UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

Washington, D.C. 20549

FORM 10-K

(Mark One)

☒ ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the fiscal year ended December 25, 2021

OR

☐ TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 FOR THE TRANSITION PERIOD FROM TO

Commission File Number 001-39651

McAfee Corp.

(Exact name of Registrant as specified in its Charter)

Delaware	84-2467341
(State or other jurisdiction of incorporation or organization)	(I.R.S. Employer Identification No.)
6220 America Center Drive, San Jose, CA	95002
(Address of principal executive offices)	(Zip Code)

Registrant’s telephone number, including area code: (866) 622-3911

Securities registered pursuant to Section 12(b) of the Act:

Title of each class	Trading Symbol(s)	Name of each exchange on which registered
Class A Common Stock, $0.001 par value	MCFE	The Nasdaq Stock Market LLC

Securities registered pursuant to Section 12(g) of the Act: None

Indicate by check mark if the Registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. YES ☐ No ☒

Indicate by check mark if the Registrant is not required to file reports pursuant to Section 13 or 15(d) of the Act. YES ☐ No ☒

Indicate by check mark whether the Registrant: (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the Registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes ☒ NO ☐

Indicate by check mark whether the Registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the Registrant was required to submit such files). Yes ☒ NO ☐

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.

Large accelerated filer	☒	Accelerated filer	☐
Non-accelerated filer	☐	Smaller reporting company	☐
Emerging growth company	☐

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐

Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report. ☒

Indicate by check mark whether the Registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act). YES ☐ NO ☒

As of June 25, 2021, the last business day of the registrant’s most recently completed second quarter, the aggregate market value of the voting and non-voting common equity held by non-affiliates of the Registrant was $2,642,622,757.

As of February 17, 2022 there were 188,020,902 shares of the Registrant’s Class A common stock, $0.001 par value per share, outstanding and 252,929,283 shares of the Registrant’s Class B common stock, par value $0.001 per share, outstanding.

Table of Contents

		Page
PART I
Item 1.	Business	4
Item 1A.	Risk Factors	14
Item 1B.	Unresolved Staff Comments	49
Item 2.	Properties	49
Item 3.	Legal Proceedings	49
Item 4.	Mine Safety Disclosures	49
PART II
Item 5.	Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities	50
Item 6.	[Reserved]	51
Item 7.	Management’s Discussion and Analysis of Financial Condition and Results of Operations	52
Item 7A.	Quantitative and Qualitative Disclosures About Market Risk	79
Item 8.	Financial Statements and Supplementary Data	80
Item 9.	Changes in and Disagreements With Accountants on Accounting and Financial Disclosure	123
Item 9A.	Controls and Procedures	123
Item 9B.	Other Information	123
Item 9C.	Disclosure Regarding Foreign Jurisdictions that Prevent Inspections	123
PART III
Item 10.	Directors, Executive Officers and Corporate Governance	124
Item 11.	Executive Compensation	130
Item 12.	Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters	156
Item 13.	Certain Relationships and Related Transactions, and Director Independence	159
Item 14.	Principal Accounting Fees and Services	160
PART IV
Item 15.	Exhibits, Financial Statement Schedules	162
Item 16	Form 10-K Summary	166

i

Cautionary Note Regarding Forward-Looking Statements

The discussion below contains forward-looking statements, which are subject to safe harbors under the Securities Act of 1933, as amended (the Securities Act) and the Exchange Act of 1934, as amended (the “Exchange Act”). Forward-looking statements include references to our ability to utilize our deferred tax assets, as well as statements including words such as “expects,” “plans,” “anticipates,” “believes,” “estimates,” “predicts,” “goal,” “intent,” “momentum,” “projects,” and similar expressions. In addition, projections of our future financial performance; anticipated growth and trends in our businesses and in our industries; the anticipated impacts of acquisitions, restructurings, stock repurchases, and investment activities; the outcome or impact of pending litigation, claims or disputes; statements regarding any future dividends; plans for and anticipated benefits of our solutions; matters arising out of the ongoing U.S. Securities and Exchange Commission (the “SEC”) investigation; the impact of the Covid-19 pandemic on our business operations and target markets; and other characterizations of future events or circumstances are forward-looking statements. These statements are only predictions, based on our current expectations about future events and may not prove to be accurate. We do not undertake any obligation to update these forward-looking statements to reflect events occurring or circumstances arising after the date of this report. These forward-looking statements involve risks and uncertainties, and our actual results, performance, or achievements could differ materially from those expressed or implied by the forward-looking statements on the basis of several factors.

We may not actually achieve the plans, intentions, or expectations disclosed in our forward-looking statements, and you should not rely on our forward-looking statements in making your investment decision. Actual results or events could differ materially from the plans, intentions, and expectations disclosed in the forward-looking statements we make. Important factors that could cause actual results and events to differ materially from those indicated in the forward-looking statements include, among others, the following:

•our ability to consummate the proposed Merger (as defined herein), and the timing, costs and any benefits of such transaction;

•the efficiency and success of our transition to a pure-play Consumer cybersecurity company following the sale of our Enterprise Business;

•plans to develop and offer new products and services and enter new markets;

•our expectations with respect to the continued stability and growth of our customer base;

•anticipated trends, growth rates, and challenges in our business and in domestic and international markets;

•our financial performance, including changes in and expectations with respect to revenues, and our ability to maintain profitability in the future;

•investments or potential investments in new or enhanced technologies;

•market acceptance of our solutions;

•the success of our business strategy and changes in our business model and operations;

•our ability to renew existing customer relationships and sell additional products and services to existing customers;

•our ability to maintain and expand our relationships with partners and on commercially acceptable terms, including our channel and strategic partners;

•the effectiveness of our sales force, distribution channel, and marketing activities;

•the growth and development of our direct and indirect channels of distribution;

•our response to emerging and future cybersecurity risks;

•our ability to continue to innovate and enhance our solutions;

•our ability to develop new solutions and bring them to market in a timely manner;

•our ability to prevent serious errors, defects, or vulnerabilities in our solutions;

•our ability to develop solutions that interoperate with our customers’ existing systems and devices;

•our ability to maintain, protect, and enhance our brand and intellectual property;

•our continued use of open source software;

•our ability to compete against established and emerging cybersecurity companies;

•risks associated with fluctuations in exchange rates of the foreign currencies in which we conduct business;

1

•past and future acquisitions, investments, and other strategic investments;

•our ability to remain in compliance with laws and regulations that currently apply or become applicable to our business both domestically and internationally;

•the attraction, transition, and retention of management and other qualified personnel;

•economic and industry trend analysis;

•litigation, investigations, regulatory inquiries, and proceedings;

•the increased expenses associated with being a public company;

•our estimated total addressable market;

•the impact of macroeconomic conditions on our business, including the impact of the COVID-19 pandemic on economic activity and financial markets;

•our expectation regarding the impact of the COVID-19 pandemic, including its geographic spread and severity, and the related responses by governments and private industry on our business and financial condition, as well as the businesses and financial condition of our customers and partners;

•the adequacy of our capital resources to fund operations and growth;

•TPG Global LLC’s (“TPG”), Thoma Bravo L.P.’s (“Thoma Bravo”), and Intel Americas, Inc.’s (“Intel”) significant influence over us and our status as a “controlled company” under the rules of The Nasdaq Global Select Market (the “Exchange”);

•risks relating to our corporate structure, tax rates, and tax receivable agreement (“TRA”); and

•the other factors identified under the heading “Risk Factors”.

SUMMARY OF RISKS ASSOCIATED WITH OUR BUSINESS

Our business is subject to a number of risks, which are discussed more fully under the heading “Risk Factors” in this Annual Report on Form 10-K. These risks include the following:

•The announcement and pendency of the proposed Merger may adversely affect our business, financial condition and results of operations.

•Failure to consummate the proposed Merger within the expected timeframe or at all could have a material adverse impact on our business, financial condition and results of operations.

•Prior to the completion of the Merger or the termination of the Merger Agreement in accordance with its terms, we are prohibited from entering into certain transactions and taking certain actions that might otherwise be beneficial to us and our stockholders.

•The Merger, including uncertainty regarding the Merger, may cause customers, suppliers, distributors or strategic partners to delay or defer decisions, which could negatively affect our business and adversely affect our ability to effectively manage our business.

•The Merger may cause difficulty in attracting, motivating and retaining employees.

•The COVID-19 pandemic has affected how we are operating our business, and the duration and extent to which this will impact our future results of operations and overall financial performance remains uncertain.

•If we are unsuccessful at executing our business plan and necessary transition activities as a standalone consumer cybersecurity company following the recent sale of our Enterprise Business (as defined herein), our business and results of operations may be adversely affected and our ability to invest in and grow our business could be limited.

•We may not achieve the intended benefits of the sale of our Enterprise Business.

•Our future results of operations are dependent solely on the operations of our pure play consumer cybersecurity business and will differ materially from our previous results.

2

•The cybersecurity market is rapidly evolving and becoming increasingly competitive in response to continually evolving cybersecurity threats from a variety of increasingly sophisticated cyberattackers. If we fail to anticipate changing customer requirements or industry and market developments, or we fail to adapt our business model to keep pace with evolving market trends, our financial performance will suffer.

•We operate in a highly competitive environment, and we expect competitive pressures to increase in the future, which could cause us to lose market share.

•Our results of operations can be difficult to predict and may fluctuate significantly, which could result in a failure to meet investor expectations.

•As a multinational corporation, forecasting our estimated annual effective tax rate is complex and subject to uncertainty, and there may be material differences between our forecasted and actual tax rates.

•We face risks associated with past and future investments, acquisitions, and other strategic transactions.

•Over the last several years, we have pursued a variety of strategic initiatives designed to optimize and reinforce our cybersecurity platform. If the benefits of these initiatives are less than we anticipate, or if the realization of such benefits is delayed, our business and results of operations may be harmed.

•If our solutions have or are perceived to have defects, errors, or vulnerabilities, or if our solutions fail or are perceived to fail to detect, prevent, or block cyberattacks, including in circumstances where customers may fail to take action on attacks identified by our solutions, our reputation and our brand could suffer, which would adversely impact our business, financial condition, results of operations, and cash flows.

•If the protection of our proprietary technology is inadequate, we may not be able to adequately protect our innovations and brand.

•We rely significantly on third-party channel partners to facilitate the sale of our products and solutions. If we fail to manage our sales and distribution channels effectively, or if our partners choose not to market and sell our solutions to their customers, our operating results could be adversely affected.

•If our security measures are breached or unauthorized access to our data is otherwise obtained, our brand, reputation, and business could be harmed, and we may incur significant liabilities.

•We operate globally and are subject to significant business, economic, regulatory, social, political, and other risks in many jurisdictions.

•We may become involved in litigation, investigations, and regulatory inquiries and proceedings that could negatively affect us and our reputation.

•Our substantial leverage could adversely affect our financial condition.

•Restrictions imposed by our outstanding indebtedness and any future indebtedness may limit our ability to operate our business and to take certain actions.

•Our principal asset is our interest in Foundation Technology Worldwide LLC, and we are dependent upon Foundation Technology Worldwide LLC and its consolidated subsidiaries for our results of operations, cash flows, and distributions.

•We are required to pay certain Continuing Owners and certain Management Owners (in each case as defined herein) for certain tax benefits we may realize or are deemed to realize in accordance with the tax receivable agreement between us and such Continuing Owners and Management Owners, and we expect that the payments we will be required to make will be substantial.

•In certain circumstances, under its limited liability company agreement, Foundation Technology Worldwide LLC will be required to make tax distributions to us, the Continuing Owners and certain Management Owners and the distributions that Foundation Technology Worldwide LLC will be required to make may be substantial.

•Our Sponsors and Intel have significant influence over us, including control over decisions that require the approval of stockholders, which could limit your ability to influence the outcome of matters submitted to stockholders for a vote.

3

PART I

Item 1. Business.

ORGANIZATION

McAfee Corp. (the “Corporation”) (or “we,” “us” or “our”) was incorporated in Delaware on July 19, 2019. The Corporation was formed for the purpose of completing an initial public offering (“IPO”) and related transactions in order to carry on the business of Foundation Technology Worldwide LLC (“FTW”) and its consolidated subsidiaries (the Corporation, FTW and its subsidiaries are collectively the “Company”). On October 21, 2020, the Corporation became the sole managing member and holder of 100% of the voting power of FTW due to the Reorganization Transactions. With respect to the Corporation and the Company, each entity owns only the respective entities below it in the corporate structure and each entity has no other material operations, assets, or liabilities. See Note 1 to the Consolidated Financial Statements in Part II, Item 8 for a detailed discussion of the Reorganization Transactions, as defined in that footnote, and the IPO.

AGREEMENT AND PLAN OF MERGER; PROPOSED MERGER

On November 5, 2021, the Company entered into an Agreement and Plan of Merger (the “Merger Agreement”) with Condor BidCo, Inc., a Delaware corporation (“Parent”), and Condor Merger Sub, Inc., a Delaware corporation and wholly owned subsidiary of Parent (“Merger Subsidiary”), pursuant to which Merger Subsidiary will merge with and into the Company whereupon the separate corporate existence of Merger Subsidiary will cease and the Company will be the surviving corporation in the Merger and will continue as a wholly owned subsidiary of Parent (the “Merger”). Parent has obtained equity financing and debt financing commitments for the purpose of financing the transactions contemplated by the Merger Agreement. Affiliates of funds advised by each of Advent International Corporation, Permira Advisers LLC, Crosspoint Capital Partners L.P., Abu Dhabi Investment Authority, and Canada Pension Plan Investment Board and GIC Private Ltd. have committed to capitalize Parent at the Closing with an aggregate equity contribution equal to $5.2 billion on the terms and subject to the conditions set forth in signed equity commitment letters. On February 3, 2022, Merger Subsidiary received commitments of $5,160 million under a proposed U.S. dollar term loan facility and Euro-equivalent $1,800 million under a proposed Euro term loan facility. On February 17, 2022, Merger Subsidiary closed its offering of $2,020 million 7.375% senior notes due 2030. Under the terms of the Merger Agreement, the Company’s stockholders will receive $26.00 in cash for each share of Class A common stock they hold on the transaction closing date. The transaction’s closing is subject to customary closing conditions, including, among others, approval by the Company’s stockholders, the expiration or early termination of the applicable waiting period under the Hart-Scott-Rodino Antitrust Improvements Act of 1976, as amended (the “HSR Act”), the receipt of other regulatory approvals, and clearance by the Committee on Foreign Investment in the United States. On December 20, 2021 at 11:59 p.m., the waiting period under the HSR Act expired. On February 9, 2022, the Company’s stockholders approved the Merger at a special meeting of stockholders. On February 22, 2022, the Committee on Foreign Investment in the United States closed its review and cleared the transactions contemplated by the Merger Agreement. Pursuant to the terms of the Merger Agreement, the completion of the Merger remains subject to various customary conditions, including (1) the absence of an order, injunction or law prohibiting the Merger, (2) the receipt of antitrust approval in the European Union and Switzerland, (3) the accuracy of each party’s representations and warranties, subject to certain materiality standards set forth in the Merger Agreement, (4) compliance in all material respects with each party’s obligations under the Merger Agreement, and (5) no Company Material Adverse Effect (as defined in the Merger Agreement) having occurred since the date of the Merger Agreement.

For a summary of the transaction, please refer to our Form 8-K filed with the U.S. Securities and Exchange Commission (the “SEC”) on November 8, 2021.

OVERVIEW

McAfee has been a pioneer and leader in protecting consumers from cyberattacks with integrated security, privacy, identity and trust solutions. For over 30 years, consumers have turned to McAfee as a leader in cybersecurity services. We built our platform through a deep, rich history of innovation and have established a leading global brand. When securing the digital experience of a consumer who is increasingly living life online, McAfee is singularly committed to one mission: to protect our subscribers' digital presence through leading-edge cybersecurity.

4

We live in a digital world. Consumers are increasingly mobile, interacting through multiple devices, networks and platforms, while leveraging technology as they work, socialize, consume and transact. Remote and increasing work and study from home arrangements are driving a pronounced convergence of professional and personal life. This lifestyle shift has been accompanied by a more advanced cyberthreat landscape and a proliferation of points of vulnerability, risking individuals’ privacy, identity, personal data, sensitive information and other vital resources. This challenge has heightened the importance of securing the consumers’ converged digital life.

We have a differentiated ability to secure the consumers’ digital experience against cyberthreats, using our proprietary advanced artificial intelligence and machine learning capabilities combined with our real-time threat intelligence that leverages the scale and diversity of our threat sensor network. Our network of over 600 million customer devices generates massive amounts of telemetry that we translate into actionable, real-time insights. As of 2020, our vast and dynamic data set and advanced analytics capabilities enabled us to provide defense for advanced zero-day threats by training machine learning models on the over 60 billion threat queries. McAfee simplifies the complexity of threat detection and response by correlating events, detecting new threats, reducing false positives, and guiding consumers through remediation. Protecting our subscribers has been the foundation of our success, enabling us to maintain an industry-leading reputation among our subscribers and partners.

Our Personal Protection Service provides holistic digital protection for an individual or family at home, on the go, and on the web. Our platform includes device security, privacy and safe Wi-Fi, online protection, and identity protection, creating a seamless and integrated digital moat. With a single interface, simple set up and ease of use, consumers obtain immediate time-to-value whether on a computer, smartphone or tablet, and across multiple operating systems.

Our broad and digitally-led omni-channel go-to-market strategy reaches the consumer at crucial moments in their cybersecurity purchase lifecycle resulting in the protection of over 600 million devices. We acquire customers through our extensive direct channel (McAfee.com). This includes traffic driven through Search Engine Marketing (“SEM”), Affiliate, Social and organic traffic. We have longstanding exclusive partnerships with many of the leading PC original equipment manufacturers (“OEMs”). We also increasingly have partnerships as the consumer security provider to mobile and internet service providers (“ISPs”) as the demand for mobile security protection increases. Through many of these relationships, our consumer security software is pre-installed on devices on a trial basis until conversion to a paid subscription. Our go-to-market channel also includes some of the largest retailers globally. We operate a global business, with 39% of our fiscal 2021 net revenue earned outside of the United States.

SALE OF OUR ENTERPRISE BUSINESS

On July 27, 2021, we completed the sale of our Enterprise Business to STG, pursuant to a Contribution and Equity Purchase Agreement (the “Purchase Agreement”) entered in on March 6, 2021 between McAfee, LLC (“US Seller”) and McAfee Security UK LTD (“UK Seller” and together with US Seller, the “Seller Entities”) and Magenta Buyer LLC, organized by a consortium led by STG, in exchange for (i) $4,000,000,000 in cash consideration and (ii) the assumption of certain liabilities of the Enterprise Business as specified in the Purchase Agreement. We believe this transaction allows McAfee to singularly focus on our Consumer business and to accelerate our strategy to be a leader in personal security for consumers.

In connection with the closing of the sale, the Seller Entities and Buyer entered into a Transition Services Agreement, Transitional Trademark License Agreement, Intellectual Property Matters Agreement and Commercial Services Agreement, under which each party granted certain licenses to the other party with respect to certain intellectual property rights and technology transferred by us in the Enterprise Sale and retained by us after the consummation of the sale of our Enterprise Business. We also agreed not to compete with the Enterprise Business for four years following the closing of the transaction. In addition, we and Buyer agreed to indemnify each other for losses arising from certain covenant breaches under the Purchase Agreement and certain liabilities expressly assumed or retained by the relevant indemnifying party.

FINANCIAL SUMMARY

For the year ended December 25, 2021 compared to the year ended December 26, 2020 we delivered the following:

•Net revenue increased by 23% to $1,920 million

•Net income increased to $2,688 million, inclusive of $2,245 million gain, net of estimated taxes and transaction costs, on the divestiture of the Enterprise Business

•Income from continuing operations increased by 218% to $247 million

•Adjusted EBITDA increased by 37% to $899 million

5

•Net cash provided by operating activities was $513 million

•Free cash flow generated was $487 million

See “Non-GAAP Financial Measures” for a description of adjusted EBITDA, and adjusted EBITDA margin, and a reconciliation of these measures to the nearest financial measure calculated in accordance with generally accepted accounting principles (“GAAP”).

INDUSTRY BACKGROUND

We live in an increasingly digitally interconnected and mobile world that is driving profound changes for consumers, causing them to react to the following trends:

Adoption of online lifestyle is global and continues to grow. According to IDC, there were over 4 billion Internet users in 2020, of which the number of mobile-only Internet users is expected to grow at an approximate 8% compound annual growth rate (“CAGR”) from 2020 to 2024. Furthermore, Frost & Sullivan estimates there were over 6 billion Internet-connected devices worldwide in 2020. This significant growth in the mobile install base is driving the ubiquity of the Internet and online browsing.

Consumers everywhere are living more of their everyday lives online, thereby expanding their digital footprint. Consumers are more comfortable engaging in critical transactions, including financial transactions and medical consultations, on mobile devices and their PCs. At the same time, they are rapidly expanding their social interactions and media consumption online, while shifting data storage to cloud-based solutions to store personal photos and large amounts of private data that is accessible across any connected endpoint device. Per eMarketer, the average U.S. adult spent over 7.8 hours per day consuming digital media in 2020, representing 55% of total media consumption and an increase of 12% over the prior year. On average, one single users owns 300 online accounts, and each smartphone has 90 apps downloaded. The COVID-19 pandemic has accelerated digital transformation even further. According to Statista, eCommerce accounts for 20% of total retail sales in 2021, and digital transformation and mobile payments is expected to be $8.2 trillion in 2024. While unlocking consumers’ digital life allows for convenience, using an ever-increasing number of online applications and web services increases the attach surface area that cybercriminals can use to obtain, misuse, corrupt, destroy or otherwise exploit consumers’ data.

Increased attack surface combined with more organized cybercriminal heightens risk of being hacked and personal data used for profit. Cyberattacks have evolved from rudimentary malware into highly sophisticated and large-scale attacks. According to RiskBased Security, during 2020, nearly 4,000 data breaches were reported, resulting in over 37 billion records being exposed. Increasing ransomware attacks have generated billions of dollars in payments to cybercriminals and inflicted significant damage and expenses for consumers. In the fourth quarter of 2021, McAfee Labs observed an average of 354 threats per minute.

There is a need for integrated online protection solutions that secure consumers in a connected world by offering the following:

•Comprehensive and convenient security solutions to protect consumers across their digital footprint. Consumers have an increasingly expanding digital presence as they access different online platforms and apps. These daily online interactions require solutions that are designed to meet consumers’ security, identity, and privacy protection needs at scale.

•Online protection powered by seamless digital experience across device and platform. Consumers require holistic digital protection for themselves, their families, and their data across different devices and platforms whether they are at home, at work, or on the go. This requires an interface that is simple to set up and use and provides ongoing protection without hampering device performance and digital experience.

•Consumer products to address privacy needs. A growing online presence exposes more personal and financial data that is targeted by malicious hackers. ForgeRock’s 2021 Consumer Identity Breach Report found a 450% surge in breaches containing usernames and passwords over 2019; translating into more than 1 billion compromised records in the U.S. alone. Users are increasingly mobile, and thus at a higher risk of connecting to unsecured public Wi-Fi connection, requiring virtual private network (“VPN”) solutions to secure personally identifiable information over unsecured networks.

•Comprehensive threat intelligence leveraging a unique global sensor network. Protecting consumers requires comprehensive threat intelligence that can gather massive amounts of data from multiple domains, devices and environments and translate that data into actionable, real-time insights to protect against the evolving tactics and techniques of cybercriminals. It is challenging for cybersecurity vendors to accomplish this without a systematic approach that integrates real-time data collection, machine learning model training and feedback across a vast global network of sensors deployed in protected devices and networks.

6

KEY BENEFITS OF OUR SOLUTIONS

We protect consumers with our differentiated ability to detect, analyze, and manage responses to adversarial threats. Our subscribers trust us to protect and defend their families, data, network and online experience whether it is on a device or in the cloud, at home or on the go.

Our products are multi-faceted privacy protection solutions that provide consumers security in their everyday lives. Our Personal Protection Service is designed to provide a comprehensive suite of features that protect consumers and their families across their digital life. Our products provide cross-device identity protection, online privacy, and device security against virus, malware, spyware and ransomware attacks that are pervasive across all digital devices. Personal Protection Service allows consumers to have mobile and PC antivirus protection across all of their devices, provides spam filtering capabilities, has the ability to securely encrypt sensitive files on public networks, and erases digital footprints that could be used to compromise their data, identity and privacy.

Our solutions provide a seamless and user friendly experience. From working on laptops, to accessing social media on phones, or accessing online videos, our Personal Protection Service provides unified multi-device protection for the modern connected family. With a single McAfee Total Protection subscription, our subscribers can protect multiple devices without impeding the consumer experience via cloud-based online and offline protection across devices to enjoy security at home and on the go. McAfee Total Protection comes with performance-enhancing features that allow for more productivity and entertainment by automatically assigning more dedicated processor power to the apps consumers are actively using. With a single interface, simple set up and intuitive user experience, consumers obtain immediate value from our solutions once installed. Our security, privacy and trust solutions provide a seamless and convenient experience, and an integrated digital moat. We are one of the few scaled cybersecurity companies with integrated data protection and threat defense capabilities built into technologies and solutions that span the digital ecosystem.

Our solutions have comprehensive features that provide consumers peace of mind that their online experience is protected. Our Personal Protection Service is designed to be a holistic digital protection of consumers and their families. Personal Protection Service encompasses data and device security and identity protection through our suite of products while delivering an experience that is equally easy to use whether on a PC, a mobile smartphone or a tablet and across multiple operating system platforms.

Our solutions are supported by our global real-time threat intelligence network, which is bolstered by artificial intelligence, machine learning, and deep learning to increase efficacy and efficiency. As of December 25, 2021, our portfolio leverages over 600 million telemetry sensors across multiple domains that feed our threat intelligence and insights engines. As of 2020, McAfee’s Global Threat Intelligence (“GTI”) supplies threat intelligence to over 2.3 trillion threat queries each year. By leveraging artificial intelligence, machine learning, and deep learning, we use complex threat detection and response algorithms that collect data from our vast customer base to correlate events, detect new threats, reduce false positives, and customers through remediation.

MARKET OPPORTUNITY

According to Frost & Sullivan, the global consumer endpoint security market (comprised of endpoint protection and prevention and consumer privacy and identity protection) addressed by our solutions was expected to reach nearly $13.1 billion in 2020, growing to $18.7 billion in 2024 (9% CAGR). The consumer endpoint security market has remained strong throughout the COVID-19 pandemic and did not show signs of waning during 2021. While the COVID-19 pandemic may have accelerated the market for consumer endpoint security solutions, we believe there continues to be a robust market for consumer personal protection, including mobile solution and broader consumer protection offerings as consumers continue to increase their digital footprint. We believe Consumer Digital Protection represents a large and underpenetrated market opportunity with less than five percent of current global internet users using paid cyber safety solutions, resulting in a greater than ninety five percent whitespace opportunity.

COMPETITIVE STRENGTHS

Our competitive strengths include:

•Brand recognition. We have been a trusted provider of cybersecurity products for over 30 years. This trust was built on protecting hundreds of millions of consumers. Our brand recognition continues to drive customer loyalty and bolsters mutually-beneficial long-standing partner relationships.

•Holistic cybersecurity solutions seamlessly integrated across the consumers’ entire digital ecosystem. Our holistic Personal Protection Service is designed to secure the digital experience and protect privacy of our consumers and their loved ones, across multitude of devices and platforms. With a single interface, simple set up and intuitive user experience, we provide a seamless and integrated digital moat.

7

•Unique footprint across devices. Our consumer solutions protected over 600 million devices as of December 25, 2021. Our massive security footprint spans traditional devices including PCs, mobile devices including smartphones and tablets, home gateways and smart / Internet of Things (“IoT”) devices. The vast data from these endpoints helps inform our intelligence and insights engine.

•Scale and diversity of threat intelligence network. As of December 25, 2021, the McAfee portfolio is continuously enriched by the intelligence gathered from over 600 million sensors across diverse domains and multiple segments to inform our machine learning, deep learning, and artificial intelligence capabilities.

•Deep and innovative threat research expertise. Our industry leading internal team of security experts, researchers, intelligence analysts, data scientists and threat hunters continuously analyze the evolving global threat landscape to develop products that aim to defend against today’s sophisticated and stealthy attacks and reports on emerging security issues. We are continuously reinventing and disrupting ourselves to keep us at the forefront of threat research and better serve our subscribers, as we continue to help our subscribers secure their digital experience.

•Differentiated omni-channel go-to-market strategy. We have longstanding exclusive partnerships with many of the leading PC and mobile OEMs, retail and ecommerce sites, network providers, and search providers. The varied routes to market let us reach the consumer at several crucial moments in their subscription lifecycle.

•Experienced management team with deep cybersecurity expertise. Our world-class management team has extensive cybersecurity expertise and a proven track record of building innovative products and cultivating effective go-to-market strategies at scaled public and private software businesses.

OUR GROWTH STRATEGY

Our strategy is to maintain and extend our technology leadership in consumer cybersecurity solutions by driving frictionless and secure digital experiences as a privately-held company. The following are key elements of our growth strategy:

•Continue to drive subscriber acquisition. We have one of the most trusted brands and comprehensive cybersecurity platforms in the growing, underpenetrated consumer digital protection market. We have a strong customer acquisition rate, addition 2.7 million net new Core Direct to Consumer Subscribers in the last twelve months as of December 25, 2021 (15% year-over-year growth). We will continue to invest in and leverage our brand and direct marketing effectiveness to take advantage of the significant growth opportunity within our core business, as our portfolio of solutions expands. We will continue to target, educate, and retain subscribers at crucial moments in their cybersecurity purchase lifecycle through our various sales & marketing motions.

•Expand Omni-Channel Go-To-Market for our products. We will continue to drive sales through our direct-to-customer channels by investing in digital and performance marketing motions. We intend to strengthen our value proposition to our PC OEMs, and replicate that success with retail and ecommerce partners. We also intend to drive new customer growth by expanding our relationships with communications service providers and ISPs utilizing the cross-platform functionality of our solutions.

•Enhance and tailor the subscriber conversion and renewal process. As we expand our routes to market and partnerships, we strive to evolve our conversion and renewal process and build a large, loyal installed base through our performance marketing and other digital marketing approaches, as well as, partner education that best support mutually beneficial consumer-centric initiatives. We expect Activation to Pay (“ATP”) optimization on OEM pre-loads to increase over time.

•Invest in personal protection and enhance our consumer security platform and user experience. As personal data becomes more prevalent online today than ever before, we are committed to creating a personalized security experience for consumers. To protect our customer’s digital experience across devices, networks and online interactions, we plan to continue to invest in new product and platform innovation to help protect data wherever it resides or travels and defend against threats across multiple domains. At the product level, we have created a platform of integrated solutions that aligns with consumer needs for a holistic, easy-to-use cybersecurity solution that is designed to provide a consistent experience across all online activities, devices and platforms, allows personal feedback, and is accessible globally. We will continue to utilize our “test and learn” design methodology to improve the customer experience while ensuring our products deliver value and an engaging experience on PC, mobile, tablet, and online.

•Continue to pursue targeted acquisitions. We will continue to pursue targeted acquisitions with strong potential to enhance McAfee digital protection platform. We believe we are well positioned to successfully execute on our acquisition strategy by leveraging our scale, global reach and routes to market, and data assets.

8

OUR PRODUCTS

We believe we have one of the industry's most comprehensive cybersecurity portfolios protecting consumers’ digital life.

Our Personal Protection Service provides holistic online protection of the individual and family across their entire digital life. It encompasses device security, privacy, and safe Wi-Fi, and identity protection through a trusted brand with an intuitive experience that is equally easy to use whether on a PC, a mobile smartphone or a tablet and across multiple operating system platforms. Our Personal Protection Service delivers a simple user interface with no performance trade-offs, and with a focus on proactive, intelligent, and seamless protection during a consumer’s digital experience. Our platform frees consumers to work on sensitive documents, videoconference their friends and coworkers, and have their kids go on social media platforms while having peace of mind that our Personal Protection Service is keeping their data and files encrypted, proactively alerting them when they are at risk, and helping them to resolve security threats. We achieve this by integrating the following solutions and capabilities within our Personal Protection Service:

•Device Security. Our award-winning Anti-Malware Software and real-time threat defense has won over 65 awards since 2015 and helps protect over 600 million consumer devices across Android, iOS, and Windows protected from viruses, ransomware, malware, spyware and phishing as of December 25, 2021. Our net promoter score grew from 36 in 2019 to 45 as of September 25, 2021. These 600 million devices help power our threat intelligence engine. As consumers expand their digital footprint with an increasing number of devices and share personal data among them by hopping from one device to another, our threat intelligence engine becomes more robust. We built our Total Protection / LiveSafe solution with the purpose of protecting all of our consumers’ data, regardless of the device they are using or the network they are on. Through our easy-to-use interface, consumers can easily protect additional devices and have peace of mind by being able to observe each device’s security status. Beyond PCs and mobile, we have developed our Secure Home Platform (“SHP”) that protects consumer household IoT systems. Provided through major service providers and router OEMs around the world, our SHP simplifies network security in the home and protects household IoT devices, such as Alexa, smart TVs, and gaming systems.

•Online Privacy and Comprehensive Internet Security. Our Safe Connect VPN and TunnelBear help consumers make any Wi-Fi connection safe and private. With bank-grade AES 256-bit encryption, our solution aims to keep personal data, such as banking account credentials and credit card information protected while keeping IP addresses and physical locations private. This capability helps consumers prevent password and data theft and IP-based tracking and allows customers to access global content, by bypassing local censorship. Consumers can add an additional layer of protection with FileLock by creating password-protected encrypted drives to store their sensitive files, such as tax returns and financial documents. Once these documents are not needed anymore they can be securely deleted with Shredder. Our WebAdvisor acts as a trusted companion protecting consumers from accessing malware and phishing sites while surfing and from downloading unsafe files. As we protect the consumer’s digital life, we also offer our Safe Family solution to keep children safe while they learn to navigate the digital life. Our parental control software blocks age-inappropriate websites, provides device usage monitoring and device restriction services and gives parents the ability to track children’s devices.

•Identity Protection. Our Identity Protection Service includes cyber monitoring, which searches over 600,000 online black markets—including the Dark Web—for compromised personally identifiable information, credit monitoring and social security number tracing, helping consumers take action to prevent from fraud. Our solution also helps consumers recover from fraud through our 24/7/365 support and range of additional services, such as our full-service ID restoration, stolen funds reimbursement, lost wallet recovery, and identify theft insurance, covering expenses up to $1 million. Our Password Manager adds another level of security by securely managing and storing various complex passwords in order to eliminate potential weaknesses caused by simple or re-used passwords.

We also provide these services to consumers who want to complement their existing protection in the form of individual products, as well as to consumers who want to protect their complete digital life through our Total Protection and LiveSafe portfolio brands.

In addition, we extended our protection services to small business owners and the gamer community. Our Small Business Security package helps small businesses keep their businesses and customer data safe by leveraging our award-winning multi-device protection and privacy capabilities, enhanced with our 24/7 technical support and virus removal service. Our Gamer Security package delivers anti-malware functionality while enhancing gaming performance. By offloading threat detection to the cloud, keeping necessary virus definitions locally, and optimizing system resources like the central processing unit, graphics processing unit, and random-access memory by pausing background services, we deliver a smoother and safer gaming experience.

OUR TECHOLOGY

We deploy the latest technologies to maintain our competitive advantage in our product offerings as well as to design a personalized digital experience for consumers that drive customer engagement, satisfaction, and retention.

9

Quality of Our Protection and Artificial Intelligence/Machine Learning

Our solutions seek to defend against a wide range of threats by using technology that leverages a combination of threat intelligence, artificial intelligence and machine learning. Unlike other alternatives that rely only on artificial intelligence, our approach minimizes false positives while detecting a wide range of threats, including new zero-day threats.

Our solutions are enhanced by our Global Threat Intelligence Telemetry from detected events across the product portfolio in addition to structural and behavioral feature vectors from telemetry collected through our network of threat sensors. This telemetry enables McAfee to understand the blueprint of threats for which we do not necessarily possess the sample but can identify based on behavioral and structural vectors which improves our efficacy in detecting zero-day threats.

Our Machine Learning Scanner provides two options for performing automated analysis—on the device or in the cloud. The former uses machine learning on customer systems to determine whether existing and incoming files match known malware. Our cloud-based machine learning scanner collects and sends file attributes and behavioral information to the machine-learning system in the cloud for malware analysis, without transmitting personally identifiable information.

Anti-Malware Engine

Our anti-malware engine is the core component of our award-winning products. Using patented technology, the engine analyzes potentially malicious code to detect and block Trojans, viruses, worms, adware, spyware, ransomware and other threats. The engine scans files at particular points, processes, and pattern-matches malware definitions with data it finds within scanned files, decrypts, and runs malware code in an emulated environment, applies heuristic techniques to recognize new malware, and removes infectious code from legitimate files.

Consumer Experience Innovation

We continuously improve the digital experience for consumers through the following technologies:

•Platform Innovation. Our continuous innovations across our online presence, ecommerce, analytics, and product platform aim towards creating the best-possible experience for consumers. Our analytics platform draws from millions of consumer engagement interactions, accumulated over years and years, provides us with the insights to craft the ideal consumer experience. We use these insights to design a comprehensive, unified seamless security experience for consumers that can be managed from any mobile device. This rich set of engagement patterns also allows us to fine-tune the purchasing process by displaying the right landing page and choosing the ideal payment provider to ensure a successful transaction. Combined with our next generation messaging system and tailored marketing campaigns, we improve customer engagement, satisfaction, as well as acquisition efficiency and retention.

•Ability to Integrate with Our Partners. Through our ongoing collaboration with our OEM partners, we developed an integrated consumer experience that increases the conversation of potential indirect customers to our platform. Working closely with each OEM, we are continuously testing and improving each element of the consumer journey, from our tailored OEM landing pages and messaging, to our product trials, trial experience, offerings options, pricing, and shopping chart and payments experience. Additionally, we also integrated our product platform with leading telecommunication providers, retailers, as well as networking equipment manufacturers to be the underlying platform for their mobile and IoT related security offerings.

SALES AND MARKETING

Our go-to-market engine consists of a digitally-led omni-channel approach to reach the consumer at crucial moments in their purchase lifecycle including direct-to-consumer online sales, acquisition through trial pre-loads on PC OEM devices, and other indirect modes via additional partners such as mobile providers, ISPs, electronics retailers, eCommerce sites, and search providers.

•Direct-to-consumer marketing. We market directly to consumers through our website, McAfee.com, with digital sales motions and analytics-based cart conversion capabilities. We grow this channel by driving site visits and improving conversion rates.

10

•PC OEMs. We have a strong PC OEM partner ecosystem with major OEMs including Dell, HP, Lenovo, Asus, Fujitsu, and Samsung, in which we pre-install a 30-day free trial of our security platform. Our digital and performance marketing engine engages with the purchasing customer to highlight the value of the security platform and convert the consumer to a direct McAfee customer. In some cases, PC OEMs preinstall a one-year or longer subscription and the OEM pays McAfee a royalty. During the subscription lifecycle, McAfee engages the consumer with our digital marketing engine to convert the consumer to a McAfee direct-to-customer subscriber at the end of the initial subscription period. Increases in OEM PC shipments and free-trial conversion rates have been key drivers of growth in this channel.

•Retail and eCommerce. We partner with major retailers worldwide including Office Depot, Staples, Walmart, Sam’s Club, MediaMarkt, Best Buy, and Amazon, to offer consumers a McAfee subscription for purchase through the retailer stores and eCommerce websites. During the subscription lifecycle McAfee engages the consumer with our digital marketing engine to convert the consumer to a McAfee direct-to-consumer subscriber at the end of the initial subscription period.

•Network Providers. We partner with major service providers worldwide including Verizon, T-Mobile, Lumen, Telefonica, NTT Docomo, Softbank, British Telecom, and Sky, to offer our mobile security and SHP products through the service providers. In some cases, we also partner with the service providers to integrate and bundle one or more of our security products into their mobile product value added service offerings. In addition to our partnerships with service providers, we partner with Samsung to pre-install one or more of our security products on their smartphones.

•Search Providers. McAfee also partners with search engine providers to integrate our secure web search products. Through our WebAdvisor product we protect consumers by advising what websites are safe versus what websites are risky.

Our omni-channel approach and strong partnerships work together to increase our presence at key moments of purchase and security engagement for consumers, allowing us to drive customer engagement and acquisition of new subscribers.

INTELLECTUAL PROPERTY

Our intellectual property is an important and vital asset of the company that enables us to develop, market, and sell our products and services and enhance our competitive position. We rely on trademarks, patents, copyrights, trade secrets, license agreements, intellectual property assignment agreements, confidentiality procedures, non-disclosure agreements, and employee non-disclosure and invention assignment agreements to establish and protect our proprietary rights.

We maintain an internal patent program to identify inventions that provide the basis for new patent applications in areas of importance to our business. As of December 25, 2021, we had approximately 1,235 issued U.S. patents, in addition to approximately 735 issued foreign patents, which generally relate to inventive aspects of our products and technology. The duration of our issued patents is determined by the laws of the issuing country. Although we have patent applications pending, there can be no assurance that patents will issue from pending applications or that claims allowed on any future issued patents will be sufficiently broad to protect our technology. Also, these protections may not preclude competitors from independently developing products with functionality or features similar to our products.

In certain cases, we license intellectual property from third parties for use in our products and generally must rely on those third parties to protect the licensed rights. This can include open source software, which is subject to limited proprietary rights. While the ability to maintain and protect our intellectual property rights is important to our success, we believe our business is not materially dependent on any individual patent, copyright, trademark, trade secret, license, or other intellectual property right. For information on the risks associated with our intellectual property, please see “Risk Factors” in Item 1A.

THIRD-PARTY SERVICE PROVIDERS

We are heavily reliant on our technology and infrastructure to provide our products and services to our customers. For example, we host many of our products using third-party data center facilities, and we do not control the operation of these facilities. In addition, we rely on certain technology that we license from third parties, including third-party commercial software and open source software, which is used with certain of our solutions. For information on the risks associated with our dependence on such third-party service providers, please see “Risk Factors” in Item 1A.

11

GOVERNMENTAL REGULATION

We collect, use, store or disclose an increasingly high volume, variety, and velocity of personal information, including from employees and customers, in connection with the operation of our business, particularly, in relation to our identity and information protection offerings, which rely on large data repositories of personal information and consumer transactions. The personal information we process is subject to an increasing number of federal, state, local, and foreign laws regarding privacy and data security. For information on the risks associated with complying with privacy and data security laws, please see “Risk Factors” in Item 1A.

EMPLOYEE & HUMAN CAPITAL

Protecting all that matters demands constant innovation. Doing our job well requires building a workplace that embraces individuality, encourages different perspectives, and welcomes a range of experiences to boost real innovation, creativity, and strategic problem-solving. But it’s not just the right thing to do for business—it’s about every person’s innate right to be their true self and belong.

Building a more inclusive, sustainable world starts within our walls. We believe that when we mirror the varying perspectives of the outside world, we are stronger, more innovative, and better positioned to solve tomorrow’s toughest cybersecurity challenges. Our approach starts with our hiring and interview practices, but representation isn’t enough. Once people walk through our open door, we ensure all life experiences are not just valued, but accepted and encouraged. Only when people feel a deep sense of belonging can they thrive.

To solve tomorrow’s cybersecurity challenges, we know that our industry needs a more diverse, innovative workforce. To fulfill our mission to protect all that matters, we stand firm in our commitment to drive this change. But first, we must understand who we are today to define our journey ahead. As of December 25, 2021, McAfee employed 2,262 employees in 32 countries worldwide. Of these employees, 434 are expected to transfer to McAfee Enterprise in 2022 as a result of the divestiture which occurred in July 2021. The core McAfee population demographic was as follows:

 

To contribute a more diverse workforce to the cybersecurity industry, we know that we will need to exercise genuine, authentic, and transparent recruiting and hiring practices aligned with our values. That’s why we support techniques and programs designed specifically to connect us with people of all backgrounds:

•We write clear, searchable, and applicable job descriptions for candidates of all backgrounds. By leveraging the only augmented writing platform that addresses language as well as content, all candidates can find and understand our open roles.

•We assemble a diverse hiring panel for every role, so each candidate is considered from varying perspectives.

•To plant a firm cultural foundation and minimize any unconscious bias, we train all recruiters and hiring managers to use our values-based behavioral interview approach.

12

•Our internship program serves as the training ground for top talent around the world, welcoming qualified, interested students of all backgrounds

Real collaboration, innovation, and impact happens in workplaces where you can express yourself authentically. That’s why we work hard to ensure life at McAfee is one where our employees can be authentic, engage with others, and reach the best versions of themselves, both at the office and away from it:

•We sponsor six McAfee Communities to support members and allies within each of our African Heritage, Veterans, Latino, Women, Pride, and Differently Abled communities

•We ensure fair and equal compensation based on contributions and impact to the company through our annual pay parity analysis

•We provide a Diversity Impact analysis to ensure that at a minimum, any promotion or rewards are representative of each diverse group’s population within the organization

•We focus our global benefits strategy on providing inclusive and family friendly benefits

A more detailed overview of McAfee’s inclusion and diversity practices can be viewed at https://www.mcafee.com/en-us/consumer-corporate/inclusion-diversity.html.

AVAILABLE INFORMATION

Our internet website is www.mcafee.com. We make available on the Investor Relations section of our website, free of charge, our annual reports on Form 10-K, quarterly reports on Form 10-Q, current reports on Form 8-K, Proxy Statements, and Forms 3, 4 and 5, and amendments to those reports as soon as reasonably practicable after filing such documents with, or furnishing such documents to, the Securities and Exchange Commission (“SEC”). The SEC maintains a website (www.sec.gov) that contains reports, proxy and information statements and other information regarding issuers that file electronically with the SEC.

On the Investor Relations section of our website, we webcast our earnings calls and certain events we participate in or host with members of the investment community. Additionally, we provide notifications of news or announcements regarding our financial performance, including SEC filings, investor events, press and earnings releases. Further corporate governance information, including our board committee charters, and, code of ethics, is also available on our Investor Relations website under the heading "Corporate Governance—Documents & Charters."

Our internet website is included herein as an inactive textual reference only. The information contained on our website is not incorporated by reference herein and should not be considered part of this report.

13

Item 1A. Risk Factors

Risks Related to the Merger

The announcement and pendency of the proposed Merger may adversely affect our business, financial condition and results of operations.

On November 5, 2021, the Company entered into an Agreement and Plan of Merger (the “Merger Agreement”) with Condor BidCo, Inc., a Delaware corporation (“Parent”), and Condor Merger Sub, Inc., a Delaware corporation and wholly owned subsidiary of Parent (“Merger Subsidiary”), pursuant to which Merger Subsidiary will merge with and into the Company whereupon the separate corporate existence of Merger Subsidiary will cease and the Company will be the surviving corporation in the Merger and will continue as a wholly owned subsidiary of Parent (the “Merger”). Uncertainty about the effect of the proposed Merger on our employees, customers, and other parties may have an adverse effect on our business, financial condition and results of operation regardless of whether the proposed Merger is completed. These risks to our business include the following, all of which could be exacerbated by a delay in the completion of the proposed Merger:

•the impairment of our ability to attract, retain, and motivate our employees, including key personnel;

•the diversion of significant management time and resources towards the completion of the proposed Merger;

•difficulties maintaining relationships with customers, suppliers, and other business partners;

•delays or deferments of certain business decisions by our customers, suppliers, and other business partners;

•the inability to pursue alternative business opportunities or make appropriate changes to our business because the Merger Agreement requires us to use reasonable best efforts to conduct our business in the ordinary course of business and not engage in certain kinds of transactions prior to the completion of the proposed Merger;

•litigation relating to the proposed Merger and the costs related thereto; and

•the incurrence of significant costs, expenses, and fees for professional services and other transaction costs in connection with the proposed Merger

Additionally, in approving the Merger Agreement, our board of directors considered a number of factors and potential benefits, including the fact that the Merger consideration to be received by holders of our common stock represented an approximately 22.6% premium to our unaffected share price of $21.21 on November 4, 2021, the day prior to initial media speculation of a transaction. If the Merger is not completed, neither the Company nor the holders of our common stock will realize this benefit of the Merger. Moreover, we would have incurred substantial transaction-related fees and costs and the loss of management time and resources

Failure to consummate the proposed Merger within the expected timeframe or at all could have a material adverse impact on our business, financial condition and results of operations.

There can be no assurance that the proposed Merger will be consummated. The consummation of the proposed Merger is subject to customary closing conditions. The obligation of each party to consummate the Merger is also conditioned upon the other party’s representations and warranties being true and correct to the extent specified in the Merger Agreement and the other party having performed in all material respects its obligations under the Merger Agreement. There can be no assurance that these and other conditions to closing will be satisfied in a timely manner or at all.

The Merger Agreement also includes customary termination provision for both the Company and Parent, subject, in certain circumstances, to the payment by the Company of a termination fee of 1.25% or 2.5% of the Company’s equity value. If we are required to make this payment, doing so may materially adversely affect our business, financial condition and results of operations.

14

There can be no assurance that a remedy will be available to us in the event of a breach of the Merger Agreement by Parent or its affiliates or that we will wholly or partially recover for any damages incurred by us in connection with the proposed Merger. A failed transaction may result in negative publicity and a negative impression of us among our customers or in the investment community or business community generally. Further, any disruptions to our business resulting from the announcement and pendency of the proposed Merger, including any adverse changes in our relationships with our customers, partners, suppliers and employees, could continue or accelerate in the event of a failed transaction. In addition, if the proposed Merger is not completed, and there are no other parties willing and able to acquire the Company at a price of $26.00 per share or higher, on terms acceptable to us, the share price of our Class A common stock will likely decline to the extent that the current market price of our common stock reflects an assumption that the proposed Merger will be completed. Also, we have incurred, and will continue to incur, significant costs, expenses and fees for professional services and other transaction costs in connection with the proposed Merger, for which we will have received little or no benefit if the proposed Merger is not completed. Many of these fees and costs will be payable by us even if the proposed Merger is not completed and may relate to activities that we would not have undertaken other than to complete the proposed Merger.

Prior to the completion of the Merger or the termination of the Merger Agreement in accordance with its terms, we are prohibited from entering into certain transactions and taking certain actions that might otherwise be beneficial to us and our stockholders.

After the date of the Merger Agreement and prior to the effective time, the Merger Agreement restricts us from taking specified actions without the consent of the Parent (which consent may not be unreasonably withheld, conditioned or delayed) and requires that our business be conducted in all material respects in the ordinary course of business. These restrictions may prevent us from making appropriate changes to our businesses or organizational structures or from pursuing attractive business opportunities that may arise prior to the completion of the Merger and could have the effect of delaying or preventing other strategic transactions. Adverse effects arising from the pendency of the Merger could be exacerbated by any delays in consummation of the Merger or termination of the Merger Agreement.

The Merger, including uncertainty regarding the Merger, may cause customers, suppliers, distributors or strategic partners to delay or defer decisions, which could negatively affect our business and adversely affect our ability to effectively manage our business.

The Merger will happen only if certain conditions are met. Many of the conditions are outside our control, and both we and Parent also have the right to terminate the Merger Agreement in certain circumstances. Accordingly, there may be uncertainty regarding the completion of the Merger. This uncertainty may cause customers, suppliers, distributors, strategic partners or others that deal with us to delay or defer entering into contracts with us or making other decisions concerning us or seek to change or cancel existing business relationships, which could negatively affect our business. Any delay or deferral of those decisions or changes in existing agreements could have a material adverse effect on our business, regardless of whether the Merger is ultimately completed.

The Merger may cause difficulty in attracting, motivating and retaining employees.
 

Our current and prospective employees may experience uncertainty about their future role with the Company until strategies with regard to these employees are announced or executed, which may impair our ability to attract, retain and motivate key management, technical, business development, operational and customer-facing employees and other personnel prior to the Merger. If we are unable to retain and replace personnel, we could face disruptions in our operations, loss of existing customers, loss of key information, expertise or know-how, and unanticipated additional recruitment and training costs.
 

The Merger Agreement limits our ability to pursue alternatives to the Merger and may discourage other companies from trying to acquire us for greater consideration than what the Parent has agreed to pay.
 

The Merger Agreement contains provisions that make it more difficult for us to sell our business to a company other than the Parent. These provisions include a general prohibition on us soliciting any acquisition proposal or offer for a competing transaction. If we or the Parent terminate the Merger Agreement and we agree to be or are subsequently acquired by another company, we may in some circumstances be required to pay to Parent a termination fee of 1.25% or 2.5% of the Company’s equity value.
 

15

These provisions might discourage a third party that has an interest in acquiring all or a significant part of the Company from considering or proposing an acquisition, even if the party were prepared to pay consideration with a higher per share cash or market value than the cash value proposed to be received in the Merger, or might result in a potential competing acquirer proposing to pay a lower price than it might otherwise have proposed to pay because of the added expense of the termination fee that may become payable in certain circumstances.
 

Stockholder litigation could result in substantial costs and may delay or prevent the Merger from being completed.
 

Stockholder lawsuits are often brought against public companies that have entered into merger agreements. As of the date of this Annual Report on Form 10-K, the Company has received three demand letters on behalf of purported stockholders of the Company challenging certain disclosures in the definitive proxy statement filed with the SEC on January 4, 2022 (the “Definitive Proxy Statement”). In addition, five stockholder complains relating to the Merger have been filed, four of which allege that the Definitive Proxy Statement is false and/or misleading and asserts claims for violations of Sections 14(a) and 20(a) of the Exchange Act and SEC Rule 14a-9 against the Company and its directors and the fifth alleges that the preliminary proxy statement filed with the SEC on December 21, 2021 is false and/or misleading and asserts claims for violations of Section 14(a) and 20(a) of the Exchange Act and SEC Rule 14a-9 against the Company and its directors. Each of the complains purport to seek, among other things, injunctive relief preventing the Merger, damages, and an award of plaintiffs’ costs and expenses, including reasonable attorneys’ and expert fees. The Company believes that the claims asserted in the demand letters and complaints are without merit. However, defending against these claims can result in substantial costs and divert management time and resources. Such claims could prevent or delay the consummation of the Merger, including through an injunction, and result in additional costs to us. The ultimate resolution of these lawsuits cannot be predicted, and an adverse ruling in any such lawsuit may cause the Merger to be delayed or not to be completed, which could cause us not to realize some or all of the anticipated benefits of the Merger.
 

Risks Related to the COVID-19 Pandemic

The COVID-19 pandemic has affected how we are operating our business, and the duration and extent to which this will impact our future results of operations and overall financial performance remains uncertain.

The COVID-19 pandemic is having widespread, rapidly evolving, and unpredictable impacts on global society, economies, financial markets, and business practices. Federal, state and foreign governments have implemented measures to contain the virus, including social distancing, travel restrictions, border closures, limitations on public gatherings, work from home, and closure of non-essential businesses. At the onset of the COVID-19 pandemic, we implemented work-from-home requirements, made substantial modifications to employee travel policies, and cancelled or shifted marketing and other corporate events to virtual-only formats. While we have adjusted our current policies and procedures in accordance with public health guidance that is available, we cannot be certain that similar precautionary measures will not be necessary in the future, and any such precautionary measures could negatively affect our customer success efforts, sales and marketing efforts, delay and lengthen our sales cycles, or create operational or other challenges, any of which could harm our business and results of operations. In addition, the COVID-19 pandemic has disrupted the operations of many of our channel partners, and may continue to disrupt their operations, for an indefinite period of time, including as a result of any future public health precautionary measures, uncertainty in the financial markets, or other harm to their businesses and financial results, resulting in delayed purchasing decisions, extended payment terms, and postponed or cancelled projects, all of which could negatively impact our business and results of operations, including our revenue and cash flows. Further, if the COVID-19 pandemic has a substantial impact on our employees’, partners’, or third-party service providers’ health, attendance, or productivity in the future, our results of operations and overall financial performance may be adversely impacted.

16

The ultimate duration and extent of the impact from the COVID-19 pandemic depends on future developments that cannot be accurately forecasted at this time, such as the efficacy of new vaccines, the efficiency and scope of global inoculation efforts, the severity and transmission rate of the disease and new variants, the actions of governments, businesses and individuals in response to the pandemic, the extent and effectiveness of containment actions, the impact on economic activity, and the impact of these and other factors on our employees, partners, and third-party service providers. This uncertainty also affects management’s accounting estimates and assumptions, which could result in greater variability in a variety of areas that depend on these estimates and assumptions, including those related to investments, receivables, retention rates, renewal and pricing. For example, we have experienced growth and increased demand for our solutions in recent quarters, which may be due in part to greater demand for devices or our solutions in response to the COVID-19 pandemic. We cannot determine what, if any, portion of our growth in net revenue, the number of our Direct to Consumer Subscribers, or any other measures of our performance during 2021 was the result of such responses to the COVID-19 pandemic. However, if we are unable to successfully drive renewals of new subscriptions and retention of new customers in future periods, including any such new subscriptions or new customers that may be related to the response to the COVID-19 pandemic, or if global conditions and macroeconomic forces, including those related to the COVID-19 pandemic, reduce demand for solutions in the future, we may be unsuccessful in sustaining our recent growth rates. In addition, the extent to which the COVID-19 pandemic will continue to drive demand for devices is uncertain, and if demand for devices decreases, we may experience slower growth in future periods. These uncertainties may increase variability in our future results of operations and adversely impact our ability to accurately forecast changes in our business performance and financial condition in future periods. If we are not able to respond to and manage the impact of such events effectively or if global economic conditions do not improve, or deteriorate further, our business, financial condition, results of operations, and cash flows could be adversely affected.

Risks Related to the Recent Sale of our Enterprise Business

If we are unsuccessful at executing our business plan and necessary transition activities as a standalone consumer cybersecurity company following the recent sale of our Enterprise Business, our business and results of operations may be adversely affected and our ability to invest in and grow our business could be limited.

On July 27, 2021, we completed the sale of our Enterprise Business to STG, which divestiture comprised a substantially whole operating segment. This and other operational transitions have involved turnover in management and other key personnel and changes in our strategic direction. Transitions of this type can be disruptive, result in the loss of focus and employee morale and make the execution of business strategies more difficult. We also expect to pay approximately $300 million in additional one-time separation costs and stranded cost optimization, a portion of which will be expenses paid by proceeds from the transaction. We have also entered into a transition service agreement under which we will provide assistance to STG including, but not limited to, business support services and information technology services as well as a commercial services agreement, under which we will provide certain product services and licensed technology, including certain threat intelligence data, that has historically been provided to the Enterprise Business. We may experience delays in the anticipated timing of activities related to such transitions and higher than expected or unanticipated execution costs. If we do not succeed in executing on these transition activities while achieving our cost optimization goals, or if these efforts are more costly or time-consuming than expected, our business and results of operations may be adversely affected, which could limit our ability to invest in and grow our business.

We may not achieve the intended benefits of the sale of our Enterprise Business.

We may not realize some or all of the anticipated benefits from the sale of our Enterprise Business. The resource constraints as a result of our focus on completing the transaction, which include the loss of employees, could have a continuing impact on the execution of our business strategy and our overall operating results. Further, our remaining employees may become concerned about the future of our remaining operations and lose focus or seek other employment. There can be no guarantee that the divestiture will result in stronger long term financial and operational results for our remaining consumer business.

Additionally, in connection with the divestiture, our Board of Directors returned a portion of the proceeds of the sale of our Enterprise Business in the form of distributions paid to holders of LLC Units of FTW, including McAfee Corp., and to holders of our Class A common stock in the form of a special dividend of $4.50 per share to holders of record of our Class A common stock as of August 13, 2021. The use of proceeds in this manner could impair our future financial growth.

17

Our future results of operations are dependent solely on the operations of our pure play consumer cyber security business and will differ materially from our previous results.

The Enterprise Business generated approximately 46% of total combined company revenue for fiscal 2020, and approximately 51% of total combined company revenue for fiscal 2019. Accordingly, our future financial results will differ materially from our previous results since our future financial results are dependent solely on our consumer operations. Any downturn in our consumer business could have a material adverse effect on our future operating results and financial condition and could materially and adversely affect the trading price of our outstanding securities.

Risks Related to Competition and Industry Trends

The cybersecurity market is rapidly evolving and becoming increasingly competitive in response to continually evolving cybersecurity threats from a variety of increasingly sophisticated cyberattackers. If we fail to anticipate changing customer requirements or industry and market developments, or we fail to adapt our business model to keep pace with evolving market trends, our financial performance will suffer.

The cybersecurity market is characterized by continual changes in customer preferences and requirements, frequent and rapid technological developments and continually evolving market trends. We must continually address the challenges of dynamic, and accelerating market trends, such as the emergence of new cybersecurity threats, the continued decline in the sale of new personal computers, and the rise of mobility and cloud-based solutions, all of which make satisfying our customers’ diverse and evolving needs more challenging.

The technology underlying our solutions is particularly complex because it must effectively and efficiently identify and respond to new and increasingly sophisticated threats while meeting other stringent technical requirements in areas of performance, usability, and availability. Although our customers expect new solutions and enhancements to be rapidly introduced to respond to new cybersecurity threats, product development requires significant investment, the efficacy of new technologies is inherently uncertain, and the timing for commercial release and availability of new solutions and enhancements is uncertain. We may be unable to develop new technologies to keep pace with evolving threats or experience unanticipated delays in the availability of new solutions, and therefore fail to meet customer expectations. If we fail to anticipate or address the evolving and rigorous needs of our customers, or we do not respond quickly to shifting customer expectations or demands by developing and releasing new solutions or enhancements that can respond effectively and efficiently to new cybersecurity threats on an ongoing and timely basis, our competitive position, business, and financial results will be harmed.

The introduction of new products or services by competitors, market acceptance of products or services based on emerging or alternative technologies, and the evolution of new standards, whether formalized or otherwise, could each render our existing solutions obsolete or make it easier for other products or services to compete with our solutions. In addition, modern cyberattackers are skilled at adapting to new technologies and developing new methods of breaching customers. We must continuously work to ensure our solutions protect against the increased volume and complexity of the cybersecurity threat landscape. Changes in the nature of advanced cybersecurity threats could result in a shift in cybersecurity spending and preferences away from solutions such as ours. If our solutions are not viewed by our customers as necessary or effective in addressing their cybersecurity needs, then our revenues may not grow as quickly as expected, or may decline, and our business could suffer.

We cannot be sure that we will accurately predict how the cybersecurity markets in which we compete or intend to compete will evolve. Failure on our part to anticipate changes in our markets and to develop solutions and enhancements that meet the demands of those markets will significantly impair our business, financial condition, results of operations, and cash flows.

We operate in a highly competitive environment, and we expect competitive pressures to increase in the future, which could cause us to lose market share.

The markets for our solutions are highly competitive, and we expect both the requirements and pricing competition to increase, particularly given the increasingly sophisticated attacks, changing customer preferences and requirements, current economic pressures, and market consolidation. Competitive pressures in these markets may result in price reductions, reduced margins, loss of market share and inability to gain market share, and a decline in sales, any one of which could seriously impact our business, financial condition, results of operations, and cash flows.

We face competition from players, such as NortonLifelock, Avast/AVG, Kaspersky, Trend Micro, ESET, and Microsoft, which expanded from desktop anti-malware into mobile, security, VPN, and identity protection among others. At the same time we compete with point-tool providers, such as Cujo and Dojo in the home IoT space or AnchorFree, ExpressVPN, and ProtonVPN in the network security space, across our full consumer offering.

18

In addition to competing with these and other vendors directly for sales to end-users of our products, we compete with several of them for the opportunity to have our products bundled with the product offerings of our strategic partners, including computer hardware OEMs, ISPs, mobile carriers, and other distribution partners. Our competitors could gain market segment share from us if any of these strategic partners replace our solutions with those of our competitors or if these partners more actively promote our competitors’ offerings than ours. In addition, vendors who have bundled our products with theirs may choose to bundle their products with their own or other vendors’ software or may limit our access to standard product interfaces and inhibit our ability to develop products for their platform. We also face competition from many smaller companies that specialize in particular segments of the markets in which we compete, including Crowdstrike, VMware, Netskope, and Zscaler. In the future, further product development by these providers could cause our products and services to become redundant or lose market segment share, which could significantly impact our sales and financial results.

We face growing competition from network equipment, computer hardware manufacturers, large operating system providers, telecommunication companies, and other large or diversified technology companies. Examples of large, diversified competitors include Microsoft, International Business Machines Corporation, and Dell Technologies. Large vendors of hardware or operating system software increasingly incorporate cybersecurity functionality into their products and services, and enhance that functionality either through internal development or through strategic alliances or acquisitions. Similarly, telecommunications providers are increasingly investing in the enhancement of the cybersecurity functionality in the devices and services they offer. Certain of our current and potential competitors may have competitive advantages such as longer operating histories, more extensive international operations, larger product development and strategic acquisition budgets, and greater financial, technical, sales, and marketing resources than we do. Such competitors also may have well-established relationships with our current and potential customers and extensive knowledge of our industry and the markets in which we compete and intend to compete. As a result, such competitors may be able to respond more quickly to new or emerging technologies and changes in customer requirements, or to devote greater resources to the development, marketing, sale, and support of their products. These competitors have made strategic acquisitions or established cooperative relationships among themselves or with other providers, thereby increasing their ability to provide a broader suite of products, and potentially causing customers to decrease purchases of, or defer purchasing decisions with respect to, our products and services. Additionally, some or all of our solutions may rely upon access to certain hardware or software interfaces. These competitors may limit our access to such interfaces or may provide greater or earlier access available to others. These actions could adversely affect the operations of our products relative to competitors or render our solutions inoperative.

Cybersecurity protection is also offered by certain of our competitors at prices lower than our prices or, in some cases, free of charge. Other companies bundle their own or our competitors’ lower-priced or free cybersecurity products with their own computer hardware or software product offerings in a manner that discourages users from purchasing our products and subscriptions. Our competitive position could be adversely affected to the extent that our current or potential customers perceive these cybersecurity products as replacing the need for our products or if they render our solutions unmarketable—even if these competitive products are inferior to or more limited than our products and services. The expansion of these competitive trends could have a significant negative impact on our sales and financial results by causing, among other things, price reductions of our products, reduced profitability, and loss of market share.

To compete successfully, we must continue to develop new solutions and enhance existing solutions, effectively adapt to changes in the technology or rights held by our competitors, respond to competitive strategies, and effectively adapt to technological changes within the consumer cybersecurity market. If we are unsuccessful in responding to our competitors, our competitive position and our financial results could be adversely affected.

Our business depends substantially on our ability to retain customers and to expand sales of our solutions to them. If we are unable to retain our customers or to expand our product offerings, our future results of operations will be harmed.

For us to maintain or improve our results of operations in a market that is rapidly evolving and places a premium on market-leading solutions, it is important that we retain existing customers and that our customers expand their use of our solutions. Our customers have no obligation to renew their subscription with us upon their expiration. Retention rates may decline or fluctuate as a result of a number of factors, including but not limited to the level of our customers’ satisfaction or dissatisfaction with our solutions, our prices and the prices of competing products or services, industry consolidation, the effects of global economic conditions, new technologies, changes in our customers’ spending levels, and changes in how our customers perceive the cybersecurity threats. In addition, a significant portion of our renewals come from autorenewal arrangements incorporated within our solutions. Any changes in the laws regarding autorenewal arrangements could adversely affect our ability to retain consumer customers and harm our financial condition and operating performance.

19

In addition, our ability to generate revenue and maintain or improve our results of operations partly depends on our ability to cross-sell our solutions to our existing customers. We expect our ability to successfully cross-sell our solutions will be one of the most significant factors influencing our growth. We may not be successful in cross-selling our solutions because our customers may find our additional solutions unnecessary or unattractive. Our failure to sell additional solutions to our existing and new customers could adversely affect our ability to grow our business.

We may need to change our pricing models to compete successfully.

The intense competition we face in the cybersecurity market, in addition to general economic and business conditions (including the economic volatility resulting from the COVID-19 pandemic), can result in downward pressure on the prices of our solutions. If our competitors offer significant discounts on competing products or services, or develop products or services that our customers believe are more valuable or cost-effective, we may be required to decrease our prices or offer other incentives in order to compete successfully. Additionally, if we increase prices for our solutions, demand for our solutions could decline as customers adopt less expensive competing products and our market share could suffer. If we do not adapt our pricing models to reflect changes in customer use of our products or changes in customer demand, our revenues could decrease.

Any broad-based change to our pricing strategy could cause our revenues to decline or could delay future sales as our sales force implements and our customers adjust to the new pricing terms. We or our competitors may bundle products for promotional purposes or as a long-term go-to-market or pricing strategy or provide price guarantees to certain customers as part of our overall sales strategy. These practices could, over time, significantly limit our flexibility to change prices for existing solutions and to establish prices for new or enhanced products and services. Any such changes could reduce our margins and adversely affect our results of operations.

If cybersecurity industry analysts publish unfavorable or inaccurate research reports about our business, our financial performance could be harmed.

An increasing number of independent industry analysts and researchers regularly evaluate, compare, and publish reviews regarding the performance, efficiency, and functionality of cybersecurity products and services, including our own solutions. The market’s perception of our solutions may be significantly influenced by these reviews. We do not have any control over the content of these independent industry analysts and research reports, or the methodology they use to evaluate our solutions, which may be flawed or incomplete. Demand for our solutions could be harmed if these industry analysts publish negative reviews of our solutions or do not view us as a market leader. If we are unable to maintain a strong reputation, sales to new and existing customers and renewals could be adversely affected, and our financial performance could be harmed.

Risks Related to Our Financial and Operating Performance

Our results of operations can be difficult to predict and may fluctuate significantly, which could result in a failure to meet investor expectations.

Our results of operations have in the past varied, and may in the future vary, significantly from period to period due to a number of factors, many of which are outside of our control, including the macroeconomic environment. These factors limit our ability to accurately predict our results of operations and include factors discussed throughout this “Risk Factors” section, including the following:

•the level of competition in our markets, including the effect of new entrants, consolidation, and technological innovation;

•macroeconomic conditions in our markets, both domestic and international, as well as the level of discretionary technology spending;

•fluctuations in demand for our solutions;

•disruptions in our business operations or target markets caused by, among other things, terrorism or other intentional acts, pandemics, such as the COVID-19 pandemic, riots, protests or political unrest, or earthquakes, floods, or other natural disasters;

•variability and unpredictability in the rate of growth in the markets in which we compete;

•technological changes in our markets;

•our ability to renew existing customers, acquire new customers, and sell additional solutions;

•execution of our business strategy and operating plan, and the effectiveness of our sales and marketing programs;

•product announcements, introductions, transitions, and enhancements by us or our competitors, which could result in deferrals of customer orders;

20

•the impact of our recent divesture of our enterprise business, and any stranded or other costs incurred in connection with the transaction and the efficacy of our cost optimization efforts following the transaction;

•the impact of future acquisitions or divestitures;

•changes in accounting rules and policies that impact our future results of operations compared to prior periods; and

•the need to recognize certain revenue ratably over a defined period or to defer recognition of revenue to a later period, which may impact the comparability of our results of operations across those periods.

Furthermore, a high percentage of our expenses, including those related to overhead, research and development, sales and marketing, and general and administrative functions are generally fixed in nature in the short term. As a result, if our net revenue is less than forecasted, we may not be able to effectively reduce such expenses to compensate for the revenue shortfall and our results of operations will be adversely affected. We also expect the recent sale of our Enterprise Business to lead to increased costs that were previously allocated to both segments to now be part of continuing operations, which will have a dilutive impact on operating margins. We also expect to pay approximately $300 million in additional one-time separation costs and stranded cost optimization, a portion of which will be expenses paid by proceeds from the transaction. In addition, our ability to maintain or expand our operating margins may be limited given economic and competitive conditions, and we therefore could be reliant upon our ability to continually identify and implement operational improvements in order to maintain or reduce expense levels. There can be no assurance that we will be able to maintain or expand our current operating margins in the future.

We derive revenue from the sale of security products and subscriptions or a combination of these items, which may decline.

Our sales may decline and fluctuate as a result of a number of factors, including our customers’ level of satisfaction with our products and services, the prices of our products and services, the prices of products and services offered by our competitors, reductions in our customers’ spending levels, and other factors beyond our control. We also derive part of our revenue through indirect agreements with third parties including mobile providers, ISPs, electronics retailers, ecommerce sites, and search providers. Any change in these agreements, in indirect party’s demand with end consumers in mobile, ISP, and retail, in user search behavior, advertising market for search or ecosystem changes could adversely affect our revenue. If our sales decline, our revenue and revenue growth may decline, and our business will suffer. We recognize a majority of revenue as control of the goods and services is transferred to our customer. As a result, a majority of revenue we report each quarter is the recognition of deferred revenue from subscriptions entered into during previous quarters. Consequently, a decline in sales in any single quarter will not be fully or immediately reflected in revenue in that quarter but will continue to negatively affect our revenue in future quarters. Accordingly, the effect of significant downturns in sales is not reflected in full in our results of operations until future periods. Furthermore, it is difficult for us to rapidly increase our revenue through additional sales in any period, as revenue from subscriptions must be recognized over the applicable future time period. Finally, any increase in the average term of a subscription would result in revenue for such subscriptions being recognized over longer periods of time.

The sudden and significant economic downturn or volatility in the economy in the United States and our other major markets could have a material adverse impact on our business, financial condition, results of operations, or cash flows.

We operate globally and as a result our business and revenues are impacted by global macroeconomic conditions. In recent periods, investor and customer concerns about the global economic outlook, which significantly increased in 2020 and early 2021 due to the COVID-19 pandemic, have adversely affected market and business conditions in general. In addition, a weakening of economic conditions, including from a worsening of the ongoing labor shortage or rise in inflation, could lead to reductions in demand for our solutions. Weakened economic conditions or a recession could reduce the amounts that customers are willing or able to spend on our products and solutions, and could make it more difficult for us to compete against less expensive and free products for new customers. Furthermore, a high percentage of our expenses, including those related to overhead, research and development, sales and marketing, and general and administrative functions are generally fixed in nature in the short term. If we are not able to timely and appropriately adapt to changes resulting from a weak economic environment, it could have an adverse impact on our business, financial condition, results of operations, and cash flows.

We have experienced net losses in recent periods and may not maintain profitability in the future.

We experienced net losses of $236 million and $289 million for fiscal 2019 and 2020, respectively. While we have experienced revenue growth over these same periods, we may not be able to sustain or increase our growth or maintain profitability in the future or on a consistent basis. In recent years, we have changed our portfolio of products and invested in research and development to develop new products and enhance current solutions.

21

We also expect to continue to invest for future growth. We expect that to achieve profitability we will be required to increase revenues, manage our cost structure, and avoid significant liabilities. Revenue growth may slow, revenue may decline, or we may incur significant losses in the future for a number of possible reasons, increasing competition, a decrease in the growth of the markets in which we operate, or if we fail for any reason to continue to capitalize on growth opportunities. We also expect the recent sale of our enterprise business to lead to increased costs that were previously allocated to both segments to now be part of continuing operations, which will have a dilutive impact on operating margins. Additionally, we may encounter unforeseen operating expenses, difficulties, complications, delays, and other unknown factors that may result in losses in future periods. If these losses exceed our expectations or our revenue growth expectations are not met in future periods, our financial performance may be harmed.

Changes in tax laws or in their implementation may adversely affect our business and financial condition.

Changes in tax law may adversely affect our business or financial condition. As part of Congress’s response to the COVID-19 pandemic, the Families First Coronavirus Response Act, commonly referred to as the FFCR Act, was enacted on March 18, 2020, the Coronavirus Aid, Relief, and Economic Security Act, commonly referred to as the CARES Act, was enacted on March 27, 2020, the act commonly known as the Consolidated Appropriations Act, 2021 was enacted on December 27, 2020, and the act commonly known as the American Rescue Plan Act was enacted on March 11, 2021. Each contains numerous tax provisions. In particular, the CARES Act retroactively and temporarily (for taxable years beginning before January 1, 2021) suspended application of the 80%-of-taxable-income limitation on the use of NOLs, which was enacted as part of the TCJA. It also provided that NOLs arising in any taxable year beginning after December 31, 2017 and before January 1, 2021 are generally eligible to be carried back up to five years. The CARES Act also temporarily (for taxable years beginning in 2019 or 2020) relaxed the limitation of the tax deductibility for net interest expense by increasing the limitation from 30% to 50% of adjusted taxable income.

Regulatory guidance under the Tax Cuts and Job Act (“TCJA”), the FFCR Act, the CARES Act, the Consolidated Appropriations Act, 2021, and the American Rescue Plan Act is and continues to be forthcoming, and such guidance could ultimately increase or lessen impact of these laws on our business and financial condition. It is also likely that Congress will enact additional legislation in connection with the COVID-19 pandemic, some of which could have an impact on our Company. In addition, it is uncertain if and to what extent various states will conform to the TCJA, the FFCR Act, the CARES Act, the Consolidated Appropriations Act, 2021, or the American Rescue Plan Act. The Biden Administration has also proposed a significant number of changes to U.S. tax laws, including an increase in the maximum tax rate applicable to U.S. corporations and certain individuals, which could potentially have retroactive effect and may significantly affect McAfee Corp. or FTW. Any such rate increases or future changes to U.S. tax laws could also require McAfee Corp. to increase its payments to the Continuing Owners and Management Owners pursuant to its tax receivable agreement.

As a multinational corporation, forecasting our estimated annual effective tax rate is complex and subject to uncertainty, and there may be material differences between our forecasted and actual tax rates.

Forecasts of our income tax position and effective tax rate are complex and subject to uncertainty because our income tax position for each year combines the effects of a mix of profits and losses earned by us and our subsidiaries in various tax jurisdictions with a broad range of income tax rates, as well as changes in the valuation of deferred tax assets and liabilities, the impact of various accounting rules and changes to these rules and tax laws, such as the U.S. federal income tax laws, including impacts of the TCJA, FFCR Act, CARES Act, Consolidated Appropriations Act, 2021, and American Rescue Plan Act arising from future interpretations of such legislation, the results of examinations by various tax authorities and the impact of any acquisition, business combination, or other reorganization or financing transaction. To forecast our global tax rate, we estimate our pre-tax profits and losses by jurisdiction and forecast our tax expense by jurisdiction. If our mix of profits and losses, our ability to use tax credits, or effective tax rates by jurisdiction is different than those estimated, our actual tax rate could be different than forecasted, which could have a material impact on our financial condition and results of operations.

As a multinational corporation, we conduct our business in many countries and are subject to taxation in many jurisdictions. The taxation of our business is subject to the application of multiple and conflicting tax laws and regulations as well as multinational tax conventions. Our effective tax rate is highly dependent upon the geographic distribution of our worldwide earnings or losses, the tax regulations in each geographic region, the availability of tax credits and carryforwards, changes in accounting principles (including accounting for uncertain tax positions), and changes in the valuation of our deferred tax assets, and the effectiveness of our tax planning strategies. The application of tax laws and regulations is subject to legal and factual interpretation, judgment, and uncertainty, and significant judgment is required to determine the recognition and measurement attributes prescribed in certain accounting guidance. Tax laws themselves are subject to change as a result of changes in fiscal policy, changes in legislation, and the evolution of regulations and court rulings. Consequently, taxing authorities may impose tax assessments or judgments against us that could materially impact our tax liability and/or our effective income tax rate.

22

Our provision for income taxes is subject to volatility and can be adversely affected by a variety of factors, including but not limited to: unanticipated decreases in the amount of revenue or earnings in countries with low statutory tax rates, changes in tax laws and the related regulations and interpretations (including various proposals currently under consideration), changes in accounting principles (including accounting for uncertain tax positions), and changes in the valuation of our deferred tax assets. Significant judgment is required to determine the recognition and measurement attributes prescribed in certain accounting guidance. This guidance applies to all income tax positions, including the potential recovery of previously paid taxes, which if settled unfavorably could adversely impact our provision for income taxes.

In addition, we are subject to examination of our income tax returns by the Internal Revenue Service (“IRS”) and other tax authorities. If tax authorities challenge the relative mix of our U.S. and international income, our future effective income tax rates could be adversely affected, including for future periods and retroactively. While we regularly assess the likelihood of adverse outcomes from such examinations and the adequacy of our provision for income taxes, there can be no assurance that such provision is sufficient and that a determination by a tax authority will not have an adverse effect on our business, financial condition, results of operations, and cash flows.

Our ability to use certain net operating loss carryforwards and certain other tax attributes may be limited.

Under Sections 382 and 383 of the Code, if a corporation undergoes an “ownership change,” the corporation’s ability to use its pre-change net operating loss carryforwards and other pre-change tax attributes to offset its post-change income and taxes may be limited. In general, an “ownership change” occurs if there is a cumulative change in ownership of the relevant corporation by “5% shareholders” (as defined under U.S. income tax laws) that exceeds 50 percentage points over a rolling three-year period. Similar rules apply under state tax laws. If our corporate subsidiaries experience one or more ownership changes in connection with transactions in our stock, then we may be limited in our ability to use our corporate subsidiaries’ net operating loss carryforwards and other tax assets to reduce taxes owed on the net taxable income that such subsidiaries earn. Any such limitations on the ability to use net operating loss carryforwards and other tax assets could adversely impact our business, financial condition, results of operations, and cash flows.

We face risks associated with past and future investments, acquisitions, and other strategic transactions.

We may buy or make investments in complementary or competitive companies, products, and technologies, sell strategic businesses or other assets, or engage in other strategic transactions. For example, in fiscal 2018 we bolstered our consumer VPN offering through our acquisition of TunnelBear. The consideration exchanged for an acquisition may be greater than the value we realize from the transaction. In addition, we and TPG, Thomas Bravo and Intel periodically evaluate our capital structure and strategic alternatives with advisors and other third parties in an effort to maximize value for our stockholders. We cannot be certain when or if any of the discussions we have will lead to a proposal that we may find attractive, including with respect to the refinancing or repricing of some or all of our indebtedness, the sale of some or a significant portion of our assets, or other similar significant transactions. Whether in connection with such events or otherwise, we may also take other actions that impact our balance sheet and capital structure, including the payment of special dividends, the increase or decrease of regular dividends, repayment of debt, repurchases of our equity through privately negotiated transactions, as part of a tender offer, in the open market and/or through a share repurchase plan, including an accelerated share repurchase plan, or any other means permitted by law. In some cases these transactions could be with, or disproportionately benefit, one or more of our significant stockholders.

Future transactions could result in significant transactions-related charges, acceleration of some or all payments under our tax receivable agreement, disparate tax treatment for our stockholders, distraction for our management team, and potential dilution to our equity holders. In addition, we face a number of risks relating to such transactions, including the following, any of which could harm our ability to achieve the anticipated benefits of our past or future strategic transactions.

Technology and market risk. Cybersecurity technology is particularly complex because it must effectively and efficiently identify and respond to new and increasingly sophisticated threats while meeting other stringent technical requirements in areas of performance, usability, availability, and others. Our investments and acquisitions carry inherent uncertainty as to the efficacy of our technology roadmap. The decisions we make regarding customer requirements, market trends, market segments, and technologies may not be correct and we may not achieve the anticipated benefits of these transactions.

Integration or separation. Integration of an acquired company or technology is a complex, time consuming, and expensive process. The successful integration of an acquisition requires, among other things, that we integrate and retain key management, sales, research and development, and other personnel; integrate or separate the acquired products into or from our product offerings from both an engineering and sales and marketing perspective; integrate and support, or separate from, existing suppliers, distribution, and partner relationships; coordinate research and development efforts; and potentially consolidate, or prepare standalone, facilities and functions and back-office accounting, order processing, and other functions. If we do not successfully integrate an acquired company or technology, we may not achieve the anticipated benefits.

23

The geographic distance between sites, the complexity of the technologies and operations being integrated or separated, and disparate corporate cultures, may increase the difficulties of such integration or separation. Management’s focus on such operations may distract attention from our day-to-day business and may disrupt key research and development, marketing, or sales efforts. In addition, it is common in the technology industry for aggressive competitors to attract customers and recruit key employees away from companies during the integration phase of an acquisition.

Internal controls, policies, and procedures. Acquired companies or businesses are likely to have different standards, controls, contracts, procedures, and policies, making it more difficult to implement and harmonize company-wide financial, accounting, billing, information, and other systems. Acquisitions of privately held and/or non-U.S. companies are particularly challenging because their prior practices in these areas may not meet the requirements of GAAP and U.S. export regulations. Furthermore, we may assume liabilities associated with past practices and the Company’s compliance with legal and regulatory requirements in the jurisdictions in which they or we operate. Any acquisitions may require that we spend significant management time and attention establishing these standards, controls, contracts, procedures, and policies.

Key employees may be difficult to retain and assimilate. The success of many strategic transactions depends to a great extent on our ability to retain and motivate key employees. This can be challenging, particularly in the highly competitive market for technical personnel. Retaining key executives for the long term can also be difficult due to other opportunities available to them. Disputes that may arise out of earn-outs, escrows, and other arrangements related to an acquisition of a company in which a key employee was a principal may negatively affect the morale of the employee and make retaining the employee more difficult.

Risks Related to Our Solutions and Sales to Our Customers

Over the last several years, we have pursued a variety of strategic initiatives designed to optimize and reinforce our cybersecurity platform. If the benefits of these initiatives are less than we anticipate, or if the realization of such benefits is delayed, our business and results of operations may be harmed.

Over the last several years, we have pursued a variety of strategic initiatives designed to optimize and reinforce our cybersecurity platform, including investing in new routes to market and partnerships, refining our go-to-market strategies, adding new capabilities and products through strategic acquisitions, and divesting our enterprise business to focus on a standalone consumer-focused strategy. The anticipated benefits of these initiatives may not be fully realized, if at all, until future periods. However, if we do not achieve the anticipated benefits from these and our other strategic initiatives, or if the achievement of such anticipated benefits is delayed, our financial condition, results of operations, and cash flows may be adversely affected.

Our investments in new or enhanced solutions may not yield the benefits we anticipate.

The success of our business depends on our ability to develop new technologies and solutions, to anticipate future customer requirements and applicable industry standards, and to respond to the changing needs of our customers, competitive technological developments, and industry changes. Within our consumer business, we are presently investing in cybersecurity solutions to protect consumers’ PC and mobile devices, identity, privacy, family safety, web browsing, IoT, and smart home devices. We intend to continue to invest in these cybersecurity solutions by adding personnel and other resources to our business. We will likely recognize costs associated with these investments earlier than the anticipated benefits. If we do not achieve the anticipated benefits from these investments, or if the achievement of these benefits is delayed, our business, financial condition, results of operations, and cash flows may be adversely affected.

The process of developing new technologies is time consuming, complex, and uncertain, and requires the commitment of significant resources well in advance of being able to fully determine market requirements and industry standards. Furthermore, we may not be able to timely execute new technical product or solution initiatives for a variety of reasons such as errors in planning or timing, technical difficulties that we cannot timely resolve, or a lack of appropriate resources. Complex solutions like ours may contain undetected errors or compatibility problems, particularly when first released, which could delay or adversely impact market acceptance. We may also experience delays or unforeseen costs related to integrating products we acquire with products we develop, because we may be unfamiliar with errors or compatibility issues of products we did not develop ourselves. Any of these development challenges, or the failure to appropriately adjust our go-to-market strategy to accommodate new offerings, may result in delays in the commercial release of new solutions or may cause us to terminate development of new solutions prior to commercial release. Any such challenges could result in competitors bringing products or services to market before we do and a related decrease in our market segment share and net revenue. Our inability to introduce new solutions and enhancements in a timely and cost-effective manner, or the failure of these new solutions or enhancements to achieve market acceptance and comply with industry standards and governmental regulation, could seriously harm our business, financial condition, results of operations, and cash flows.

24

If our solutions have or are perceived to have defects, errors, or vulnerabilities, or if our solutions fail or are perceived to fail to detect, prevent, or block cyberattacks, including in circumstances where customers may fail to take action on attacks identified by our solutions, our reputation and our brand could suffer, which would adversely impact our business, financial condition, results of operations, and cash flows.

Many of our solutions are complex and may contain design defects, vulnerabilities, or errors that are not detected before their commercial release. Our solutions also provide our customers with the ability to customize a multitude of settings, and it is possible that a customer could misconfigure our solutions or otherwise fail to configure our solutions in an optimal manner. Such defects, errors, and misconfigurations of our solutions could cause our solutions to be vulnerable to cybersecurity attacks, cause them to fail to perform the intended operation, or temporarily interrupt the operations of our customers. In addition, since the techniques used by adversaries change frequently and generally are not recognized until widely applied, there is a risk that our solutions would not be able to address certain attacks. Moreover, our solutions could be targeted by bad actors and attacks specifically designed to disrupt our business and undermine the perception that our solutions are capable of providing their intended benefits, which, in turn, could have a serious impact on our reputation. The risk of a cybersecurity attack increased during the recent COVID-19 pandemic as more individuals are working from home and utilizing home networks for the transmission of sensitive information. Any cybersecurity vulnerability or perceived cybersecurity vulnerability of our solutions or systems could adversely affect our business, financial condition, results of operations, and cash flows.

Changing, updating, enhancing, and creating new versions of our solutions may cause errors or performance problems in our products and solutions, despite testing and quality control. We cannot be certain that defects, errors, or vulnerabilities will not be found in any such changes, updates, enhancements, or new versions, especially when first introduced. In addition, changes in our technology may not provide the additional functionality or other benefits that were expected. Implementation of changes in our technology also may cost more or take longer than originally expected and may require more testing than initially anticipated. While new solutions are generally tested before they are used in production, we cannot be sure that the testing will uncover all problems that may occur in actual use.

If any of our customers are affected by a cybersecurity attack (such as suffering a ransomware attack or otherwise becoming infected with malware) while using our solutions, such customers could be disappointed with our solutions or perceive that our solutions failed to perform their intended purpose, regardless of whether our solutions operated correctly, blocked, or detected the attack or would have blocked or detected the attack if configured properly. If our customers experience security breaches or incidents, such customers and the general public may believe that our solutions failed. Real or perceived security breaches or incidents impacting our customers could cause disruption or damage or other negative consequences and could result in negative publicity about us, reduced sales, damage to our reputation and competitive position, increased expenses, and customer retention challenges.

Furthermore, our solutions may fail to detect or prevent malware, viruses, worms, or similar threats for any number of reasons, including our failure to enhance and expand our solutions to reflect market trends and new attack methods, new technologies and new operating environments, the complexity of our customers’ environment and the sophistication and coordination of threat actors launching malware, ransomware, viruses, intrusion devices, and other threats. Failure to keep pace with technological changes in the cybersecurity industry and changes in the threat landscape could also adversely affect our ability to protect against security breaches and incidents and could cause us to lose customers.

If we are unable to increase sales of our solutions to new customers, our future results of operations may be harmed.

An important part of our growth strategy involves continued investment in direct marketing efforts, channel partner relationships, our sales force, and infrastructure to add new customers. The number and rate at which new customers may purchase our products and services depends on a number of factors, including those outside of our control, such as customers’ perceived need for our solutions, competition, general economic conditions, market transitions, product obsolescence, technological change, public awareness of security threats to IT systems, macroeconomic conditions, and other factors. These new customers, if any, may renew their subscriptions at lower rates than we have experienced in the past, which could affect our financial results.

25

We rely on large amounts of data from a variety of sources to support our solutions and the loss of access to or the rights to use such data could reduce the efficacy of our solutions and harm our business.

Like many of our industry peers, we leverage large amounts of data related to threats, vulnerabilities, cyberattacks, and other cybersecurity intelligence to develop and maintain a number of our products and services. We collect, develop, store, and otherwise process portions of this data using third parties and our own technology. We cannot be assured that such third parties or our technology that support the collection, development, storage or other processing of such data, and the sources of such data itself, will continue to be effective or available and the loss or reduction in quality of such data may adversely impact the efficacy of our solutions. Changes in laws or regulations in the United States or foreign jurisdictions, or their interpretation or application, or the actions of governmental or quasi-governmental entities may increase the costs to collect, develop, store, or otherwise process such data, partially or completely prohibit use of such, impose burdensome obligations in connection with such, or could result in disclosure of such data to the public or other third parties, which may reduce its value to us or as part of our solutions and thereby harm our business.

Risks Related to Our Brand and Intellectual Property

If the protection of our proprietary technology is inadequate, we may not be able to adequately protect our innovations and brand.

Our success is dependent on our ability to create proprietary technology and to protect and enforce our intellectual property rights in that technology, as well as our ability to defend against adverse claims of third parties with respect to our technology and intellectual property rights. To protect our proprietary technology, we rely primarily on a combination of patent, copyright, trademark, and trade secret laws, as well as contractual provisions and operational and procedural confidentiality protections. The agreements that we enter into with our employees, contractors, partners, vendors, and end-users may not prevent unauthorized use or disclosure of our proprietary technology or infringement of our intellectual property rights and may not provide an adequate remedy in the event of unauthorized use or disclosure of our proprietary technology or infringement of our intellectual property rights, which may substantially harm our business. Furthermore, we cannot be assured that such agreements will be fully enforceable, or that they will not be breached by the counterparties, or that we will be able to detect, deter, or adequately address any such breach or threatened breach. As a provider of cybersecurity solutions, we may be an attractive target for computer hackers or other bad actors and may have a greater risk of unauthorized access to, and misappropriation of, our systems, technology, and proprietary information. Despite our efforts to protect our proprietary rights, unauthorized parties may attempt to copy aspects of our products or obtain and use information that we regard as proprietary. Policing unauthorized use of our products and infringement of our rights is difficult. In addition, the laws of some foreign countries, including countries where we sell solutions or have operations, do not protect proprietary rights to as great an extent as do the laws of the United States. Our means of protecting our proprietary rights may not be adequate and third parties, including current and future competitors, may independently develop similar or superior technology, duplicate or reverse engineer aspects of our products, or design around our patented technology or otherwise infringe or circumvent our intellectual property rights.

As of December 25, 2021, we had approximately 1,235 issued U.S. patents, in addition to approximately 735 issued foreign patents. There can be no assurance that any of our pending patent applications will issue or that the patent examination process will not result in our narrowing the claims applied for in our patent applications or that any current or future issued patents will not be later challenged, limited, or invalidated. Furthermore, there can be no assurance that we will be able to detect any infringement of our existing or future intellectual property rights or, if infringement is detected, that we will be successful in asserting claims or counterclaims, that our intellectual property rights will be enforceable, that any damages awarded to us will be sufficient to adequately compensate us for the infringement, that we will be able to obtain injunctive relief to prevent ongoing infringement, or that the costs of seeking enforcement will not outweigh any benefits.

There can be no assurance or guarantee that any products, services, or technologies that we are presently developing, or will develop in the future, will result in intellectual property that is subject to legal protection under the laws of the United States or a foreign jurisdiction or that produces a competitive advantage for us.

26

We may be sued by third parties for alleged infringement, misappropriation, or other violation of their proprietary rights, and it may be necessary for us to sue third parties to enforce and protect our proprietary rights, resulting in potential lengthy and expensive litigation.

From time to time, third parties may claim that we have infringed, misappropriated, or otherwise violated their intellectual property rights, including claims regarding patents, copyrights, trademarks, and trade secrets. Because of constant technological change in the segments in which we compete, the extensive patent coverage of existing technologies, and the rapid rate of issuance of new patents, we expect the trend of third-party claims to continue and that we will be required to defend against actual or threatened litigation of this type. The litigation process is subject to inherent uncertainties, so we may not prevail in litigation matters regardless of the merits of our position. Our participation in any litigation could cause us to incur substantial costs and could distract our management from the day-to-day operations of our business. In addition to the expense and distraction associated with litigation, adverse determinations could cause us to lose our proprietary rights, prevent us from manufacturing or selling our products, require us to obtain licenses to patents or other intellectual property rights that our products are alleged to infringe, misappropriate, or otherwise violate (which licenses may not be available on commercially reasonable terms or at all), or re-design or re-engineer our products to address actual or claimed infringement, misappropriation, or other violation and subject us to significant liabilities.

If we acquire technology to include in our products from third parties, our exposure to actions alleging infringement, misappropriation, or other violation may increase because we must rely upon these third parties to verify the origin and ownership of such technology. Our agreements with such third parties may not provide adequate protections or remedies, and we may not be able to compel such third parties to provide any available remedies in the case of such actions. Similarly, we face exposure to actions alleging infringement, misappropriation, or other violation if we hire or engage software engineers or other personnel who were previously engaged by competitors or other third parties and those personnel inadvertently or deliberately incorporate proprietary technology of third parties into our products despite efforts to prevent such infringement, misappropriation, or other violation.

From time to time, the U.S. Supreme Court, other U.S. federal courts and the U.S. Patent and Trademark Appeals Board, and their foreign counterparts, have made and may continue to make changes to the interpretation of patent, copyright, trademark, or other intellectual property laws in their respective jurisdictions. We cannot predict future changes to the interpretation of such existing laws or whether U.S. or foreign legislative bodies will amend such laws in the future. Any such changes may lead to uncertainties or increased costs and risks surrounding the prosecution, validity, ownership, enforcement, and defense of our issued patents and patent applications and other intellectual property, the outcome of third-party claims of infringement, misappropriation, or other violation of intellectual property brought against us and the actual or enhanced damages (including treble damages) that may be awarded in connection with any such current or future claims, and could have a material adverse effect on our business, financial condition, results of operations, and cash flows.

We rely on certain technology that we license from third parties, including software that is integrated with internally developed software and used with our products. Any loss of those licenses or any quality issues with third-party technology integrated with our products could have an adverse impact on our reputation and business.

We rely on certain technology that we license from third parties, including third-party commercial software and open source software, which is integrated into or used with many of our solutions. This third-party technology may currently or could, in the future, infringe the intellectual property rights of third parties or the licensors may not have sufficient rights to the technology they license us in all jurisdictions in which we may sell our solutions. The licensors of the third-party technology we use may discontinue their offerings or change the prices for and other terms under which their technology is licensed. If we are unable to continue to license any of this technology on terms we find acceptable, or if there are quality, security, or other substantive issues with any of this technology, we may face delays in releases of our solutions or we may be required to find alternative vendors or remove functionality from our solutions. In addition, our inability to obtain certain licenses or other rights might require us to engage in potentially costly and time-consuming dispute resolution or litigation regarding these matters. Any of the foregoing could have a material adverse effect on our business, financial condition, results of operations, and cash flows.

27

Our use of open source software could negatively affect our ability to sell our solutions and subject us to possible litigation.

We use open source software in our solutions and our development and operating environments and expect to continue to use open source software in the future. Open source software is typically provided without assurances of any kind and could contain errors, bugs, or vulnerabilities or infringe the intellectual property rights of third parties. Because the source code of open source software components included in our solutions is publicly available, in instances where our usage is publicly disclosed or known, it may be easier to identify exploits or vulnerabilities in such open source software components, making our solutions using such open source software components more vulnerable to third parties seeking to compromise, undermine, or circumvent our solutions. If open source software programmers do not continue to develop and enhance open source technologies, our development expenses could increase and our schedules could be delayed. In addition, we may face claims from others seeking to enforce the terms of open source licenses, including by demanding release of derivative works or our proprietary source code that was developed using or otherwise used in connection with such open source software. The terms of many open source licenses have not been interpreted by U.S. or foreign courts, and these licenses could be construed in a way that could impose other unanticipated costs, conditions, or restrictions on our ability to commercialize our products. These claims could also result in litigation, require us to purchase a costly license, require us to devote additional research and development resources to change our solutions, or stop or delay shipment of such solutions, any of which could have a negative effect on our business, financial condition, results of operations, and cash flows. In addition, if the license terms for the open source software that we utilize change, we may be forced to reengineer our solutions or incur additional costs. Although we have policies designed to manage the use, incorporation, and updating of open source software into our products, we cannot be certain that we have in all cases incorporated open source software in our products in a manner that is consistent with the applicable open source license terms and inclusive of all available updates or security patches, and as a result we may be subject to claims for breach of contract or infringement by the applicable licensor, claims for breach of contract or indemnity by our partners or customers, or other third parties, or we or our partners or customers could be required to release our proprietary source code, pay damages, royalties, or license fees or other amounts, seek licenses, or experience quality control or security risks, any of which could require us to re-engineer our solutions, discontinue sales in the event re-engineering cannot be accomplished on a timely basis, or take other remedial action that may divert resources away from our development efforts, any of which could adversely affect our business.

If we fail to successfully promote or protect our brand, our business, and competitive position may be harmed.

Due to the intensely competitive nature of our markets, we believe that building and maintaining our brand and reputation is critical to our success, and that the importance of positive brand recognition will increase as competition in our market further intensifies. Over our 30-year history, we have invested and expect to continue to invest substantial resources to promote and maintain our brand as a trusted cybersecurity provider, but there is no guarantee that our brand development strategies will enhance the recognition of our brand or lead to increased sales of our solutions.

In recent years, there has been a marked increase in the use of social media platforms, including blogs, chat platforms, social media websites, and other forms of internet-based communications that allow individuals access to a broad audience of consumers and other persons. The rising popularity of social media and other consumer-oriented technologies has increased the speed and accessibility of information dissemination and given users the ability to more effectively organize collective actions such as boycotts. Negative publicity, whether or not justified, can spread rapidly through social media. The dissemination of information via social media could harm our brand or our business, regardless of the information’s accuracy. To the extent that we are unable to respond timely and appropriately to negative publicity, our reputation and brand could be harmed. This could include negative publicity related to our products or services or negative publicity related to actions by our executives, team members or other unaffiliated individuals or entities that may be perceived as being associated with us. Moreover, even if we are able to respond in a timely and appropriate manner, we cannot predict how negative publicity may affect our reputation and business. In addition, we and our employees use social media and other internet-based communications methods to communicate with our end-users, customers, partners, and the public in general. There is risk that the social media communications of us or our employees could be received negatively. Failure to use social media or other internet-based communication methods effectively could lead to a decline in our reputation. Further, laws and regulations, including associated enforcement priorities, rapidly evolve to govern social media platforms and other internet-based communications, any failure by us or third parties acting at our direction to abide by applicable laws and regulations in the use of social media or internet-based communications could adversely impact our reputation, financial performance or subject us to fines or other penalties. Other risks associated with the use of social media and internet based-communication include improper disclosure of proprietary information, negative comments about our brand, products, or services, exposure of personally identifiable information, fraud, hoaxes, or malicious dissemination of false information.

28

Risks Related to Third Party Relationships

We rely significantly on third-party channel partners to facilitate the sale of our products and solutions. If we fail to manage our sales and distribution channels effectively, or if our partners choose not to market and sell our solutions to their customers, our operating results could be adversely affected.

We sell a significant portion of our solutions through third-party intermediaries such as affiliates, retailers, ecommerce, PC OEMs, and other distribution channel partners (we refer to them collectively as “channel partners”). In fiscal 2021, fiscal 2020, and fiscal 2019, our largest customer accounted for 16%, 13%, and 13%, respectively, of our net revenue. Our reliance on these channel partners is subject to a number of risks, including:

•our channel partners are generally not subject to minimum sales requirements or any obligation to market our solutions to their customers;

•many channel partner agreements are nonexclusive and may be terminated at any time without cause and or renegotiated with us on new terms that may be less favorable due to competitive conditions in our markets and other factors;

•our channel partners may encounter issues or have violations of applicable law or regulatory requirements or otherwise cause damage to our reputation through their actions;

•certain of our channel partners market and distribute competing solutions and may, from time to time, place greater emphasis on the sale of these competing solutions due to pricing, promotions, and other terms offered by our competitors;

•any consolidation of electronics retailers can increase their negotiating power with respect to software providers such as us and any decline in the number of physical retailers could decrease the channels of distribution for us;

•the continued consolidation of online sales through a small number of larger channels has been increasing, which could reduce the channels available for online distribution of our solutions; and

•sales through our partners are subject to changes in general economic conditions, strategic direction, competitive risks, and other issues that could result in a reduction of sales, or cause our partners to suffer financial difficulty which could delay payments to us, affecting our operating results.

From an anti-bribery and anti-corruption perspective, our business activities are subject to the FCPA and similar anti-bribery or anti-corruption laws, regulations, and rules of the countries that we operate in. These laws generally prohibit companies and their employees and third party business partners, representatives, and agents from engaging in corruption and bribery, including offering, promising, giving, or authorizing the provision of anything of value, either directly or indirectly, to a government official or commercial party to influence any official action, direct business to any person, gain any improper advantage, or obtain or retain business. Anti-corruption and anti-bribery laws have been enforced aggressively in recent years and are interpreted broadly. We and our third-party partners may have direct or indirect interactions with officials and employees of government agencies or state-owned or affiliated entities and may be held liable for inaccurate or incomplete accounting records, internal accounting controls deemed inadequate by applicable regulatory authorities, and corrupt or other illegal activities of our employees, affiliates, third parties, representatives, and agents even if we did not explicitly authorize those activities. This risk is even greater in the countries where we operate that are known to present a heightened risk for corruption.

A significant portion of our revenue is derived from sales through our PC OEM partners that bundle our products with their products. Our reliance on this sales channel is significantly affected by our partners’ sales of new products into which our products or services are bundled. Our revenue from sales through our PC OEM partners is affected primarily by the number of personal computers on which our products are bundled, the geographic mix of their sales, and the rate at which consumers purchase or subscribe to the bundled products. Our PC OEM partners are also in a position to exert competitive pricing pressure. The rate at which consumers purchase or subscribe to the bundled products is affected by other factors, including other terms with the OEM. The continued decline in the PC market as the market shifts towards mobility has increased competition for PC OEMs’ business and gives PC OEMs leverage to demand financial concessions from us in order to secure their business. These agreements require a significant commitment of resources and capital. There is no guarantee we will have sufficient resources to maintain these agreements or secure new PC OEM partners. Even if we negotiate what we believe are favorable terms when we first establish a relationship with a PC OEM, at the time of the renewal of the agreement, we may be required to renegotiate our agreement with them on less favorable terms. Lower net prices for our products or other financial concessions would adversely impact our financial results. Further, acquiring high numbers of customers through our PC OEM partner channel may adversely impact our profitability, as we may see lower average prices from higher mix of new customers and under the PC OEM agreements we may see higher partner related spending during the period of high PC demand and high customer acquisition, until such customers renew with us upon subscription expiration. Any adverse changes in our relationship with our channel partners could have an adverse effect on our business and financial results.

29

We rely on third-parties to replicate and package certain of our software products, which subjects us to risks of product delivery delays and other supply risks.

We rely on a limited number of third parties to replicate and package our boxed software products. Our reliance on these third-parties reduces our control over our supply chain and exposes us to risks, including reduced control over quality assurance, product costs, product supply, timing, and transportation risk. From time to time, we may be required to add new partners to accommodate growth in orders or the addition of new products. It is time consuming and costly to qualify and implement new supply chain partner relationships, and such additions increase the complexity of our supply chain management. If we lose, terminate, or fail to effectively manage our supply chain partner relationships, or if any of our partners experience production interruptions or shut-downs, including those caused by a natural disaster, epidemic, pandemic (such as the COVID-19 pandemic), capacity shortage, or quality-control problem, it would negatively affect sales and adversely affect our business and results of operations.

We rely on third parties to support our information technology infrastructure and any service interruptions or other failures of our third-party providers or of our information technology infrastructure could result in disruption to our operations or adversely impact our business.

We engage third parties to provide variety of information technology products and services to support our information technology infrastructure. Any failure on the part of our third-party providers or of our information technology infrastructure to operate effectively, stemming from maintenance problems, upgrading or transitioning to new platforms, a breach in security or other unanticipated problems could result in interruptions to or delays in our operations or our products or services. Our third-party providers may also discontinue providing the information technology products or services we use and we may be required to replace such products or services, which could result in unanticipated expenses and disruptions to our information technology infrastructure.

In addition, we make significant investments in new information technology infrastructure, but the implementation of such investments could exceed estimated budgets and we may experience challenges that prevent new strategies or technologies from being realized according to anticipated schedules. If we are unable to effectively maintain our current information technology and processes or encounter delays, or fail to exploit new technologies, then the execution of our business plans may be disrupted. Our employees and other personnel require effective tools and techniques supported by our information technology infrastructure to perform functions integral to our business. Any failure to successfully provide such tools and systems, or ensure that our personnel have properly adopted them, could materially and adversely impact our ability to achieve positive business outcomes.

Some of our systems or data that we may maintain or process may not be adequately backed up, and our disaster recovery planning cannot account for all eventualities. The occurrence of a natural disaster, intentional sabotage, or other unanticipated problems could result in significant interruptions to our operations or the permanent loss of valuable data, which could harm our reputation and reduce the efficacy and value of products and services. In addition, the implementation of changes and upgrades to our information technology infrastructure and any errors, vulnerabilities, damage, or failure of our information technology infrastructure, could result in interruptions to our operations or products or services and non-compliance with certain laws or regulations, which may lead us to face fines or penalties, give rise to indemnification or other contractual claims against us by our customers or other third parties, and otherwise adversely impact our business.

Our third-party strategic alliances expose us to a range of business risks and uncertainties that are outside of our control and that could have a material adverse impact on our business and financial results.

We have entered, and intend to continue to enter, into strategic alliances with third parties to support our future growth plans. These relationships involve technology licensing, product integration, and co-marketing and co-promotion activities. For example, we have arrangements with operating system vendors that provide us with sufficient technological access to new and updated versions of their operating systems to enable us to develop and deploy interoperable products that are deeply integrated with their operating systems on our customers’ networks and devices. We also partner with certain Internet search providers to promote their offerings to our customers. We invest significant time, money, and resources to establish and maintain these strategic relationships, but we have no assurance that any particular relationship will continue for any specific period of time.

Furthermore, certain of these strategic partners currently offer, and may in the future offer, products, and services that compete with our own solutions in certain markets, and in the future these partners may impose limitations on, or terminate, our partnerships in order to improve their own competitive position. Generally, our agreements with these partners are terminable without cause with no or minimal notice or penalties. Any adverse change in our relationships with a significant strategic partner could limit or delay our ability to offer certain new or competitive solutions, increase our development costs, and reduce our revenue, any of which could have an adverse impact on our competitive position and our financial performance. In addition, we could be required to incur significant expenses to develop a new strategic partnership or to develop and implement an alternative plan to pursue the opportunity that we targeted with the former partner, which could adversely affect our business, financial condition, results of operations, and cash flows.

30

Risks Related to our Technology Systems and Privacy

If our security measures are breached or unauthorized access to our data is otherwise obtained, or if we suffer other cybersecurity incidents, our brand, reputation, and business could be harmed, and we may incur significant liabilities.

As a cybersecurity leader, we are a high-profile target for data breaches, cyberattacks, and other intentional disruptions of our systems and our solutions. Our networks and solutions may have bugs, defects, or vulnerabilities that may be targeted by hackers and could be targeted by attacks specifically designed to disrupt our business, access our network, source code or other data (including by causing data to be lost, corrupted or unavailable), and harm our reputation. Similarly, experienced computer programmers or other sophisticated individuals or entities, including malicious hackers, state-sponsored organizations, criminal networks, and insider threats including actions by employees and third-party service providers, may attempt to penetrate our network security or the security of our systems and websites, and misappropriate proprietary information or cause interruptions of our solutions, including the operation of the global civilian cyber intelligence threat network. This risk has increased during the current COVID-19 pandemic as more individuals are working from home and utilizing home networks for the transmission of sensitive information. The techniques used to obtain unauthorized access, disable or degrade service, or sabotage systems change frequently, often are not recognized until launched against a target, and may originate from less regulated or remote areas around the world. As a result, we may be unable to proactively prevent these techniques, implement adequate preventative or reactionary measures, react to or address any attack or incident in a timely manner or enforce the laws and regulations that govern such activities. Such attacks may go undetected for a period of time complicating our ability to respond effectively. In addition, it is possible that hardware failures, human errors (including being subject to phishing attacks, social engineering techniques, or similar methods) or errors in our systems could result in data loss, unavailability, or corruption, or cause the information that we collect to be incomplete or contain inaccuracies. We may not be able to correct any security flaws or vulnerabilities promptly, or at all. A breach of our network security and systems or other cybersecurity incidents or events, including attacks involving ransomware or other malware, that cause the loss or public disclosure of, or access by third parties to, our systems or any unauthorized access to, or loss, corruption, unavailability, or unauthorized use of data that we maintain or process, or the perception that any of these have occurred, could have serious negative consequences for our business, including possible fines, penalties and damages, reduced demand for our solutions, an unwillingness of our customers to use our solutions, harm to our brand and reputation, and time consuming and expensive litigation. In addition, such a security breach or incident could impair our ability to operate our business, including our ability to provide subscription and support services to our customers. Additionally, our service providers may suffer or be perceived to suffer, data security breaches or other incidents, or may have exploitable defects or bugs in their systems, software, or networks, that may compromise data stored or processed for us that may give rise to any of the foregoing. Additionally, supply chain attacks have increased in frequency and severity, and we cannot guarantee that third parties and infrastructure in our supply chain have not been compromised or that they do not contain exploitable defects or bugs that could result in a breach of or disruption to our solutions, systems, or networks or the systems and networks of third parties that support us and our services. Any of these negative outcomes could adversely impact our business and results of operations.

We incur significant costs in an effort to detect and prevent security breaches and other security-related incidents and we expect our costs will increase as we make improvements to our systems and processes to prevent further breaches and incidents. In the event of a future breach or incident, we could be required to expend additional significant capital and other resources in an effort to prevent further breaches or incidents, which may require us to divert substantial resources. Moreover, we could be required or otherwise find it appropriate to expend significant capital and other resources to respond to, notify third parties of, and otherwise address the incident or breach and its root cause. Each of these could require us to divert substantial resources.

Furthermore, while our errors and omissions insurance policies include liability coverage for certain of these matters, if we experience a widespread security breach or other incident, we could be subject to indemnity claims or other damages that exceed our insurance coverage. We also cannot be certain that our insurance coverage will be adequate for data handling or data security liabilities actually incurred, that insurance will continue to be available to us on economically reasonable terms, or at all, or that any insurer will not deny coverage as to any future claim. The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could have a material adverse effect on our business, including our financial condition, results of operations, and reputation.

31

We rely on payment cards to receive payments and are subject to payment-related risks.

We accept a variety of payment methods, including credit cards and debit cards, as payment for certain of our consumer solutions. Accordingly, we are, and will continue to be, subject to significant and evolving regulations and compliance requirements relating to payment card processing. This includes laws governing the collection, processing and storage of sensitive consumer information, as well as industry requirements such as the Payment Card Industry Data Security Standard (“PCI-DSS”). These laws and obligations may require us to implement enhanced authentication and payment processes that could result in increased costs and liability, and reduce the ease of use of certain payment methods. For certain payment methods, including credit and debit cards, we pay interchange and other fees, which may increase over time. We are also subject to payment card association operating rules and agreements, including PCI-DSS, certification requirements, and rules governing electronic funds transfers, which could change or be reinterpreted to make it difficult or impossible for us to comply. If we fail to comply with these rules or requirements, or if our data security systems are breached or compromised, we may be liable for losses incurred by card issuing banks or consumers, subject to fines and higher transaction fees, lose our ability to accept credit or debit card payments from our consumers, or process electronic fund transfers or facilitate other types of payments. Any failure to comply with these requirements could significantly harm our brand, reputation, business, and results of operations.

Our failure to adequately maintain and protect personal information of our customers or our employees in compliance with evolving legal requirements could have a material adverse effect on our business.

We collect, use, store, disclose, or transfer (collectively, “process”) personal information, including from employees and customers, in connection with the operation of our business. A wide variety of local and international laws and regulations apply to the processing of personal information. Data protection and privacy laws and regulations are evolving and being tested in courts and may result in increasing regulatory and public scrutiny and escalating levels of enforcement and sanctions. For example, the E.U. has adopted the General Data Protection Regulation (“GDPR”), which took effect on May 25, 2018. The GDPR imposes requirements that may limit how we are permitted to process data on behalf of ourselves and our clients, and we may be required to incur significant additional costs to comply with these requirements. Applicable laws, regulations and court decisions in the E.U. relating to privacy and data protection could also impact our ability to transfer personal data internationally. The GDPR specifies substantial maximum fines for failure to comply of up to 20 million Euros or 4% of a company’s worldwide turnover, whichever is higher. Continued compliance with the GDPR and national laws in the E.U. may require significant changes to our products and practices to ensure compliance with applicable law.

A variety of data protection legislation also apply in the United States at both the federal and state level, including new laws that may impact our operations. For example, in June 2018, the State of California enacted the California Consumer Privacy Act of 2018 (“CCPA”), which went into effect on January 1, 2020, with enforcement by the state attorney general beginning July 1, 2020. The CCPA defines “personal information” in a broad manner and generally requires companies that process personal information of California residents to make new disclosures about their data collection, use, and sharing practices, allows consumers to opt-out of certain data sharing with third parties or sale of personal information, and provides a new cause of action for data breaches. Moreover, California voters approved the California Privacy Rights Act (“CPRA”), in November 2020. The CPRA significantly modifies the CCPA, creating obligations relating to consumer data beginning on January 1, 2022, with enforcement beginning July 1, 2023. On March 2, 2021, Virginia enacted the Virginia Consumer Data Protection Act, or CDPA, which becomes effective on January 1, 2023, and on June 8, 2021, Colorado enacted the Colorado Privacy Act, or CPA, which takes effect on July 1, 2023. The CPA and CDPA share similarities with the CCPA, CPRA, and legislation proposed in other states. Aspects of these state privacy statutes remain unclear resulting in uncertainty and potentially requiring us to modify our data practices and policies and to incur substantial additional costs and expenses in an effort to comply. Additionally, the Federal Trade Commission, and many state attorneys general are interpreting federal and state consumer protection laws to impose standards for the online collection, use, dissemination, and security of data. The burdens imposed by the CCPA and other similar laws that have been or may be enacted at the federal and state level may require us to modify our data processing practices and policies and to incur substantial expenditures in order to comply.

32

Global privacy and data protection legislation, enforcement, and policy activity are rapidly expanding and evolving, and may be inconsistent from jurisdiction to jurisdiction. On July 16 2020, the Court of Justice of the European Union (“CJEU”), Europe’s highest court, held in the Schrems II case that the E.U.-U.S. Privacy Shield, a mechanism for the transfer of personal data from the E.U. to the U.S., was invalid, and imposed additional obligations in connection with the use of standard contractual clauses approved by the European Commission. The impact of this decision on the ability to lawfully transfer personal data from the E.U. to the U.S. remains uncertain. The European Commission released a draft of revised standard contractual clauses addressing the CJEU concerns in November 2020, and on June 4, 2021, published new standard contractual clauses. We may, in addition to other impacts, experience additional costs associated with increased compliance burdens relating to the Schrems II case, regulatory guidance, and other developments relating to cross-border data transfers, and we and our customers face the potential for regulators in the European Economic Area (“EEA”) to apply different standards to the transfer of personal data from the EEA to the U.S., and to block, or require ad hoc verification of measures taken with respect to, certain data flows from the EEA to the U.S. We may experience reluctance or refusal by current or prospective European customers to use our products, and we may find it necessary or desirable to make further changes to our handling of personal data of EEA residents. The regulatory environment applicable to the handling of EEA residents’ personal data, and our actions taken in response, may cause us to assume additional liabilities or incur additional costs and could result in our business, operating results and financial condition being harmed. We and our customers may face a risk of enforcement actions by data protection authorities in the EEA relating to personal data transfers to us and by us from the EEA. Any such enforcement actions could result in substantial costs and diversion of resources, distract management and technical personnel and negatively affect our business, operating results and financial condition. Additionally, we may be or become subject to data localization laws mandating that data collected in a foreign country be processed only within that country. If any country in which we have customers were to adopt a data localization law, we could be required to expand our data storage facilities there or build new ones in order to comply. The expenditure this would require, as well as costs of compliance generally, could harm our financial condition.

In addition to the GDPR, the European Commission has another draft regulation in the approval process that focuses on a person’s right to conduct a private life. The proposed legislation, known as the Regulation of Privacy and Electronic Communications, or ePrivacy Regulation, would replace the current ePrivacy Directive. Originally planned to be adopted and implemented at the same time as the GDPR, the ePrivacy Regulation is still being negotiated. Most recently, on February 10, 2021, the Council of the E.U. agreed on its version of the draft ePrivacy Regulation. If adopted, the earliest date for entry into force is in 2023, with broad potential impacts on the use of internet-based services and tracking technologies, such as cookies. Aspects of the ePrivacy Regulation remain for negotiation between the European Commission and the Council.

Further, in June 2016, the U.K. voted to leave the E.U., which resulted in the U.K. exiting the E.U. on January 31, 2020, subject to a transition period that ended on December 31, 2020. Brexit could lead to further legislative and regulatory changes. The U.K. has implemented legislation similar to the GDPR, including the U.K. Data Protection Act and legislation similar to the GDPR referred to as the U.K. GDPR, and which provides for substantial penalties of up to the greater of 17.5 million British Pounds or 4% of a company’s worldwide turnover, whichever is higher. Further, it remains to be seen whether the U.K.’s withdrawal from the E.U. pursuant to Brexit will substantially impact the manner in which U.K. data protection laws or regulations will develop in the medium to longer term and how data transfers to and from the U.K. will be regulated. On June 28, 2021, the European Commission announced a decision of “adequacy” concluding that the UK ensures an equivalent level of data protection to the GDPR, which provides some relief regarding the legality of continued personal data flows from the EEA to the U.K. Some uncertainty remains, however, as this adequacy determination must be renewed after four years and may be modified or revoked in the interim.

Our actual or alleged failure to comply with any applicable laws and regulations or contractual obligations relating to privacy, data protection, or information security, or to protect such data that we process, could result in litigation, regulatory investigations, and enforcement actions against us, including fines, orders, public censure, claims for damages by employees, customers, and other affected individuals, public statements against us by consumer advocacy groups, damage to our reputation and competitive position, and loss of goodwill (both in relation to existing customers and prospective customers), any of which could have a material adverse effect on our business, financial condition, results of operations, and cash flows. Evolving and changing definitions of personal information, personal data, and similar concepts within the E.U., the United States, and elsewhere, especially relating to classification of IP addresses, device identifiers, location data, household data, and other information we may collect, may limit or inhibit our ability to operate or expand our business, including limiting strategic partnerships that may involve the sharing of data. Additionally, if third parties that we work with, such as vendors or developers, violate applicable laws or our policies, such violations may also place personal information at risk and have an adverse effect on our business. Even the perception of privacy concerns, whether or not valid, may harm our reputation, subject us to regulatory scrutiny and investigations, and inhibit adoption of our products by existing and potential customers.

33

Risks Related to Our International Operations

We operate globally and are subject to significant business, economic, regulatory, social, political, and other risks in many jurisdictions.

Global or regional conditions may harm our financial results. We have operations in many countries and our business activities are concentrated in certain geographic areas including without limitation the Asia Pacific (“APAC”), Europe, Middle-East, and Africa (“EMEA”), and Latin American Region (“LAR”) regions. We derived 39% of our net revenue from international customers for fiscal 2021. As a result, our domestic and international operations and our financial results may be adversely affected by a number of factors outside of our control, including:

•global and local economic conditions;

•differing employment practices and labor issues;

•formal or informal imposition of new or revised export and/or import and doing-business regulations, including trade sanctions, taxes, and tariffs, which could be changed without notice;

•regulations or restrictions on the use, import, or export of encryption technologies that could delay or prevent the acceptance and use of encryption products and public networks for secure communications;

•compliance with evolving foreign laws, regulations, and other government controls addressing privacy, data protection, data localization, and data security;

•ineffective legal protection of our intellectual property rights in certain countries;

•increased uncertainties regarding social, political, immigration, and trade policies in the United States and abroad, such as those caused by recent U.S. legislation and the withdrawal of the United Kingdom (the “U.K.”) from the European Union (the “E.U.”), which is commonly referred to as “Brexit;”

•geopolitical and security issues, such as armed conflict and civil or military unrest, crime, political instability, human rights concerns, and terrorist activity;

•natural disasters, public health issues, pandemics (such as the COVID-19 pandemic), and other catastrophic events;

•inefficient infrastructure and other disruptions, such as supply chain interruptions and large-scale outages or unreliable provision of services from utilities, transportation, data hosting, or telecommunications providers;

•other government restrictions on, or nationalization of, our operations in any country, or restrictions on our ability to repatriate earnings from a particular country;

•seasonal reductions in business activity in the summer months in Europe and in other periods in other countries;

•costs and delays associated with developing software and providing support in multiple languages;

•greater difficulty in identifying, attracting, and retaining local qualified personnel, and the costs and expenses associated with such activities;

•longer payment cycles and greater difficulties in collecting accounts receivable; and

•local business and cultural factors that differ from our normal standards and practices, including business practices that we are prohibited from engaging in by U.S. Foreign Corrupt Practices Act of 1977 (“FCPA”) and other anti-corruption laws and regulations.

Research and development risks. We employ engineers in a number of jurisdictions outside the United States. In many of these jurisdictions the laws relating to the protection of rights in technology and intellectual property are less strict than the laws in the United States or not enforced to the same extent as they are enforced in the United States. As a result, in some foreign jurisdictions we may be subject to heightened attempts to gain unauthorized access to our information technology systems or surreptitiously introduce software into our products. These attempts may be the result of hackers or others seeking to harm us, our products, or our customers. We have implemented various measures to manage our risks related to these disruptions, but these measures may be insufficient, and a system failure or security breach or incident could negatively impact our business, financial condition, results of operations, and cash flows. The theft or unauthorized use or publication of our trade secrets and other confidential or proprietary business information as a result of such an incident could negatively impact our competitive position. In addition, we may incur additional costs to remedy the damages caused by these disruptions or security breaches or incidents.

34

Other operating risks. Additional risks of international business operations include the increased costs of establishing, managing, and coordinating the activities of geographically dispersed and culturally diverse operations (particularly sales and support and shared service centers) located on multiple continents in a wide range of time zones.

Risks Related to Regulation

We are subject to governmental export and import controls that could subject us to liability or impair our ability to compete in international markets.

Our solutions are subject to U.S. export and import controls, specifically the Export Administration Regulations and economic sanctions enforced by the Office of Foreign Assets Control. We incorporate standard encryption algorithms into certain of our solutions, which, along with the underlying technology, may be exported outside of the United States only with the required export authorizations, including by license, license exception, or other appropriate government authorizations, which may require the filing of a classification request or report. Furthermore, U.S. export control laws and economic sanctions prohibit the shipment of certain products and services to countries, governments, and persons targeted by U.S. sanctions. Even though we take precautions to ensure that we and our channel partners comply with all relevant regulations, any failure by us or our channel partners to comply with U.S. export requirements, U.S. customs regulations, U.S. economic sanctions, or other laws could have negative consequences, including reputational harm, government investigations, and substantial civil and criminal penalties (e.g., fines, incarceration for responsible employees and managers, and the possible loss of export or import privileges).

In addition, changes in our solutions or changes in export and import regulations may create delays in the introduction of our solutions into international markets, including as a consequence of new licensing requirements, prevent certain personnel from developing or maintaining our products, prevent our end-customers with international operations from deploying our products globally or, in some cases, prevent or delay the export or import of our solutions to certain countries, governments, or persons altogether. Any change in export or import regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, entities, persons, or technologies targeted by such regulations, could result in decreased use of our solutions by, or in our decreased ability to develop, export to, import into, or sell our solutions to, existing or potential end-customers with international operations. Any decreased use of our solutions or limitation on our ability to develop, export to, import into, or sell our solutions in international markets would likely adversely affect our business, financial condition, results of operations, and cash flows.

There is also significant uncertainty about the future relationship between the United States and various other countries, most significantly China, with respect to trade policies, treaties, government regulations, and tariffs. The current United States presidential administration is continuing to pursue substantial changes to United States foreign trade policy imposed by the previous administration with respect to China, Mexico, and other countries, including the possibility of imposing greater restrictions on international trade, restrictions on sales and technology transfers to certain Chinese corporations, and continued increased tariffs on goods imported into the United States. Given the relatively fluid regulatory environment in China and the United States and uncertainty regarding how the United States or foreign governments will act with respect to tariffs, international trade agreements and policies, a trade war, further governmental action related to tariffs or international trade policies, or additional tax or other regulatory changes in the future could occur and could directly and adversely impact our financial results and results of operations.

Failure to comply with the U.S. Foreign Corrupt Practices Act, other applicable anti-corruption and anti-bribery laws, and applicable anti-money-laundering laws could subject us to penalties and other adverse consequences.

We currently conduct a substantial portion of our operations and sell our products and services in numerous countries outside of the United States, including in the APAC, EMEA, and LAR regions. Our global operations are subject to the FCPA, the U.K. Bribery Act 2010, and other anti-corruption, anti-bribery, anti-money laundering, and similar laws in the United States and other countries in which we conduct activities. In addition, other applicable anti-corruption laws prohibit bribery of domestic government officials as well as commercial bribery, which involves the giving or receiving improper payments to or from non-government parties.

While we have implemented policies, internal controls, and other measures reasonably designed to promote compliance with applicable anti-corruption, anti-bribery, and anti-money-laundering laws and regulations, our employees, agents, and strategic partners may engage in improper conduct for which we might be held responsible. Any violations of these anti-corruption, anti-bribery laws and anti-money laundering laws and regulations, or even allegations of such violations, can lead to an investigation and/or enforcement action, which could disrupt our operations, involve significant management distraction, and lead to significant costs and expenses, including legal fees. If we, or our employees, agents, or strategic partners acting on our behalf, are found to have engaged in practices that violate these laws and regulations, we could suffer severe fines and penalties, profit disgorgement, injunctions on future conduct, securities litigation, bans on transacting government business, and other consequences that may have a material adverse effect on our business, financial condition, results of operations, and cash flows.

35

In addition, our brand and reputation, our sales activities, or the value of our business could be adversely affected if we become the subject of any negative publicity related to actual or potential violations of anti-corruption, anti-bribery, or anti-money-laundering laws and regulations.

If we fail to comply with environmental requirements, our business, financial condition, results of operations, cash flows, and reputation could be adversely affected.

Our operations and the sale of our solutions are subject to various federal, state, local, and foreign environmental and safety regulations, including laws adopted by the E.U., such as the Waste Electrical and Electronic Equipment Directive (“WEEE Directive”), and the Restriction of the Use of Certain Hazardous Substances in Electrical and Electronic Equipment Directive (“E.U. RoHS Directive”), of certain metals from global hot spots. The WEEE Directive requires electronic goods producers to be responsible for marking, collection, recycling, and treatment of such products. Changes in the WEEE Directive of the interpretation thereof may cause us to incur additional costs or meet additional regulatory requirements, which could be material. Similar laws and regulations have been passed or are pending in China, South Korea, Norway, and Japan and may be enacted in other regions, including in the United States, and we are, or may in the future be, subject to these laws and regulations.

The E.U. RoHS Directive and similar laws of other jurisdictions limit the content of certain hazardous materials such as lead, mercury, and cadmium in the manufacture of electrical equipment, including our products. Currently, our products comply with the E.U. RoHS Directive requirements. However, if there are changes to this or other laws, or to their interpretation, or if new similar laws are passed in other jurisdictions, we may be required to reengineer our products or to use different components to comply with these regulations. This reengineering or component substitution could result in substantial costs to us or disrupt our operations or logistics.

We are also subject to environmental laws and regulations governing the management of hazardous materials, which we use in small quantities in our engineering labs. Our failure to comply with past, present, and future environmental and safety laws could result in increased costs, reduced sales of our products, substantial product inventory write-offs, reputational damage, penalties, third-party property damage, remediation costs, and other sanctions, any of which could harm our business, financial condition, results of operations, and cash flows. To date, our expenditures for environmental compliance have not had a material impact on our results of operations or cash flows, and although we cannot predict the future impact of such laws or regulations, they will likely result in additional costs and may increase penalties associated with violations or require us to change the content of our products or how they are manufactured, which could have a material adverse effect on our business, financial condition, results of operations, and cash flows. We also expect that our business will be affected by new environmental laws and regulations on an ongoing basis, which may be more stringent, imposing greater compliance costs and increasing risks and penalties associated with violations which could harm our business.

General Business Risks

If we are unable to attract, train, motivate, and retain senior management and other qualified personnel, our business could suffer.

Our success depends in large part on our ability to attract and retain senior management personnel, as well as technically qualified and highly skilled sales, consulting, technical, finance, and marketing personnel. It could be difficult, time consuming, and expensive to identify, recruit, and onboard any key management member or other critical personnel. Competition for highly skilled personnel is often intense, particularly in the markets in which we operate including Silicon Valley. If we are unable to attract and retain qualified individuals, our ability to compete in the markets for our products could be adversely affected, which would have a negative impact on our business and financial results. Our competitors may be successful in recruiting and hiring members of our management team or other key employees, including key employees obtained through our acquisitions, and it may be difficult for us to find suitable replacements on a timely basis, on competitive terms or at all.

Changes in management or other critical personnel may be disruptive to our business and might also result in our loss of unique skills, loss of knowledge about our business, and may result in the departure of other existing employees, customers or partners. We have experienced recent turnover in our senior management team, and further turnover in the future could adversely affect our business.

We operate in an industry with an overall shortage of skilled and experienced talent that generally experiences high employee attrition. We have experienced significant turnover over the last few years and expect that may continue. The loss of one or more of our key employees could seriously harm our business. If we are unable to attract, integrate, or retain the qualified and highly skilled personnel required to fulfill our current or future needs, our business, financial condition, results of operations, and cash flows could be harmed.

36

Effective succession planning is also important to the long-term success of our business. If we fail to ensure effective transfer of knowledge and smooth transitions involving key employees could hinder our strategic planning and execution. The loss of senior management or any ineffective transitions in management, especially in our sales organization, could significantly delay or prevent the achievement of our development and strategic objectives, which could adversely affect our business, financial condition, results of operations, and cash flows.

We may become involved in litigation, investigations, and regulatory inquiries and proceedings that could negatively affect us and our reputation.

From time to time, we are involved in various legal, administrative, and regulatory proceedings, claims, demands, and investigations relating to our business, which may include claims with respect to commercial, product liability, intellectual property, data privacy, consumer protection, breach of contract, employment, class action, whistleblower, and other matters. In the ordinary course of business, we also receive inquiries from and have discussions with government entities regarding the compliance of our contracting and sales practices with laws and regulations. Such matters can be costly and time consuming and divert the attention of our management and key personnel from our business operations. We have been and are currently, and expect to continue to be, subject to third-party intellectual property infringement claims by entities that do not have operating businesses of their own and therefore limit our ability to seek counterclaims for damages and injunctive relief. Plaintiffs may seek, and we may become subject to, preliminary or provisional rulings in the course of any such litigation, including potential preliminary injunctions requiring us to cease some or all of our operations. Similarly, if any litigation to which we are a party is resolved adversely, we may be subject to an unfavorable judgment that may not be reversed upon appeal. Any claims or litigation could cause us to incur significant expenses and, if successfully asserted against us, could require that we pay substantial damages (including, for example, treble damages if we are found to have willfully infringed patents and increased statutory damages if we are found to have willfully infringed copyrights), pay ongoing royalty payments, delay or prevent us from offering our products or services, or require that we comply with other unfavorable terms. In addition, we might be required to seek a license for the use of such intellectual property, which may not be available on commercially reasonable terms or at all. We may also decide to settle such matters on terms that are unfavorable to us.

Our business is subject to the risks of product defects, warranty claims, product returns, and product liability.

Our solutions are highly complex and may contain design defects or errors that are not detected before their commercial release, particularly when first introduced or as new versions or upgrades are released. Despite testing by us and by current and potential customers, design defects or errors may not be found until after commencement of commercial shipments, resulting in customer dissatisfaction and loss of or delay in market acceptance and sales opportunities. These errors and quality problems could also cause us to incur significant repair or replacement costs, divert the attention of our engineering personnel from our product development efforts, and cause significant customer relations problems. We may also incur significant costs in connection with a product recall and any related indemnification obligations. We have experienced errors or quality problems in the past in connection with solutions and enhancements and expect that errors or quality problems will be found from time to time in the future. Any of these errors or other quality problems could adversely affect our results of operations.

Historically, the amount of warranty claims we have received has not been significant, but there is no guarantee that claims will not be significant in the future. Any errors, defects, or other problems with our products could negatively impact our customers and result in financial or other losses. While we typically seek by contract to limit our exposure to damages, liability limitation provisions in our standard terms and conditions of sale, and those of our channel partners, may not be enforceable under some circumstances or may not fully or effectively protect us from customer claims and related liabilities and costs, including indemnification obligations under our agreements with channel partners or customers. The sale and support of our solutions also entail the risk of product liability claims. In addition, even claims that ultimately are unsuccessful could require us to incur costs in connection with litigation and divert management’s time and other resources, and could seriously harm the reputation of our business and solutions.

We may be unable to raise additional capital on acceptable terms, or at all.

We believe that our available cash and cash equivalents generated from our operating activities and unused availability under our Revolving Credit Facility, will be sufficient to meet our near term working and other capital requirements. However, if cash is required for unanticipated needs, including in connection with a proposed acquisition of a company or technology, we may need additional capital. The development and marketing of new solutions and our investment in sales and marketing efforts require a significant commitment of resources. If the markets for our solutions develop at a slower pace than anticipated, we could be required to raise additional capital. We cannot guarantee that, should it be required, sufficient debt or equity capital will be available to us under acceptable terms, if at all. If we were unable to raise additional capital when required, our business, financial condition, results of operations, and cash flows could be seriously harmed.

37

Our business, financial condition, results of operations, or cash flows could be significantly hindered by the occurrence of a natural disaster, terrorist attack, pandemic, or other catastrophic event.

Our business operations are susceptible to outages due to fire, floods, unusual weather conditions, power loss, telecommunications failures, terrorist attacks, pandemics, such as the COVID-19 pandemic, and other events beyond our control, and our sales opportunities may also be affected by such events. Natural disasters including tornados, hurricanes, floods and earthquakes may damage the facilities of our customers or those of their suppliers or retailers or their other operations, which could lead to reduced revenue for our customers and thus reduced sales. In addition, a substantial portion of our facilities, including our headquarters, are located in Northern California, an area susceptible to earthquakes. We do not carry earthquake insurance for earthquake-related losses. Despite our implementation of network security measures, our servers are vulnerable to computer viruses, break-ins, and similar disruptions from unauthorized tampering with our computer systems. We may not carry sufficient business interruption insurance to compensate us for losses that may occur as a result of any of these events.

Additionally, our customers may face a number of potential business interruption risks that are beyond our respective control. For example, our customers depend on the continuous availability of our cloud-based offerings. Our cloud-based offerings are vulnerable to damage or interruption from a variety of sources, including damage or interruption caused by telecommunications or computer systems failure, fire, earthquake, power loss, cyberattack, human error, terrorist acts, and war. We use a variety of third-party data centers and do not control their operation. These facilities and networks may experience technical failures and downtime, may fail to distribute appropriate updates, or may fail to meet the increased requirements of a growing customer base, any of which could temporarily or permanently expose our customers’ networks, leaving their networks unprotected against the latest security threats, or, in the case of technical failures and downtime of a customer’s security operation center, all security threats. Depending upon how customers have configured their use of our products and services, network downtime within our data centers may also prevent certain customers from being able to access the Internet during the period of such network downtime.

To the extent that such events disrupt our business or the business of our current or prospective customers, or adversely impact our reputation, such events could adversely affect our business, financial condition, results of operations, and cash flows.

Risks Related to Our Indebtedness

Our substantial leverage could adversely affect our financial condition.

As of December 25, 2021, our total debt outstanding under our Senior Secured Credit Facilities was approximately $2,935 million and additional unused borrowing capacity under our Revolving Credit Facility was approximately $660 million.

Our high degree of leverage could have important consequences, including:

•making it more difficult for us to make payments on the Senior Secured Credit Facilities and our other obligations;

•increasing our vulnerability to general economic and market conditions and to changes in the industries in which we compete;

•requiring a substantial portion of cash flow from operations to be dedicated to the payment of principal and interest on our indebtedness, thereby reducing our ability to use our cash flow to fund our operations, future working capital, capital expenditures, investments or acquisitions, future strategic business opportunities, or other general corporate requirements;

•restricting us from making acquisitions or causing us to make divestitures or similar transactions;

•limiting our ability to obtain additional financing for working capital, capital expenditures, debt service requirements, investments, acquisitions, and general corporate or other purposes;

•limiting our ability to adjust to changing market conditions and placing us at a competitive disadvantage compared to our competitors who are less highly leveraged; and

•increasing our cost of borrowing.

Borrowings under our Senior Secured Credit Facilities are at variable rates of interest and expose us to interest rate risk. If interest rates increase, our debt service obligations may increase even though the amount borrowed remains the same, and our net income and cash flows, including cash available for servicing our indebtedness, will correspondingly decrease.

38

Restrictions imposed by our outstanding indebtedness and any future indebtedness may limit our ability to operate our business and to take certain actions.

The terms of our outstanding indebtedness restrict us from engaging in specified types of transactions. These covenants restrict our ability to:

•incur additional indebtedness;

•create or incur liens;

•engage in consolidations, amalgamations, mergers, liquidations, dissolutions, or dispositions;

•pay dividends and distributions on, or purchase, redeem, defease, or otherwise acquire or retire for value, our capital stock;

•make acquisitions, investments, loans (including guarantees), advances, or capital contributions;

•create negative pledges or restrictions on the payment of dividends or payment of other amounts owed from subsidiaries;

•sell, transfer, or otherwise dispose of assets, including capital stock of subsidiaries;

•make prepayments or repurchases of debt that is contractually subordinated with respect to right of payment or security;

•engage in certain transactions with affiliates;

•modify certain documents governing debt that is subordinated with respect to right of payment;

•change our fiscal year; and

•change our material lines of business.

In addition, our First Lien Credit Agreement includes a financial covenant which requires that, at the end of each fiscal quarter, for so long as the aggregate principal amount of borrowings under the Revolving Credit Facility exceeds 35% of the aggregate commitments under the Revolving Credit Facility, our first lien net leverage ratio cannot exceed 6.30 to 1.00. Our ability to comply with this financial covenant can be affected by events beyond our control, and we may not be able to satisfy it. As a result of these restrictions, we may be:

•limited in how we conduct our business;

•unable to raise additional debt or equity financing to operate during general economic or business downturns;

•unable to compete effectively or to take advantage of new business opportunities; and/or

•limited in our ability to grow in accordance with, or otherwise pursue, our business strategy.

Our Senior Secured Credit Facilities also contain numerous affirmative covenants that will remain in effect as long as our Senior Secured Credit Facilities remain outstanding. We are also required to make mandatory prepayments of the obligations under our Senior Secured Credit Facilities in certain circumstances, including upon certain asset sales or receipt of certain insurance proceeds or condemnation awards, upon certain issuances of debt, and, annually, with a portion of our excess cash flow.

We cannot guarantee that we will be able to maintain compliance with these covenants or, if we fail to do so, that we will be able to obtain waivers from the lenders or investors and/or amend the covenants.

A breach of any of the covenants in the credit agreements governing our Senior Secured Credit Facilities could result in an event of default, which, if not cured or waived, could trigger acceleration of our indebtedness and an increase in the interest rates applicable to such indebtedness, and may result in the acceleration of or default under any other debt we may incur in the future to which a cross-acceleration or cross-default provision applies. The acceleration of the indebtedness under our Senior Secured Credit Facilities or under any other indebtedness could have a material adverse effect on our business, results of operations, and financial condition. In the event of any default under our existing or future credit facilities, the applicable lenders could elect to terminate borrowing commitments and declare all borrowings and loans outstanding, together with accrued and unpaid interest and any fees and other obligations, to be due and payable. In addition, we have granted a security interest in a significant portion of our assets to secure our obligations under our Senior Secured Credit Facilities. During the existence of an event of default under our Senior Secured Credit Facilities, the applicable lenders could exercise their rights and remedies thereunder, including by way of initiating foreclosure proceedings against any assets constituting collateral for our obligations under the Senior Secured Credit Facilities.

39

Despite our level of indebtedness, we and our subsidiaries may still be able to incur substantially more debt, including off-balance sheet financing, contractual obligations, and general and commercial liabilities. This could further exacerbate the risks to our financial condition described above.

We and our subsidiaries may be able to incur significant additional indebtedness in the future, including additional tranches of term loans and/or term loan increases, increases to our revolving commitments and/or additional revolving credit facilities as well as off-balance sheet financings, contractual obligations, and general and commercial liabilities. Although the terms of Senior Secured Credit Facilities contain restrictions on the incurrence of additional indebtedness, such restrictions are subject to a number of significant exceptions and qualifications and any additional indebtedness incurred in compliance with such restrictions could be substantial. These restrictions also will not prevent us from incurring obligations that do not constitute indebtedness. If we and our subsidiaries incur significant additional indebtedness or other obligations, the related risks that we face could increase.

We may be adversely affected by the phase-out of, or changes in the method of determining, the London Interbank Offered Rate (“LIBOR”) or the Euro Interbank Offered Rate (“EURIBOR”), or the replacement of LIBOR and/or EURIBOR with different reference rates.

LIBOR is the basic rate of interest used in lending between banks on the London interbank market and is widely used as a reference for setting the interest rate on U.S. dollar-denominated loans globally. EURIBOR is a basic rate of interest used in lending between Eurozone banks and is widely used as a reference for setting the interest rate on Euro-denominated loans globally. Our Senior Secured Credit Facilities use LIBOR and EURIBOR as reference rates such that the interest due to our creditors under those facilities is calculated using LIBOR or EURIBOR, as applicable.

On July 27, 2017, the U.K.’s Financial Conduct Authority (the authority that administers LIBOR) announced that it intends to phase out LIBOR by the end of 2021, and subsequently extended the phase-out period until June 2023. It is unclear whether new methods of calculating LIBOR will be established such that it continues to exist after 2023, or if alternative rates or benchmarks will be adopted. Changes in the method of calculating LIBOR, or the replacement of LIBOR with an alternative rate or benchmark, may adversely affect interest rates and result in higher borrowing costs. This could materially and adversely affect our results of operations, cash flows, and liquidity. We cannot predict the effect of the potential changes to LIBOR or the establishment and use of alternative rates or benchmarks. We may need to renegotiate our Senior Secured Credit Facilities or incur other indebtedness, and changes in the method of calculating LIBOR, or the use of an alternative rate or benchmark, may negatively impact the terms of such renegotiated Senior Secured Credit Facilities or such other indebtedness. If changes are made to the method of calculating LIBOR or LIBOR ceases to exist, we may need to amend certain contracts and cannot predict what alternative rate or benchmark would be negotiated. This may result in an increase to our interest expense.

The European Money Markets Institute (the authority that administers EURIBOR) has undertaken a number of reforms in response to the EU Benchmark Regulation, which was first published in June 2016 and requires only benchmarks published by “authorized administrators” to be used in new financial contracts beginning on January 1, 2022. It is unclear whether new methods of calculating EURIBOR will be established such that it continues to exist after 2021, or if alternative rates or benchmarks will be adopted. Changes in the method of calculating EURIBOR, or the replacement of EURIBOR with an alternative rate or benchmark, may adversely affect interest rates and result in higher borrowing costs. This could materially and adversely affect our results of operations, cash flows, and liquidity. We cannot predict the effect of the potential changes to EURIBOR or the establishment and use of alternative rates or benchmarks. We may need to renegotiate our First Lien Credit Agreement or incur other indebtedness, and changes in the method of calculating EURIBOR, or the use of an alternative rate or benchmark, may negatively impact the terms of such renegotiated First Lien Credit Agreement or such other indebtedness. If changes are made to the method of calculating EURIBOR or EURIBOR ceases to exist, we may need to amend certain contracts and cannot predict what alternative rate or benchmark would be negotiated. This may result in an increase to our interest expense.

We utilize derivative financial instruments to reduce our exposure to market risks from changes in interest rates on our variable rate indebtedness, including our Senior Secured Credit Facilities, and we will be exposed to risks related to counterparty credit worthiness or non-performance of these instruments.

We have entered into interest rate swap instruments to limit our exposure to changes in variable interest rates. While our hedging strategy is designed to minimize the impact of increases in interest rates applicable to our variable rate debt, including our Senior Secured Credit Facilities, there can be no guarantee that our hedging strategy will be effective, and we may experience credit-related losses in some circumstances. See Note 15 to the Consolidated Financial Statements in Part II, Item 8 for more information.

40

Risks Related to Our Organizational Structure

Our principal asset is our interest in Foundation Technology Worldwide LLC, and we are dependent upon Foundation Technology Worldwide LLC and its consolidated subsidiaries for our results of operations, cash flows, and distributions.

We are a holding company and have no material assets other than our direct and indirect ownership of the LLC Units. As such, we have no independent means of generating revenue or cash flow, and our ability to pay our taxes and operating expenses, including to satisfy our obligations under the tax receivable agreement, or declare and pay dividends in the future, if any, depend upon the results of operations and cash flows of Foundation Technology Worldwide LLC and its consolidated subsidiaries and distributions we receive from Foundation Technology Worldwide LLC. There can be no assurance that our subsidiaries will generate sufficient cash flow to distribute funds to us or that applicable state law and contractual restrictions will permit such distributions.

We anticipate that Foundation Technology Worldwide LLC will continue to be treated as a partnership (and not as a “publicly traded partnership,” within the meaning of Section 7704(b) of the Code, subject to tax as a corporation) for U.S. federal income tax purposes and, as such, generally will not be subject to any entity-level U.S. federal income tax. Instead, taxable income will be allocated to holders of Foundation Technology Worldwide LLC Units. Accordingly, we and our subsidiaries will be required to pay income taxes on our allocable share of any net taxable income of Foundation Technology Worldwide LLC. Further, Foundation Technology Worldwide LLC and its subsidiaries may, absent an election to the contrary, be subject to material liabilities pursuant to partnership audit rules enacted pursuant to the Bipartisan Budget Act of 2015 and related guidance if, for example, its calculations of taxable income are incorrect. Further, we are responsible for the unpaid tax liabilities of the corporate entities we acquired as part of the Reorganization Transactions (as defined herein), including for the taxable year (or portion thereof) of such entities ending on the date of our initial public offering (the “IPO”). To the extent that we need funds and Foundation Technology Worldwide LLC and its subsidiaries are restricted from making such distributions, under applicable law or regulation, or as a result of covenants in the credit agreements of Foundation Technology Worldwide LLC and its subsidiaries, we may not be able to obtain such funds on terms acceptable to us or at all and as a result could suffer an adverse effect on our liquidity and financial condition.

We are required to pay certain Continuing Owners and certain Management Owners for certain tax benefits we may realize or are deemed to realize in accordance with the tax receivable agreement between us and such Continuing Owners and Management Owners, and we expect that the payments we will be required to make will be substantial.

The contribution by certain Continuing Owners and certain Management Owners to McAfee Corp. of certain corporate entities in connection with the Reorganization Transactions and future exchanges of LLC Units for cash or, at our option, for shares of our Class A common stock have produced and are expected to produce or otherwise deliver to us favorable tax attributes that can reduce our taxable income. We are a party to a tax receivable agreement, under which generally we are required to pay to certain of our Continuing Owners and certain Management Owners (collectively, the “TRA Beneficiaries”) 85% of the applicable cash savings, if any, in U.S. federal, state, and local income tax that we actually realize or, in certain circumstances, are deemed to realize as a result of (i) all or a portion of McAfee Corp.’s allocable share of existing tax basis in the assets of Foundation Technology Worldwide LLC (and its subsidiaries) acquired in connection with the Reorganization Transactions, (ii) increases in McAfee Corp.’s allocable share of existing tax basis in the assets of Foundation Technology Worldwide LLC (and its subsidiaries) and tax basis adjustments in the assets of Foundation Technology Worldwide LLC (and its subsidiaries) as a result of sales or exchanges of LLC Units, (iii) certain tax attributes of the corporations McAfee Corp. acquired in connection with the Reorganization Transactions (including their allocable share of existing tax basis in the assets of Foundation Technology Worldwide LLC (and its subsidiaries)), and (iv) certain other tax benefits related to entering into the tax receivable agreement, including tax benefits attributable to payments under the tax receivable agreement. We generally will retain the benefit of the remaining 15% of the applicable tax savings.

The payment obligations under the tax receivable agreement are obligations of McAfee Corp., and we expect that the payments we will be required to make under the tax receivable agreement will be substantial. Potential future reductions in tax payments for us and tax receivable agreement payments by us will be determined in part by reference to the market value of our Class A common stock at the time of the sale and the prevailing tax rates applicable to us over the life of the tax receivable agreement and will be dependent on us generating sufficient future taxable income to realize the benefit. Payments under the tax receivable agreement are not conditioned on the TRA Beneficiaries’ ownership of our shares.

41

The actual increase in tax basis, as well as the amount and timing of any payments under the tax receivable agreement, will vary depending upon a number of factors, including the timing of sales by the Continuing Owners and participating Management Owners, the price of our Class A common stock at the time of the sales, whether such sales are taxable, the amount and timing of the taxable income we generate in the future, the tax rates then applicable to us, and the portions of our payments under the tax receivable agreement constituting imputed interest. Payments under the tax receivable agreement are expected to give rise to certain additional tax benefits attributable to either further increases in basis or in the form of deductions for imputed interest. Any such benefits that we are deemed to realize under the terms of the tax receivable agreement are covered by the tax receivable agreement and will increase the amounts due thereunder. The tax receivable agreement provides that interest, at a rate equal to one-year LIBOR (or if LIBOR ceases to be published, a replacement rate with similar characteristics) plus 1%, will accrue from the due date (without extensions) of the tax return to which the applicable tax benefits relate to the date of payment specified by the tax receivable agreement. In addition, where we fail to make payment by the date so specified, the tax receivable agreement generally provides for interest to accrue on the unpaid amount from the date so specified until the date of actual payment, at a rate equal to one-year LIBOR (or if LIBOR ceases to be published, a replacement rate with similar characteristics) plus 5%, except under certain circumstances specified in the tax receivable agreement where we are unable to make payment by such date, in which case interest will accrue at a rate equal to one-year LIBOR (or if LIBOR ceases to be published, a replacement rate with similar characteristics) plus 1%.

Payments under the tax receivable agreement will be based in part on our tax reporting positions. We will not be reimbursed for any payments previously made under the tax receivable agreement if such basis increases or other attributes or benefits are subsequently disallowed by a taxing authority. As a result, in certain circumstances, the payments we are required to make under the tax receivable agreement could exceed the benefits that we actually realize in respect of the attributes in respect of which the tax receivable agreement required us to make payment.

In addition, the tax receivable agreement provides that in the case of a change of control of McAfee Corp. (as defined therein) or a material breach of our obligations (that is not timely cured) under the tax receivable agreement, or if, at any time, we elect an early termination of the tax receivable agreement, our payment obligations under the tax receivable agreement will accelerate and may significantly exceed the actual benefits we realize in respect of the tax attributes subject to the tax receivable agreement. We will be required to make a payment to the TRA Beneficiaries covered by such termination in an amount equal to the present value of future payments (calculated using a discount rate equal to the lesser of (i) 6.5% per annum and (ii) one-year LIBOR (or if LIBOR ceases to be published, a replacement rate with similar characteristics) plus 1%, which may differ from our, or a potential acquirer’s, then-current cost of capital) under the tax receivable agreement, which payment would be based on certain assumptions, including those relating to our future taxable income. In certain cases, a sale or other disposition of a substantial portion of assets of Foundation Technology Worldwide LLC will be treated as a change of control transaction. In these situations, our obligations under the tax receivable agreement could have a substantial negative impact on our, or a potential acquirer’s, liquidity and could have the effect of delaying, deferring, modifying, or preventing certain mergers, asset sales, other forms of business combinations, or other changes of control. These provisions of the tax receivable agreement may result in situations where the TRA Beneficiaries have interests that differ from or are in addition to those of our other stockholders. In addition, we could be required to make payments under the tax receivable agreement that are substantial, significantly in advance of any potential actual realization of such further tax benefits, and in excess of our, or a potential acquirer’s, actual cash savings in income tax.

Finally, because we are a holding company with no operations of our own, our ability to make payments under the tax receivable agreement is dependent on the ability of our subsidiaries to make distributions to us. The First Lien Credit Agreement restricts the ability of our subsidiaries to make distributions to us, which could affect our ability to make payments under the tax receivable agreement. To the extent that we are unable to make payments under the tax receivable agreement as a result of restrictions in the First Lien Credit Agreement, such payments will be deferred and will accrue interest until paid, which could negatively impact our results of operations and could also affect our liquidity in periods in which such payments are made.

In certain circumstances, under its limited liability company agreement, Foundation Technology Worldwide LLC will be required to make tax distributions to us, the Continuing Owners and certain Management Owners and the distributions that Foundation Technology Worldwide LLC will be required to make may be substantial.

Funds used by Foundation Technology Worldwide LLC to satisfy its tax distribution obligations to the Continuing Owners and certain Management Owners will not be available for reinvestment in our business. Moreover, the tax distributions that Foundation Technology Worldwide LLC will be required to make may be substantial, and will likely exceed (as a percentage of Foundation Technology Worldwide LLC’s net income) the overall effective tax rate applicable to a similarly situated corporate taxpayer.

42

As a result of potential differences in the amount of net taxable income allocable to us and to the Continuing Owners and certain Management Owners, as well as the use of an assumed tax rate in calculating Foundation Technology Worldwide LLC’s tax distribution obligations to the Continuing Owners and the Management Owners, we may receive distributions significantly in excess of our tax liabilities and obligations to make payments under the tax receivable agreement. To the extent, as currently expected, we do not distribute such cash balances as dividends on shares of our Class A common stock and instead, for example, hold such cash balances or lend them to Foundation Technology Worldwide LLC, the Continuing Owners would benefit from any value attributable to such accumulated cash balances as a result of their ownership of Class A common stock following an exchange of their LLC Units for such Class A common stock. Our board of directors, in its sole discretion, will make any determination from time to time with respect to the use of any such excess cash so accumulated, which may include, among other uses, to acquire additional newly issued LLC Units from Foundation Technology Worldwide LLC at a per unit price determined by reference to the market value of the Class A common stock; to pay dividends, which may include special dividends, on its Class A common stock; to fund repurchases of its Class A common stock; to make payments under the tax receivable agreement; or any combination of the foregoing. We will have no obligation to distribute such cash (or other available cash other than any declared dividend) to our stockholders.

Our organizational structure, including the tax receivable agreement, confers certain benefits upon certain Continuing Owners and certain Management Owners, which benefits are not conferred on Class A common stockholders generally.

Our organizational structure, including the tax receivable agreement, confers certain benefits upon certain Continuing Owners and certain Management Owners, which benefits are not conferred on the holders of shares of our Class A common stock generally. In particular, we entered into the tax receivable agreement with Foundation Technology Worldwide LLC and the TRA Beneficiaries, which provides for the payment by us to the TRA Beneficiaries of 85% of the amount of tax benefits, if any, that we actually realize, or in some circumstances are deemed to realize, as a result of (i) all or a portion of McAfee Corp.’s allocable share of existing tax basis in the assets of Foundation Technology Worldwide LLC (and its subsidiaries) acquired in connection with the Reorganization Transactions, (ii) increases in McAfee Corp.’s allocable share of existing tax basis in the assets of Foundation Technology Worldwide LLC (and its subsidiaries) and tax basis adjustments in the assets of Foundation Technology Worldwide LLC (and its subsidiaries) as a result of sales or exchanges of LLC Units, (iii) certain tax attributes of the corporations McAfee Corp. acquired in connection with the Reorganization Transactions (including their allocable share of existing tax basis in the assets of Foundation Technology Worldwide LLC (and its subsidiaries)), and (iv) certain other tax benefits related to entering into the tax receivable agreement, including tax benefits attributable to payments under the tax receivable agreement. Although we will generally retain 15% of the amount of such tax benefits, this and other aspects of our organizational structure may adversely impact the future trading market for the Class A common stock.

We will not be reimbursed for any payments made to the TRA Beneficiaries under the tax receivable agreement in the event that any purported tax benefits are subsequently disallowed by the IRS.

If the IRS or a state or local taxing authority challenges the tax basis adjustments and/or deductions that give rise to payments under the tax receivable agreement and the tax basis adjustments and/or deductions are subsequently disallowed, the recipients of payments under the agreements will not reimburse us for any payments we previously made to them. Any such disallowance would be taken into account in determining future payments under the tax receivable agreement and may, therefore, reduce the amount of any such future payments. Nevertheless, if the claimed tax benefits from the tax basis adjustments and/or deductions are disallowed, our payments under the tax receivable agreement could exceed our actual tax savings, and we may not be able to recoup payments under the tax receivable agreement that were calculated on the assumption that the disallowed tax savings were available.

Unanticipated changes in effective tax rates or adverse outcomes resulting from examination of our income or other tax returns could adversely affect our financial condition and results of operations.

We will be subject to income taxes in the United States, and our domestic and foreign tax liabilities will be subject to the allocation of expenses in differing jurisdictions. Our future effective tax rates could be subject to volatility or adversely affected by a number of factors, including:

•changes in the valuation of our deferred tax assets and liabilities;

•expected timing and amount of the release of any tax valuation allowances;

•tax effects of equity-based compensation;

•costs related to intercompany restructurings;

•changes in tax laws, regulations, or interpretations thereof; or

•lower than anticipated future earnings in jurisdictions where we have lower statutory tax rates and higher than anticipated future earnings in jurisdictions where we have higher statutory tax rates.

43

In addition, we may be subject to audits of our income, sales and other transaction taxes by U.S. federal, state, and local and foreign authorities. Outcomes from these audits could have an adverse effect on our financial condition and results of operations.

Risks Related to Our Class A Common Stock

TPG, Thoma Bravo and Intel will continue to have significant influence over us, including control over decisions that require the approval of stockholders, which could limit your ability to influence the outcome of matters submitted to stockholders for a vote.

We are currently controlled by our TPG, Thoma Bravo and Intel. As long as TPG, Thoma Bravo and Intel collectively own or control at least a majority of our outstanding voting power, they will have the ability to exercise substantial control and significant influence over our management and affairs and all corporate actions requiring stockholder approval, irrespective of how our other stockholders may vote, including the election and removal of directors and the size of our board of directors, any amendment of our certificate of incorporation or bylaws, or the approval of any merger or other significant corporate transaction, including a sale of substantially all of our assets. The concentration of voting power limits your ability to influence corporate matters and, as a result, we may take actions that you do not view as beneficial. As a result, the market price of our Class A common stock could be adversely affected. Even if their collective ownership falls below 50%, TPG, Thoma Bravo and Intel will continue to be able to strongly influence or effectively control our decisions.

Additionally, the interests of TPG, Thoma Bravo and Intel may not align with the interests of our other stockholders. TPG, Thoma Bravo and Intel may, in the ordinary course of their respective businesses, acquire and hold interests in businesses that compete directly or indirectly with us. TPG, Thoma Bravo and Intel each may also pursue acquisition opportunities that may be complementary to our business, and, as a result, those acquisition opportunities may not be available to us.

Certain of our directors have relationships with TPG, Thoma Bravo and Intel, which may cause conflicts of interest with respect to our business.

Three of our seven directors are affiliated with TPG, Thoma Bravo and Intel. Our directors who are affiliated with TPG, Thoma Bravo or Intel have fiduciary duties to us and, in addition, have duties to TPG, Thoma Bravo and Intel. As a result, these directors may face real or apparent conflicts of interest with respect to matters affecting both us and TPG, Thoma Bravo and Intel, whose interests may be adverse to ours in some circumstances.

If we fail to maintain proper and effective internal control over financial reporting in accordance with Section 404 of the Sarbanes-Oxley Act, our ability to produce accurate and timely consolidated financial statements could be impaired, which could harm our results of operations, our ability to operate our business, and investor confidence.

We are required to comply with the SEC’s rules implementing Sections 302 and 404 of the Sarbanes-Oxley Act of 2002 (“Sarbanes-Oxley Act”), which requires management to certify financial and other information in our quarterly and annual reports and provide an annual management report on the effectiveness of our controls over financial reporting. Although we are required to disclose material changes made in our internal controls and procedures on at least a quarterly basis, we are not required to make our first annual assessment of our internal controls over financial reporting pursuant to Section 404 of the Sarbanes-Oxley Act (including an auditor attestation on management’s internal controls report) until our annual report on Form 10-K for the fiscal year ending December 25, 2021.

To comply with the internal controls requirements of being a public company, we may need to undertake various actions as our business or applicable rules and regulations evolve, such as implementing new internal controls and procedures and hiring additional accounting or internal audit staff that have the requisite knowledge of U.S. GAAP. Testing and maintaining internal controls can be costly, challenging, and potentially divert our management’s attention from other matters that are important to the operation of our business.

If we identify any material weaknesses in our internal control over financial reporting, or if we are unable to comply with the demands that will be placed upon us as a public company, including the requirements of Section 404 of the Sarbanes-Oxley Act, in a timely manner, we may be unable to accurately report our consolidated financial results, or report them within the timeframes required by the SEC. We also could become subject to sanctions or investigations by the SEC or other regulatory authorities. In addition, if we are unable to assert that our internal control over financial reporting is effective, or if our independent registered public accounting firm is unable to express an opinion as to the effectiveness of our internal control over financial reporting, when required, investors may lose confidence in the accuracy and completeness of our financial reports, we may face restricted access to the capital markets, and our stock price may be adversely affected.

44

Moreover, no matter how well designed, internal control over financial reporting has inherent limitations. Therefore, internal control over financial reporting determined to be effective can provide only reasonable assurance with respect to financial statement preparation and may not prevent or detect all misstatements. Due to the inherent limitations in all control systems, no evaluation of controls can provide absolute assurance that all control issues and instances of fraud, if any, have been detected. These inherent limitations include the realities that judgments in decision-making can be incorrect, and that breakdowns can occur because of error or mistake. Further, controls can be circumvented by the individual acts of some persons, by collusion of two or more people or by management override of the internal controls. Additionally, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate due to changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate. As such, we could lose investor confidence in the accuracy and completeness of our financial reports, which may have a material adverse effect on our reputation and stock price.

We are a “controlled company” under the Exchange’s rules and, as a result, qualify for certain exemptions from certain corporate governance requirements; you will therefore not have the same protections afforded to stockholders of companies that are subject to these governance requirements.

Because TPG, Thoma Bravo and Intel collectively control a majority of the voting power of our outstanding Class A common stock and Class B common stock on a combined basis, we are a “controlled company” within the meaning of the Exchange’s corporate governance standards. Under these rules, a company of which more than 50% of the voting power for the election of directors is held by an individual, group, or another company is a “controlled company” and may elect not to comply with certain corporate governance requirements, including the requirements that, within one year of the date of the listing of our Class A common stock, we have:

•a board of directors that is composed of a majority of “independent directors,” as defined under rules;

•a compensation committee that is composed entirely of independent directors; and

•a nominating and corporate governance committee that is composed entirely of independent directors.

Our board of directors is composed of a majority of independent directors. However, we may utilize some or all of the other exemptions applicable to “controlled companies.” Accordingly, for so long as we are a “controlled company,” you will not have the same protections afforded to stockholders of companies that are subject to all of the Exchange’s corporate governance requirements. Our status as a controlled company could make our Class A common stock less attractive to some investors or otherwise harm our stock price.

Our results of operations and the market price of our Class A Common Stock may be volatile.

Our quarterly results of operations are likely to fluctuate in the future. In addition, securities markets worldwide have experienced, and are likely to continue to experience, significant price and volume fluctuations. This market volatility, as well as general economic, market, or political conditions, could subject the market price of our shares to wide price fluctuations regardless of our operating performance. Our results of operations and the trading price of our shares may fluctuate in response to various factors, including:

•actual or anticipated changes or fluctuations in our results of operations and whether our results of operations meet the expectations of securities analysts or investors;

•actual or anticipated changes in securities analysts’ estimates and expectations of our financial performance;

•announcements of new solutions, commercial relationships, acquisitions, or other events by us or our competitors;

•general market conditions, including volatility in the market price and trading volume of technology companies in general and of companies in the IT security industry in particular;

•changes in how current and potential customers perceive the effectiveness of our platform in protecting against advanced cyberattacks or other reputational harm;

•network outages or disruptions of our solutions or their availability, or actual or perceived privacy, data protection, or network information breaches;

•investors’ perceptions of our prospects and the prospects of the businesses in which we participate;

•sales of large blocks of our Class A common stock, including sales by our executive officers, directors, and significant stockholders;

•announced departures of any of our key personnel;

•lawsuits threatened or filed against us or involving our industry, or both;

•changing legal or regulatory developments in the United States and other countries;

45

•any default or anticipated default under agreements governing our indebtedness;

•adverse publicity about us, our products and solutions, or our industry;

•effects of public health crises, such as the COVID-19 pandemic;

•general economic conditions and trends; and

•other events or factors, including those resulting from major catastrophic events, war, acts of terrorism, or responses to these events.

These and other factors, many of which are beyond our control, may cause our results of operations and the market price and demand for our shares to fluctuate substantially. While we believe that results of operations for any particular quarter are not necessarily a meaningful indication of future results, fluctuations in our quarterly results of operations could limit or prevent investors from readily selling their shares and may otherwise negatively affect the market price and liquidity of our shares. In addition, in the past, when the market price of a stock has been volatile, holders of that stock have sometimes instituted securities class action litigation against the company that issued the stock. If any of our stockholders brought a lawsuit against us, we could incur substantial costs defending the lawsuit. Such a lawsuit could also divert the time and attention of our management from our business, which could significantly harm our profitability and reputation.

The Continuing Owners have the right to have their LLC Units exchanged for cash or (at our option) shares of Class A common stock and any disclosure of such exchange or the subsequent sale (or any disclosure of an intent to enter into such an exchange or subsequent sale) of such shares of Class A common stock may cause volatility in our stock price.

As of December 25, 2021, 257 million shares of Class A common stock are issuable upon exchange of LLC Units and MIUs that are held by the Continuing Owners. Under the amended and restated limited liability company agreement of Foundation Technology Worldwide LLC (the “LLC Agreement”), subject to certain restrictions set forth therein, the Continuing Owners are entitled to have their LLC Units exchanged for cash or (at our option) shares of our Class A common stock. The holders of MIUs also have the right, from time to time and subject to certain restrictions, to exchange their MIUs for LLC Units, which will then be immediately redeemed for cash or shares of Class A Common Stock, at the option of the Company, based on the value of such MIUs relative to their applicable distribution threshold.

We cannot predict the timing, size, or disclosure of any future issuances of our Class A common stock resulting from the exchange of LLC Units or the effect, if any, that future issuances, disclosure, if any, or sales of shares of our Class A common stock may have on the market price of our Class A common stock. Sales or distributions of substantial amounts of our Class A common stock, or the perception that such sales or distributions could occur, may cause the market price of our Class A common stock to decline.

We cannot guarantee the timing, amount, or payment of dividends on our Class A common stock.

We intend to fund any future dividends from distributions made by Foundation Technology Worldwide LLC from its available cash generated from operations. If McAfee Corp. decides to pay any other dividend on shares of our Class A common stock in the future, it would likely need to cause Foundation Technology Worldwide LLC to make distributions to McAfee Corp. and its wholly-owned subsidiaries in an amount sufficient to cover such dividend. If Foundation Technology Worldwide LLC makes such distributions to McAfee Corp. and its wholly-owned subsidiaries, the other holders of LLC Units will be entitled to receive pro rata distributions, as well as, in certain cases, the holders of MIUs. The timing, declaration, amount of, and payment of any such dividends will be made at the discretion of McAfee Corp.’s board of directors, subject to applicable laws, and will depend upon many factors, including the amount of the distribution received by McAfee Corp. from Foundation Technology Worldwide LLC, our financial condition, results of operations, capital requirements, contractual restrictions, general business conditions, and other factors that McAfee Corp.’s board of directors may deem relevant. Currently, the provisions of our Senior Secured Credit Facilities place certain limitations on the amount of cash dividends we can pay. Moreover, if as expected McAfee Corp. determines to initially pay a dividend following any quarterly distributions from Foundation Technology Worldwide LLC, there can be no assurance that McAfee Corp. will continue to pay dividends in the same amounts or at all thereafter. As a result, we cannot guarantee the timing, amount or payment of dividends on our Class A common stock.

46

A credit ratings downgrade or other negative action by a credit rating organization could adversely affect the trading price of the shares of our Class A common stock.

Credit rating agencies continually revise their ratings for companies they follow. The condition of the financial and credit markets and prevailing interest rates have fluctuated in the past and are likely to fluctuate in the future. In addition, developments in our business and operations could lead to a ratings downgrade for us or our subsidiaries. Any such fluctuation in the rating of us or our subsidiaries may impact our ability to access debt markets in the future or increase our cost of future debt which could have a material adverse effect on our operations, and financial condition, which in return may adversely affect the trading price of shares of our Class A common stock.

Provisions of our corporate governance documents could make an acquisition of our Company more difficult and may prevent attempts by our stockholders to replace or remove our current management, even if beneficial to our stockholders.

In addition to TPG’s, Thoma Bravo’s and Intel’s beneficial ownership of a controlling percentage of our common stock, our certificate of incorporation and bylaws, and the Delaware General Corporation Law (the “DGCL”) contain provisions that could make it more difficult for a third party to acquire us, even if doing so might be beneficial to our stockholders. These provisions include a classified board of directors and the ability of our board of directors to issue preferred stock without stockholder approval that could be used to dilute a potential acquiror. In addition, these provisions may frustrate or prevent any attempts by our stockholders to replace or remove our current management by making it more difficult for stockholders to replace members of our board of directors. Because our board of directors is responsible for appointing the members of our management team, these provisions could in turn affect any attempt to replace current members of our management team. As a result, you may lose your ability to sell your stock for a price in excess of the prevailing market price due to these protective measures, and efforts by stockholders to change the direction or management of the Company may be unsuccessful.

Our certificate of incorporation designates courts in the State of Delaware as the sole and exclusive forum for certain types of actions and proceedings that may be initiated by our stockholders, and also provides that the federal district courts will be the exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act, each of which could limit our stockholders’ ability to choose the judicial forum for disputes with us or our directors, officers, stockholders, or employees.

Our certificate of incorporation provides that, subject to limited exceptions, the Court of Chancery of the State of Delaware will be the sole and exclusive forum for:

•any derivative action or proceeding brought on our behalf;

•any action asserting a claim of breach of a fiduciary duty owed by any of our directors, officers or other employees to us or our stockholders;

•any action asserting a claim against us arising pursuant to any provision of the General Corporation Law of the State of Delaware, our certificate of incorporation or our bylaws;

•any action to interpret, apply, enforce or determine the validity of our certificate of incorporation or bylaws; and

•any other action asserting a claim against us that is governed by the internal affairs doctrine (each, a “Covered Proceeding”).

Our certificate of incorporation also provides that the federal district courts of the United States of America will be the exclusive forum for the resolution of any complaint asserting a cause of action against us or any of our directors, officers, employees or agents and arising under the Securities Act. However, Section 22 of the Securities Act provides that federal and state courts have concurrent jurisdiction over lawsuits brought the Securities Act or the rules and regulations thereunder. To the extent the exclusive forum provision restricts the courts in which claims arising under the Securities Act may be brought, there is uncertainty as to whether a court would enforce such a provision. We note that investors cannot waive compliance with the federal securities laws and the rules and regulations thereunder. This provision does not apply to claims brought under the Exchange Act.

Any person or entity purchasing or otherwise acquiring any interest in shares of our capital stock shall be deemed to have notice of and to have consented to these provisions. These provisions may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or our directors, officers or other employees, which may discourage such lawsuits against us and our directors, officers and employees. Alternatively, if a court were to find these provisions of our certificate of incorporation inapplicable to, or unenforceable in respect of, one or more of the specified types of actions or proceedings, we may incur additional costs associated with resolving such matters in other jurisdictions, which could adversely affect our business and financial condition.

47

Our certificate of incorporation contains a provision renouncing our interest and expectancy in certain corporate opportunities, which could adversely impact our business.

Each of TPG, Intel and its affiliates, and Thoma Bravo, and the members of our board of directors who are affiliated with them, by the terms of our certificate of incorporation, will not be required to offer us any corporate opportunity of which they become aware and can take any such corporate opportunity for themselves or offer it to other companies in which they have an investment. We, by the terms of our certificate of incorporation, have expressly renounced any interest or expectancy in any such corporate opportunity to the extent permitted under applicable law, even if the opportunity is one that we or our subsidiaries might reasonably have pursued or had the ability or desire to pursue if granted the opportunity to do so. Our certificate of incorporation is not able to be amended to eliminate our renunciation of any such corporate opportunity arising prior to the date of any such amendment.

TPG and Thoma Bravo are in the business of making investments in companies and any of TPG, Intel and Thoma Bravo may from time to time acquire and hold interests in businesses that compete directly or indirectly with us. These potential conflicts of interest could have a material adverse effect on our business, financial condition, results of operations or prospects if TPG, Intel and its affiliates, or Thoma Bravo allocate attractive corporate opportunities to themselves or their affiliates instead of to us.

48

Item 1B. Unresolved Staff Comments.

None.

Item 2. Properties.

Our principal office is located in San Jose, California where we lease approximately 85,000 square feet of space under one lease agreement that expires in December 2030. We also lease space for personnel in North America, South America, Europe, and Asia. Refer to Note 6, Leases in Part II, Item 8 of this Annual Report on Form 10-K for more information on our operating leases.

We believe that our current facilities are adequate and that we will be able to find suitable space to accommodate any potential future expansion. We expect to incur additional expenses in connection with any such new or expanded facilities.

Item 3. Legal Proceedings.

From time to time, we are subject to various legal proceedings and claims, either asserted or unasserted, which arise in the ordinary course of business. While the outcome of these matters cannot be predicted with certainty, we do not believe that the outcome of any of these matters, individually or in the aggregate, will have a material adverse effect on our consolidated financial condition, results of operations, or cash flows.

In addition, as previously disclosed, on November 5, 2021, Company entered into the Merger Agreement, as amended, with Parent and Merger Subsidiary, pursuant to which Merger Subsidiary will merge with and into the Company whereupon the separate corporate existence of Merger Subsidiary will cease and the Company will be the surviving corporation in the Merger and will continue as a wholly owned subsidiary of Parent. On December 21, 2021, the Company filed with the SEC its Preliminary Proxy Statement (the “Preliminary Proxy Statement”). On January 4, 2022, the Company filed with the SEC its Definitive Proxy Statement (the “Definitive Proxy Statement”), which was mailed to Company stockholders.

On January 5, 2022, January 11, 2022, and January 21, 2022, the Company received demand letters on behalf of purported shareholders of the Company challenging certain disclosures set forth in the Definitive Proxy Statement (the “Demand Letters”). In addition, two shareholder complaints relating to the Merger were filed in the United States District Court for the Northern District of California, one filed on January 19, 2022 and captioned Coffman v. McAfee Corp. et al., Case No. 5:22-cv-00361, and one filed on January 20, 2022 and captioned Waswick v. McAfee Corp. et al., Case No. 5:22-cv-00395. On January 25, 2022, a shareholder complaint relating to the Merger was filed in the United States District Court for the Eastern District of New York, captioned Sayre v. McAfee Corp. et al., Case No. 1:22-cv-00430. On January 26, 2022, a shareholder complaint relating to the Merger was filed in the United States District Court for the District of Delaware, captioned Kent v. McAfee Corp. et al., Case No. 1:99-mc-09999. On January 28, 2022, a shareholder complaint relating to the Merger was filed in the United States District Court for the Southern District of New York, captioned Finger v. McAfee Corp. et al., Case No. 1:22-cv-00758. Each of the Coffman, Sayre, Kent, and Finger complaints alleges that the Definitive Proxy Statement is false and/or misleading and asserts claims for violations of Section 14(a) and 20(a) of the Exchange Act and SEC Rule 14a-9 against the Company and its directors. The Waswick complaint alleges that the Preliminary Proxy Statement is false and/or misleading and asserts claims for violations of Section 14(a) and 20(a) of the Exchange Act and SEC Rule 14a-9 against the Company and its directors. Each of these complaints (collectively, the “Complaints”) purports to seek, among other things, injunctive relief preventing the Merger, damages, and an award of plaintiffs’ costs and expenses, including reasonable attorneys’ and expert fees. The Company believes that the claims asserted in the Demand Letters and Complaints are without merit.

Item 4. Mine Safety Disclosures.

None.

49

PART II

Item 5. Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities.

Market Information and Holders of Record

On October 22, 2020, our Class A common stock, $0.001 par value per share, began trading on the NASDAQ Stock Market under the symbol "MCFE." Prior to that time, there was no public market for our stock. As of December 25, 2021, there were approximately 272 holders of record of our Class A common stock and 24 holders of record for our Cass B common stock. The number of holders of record presented here does not include persons whose stock is held in nominee or “street name” accounts through brokers, banks and intermediaries. Our Class B common stock is neither listed nor traded on any stock exchange, nor is there an established public trading market for this class of common stock.

Dividend

Foundation Technology Worldwide LLC (“FTW”) paid a cash distribution to its members for each of the first three quarters of fiscal 2021 at an aggregate annual rate of approximately $200 million. McAfee Corp. received a portion of such distributions through the LLC Units it holds directly or indirectly through its wholly-owned subsidiaries on the record date such distribution were declared by FTW. McAfee Corp. used a portion of its share of the cash distributions declared by FTW to declare or pay the dividends noted in the table below during the year ended December 25, 2021. Remaining distributions received by McAfee Corp. were used for corporate taxes and general corporate purposes. Pursuant to the terms of the Merger Agreement, the Company has agreed to suspend its dividend during the term of the Merger Agreement.

Declaration Date	Record Date	Payment Date	Dividend per Share		Amount (in millions)
December 9, 2020	December 24, 2020	January 7, 2021	$	0.087	$	14
March 11, 2021	March 26, 2021	April 9, 2021	$	0.115	$	19
June 10, 2021	June 25, 2021	July 9, 2021	$	0.115	$	19
August 3, 2021	August 13, 2021	August 27, 2021	$	4.500	$	760
September 13, 2021	September 24, 2021	October 8, 2021	$	0.115	$	21

50

Stock Performance Graph

The graph below compares the cumulative total stockholder return on our Class A common stock with the cumulative total return on the S&P 500 Composite Index and the S&P Information Technology Sector Index for the 2 years ended December 25, 2021 assuming the initial investment of $100 in our Class A common stock and in each of the other indices on October 22, 2020 (the date our Class A common stock commenced trading on the Nasdaq Stock Market) and the reinvestment of all dividends. The comparisons in the graph below are based on historical data and are not indicative of, nor intended to forecast the possible future performance of our common stock.

COMPARISON OF TWO-YEAR CUMULATIVE TOTAL RETURN

Among McAfee Corp., the S&P 500 Index

and the S&P Information Technology Sector Index

 

This performance graph shall not be deemed “filed” for purposes of Section 18 of the Exchange Act or otherwise subject to the liabilities under that Section and shall not be deemed to be incorporated by reference into any filing of McAfee Corp. under the Securities Act or the Exchange Act.

Item 6. Reserved.

51

Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations.

Organization

McAfee Corp. (the “Corporation”) was incorporated in Delaware on July 19, 2019. The Corporation was formed for the purpose of completing an initial public offering (the “IPO”) and related transactions in order to carry on the business of FTW and its subsidiaries. On October 21, 2020, the Corporation became the sole managing member and holder of 100% of the voting power of FTW due to the reorganization transactions described below. With respect to the Corporation and the Company, each entity owns nothing other than the respective entities below it in the corporate structure and each entity has no other material operations, assets, or liabilities. The Reorganization Transactions were accounted for as a reorganization of entities under common control. As a result, the financial statements for periods prior to the IPO and the Reorganization Transactions are the financial statements of FTW as the predecessor to the Corporation for accounting and reporting purposes. See Note 1 to the Consolidated Financial Statements in Item 8 for a detailed discussion of the Reorganization Transactions, as defined in that note, and the IPO.

The Reorganization Transactions

Reorganization

In connection with the closing of the IPO, the following Reorganization Transactions were consummated:

•a new limited liability company operating agreement (“New LLC Agreement”) was adopted for FTW making the Corporation the sole managing member of FTW;

•the Corporation’s certificate of incorporation was amended and restated to, among other things, (i) provide for Class A common stock and Class B common stock and (ii) issue shares of Class B common stock to the Continuing Owners and Management Owners, on a one-to-one basis with the number of LLC Units they own (except that Management Owners will not receive shares of Class B common stock in connection with their exchange of Management Incentive Units (“MIUs”)), the exchange of which will be settled in cash or shares of Class A common stock, at the option of the Company, for nominal consideration;

•the Corporation (i) issued 126.3 million shares of its Class A common stock to certain of the Continuing Owners in exchange for their contribution of LLC units or the equity of certain other entities, which pursuant to the Reorganization Transactions, became its direct or indirect subsidiaries and (ii) settled 5.7 million restricted stock units (“RSUs”) with shares of its Class A common stock, net of tax withholding, held by certain employees, which were satisfied in connection with the Reorganization Transactions; and

•the Corporation entered into (i) a tax receivable agreement (“TRA”) with certain of our Continuing Owners and certain Management Owners (collectively “TRA Beneficiaries”) and (ii) a stockholders agreement and a registration rights agreement with investment funds affiliated with or advised by TPG Global, LLC (“TPG”) and Thoma Bravo, L.P. (“Thoma Bravo”), respectively, and Intel Americas, Inc. (“Intel”).

Organization of Information

In Item 7, we discuss the year ended December 25, 2021 results and compare the year ended December 25, 2021 results to the year ended December 26, 2020 results. Discussions of the year ended December 26, 2020 results and comparisons of the year ended December 26, 2020 results to the year ended December 28, 2019 results can be found in “Management’s Discussion and Analysis of Financial Condition and Results of Operations” in the Corporation’s Prospectus dated September 9, 2021 and filed with the SEC on September 10, 2021 pursuant to Rule 424(b)(4) of the Securities Act.

Overview

As a global leader and trusted brand in cybersecurity for over 30 years, McAfee protects millions of consumers with one of the industry’s most comprehensive cybersecurity portfolios. Our award-winning products offer individuals and families protection for their digital lives. We meet the cyber security needs of consumers wherever they are, with solutions for device security, privacy and safe Wi-Fi, online protection, and identity protection, among others. Our mission is to protect all things that matter through leading-edge cybersecurity products.

Our consumer-focused products protect consumers across the digital spectrum providing holistic digital protection of the individual and family wherever they go under our Total Protection and LiveSafe brands. We achieve this by integrating the following solutions and capabilities within our bundled products:

•Device Security, which includes our Anti-Malware Software and Secure Home Platform products, keeps consumer devices, including mobile and home-use, protected from viruses, ransomware, malware, spyware, and phishing.

•Online Privacy and Comprehensive Internet Security, which includes our Safe Connect VPN, TunnelBear, and WebAdvisor products, help make Wi-Fi connections safe with our bank-grade AES 256-bit encryption, keeping personal data protected while keeping IP addresses and physical locations private.

52

•Identity Protection, which includes our Identity Theft Protection and Password Manager products, searches over 600,000 online black markets for compromised personally identifiable information, helping consumers take action to prevent fraud.

Our go-to-market digitally-led omnichannel approach reaches the consumer at crucial moments in their purchase lifecycle including direct to consumer online sales, acquisition through trial pre-loads on PC OEM devices, and other indirect modes via additional partners such as mobile providers, ISPs, electronics retailers, ecommerce sites, and search providers. We have longstanding exclusive partnerships with many of the leading PC OEMs and continue to expand our presence with mobile service providers and ISPs as the demand for mobile security protection increases. Through these relationships, our consumer security software is pre-installed on devices on either a trial basis until conversion to a paid subscription, which is enabled by a tailored renewal process that fits the customer’s journey, or through a live version that can be purchased directly through the OEMs’ website. Our consumer go-to-market channel also consists of partners including some of the largest electronics retailers and ISPs globally.

Agreement and Plan of Merger; Proposed Merger

On November 5, 2021, the Company entered into an Agreement and Plan of Merger (the “Merger Agreement”) with Condor BidCo, Inc., a Delaware corporation (“Parent”), and Condor Merger Sub, Inc., a Delaware corporation and wholly owned subsidiary of Parent (“Merger Subsidiary”), pursuant to which Merger Subsidiary will merge with and into the Company whereupon the separate corporate existence of Merger Subsidiary will cease and the Company will be the surviving corporation in the Merger and will continue as a wholly owned subsidiary of Parent (the “Merger”). Parent has obtained equity financing and debt financing commitments for the purpose of financing the transactions contemplated by the Merger Agreement. Affiliates of funds advised by each of Advent International Corporation, Permira Advisers LLC, Crosspoint Capital Partners L.P., Abu Dhabi Investment Authority, and Canada Pension Plan Investment Board and GIC Private Ltd. have committed to capitalize Parent at the Closing with an aggregate equity contribution equal to $5.2 billion on the terms and subject to the conditions set forth in signed equity commitment letters. On February 3, 2022, Merger Subsidiary received commitments of $5,160 million under a proposed U.S. dollar term loan facility and Euro-equivalent $1,800 million under a proposed Euro term loan facility. On February 17, 2022, Merger Subsidiary closed its offering of $2,020 million 7.375% senior notes due 2030. Under the terms of the Merger Agreement, the Company’s stockholders will receive $26.00 in cash for each share of Class A common stock they hold on the transaction closing date. The transaction’s closing is subject to customary closing conditions, including, among others, approval by the Company’s stockholders, the expiration or early termination of the applicable waiting period under the Hart-Scott-Rodino Antitrust Improvements Act of 1976, as amended (the “HSR Act”), the receipt of other regulatory approvals, and clearance by the Committee on Foreign Investment in the United States. On December 20, 2021 at 11:59 p.m., the waiting period under the HSR Act expired. On February 9, 2022, the Company’s stockholders approved the Merger at a special meeting of stockholders. On February 22, 2022, the Committee on Foreign Investment in the United States closed its review and cleared the transactions contemplated by the Merger Agreement. Pursuant to the terms of the Merger Agreement, the completion of the Merger remains subject to various customary conditions, including (1) the absence of an order, injunction or law prohibiting the Merger, (2) the receipt of antitrust approval in the European Union and Switzerland, (3) the accuracy of each party’s representations and warranties, subject to certain materiality standards set forth in the Merger Agreement, (4) compliance in all material respects with each party’s obligations under the Merger Agreement, and (5) no Company Material Adverse Effect (as defined in the Merger Agreement) having occurred since the date of the Merger Agreement.

Upon completion of the transaction, McAfee common stock will no longer be listed on any public securities exchange.

In connection with the closing of the Merger, the Company, FTW and certain other parties thereto have entered into a Tax Receivable Agreement and LLC Agreement Amendment (the “Amendment”). The Amendment provides for, among other things, (i) the payment of amounts due under the tax receivable agreement currently in effect (the “TRA”) with respect to U.S. federal income tax year 2020 of the Company in accordance with the terms of the TRA up to an aggregate amount of $2 million, which payments shall be paid no later than 10 business days prior to the Closing Date, (ii) the suspension of all other payments under the TRA from and after November 5, 2021 and (iii) the amendment of the TRA, effective as of immediately prior to and contingent upon the occurrence of the Effective Time of the Merger, which shall result in the TRA (and all of the Company’s obligations thereunder, including the obligation to make any of the foregoing suspended payments) terminating immediately prior to the Effective Time of the Merger. For a summary of the transaction, please refer to our Form 8-K filed with the U.S. Securities and Exchange Commission (the “SEC”) on November 8, 2021.

53

Divestiture of Enterprise Business

On March 6, 2021, we entered into a definitive agreement (the “Purchase Agreement”) with a consortium led by Symphony Technology Group (“STG”) under which STG agreed to purchase certain of our Enterprise assets together with certain of our Enterprise liabilities (“Enterprise Business”), representing substantially all of our Enterprise segment, for an all-cash purchase price of $4.0 billion. The divestiture transaction closed on July 27, 2021. The divestiture of our Enterprise Business, represents a strategic shift in our operations that allows us to focus on our Consumer business. As a result of the divestiture, the results of our Enterprise Business were reclassified as discontinued operations in our consolidated statements of operations and excluded from both continuing operations and segment results for all periods presented. Starting in the first quarter of fiscal 2021, we began to operate as one reportable segment as the Enterprise Business comprised substantially all of our Enterprise segment. Results of discontinued operations includes all revenues and expenses directly derived from our Enterprise Business, with the exception of general corporate overhead costs that were previously allocated to our Enterprise segment but have not been allocated to discontinued operations. The Enterprise Business was reclassified as discontinued operations in our consolidated balance sheets. In connection with the divestiture, we recognized a gain of $2.2 billion, net of estimated taxes and transaction costs. See Note 4, Discontinued Operations and Held-for-Sale Assets in Part II, Item 8 of this Annual Report on Form 10-K for additional information about the divestiture of our Enterprise Business.

On August 3, 2021, the Board of Directors of McAfee Corp., using a portion of the proceeds received from the divestiture of Enterprise Business, declared a special one-time cash dividend of $4.50 per share of Class A common stock payable to shareholders of record on August 13, 2021 (the “Special Dividend”). In connection with the declaration of the Special Dividend, the Board of Directors of McAfee Corp., as sole managing member of FTW, authorized FTW to declare a special one-time cash distribution to its members in the aggregate of $2.8 billion (the “Special Distribution”). The Special Distribution resulted in the payment of $1.7 billion to Continuing LLC Owners and $1.1 billion to McAfee Corp. McAfee Corp. used $0.8 billion of its share of the Special Distribution to pay the Special Dividend to participating shareholders on August 27, 2021.

We used a portion of the proceeds from the divestiture to prepay $332 million of 1st Lien USD Term Loan and €563 million of 1st Lien Euro Term Loan in August 2021. In connection with this prepayment, we incurred a loss on extinguishment of debt of $10 million related to recognition of unamortized discount and deferred financing costs. See Note 13 to the consolidated financial statements for further information. We also terminated $150 million of our $250 million notional interest rate swap that had an expiration date of January 29, 2022. See Note 15 to the consolidated financial statements for further information.

Subsequent to the Enterprise Business divestiture, we concluded that a full valuation allowance against the net deferred tax assets of our domestic entities will no longer be required and released $211 million of the $212 million of valuation allowance that existed as of December 26, 2020.

We also expect to realize certain tax benefits subject to our TRA and thus we recognized and recorded an additional TRA liability. As the net deferred tax assets have been recognized as of the date of divestiture of the Enterprise Business, the full liability under the TRA also became probable as of that date. During the year ended December 25, 2021, TRA liability increases of $121 million resulting from post divestiture exchanges of FTW LLC Units for shares of Class A common stock were recorded to Additional paid-in capital on the consolidated balance sheet. TRA liability increases of $313 million resulting from pre-divestiture exchanges and TRA liability decreases of $6 million resulting from unutilized tax attributes were recorded within Other income (expense), net. TRA liability increases of $4 million resulting from divestiture related events were recorded within Income from discontinued operations on the consolidated statement of operations. As of December 25, 2021, we have TRA liabilities of $2 million and $432 million recorded in the consolidated balance sheet within Accounts payable and other accrued liabilities and Tax receivable agreement liability, less current portion, respectively. See Note 14 to the consolidated financial statements for further information and the income tax impact of the Enterprise Business divestiture.

In July 2021, two amendments to the definitive agreement with a consortium led by STG for the purchase of the Enterprise Business were executed. The amendments modified certain provisions for assets and liabilities to be transferred as well as the timing and procedures for transfer of certain assets and employees in foreign jurisdictions in connection with the sale, and clarifying requirements for maintenance of such assets prior to transfer. The amendments also include certain other modifications or clarifications of the purchase agreement. As a result of the amendments, our results of operations for the year ended December 26, 2020 and December 28, 2019 and our December 26, 2020 consolidated balance sheet reflect changes in the assets and liabilities that were determined to be part of discon