compensation in our periodic reports, proxy statements and registration statements, (iii) exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and shareholder

48

Table of Contents

approval of any golden parachute payments not previously approved and (iv) not being required to provide audited financial statements for the year ended December 31, 2016 in our final prospectus (the “IPO Prospectus”) for our IPO, dated as of September 18, 2019 and filed with the SEC pursuant to Rule 424(b)(4) under the Securities Act of 1933, as amended, or five years of Selected Consolidated Financial Data in our IPO Prospectus or this Annual Report on Form 10-K. We could be an emerging growth company for up to five years after the first sale of our common stock in our IPO, which fifth anniversary will occur in 2024. However, if certain events occur prior to the end of such five-year period, including if we become a “large accelerated filer,” our annual gross revenue exceeds $1.07 billion or we issue more than $1.0 billion of non-convertible debt in any three-year period, we would cease to be an emerging growth company prior to the end of such five-year period. We made certain elections with regard to the reduced disclosure obligations regarding executive compensation in our IPO Prospectus and may elect to take advantage of other reduced disclosure obligations in future filings. As a result, the information that we provide to holders of our common stock may be different than you might receive from other public reporting companies in which you hold equity interests. We cannot predict if investors will find our common stock less attractive as a result of our reliance on these exemptions. If some investors find our common stock less attractive as a result of any choice we make to reduce disclosure, there may be a less active trading market for our common stock and the market price for our common stock may be more volatile.

Under the JOBS Act, emerging growth companies may also elect to delay adoption of new or revised accounting standards until such time as those standards apply to private companies. We have elected to “opt-in” to this extended transition period for complying with new or revised accounting standards and, therefore, we will not be subject to the same new or revised accounting standards as other public companies that comply with such new or revised accounting standards on a non-delayed basis.

The requirements of being a public company may strain our resources and distract our management, which could make it difficult to manage our business, particularly after we are no longer an “emerging growth company.”

As a public company, we incur legal, accounting and other expenses that we did not previously incur. We are subject to the reporting requirements of the Securities Exchange Act of 1934, as amended (the “Exchange Act”) and the Sarbanes-Oxley Act, the listing requirements of the NYSE and other applicable securities rules and regulations. Compliance with these rules and regulations will continue to increase our legal and financial compliance costs, make some activities more difficult, time-consuming or costly and increase demand on our systems and resources, particularly after we are no longer an “emerging growth company.” The Exchange Act requires that we file annual, quarterly and current reports with respect to our business, financial condition and results of operations. The Sarbanes-Oxley Act requires, among other things, that we establish and maintain effective internal controls and procedures for financial reporting. Furthermore, the need to establish the corporate infrastructure demanded of a public company may divert our management’s attention from implementing our growth strategy, which could prevent us from improving our business, financial condition and results of operations. We have made, and will continue to make, changes to our internal controls and procedures for financial reporting and accounting systems to meet our reporting obligations as a public company. However, the measures we take may not be sufficient to satisfy our obligations as a public company. In addition, these rules and regulations will increase our legal and financial compliance costs and will make some activities more time-consuming and costly. For example, we expect these rules and regulations to make it more difficult and more expensive for us to obtain director and officer liability insurance, and we may be required to incur substantial costs to maintain the same or similar coverage. These additional obligations could have a material adverse effect on our business, financial condition and results of operations.

In addition, changing laws, regulations and standards relating to corporate governance and public disclosure are creating uncertainty for public companies, increasing legal and financial compliance costs and making some activities more time consuming. These laws, regulations and standards are subject to varying interpretations, in many cases due to their lack of specificity, and, as a result, their application in practice may evolve over time as new guidance is provided by regulatory and governing bodies. This could result in continuing uncertainty regarding compliance matters and higher costs necessitated by ongoing revisions to disclosure and governance practices. We intend to invest resources to comply with evolving laws, regulations and standards, and this investment may result in increased general and administrative expenses and a diversion of our management’s time and attention from sales-generating activities to compliance activities. If our efforts to comply with new

49

Table of Contents

laws, regulations and standards differ from the activities intended by regulatory or governing bodies due to ambiguities related to their application and practice, regulatory authorities may initiate legal proceedings against us and could have a material adversely effect on our business, financial condition and results of operations.

Provisions of our corporate governance documents could make an acquisition of us more difficult and may prevent attempts by our shareholders to replace or remove our current management, even if beneficial to our shareholders.

In addition to Vista’s beneficial ownership of 80% of our common stock as of December 31, 2019, our certificate of incorporation and bylaws and the Delaware General Corporation Law (the “DGCL”) contain provisions that could make it more difficult for a third party to acquire us, even if doing so might be beneficial to our shareholders. Among other things:

these provisions allow us to authorize the issuance of undesignated preferred stock, the terms of which may be established and the shares of which may be issued without shareholder approval, and which may include supermajority voting, special approval, dividend, or other rights or preferences superior to the rights of shareholders;
these provisions provide for a classified board of directors with staggered three-year terms;
these provisions provide that, at any time when Vista beneficially owns, in the aggregate, less than 40% in voting power of the our stock entitled to vote generally in the election of directors, directors may only be removed for cause, and only by the affirmative vote of holders of at least 662/3% in voting power of all the then-outstanding shares of our stock entitled to vote thereon, voting together as a single class;
these provisions prohibit shareholder action by written consent from and after the date on which Vista beneficially owns, in the aggregate, less than 35% in voting power of our stock entitled to vote generally in the election of directors;
these provisions provide that for as long as Vista beneficially owns, in the aggregate, at least 50% in voting power of our stock entitled to vote generally in the election of directors, any amendment, alteration, rescission or repeal of our bylaws by our shareholders will require the affirmative vote of a majority in voting power of the outstanding shares of our stock and at any time when Vista beneficially owns, in the aggregate, less than 50% in voting power of all outstanding shares of our stock entitled to vote generally in the election of directors, any amendment, alteration, rescission or repeal of our bylaws by our shareholders will require the affirmative vote of the holders of at least 662/3% in voting power of all the then-outstanding shares of our stock entitled to vote thereon, voting together as a single class; and
these provisions establish advance notice requirements for nominations for elections to our Board or for proposing matters that can be acted upon by shareholders at shareholder meetings; provided, however, at any time when Vista beneficially owns, in the aggregate, at least 10% in voting power of our stock entitled to vote generally in the election of directors, such advance notice procedure will not apply to it.

Our certificate of incorporation contains a provision that provides us with protections similar to Section 203 of the DGCL and prevents us from engaging in a business combination with a person (excluding Vista and any of its direct or indirect transferees and any group as to which such persons are a party) who acquires at least 15% of our common stock for a period of three years from the date such person acquired such common stock, unless Board or shareholder approval is obtained prior to the acquisition. These provisions could discourage, delay or prevent a transaction involving a change in control of our company. These provisions could also discourage proxy contests and make it more difficult for you and other shareholders to elect directors of your choosing and cause us to take other corporate actions you desire, including actions that you may deem advantageous, or negatively affect the trading price of our common stock. In addition, because our Board is responsible for

50

Table of Contents

appointing the members of our management team, these provisions could in turn affect any attempt by our shareholders to replace current members of our management team.

These and other provisions in our certificate of incorporation, bylaws and Delaware law could make it more difficult for shareholders or potential acquirers to obtain control of our Board or initiate actions that are opposed by our then-current Board, including delay or impede a merger, tender offer or proxy contest involving our company. The existence of these provisions could negatively affect the price of our common stock and limit opportunities for you to realize value in a corporate transaction.

Our certificate of incorporation designates the Court of Chancery of the State of Delaware as the exclusive forum for certain litigation that may be initiated by our shareholders, which could limit our shareholders’ ability to obtain a favorable judicial forum for disputes with us.

Pursuant to our certificate of incorporation, unless we consent in writing to the selection of an alternative forum, the Court of Chancery of the State of Delaware is the sole and exclusive forum for (1) any derivative action or proceeding brought on our behalf, (2) any action asserting a claim of breach of a fiduciary duty owed by any of our directors, officers or other employees to us or our shareholders, (3) any action asserting a claim against us arising pursuant to any provision of the DGCL, our certificate of incorporation or our bylaws or (4) any other action asserting a claim against us that is governed by the internal affairs doctrine; provided that for the avoidance of doubt, the forum selection provision that identifies the Court of Chancery of the State of Delaware as the exclusive forum for certain litigation, including any “derivative action,” will not apply to suits to enforce a duty or liability created by Securities Act, the Exchange Act or any other claim for which the federal courts have exclusive jurisdiction. Our certificate of incorporation further provides that any person or entity purchasing or otherwise acquiring any interest in shares of our capital stock is deemed to have notice of and consented to the provisions of our certificate of incorporation described above. The forum selection clause in our certificate of incorporation may have the effect of discouraging lawsuits against us or our directors and officers and may limit our shareholders’ ability to obtain a favorable judicial forum for disputes with us.

An active, liquid trading market for our common stock may not develop, which may limit your ability to sell your shares.

Our IPO occurred in September 2019. Therefore, there has been a public market for our common stock for a short period of time. Although we have listed our common stock on the NYSE under the symbol “PING,” an active trading market for our common stock may not be sustained. A public trading market having the desirable characteristics of depth, liquidity and orderliness depends upon the existence of willing buyers and sellers at any given time, such existence being dependent upon the individual decisions of buyers and sellers over which neither we nor any market maker has control. The failure of an active and liquid trading market to develop and continue would likely have a material adverse effect on the value of our common stock. The market price of our common stock may decline below the public offering price, and you may not be able to sell your shares of our common stock at or above the price you paid in this offering, or at all. An inactive market may also impair our ability to raise capital to continue to fund operations by issuing shares and may impair our ability to acquire other companies or technologies by using our shares as consideration.

Our operating results and stock price may be volatile, and the market price of our common stock may drop below the price you paid.

Our quarterly operating results are likely to fluctuate in the future. In addition, securities markets worldwide have experienced, and are likely to continue to experience, significant price and volume fluctuations. This market volatility, as well as general economic, market or political conditions, could subject the market price of our shares to wide price fluctuations regardless of our operating performance. Our operating results and the trading price of our shares may fluctuate in response to various factors, including:

market conditions in our industry or the broader stock market;
actual or anticipated fluctuations in our quarterly financial and operating results;

51

Table of Contents

introduction of new solutions, solution packages or services by us or our competitors;
issuance of new or changed securities analysts’ reports or recommendations;
sales, or anticipated sales, of large blocks of our stock;
additions or departures of key personnel;
regulatory or political developments;
litigation and governmental investigations;
changing economic conditions;
investors’ perception of us;
events beyond our control such as weather and war; and
any default on our indebtedness.

These and other factors, many of which are beyond our control, may cause our operating results and the market price and demand for our shares to fluctuate substantially. Fluctuations in our quarterly operating results could limit or prevent investors from readily selling their shares and may otherwise negatively affect the market price and liquidity of our shares. In addition, in the past, when the market price of a stock has been volatile, holders of that stock have sometimes instituted securities class action litigation against the company that issued the stock. If any of our shareholders brought a lawsuit against us, we could incur substantial costs defending the lawsuit. Such a lawsuit could also divert the time and attention of our management from our business, which could significantly harm our profitability and reputation.

A significant portion of our total outstanding shares are restricted from immediate resale but may be sold into the market in the near future. This could cause the market price of our common stock to drop significantly, even if our business is doing well.

Sales of a substantial number of shares of our common stock in the public market could occur at any time. These sales, or the perception in the market that the holders of a large number of shares intend to sell shares, could reduce the market price of our common stock. Following our IPO, shares that were not sold in the offering are subject to a 180-day lock-up period provided under lock-up agreements executed in connection with the offering and restricted from immediate resale under the federal securities laws. All of these shares will, however, be able to be resold after the expiration of the lock-up period, as well as pursuant to customary exceptions thereto or upon the waiver of the lock-up agreement by Goldman Sachs & Co. LLC on behalf of the underwriters for our IPO. We have registered shares of common stock that we may issue under our equity compensation plans. Such shares can be freely sold in the public market upon issuance, subject to the lock-up agreements. As restrictions on resale end, the market price of our stock could decline if the holders of currently restricted shares sell them or are perceived by the market as intending to sell them.

Because we have no current plans to pay regular cash dividends on our common stock for the foreseeable future, you may not receive any return on investment unless you sell your common stock for a price greater than that which you paid for it.

We do not anticipate paying any regular cash dividends on our common stock for the foreseeable future. Any decision to declare and pay dividends in the future will be made at the discretion of our Board and will depend on, among other things, our results of operations, financial condition, cash requirements, contractual restrictions and other factors that our Board may deem relevant. In addition, our ability to pay dividends is, and may be, limited by covenants of existing and any future outstanding indebtedness we or our subsidiaries incur, including under our 2019 Credit Facilities. Therefore, any return on investment in our common stock is solely dependent upon the appreciation of the price of our common stock on the open market, which may not occur.

52

Table of Contents

If securities or industry analysts do not publish research or reports about our business, if they adversely change their recommendations regarding our shares or if our results of operations do not meet their expectations, our stock price and trading volume could decline.

The trading market for our shares is influenced by the research and reports that industry or securities analysts publish about us or our business. We do not have any control over these analysts. If one or more of these analysts cease coverage of us or fail to publish reports on us regularly, we could lose visibility in the financial markets, which in turn could cause our stock price or trading volume to decline. Moreover, if one or more of the analysts who cover us downgrade our stock, or if our results of operations do not meet their expectations, our stock price could decline.

We may issue shares of preferred stock in the future, which could make it difficult for another company to acquire us or could otherwise adversely affect holders of our common stock, which could depress the price of our common stock.

Our certificate of incorporation authorizes us to issue one or more series of preferred stock. Our Board has the authority to determine the preferences, limitations and relative rights of the shares of preferred stock and to fix the number of shares constituting any series and the designation of such series, without any further vote or action by our shareholders. Our preferred stock could be issued with voting, liquidation, dividend and other rights superior to the rights of our common stock. The potential issuance of preferred stock may delay or prevent a change in control of us, discouraging bids for our common stock at a premium to the market price, and materially adversely affect the market price and the voting and other rights of the holders of our common stock.

Item 1B. Unresolved Staff Comments

Not applicable.

Item 2. Properties

Our corporate headquarters are in Denver, Colorado, where we lease 108,761 square feet of office space as of December 31, 2019. We also have domestic offices in Boston, Massachusetts, Austin, Texas and San Francisco, California and international offices in the United Kingdom, Australia, Canada, India, Israel, France, the Netherlands and Switzerland.

We lease all of our facilities. We believe that our facilities are adequate for our current needs and anticipate that suitable additional space will be readily available to accommodate any foreseeable expansion of our operations.

Item 3. Legal Proceedings

From time to time, we are involved in various claims and legal actions that arise in the ordinary course of business. Although the results of litigation and claims cannot be predicted with certainty, we do not believe that the ultimate resolution of these actions will have a material adverse effect on our financial position, results of operations, liquidity and capital resources.

Future litigation may be necessary to defend ourselves and our partners by determining the scope, enforceability and validity of third-party proprietary rights or to establish our proprietary rights. The results of any current or future litigation cannot be predicted with certainty, and regardless of the outcome, litigation can have an adverse impact on us because of defense and settlement costs, diversion of management resources and other factors.

Item 4. Mine Safety Disclosure

None.

53

Table of Contents

PART II.

Item 5. Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities

Market Information for Our Common Stock

Our common stock, $0.001 par value per share, began trading on the NYSE under the symbol “PING” on September 18, 2019. Prior to that time, there was no public market for our common stock. Shares sold in our IPO were priced at $15.00 per share.

Holders of Record

As of December 31, 2019, there were 13 holders of record of our common stock. This figure does not include a greater number of beneficial holders of our common stock whose shares are held by banks, brokers and other financial institutions.

Dividend Policy

We have never declared or paid any cash dividends on our capital stock, and we do not currently intend to pay any cash dividends in the foreseeable future. We expect to retain future earnings, if any, to fund the development and growth of our business. Any decision to declare and pay dividends in the future will be made at the discretion of our Board and will depend on, among other things, our results of operations, financial condition, cash requirements, contractual restrictions and other factors that our Board may deem relevant. In addition, our ability to pay dividends is, and may be, limited by covenants of existing and any future outstanding indebtedness we or our subsidiaries incur, including under our 2019 Credit Facilities.

Securities Authorized for Issuance under Equity Compensation Plans

See Item 12, “Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters.”

Stock Performance Graph

The following performance graph and related information shall not be deemed to be “filed” for purposes of Section 18 of the Securities Exchange Act of 1934, as amended, or otherwise subject to the liabilities of that section or Sections 11 and 12(a)(2) of the Securities Act of 1933, as amended, and shall not be incorporated by reference into any registration statement or other document filed by us with the SEC, whether made before or after the date of this Annual Report on Form 10-K, regardless of any general incorporation language in such filing, except as shall be expressly set forth by specific reference in such filing.

The following graph and related information shows a comparison of the cumulative total return for our common stock, Standard & Poor’s 500 Index (“S&P 500 Index”) and Standard & Poor’s 500 Information Technology Index (“S&P 500 IT Index”) between September 19, 2019 (the date our common stock commenced trading on the NYSE) through December 31, 2019. All values assume an initial investment of $100 and reinvestment of any dividends. The comparisons are based on historical data and are not indicative of, nor intended to forecast, the future performance of our common stock.

54

Table of Contents

Graphic

Company/Index

    

September 19, 2019

    

September 30, 2019

    

October 31, 2019

    

November 30, 2019

    

December 31, 2019

Ping Identity

$

100.00

$

115.00

$

111.40

$

149.53

$

162.00

S&P 500 Index

$

100.00

$

99.00

$

101.33

$

104.46

$

107.45

S&P 500 Information Technology Index

$

100.00

$

99.09

$

102.87

$

108.18

$

112.96

Recent Sales of Unregistered Securities and Use of Proceeds

Unregistered Sales of Equity Securities

There were no unregistered sales of equity securities during the year ended December 31, 2019, except as previously reported.

Use of Proceeds from Initial Public Offering of Common Stock

On September 23, 2019, we closed our IPO in which we sold 12,500,000 shares of common stock at a public offering price of $15.00 per share. Additionally, we registered 1,875,000 shares of common stock in connection with the underwriters’ overallotment option to purchase additional shares on the same terms and conditions. The underwriters’ overallotment option was exercised in full and closed on October 22, 2019. The offer and sale of all of the shares in the IPO were registered under the Securities Act pursuant to a registration statement on Form S-1 (File No. 333-233421), which was declared effective by the SEC on September 18, 2019. The representatives of the several underwriters of the IPO were Goldman Sachs & Co. LLC and BofA Securities, Inc. The offering commenced on September 18, 2019 and did not terminate before all of the securities registered in the registration statement were sold.

55

Table of Contents

We raised $194.6 million in net proceeds after deducting underwriting discounts and commissions of $15.1 million and offering expenses of $5.9 million. There was no material change in the use of the IPO proceeds as described in the IPO Prospectus. On September 23, 2019, the net proceeds from the IPO were used to repay $170.3 million of our 2018 Term Loan Facility, together with $0.7 million of accrued interest. After the closing of the underwriters’ option to purchase additional shares, we repaid an additional $26.1 million of our 2018 Term Loan Facility, together with $0.1 million of accrued interest.

In connection with our entry into the 2018 Term Loan Facility on January 25, 2018, affiliates of Vista collectively acquired $35.0 million of term loans under our 2018 Term Loan Facility and immediately prior to the repayment on September 23, 2019, affiliates of Vista collectively owned $34.7 million of our 2018 Term Loan Facility. Additionally, immediately prior to the repayment on October 22, 2019, affiliates of Vista collectively owned $10.8 million of our 2018 Term Loan Facility. Accordingly, affiliates of Vista received $27.5 million of the net proceeds from the IPO and the underwriters’ exercise of the overallotment option in connection with the repayment of $196.4 million of our 2018 Term Loan Facility.

Issuer Purchases of Equity Securities

None.

56

Table of Contents

Item 6. Selected Consolidated Financial Data

The following selected consolidated statements of operations data for the years ended December 31, 2019, 2018 and 2017 and the consolidated balance sheet data as of December 31, 2019 and 2018 have been derived from our audited consolidated financial statements included elsewhere in this Annual Report on Form 10-K. Our historical results are not necessarily indicative of the results that may be expected in the future. You should read the selected consolidated financial data and other data below in conjunction with the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and our consolidated financial statements and related notes included elsewhere in this Annual Report on Form 10-K.

Year Ended December 31, 

2019

    

2018

    

2017

(in thousands, except per share amounts)

Consolidated Statements of Operations Data:

Revenue:

  

 

  

 

  

Subscription

$

225,345

$

184,991

$

160,219

Professional services and other

 

17,553

 

16,571

 

12,320

Total revenue

 

242,898

 

201,562

 

172,539

Cost of revenue:

 

  

 

  

 

Subscription (exclusive of amortization shown below)(1)

 

24,044

 

17,512

 

14,054

Professional services and other (exclusive of amortization shown below)(1)

 

15,322

 

12,703

 

9,155

Amortization expense

 

16,338

 

14,396

 

12,626

Total cost of revenue

 

55,704

 

44,611

 

35,835

Gross profit

 

187,194

 

156,951

 

136,704

Operating expenses:

 

  

 

  

 

Sales and marketing(1)

 

78,889

 

60,140

 

49,481

Research and development(1)

 

46,016

 

36,229

 

26,215

General and administrative(1)

 

38,293

 

28,355

 

20,202

Depreciation and amortization

 

16,639

 

16,341

 

16,526

Total operating expenses

 

179,837

 

141,065

 

112,424

Income from operations

 

7,357

 

15,886

 

24,280

Other income (expense):

 

  

 

  

 

Interest expense

 

(12,914)

 

(15,837)

 

(19,277)

Loss on extinguishment of debt

 

(4,532)

 

(9,785)

 

Other income (expense), net

 

363

 

(335)

 

773

Total other income (expense)

 

(17,083)

 

(25,957)

 

(18,504)

Income (loss) before income taxes

 

(9,726)

 

(10,071)

 

5,776

Benefit (provision) for income taxes

 

8,222

 

(3,375)

 

13,185

Net income (loss)

$

(1,504)

$

(13,446)

$

18,961

Per Share Data(2):

Net income (loss) per share:

Basic

$

(0.02)

$

(0.21)

$

0.29

Diluted

$

(0.02)

$

(0.21)

$

0.29

Weighted-average shares used in computing net income (loss) per share:

Basic

 

68,906

 

65,002

 

64,984

Diluted

 

68,906

 

65,002

 

64,991

Consolidated Statements of Cash Flows Data:

Net cash provided by operating activities

$

5,795

$

22,886

$

3,423

Net cash used in investing activities

(19,756)

(26,661)

(5,961)

Net cash provided by (used in) financing activities

(2,020)

67,102

101

______________________

(1)Includes stock-based compensation as follows:

57

Table of Contents

Year Ended December 31, 

2019

    

2018

    

2017

(in thousands)

Subscription cost of revenue

$

141

$

$

Professional services and other cost of revenue

80

Sales and marketing

1,407

726

626

Research and development

1,364

342

297

General and administrative

 

3,340

 

1,780

 

1,601

Total

$

6,332

$

2,848

$

2,524

(2)See Note 13 to our consolidated financial statements appearing in Part II, Item 8 of this Annual Report on Form 10-K for an explanation of the method used to calculate our basic and diluted net income (loss) per share and the weighted-average number of shares used in the computation of the per share amounts.

December 31, 

2019

    

2018

    

2017

(in thousands)

Consolidated Balance Sheet Data:

Cash and cash equivalents

$

67,637

$

83,499

$

20,969

Working capital(1)

153,674

139,373

69,487

Total assets

 

872,811

 

857,023

 

776,223

Deferred revenue, current and noncurrent

 

47,507

 

35,367

 

33,810

Long-term debt, including current portion(2)

50,941

243,551

165,206

Total stockholders' equity

 

710,471

 

509,105

 

520,680

     

(1)We define working capital as current assets less current liabilities.

(2)Net of debt issuance costs of $1.2 million, $5.2 million and $4.8 million as of December 31, 2019, 2018 and 2017, respectively.

58

Table of Contents

Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations

The following discussion and analysis summarizes the significant factors affecting the consolidated operating results, financial condition, liquidity and cash flows of our company as of and for the periods presented below. The following discussion and analysis should be read in conjunction with our consolidated financial statements and the related notes thereto included elsewhere in this Annual Report on Form 10-K. The discussion contains forward-looking statements that are based on the beliefs of management, as well as assumptions made by, and information currently available to, our management. Actual results could differ materially from those discussed in or implied by forward-looking statements as a result of various factors, including those discussed below and elsewhere in this Annual Report on Form 10-K, particularly in the sections entitled “Risk Factors” and “Forward-Looking Statements.”

Overview

Ping Identity is pioneering Intelligent Identity. We enable secure access to any service, application or API from any device. Our Intelligent Identity Platform can leverage AI and ML to analyze device, network, application and user behavior data to make real-time authentication and security control decisions, enhancing the user experience. Our platform is designed to detect anomalies and automatically insert additional security measures, such as multi-factor authentication, only when necessary. We built our platform to meet the requirements of the most demanding enterprises. Our platform can be deployed across cloud, hybrid and on-premise infrastructures and offers a comprehensive suite of turnkey integrations, and is able to scale to millions of identities and thousands of cloud and on-premise applications.

Our Intelligent Identity Platform can secure all primary use cases, including customer, workforce, partner and IoT. For example, enterprises can use our platform to enhance their customers’ user experience by creating a single ID and login across web and mobile properties. For the year ended December 31, 2019, 42% of our subscription revenue was derived from the customer use case. Enterprises can also use our platform to provide their workforce and commercial partners with secure, seamless access from any device to the applications, data and APIs they need to be productive. Enterprises are increasingly using our platform to manage and authenticate identities in a variety of IoT devices, such as connected vehicles and consumer devices.

Our Intelligent Identity Platform is comprised of six solutions that can be purchased individually or as a set of integrated offerings for the customer, workforce, partner or IoT use case: SSO, MFA, Access Security, Directory, Data Governance and API Intelligence.

Our offerings are predominately priced based on the number of identities, solutions and use cases. We sell our platform through subscription-based contracts, and substantially all of our customers pay annually in advance. We sell our solutions primarily through direct sales, which are enhanced by collaboration with our channel partners, resellers, system integrators and technology partners and includes sourcing new leads, aiding in pre-sale processes such as proof of concepts, demos or requests for proposals and reselling our solutions to customers. We also leverage a number of our channel partners and system integrators to provide the implementation services for some of our larger and more complex deployments, significantly increasing the time-to-value for our customers and maximizing the efficiency of our go-to-market efforts.

Key Factors Affecting Our Performance

We believe that our future performance will depend on many factors, including the following:

Generate Additional Sales to Existing Customers

As part of our land and expand strategy, a customer journey often begins with the purchase of one of our solutions for one use case. Once customers realize the value of that solution, their spend with us expands by (i) adopting another identity use case, (ii) deploying additional solutions and solution packages and/or (iii) adding more identities over time.

Our future revenue growth is dependent upon our ability to continue to expand our customers’ use of our platform. Our ability to increase sales to existing customers will depend on a number of factors, including

59

Table of Contents

satisfaction or dissatisfaction with our solutions, competition, pricing, economic conditions and spending by customers on our solutions. We have adopted a customer success strategy and implemented processes across our customer base to drive revenue retention and expansion.

Increase the Size of our Customer Base

We believe there is significant opportunity to increase market adoption of our platform by new customers. Our SSO, Access Security and Directory solutions often replace legacy and homegrown systems. We also have significant greenfield opportunities with our MFA, Data Governance, API Intelligence solutions and IoT. To increase our customer base, we plan to expand our sales force and channel partner network, both domestically and internationally, enhance our marketing efforts and target new buyers. For example, we have extended our cloud-based offering to target developers, who represent a new potential buyer for us. Over time, we believe sales to developers could increase the size of our customer base.

Maintain our Technology Differentiation and Product Leadership

Our Intelligent Identity Platform is designed for large enterprises with complex, hybrid IT requirements. We have spent over a decade building a standards-based platform with turnkey integrations designed to ensure that large enterprises can easily and rapidly deploy our platform within their complex infrastructures. We intend to continue making investments in research and development to extend our platform and technology capabilities while also expanding our solutions to address new use cases.

Invest for Growth

We believe that our market opportunity is large, and we plan to invest in order to continue to support further growth. This includes investing in our sales force and expanding our network of channel partners, resellers, system integrators and technology partners with which we partner to sell our Intelligent Identity Platform, both domestically and internationally. We have a large and growing international presence and intend to grow our customer base in various international regions by making investments in our sales team globally. For the year ended December 31, 2019, our international revenue was 22% of our total revenue. We expect international sales to be a meaningful revenue contributor in future periods.

During 2018, we made a decision with our Board to accelerate investments in our business to take advantage of our large market opportunity. Specifically, we invested in enhancing our salesforce globally to increase our selling capacity and capitalize on our large market opportunity. In addition, we have invested in new cloud-based offerings to broaden our Intelligent Identity Platform and the scope of our solutions to cover new identity security threats, such as APIs. We also invested in deploying our platform as a single tenant cloud-based offering, managed by us, to help extend the reach of our solutions within our customers’ infrastructures, while providing them with the level of control and configuration they require. We have seen progress with these investments and expect to continue to invest heavily in these areas in the near future. However, we are not expecting these investments to provide our business with meaningful increases to ARR growth in the immediate term as we expect natural purchasing cycles will affect the speed of market adoption.

Seasonality

Given the purchasing patterns of our enterprise customers, we typically experience seasonality in terms of when we receive orders from our customers. Our customers often time their purchases and renewals of our solutions to coincide with their fiscal year end, which is typically June 30 or December 31. Because of these purchasing patterns, a greater percentage of our annual subscription revenue from term-based licenses, the revenue from which is recognized up front at the later of delivery or commencement of the license term, has come from our second and fourth quarters than from other quarters. For the year ended December 31, 2019, 26% and 28% of our annual revenue was in our second and fourth quarter, respectively. We believe this seasonality will continue to affect our quarterly results and may become more pronounced.

60

Table of Contents

Key Business Metrics

In addition to our GAAP financial information, we review a number of operating and financial metrics, including the following key metrics, to evaluate our business, measure our performance, identify trends affecting our business, formulate business plans and make strategic decisions.

Annual Recurring Revenue

ARR represents the annualized value of all subscription contracts as of the end of the period. ARR mitigates fluctuations due to seasonality, contract term and the sales mix of subscriptions for term-based licenses and SaaS. ARR only includes the annualized value of subscription contracts. ARR does not have any standardized meaning and is therefore unlikely to be comparable to similarly titled measures presented by other companies. ARR should be viewed independently of revenue and deferred revenue and is not intended to be combined with or to replace either of those items. ARR is not a forecast and the active contracts at the end of a reporting period used in calculating ARR may or may not be extended or renewed by our customers.

The table below sets forth our ARR as of the end of December 31, 2019 and 2018.

December 31, 

Change

2019

    

2018

    

$

    

%

 

(dollars in thousands)

ARR

$

224,888

$

183,579

$

41,309

 

23

%

Dollar-Based Net Retention Rate

To further illustrate the land and expand economics of our customer relationships, we examine the rate at which our customers increase their subscriptions for our solutions. Our dollar-based net retention rate measures our ability to increase revenue across our existing customer base through expanded use of our platform, offset by customers whose subscription contracts with us are not renewed or renew at a lower amount.

We calculate our dollar-based net retention rate as of the end of a reporting period as follows:

Denominator.  We measure ARR as of the last day of the prior reporting period.
Numerator.  We measure ARR as of the last day of the current reporting period from customers with associated ARR as of the last day of the prior reporting period.

The quotient obtained from this calculation is our dollar-based net retention rate. Our dollar-based net retention rates were 115% and 116% at December 31, 2019 and 2018, respectively. We believe our ability to cross-sell our new solutions to our installed base, particularly MFA and API Intelligence, will continue to support our high dollar-based net retention rate.

Large Customers

We believe that our ability to increase the number of customers on our platform, particularly the number of customers with greater than ARR of $1,000,000 and ARR of $250,000, demonstrates our focus on the large enterprise market and our penetration within those enterprises. Increasing awareness of our platform, further developing our sales and marketing expertise and channel partner ecosystem, and continuing to build solutions that address the unique identity needs of large enterprises have increased our number of large customers across industries. We believe there are significant upsell and cross-sell opportunities within our customer base by expanding the number of use cases, adding additional identities and selling new solutions.

At December 31, 2019, we had 38 customers with greater than $1,000,000 in ARR, an increase of 52% from 25 customers at December 31, 2018. Additionally, our customers with ARR over $250,000 increased from 202 at December 31, 2018 to 232 at December 31, 2019, representing a growth rate of 15%.

61

Table of Contents

Non-GAAP Financial Measures

In addition to our results determined in accordance with GAAP, we believe the following non-GAAP measures are useful in evaluating our operating performance. We believe that non-GAAP financial information, when taken collectively, may be helpful to investors because it provides consistency and comparability with past financial performance and assists in comparisons with other companies, some of which use similar non-GAAP financial information to supplement their GAAP results. The non-GAAP financial information is presented for supplemental informational purposes only, and should not be considered a substitute for financial information presented in accordance with GAAP, and may be different from similarly-titled non-GAAP measures used by other companies. A reconciliation is provided below for each non-GAAP financial measure to the most directly comparable financial measure stated in accordance with GAAP. Investors are encouraged to review the related GAAP financial measures and the reconciliation of these non-GAAP financial measures to their most directly comparable GAAP financial measures.

Free Cash Flow

Free Cash Flow is a supplemental measure of liquidity that is not made under GAAP and that does not represent, and should not be considered as, an alternative to cash flow from operations, as determined by GAAP. We define Free Cash Flow as net cash provided by (used in) operating activities less cash used for purchases of property and equipment and capitalized software development costs.

We use Free Cash Flow as one measure of the liquidity of our business. We believe that Free Cash Flow is a useful indicator of liquidity that provides information to management and investors about the amount of cash generated from our core operations that, after the purchases of property and equipment and capitalized software development costs, can be used for strategic initiatives, including investing in our business and selectively pursuing acquisitions and strategic investments. We further believe that historical and future trends in Free Cash Flow, even if negative, provide useful information about the amount of cash generated (or consumed) by our operating activities that is available (or is not available) to be used for strategic initiatives. For example, if Free Cash Flow is negative, we may need to access cash reserves or other sources of capital to invest in strategic initiatives. We also believe that the use of Free Cash Flow enables us to more effectively evaluate our liquidity period-over-period and relative to our competitors.

A reconciliation of Free Cash Flow to net cash provided by operating activities, the most directly comparable GAAP measure, is as follows:

Year Ended December 31, 

2019

    

2018

2017

(in thousands)

Net cash provided by operating activities

$

5,795

$

22,886

$

3,423

Less:

 

  

 

  

 

  

Purchases of property and equipment

 

(8,696)

 

(3,437)

 

(2,519)

Capitalized software development costs

 

(10,460)

 

(6,310)

 

(3,442)

Free Cash Flow

$

(13,361)

$

13,139

$

(2,538)

Net cash used in investing activities

$

(19,756)

$

(26,661)

$

(5,961)

Net cash provided by (used in) financing activities

$

(2,020)

$

67,102

$

101

Cash paid for interest

$

12,169

$

13,598

$

20,758

Free Cash Flow has limitations as an analytical tool, and you should not consider it in isolation or as a substitute for analysis of our results as reported under GAAP. For example, Free Cash Flow does not represent the total increase or decrease in our cash balance for a given period. Because of these limitations, Free Cash Flow should not be considered as a replacement for cash flow from operations, as determined by GAAP, or as a measure of our profitability. We compensate for these limitations by relying primarily on our GAAP results and using non-GAAP measures only for supplemental purposes.

62

Table of Contents

Non-GAAP Gross Profit

Non-GAAP Gross Profit is a supplemental measure of operating performance that is not made under GAAP and that does not represent, and should not be considered as, an alternative to gross profit, as determined by GAAP. We define Non-GAAP Gross Profit as gross profit, adjusted for stock-based compensation expense and certain amortization expense of acquired intangible assets and software developed for internal use.

We use Non-GAAP Gross Profit to understand and evaluate our core operating performance and trends, to prepare and approve our annual budget and to develop short-term and long-term operating plans. We believe that Non-GAAP Gross Profit is a useful measure to us and to our investors because it provides consistency and comparability with our past financial performance and between fiscal periods, as the metric generally eliminates the effects of the variability of amortization of acquired intangibles and internal-use software from period to period, which may fluctuate for reasons unrelated to overall operating performance. We believe that the use of this measure enables us to more effectively evaluate our performance period-over-period and relative to our competitors.

A reconciliation of Non-GAAP Gross Profit to gross profit, the most directly comparable GAAP measure, is as follows:

Year Ended December 31, 

2019

    

2018

    

2017

(in thousands)

Gross profit

$

187,194

$

156,951

$

136,704

Amortization expense

16,338

14,396

12,626

Stock-based compensation expense

 

221

 

 

Non-GAAP Gross Profit

$

203,753

$

171,347

$

149,330

Non-GAAP Gross Profit has limitations as an analytical tool, and you should not consider it in isolation, or as a substitute for analysis of our results as reported under GAAP. Because of these limitations, Non-GAAP Gross Profit should not be considered as a replacement for gross profit, as determined by GAAP, or as a measure of our profitability. We compensate for these limitations by relying primarily on our GAAP results and using non-GAAP measures only for supplemental purposes.

Adjusted EBITDA

Adjusted EBITDA is a supplemental measure of operating performance that is not made under GAAP and that does not represent, and should not be considered as, an alternative to net income (loss), as determined by GAAP. We define Adjusted EBITDA as net income (loss), adjusted for interest expense, loss on extinguishment of debt, (benefit) provision for income taxes, depreciation and amortization, stock-based compensation expense, acquisition-related expense and other (income) expense, net.

We use Adjusted EBITDA to understand and evaluate our core operating performance and trends, to prepare and approve our annual budget and to develop short-term and long-term operating plans. We believe that Adjusted EBITDA facilitates comparison of our operating performance on a consistent basis between periods, and when viewed in combination with our results prepared in accordance with GAAP, helps provide a broader picture of factors and trends affecting our results of operations.

A reconciliation of Adjusted EBITDA to net income (loss), the most directly comparable GAAP measure, is as follows:

63

Table of Contents

Year Ended December 31, 

2019

    

2018

    

2017

(in thousands)

Net income (loss)

$

(1,504)

$

(13,446)

$

18,961

Interest expense(1)

 

12,914

 

15,837

 

19,277

Loss on extinguishment of debt

 

4,532

 

9,785

 

(Benefit) provision for income taxes

 

(8,222)

 

3,375

 

(13,185)

Depreciation and amortization

 

32,977

 

30,737

 

29,152

Stock-based compensation expense

 

6,332

 

2,848

 

2,524

Acquisition-related expense(2)

 

3,321

 

6,666

 

Other (income) expense, net(3)

 

(363)

 

335

 

(773)

Adjusted EBITDA

$

49,987

$

56,137

$

55,956

______________________

(1)Includes amortization of debt issuance costs.
(2)Acquisition-related expense for the years ended December 31, 2019 and 2018, respectively, included $3.3 million and $5.2 million of contingent compensation and retention expense related to the acquisition of Elastic Beam, Inc. (“Elastic Beam”). For more information related to our acquisition of Elastic Beam and the payment of contingent compensation, please refer to Note 5 of our consolidated financial statements included in Part II, Item 8 of this Annual Report on Form 10-K.
(3)See “Management’s Discussion and Analysis of Financial Condition and Results of Operations” for the components of other (income) expense.

Adjusted EBITDA has limitations as an analytical tool, and you should not consider it in isolation, or as a substitute for analysis of our results as reported under GAAP. Because of these limitations, Adjusted EBITDA should not be considered as a replacement for net income (loss), as determined by GAAP, or as a measure of our profitability. We compensate for these limitations by relying primarily on our GAAP results and using non-GAAP measures only for supplemental purposes.

Components of Results of Operations

Revenue

We recognize revenue under ASC 606 when our customer obtains control of goods or services in an amount that reflects the consideration that we expect to receive in exchange for those goods or services. See “Critical Accounting Policies — Revenue Recognition.”

We derive revenue primarily from sales of subscriptions for our solutions to new and existing customers and, to a lesser extent, sales of professional services.

Subscription.   Subscription revenue includes subscription term-based license revenue for solutions deployed on-premise within the customer’s IT infrastructure or in a third-party cloud of their choice, subscription support and maintenance revenue from such deployments, and SaaS subscriptions, which give customers the right to access our cloud-hosted software solutions. We typically invoice subscription fees annually in advance, though certain contracts require invoicing for the entire subscription in advance. Subscription term-based license revenue is recognized upon transfer of control of the software, which occurs at delivery or when the license term commences, if later. All of our support and maintenance revenue and revenue from SaaS subscriptions is recognized ratably over the term of the applicable agreement.

For the years ended December 31, 2019, 2018 and 2017, 66%, 66% and 71%, respectively, of our revenue was from subscription term-based licenses. We expect that a majority of our revenue will be from subscription

64

Table of Contents

term-based licenses for the foreseeable future. Changes in period-over-period subscription revenue growth are primarily impacted by the following factors:

the type of new and renewed subscriptions (i.e., term-based or SaaS); and
the duration of new and renewed term-based subscriptions.

While the number of new and increased subscriptions during a period impacts our subscription revenue growth, the type and duration of those subscriptions has a significantly greater impact on the amount and timing of revenue recognized in a period. Subscription revenue from term-based licenses is recognized at the beginning of the subscription term, while subscription revenue from SaaS and support and maintenance is recognized ratably over the subscription term. As a result, our revenue may fluctuate due to the timing of term-based licensing transactions. In addition, keeping other factors constant, when the percentage of subscription term-based licenses to total subscriptions sold or renewed in a period increases relative to the prior period, revenue growth will increase. Conversely, when the percentage of subscription SaaS and support and maintenance to total subscriptions sold or renewed in a period increases, revenue growth will generally decrease. Additionally, a multi-year subscription term-based license will generally result in greater revenue recognition up front relative to a one-year subscription term-based license. Therefore, keeping other factors constant, revenue growth will also trend higher in a period where the percentage of multi-year subscription term-based licenses to total subscription term-based licenses increases.

Professional Services and Other.  Professional services and other revenue consists primarily of fees from professional services provided to our customers and partners to configure and optimize the use of our solutions, as well as training services related to the configuration and operation of our solutions. Our professional services are generally priced on a time and materials basis, which is generally invoiced monthly and for which revenue is recognized as the services are performed. Revenue from our training services and sponsorship fees is recognized on the date the services are complete. Over time, we expect our professional services revenue to remain relatively stable as a percentage of total revenue.

Cost of Revenue

Subscription.   Subscription cost of revenue consists primarily of employee compensation costs for employees associated with supporting our subscription arrangements and certain third-party expenses. Employee compensation and related costs include cash compensation and benefits to employees, stock-based compensation, costs of third-party contractors and associated overhead costs. Third-party expenses consist of cloud infrastructure costs and other expenses directly associated with our customer support. We expect our subscription cost of revenue to increase in absolute dollars to the extent our subscription revenue increases.

Professional Services and Other.   Professional services and other cost of revenue consists primarily of employee compensation costs directly associated with delivery of professional services and training, including stock-based compensation, costs of third-party contractors and facility rental charges and other associated overhead costs. We expect our professional services and other cost of revenue to increase in absolute dollars relative to the growth of our business.

Amortization Expense.   Amortization expense consists of amortization of developed technology and internal-use software.

Operating Expenses

Our operating expenses consist of sales and marketing, research and development and general and administrative expenses as well as depreciation and amortization. Personnel costs are the most significant component of operating expenses and consist of salaries, benefits, bonuses, payroll taxes and stock-based compensation expense.

65

Table of Contents

Sales and Marketing.   Sales and marketing expenses consist primarily of employee compensation costs, sales commissions, costs of general marketing and promotional activities, travel-related expenses and allocated overhead. Certain sales commissions earned by our sales force on subscription contracts are deferred and amortized over the period of benefit, which is generally four years. We expect to continue to invest in our sales force domestically and internationally, as well as in our channel relationships. We expect our sales and marketing expenses to increase on an absolute dollar basis and continue to be our largest operating expense category for the foreseeable future.

Research and Development.   Research and development expenses consist primarily of employee compensation costs, allocated overhead and software and maintenance expenses. We will continue to invest in innovation and offer our customers new solutions to enhance our existing platform. See the section “Business — Research and Development” for more information. We expect such investment to increase on an absolute dollar basis as our business grows.

General and Administrative.    General and administrative expenses consist primarily of employee compensation costs for corporate personnel, such as those in our executive, human resource, legal, facilities, accounting and finance, information security and information technology departments. In addition, general and administrative expenses include third-party professional fees, as well as all other supporting corporate expenses not allocated to other departments. General and administrative expense also includes acquisition-related expenses, which primarily consist of third-party expenses related to business acquisitions, such as professional services and legal fees.

We expect our general and administrative expenses to increase on an absolute dollar basis as our business grows. Also, we expect to incur additional general and administrative expenses as a result of continuing to operate as a public company, including costs to comply with the rules and regulations applicable to companies listed on a national securities exchange, costs related to compliance and reporting obligations pursuant to the rules and regulations of the SEC, and increased expenses for insurance, investor relations and professional services.

Depreciation and Amortization.   Depreciation and amortization expense consists primarily of depreciation of our fixed assets and amortization of finite-lived acquired intangible assets such as customer relationships, trade names and non-compete agreements.

Other Income (Expense)

Interest Expense.   Interest expense consists primarily of interest payments on our outstanding borrowings as well as the amortization of associated deferred financing costs. See “— Liquidity and Capital Resources — Senior Secured Credit Facilities.”

Other Income (Expense), Net.   Other income (expense), net primarily consists of gains and losses from transactions denominated in a currency other than the functional currency, interest income and other income (expense). As we have expanded our international operations, our exposure to fluctuations in foreign currencies has increased, and we expect this to continue.

Benefit (Provision) for Income Taxes

Benefit (provision) for income taxes consists primarily of income taxes related to U.S. federal and state income taxes and income taxes in foreign jurisdictions in which we conduct business.

66

Table of Contents

Results of Operations

The following table sets forth our consolidated statements of operations data for the periods indicated:

Year Ended December 31, 

2019

    

2018

    

2017

(in thousands)

Revenue:

  

 

  

 

  

Subscription

$

225,345

$

184,991

$

160,219

Professional services and other

 

17,553

 

16,571

 

12,320

Total revenue

 

242,898

 

201,562

 

172,539

Cost of revenue:

 

  

 

  

 

  

Subscription (exclusive of amortization shown below)

 

24,044

 

17,512

 

14,054

Professional services and other (exclusive of amortization shown below)

 

15,322

 

12,703

 

9,155

Amortization expense

 

16,338

 

14,396

 

12,626

Total cost of revenue

 

55,704

 

44,611

 

35,835

Gross profit

 

187,194

 

156,951

 

136,704

Operating expenses:

 

  

 

  

 

  

Sales and marketing(1)

 

78,889

 

60,140

 

49,481

Research and development(1)

 

46,016

 

36,229

 

26,215

General and administrative(1)

 

38,293

 

28,355

 

20,202

Depreciation and amortization

 

16,639

 

16,341

 

16,526

Total operating expenses

 

179,837

 

141,065

 

112,424

Income from operations

 

7,357

 

15,886

 

24,280

Other income (expense):

 

  

 

  

 

  

Interest expense

 

(12,914)

 

(15,837)

 

(19,277)

Loss on extinguishment of debt

 

(4,532)

 

(9,785)

 

Other income (expense), net

 

363

 

(335)

 

773

Total other income (expense)

 

(17,083)

 

(25,957)

 

(18,504)

Income (loss) before income taxes

 

(9,726)

 

(10,071)

 

5,776

Benefit (provision) for income taxes

 

8,222

 

(3,375)

 

13,185

Net income (loss)

$

(1,504)

$

(13,446)

$

18,961

______________________

(1)

Includes stock-based compensation as follows:

Year Ended December 31, 

2019

    

2018

2017

(in thousands)

Subscription cost of revenue

$

141

$

$

Professional services and other cost of revenue

80

Sales and marketing

1,407

726

626

Research and development

 

1,364

342

 

297

General and administrative

 

3,340

 

1,780

 

1,601

Total

$

6,332

$

2,848

$

2,524

67

Table of Contents

The following table sets forth our consolidated statements of operations data expressed as a percentage of total revenue for the periods indicated: