S-1/A 1 d359771ds1a.htm S-1/A S-1/A
Table of Contents

As filed with the Securities and Exchange Commission on April 16, 2024.

Registration No. 333-278434

 

 

 

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

Washington, D.C. 20549

AMENDMENT NO. 1 TO

FORM S-1

REGISTRATION STATEMENT

UNDER

THE SECURITIES ACT OF 1933

 

 

RUBRIK, INC.

(Exact name of registrant as specified in its charter)

 

 

 

Delaware   7372   46-4560494

(State or other jurisdiction of

incorporation or organization)

 

(Primary Standard Industrial

Classification Code Number)

 

(I.R.S. Employer

Identification Number)

3495 Deer Creek Road

Palo Alto, California 94304

(844) 478-2745

(Address, including zip code, and telephone number, including area code, of registrant’s principal executive offices)

 

 

Bipul Sinha

Chief Executive Officer

Rubrik, Inc.

3495 Deer Creek Road

Palo Alto, California 94304

(844) 478-2745

(Name, address, including zip code, and telephone number, including area code, of agent for service)

 

 

Copies to:

 

Jon C. Avina

Calise Y. Cheng

Milson C. Yu

Cooley LLP

3175 Hanover Street

Palo Alto, California 94304

(650) 843-5000

 

Peter McGoff

Anne-Kathrin Lalendran

Rubrik, Inc.

3495 Deer Creek Road

Palo Alto, California 94304

(844) 478-2745

 

Richard A. Kline

Sarah B. Axtell

Latham & Watkins LLP

140 Scott Drive

Menlo Park, California 94025

(650) 328-4600

 

 

Approximate date of commencement of proposed sale to the public: As soon as practicable after this Registration Statement is declared effective.

If any of the securities being registered on this form are to be offered on a delayed or continuous basis pursuant to Rule 415 under the Securities Act of 1933, check the following box: 

If this Form is filed to register additional securities for an offering pursuant to Rule 462(b) under the Securities Act, check the following box and list the Securities Act registration statement number of the earlier effective registration statement for the same offering. 

If this Form is a post-effective amendment filed pursuant to Rule 462(c) under the Securities Act, check the following box and list the Securities Act registration statement number of the earlier effective registration statement for the same offering. 

If this Form is a post-effective amendment filed pursuant to Rule 462(d) under the Securities Act, check the following box and list the Securities Act registration statement number of the earlier effective registration statement for the same offering. 

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.

 

Large accelerated filer         Accelerated filer  
Non-accelerated filer         Smaller reporting company  
        Emerging growth company  

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 7(a)(2)(B) of the Securities Act. 

The Registrant hereby amends this Registration Statement on such date or dates as may be necessary to delay its effective date until the Registrant shall file a further amendment which specifically states that this Registration Statement shall thereafter become effective in accordance with Section 8(a) of the Securities Act of 1933 or until the Registration Statement shall become effective on such date as the Commission, acting pursuant to said Section 8(a), may determine.

 

 

 


Table of Contents

The information in this preliminary prospectus is not complete and may be changed. These securities may not be sold until the registration statement filed with the Securities and Exchange Commission is effective. This preliminary prospectus is not an offer to sell nor does it seek an offer to buy these securities in any jurisdiction where the offer or sale is not permitted.

 

Subject to Completion. Dated April 16, 2024.

23,000,000 Shares

 

LOGO

CLASS A COMMON STOCK

 

 

This is an initial public offering of shares of Class A common stock of Rubrik, Inc.

Prior to this offering, there has been no public market for our Class A common stock. It is currently estimated that the initial public offering price per share will be between $28.00 and $31.00. We have applied to list our Class A common stock on the New York Stock Exchange under the symbol “RBRK.”

We have two classes of authorized common stock: Class A common stock and Class B common stock. The rights of the holders of Class A common stock and Class B common stock are identical, except with respect to voting, conversion, and transfer rights. Each share of Class A common stock is entitled to one vote. Each share of Class B common stock is entitled to 20 votes and is convertible at any time into one share of Class A common stock. Outstanding shares of Class B common stock will represent approximately 99.3% of the voting power of our outstanding capital stock immediately following this offering, with our directors, executive officers, and principal stockholders representing approximately 63.6% of such voting power.

We are an “emerging growth company” as defined under the federal securities laws, and as such, we have elected to comply with certain reduced reporting requirements for this prospectus and may elect to do so in future filings.

 

 

See the section titled “Risk Factors” beginning on page 21 to read about factors you should consider before buying shares of our Class A common stock.

 

 

Neither the Securities and Exchange Commission nor any other regulatory body has approved or disapproved of these securities or passed upon the accuracy or adequacy of this prospectus. Any representation to the contrary is a criminal offense.

 

 

 

     PER
SHARE
     TOTAL  

Initial public offering price

   $           $       

Underwriting discounts and commissions(1)

   $        $    

Proceeds, before expenses, to Rubrik, Inc.

   $        $    

 

(1) 

See the section titled “Underwriting (Conflicts of Interest)” for additional information regarding compensation payable to the underwriters.

At our request, the underwriters have reserved up to 5% of the shares of Class A common stock offered by this prospectus for sale at the initial public offering price through a directed share program to certain persons identified by our management, which may include certain parties we have a business relationship with and friends and family of management. See the section titled “Underwriting (Conflicts of Interest)—Directed Share Program.”

To the extent that the underwriters sell more than 23,000,000 shares of Class A common stock, the underwriters have the option to purchase up to an additional 3,450,000 shares of Class A common stock from us at the initial public offering price less underwriting discounts and commissions.

The underwriters expect to deliver the shares of Class A common stock against payment in New York, New York on    , 2024.

 

Goldman Sachs & Co. LLC   Barclays   Citigroup   Wells Fargo Securities
Guggenheim Securities   Mizuho   Truist Securities   BMO Capital Markets   Deutsche Bank Securities
KeyBanc Capital Markets   Cantor   CIBC Capital Markets
Capital One Securities   Wedbush Securities   SMBC Nikko

 

 

Prospectus dated     , 2024.

 


Table of Contents

LOGO

 


Table of Contents

LOGO

 


Table of Contents

LOGO

 


Table of Contents

LOGO

 


Table of Contents

 

 

LOGO


Table of Contents

LOGO

 


Table of Contents

LOGO

 


Table of Contents

TABLE OF CONTENTS

 

PROSPECTUS SUMMARY

     1  

RISK FACTORS

     21  

SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS

     75  

MARKET, INDUSTRY, AND OTHER DATA

     77  

USE OF PROCEEDS

     78  

DIVIDEND POLICY

     80  

CAPITALIZATION

     81  

DILUTION

     85  

MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS

     89  

BUSINESS

     117  

MANAGEMENT

     140  

EXECUTIVE COMPENSATION

     150  

CERTAIN RELATIONSHIPS AND RELATED PARTY TRANSACTIONS

     166  

PRINCIPAL STOCKHOLDERS

     169  

DESCRIPTION OF CAPITAL STOCK

     172  

SHARES ELIGIBLE FOR FUTURE SALE

     180  

MATERIAL U.S. FEDERAL INCOME TAX CONSEQUENCES TO NON-U.S. HOLDERS OF OUR CLASS A COMMON STOCK

     184  

UNDERWRITING (CONFLICTS OF INTEREST)

     188  

LEGAL MATTERS

     199  

EXPERTS

     199  

WHERE YOU CAN FIND ADDITIONAL INFORMATION

     199  

INDEX TO CONSOLIDATED FINANCIAL STATEMENTS

     F-1  

 

 

Through and including    , 2024 (the 25th day after the date of this prospectus), all dealers effecting transactions in these securities, whether or not participating in this offering, may be required to deliver a prospectus. This is in addition to a dealer’s obligation to deliver a prospectus when acting as an underwriter and with respect to an unsold allotment or subscription.

 

 

Neither we nor any of the underwriters has authorized anyone to provide you with any information or to make any representations other than those contained in this prospectus or in any free writing prospectuses we have prepared. Neither we nor any of the underwriters take any responsibility for, and can provide no assurance as to the reliability of, any other information that others may give you. We are offering to sell, and seeking offers to buy, shares of our Class A common stock only in jurisdictions where offers and sales are permitted. The information contained in this prospectus is accurate only as of the date of this prospectus, regardless of the time of delivery of this prospectus or of any sale of our Class A common stock. Our business, financial condition, results of operations, and growth prospects may have changed since that date.

For investors outside the United States: Neither we nor any of the underwriters have done anything that would permit this offering or possession or distribution of this prospectus in any jurisdiction where action for that purpose is required, other than in the United States. Persons outside of the United States who come into possession of this prospectus must inform themselves about, and observe any restrictions relating to, the offering of the shares of our Class A common stock and the distribution of this prospectus outside of the United States.


Table of Contents

PROSPECTUS SUMMARY

This summary highlights selected information contained elsewhere in this prospectus. This summary does not contain all of the information you should consider before investing in our Class A common stock. You should read this entire prospectus carefully, including the sections titled “Risk Factors,” “Special Note Regarding Forward-Looking Statements,” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” and our consolidated financial statements and the related notes included elsewhere in this prospectus, before making an investment decision. Unless the context otherwise requires, all references in this prospectus to “we,” “us,” “our,” “our company,” and “Rubrik,” refer to Rubrik, Inc. and its consolidated subsidiaries. Unless otherwise indicated, references to our “common stock” include our Class A common stock and Class B common stock.

RUBRIK, INC.

Overview

We are on a mission to secure the world’s data.

Cyberattacks are inevitable. Realizing that cyberattacks ultimately target data, we created Zero Trust Data Security to deliver cyber resilience so that organizations can secure their data across the cloud and recover from cyberattacks. We believe that the future of cybersecurity is data security—if your data is secure, your business is resilient.

We built Rubrik Security Cloud, or RSC, with Zero Trust design principles to secure data across enterprise, cloud, and software-as-a-service, or SaaS, applications. RSC delivers a cloud native SaaS platform that detects, analyzes, and remediates data security risks and unauthorized user activities. Our platform is architected to help organizations achieve cyber resilience, which encompasses cyber posture and cyber recovery. We enable organizations to confidently accelerate digital transformation and leverage the cloud to realize business agility.

Traditional cybersecurity approaches have failed to not only prevent but also provide recovery from increasingly rampant and sophisticated cyberattacks. At the same time, legacy backup and recovery solutions have significant shortfalls in addressing cyber recovery and data security as they were primarily built for operational and natural disaster recoveries. They were not designed to enable reliable recovery from cyberattacks, nor were they designed to natively deliver cyber threat analytics and event response.

Architecture matters when it comes to securing data. We built a unique SaaS architecture that combines data and metadata from business applications across enterprise, cloud, and SaaS applications to create self-describing data as a time-series. Self-describing data contains information such as application context, user identity, data sensitivity, and application lineage. This allows us to apply artificial intelligence and machine learning directly to business data to understand emergent data security threats and deliver cyber recovery.

Our Zero Trust Data Security platform assumes that information technology infrastructure will be breached, and nothing can be trusted without authentication. Our data threat engine powered by artificial intelligence and machine learning analyzes the self-describing data time-series to derive

 

1


Table of Contents

security intelligence from data and provide remediation recommendations. Automation is at the core of our architecture ethos. Our automated policy-driven platform delivers data security enforcement, incident response orchestration, and API integrations with the broader security ecosystem.

We use the following guiding principles to design our RSC platform and products:

 

   

Data resilience. Data is always available, notwithstanding cyberattacks, malicious insiders, and operational disruptions.

 

   

Data observability. Data is continuously monitored to strengthen data security posture and minimize attack surface. Emergent security risks are identified, contained, and resolved.

 

   

Data remediation. Points of infection are identified, threats are remediated, and impacted data assets are rapidly recovered without malware reinfection.

Our business is indexed to business data growth. Our customers’ need for our solutions grows in lockstep with their business data growth and their need for additional data security capabilities. We primarily sell subscriptions to RSC through our sales team and partner network by employing a land and expand sales strategy. We land new customers by selling subscriptions to RSC to secure any one of four distinct types of data: private cloud (which we refer to as enterprise), enterprise NAS(1) (which we refer to as unstructured data), cloud, and SaaS applications. Expansion happens along three vectors: the growth of data from applications already secured by Rubrik; new applications secured; and additional data security products. This expansion is driven by a natural flywheel effect in which the value of our platform increases as our customers’ data grows across various applications. As organizations manage more data with RSC, they gain deeper insights into their data, strengthen their overall security posture, and reduce compliance risk. Our average subscription dollar-based net retention rate was 133% as of January 31, 2024. See the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Key Business Metrics” included elsewhere in this prospectus for our definitions of these metrics.

Our platform’s broad applicability allows us to serve organizations of all sizes across a wide range of industries and geographies. As of January 31, 2024, we had more than 6,100 customers, increasing from over 5,000 customers as of January 31, 2023.

Organizations around the world rely on Rubrik to achieve business resilience in the face of cyberattacks, malicious insiders, and operational disruptions. As a result, we have experienced rapid growth, with our subscription annual recurring revenue, or Subscription ARR, increasing from $532.9 million as of January 31, 2023, to $784.0 million as of January 31, 2024, representing a 47% increase, and our total revenue increasing from $599.8 million in the fiscal year ended January 31, 2023, or fiscal 2023, to $627.9 million in the fiscal year ended January 31, 2024, or fiscal 2024. We measure our business on the basis of Subscription ARR. Subscription ARR illustrates our success in acquiring new subscription customers and maintaining and expanding our relationships with existing subscription customers. As of January 31, 2024, we had 1,742 customers generating more than $100,000 in Subscription ARR and 99 customers generating more than $1,000,000 in Subscription ARR. We have continued to invest in growing our business and advancing our solutions to capitalize on our market opportunity. As a result, in fiscal 2023 and fiscal 2024, we incurred net losses of $(277.7) million and $(354.2) million, respectively. In fiscal 2023 and fiscal 2024, operating cash flow was $19.3 million and $(4.5) million, respectively, and free cash flow was $(15.0) million and $(24.5) million, respectively.

 

(1) 

Network-Attached Storage.

 

2


Table of Contents

Industry Background

We believe that data is every organization’s most important asset, and that the following industry trends are driving a need for a new approach to data security:

Due to accelerated digitization, cloud adoption, and rapid data growth, organizations manage extensive, valuable data estates that are vulnerable to malicious actors.

 

   

Accelerated digitization. Organizations are racing to deliver digital customer experiences, digitize operations, and implement new workforce models to drive higher productivity. The proliferation of new technologies has resulted in an increase in the surface area for cyberattacks.

 

   

Cloud and SaaS adoption. As more organizations embrace numerous cloud and SaaS applications, the IT environment continues to become more fragmented. As a result, organizations lose visibility and control over where their data resides, how it is used, and who is using it.

 

   

Data value is increasing. Data fuels organizational innovation, growth, and differentiation in the digital economy. The value of data further increases through a regulatory lens as organizations secure, manage, and govern their data to be compliant with industry and data privacy regulations (e.g., HIPAA, PCI, GDPR, CCPA). As data value increases, organizations face a growing threat of cyberattacks intent on exfiltrating data assets.

Recent AI progress forces organizations to contend with new data security, privacy, and compliance risks.

 

   

GenAI adoption requires data security. Generative AI breakthroughs have ushered in a technological paradigm shift that promises huge productivity gains for organizations. For enterprises to unlock competitive advantages, they need to build AI models based on data from their business applications. CIOs, CISOs, and senior technology leaders need to set guardrails to mitigate ensuing data security, privacy, and compliance risks.

 

   

GenAI could lead to more sophisticated cyberattacks. Generative AI fuels new visual, auditory, and textual methods of attacks, increasing the volume and sophistication of cyber incidents. Simultaneously, AI-based technologies will help organizations identify new vulnerabilities and navigate new data security risks.

The digital economy demands organizations to have 24x7 application availability and resilience against cyberattacks, faults, and failures.

 

   

24x7 application availability is a business requirement. Organizations must ensure that their applications are available 24x7 to meet the demands of both customers and employees. Application availability requires organizations to withstand cyberattacks, malicious insiders, and operational disruptions, all of which can negatively impact the customer experience and operational efficiency.

 

   

Cyberattacks are increasing in scale and sophistication. As organizations amass valuable data, malicious actors have increased their efforts to exploit it. Whether targeting end-customer data or holding organizations hostage through breaches, cyber criminals are putting organizations at growing risk.

 

   

Emergence of new infrastructure security paradigms. The increase in surface area for a potential cyberattack and the explosion of intrusions have driven increased cybersecurity budgets and new approaches to security. According to Gartner®, the world is on track to spend over $200 billion a year for all segments in security and risk management end-user spending in

 

3


Table of Contents
 

2024. Organizations have evolved from using a full-trust, perimeter-guarding security approach to a more stringent Zero Trust infrastructure security model that denies access by default. Despite this, cyberattacks continue to occur, and infrastructure security solutions cannot help reconstitute the business in the event of a cyberattack.

Organizations must comply with a growing and ever-evolving data compliance and regulatory landscape.

 

   

Data compliance has become increasingly difficult. Compliance mandates for protecting sensitive data and user access are continually evolving and proliferating. As cyberattacks increase and enterprise AI adoption continues, organizations must navigate stricter regulations.

The culmination of these trends places organizations and their data assets at continuous risk. While organizations have increased security budgets and adopted advanced defenses, keeping up with evolving cyber threats remains a challenge as infrastructure continues to be compromised and data is breached. Securing data necessitates a new approach.

Limitations of Current Technologies

Current products and technologies struggle to meet the data security needs of today’s organizations and are limited by some or all of the following:

 

   

Built for security or for backup and recovery, but not both;

 

   

Inability to surface data security incidents for security operations;

 

   

Inability to recover data after a cyberattack;

 

   

Not built to manage and provide a unified view of hybrid multi-cloud environments;

 

   

Inability to provide deep visibility and understanding of disparate data sources over time;

 

   

Inability to orchestrate recovery of diverse data sources without malware reinfection;

 

   

Existing solutions’ full trust security model increases software supply chain risk; and

 

   

Difficult to use at scale and across data sources.

Our Data Security Platform

Rubrik has a unique Zero Trust Data Security approach to help organizations achieve business resilience against cyberattacks, malicious insiders, and operational disruptions. We believe a comprehensive cybersecurity strategy requires data security in addition to traditional infrastructure security approaches. We enable organizations to implement a Zero Trust framework at the data layer, deliver data availability that withstands the aforementioned adverse conditions, and uphold data integrity even when infrastructure is compromised.

RSC is a cloud native SaaS platform that secures data across disparate sources, allowing customers to have a single point of control from one user interface. RSC is built on a proprietary framework that represents time-series data and metadata generated across enterprise, cloud, and SaaS applications. We build products on top of RSC to address a myriad of use cases that help our customers achieve cyber resilience, from hardening their data security posture to cyber recovery. These use cases include protection and recovery from cyberattacks, malicious insiders, and operational disruptions; orchestration of cyber and operational recovery, failover/failback testing, and cloud migration; sensitive data classification and over-privileged data access; monitoring for governance, regulatory compliance, and data breaches; and identification, containment, and

 

4


Table of Contents

remediation of ransomware and other security threats. Our access to time-series data and metadata allows us to deliver a breadth of products that span the following areas:

 

   

Data Protection. Our data protection products are built for ease of deployment and use, scalability, and rapid recovery from cyberattacks, malicious insiders, and operational disruptions. We offer data protection products to manage enterprise, unstructured data, cloud, and SaaS applications.

 

   

Data Threat Analytics. Our data threat analytics products use advanced machine learning to detect data threats and identify the blast radius of a cyberattack to enable a speedy recovery. They can also be used for threat hunting and to continuously monitor for indicators of compromise commonly used by bad actors to establish persistent access, move laterally, or exfiltrate data.

 

   

Data Security Posture. Our data security posture products strengthen cyber posture by locating sensitive data proliferation, in addition to identifying data risks. They can be used to discover where organizational data lives, sensitivity of data, and user access and activity.

 

   

Cyber Recovery. Our cyber recovery products improve cyber readiness and incident response by providing orchestrated recovery from a cyberattack and threat containment to quarantine data infected with malware.

In addition, we offer Ruby for AI data defense and recovery. Ruby is designed to augment human efforts with its generative AI capabilities, helping customers scale their data security operations with automation, boosting productivity, and bridging the users’ skills gap. Ruby uses Microsoft Azure OpenAI Service in combination with our own proprietary, internally developed software. Our proprietary software augments user queries to generate prompts that are submitted to the Azure OpenAI model and also enhances the model output to generate responses presented back to the user. We chose to use Microsoft Azure OpenAI Service based on its security features and because it offers an advanced AI model provisioned in Rubrik’s Azure environment such that the data stays within Rubrik’s control. For more information regarding the risks related to the use of AI in our business, see the risk factor titled “Our use of generative artificial intelligence tools may pose risks to our proprietary software and systems and subject us to legal liability” in the section titled “Risk Factors.”

Our RSC platform is built to be highly flexible and scalable, enabling us to innovate and deliver new products in the future.

RSC secures data across enterprise, cloud, and SaaS applications, including:

 

   

Enterprise: VMware, Microsoft Hyper-V, Microsoft SQL Server, Oracle, Microsoft Windows, Nutanix, Kubernetes, Cassandra, MongoDB, Linux, UNIX, AIX, NAS, Epic, and SAP HANA.

 

   

Cloud/SaaS: GCP, Azure, AWS, M365 (Microsoft Teams, SharePoint, Exchange Online, and OneDrive), and Atlassian Jira Cloud.

Architecture Matters

We believe the following attributes of our platform architecture allow us to offer a differentiated approach to data security:

 

   

Time-Series Data and Metadata. Combines data and metadata together into self-describing data and records its history over time. Self-describing data gives us the full context of data to address security use cases and conduct cyber recovery. Our proprietary framework uniformly represents self-describing data across time for a multitude of applications.

 

5


Table of Contents
   

Zero Trust Design. Prevents threats to the data layer through native immutability, secure protocols, logical air gap, encryption, role-based access controls, multi-factor authentication, and native services.

 

   

Data Threat Engine. Uses machine learning and threat intelligence to analyze our time-series data and metadata, detecting anomalies, encryption, content sensitivity, and malware.

 

   

Automation. Delivers automated end-to-end policy management and enforcement, orchestration of security incident response, and API integrations.

Our Competitive Advantages

Key differentiating elements of our platform and approach include:

 

   

Zero Trust architectural design for data security;

 

   

Ability to surface data security incidents for security operations;

 

   

Built to enable operational continuity following cyberattacks and other security incidents;

 

   

Built to secure data across a hybrid multi-cloud environment;

 

   

Built to detect and analyze anomalies, sensitive data, user risk, and security threats;

 

   

Ability to automatically orchestrate complex recoveries without malware reinfection;

 

   

Radical simplicity at scale to ensure ease of use across complex environments; and

 

   

Fully extensible, API-first platform with a broad ecosystem of compatibility.

Key Benefits to Our Customers

Organizations choose Rubrik to:

 

   

Achieve cyber and operational resilience;

 

   

Strengthen data security posture;

 

   

Secure, govern, and recover data across hybrid multi-cloud and SaaS applications;

 

   

Comply with data regulations;

 

   

Catalog and govern data assets; and

 

   

Improve operational efficiency.

Our Opportunity

We believe our total addressable market opportunity for our platform will be approximately $36.3 billion by the end of calendar year 2024 and approximately $52.9 billion by the end of calendar year 2027, based on market estimates in Gartner® research, representing an average 13% compounded annual growth rate.(2) These market estimates are as follows:

 

   

Data Management. Based on market estimates in Gartner® research, we estimate that our addressable market for data management will be approximately $12.9 billion by the end of calendar year 2024, which includes $11.1 billion in Backup and Recovery Software and

 

(2) 

Gartner, Inc., Forecast: Enterprise Infrastructure Software, Worldwide, 2021-2027, 4Q23 Update, December 2023; Gartner, Inc., Forecast: Information Security and Risk Management, Worldwide, 2021-2027, 4Q23 Update, December 2023; Gartner, Inc., Forecast Analysis: Cloud Security Posture Management, Worldwide, July 2023. Calculations performed by Rubrik, Inc. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the United States and internationally and is used herein with permission. All rights reserved.

 

6


Table of Contents
 

$1.9 billion in Archive Software.(3) According to market estimates in Gartner® research, these markets will increase to $15.4 billion by the end of calendar year 2027.(4)

 

   

Security. Based on market estimates in Gartner® research, we believe our addressable market for Application Security, Cloud Security, Cloud Security Posture Management, Data Privacy, Data Security, and Privileged Access Management Software will represent approximately $23.4 billion by the end of calendar year 2024 and approximately $37.5 billion by the end of calendar year 2027.(5)(6)

Our Growth Strategy

Key elements of our growth strategy include:

 

   

Continuing to grow our platform and products;

 

   

Growing our customer base;

 

   

Expanding within our customer base;

 

   

Innovating and extending our product leadership;

 

   

Growing and harnessing our partner ecosystem;

 

   

Expanding our global footprint; and

 

   

Pursuing strategic acquisitions.

Risk Factors Summary

Investing in our Class A common stock involves numerous risks, including the risks described in the section titled “Risk Factors” and elsewhere in this prospectus. You should carefully consider these risks before making an investment. Below are some of these risks, any one of which could materially adversely affect our business, financial condition, results of operations, and growth prospects.

 

   

Our recent rapid growth may not be indicative of our future growth. Our rapid growth also makes it difficult to evaluate our future prospects.

 

   

If the market for data security solutions does not grow, our ability to grow our business and our results of operations may be adversely affected.

 

   

We have a limited operating history, particularly with respect to our offering of RSC, which makes it difficult to forecast our future results of operations.

 

   

If we are unable to attract new customers, our future results of operations could be harmed.

 

   

We have a history of operating losses and may not achieve or sustain profitability in the future.

 

(3) 

Gartner, Inc., Forecast: Enterprise Infrastructure Software, Worldwide, 2021-2027, 4Q23 Update, December 2023. Calculations performed by Rubrik, Inc.

(4) 

Ibid. Calculations performed by Rubrik, Inc. Includes $13.3 billion in Backup and Recovery Software and $2.1 billion in Archive Software.

(5) 

Gartner, Inc., Forecast: Information Security and Risk Management, Worldwide, 2021-2027, 4Q23 Update, December 2023. Calculations performed by Rubrik, Inc. Includes $6.6 billion and $9.8 billion in Application Security, $6.9 billion and $12.8 billion in Cloud Security, $1.7 billion and $2.7 billion in Data Privacy, $4.2 billion and $5.9 billion in Data Security, and $2.4 billion and $2.9 billion in Privileged Access Management by the end of calendar years 2024 and 2027, respectively.

(6) 

Gartner, Inc., Forecast Analysis: Cloud Security Posture Management, Worldwide, July 2023. Calculations performed by Rubrik, Inc. Includes $1.8 billion and $3.3 billion in Cloud Security Posture Management by the end of calendar years 2024 and 2027, respectively.

 

7


Table of Contents
   

If our customers do not renew their subscriptions for our data security solutions or expand their subscriptions to increase the amount of data secured, secure new applications, or include new features or capabilities, our results of operations could be harmed.

 

   

If our data security solutions fail or do not perform as intended or are perceived to have defects, errors, or vulnerabilities, our brand and reputation will be harmed, which would adversely affect our business and results of operations.

 

   

Our information technology systems or data, or those of third parties upon which we rely, have in the past been, and may in the future be, compromised, which may cause us to experience significant adverse consequences, including but not limited to regulatory investigations or actions, litigation, fines and penalties, disruptions of our business operations, reputational harm, loss of revenue or profits, loss of customers or sales, and other adverse consequences. As a data security company, we have been and may in the future be specifically targeted by various threat actors who try to compromise our information technology systems or data.

 

   

Our use of generative artificial intelligence tools may pose risks to our proprietary software and systems and subject us to legal liability.

 

   

We expect our revenue mix and certain business factors to impact the amount of revenue recognized period to period, which could make period-to-period revenue comparisons not meaningful and make revenue difficult to predict.

 

   

We rely upon third-party cloud providers to host our data security solutions, and any disruption of, or interference with, our use of third-party cloud products would adversely affect our business, financial condition, and results of operations.

 

   

We may not be able to successfully manage our growth, and if we are not able to grow efficiently, our business, financial condition, and results of operations could be harmed.

 

   

The markets in which we participate are competitive, and if we do not compete effectively, our business, financial condition, and results of operations could be harmed.

 

   

The estimates of market opportunity, forecasts of market growth, and potential return on investment included in this prospectus may prove to be inaccurate, and even if the market in which we compete achieves the forecasted growth, our business could fail to grow at similar rates, if at all.

 

   

The dual class structure of our common stock as contained in our amended and restated certificate of incorporation has the effect of concentrating voting control with those stockholders who held our stock prior to this offering, including our executive officers, employees, and directors and their affiliates, and limiting your ability to influence corporate matters, which could adversely affect the trading price of our Class A common stock.

If we are unable to adequately address these and other risks we face, our business may be harmed.

Channels for Disclosure of Information

Following the closing of this offering, we intend to announce material information to the public through filings with the Securities and Exchange Commission, or the SEC, the investor relations page on our website, press releases, public conference calls, public webcasts, our blog posts on our website, and our X (formerly Twitter) (@rubrikInc) and LinkedIn (www.linkedin.com/company/rubrik-inc) accounts. Information contained on, or accessible through, our website and accounts is not a part of this prospectus, and the inclusion of our website and account addresses in this prospectus is only as inactive textual references.

 

8


Table of Contents

The information disclosed through the foregoing channels could be deemed to be material information. As such, we encourage investors, the media, and others to follow the channels listed above and to review the information disclosed through such channels. Any updates to the list of disclosure channels through which we will announce information will be posted on the investor relations page on our website.

Corporate Information

We were initially incorporated under the laws of the State of Delaware in December 2013 under the name ScaleData, Inc. We changed our name to Rubrik, Inc. in October 2014. Our principal executive offices are located at 3495 Deer Creek Road, Palo Alto, California 94304. Our telephone number is (844) 478-2745. Our website address is www.rubrik.com. Information contained on, or accessible through, our website is not a part of this prospectus, and the inclusion of our website address in this prospectus is only as an inactive textual reference.

The Rubrik design logos, “Rubrik,” and our other registered or common law trademarks, trade names, or service marks appearing in this prospectus are the property of Rubrik, Inc. or its affiliates. Other trademarks, trade names, and service marks used in this prospectus are the property of their respective owners. Solely for convenience, trademarks, trade names, and service marks referred to in this prospectus may appear without the ®, , or SM symbols.

Implications of Being an Emerging Growth Company

As a company with less than $1.235 billion in revenue during our last fiscal year, we qualify as an “emerging growth company” as defined in the Jumpstart Our Business Startups Act, or JOBS Act, enacted in April 2012. An emerging growth company may take advantage of reduced reporting requirements that are otherwise applicable generally to public companies. These provisions include, but are not limited to:

 

   

not being required to comply with the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act of 2002, as amended;

 

   

reduced obligations with respect to financial data, including presenting only two years of audited financial statements;

 

   

reduced disclosure obligations regarding executive compensation in our periodic reports, proxy statements, and registration statements; and

 

   

exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and any golden parachute payments not previously approved.

We may take advantage of these provisions until the last day of our fiscal year following the fifth anniversary of the date of the first sale of our Class A common stock in this offering. However, we will cease to be an emerging growth company prior to the end of such five-year period if (i) we become a “large accelerated filer,” with at least $700 million of common equity securities held by non-affiliates; (ii) our annual gross revenue exceeds $1.235 billion; or (iii) we issue more than $1.0 billion of non-convertible debt in any three-year period, whichever occurs first.

We have elected to take advantage of certain of the reduced disclosure obligations in the registration statement of which this prospectus is a part and may elect to take advantage of other reduced reporting requirements in future filings. As a result, the information that we provide to our stockholders may be different than you might receive from other public reporting companies in which you hold equity interests.

 

9


Table of Contents

In addition, the JOBS Act provides that an “emerging growth company” can take advantage of an extended transition period for complying with new or revised accounting standards. This provision allows an emerging growth company to delay the adoption of some accounting standards until those standards would otherwise apply to private companies. We have elected to use this extended transition period to enable us to comply with certain new or revised accounting standards that have different effective dates for public and private companies until the earlier of the date we (i) are no longer an emerging growth company, or (ii) affirmatively and irrevocably opt out of the extended transition period provided in the JOBS Act. As a result, our financial statements may not be comparable to companies that comply with new or revised accounting pronouncements as of public company effective dates.

 

10


Table of Contents

THE OFFERING

 

Class A common stock offered

23,000,000 shares

 

Option to purchase additional shares of Class A common stock in this offering

3,450,000 shares

 

Class A common stock to be outstanding after this offering

23,000,000 shares (or 26,450,000 shares, assuming the underwriters’ option to purchase additional shares of Class A common stock is exercised in full)

 

Class B common stock to be outstanding after this offering

152,433,785 shares

 

Total Class A common stock and Class B common stock to be outstanding after this offering

175,433,785 shares (or 178,883,785 shares, assuming the underwriters’ option to purchase additional shares of Class A common stock is exercised in full)

 

Directed share program

At our request, the underwriters have reserved up to 5% of the shares of Class A common stock offered by this prospectus, for sale at the initial public offering price through a directed share program to certain persons identified by our management, which may include certain parties we have a business relationship with and friends and family of management. Any reserved shares of Class A common stock that are not so purchased will be offered by the underwriters to the general public on the same terms as the other shares of our Class A common stock offered by this prospectus. See the section titled “Underwriting (Conflicts of Interest)—Directed Share Program.” If purchased by these persons, these shares will not be subject to lock-up restrictions, except to the extent that the purchasers of such shares are otherwise subject to lock-up or market stand-off agreements as a result of their relationships with us. The number of shares of Class A common stock available for sale to the general public will be reduced by the number of reserved shares sold pursuant to this program.

 

Concurrent bridge notes

Concurrently with, and conditioned upon, the pricing of this offering and certain other conditions, we intend to issue senior notes, which we refer to as the Bridge Notes, to Goldman Sachs & Co. LLC and Barclays Capital

 

11


Table of Contents
 

Inc. in an aggregate principal amount of up to $450.0 million. The Bridge Notes will accrue interest at 7.00% per year prior to the closing of this offering. We intend to use the borrowed amounts under the Bridge Notes, together with cash, cash equivalents, and short-term investments, to fund the payment of tax withholding and remittance obligations resulting from the RSU Net Settlement (as defined below), which payment will be made prior to the closing of this offering. We intend to use a portion of the net proceeds from this offering to repay such outstanding principal amount of the Bridge Notes and accrued interest thereon, as described below. See the section titled “Use of Proceeds” for more information regarding the Bridge Notes.

 

Use of proceeds

We estimate that our net proceeds from the sale of our Class A common stock in this offering will be approximately $632.6 million (or approximately $729.3 million if the underwriters’ option to purchase additional shares is exercised in full), assuming an initial public offering price of $29.50 per share, the midpoint of the price range set forth on the cover page of this prospectus, and after deducting underwriting discounts and commissions and estimated offering expenses payable by us.

 

  We intend to use a portion of the net proceeds we receive from this offering to repay in full the outstanding principal amount under the Bridge Notes and accrued interest thereon as well as debt issuance costs relating to the Bridge Notes. Prior to the closing of this offering, we intend to use the Bridge Notes, together with existing cash, cash equivalents, and short-term investments, to pay all of our anticipated tax withholding and remittance obligations related to the RSU Net Settlement. We intend to use the remaining net proceeds we receive from this offering for general corporate purposes, including working capital, operating expenses, and capital expenditures. We may also use a portion of the remaining net proceeds for acquisitions of, or strategic investments in, complementary businesses, products, services, or technologies, although we do not currently have any agreements or commitments for any material acquisitions or investments. See the section titled “Use of Proceeds” for additional information.

 

12


Table of Contents

Conflicts of interest

Because Goldman Sachs & Co. LLC and Barclays Capital Inc. are purchasers of the Bridge Notes and will receive 5% or more of the net proceeds of this offering due to the repayment of the Bridge Notes from the net proceeds, Goldman Sachs & Co. LLC and Barclays Capital Inc. are deemed to have conflicts of interest within the meaning of Rule 5121 of the Financial Industry Regulatory Authority, Inc., or FINRA. Accordingly, this offering will be conducted in accordance with Rule 5121, which requires, among other things, that a “qualified independent underwriter” participate in the preparation of, and exercise the usual standards of “due diligence” with respect to, the registration statement and this prospectus. Citigroup Global Markets Inc. has agreed to act as a qualified independent underwriter for this offering and to undertake the legal responsibilities and liabilities of an underwriter under the Securities Act of 1933, as amended, or the Securities Act, specifically including those inherent in Section 11 thereof. Citigroup Global Markets Inc. will not receive any additional fees for serving as a qualified independent underwriter in connection with this offering. We have agreed to indemnify Citigroup Global Markets Inc. against liabilities incurred in connection with acting as a qualified independent underwriter, including liabilities under the Securities Act. See the section titled “Underwriting (Conflicts of Interest)—Conflicts of Interest” for additional information.

 

Voting rights

We have two classes of common stock: Class A common stock and Class B common stock. Class A common stock is entitled to one vote per share and Class B common stock is entitled to 20 votes per share and is convertible at any time into one share of Class A common stock.

 

 

Holders of Class A common stock and Class B common stock will generally vote together as a single class, unless otherwise required by law or our amended and restated certificate of incorporation that will be in effect immediately prior to the closing of this offering. Once this offering is completed, the holders of our outstanding Class B common stock will hold approximately 86.9% of our outstanding shares

 

13


Table of Contents
 

and control approximately 99.3% of the voting power of our outstanding shares, and our executive officers, directors, and stockholders holding more than 5% of our outstanding shares, together with their affiliates, will beneficially own, in the aggregate, approximately 55.8% of our outstanding shares and control approximately 63.6% of the voting power of our outstanding shares.

 

  The holders of our outstanding Class B common stock will have the ability to control the outcome of matters submitted to our stockholders for approval, including the election of our directors and the approval of any change in control transaction. See the sections titled “Principal Stockholders” and “Description of Capital Stock” for additional information.

 

Risk factors

See the section titled “Risk Factors” and the other information included elsewhere in this prospectus for a discussion of factors you should carefully consider before deciding to invest in our Class A common stock.

 

Proposed NYSE trading symbol

“RBRK”

The number of shares of our Class A common stock and Class B common stock that will be outstanding after this offering is based on no shares of our Class A common stock and 152,433,785 shares of our Class B common stock (including shares of our redeemable convertible preferred stock and convertible founders stock on an as-converted basis and after giving effect to the RSU Net Settlement, as defined below) outstanding as of January 31, 2024, and excludes:

 

   

3,185,020 shares of Class B common stock issuable upon the exercise of stock options outstanding as of January 31, 2024, with a weighted-average exercise price of $6.23 per share;

 

   

8,000,000 shares of Class B common stock issuable upon the exercise of a stock option to be granted to an executive officer immediately prior to the effectiveness of the registration statement of which this prospectus forms a part, which will be subject to market-based conditions, with an exercise price equal to the initial public offering price per share set forth on the cover page of this prospectus (see the section titled “Executive Compensation” for additional information on the market-based conditions);

 

   

29,296,462 shares of Class B common stock issuable upon the vesting and settlement of restricted stock units, or RSUs, outstanding as of the date of this prospectus subject to service-based, market-based, and/or performance-based conditions, for which (i) the service-based condition or market-based condition, as applicable, was not satisfied as of such date and (ii) the performance-based condition, if applicable, will be satisfied upon the effectiveness of the registration statement of which this prospectus forms a part;

 

   

1,354,671 shares of our Class A common stock that we have reserved and may issue and donate in the future to fund our social impact and environmental, social, and governance

 

14


Table of Contents
 

initiatives, as more fully described in the section titled “Business—Social Responsibility and Community Initiatives”;

 

   

86,426,166 shares of our common stock reserved for future issuance under our 2024 Equity Incentive Plan, or the 2024 Plan, which will become effective upon the effectiveness of the registration statement of which this prospectus forms a part, including 44,417,163 new shares and the number of shares (not to exceed 42,009,003 shares) (i) that remain available for grant of future awards under our Amended and Restated 2014 Stock Option and Grant Plan, or the 2014 Plan, at the time the 2024 Plan becomes effective, which shares will cease to be available for issuance under the 2014 Plan at such time, and (ii) any shares underlying outstanding stock awards granted under our 2014 Plan that expire, or are forfeited, cancelled, withheld, or reacquired; and

 

   

4,607,303 shares of Class A common stock reserved for future issuance under our 2024 Employee Stock Purchase Plan, or 2024 ESPP, which will become effective in connection with this offering.

Our 2024 Plan and 2024 ESPP provide for annual automatic increases in the number of shares reserved thereunder. See the section titled “Executive Compensation—Employee Benefit and Stock Plans” for additional information.

Unless otherwise indicated, all information in this prospectus assumes:

 

   

our customer, annual recurring revenue, or ARR, and retention metrics do not include customers from our recent acquisition of Laminar Technologies, Inc.;

 

   

the reclassification of our common stock into Class B common stock and the authorization of our Class A common stock in connection with this offering;

 

   

the automatic conversion of 74,182,559 shares of our redeemable convertible preferred stock outstanding as of January 31, 2024 into an equal number of shares of Class B common stock immediately prior to the closing of this offering;

 

   

the automatic conversion of 5,400,000 shares of our convertible founders stock outstanding as of January 31, 2024 into an equal number of shares of Class B common stock immediately prior to the closing of this offering;

 

   

the filing and effectiveness of our amended and restated certificate of incorporation in Delaware and the adoption of our amended and restated bylaws, each of which will occur immediately prior to the closing of this offering;

 

   

the net issuance of 16,988,497 shares of Class B common stock in connection with the vesting and settlement of certain RSUs outstanding as of the date of this prospectus subject to service-based and/or performance-based conditions for which (i) the service-based condition was fully or partially satisfied as of such date and (ii) the performance-based condition, if applicable, will be satisfied upon the effectiveness of the registration statement of which this prospectus forms a part (which we refer to as the IPO Vesting RSUs), after giving effect to the withholding of 12,875,284 shares of our Class B common stock to satisfy the associated estimated tax withholding and remittance obligations (based on the assumed initial public offering price of $29.50 per share, the midpoint of the price range set forth on the cover page of this prospectus, and an assumed 44.5% tax withholding rate), which we refer to as the RSU Net Settlement;

 

   

the (i) expected incurrence of approximately $304.8 million in principal amount under the Bridge Notes following the date of this prospectus and the use of such borrowed amounts, together with existing cash, cash equivalents, and short-term investments, to fund the payment

 

15


Table of Contents
 

of tax withholding and remittance obligations in connection with the RSU Net Settlement, which payment will be made prior to the closing of this offering, and (ii) repayment in full of the aggregate principal amount of the Bridge Notes and accrued interest thereon in connection with the closing of this offering using net proceeds from this offering;

 

   

no exercise or forfeitures of outstanding stock options and, except as described above, no settlement of outstanding RSUs; and

 

   

no exercise by the underwriters of their option to purchase up to an additional 3,450,000 shares of our Class A common stock in this offering.

The assumed 44.5% tax withholding rate used in this prospectus is an assumed blended withholding rate for the IPO Vesting RSUs that are subject to withholding in the RSU Net Settlement. A portion of the IPO Vesting RSUs that will settle as part of the RSU Net Settlement are not subject to tax withholding obligations. The estimates in this prospectus relating to the RSU Net Settlement and related share withholding may differ from actual results due to, among other things, the actual initial public offering price and other terms of this offering determined at pricing, actual forfeitures through the date of this prospectus, and actual tax withholding rates. In addition, information in this prospectus relating to RSUs outstanding as of the date of this prospectus reflect estimated forfeitures through April 11, 2024.

The table presented below sets forth a summary of our equity capitalization as follows:

 

   

On a historical basis, reflecting shares of Class B common stock, and securities convertible into, exchangeable for, or that represent the right to receive, shares of Class B common stock, in each case outstanding as of January 31, 2024 (other than for RSUs outstanding, as described in footnote (4) to the table); and

 

   

after giving effect to (i) the equity adjustments assumed in the information in this prospectus, as described in the bullet points above, and (ii) the sale and issuance by us of 23,000,000 shares of Class A common stock in this offering, as set forth on the cover page of this prospectus.

 

16


Table of Contents

The information in the table presented below is based on (i) the assumed initial public offering price of $29.50 per share, the midpoint of the price range set forth on the cover page of this prospectus and (ii) an assumed 44.5% tax withholding rate for the RSU Net Settlement. The actual share withholding amounts and related withholding rates will fluctuate based on, among other things, the actual initial public offering price per share in this offering.

 

    January 31, 2024  
Historical   Common
Stock
(Outstanding)
    Redeemable
Convertible
Preferred
Stock(1)
    Convertible
Founders
Stock(2)
    Stock
Options(3)
    RSUs     Common
Stock
(Diluted)
 

Class B common stock

    55,862,729               55,862,729  

Redeemable convertible preferred stock

      74,182,559             74,182,559  

Convertible founders stock(2)

        5,400,000           5,400,000  

Stock options(3)

          3,185,020         3,185,020  

RSUs(4)

            59,160,243       59,160,243  
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total

    55,862,729       74,182,559       5,400,000       3,185,020       59,160,243       197,790,551  
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Pro forma and offering adjustments conversion of redeemable convertible preferred stock

    74,182,559       (74,182,559           —   

Conversion of convertible founders stock

    5,400,000         (5,400,000         —   

RSU Net Settlement

    16,988,497             (29,863,781     (12,875,284 )(5) 

Class A common stock offered by us

    23,000,000               23,000,000  
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total

    175,433,785       —        —        3,185,020       29,296,462       207,915,267  
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

 

(1) 

Represents the shares of Class B common stock underlying all outstanding shares of redeemable convertible preferred stock on an as-converted basis.

(2) 

Represents the shares of Class B common stock underlying all outstanding shares of convertible founders stock on an as-converted basis.

(3) 

The weighted-average exercise price of the stock options outstanding as of January 31, 2024 was $6.23 per share. The table excludes a stock option for 8,000,000 shares of Class B common stock that will be granted to an executive officer in connection with this offering, with an exercise price equal to the initial public offering price per share in this offering set forth on the cover page of this prospectus.

(4) 

Represents the sum of (i) 29,863,781 IPO Vesting RSUs, which consist of RSUs outstanding as of the date of this prospectus for which the service-based condition was satisfied as of such date and that will be part of the RSU Net Settlement, and (ii) 29,296,462 RSUs outstanding as of the date of this prospectus, for which the service-based condition was not satisfied as of such date but for which the performance-based condition was satisfied upon the effectiveness of the registration statement of which this prospectus forms a part.

(5) 

Represents shares of Class B common stock to be withheld to satisfy tax obligations in connection with the RSU Net Settlement.

 

17


Table of Contents

SUMMARY CONSOLIDATED FINANCIAL AND OTHER DATA

The following tables summarize our consolidated financial and other data. We derived the summary consolidated statements of operations data for the fiscal years ended January 31, 2023 and 2024 (except for pro forma net loss per share attributable to common stockholders and weighted-average shares used to compute pro forma net loss per share attributable to common stockholders) from our audited consolidated financial statements included elsewhere in this prospectus. Our historical results are not necessarily indicative of the results to be expected for any future period, and our interim results are not necessarily indicative of results to be expected for the full year or any other period. When you read this summary of consolidated financial and other data, it is important that you read it together with the historical consolidated financial statements and the related notes included elsewhere in this prospectus, as well as the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations.”

 

Consolidated Statements of Operations Data    Year Ended January 31,  
       2023         2024    
    

(in thousands, except per
share amounts)

 

Revenue

             

Subscription

   $ 385,272     $ 537,869  

Maintenance

     76,220       38,745  

Other

     138,327       51,278  
  

 

 

   

 

 

 

Total revenue

     599,819       627,892  
  

 

 

   

 

 

 

Cost of revenue

    

Subscription(1)

     62,294       97,927  

Maintenance(1)

     15,059       6,472  

Other(1)

     104,661       40,563  
  

 

 

   

 

 

 

Total cost of revenue

     182,014       144,962  
  

 

 

   

 

 

 

Gross profit

     417,805       482,930  

Operating expenses

    

Research and development(1)

     175,057       206,527  

Sales and marketing(1)

     417,542       482,532  

General and administrative(1)

     86,754       100,377  
  

 

 

   

 

 

 

Total operating expenses

     679,353       789,436  
  

 

 

   

 

 

 

Loss from operations

     (261,548     (306,506

Interest income

     5,140       11,216  

Interest expense

     (11,709     (30,295

Other income (expense), net

     (1,033     (1,884
  

 

 

   

 

 

 

Loss before income taxes

     (269,150     (327,469

Income tax expense

     8,596       26,689  
  

 

 

   

 

 

 

Net loss

   $ (277,746   $ (354,158
  

 

 

   

 

 

 

Net loss per share, basic and diluted(2)

   $ (4.66   $ (5.84
  

 

 

   

 

 

 

Weighted-average shares used in computing net loss per share, basic and diluted(2)

     59,590       60,628  
  

 

 

   

 

 

 

 

(1) 

Includes stock-based compensation expense as follows:

 

18


Table of Contents
     Year Ended January 31,  
       2023          2024    
    

(in thousands)

 

Cost of revenue

     

Subscription

   $ 53      $ 45  

Maintenance

     34        7  

Other

     140        11  

Research and development

     3,044        3,590  

Sales and marketing

     2,399        1,313  

General and administrative

     1,284        749  
  

 

 

    

 

 

 

Total stock-based compensation expense

   $   6,954      $   5,715  
  

 

 

    

 

 

 

 

(2) 

See Note 12 to our consolidated financial statements included elsewhere in this prospectus for an explanation of the method used to calculate basic and diluted net loss per share attributable to common stockholders and the weighted-average number of shares used in the computation of the per share amounts.

 

Consolidated Balance Sheet Data    January 31, 2024  
     Actual     Pro Forma(1)     Pro Forma
As Adjusted(2)(3)
 
     (in thousands)  

Cash, cash equivalents, and short-term investments

   $ 279,251     $ 204,251     $ 537,931  

Working capital(4)

     (107,568     (487,389     152,064  

Total assets

     873,610       798,610       1,124,878  

Deferred revenue, current and noncurrent

     1,106,261       1,106,261       1,106,261  

Redeemable convertible preferred stock

        714,713       —        —   

Total stockholders’ (deficit) equity

     (1,419,257     (1,084,365     (452,323

 

(1) 

The pro forma consolidated balance sheet data gives effect to (i) the automatic conversion of all outstanding shares of redeemable convertible preferred stock, of which there were 74,182,559 shares outstanding as of January 31, 2024, into an equal number of shares of Class B common stock, as if such conversion had occurred on January 31, 2024, (ii) the automatic conversion of all outstanding shares of convertible founders stock, of which there were 5,400,000 shares outstanding as of January 31, 2024, into an equal number of shares of Class B common stock, as if such conversion had occurred on January 31, 2024, (iii) the reclassification of our outstanding common stock as Class B common stock, (iv) stock-based compensation expense of $621.5 million related to RSUs subject to the RSU Net Settlement, reflected as an increase to additional paid-in capital and accumulated deficit, as further described in Notes 2 and 11 of our consolidated financial statements included elsewhere in this prospectus, (v) the net issuance of 16,988,497 shares of Class B common stock in connection with the RSU Net Settlement, after withholding 12,875,284 shares to satisfy estimated tax withholding and remittance obligations of $379.8 million (based on the assumed initial public offering price of $29.50 per share, the midpoint of the price range set forth on the cover page of this prospectus, and an assumed 44.5% tax withholding rate), (vi) the incurrence of $304.8 million in aggregate principal amount of Bridge Notes and the use of such borrowed amounts, together with existing cash, cash equivalents, and short-term investments, to pay the estimated tax withholding and remittance obligations in connection with the RSU Net Settlement prior to the closing of this offering, (vii) the related $304.8 million net increase in liabilities (without giving effect to $0.3 million in estimated debt issuance costs relating to the Bridge Note) and the corresponding $379.8 million decrease in additional paid-in capital and $75.0 million net decrease in cash, cash equivalents, and short-term investments resulting from (A) the RSU Net Settlement and related tax withholding and remittance obligations and (B) the subsequent issuance and use of use of proceeds from the Bridge Notes, together with existing cash, cash equivalents, and short-term investments, to repay such tax withholding and remittance obligations prior to the closing of this offering, and (viii) the filing and effectiveness of our amended and restated certificate of incorporation, which will occur immediately prior to the closing of this offering.

(2) 

The pro forma as adjusted consolidated balance sheet data gives effect to (i) the items described in footnote (1) above, (ii) our receipt of $639.0 million estimated net proceeds from the sale of shares of Class A common stock in this offering at an assumed initial public offering price of $29.50 per share, the midpoint of the estimated price range set forth on the cover page of this prospectus, after deducting underwriting discounts and commissions and estimated offering expenses payable by us (which offering expenses exclude $6.5 million of deferred offering costs that have been previously paid as of January 31, 2024 but include $0.9 million of deferred offering costs accrued and unpaid as of January 31, 2024); (iii) the elimination of $7.4 million of deferred offering costs, of which $6.5 million have been paid as of January 31, 2024 and $0.9

 

19


Table of Contents
  million were accrued and unpaid as of January 31, 2024, reflected as a decrease in other assets and additional paid-in capital of $7.4 million and a decrease in current liabilities of $0.9 million; (iv) the use of net proceeds from this offering to repay in full the aggregate principal amount of the Bridge Notes, $0.2 million of estimated accrued interest thereon as well as $0.3 million of estimated debt issuance costs relating to the Bridge Notes in connection with the closing of this offering; and (v) the related $0.5 million increase in accumulated deficit for debt issuance costs and interest expense.
(3) 

A $1.00 increase (decrease) in the assumed initial public offering price of $29.50 per share, the midpoint of the estimated price range set forth on the cover page of this prospectus, would increase (decrease) each of cash, cash equivalents, and short-term investments, working capital, total assets, and total stockholders’ (deficit) equity by $21.9 million, assuming that the number of shares of Class A common stock offered by us, as set forth on the cover page of this prospectus, remains the same, and after deducting underwriting discounts and commissions and estimated offering expenses payable by us. Similarly, each increase (decrease) of 1.0 million shares in the number of shares of Class A common stock offered by us would increase (decrease) each of cash, cash equivalents, and short-term investments, working capital, total assets, and total stockholders’ (deficit) equity by $28.0 million, assuming the assumed initial public offering price of $29.50 per share of Class A common stock remains the same, and after deducting underwriting discounts and commissions and estimated offering expenses payable by us. Each $1.00 increase (decrease) in the assumed initial public offering price per share of $29.50, which is the midpoint of the price range set forth on the cover page of this prospectus, would increase (decrease) the amount of estimated tax withholding and remittance obligations related to the RSU Net Settlement by $12.9 million. In addition, each 1.0% increase (decrease) in the assumed tax withholding rates would increase (decrease) the amount of estimated tax withholding and remittance obligations related to the RSU Net Settlement by $8.6 million. Pro forma adjustments in the footnotes above and the related information in the balance sheet data are illustrative only and may differ from actual amounts based on the actual initial public offering price and other terms of this offering determined at pricing, the actual tax withholding rates, as well as the actual amount of RSUs settled in connection with this offering.

(4) 

Working capital is defined as current assets less current liabilities.

 

Key Business Metrics    January 31,  
       2023         2024    
     (in thousands, except percentages
and customers)
 

Subscription ARR(1)

   $   532,929     $   784,029  

Cloud ARR(1)

   $ 239,198     $ 524,767  

Average Subscription Dollar-Based Net Retention Rate(1)

     150     133

Customers with $100,000 or Greater in Subscription ARR(1)

     1,204       1,742  

 

(1)

See the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Key Business Metrics” included elsewhere in this prospectus for our definitions of these metrics.

 

20


Table of Contents

Risk Factors

Investing in our Class A common stock involves a high degree of risk. You should consider and read carefully all of the risks and uncertainties described below, as well as other information included in this prospectus, including our consolidated financial statements and related notes appearing elsewhere in this prospectus, before making an investment decision. The risks described below are not the only ones we face. The occurrence of any of the following risks or additional risks and uncertainties not presently known to us or that we currently believe to be immaterial could materially and adversely affect our business, financial condition, or results of operations. In such case, the trading price of our Class A common stock could decline, and you may lose some or all of your original investment.

Risks Related to Our Business

Our recent rapid growth may not be indicative of our future growth. Our rapid growth also makes it difficult to evaluate our future prospects.

Our revenue was $599.8 million and $627.9 million for the fiscal year ended January 31, 2023, or fiscal 2023, and the fiscal year ended January 31, 2024, or fiscal 2024, respectively. You should not rely on the revenue growth of any prior quarterly or annual period as an indication of our future performance. Even if our revenue continues to increase, we expect that our revenue growth rate will fluctuate in the future as a result of a variety of factors, including our transition for new and existing customers to sales of Rubrik Security Cloud, or RSC, for which an increasing amount of our software revenue will be recognized ratably.

Overall growth of our revenue also depends on a number of factors, including our ability to:

 

   

expand the features and functionality of our data security products as well as increase the amount of data sources protected across enterprise, cloud, and SaaS applications;

 

   

extend our product leadership to expand our addressable market;

 

   

differentiate our data security products from products offered by others;

 

   

successfully develop a substantial sales pipeline for our products;

 

   

hire sufficient sales personnel to support our growth and reduce the time for such personnel to achieve desired productivity levels;

 

   

attract new customers and expand sales to our existing customers, including by effectively marketing and pricing our data security products and successfully transitioning existing customers to RSC;

 

   

increase awareness of our brand on a global basis as a data security company to successfully compete with other companies;

 

   

provide our customers with support that meets their needs;

 

   

effectively leverage and expand our partner ecosystem;

 

   

protect against security incidents;

 

   

successfully protect our intellectual property in the United States and other jurisdictions; and

 

   

expand to new international markets and grow within existing markets.

We may not successfully accomplish any of these objectives, and as a result, it is difficult for us to forecast our future results of operations. If the assumptions that we use to plan our business are incorrect or if we are unable to maintain consistent revenue or revenue growth, our stock price could

 

21


Table of Contents

be volatile and we may not be able to achieve and maintain profitability. You should not rely on our revenue for any prior quarterly or annual periods as any indication of our future revenue or revenue growth.

In addition, we expect to continue to expend substantial financial and other resources on:

 

   

expansion and enablement of our sales, services, and marketing organizations to increase brand awareness and drive adoption of our solutions;

 

   

product development, including investments in our product development team and the development of new products, new features, and functionality for our platform and products;

 

   

our cloud infrastructure technology, including systems architecture, scalability, availability, performance, and security;

 

   

our partner ecosystem;

 

   

international expansion;

 

   

acquisitions or strategic investments;

 

   

our information security program; and

 

   

general administration, including increased legal, human resources, and accounting expenses associated with being a public company.

These investments may not result in increased revenue for our business. If we are unable to maintain or increase our revenue at a rate sufficient to offset the expected increase in our costs, our business, financial condition, and results of operations will be harmed, and we may not be able to achieve or maintain profitability. Additionally, we may encounter unforeseen operating expenses, difficulties, complications, delays, decreased revenue growth associated with general macroeconomic and market conditions, volatility, or disruptions (including the effect of those events on our customers) and other unknown factors that may result in losses in future periods. If our revenue does not meet our expectations in future periods, our business, financial condition, and results of operations may be harmed.

If the market for data security solutions does not grow, our ability to grow our business and our results of operations may be adversely affected.

We believe our future success will depend in large part on the growth, if any, in the market for data security solutions. Traditionally, the cybersecurity industry has been focused on securing information technology infrastructure to prevent, detect, and investigate cyberattacks. Our platform brings a new approach to cybersecurity, which involves protecting our customers’ data across enterprise, cloud, and SaaS applications, observing the data itself to proactively identify emergent threats, remediating data security threats, and recovering protected data following a cybersecurity event. The market for data security solutions, such as our platform and data security products, is at an early stage and rapidly evolving. As such, it is difficult to predict this market’s potential growth, if any, customer adoption and retention rates, customer demand for data security platforms, or the success of competitive products. In the past, customer adoption of our platform and data security products has been driven by the need for data resilience due to increasing ransomware activity. We do not know whether the trends of increasing ransomware activity, or of increasing adoption of our platform and data security products such as ours that we have experienced in the past, will continue in the future. Any expansion in this market depends on a number of factors, including the cost, performance, and perceived value associated with our platform and data security products and similar solutions of our competitors, including preference to manage security with existing infrastructure security tools alone, rather than investing in a platform based data security solution. The markets for some of our solutions

 

22


Table of Contents

are new, unproven, and evolving, and our future success depends on growth and expansion of these markets. If our platform and data security products do not achieve widespread adoption or there is a reduction in demand for our platform and data security products due to a lack of customer acceptance, technological challenges, competing products or solutions, privacy concerns, decreases in corporate spending, weakening economic conditions, or otherwise, it could result in early terminations, reduced customer retention rates, or decreased revenue, any of which would adversely affect our business, financial condition, and results of operations. You should consider our business and growth prospects in light of the risks and difficulties we encounter in this new and evolving market.

We have a limited operating history, particularly with respect to our offering of RSC, which makes it difficult to forecast our future results of operations.

Although we were founded in December 2013, we only began offering our products and services in the fiscal year ended January 31, 2016, and we began offering RSC as a cloud native SaaS solution in fiscal 2023. As a result of our limited operating history, our ability to accurately forecast our future results of operations is limited and subject to a number of uncertainties, including our ability to plan for and forecast future growth. Our historical revenue growth should not be considered indicative of our future performance. Further, in future periods, we expect our revenue growth to fluctuate, slow, and possibly decline for a number of reasons, including mix shifts in our platform and data security products, as well as the impact on our revenue recognition resulting from our transition from selling our products primarily on the basis of subscription term-based licenses to SaaS subscriptions. The timing for this transition and related implications on our revenue recognition and trends will depend on our ability to transition existing customers to RSC in a timely manner. We are implementing certain initiatives to accelerate our existing customers’ migration to RSC as part of our business transition to SaaS, which include enforcement of migration deadlines. These initiatives may be perceived negatively by our customers. For example, these initiatives may require customers to prioritize preparation for their migration over other organizational needs, potentially resulting in diversion of resources. For certain existing customers, the perceived benefits from undertaking the migration may be outweighed by the anticipated time and effort required to prepare for and execute the migration, resulting in potential delays in customers’ transition to RSC. We expect these customers may consume our platform and products through a mix of RSC and a transitional license for Cloud Data Management, or CDM-T, for an extended period of time, resulting in the continued recognition of a portion of the associated revenue for some of these customers upfront at the time we transfer control of the license to the customer. Conversely, if some or all of these customers complete their transition to RSC sooner than we expect, less revenue would be recognized upfront during this period, which could cause our revenue to be lower than our estimates or forecasts or even result in a decrease in our revenue growth rates. Any of these factors could result in continued fluctuations in our revenue growth and adversely impact our ability to accurately predict our future revenue.

In addition, we operate in a new market for data security solutions, and as such we have encountered, and will continue to encounter, risks and uncertainties frequently experienced by growing companies in new and rapidly changing markets, such as the risks and uncertainties described throughout this prospectus.

Moreover, in future periods, our revenue growth could slow or decline due to slowing demand for our platform or data security products, increasing competition, decreased productivity of our sales and marketing organization, failure to retain existing customers or expand existing subscriptions, changing technology, a decrease in the growth of our overall market, evolving macroeconomic conditions, such as high inflation and recessionary environments, or our failure, for any reason, to continue to take advantage of growth opportunities. If our assumptions regarding these risks and uncertainties and our future revenue growth are incorrect or change, or if we do not address these risks successfully, our financial condition and results of operations could differ materially from our expectations, and our business could suffer.

 

23


Table of Contents

If we are unable to attract new customers, our future results of operations could be harmed.

To expand our customer base, we need to convince organizations to allocate a portion of their discretionary budgets to purchase our platform and data security products. Our sales efforts often involve educating organizations about the uses and benefits of our data security solutions. We may have difficulty convincing organizations of the value of adopting our data security solutions. Even if we are successful in convincing organizations that a platform like ours is critical to secure their data, they may not decide to purchase our data security solutions for a variety of reasons, some of which are out of our control. For example, any deterioration in general economic conditions has in the past caused, and may in the future cause, our current and prospective customers to delay or cut their overall security and IT operations spending. Macroeconomic concerns, customer financial difficulties, and constrained spending on security and IT operations may result in decreased revenue and adversely affect our financial condition and results of operations. Additionally, if the incidence of cyberattacks were to decline, or enterprises or governments perceive that the general level of cyberattacks has declined, our ability to attract new customers could be adversely affected. We may face additional difficulties in attracting organizations that use legacy security and data management products to purchase our data security products if they believe that these legacy products are more cost-effective or provide a level of IT security that is sufficient to meet their needs. Furthermore, the use of our data security products to manage data security, movement, and restoration across data centers is relatively new, and if we are unable to convince organizations of the benefits of our data security products, then our business, financial condition, and results of operations could be adversely impacted.

We have a history of operating losses and may not achieve or sustain profitability in the future.

We have experienced net losses in each period since inception. We generated net losses of $(277.7) million and $(354.2) million for fiscal 2023 and fiscal 2024, respectively. As of January 31, 2024, we had an accumulated deficit of $(1,682.5) million. While we have experienced rapid revenue growth in recent periods, we are not certain whether or when we will obtain a high enough volume of sales to achieve or maintain profitability in the future. In particular, as we expand the availability of our platform, increase our ability to secure data across multiple different sources, and extend our capabilities across data resilience, data observability, and data remediation, our ability to achieve and maintain profitability will be highly dependent on our ability to successfully market our platform and data security products to new and existing customers. We also expect our costs and expenses to increase in future periods, which could negatively affect our future results of operations if our revenue does not increase. In particular, we intend to continue to expend significant funds to further develop our data security products, including by introducing new features and functionality and securing additional applications, and to expand our sales, marketing, and services teams to drive new customer adoption, expand the use of our data security products by existing customers, support international expansion, and implement additional systems and processes to effectively scale operations. We will also face increased compliance costs associated with growth, the planned expansion of our customer base and pipeline, international expansion, and being a public company. In addition, our data security solutions operate on a public cloud infrastructure provided by third-party vendors, including Google Cloud, or GCP, Microsoft Azure, or Azure, and Amazon Web Services, or AWS, and our costs and gross margins are significantly influenced by the prices we are able to negotiate with these public cloud providers. To the extent we are able to drive adoption of our platform and data security products, we may incur increased costs related to our public cloud contracts, which would negatively impact our gross margins. Our efforts to grow our business may be costlier than we expect, or the rate of our growth in revenue may be slower than we expect, and we may not be able to increase our revenue enough to offset our increased operating expenses. In addition, our efforts and investments to implement systems and processes to scale operations may not be sufficient or may not be appropriately executed. As a result, we may incur significant losses in the future for a number of reasons, including the other risks described herein, unforeseen expenses, difficulties, complications, or

 

24


Table of Contents

delays, and other unknown events. If we are unable to achieve and sustain profitability, the value of our business and Class A common stock may significantly decrease.

Furthermore, we have historically sold our products to customers as perpetual licenses with associated maintenance contracts or as subscription term-based licenses with associated support, and with respect to the latter, we recognized a portion of the revenue upfront at the time we transferred control of the subscription term-based license to the customer and deferred the remainder. Moving forward, we expect that substantially all of our new and existing customers will continue to adopt RSC primarily on a SaaS subscription basis. As of the end of fiscal 2024, RSC represented a majority of our total revenue. In addition, we have historically sold Rubrik-branded Appliances to help our customers secure their enterprise data. In the third quarter of fiscal 2023, we began transitioning the sale of Rubrik-branded Appliances from us to our contract manufacturers, and as a result, the amount of revenue we recognize from sales of Rubrik-branded Appliances has and will continue to decline over time. We expect these transitions to adversely affect our revenue as well as our profitability through the fiscal year ending January 31, 2027. However, this timing will depend in part on when a substantial portion of our existing customers complete their transition to RSC.

In addition, following the completion of this offering, the stock-based compensation expense related to our RSUs will result in significant increases in our expenses in future periods, which may negatively impact our ability to achieve profitability. In particular, in the quarter in which this offering is completed, we will recognize approximately $621.5 million of stock-based compensation expense associated with the satisfaction of the performance-based condition for certain outstanding RSUs, for which the service-based conditions have been fully or partially satisfied prior to this offering, which will also negatively impact our cash flow for that quarter.

If our customers do not renew their subscriptions for our platform and data security products or expand their subscriptions to increase the amount of data secured, secure new applications, or include new features or capabilities, our results of operations could be harmed.

In order for us to maintain or improve our results of operations, it is important that our customers renew their subscriptions for our data security solutions, add data security products, and increase the volume of their data protected by our data security solutions. We expand our commercial purchase relationships with our existing customers as they increase the volume of their data protected by our data security solutions and secure additional applications and workloads. Our customers have no obligation to renew their subscription for our data security solutions after the expiration of their contractual subscription period, which is generally three years, and in the normal course of business, some customers have elected not to renew their subscriptions. In addition, customers may elect to shorten the term of their subscription, select a lower subscription edition, or purchase less capacity. Our customer retention and expansion may also decline or fluctuate as a result of a number of factors, including our customers’ satisfaction with our data security solutions, our pricing, customer prioritization of security, our customers’ spending levels, our customers’ ability to procure Rubrik-branded Appliances or other compatible third-party commodity servers to implement our data security products, mergers and acquisitions involving our customers, industry developments, competition, changing regulatory environments, and general economic conditions. Our strategies and initiatives to accelerate the transition of our existing customers to RSC, even if executed properly by our sales and support teams, may result in customer dissatisfaction, the loss of customers, or reduced usage of our platform, any of which would harm our business, financial condition, and results of operations. Moreover, customers tend to expand their usage of our data security solutions over time as the amount of data they need to protect grows. As a result, strong customer retention over time generally leads to a higher degree of usage of our data security solutions. Therefore, a decline in customer retention may have a significant impact on our results of operations, including a decline in our average subscription dollar-based net retention rate, which could cause the price of our Class A common stock to decline or

 

25


Table of Contents

fluctuate. If our efforts to maintain and expand our relationships with our existing customers are not successful, our business, financial condition, and results of operations may suffer.

If our data security solutions fail or do not perform as intended or are perceived to have defects, errors, or vulnerabilities, our brand and reputation will be harmed, which would adversely affect our business and results of operations.

Our data security solutions are complex and, like all software, may contain undetected defects, errors, or vulnerabilities. Real or perceived defects, errors, or vulnerabilities in our data security solutions, the failure of our data security solutions to secure, observe, and restore our customers’ data, misconfiguration of our data security solutions, or the failure of customers to deploy our data security solutions in combination with industry best practices could harm our reputation, result in a loss of, or delay in, market acceptance of our data security solutions, result in a loss of existing or potential customers, and adversely affect our business, financial condition, and results of operations. We are continuing to evolve the features and functionality of our data security products through updates and enhancements, and as we do so, we may introduce defects, errors, or vulnerabilities that may not be detected until after deployment by our customers. In addition, implementation or use of our data security solutions that is not correct or as intended may result in inadequate performance and disruptions in service. Moreover, if we acquire companies or technologies developed by third parties, difficulties integrating such acquired technologies may result in product flaws or software vulnerabilities.

Additionally, we cannot assure you that our data security solutions will prevent all data loss or other types of data security incidents, especially in light of the rapidly changing security threat landscape that our data security solutions seek to address. Due to a variety of both internal and external factors, our data security solutions could become vulnerable to security incidents (both from intentional attacks and accidental causes) that could cause them to fail to adequately secure or observe data or to restore data in the event of a security incident, such as a ransomware event or disaster.

Moreover, as our data security solutions are adopted by an increasing number of organizations worldwide, it is possible that such solutions may be subject to continued, persistent research and reconnaissance by threat actors in order to discover weaknesses in our technology that can be exploited. If our data security solutions are compromised, a significant number or, in some instances, all, of our customers and their data could be adversely affected. The potential liability and associated consequences we could suffer as a result of such a large-scale event could be catastrophic and result in irreparable harm. Since our business is focused on providing data security services to our customers, an actual or perceived security incident affecting our internal systems, networks, or data would be especially detrimental to our reputation and our business.

Because we can access customer data in certain limited circumstances, such as when providing customer support, and such customer data in some cases may contain personal data or confidential information, a security compromise, or an accidental or intentional misconfiguration or malfunction of our platform, could result in personal data and other confidential information being compromised. If a high-profile ransomware attack occurs with respect to our or another cloud-based security platform or a third-party cloud provider, organizations may lose trust in SaaS platforms and associated products such as ours.

Organizations are increasingly subject to a wide variety of cyberattacks on their networks, systems, and data. If any of our customers experience a ransomware attack while using our data security solutions and are unable to secure, observe, or restore their data, such customers could discontinue use of our data security solutions, regardless of whether our data security solutions were adequately deployed, configured, or used to protect the data in the customer’s environment. Real or

 

26


Table of Contents

perceived security incidents involving our customers’ networks could cause disruption or damage to their networks or other negative consequences and could result in negative publicity to us, damage to our reputation, and other customer relations issues, any of which may adversely affect our revenue and results of operations.

In addition, errors in our data security solutions could cause system failures, loss of data, or other adverse effects for our customers, which may result in the assertion of warranty and other claims for substantial damages against us. The potential liability and associated consequences we could suffer as a result of such an incident could be catastrophic and cause irreparable harm to our reputation and results of operations. Although our agreements with our customers typically contain provisions that are intended to limit our exposure to such claims, it is possible that these provisions may not be effective or enforceable under the laws of some jurisdictions. While we seek to insure against these types of claims, our insurance policies may not adequately limit our exposure. These claims, even if unsuccessful, could be costly and time consuming to defend and could harm our business, financial condition, results of operations, and cash flows.

Our information technology systems or data, or those of third parties upon which we rely, have in the past been, and may in the future be, compromised, which may cause us to experience significant adverse consequences, including but not limited to regulatory investigations or actions, litigation, fines and penalties, disruptions of our business operations, reputational harm, loss of revenue or profits, loss of customers or sales, and other adverse consequences. As a data security company, we have been and may in the future be specifically targeted by various threat actors who try to compromise our information technology systems or data.

As a SaaS provider, the reliability and continuous availability of our platform is critical to our success. In the ordinary course of our business, we or the third parties upon which we rely, may collect, receive, store, process, generate, use, transfer, disclose, make accessible, protect, secure, dispose of, transmit, share, or otherwise process proprietary, confidential, and other sensitive data, including customer data which may include data about individuals, including various data categories and elements associated with an individual, intellectual property, and trade secrets, or collectively, Sensitive Information. We collect such information from individuals located both in the United States and abroad and may store or process such information outside the country in which it was collected.

Organizations, particularly organizations like ours that provide data security solutions, are subject to a wide variety of attacks on their networks, systems, and endpoints, and techniques used to sabotage or to obtain unauthorized access to networks in which data is stored or through which data is transmitted change frequently. For example, in March 2023, we announced that a malicious third party gained unauthorized access to a limited amount of information in one of our non-production information technology testing environments. The unauthorized access did not include access to data that we secure on behalf of customers or access to any other sensitive data, and there was no disruption to our business or financial systems or to other operations. However, there can be no guarantee that any attack in the future will have a similarly minimal impact, should one occur.

Cyberattacks, malicious internet-based activity, online and offline fraud, and other similar activities threaten the confidentiality, integrity, and availability of our Sensitive Information and information technology systems, and those of the third parties upon which we rely. Such threats are prevalent, continuing to rise, increasingly difficult to detect, and come from a variety of sources, including traditional computer “hackers,” threat actors, “hacktivists,” organized criminal threat actors, personnel (such as through theft, misuse, or accidental disclosure), sophisticated nation states, and nation-state-supported actors. Some actors now engage in and are expected to continue to engage in cyberattacks, including without limitation nation-state actors for geopolitical reasons and in conjunction with military conflicts and defense activities. During times of war and other major conflicts, we and the

 

27


Table of Contents

third parties upon which we rely may be vulnerable to a heightened risk of these attacks, including retaliatory cyberattacks, that could materially disrupt our systems and operations, supply chain, and ability to produce, sell, and distribute our data security solutions. We and the third parties upon which we rely may be subject to a variety of evolving threats, including but not limited to social-engineering attacks (including through phishing attacks), malicious code (such as viruses and worms), computer generated or altered fraudulent content (i.e., “deep fakes,” which may be increasingly difficult to identify), malware (including as a result of advanced persistent threat intrusions), denial-of-service attacks (such as credential stuffing), personnel misconduct or error, other inadvertent compromises of our systems and data (including those arising from process, coding, or human error), ransomware attacks, supply-chain attacks, software bugs, server malfunctions, software or commodity appliance failures, loss of data or other information technology assets, adware, telecommunications failures, attacks enhanced or facilitated by artificial intelligence, or AI, and other similar threats.

In particular, severe ransomware attacks are becoming increasingly prevalent and can lead to significant interruptions in our operations, loss of sensitive data and income, reputational harm, and diversion of funds. Extortion payments may alleviate the negative impact of a ransomware attack, but we may be unwilling or unable to make such payments due to, for example, applicable laws or regulations prohibiting such payments. Given our data security solutions’ capabilities and marketing and promotional programs related to ransomware recovery, we face heightened risk of being targeted by bad actors.

Moreover, future or past business transactions (such as acquisitions or integrations) could expose us to additional cybersecurity risks and vulnerabilities, as our systems could be negatively affected by vulnerabilities present in acquired or integrated entities’ systems and technologies. Furthermore, we may discover security issues that were not found during due diligence of such acquired or integrated entities, and it may be increasingly difficult to integrate companies into our information technology environment and security program.

We rely on third parties to provide and/or operate critical business systems, process sensitive information, and to help us deliver services to our customers and their end-users. These third parties process customer information in a variety of contexts, including, without limitation, cloud-based infrastructure, data center facilities, encryption and authentication technology, employee email, content delivery to customers, and other functions. For example, our data security solutions are built to be available on the infrastructure of third-party public cloud providers such as GCP, Azure, and AWS. We may also rely on other third-party service providers, contract manufacturers, and original equipment manufacturers, or OEMs, or collectively with contract manufacturers, Manufacturers, to provide other products or services, or otherwise to assist us with operating our business. While we conduct diligence on these third parties, our ability to monitor these third-parties’ information security practices is limited, and these third parties may not have adequate information security measures in place. In addition, supply-chain attacks have increased in frequency and severity, and we cannot guarantee that third parties’ infrastructure in our supply chain or our third-party partners’ supply chains have not been or will not be compromised.

We take steps designed to detect, mitigate, and remediate vulnerabilities in our information systems (such as our hardware and/or software, including that of third parties upon which we rely). However, we have and may be unable to detect and remediate all such vulnerabilities in our information systems (including our platform and data security products) on a timely basis. Further, we may experience delays in developing and deploying remedial measures and patches designed to address identified vulnerabilities that could be exploited and, ultimately, result in a security incident.

Any of the previously identified vulnerabilities or cybersecurity threats could cause a security incident or other interruption that could result in unauthorized, unlawful, or accidental acquisition,

 

28


Table of Contents

modification, destruction, loss, alteration, encryption, disclosure of, or access to our Sensitive Information or our information technology systems, or those of the third parties upon whom we rely. A security incident or other interruption could disrupt our ability (and that of third parties upon whom we rely) to provide our platform. Additionally, our business depends upon the appropriate and successful implementation of our platform by our customers. If our customers fail to use our platform according to our specifications or are unwilling or unable to deploy such patches we make available for vulnerabilities effectively or in a timely manner, our customers may suffer a security incident or other interruptions on their own systems or other adverse consequences. Even if such an incident is unrelated to our security practices, it could result in our incurring significant economic and operational costs in investigating, remediating, and implementing additional measures to further protect our customers from their own security issues or vulnerabilities and could result in reputational harm.

Certain data privacy and security obligations may require us to implement and maintain specific industry standard, reasonable security measures to protect our information technology systems and customer information. Additionally, applicable data privacy and security obligations may require us to notify relevant stakeholders, including affected individuals, customers, regulators, and investors, of security incidents, or to implement other requirements, such as providing credit monitoring. Such disclosures, and compliance with such requirements, are costly, and the disclosure or the failure to comply with such requirements could lead to adverse consequences. Though we have expended, and anticipate continuing to expend, significant resources to try to protect against security incidents by implementing technical, administrative, and physical measures designed to protect the privacy and security of data running through our, and our third parties’, systems, it is virtually impossible for us to entirely eliminate the risk of such security incidents or interruptions.

If we (or a third-party upon whom we rely) experience a security incident or are perceived to have experienced a security incident, we may experience adverse consequences such as government enforcement actions (for example, investigations, fines, penalties, audits, and inspections); additional reporting requirements and/or oversight; restrictions on processing data (including data about individuals); litigation (including class claims); indemnification obligations; negative publicity; reputational harm; monetary fund diversions; interruptions in our operations (including availability of data); financial loss; and other similar harms. Security incidents and attendant consequences may cause customers to stop purchasing our data security solutions, deter new customers from purchasing our data security solutions, and negatively impact our ability to grow and operate our business. As a data security company, we could be exposed to additional reputational risks should a security incident occur.

Our contracts may not contain limitations of liability, and even where they do, there can be no assurance that limitations of liability in our contracts are sufficient to protect us from liabilities, damages, or claims related to security incidents, vulnerabilities, or our data privacy and security obligations. We cannot be sure that our insurance coverage will be adequate or sufficient to protect us from or to mitigate liabilities arising out of our privacy and security practices, that such coverage will continue to be available on commercially reasonable terms or at all, or that such coverage will pay future claims.

Our use of generative artificial intelligence tools may pose risks to our proprietary software and systems and subject us to legal liability.

We use generative AI tools in our business, and we expect to use generative AI tools in the future, including to generate code and other materials incorporated into our products, proprietary software, and systems, and for other internal and external uses. Generative AI refers to deep-learning models that can generate new data, such as text, images, and other content, by analyzing and emulating existing data. Advanced generative AI tools, which may produce content indistinguishable from that generated by humans, are a relatively novel development, with benefits, risks, and liabilities

 

29


Table of Contents

still unknown. Recent decisions of governmental entities and courts (such as the U.S. Copyright Office, U.S. Patent and Trademark Office, and U.S. Court of Appeals for the Federal Circuit) interpret U.S. copyright and patent law as limited to protecting works and inventions created by human authors and inventors, respectively. We are therefore unlikely to be able to obtain U.S. copyright or patent protection for works or inventions wholly created by a generative AI tool, and our ability to obtain U.S. copyright and patent protection for source code, text, images, inventions, or other materials, which are developed with some use of generative AI tools, may be limited, if available at all. Likewise, the availability of such IP protections in other countries is unclear. In addition, we may have little or no insight into and no control over the content and materials used by vendors to train these generative AI tools. There is ongoing litigation over whether the use of copyrighted materials to train the AI models used in these tools is lawful, and the impact of decisions in such litigation on our use of generative AI tools is unknown. Additionally, our use of third-party generative AI tools to develop source code, text, images, inventions, or other materials may expose us to greater risks than utilizing contracted human developers, as third-party generative AI vendors typically do not provide warranties or indemnities with respect to the output generated by such generative AI tools, and generative AI tools may also hallucinate, providing output that appears correct but is erroneous. Furthermore, some generative AI tools may be offered under terms that do not protect the confidentiality of the prompts or inputs that users submit to such tools and may use prompts or inputs to train shared AI models, potentially resulting in third-party users receiving outputs containing information from prompts or inputs (including confidential, competitive, proprietary, or personal data) that we submitted to the tool. The disclosure and use of personal data in AI technologies is also subject to various privacy laws and other privacy obligations. Prior to implementing a generative AI tool, our AI Governance Committee (including leaders from our Engineering, Product, Legal, and Information Security teams) performs an analysis and review of the tool, including evaluation of potential legal, security, and business risks and steps that can be taken to mitigate any such risks. The selection criteria and analysis include consideration of how use of the generative AI tool could raise issues relating to confidential information, personal data and privacy, customer data and contractual obligations, open source software, copyright and other intellectual property rights, transparency, output accuracy and reliability, and security. Additionally, while we employ practices designed to evaluate, track, and mitigate risk around our use of third-party generative AI tools, our use of such tools may inadvertently violate a third party’s rights, be non-compliant with the applicable terms of use or our other legal obligations, or result in a security or privacy risk or data leakage. Our use of this technology could result in additional compliance costs, regulatory investigations and actions, and lawsuits. For example, we may face claims from third parties claiming infringement of their intellectual property rights or mandatory compliance with open-source software or other license terms with respect to software or other materials or content we believed to be available for use and not subject to license terms or other third-party proprietary rights. Any of these claims could result in legal proceedings and could require us to purchase costly licenses, comply with the requirements of third-party licenses, or limit or cease using the implicated software or other materials or content, unless and until we can re-engineer such software, materials, or content to avoid infringement or change the use of, or remove, the implicated third-party materials, which could reduce or eliminate the value of our technologies and services. Our use of generative AI tools to generate code may also present additional security risks because the generated source code may contain security vulnerabilities. Additionally, the vendors of these generative AI tools may fail to comply with their contractual obligations to us regarding the confidentiality or security of any data or other inputs provided to such vendor or outputs generated by their generative AI tools. Our sensitive information or that of our customers could be leaked, disclosed, or revealed as a result of or in connection with our employees’, personnel’s, or vendors’ use of third-party generative AI technologies.

We may also market our own products as generative AI tools, or Generative AI Products. Some of our customers, especially those in highly regulated industries, may be reluctant or unwilling to adopt Generative AI Products. Accordingly, adoption of generative AI features in our products and marketing our products as Generative AI Products could reduce or delay customer adoption. Because generative

 

30


Table of Contents

AI models can hallucinate and provide erroneous output, offering Generative AI Products could result in customer dissatisfaction or potentially claims against us arising out of customer reliance on erroneous output to their detriment. Our Generative AI Products may require us to train or fine-tune AI models using datasets collected by us or from third-party vendors. While we have processes and practices designed to ensure that we and any vendors that we use to source training data have the necessary rights to use such datasets for training our Generative AI Products, we may not in every instance be able to confirm that all of the information contained in such datasets has been obtained with the necessary permissions for us to use for purposes of our Generative AI Products. For example, we may use publicly available data to train our Generative AI Products that contains information that was unlawfully acquired from third parties without our knowledge. While we have employed processes designed to help us avoid using any personal data to train or fine-tune our Generative AI Products, it may be difficult for us to avoid or identify all instances where a user might nonetheless submit personal data to our Generative AI Products. Furthermore, if we were to receive claims from third parties asserting rights against our use of certain datasets used to train our Generative AI Products, it may be difficult or impossible for us to disentangle our trained models from the subject matter of the claims.

Any of these risks could be difficult to eliminate or manage, and, if not addressed, could adversely affect our business, financial condition, results of operations, and growth prospects.

We expect our revenue mix and certain business factors to impact the amount of revenue recognized period to period, which could make period-to-period revenue comparisons not meaningful and difficult to predict.

We expect our revenue mix to vary over time due to a number of factors, including the timing of when customers adopt RSC and the mix of our subscriptions for different data security products. Our subscription revenue includes revenue from sales of subscription term-based licenses, a portion of which is recognized upfront when we transfer control of the subscription term-based license to the customer, and revenue from sales of SaaS subscriptions and support, which is recognized ratably over the contract period. Due to the proportion of our contracts trending from subscription term-based licenses to SaaS subscriptions, the timing of the migration of our existing customers from Cloud Data Management to RSC, as well as the estimates and assumptions used to account for certain customers’ Subscription Credits (as defined below) related to their Refresh Rights (as defined below), our revenue may fluctuate and period-to-period revenue comparisons may not be meaningful, and our past results may not be indicative of future performance. We cannot be certain how long these factors may persist. For example, as our existing customers prepare to migrate to RSC, we expect certain of them to consume our solutions through a mix of RSC and CDM-T during which time we will continue recognizing a portion of the associated revenue upfront. These factors make it challenging to forecast our revenue as the mix of solutions and services, the timing of our customers’ RSC transition, as well as the size of contracts, are difficult to predict.

We rely upon third-party cloud providers to host our data security solutions, and any disruption of, or interference with, our use of third-party cloud products would adversely affect our business, financial condition, and results of operations.

Customers of RSC and our other cloud services need to be able to access our data security solutions at any time, without interruption or degradation of performance, and we provide them with service-level commitments with respect to uptime. We leverage GCP, Azure, and AWS for substantially all of the infrastructure that supports our data security solutions. Our cloud services depend on the cloud infrastructure hosted by these third-party providers to support our configuration, architecture, features, and interconnection specifications, as well as secure the information stored in these virtual data centers, which is transmitted through third-party internet service providers. Any limitation on the capacity of our third-party hosting providers, including due to technical failures, shifts in product

 

31


Table of Contents

capabilities or licensing models, natural disasters, fraud, or security attacks, could impede our ability to fulfill our current contractual commitments, onboard new customers, or expand the usage of our existing customers, which could adversely affect our business, financial condition, and results of operations.

In addition, third-party cloud providers run their own platforms that we access, and we are, therefore, vulnerable to their service interruptions. We may experience interruptions, delays, and outages in service and availability from time to time as a result of problems with our third-party cloud providers’ infrastructure. Lack of availability of this infrastructure could be due to a number of potential causes that we cannot predict or prevent, including technical failures, natural disasters, fraud, or cyber security attacks. Such outages could lead to the triggering of our service-level commitments and extensions of affected services at no charge to our customers, which may impact our business, financial condition, and results of operations. In addition, if our security, or that of any of these third-party cloud providers, is compromised, our software is unavailable, or our customers are unable to use our software within a reasonable amount of time or at all, our business, financial condition, and results of operations could be adversely affected. In some instances, we may not be able to identify the cause or causes of these performance problems within a period of time acceptable to our customers. It is possible that our customers and potential customers would hold us accountable for any breach of security affecting a third-party cloud provider’s infrastructure, and we may incur significant liability from those customers and from third parties with respect to any breach affecting these systems. We may not be able to recover a material portion of our liabilities to our customers and third parties from a third-party cloud provider. It may also become increasingly difficult to maintain and improve our performance, especially during peak usage times, as our software becomes more complex and the usage of our software increases. Any of the above circumstances or events may harm our business, financial condition, and results of operations.

We may not be able to successfully manage our growth, and if we are not able to grow efficiently, our business, financial condition, and results of operations could be harmed.

As usage and adoption of our platform and data security products grow, we will need to devote additional resources to improving our capabilities, features, and functionality. In addition, we will need to appropriately scale our internal business operations and our services organization to serve our growing customer base. Any failure of or delay in these efforts could result in impaired product performance and reduced customer satisfaction, resulting in decreased sales to new customers, lower average subscription dollar-based net retention rates, or the issuance of service credits or requested refunds, which would hurt our revenue growth and our reputation. Further, any failure in optimizing the costs associated with use of third-party cloud services as we scale could negatively impact our margins. Our expansion efforts will be expensive and complex and will require the dedication of significant management time and attention. We could also face inefficiencies, vulnerabilities, or service disruptions as a result of our efforts to scale our internal infrastructure, which may result in extended outages, loss of customer trust, and harm to our reputation. We cannot be sure that the expansion of and improvements to our internal infrastructure will be effectively implemented on a timely basis, if at all, and such failures could harm our business, financial condition, and results of operations.

The markets in which we participate are competitive, and if we do not compete effectively, our business, financial condition, and results of operations could be harmed.

The data security market is new and intensely competitive, characterized by rapidly changing technology and evolving standards, changing customer requirements, and frequent new product introductions. Our main competitors fall into the following categories:

 

   

Data management and protection vendors, such as Dell-EMC, IBM, Commvault, Veeam, and Cohesity (Cohesity recently announced its proposed acquisition of Veritas’ data protection business);

 

32


Table of Contents
   

Cloud and SaaS data management vendors with products that compete in some of our markets; and

 

   

Vendors that provide cyber/ransomware detection and investigation, security posture management, insider threat detection, data classification, and other data security or data governance technologies.

The principal competitive factors in our industry include product functionality, product integration, platform coverage, ability to scale, price, worldwide sales infrastructure, global technical support, labor and development costs, name recognition, and reputation. The ability to converge data security and data management in a cloud architecture is also a significant competitive factor in our industry. If we are unable to address these factors, our competitive position could weaken, and we could experience a decline in revenue that could adversely affect our business.

Many of our current and potential competitors have longer operating histories and have substantially greater financial, technical, sales, marketing, and other resources than we do, as well as larger installed customer bases, greater name recognition, lower labor and development costs, and broader product solutions, including servers. Some of these competitors can devote greater resources to the development, promotion, sale, and support of their data security products than we can. As a result, these competitors may be able to respond more quickly to new or emerging technologies and changes in customer requirements. For example, many of our competitors are investing in AI technology to improve their data security products, which could enable them to respond more quickly to new or emerging threats and changes in customer requirements.

It is also costly and time-consuming to change data management systems. Most of our new or potential customers have already installed data management systems, which gives an incumbent competitor an advantage in retaining a customer due to significant risk to data continuity from switching vendors. The incumbent competitor already understands the data, applications, network infrastructure, user demands, and information technology needs of the customer, such that some customers are reluctant to invest the time, money, and resources necessary to implement configuration, integration, training, and other operational complexities that arise from another vendor. In addition, for any of our existing customers that have not yet transitioned to RSC, any perceived negative impacts or incremental costs associated with the transition to RSC, or a more rapid transition than planned by the customer, may result in customer dissatisfaction and give our competitors an opportunity to acquire these customers.

Our current and potential competitors may establish cooperative relationships among themselves or with third parties or may merge with each other. If so, new competitors, alliances, or merged entities that include our competitors may emerge that could acquire significant market share. In addition, large operating systems, applications, and cloud vendors have introduced products or functionality that include some of the same functions offered by our data security solutions. In the future, further development by these vendors could cause our data security solutions to become redundant, which could seriously harm our business, financial condition, and results of operations.

In addition, we expect to encounter new competitors, including public cloud providers and SaaS companies that build native data security and management solutions, as we expand in current markets or enter new markets. Furthermore, many of our existing competitors are broadening their operating systems platform coverage. We expect that competition will increase as a result of future software industry consolidation. Increased competition could harm our business by causing, among other things, price reductions of our data security solutions, reduced profitability, and loss of market share.

 

33


Table of Contents

The estimates of market opportunity, forecasts of market growth, and potential return on investment included in this prospectus may prove to be inaccurate, and even if the market in which we compete achieves the forecasted growth, our business could fail to grow at similar rates, if at all.

Market opportunity estimates and growth forecasts included in this prospectus, whether obtained from third-party sources or developed internally, are subject to significant uncertainty and are based on assumptions and estimates that may not prove to be accurate. The data security market is at an early stage and is rapidly evolving. As we are working to create a market for data security from other existing markets that focused on other elements of cybersecurity, our market is at an early stage and rapidly evolving. As a result, the size and future growth of this market are difficult to accurately estimate and subject to change. In addition, third-party estimates of the addressable market for the security and data management sectors reflect the opportunity available from all participants and potential participants, and we cannot predict with precision our ability to address this demand or the extent of market adoption of our platform and data security products. Moreover, the market segments we are targeting may grow at different rates. The variables that go into the calculation of our market opportunity are subject to change over time, and there is no guarantee that any particular number or percentage of addressable businesses covered by our market opportunity estimates will purchase our data security solutions or generate any particular level of revenue for us. Any expansion in our market opportunity depends on a number of factors, including the cost, performance, and perceived value associated with our data security solutions and the products of our competitors. Even if the areas in which we compete achieve the forecasted growth, our business could fail to grow at similar rates, if at all.

There are a limited number of contract manufacturers and original equipment manufacturers of commodity servers that are compatible with our data security solutions, and failure to accurately forecast demand for these commodity servers or successfully manage the relationship with such manufacturers could negatively impact the ability to sell our offerings.

A limited number of Manufacturers produce commodity servers that are compatible with our data security solutions. We do not own or operate any manufacturing facilities and rely on these Manufacturers for such products. These Manufacturers manage the supply chain for these products and, alone or together with us or our distributors and resellers, or Channel Partners, negotiate component costs. Our reliance on Manufacturers and Channel Partners reduces our control over the assembly process, quality assurance, production costs, and product supply. If the relationships with Manufacturers are not properly managed or if Manufacturers experience delays, interruptions, or supply-chain disruptions, including due to international conflicts and geopolitical tensions (such as the imposition of new trade restrictions and tariffs due to escalating tensions, hostilities, or trade disputes), health epidemics or pandemics, new trade laws and regulations, capacity constraints, or quality control problems in their operations, the ability for customers to procure compatible commodity servers could be impaired. If we or our Channel Partners are required to change or qualify a new Manufacturer for any reason, including financial considerations, reduction of manufacturing output made available to us, or the termination of our or our Channel Partners’ contract with the Manufacturers, we may lose revenue, incur increased costs, and our customer relationships may be damaged. In addition, our contract manufacturers may terminate the agreement with us or our Channel Partners with prior notice for reasons such as failure to perform a material contractual obligation.

A large majority of the customer enterprise data we secure relies upon Rubrik-branded Appliances, which are currently built on servers supplied and designed by Super Micro Computer, Inc., or Supermicro. If we are unable to manage our relationship with Supermicro effectively, or if Supermicro suffers delays or disruptions for any reason, experiences increased manufacturing lead-times, capacity constraints, or quality control problems in its manufacturing operations, or fails to meet our requirements for timely delivery, or if Supermicro no longer produces the servers for our Rubrik-branded Appliances,

 

34


Table of Contents

our end-customer’s ability to procure Rubrik-branded Appliances in a timely manner would be impaired. While customers would have the ability to purchase compatible third-party commodity servers from other OEMs, and we have the ability to qualify new commodity servers for Rubrik-branded Appliances, this may create increased costs or delays for our customers and impact their customer experience, which could negatively impact our sales and our business. See the section titled “Business—Manufacturing” for additional information regarding our contractual relationship with Supermicro.

Certain of our OEMs carry products that compete with our data security solutions and may not continue producing or supporting compatible commodity servers for our customers in the future. We or our Channel Partners provide forecasts and purchase orders to Manufacturers for compatible commodity servers, and these orders may only be rescheduled or canceled under certain limited conditions. If we inaccurately forecast demand for our data security solutions and need for compatible commodity servers, our Manufacturers may have excess or inadequate inventory, and we may incur cancellation charges or penalties, which could adversely impact our operating results. If we experience increased demand for compatible commodity servers, then we, our Channel Partners, or Manufacturers may need to increase component purchases, contract manufacturing capacity, or internal test and quality functions. Our customers’ orders may represent a relatively small percentage of the overall orders received by Manufacturers from their customers. As a result, fulfilling our customers’ orders may not be considered a priority in the event Manufacturers are constrained in their ability to fulfill all of their customer obligations in a timely manner. Although we are transitioning the sale of Rubrik-branded Appliances from us to our contract manufacturers, if Manufacturers are unable to provide adequate supplies of high-quality products, or if we, our Channel Partners, or Manufacturers are unable to obtain adequate quantities of components, or control the costs of components, it could cause a delay in the fulfillment of our customers’ orders, in which case our business, financial condition, and results of operations could be adversely affected.

If customers have not utilized their Subscription Credits before they expire, this could result in customer dissatisfaction and our future results of operations could be harmed.

The customer enterprise data we secure relies upon compatible hardware. Historically, we sold Rubrik-branded Appliances produced by contract manufacturers to our customers. We started transitioning the sale of Rubrik-branded Appliances from us to our contract manufacturers in fiscal 2023 and offered limited-time incentives, or Subscription Credits, upon qualification, to certain existing customers in exchange for historically offered rights to next generation Rubrik-branded Appliances at no cost, which we refer to as Refresh Rights. If customers have not utilized their Subscription Credits before they expire, this could result in customer dissatisfaction or a decision not to purchase our data security solutions, which would have an adverse impact on our results of operations.

We rely on the performance of highly skilled personnel, including senior management and engineering, services, sales, and technology professionals. If we are unable to retain or motivate key personnel or hire, retain, and motivate qualified personnel, our business will be harmed.

We believe our success has depended, and continues to depend, on the efforts and talents of our senior management team, particularly Bipul Sinha, our Chairman of our board of directors, Chief Executive Officer, and co-founder, and Arvind Nithrakashyap, our Chief Technology Officer and co-founder, as well as our other key employees in the areas of research and development and sales and marketing.

From time to time, there may be changes in our senior management team or other key employees resulting from the hiring or departure of these personnel. Our executive officers and certain other key employees are employed on an at-will basis, which means that these personnel could

 

35


Table of Contents

terminate their employment with us at any time. The loss of one or more of our executive officers, or the failure by our executive team to effectively work with our employees and lead our company, could harm our business. We also are dependent on the continued service of our existing software engineers because of the complexity of our data security solutions. In addition, a significant portion of our software engineers are located in Palo Alto, California and Bangalore, India. These locations offer access to a deep pool of highly skilled professionals, which is crucial for the development and maintenance of our complex data security solutions. However, this concentration also exposes us to potential continuity risk if these specific locations are negatively impacted by unforeseen events, such as natural disasters, political unrest, or disruptions in critical infrastructure.

In addition, to execute our growth plan, we must attract and retain highly qualified personnel. Competition for these personnel is intense, especially for engineers experienced in designing and developing cloud-based infrastructure products, for experienced sales professionals, and for cybersecurity professionals. If we are unable to attract such personnel at appropriate locations, we may need to hire in new regions, which may add to the complexity and costs of our business operations. From time to time, we have experienced, and we expect to continue to experience, difficulty in hiring and retaining employees with appropriate qualifications. Many of the companies with which we compete for experienced personnel have greater resources than we have. As has occurred in the past, if we hire employees from competitors or other companies, their former employers may attempt to assert that these employees or we have breached certain legal obligations, resulting in a diversion of our time and resources. In addition, prospective and existing employees often consider the value of the equity awards they receive in connection with their employment. If the perceived value of our equity awards declines, experiences significant volatility, or increases such that prospective employees believe there is limited upside to the value of our equity awards, it may adversely affect our ability to recruit and retain employees. If we fail to attract new personnel or fail to retain and motivate our current personnel, our business and growth prospects would be harmed.

We derive substantially all of our revenue from our data security platform. Failure of our platform to satisfy customer demands or achieve continued market acceptance over competitors would harm our business, financial condition, results of operations, and growth prospects.

We derive substantially all of our revenue from our platform, and we have directed, and intend to continue to direct, a significant portion of our financial and operating resources to developing more features and functionality for our platform.

Our growth will depend in large part on our ability to attract new customers and expand sales to existing customers, expand the features and functionality of our platform, hire sufficient sales personnel to support our growth, and decrease the ramp time for our sales personnel. In addition, the success of our business is substantially dependent on the actual and perceived viability, benefits, and advantages of our platform as a preferred provider for data security. As such, market adoption of our platform and data security products is critical to our continued success. Demand for our platform and data security products is affected by a number of factors, including increased market acceptance by new and existing customers, increased activity by or prevalence of cybersecurity bad actors, including the use of ransomware, effectiveness of our sales and marketing strategy, the extension of our platform to new applications and use cases, the timing of development and release of new capabilities by us and our competitors, technological change, and growth or contraction of the market in which we compete. Failure to successfully address or account for these factors, satisfy customer demands, achieve continued market acceptance over competitors, and achieve growth in sales of our data security products would harm our business, financial condition, results of operations, and growth prospects.

 

36


Table of Contents

We expect fluctuations in our financial results, making it difficult to project future results, and if we fail to meet the expectations of securities analysts or investors with respect to our results of operations, our stock price and the value of your investment could decline.

Our results of operations have fluctuated in the past and are expected to fluctuate in the future due to a variety of factors, many of which are outside of our control. As a result, our past results may not be indicative of our future performance. In addition to the other risks described herein, factors that may affect our results of operations include:

 

   

changes in our revenue mix;

 

   

changes in actual and anticipated growth rates of our revenue, customers, and key operating metrics;

 

   

fluctuations in demand for or pricing of our data security solutions;

 

   

our ability to attract new customers;

 

   

the level of awareness and prevalence of cybersecurity threats, particularly advanced cyberattacks and ransomware attacks;

 

   

timing of our existing customers’ transition to RSC, including the impact on our revenue recognition and customer retention and expansion;

 

   

our ability to retain our existing customers, particularly large customers, and secure renewals of subscriptions, as well as the timing of customer renewals or non-renewals;

 

   

the pricing and quantity of subscriptions renewed, as well as our ability to accurately forecast customer expansions and renewals;

 

   

downgrades in customer subscriptions;

 

   

customers and potential customers opting for alternative data security solutions, including developing their own in-house solutions;

 

   

timing and amount of our investments to expand the capacity of our third-party cloud service providers;

 

   

seasonality in sales, results of operations, and remaining performance obligations;

 

   

investments in new data security products, including protection of new enterprise, cloud and SaaS applications, new features, and functionality;

 

   

fluctuations or delays in development, release, or adoption of new features and functionality for our data security solutions;

 

   

delays in closing sales, including the timing of renewals, which may result in revenue being pushed into the next fiscal quarter, particularly because a large portion of our sales occur toward the end of each fiscal quarter;

 

   

fluctuations or delays in purchasing decisions in anticipation of new data security products or enhancements by us or our competitors;

 

   

changes in customers’ budgets, the timing of their budget cycles and purchasing decisions, and payment schedules;

 

   

our customers’ ability to procure Rubrik-branded Appliances or compatible commodity servers from Manufacturers;

 

   

the number of qualified customers that elect to utilize their Subscription Credits before they expire;

 

37


Table of Contents
   

our ability to control costs, including hosting costs and our operating expenses;

 

   

the amount and timing of payment for operating expenses, particularly research and development and sales and marketing expenses, including commissions;

 

   

timing of hiring personnel for our research and development and sales and marketing organizations;

 

   

the amount and timing of non-cash expenses, including stock-based compensation expense and other non-cash charges;

 

   

the amount and timing of costs associated with recruiting, educating, and integrating new employees and retaining and motivating existing employees;

 

   

the effects of acquisitions and their integration;

 

   

general economic conditions, both domestically and internationally, as well as economic conditions specifically affecting industries in which our customers participate;

 

   

fluctuations in foreign currency exchange rates;

 

   

the impact of new accounting pronouncements;

 

   

changes in regulatory or legal environments that may cause us to incur, among other things, expenses associated with compliance;

 

   

the impact of changes in tax laws or judicial or regulatory interpretations of tax laws, which are recorded in the period such laws are enacted or interpretations are issued and may significantly affect the effective tax rate of that period and following periods;

 

   

health epidemics or pandemics, such as the COVID-19 pandemic;

 

   

changes in the competitive dynamics of our market, including consolidation among competitors or customers; and

 

   

significant security incidents related to, technical difficulties with, or interruptions to, the delivery and use of our data security solutions.

Any of these and other factors, or the cumulative effect of some of these factors, may cause our results of operations to vary significantly. If our quarterly results of operations fall below the expectations of investors and securities analysts who follow our stock, the price of our Class A common stock could decline substantially, and we could face costly lawsuits, including securities class action suits.

In addition, while we recognize our SaaS subscription revenue ratably over the term of the subscription, our customers typically pay us for new multi-year subscriptions upfront and then annually upon one-year renewals. Recently, due to the growth in our SaaS product offerings, changes in our customer mix, and the uncertain macroeconomic environment, we have experienced an increase in customers electing annual or consumption payments instead of multi-year upfront payments, which has caused and may continue to cause volatility in our period over period cash flow and may have an adverse effect on our business and results of operations.

Our ability to introduce new data security products and features is dependent on adequate research and development resources and our ability to successfully complete acquisitions. If we do not adequately fund our research and development efforts or complete acquisitions successfully, we may not be able to compete effectively, and our business and results of operations may be harmed.

To remain competitive, we must continue to offer new data security products and enhancements to our platform and existing solutions. This is particularly true as we further expand and diversify our capabilities. Maintaining adequate research and development resources, such as the appropriate

 

38


Table of Contents

personnel and development technology, to meet the demands of the market is essential. If we elect not to or are unable to develop solutions internally due to certain constraints, such as high employee turnover, lack of management ability, or a lack of other research and development resources, we may choose to expand into a certain market or strategy via an acquisition for which we could potentially pay too much or fail to successfully integrate into our operations. Further, many of our competitors expend a considerably greater amount of funds on their respective research and development programs, and those that do not may be acquired by larger companies that would allocate greater resources to our competitors’ research and development programs. Our failure to maintain adequate research and development resources or to compete effectively with the research and development programs of our competitors would give an advantage to such competitors, and our business, financial condition, and results of operations could be adversely affected. Moreover, there is no assurance that our research and development or acquisition efforts will successfully anticipate market needs and result in significant new marketable solutions or enhancements to our solutions, design improvements, cost savings, revenues, or other expected benefits. If we are unable to generate an adequate return on such investments, we may not be able to compete effectively, and our business and results of operations may be adversely affected.

We depend and rely on SaaS technologies from third parties to operate our business, and interruptions or performance problems with these technologies may adversely affect our business and results of operations.

We rely on hosted SaaS applications from third parties in order to operate critical functions of our business, including enterprise resource planning, order management, billing, project management, human resources, technical support, accounting, and other operational activities. If these services become unavailable due to extended outages, interruptions, or because they are no longer available on commercially reasonable terms, our expenses could increase, our ability to manage finances could be interrupted, and our processes for managing sales of our data security solutions and supporting our customers could be impaired until equivalent services, if available, are identified, obtained, and implemented, all of which could adversely affect our business and results of operations.

If we are unable to maintain successful relationships with our Channel Partners and technology alliance partners, or if our Channel Partners or technology alliance partners fail to perform, our ability to market, sell, and distribute our data security solutions will be limited, and our business, financial condition, and results of operations will be harmed.

In addition to our sales force, we rely on our Channel Partners to sell and support our data security solutions. A vast majority of sales of our data security solutions flow through our Channel Partners with the support of our sales force. Our three largest Channel Partners, Arrow Enterprise Computing Solutions, Exclusive Networks, and Ingram Micro Inc., and their respective affiliates collectively generated approximately 79% and 76% of our revenue for fiscal 2023 and fiscal 2024, respectively. Our agreements with our Channel Partners, including our agreements with our three largest Channel Partners, are non-exclusive, renew automatically in one-year term increments, and may be terminated by either party at any time. Further, our Channel Partners fulfill our sales on a purchase order basis and do not impose minimum purchase requirements or related terms on sales. Our Channel Partners enable us to extend our reach, in particular with smaller customers and in geographies where we have less sales presence. Additionally, we have entered, and intend to continue to enter, into technology alliance partnerships with third parties to support our future growth plans. For example, through our alliance with Microsoft Corporation, and along with our mutual go-to-market obligations, we have committed to spend $220 million over the course of up to 10 years for the use of Azure for our data security solutions and preferentially offer public cloud functionality for Azure to our customers.

For fiscal 2023 and fiscal 2024, we derived a substantial amount of our revenue from sales through Channel Partners, and we expect to continue to derive a substantial amount of our revenue from Channel Partners in future periods. Our agreements with our Channel Partners are generally non-exclusive and

 

39


Table of Contents

do not prohibit them from working with our competitors or offering competing products, and many of our Channel Partners may have more established relationships with our competitors. If our Channel Partners choose to place greater emphasis on solutions other than our own, fail to effectively market and sell our data security solutions, or fail to meet the needs of our customers, then our ability to grow our business and sell our data security solutions may be adversely affected. In addition, the loss of one or more of our larger Channel Partners or technology alliance partners, who may cease marketing our data security solutions with limited or no notice, and any inability to replace them, could adversely affect our business, financial condition, and results of operations. Moreover, our ability to expand our distribution channels depends in part on our ability to maintain successful relationships with our Channel Partners and educate and train our current and future Channel Partners about our data security solutions, which can be complex. If we fail to effectively manage our existing sales channels, or if our Channel Partners are unsuccessful in fulfilling the orders for our data security solutions, or if we are unable to enter into arrangements with, and retain a sufficient number of, high quality Channel Partners in each of the regions in which we sell data security solutions and keep them motivated to sell our data security solutions, our business, financial condition, and results of operations will be harmed. Even if we are successful, these relationships may not result in greater customer usage of our data security products or increased revenue. Our ability to influence, or have visibility into, the actions or efforts of our Channel Partners may be limited. If our partners, including our Channel Partners, fail to comply with applicable law, including anti-corruption, antitrust, or competition laws, or engage in activities that result in or may result in liability, we may also be adversely affected through reputational harm, as well as other negative consequences, including litigation, government investigations and penalties.

In addition, the financial health of our Channel Partners and our continuing relationships with them are important to our success. Some of these Channel Partners may be unable to withstand adverse changes in economic conditions, including the current macroeconomic uncertainty, which could result in insolvency or the inability of such Channel Partners to obtain credit to finance purchases of our data security solutions and services. In addition, weakness in the end-user market could negatively affect the cash flows of our Channel Partners who could, in turn, delay paying their obligations to us, which would increase our credit risk exposure. Our business could be harmed if the financial condition of some of these Channel Partners substantially weakened, and we were unable to timely secure replacement Channel Partners.

If we do not effectively expand and train our sales force, we may be unable to add new customers or retain and increase sales to our existing customers, and our business will be adversely affected.

We depend on our sales force to obtain new customers and retain and increase sales with existing customers. Our ability to achieve significant revenue growth will depend, in large part, on our success in recruiting, training, and retaining sufficient numbers of sales personnel. We have expanded our sales organization significantly in recent periods and expect to continue to add additional sales capabilities in the near term. There is significant competition for sales personnel with the skills and technical knowledge that we require. New hires require significant training and may take significant time before they achieve full productivity, and this delay is accentuated by our long sales cycles. Our recent hires and planned hires may not become productive as quickly as we expect, and we may be unable to hire or retain sufficient numbers of qualified individuals in the markets where we do or plan to do business. In addition, a large percentage of our sales force is new to our company and selling our data security solutions, and therefore, this group may be less effective than our more seasoned sales personnel. Furthermore, hiring sales personnel in new countries, or expanding our existing presence, requires upfront and ongoing expenditures that we may not recover if the sales personnel fail to achieve full productivity. We may also incur additional compensation and training costs for our sales force, including as part of sales incentive realignment, as we work to migrate existing customers to RSC while ensuring retention and expansion. These additional costs may be higher than we expect

 

40


Table of Contents

depending on timing to complete the transition to RSC and any unforeseen challenges that arise, including due to additional costs faced by customers. Moreover, we could face challenges in our ability to retain sales personnel if the migration to RSC results in the loss of existing customers. We cannot predict whether, or to what extent, our sales will increase as we expand our sales force or how long it will take for sales personnel to become productive. If we are unable to hire and train a sufficient number of effective sales personnel, or the sales personnel we hire are not successful in obtaining new customers or retaining and increasing sales to our existing customer base, our business, financial condition, and results of operations will be adversely affected.

Our sales cycles can be long and unpredictable, and our sales efforts require considerable time and expense.

Our revenue may fluctuate because of the length and unpredictability of the sales cycle for our data security solutions, particularly with respect to large organizations and government entities. For example, in light of current macroeconomic conditions, we have observed a lengthening of our sales cycles, which may be attributed to higher cost-consciousness around information technology budgets. Customers often view the subscription to our platform as a significant strategic decision and, as a result, frequently require considerable time to evaluate, test, and qualify our platform, including from a security and privacy perspective, prior to entering into or expanding a relationship with us. Large enterprises and government entities in particular often undertake a significant evaluation process that further lengthens our sales cycle. Additionally, RSC and other SaaS solutions may elongate our sales cycles as a result of additional customer security and privacy evaluations.

Our sales team develops relationships with our customers and works with our Channel Partners on account penetration, account coordination, sales, and overall market development. We spend substantial time and resources on our sales efforts without any assurance that our efforts will produce a sale. Data security product purchases are frequently subject to budget constraints, multiple approvals, and unanticipated administrative, processing, and other delays. As a result, it is difficult to predict whether and when a sale will be completed.

If we fail to adapt and respond effectively to rapidly changing technology, evolving industry standards, changing regulations, or to changing customer needs, requirements, or preferences, our data security solutions may become less competitive.

Our ability to attract new users and customers and increase revenue from existing customers depends in large part on our ability to enhance, improve, and differentiate our existing offering, increase adoption and usage of our data security solutions, and introduce new data security products and capabilities. The market in which we compete is relatively new and subject to rapid technological change, evolving industry standards, and changing regulations, as well as changing customer needs, requirements, and preferences. The success of our business will depend, in part, on our ability to adapt and respond effectively to these changes on a timely basis. Because the market for our data security solutions is relatively new, it is difficult to predict customer adoption, increased customer usage and demand for our data security solutions, the size and growth rate of this market, the entry of competitive products, or the success of existing competitive products. If we are unable to enhance our data security solutions and keep pace with rapid technological change, or if new technologies emerge that are able to deliver competitive products at lower prices, more efficiently, more conveniently, or more securely than our data security solutions, our business, financial condition, and results of operations could be adversely affected.

To remain competitive, we need to continuously modify and enhance our data security solutions to adapt to changes and innovation in existing and new technologies. We expect that we will need to continue to differentiate our data management and data security capabilities, as well as expand and

 

41


Table of Contents

enhance our data security solutions to support a variety of use cases. This development effort will require significant engineering, sales, and marketing resources. Any failure to effectively offer data security solutions for these adjacent use cases could reduce customer demand for our platform. Further, our data security solutions must also integrate with a variety of network, commodity appliance, mobile, cloud, and software platforms and technologies, and we need to continuously modify and enhance our data security solutions to adapt to changes and innovation in these technologies. This development effort may require significant investment in engineering, support, marketing, and sales resources, all of which would affect our business and results of operations. Any failure of our data security solutions to operate effectively with widely adopted data infrastructure platforms, applications, and technologies would reduce the demand for our data security solutions. If we are unable to respond to customer demand in a cost-effective manner, our data security solutions may become less marketable and less competitive or obsolete, and our business, financial condition, and results of operations could be adversely affected.

The competitive position of our data security solutions depends in part on their ability to operate with third-party products and services, including those of our technology alliance partners, and if we are not successful in maintaining and expanding the compatibility of our data security solutions with such products and services, our business may be harmed.

The competitive position of our data security solutions depends in part on their ability to operate with products and services of third parties, including software companies, software services, and infrastructure, and our data security solutions must be continuously modified and enhanced to adapt to changes in commodity appliance, software, networking, browser, and database technologies. In the future, one or more technology companies, whether our technology alliance partners or otherwise, may choose not to support the operation of their software, software services, and infrastructure with our data security solutions, or our data security solutions may not support the capabilities needed to integrate with such software, software services, and infrastructure. In addition, to the extent that a third party were to develop software or services that compete with ours, that provider may choose not to support our offering. We intend to facilitate the compatibility of our platform with various third-party software, software services, and infrastructure offerings by maintaining and expanding our business and technical relationships. If we are not successful in achieving this goal, our business, financial condition, and results of operations may be harmed.

Incorrect or improper implementation or use of our data security solutions could result in customer dissatisfaction and harm our business, financial condition, and results of operations.

Our data security solutions are deployed in a wide variety of IT infrastructures, including large-scale, complex technology environments, and we believe our future success will depend, at least in part, on our ability to support such deployments. Implementations of our data security solutions may be technically complicated, and it may not be easy to maximize the value of our data security solutions without proper implementation, training, and support. Some of our customers have experienced difficulties implementing our data security solutions in the past and may experience implementation difficulties in the future. If we or our customers are unable to implement our data security solutions successfully, customer perceptions of our data security solutions may be impaired, our reputation and brand may suffer, or customers may choose not to renew their subscriptions or purchase additional data security products from us.

Any failure by customers to appropriately implement our data security solutions or any failure of our data security solutions to effectively integrate and operate within our customers’ data management infrastructure could result in customer dissatisfaction, impact the perceived reliability of our data security solutions, result in negative press coverage, negatively affect our reputation, and harm our business, financial condition, and results of operations.

 

42


Table of Contents

We use third-party open-source software in our data security solutions, which could negatively affect our ability to sell our data security solutions or subject us to litigation or other actions.

Our data security solutions include third-party open-source software, and we intend to continue to incorporate third-party open-source software in our data security solutions in the future. There is a risk that the use of third-party open-source software in our software could impose conditions or restrictions on our ability to monetize our software or require making available the source code of all or part of our software that include, incorporate or rely upon such open-source software. Although we have internal policies in place designed to monitor the incorporation of open-source software into our data security solutions to avoid such restrictions, we cannot be certain that we have not incorporated open-source software in our data security solutions in a manner that is inconsistent with our licensing model or the licensing terms of any such open-source software. Certain open-source projects also incorporate other open-source software and there is a risk that those dependent open-source libraries may be subject to inconsistent licensing terms that affect our ability to use the software. This could create further uncertainties as to the governing terms for the open-source software we incorporate.

In addition, the terms of certain open-source licenses to which we are subject have not been interpreted by U.S. or foreign courts, and there is a risk that open-source software licenses could be construed in a manner that imposes unanticipated restrictions or conditions on our use of such software. Additionally, we may from time to time face claims from third parties claiming ownership of, or demanding release of, the software or derivative works that we developed using such open-source software, which could include proprietary portions of our source code, or otherwise seeking to enforce the terms of the open-source licenses. These claims could result in litigation and could require us to make those proprietary portions of our source code freely available, purchase a costly license or cease offering the implicated software or services unless and until we can re-engineer them to avoid infringement. This re-engineering process could require significant additional research and development resources, and we may not be able to complete it successfully.

In addition to risks related to license requirements, use of third-party open-source software can lead to greater risks than use of third-party commercial software, as open-source licensors generally do not provide warranties. Use of open-source software may also introduce security risks as it may contain security vulnerabilities, and hackers and other third parties may exploit the public availability of such open-source software to determine how to compromise our data security solutions.

In addition, licensors of open-source software included in our data security solutions may, from time to time, modify the terms of their license agreements applicable to any updates in such a manner that those license terms may include restrictions that make the use of such software incompatible with our business, and thus could, among other consequences, prevent us from using or incorporating new updates of such software that are subject to the modified license.

In addition, any source code that we contribute to open-source projects becomes publicly available, subject to the relevant open source license. As a result, our ability to protect some of our intellectual property rights in such source code may be limited or lost entirely, and we would be unable to prevent our competitors or others from using such contributed source code in accordance with the relevant open source license.

Any of these risks could be difficult to eliminate or manage, and if not addressed, could have a negative effect on our business, financial condition, and results of operations.

 

43


Table of Contents

Our success depends, in part, on the integrity and scalability of our systems and infrastructures. System interruption or delays from third-party data center hosting facilities and the lack of integration, redundancy, and scalability in our systems and infrastructures could impair the delivery of our data security solutions and harm our business.

Our success depends, in part, on our ability to maintain the integrity of our systems and infrastructure, including websites, information, and related systems. System interruption and the lack of integration and sufficient redundancy in our information systems and infrastructures may harm our ability to operate websites, respond to customer inquiries, and generally maintain cost-efficient operations. We may experience occasional system interruptions that make some or all systems or data unavailable or prevent us from efficiently providing data security solutions.

We currently utilize third-party data center hosting facilities located in the United States and internationally, including North America, EMEA (Europe, the Middle East, and Africa), and Asia. Any damage to, or failure of, the data facilities generally could result in interruptions in our data security solutions. As we continue to add data center hosting facilities and add capacity in our existing data facilities, we may move or transfer our data and our customers’ data. Despite precautions taken during this process, any unsuccessful data transfers may impair the delivery of our data security solutions. We also rely on affiliate and third-party computer systems, broadband, and other communications systems and service providers in connection with the provision of services generally, as well as to facilitate, process, and fulfill transactions. Interruptions in our data security solutions may reduce our revenue, cause us to issue credits or pay penalties, cause customers to terminate their subscriptions or data security solutions contracts, or harm our renewal rates or our ability to attract new customers. Our business will also be harmed if our customers and potential customers believe our data security solutions are unreliable.

Fire, flood, power loss, telecommunications failure, hurricanes, tornadoes, earthquakes, acts of war or terrorism, acts of God, and similar events or disruptions may damage or interrupt computer, broadband, or other communications systems and infrastructures at any time. Any of these events could cause system interruption, delays, and loss of critical data, and could prevent us from providing our data security solutions. While we have backup systems for certain aspects of our operations, disaster recovery planning by its nature cannot be sufficient for all eventualities. In addition, we may not have adequate insurance coverage to compensate for losses from a major interruption. As we continue to expand the number of our customers and data security solutions products available to our customers, we may not be able to scale our technology to accommodate the increased capacity requirements, which may result in interruptions or delays in data security solutions. If any of these events were to occur, it could harm our business, financial condition, and results of operations.

We rely on software licensed from other parties. Defects in or the loss of software from third parties could increase our costs and harm the quality of our data security solutions.

Components of our data security solutions include or rely upon software licensed from third parties. Our business could be disrupted if any of the software we license from others and functional equivalents thereof were either no longer available to us or no longer offered on commercially reasonable terms. In either case, we may be required to either redesign our data security solutions to function with software available from other parties or develop these components ourselves, which would result in increased costs and could result in delays in the release of new data security solutions. Furthermore, we might be forced to limit the features available in our current or future data security solutions. If we fail to maintain or renegotiate any of these software licenses, we could face significant delays and diversion of resources in attempting to license and integrate functional equivalents. While we believe that in most cases there are commercially reasonable alternatives to the third-party software we currently license, this may not always be the case, or it may be time consuming or expensive to replace existing third-party software or find a replacement third-party provider. Our use of additional or alternative third-party software or third-party

 

44


Table of Contents

providers would require us to enter into license agreements with third parties, and we may not be able to enter into such agreements on advantageous terms.

We are subject to governmental export and import controls and economic sanctions laws and regulations that could impair our ability to compete in international markets or subject us to liability and reputational harm if we violate the controls.

Our data security solutions are subject to U.S. export controls, including the Export Administration Regulations, and we incorporate encryption technology into our data security solutions. Our data security solutions and the underlying technology may be exported outside of the United States only in compliance with the required export authorizations, including by license, applicability of a license exception, or other appropriate government authorizations, including the filing of an encryption classification request or self-classification report, as applicable. Obtaining the necessary export license or other authorization for a particular sale may be time-consuming and may result in the delay or loss of sales opportunities.

Furthermore, we are required to comply with economic and trade sanctions laws and regulations of the countries where we do business, including those administered and enforced by the U.S. government (including through the Office of Foreign Assets Control of the U.S. Treasury Department and the U.S. Department of State). These economic and trade sanctions prohibit or restrict the provisions of products and services to embargoed jurisdictions or sanctioned persons, unless otherwise authorized.

While we have taken certain precautions to prevent our data security solutions from being provided in violation of trade controls and are in the process of enhancing our policies and procedures relating to trade controls, our data security solutions may have been in the past, and could in the future be, provided inadvertently and without our knowledge in violation of such laws. Violations of U.S. trade controls can result in significant fines or penalties and possible criminal liability for responsible employees and managers, in addition to potential reputational harm.

If our partners, including our Channel Partners, fail to obtain appropriate import, export, or re-export licenses or permits, we may also be adversely affected through reputational harm, as well as other negative consequences, including government investigations and penalties.

Also, various countries, in addition to the United States, regulate the import and export of certain encryption and other technology, including import and export licensing requirements, and have enacted laws that could limit our ability to distribute our data security solutions or could limit our customers’ ability to implement our data security solutions in those countries. Changes in our data security solutions or future changes in export and import regulations may create delays in the introduction of our data security solutions in international markets, prevent our customers with international operations from deploying our data security solutions globally or, in some cases, prevent the export or import of our data security solutions to certain countries, governments, or persons altogether. From time to time, various governmental agencies have proposed additional regulation of encryption technology.

Any change in export or import regulations, economic sanctions, or related laws or regulations, or change in the countries, governments, persons, or technologies targeted by such regulations, could result in decreased use of our data security solutions by, or in our decreased ability to export or sell our data security solutions to, existing or potential customers with international operations. Any decreased use of our data security solutions or limitation on our ability to export or sell our data security solutions would adversely affect our business, financial condition, results of operations, and growth prospects.

We are subject to anti-corruption, anti-bribery, and similar laws, and non-compliance with such laws can subject us to criminal or civil liability and harm our business, financial condition, and results of operations.

We are subject to the U.S. Foreign Corrupt Practices Act, or FCPA, U.S. domestic bribery laws, the UK Bribery Act, and other anti-corruption and anti-boycott laws in the countries in which we

 

45


Table of Contents

conduct activities. Anti-corruption and anti-bribery laws have been enforced aggressively in recent years and are interpreted broadly to generally prohibit companies, their employees, and their third-party intermediaries from authorizing, offering, or providing, directly or indirectly, improper payments or benefits to recipients in the public or private sector. As a public company, the FCPA separately requires that we keep accurate books and records and maintain internal accounting controls sufficient to assure management’s control, authority, and responsibility over our assets. As we engage in and increase our international sales and business and sales to the public sector, we may engage with business partners and third-party intermediaries, including Channel Partners, to market and sell our data security solutions and to obtain necessary permits, licenses, and other regulatory approvals. In addition, we or our third-party intermediaries may have direct or indirect interactions with officials and employees of government agencies or state-owned or affiliated entities. We can be held liable for the corrupt or other illegal activities of these third-party intermediaries, our employees, representatives, contractors, partners, and agents, even if we do not explicitly authorize such activities.

While we have policies and procedures and conduct training designed to address compliance with such laws, our employees and agents may take actions in violation of our policies and applicable law, for which we may be ultimately held responsible. As we increase our international sales and business, our risks under these laws may increase.

Detecting, investigating, and resolving actual or alleged violations of anti-corruption laws can require a significant diversion of time, resources, and attention from senior management. In addition, noncompliance with anti-corruption, anti-bribery, or anti-boycott laws could subject us to whistleblower complaints, investigations, sanctions, settlements, prosecution, enforcement actions, fines, damages, other civil or criminal penalties or injunctions, suspension, or debarment from contracting with certain persons, reputational harm, adverse media coverage, and other collateral consequences. If any subpoenas or investigations are launched, or governmental or other sanctions are imposed, or if we do not prevail in any possible civil or criminal proceeding, our business, financial condition, and results of operations could be harmed. In addition, responding to any action will likely result in a materially significant diversion of management’s attention and resources and significant defense costs and other professional fees.

Downturns or upturns in our sales may not be immediately reflected in our financial condition and results of operations.

We recognize a significant portion of our revenue ratably over the term of subscriptions to our data security solutions. As a result, any decreases in new subscriptions or renewals in any one period may not immediately be fully reflected as a decrease in revenue for that period but would negatively affect our revenue in future quarters. This also makes it difficult for us to rapidly increase our revenue through the sale of additional subscriptions in any period. If our quarterly results of operations fall below the expectations of investors and securities analysts who follow our stock, the price of our Class A common stock would decline substantially, and we could face costly lawsuits, including securities class actions.

Seasonality may cause fluctuations in our revenue and related metrics.

Historically, we have experienced seasonality in revenue and related metrics, as we typically sell a higher percentage of subscriptions to new customers, and expansion and renewal subscriptions with existing customers in the fourth quarter of our fiscal year. We believe that this results from the procurement, budgeting, and deployment cycles of many of our customers, particularly our enterprise customers. We expect that this seasonality may continue to affect our revenue and related metrics in the future and might become more pronounced as we continue to target enterprise customers.

 

46


Table of Contents

Our subscription annual recurring revenue, or Subscription ARR, cloud annual recurring revenue, or Cloud ARR, and certain other operational data in this prospectus are operating metrics that are subject to assumptions and limitations, including that the factors that impact Subscription ARR will vary from those that impact subscription revenue. As such, these metrics may not provide an accurate indication of our actual performance or our future results.

Subscription ARR, Cloud ARR, and other operational metrics are based on numerous assumptions and limitations, are calculated using our internal data from non-financial systems, have not been independently verified by third parties, and may not accurately reflect actual results nor provide an accurate indication of future or expected results. Further, the definitions and assumptions for these metrics may differ from those calculated by other businesses. Subscription ARR and Cloud ARR are not proxies for revenue or forecasts of revenue, and do not reflect any anticipated reductions in contract value due to contract non-renewals or service cancellations. In addition, the factors that impact Subscription ARR will vary from those that impact subscription revenue in a given period. As a result, Subscription ARR, Cloud ARR, and our other operational data may not accurately reflect our actual performance, and investors should consider these metrics in light of the assumptions and processes used in calculating such metrics and the limitations as a result thereof. Investors should not place undue reliance on these metrics as an indicator of our future or expected results. Moreover, these metrics may differ from similarly titled metrics presented by other companies and may not be comparable to such other metrics. See the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Key Business Metrics” for additional information regarding Subscription ARR, Cloud ARR, and other operational metrics.

We will face risks associated with the growth of our business with certain heavily regulated industry verticals.

We market and sell our data security solutions to customers in heavily regulated industry verticals, including the banking, healthcare, and financial services industries. As a result, we face additional regulatory scrutiny, risks, and burdens from the governmental entities and agencies that regulate those industries. Entering new heavily regulated verticals and expanding in those verticals in which we are already operating will continue to require significant resources to address potential regulatory scrutiny, risks, and burdens, and there is no guarantee that such efforts will be successful or beneficial to us. If we are unable to successfully penetrate these verticals, maintain our market share in such verticals in which we already operate, or cost-effectively comply with governmental and regulatory requirements applicable to our activities with customers in such verticals, our business, financial condition, and results of operations may be harmed.

Sales to government entities are subject to a number of challenges and risks.

We sell to U.S. federal, state, and local, as well as foreign governmental agency customers. Sales to such entities are subject to a number of challenges and risks. Selling to such entities can be highly competitive, expensive, and time-consuming, often requiring significant upfront time and expense without any assurance that these efforts will generate a sale. Government contracting requirements may change and in doing so restrict our ability to sell into the government sector until we have obtained any required government certifications. Further, achieving and maintaining government certifications, such as U.S. Federal Risk and Authorization Management Program, or FedRAMP, certification for our data security solutions, may require significant upfront and ongoing cost, time, and resources. If we do not obtain and maintain FedRAMP certification for our data security solutions, we may not be able to sell certain solutions to the U.S. federal government and public sector customers as well as eligible private sector customers that require such certification for their intended use cases, which could harm our growth, business, and results of operations. This may also harm our competitive position against larger enterprises whose competitive data security solutions are certified. Further,

 

47


Table of Contents

there can be no assurance that we will secure commitments or contracts with government entities even following such certifications, which could harm our margins, business, financial condition, and results of operations. Government demand and payment for our data security solutions are affected by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our data security solutions.

Further, governmental entities may demand contract terms that differ from our standard arrangements and are less favorable than terms agreed with private sector customers. Such entities may have statutory, contractual, or other legal rights to terminate contracts with us or our Channel Partners for convenience or for other reasons. Any such termination may adversely affect our ability to contract with other government customers as well as our reputation, business, financial condition, and results of operations. Governments routinely investigate and audit government contractors’ administrative processes, and any unfavorable audit could result in the government refusing to continue buying our subscriptions, a reduction of revenue, or fines or civil or criminal liability if the audit uncovers improper or illegal activities, which could adversely affect our business, financial condition, results of operations, and reputation.

Our customers also include certain non-U.S. governments, to which government procurement law risks similar to those present in U.S. government contracting also apply, particularly in certain emerging markets where our customer base is less established. In addition, compliance with complex regulations and contracting provisions in a variety of jurisdictions can be expensive and consume significant management resources. In certain jurisdictions, our ability to win business may be constrained by political and other factors unrelated to our competitive position in the market. These difficulties could harm our business, financial condition, and results of operations.

In October 2023, we received a grand jury subpoena from the Department of Justice, U.S. Attorney’s Office for the District of Maryland, or the DOJ, which requested information regarding two specific companies, which we subsequently learned were associated with an employee from one of our sales teams who is no longer with the company. We are fully cooperating with this investigation and have been conducting our own thorough internal investigation. In the course of our internal investigation, we have discovered communications among certain employees within one of our sales teams, including such former Rubrik employee, that relate to potential violations of federal law in connection with government contracts, and are similarly cooperating with the DOJ with respect to these matters. These investigations are ongoing, and we do not know when they will be completed, the entirety of facts we will ultimately discover as a result of the investigations, or what actions the government may or may not take. Because we cannot predict the outcome of these investigations, we are not able to provide an estimate of any possible consequences. A negative outcome in any or all of these matters could cause us to incur substantial fines, penalties, or other financial exposure, as well as reputational harm and exclusion from future contracting with the federal government.

Acquisitions, strategic investments, joint ventures, or alliances could be difficult to identify, pose integration challenges, divert the attention of management, disrupt our business and culture, dilute stockholder value, and adversely affect our business, financial condition, and results of operations.

We have in the past and may in the future seek to acquire or invest in businesses, joint ventures, products and platform capabilities, technologies, or technical know-how that we believe could complement or expand our platform capabilities, enhance our technical capabilities, or otherwise offer growth opportunities. Further, our anticipated proceeds from this offering increase the likelihood that we will devote resources to exploring larger and more complex acquisitions and investments than we have previously attempted. Any such acquisition or investment may divert the attention of management and cause us to incur various expenses in identifying, investigating, and pursuing suitable opportunities,

 

48


Table of Contents

whether or not the transactions are completed, and may result in unforeseen operating difficulties and expenditures. In particular, we may encounter difficulties assimilating or integrating the businesses, technologies, products and platform capabilities, personnel, or operations of any acquired companies, particularly if the key personnel of an acquired company choose not to work for us, their software is not easily adapted to work with our data security solutions, or we have difficulty retaining the customers of any acquired business due to changes in ownership, management, or otherwise. These transactions may also disrupt our business, divert our resources, and require significant management attention that would otherwise be available for development of our existing business. We may also have difficulty establishing our company values with personnel of acquired companies, which may negatively impact our culture and work environment. Any such transactions that we are able to complete may not result in any synergies or other benefits we had expected to achieve, which could result in impairment charges that could be substantial. In addition, we may not be able to find and identify desirable acquisition targets or business opportunities or be successful in entering into an agreement with any particular strategic partner. These transactions could also result in dilutive issuances of equity securities or the incurrence of debt, which could adversely affect our results of operations. In addition, if the resulting business from such a transaction fails to meet our expectations, our business, financial condition, and results of operations may be adversely affected, or we may be exposed to unknown risks or liabilities.

Any inability to maintain a high-quality customer support organization could lead to a lack of customer satisfaction, which could hurt our customer relationships and have an adverse effect on our business, financial condition, and results of operations.

Once our data security solutions are deployed, customers rely on our technical support services to assist with service customization and optimization and to resolve certain issues relating to the implementation and maintenance of our data security solutions. Customers also rely on our or our Channel Partners’ support personnel to resolve issues and realize the full benefits that our solutions provide. If we or our Channel Partners do not effectively assist customers in deploying our data security solutions, succeed in helping customers quickly resolve technical issues or provide effective ongoing support, our ability to sell additional data security solutions as part of our platform to existing customers would be adversely affected, and our reputation with potential customers could be damaged.

In addition, our sales process is highly dependent on our product and business reputation and on positive recommendations from existing customers. Any failure to maintain high-quality technical support, or a market perception that we do not maintain high-quality technical support, could adversely affect our reputation, our ability to sell our services to existing and prospective customers, and our business, financial condition, and results of operations.

Our business is subject to the risks of warranty claims and product defects from real or perceived defects in our data security solutions or their misuse by customers or third parties and indemnity provisions in various agreements that potentially expose us to substantial liability for intellectual property infringement and other losses.

We may in the future be subject to liability claims for damages related to undetected defects, errors, or vulnerabilities in our data security solutions. A material liability claim or other occurrence that harms our reputation or decreases market acceptance of our platform could harm our business, financial condition, and results of operations. Although we generally have limitation of liability provisions in our terms and conditions, in rare cases we have agreed to limited exceptions to such liability caps, and such limitation of liability provisions may not fully or effectively protect us from claims as a result of federal, state, or local laws or ordinances, or unfavorable judicial decisions in the United States or other countries.

Moreover, as part of our ransomware recovery warranty, or the Ransomware Recovery Warranty, we also provide certain customers with up to $10,000,000 for recovery expenses related to data

 

49


Table of Contents

recovery and restoration in the event that data backed up using our solutions cannot be recovered following a ransomware attack. As part of the Ransomware Recovery Warranty, if an eligible customer’s data that has been backed-up onto a Rubrik-branded Appliance, Rubrik-certified compatible third-party commodity server, or a Rubrik-hosted cloud platform, is not successfully recovered by way of one of our data security products due to a failure of such solution, we will reimburse the customer for its reasonable and necessary fees and expenses to restore, recover, or recreate its data up to $10,000,000. As of January 31, 2024, there had been no claims made under the Ransomware Recovery Warranty. However, if many of our customers experience security incidents or other incidents that fall within this program and we are not able to recover their data through our data security solutions, we could be required to pay significant amounts to comply with our obligations under the Ransomware Recovery Warranty. In the event that we are required to regularly provide financial assistance for such recovery activities, and particularly if we have to do so for multiple customers at the same or similar times, this could significantly increase our costs, harm our reputation and brand, and increase the costs to us associated with this warranty program, which could adversely affect our business, financial condition, and results of operations.

Additionally, we typically provide indemnification to customers for certain losses suffered or expenses incurred as a result of third-party claims arising from our infringement of a third party’s intellectual property. We also may be exposed to liability for certain breaches of confidentiality or customer data, as defined in our terms of service which, as a standard practice, are generally subject to caps on liability. We also assume limited liability in the event we breach certain of our terms of service. Certain of these contractual provisions survive termination or expiration of the applicable agreement. We have not received any material indemnification claims from third parties. However, as we continue to grow, the possibility of these claims against us will increase.

If customers or other third parties with whom we do business make intellectual property infringement or other indemnification claims against us, we will incur significant legal expenses and may have to pay damages, license fees, or stop using technology found to be in violation of a third-party’s rights. We may also have to seek a license for the technology. Such licenses may not be available on reasonable terms, if at all, and may significantly increase our operating expenses or may require us to restrict our business activities and limit our ability to deliver certain data security solutions or features. We may also be required to develop alternative non-infringing technology, which could either require significant effort and expense or cause us to alter our data security solutions, or both, which could harm our business. Large indemnity obligations, whether for intellectual property or in certain limited circumstances, other claims, would harm our business, financial condition, and results of operations.

Under certain circumstances, our personnel may have access to customer platforms. An employee may take advantage of such access to conduct malicious activities or fail to follow internal policies or make errors that could cause system failures, loss of data, or other adverse effects on our customers. Misuse of our data security solutions by our personnel could result in claims from our customers for damages related to such misuse. Such misuse of our data security solutions could also result in negative press coverage and negatively affect our reputation, which could result in harm to our reputation, business, financial condition, and results of operations. In addition, misuse of our data security solutions could also result in contractual breaches and damages to customers that may assert warranty and other claims for substantial damages against us.

We maintain insurance to protect against certain claims associated with the use of our data security solutions, but our insurance coverage may not adequately cover any claim asserted against us and is subject to deductibles. In addition, even claims that ultimately are unsuccessful could result in our expenditure of funds in litigation, divert management’s time and other resources, and harm our reputation, business, financial condition, and results of operations.

 

50


Table of Contents

Failure to effectively develop and expand our sales and marketing capabilities or improve the productivity of our sales and marketing organization could harm our ability to expand our potential customer and sales pipeline, increase our customer base, and achieve broader market acceptance of our data security solutions.

Our ability to increase our customer base, achieve broader market adoption and acceptance of our data security solutions, and expand our potential customer and sales pipeline and brand awareness will depend to a significant extent on our ability to expand and improve the productivity of our sales and marketing organization. We plan to continue expanding our sales force, both domestically and internationally. We also plan to dedicate significant resources to sales and marketing programs to decrease the time required for our sales personnel to achieve desired productivity levels, which may be impacted in the short term from our new approach to sales force segmentation. Historically, newly hired sales personnel have needed several quarters to achieve desired productivity levels. Our increased sales and marketing efforts will also involve investing significant financial and other resources, which could result in increased costs and negatively impact margins. We are one of the only providers of a unified data security platform, so we must therefore invest heavily in our sales and marketing functions in order to educate customers and potential customers about our data security solutions. Our business and results of operations will be harmed if our sales and marketing efforts fail to successfully expand our potential customer and sales pipeline, including through increasing brand awareness, new customer acquisition, and market adoption of our platform and data security solutions, particularly for RSC, or fail to generate significant increases in revenue or result in increases that are smaller than anticipated. We may not achieve anticipated revenue growth from expanding our sales force if we are unable to hire, develop, integrate, and retain talented and effective sales personnel, if our new and existing sales personnel, on the whole, are unable to achieve desired productivity levels in a reasonable period of time or at all, or if our sales and marketing programs are not effective.

If we fail to enhance our brand cost-effectively, our ability to expand our customer base will be impaired and our business, financial condition, and results of operations may be adversely affected.

We believe that developing and maintaining awareness of our brand in a cost-effective manner is critical to achieving widespread acceptance of our existing and future data security solutions and is an important element in attracting new customers. In addition, creating brand awareness of our relatively new data security solutions will require added investment in our marketing and branding activities. We believe that the importance of brand recognition will increase as competition in our market increases. Successful promotion of our brand as a provider of data security solutions will depend largely on the effectiveness of our marketing efforts and on our ability to develop and deploy high-quality, reliable, and differentiated data security solutions to our customers. In the past, our efforts to build our brand have involved significant expense. Brand promotion activities may not yield increased revenue, and even if they do, any increased revenue may not offset the expense we incur in building our brand. If we fail to successfully promote and maintain our brand or incur substantial expense in an unsuccessful attempt to promote and maintain our brand, we may fail to attract new customers or retain our existing customers to the extent necessary to realize a sufficient return on our brand-building efforts, and our business, financial condition, and results of operations could be adversely affected.

We have a limited history with pricing models for our data security solutions, and we may need to adjust the pricing terms of our data security solutions, which could have an adverse effect on our revenue and results of operations.

We have limited experience with respect to determining the optimal prices for subscriptions to and renewals of our data security solutions, new subscription editions, and new enterprise, cloud, and SaaS applications. As the market for cloud data security evolves, or as new competitors introduce new products or services that compete with ours, we may be unable to attract new customers. In the past,

 

51


Table of Contents

we have been able to increase our prices for our data security solutions, but we may choose not to introduce or be unsuccessful in implementing future price increases. Furthermore, since we have limited experience pricing RSC, we may be unsuccessful in implementing future price increases and our future pricing power may erode due to changing market dynamics, increased competition, or other factors. As a result of these and other factors, in the future we may be required to reduce our prices or be unable to increase our prices, or it may be necessary for us to increase our services or data security solutions without additional revenue to remain competitive, all of which could harm our financial condition and results of operations.

We may require additional capital to support the growth of our business, and this capital might not be available on acceptable terms, if at all.

We have funded our operations since inception primarily through equity financings, sales of our data security solutions, and the utilization of debt products, including our Amended Credit Facility (as described in the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Liquidity and Capital Resources”). We cannot be certain when or if our operations will generate sufficient cash to fully fund our ongoing operations or the growth of our business. We intend to continue to make investments to support our business, which may require us to engage in equity or debt financings to secure additional funds. Additional financing may not be available on terms favorable to us, if at all, particularly during times of market volatility, higher interest rates, inflationary pressures, and general economic instability. If adequate funds are not available on acceptable terms, we may be unable to invest in future growth opportunities, which could harm our business, financial condition, and results of operations. If we incur additional debt, the debt holders would have rights senior to holders of common stock to make claims on our assets, and the terms of any debt could restrict our operations, including our ability to pay dividends on our Class A common stock. Furthermore, if we issue additional equity securities, stockholders will experience dilution, and the new equity securities could have rights senior to those of our Class A common stock. Because our decision to issue securities in the future will depend on numerous considerations, including factors beyond our control, we cannot predict or estimate the amount, timing, or nature of any future issuances of debt or equity securities. As a result, our stockholders bear the risk of future issuances of debt or equity securities reducing the value of our Class A common stock and diluting their interests.

We are exposed to fluctuations in currency exchange rates, which could negatively affect our results of operations.

Our data security solutions are billed in U.S. dollars, and therefore, our revenue is not subject to foreign currency risk. However, a strengthening of the U.S. dollar could increase the real cost of our data security solutions to our customers outside of the United States, which could adversely affect our results of operations. In addition, an increasing portion of our operating expenses are incurred outside the United States. These operating expenses are denominated in foreign currencies and are subject to fluctuations due to changes in foreign currency exchange rates. While we do not currently hedge against the risks associated with currency fluctuations, if our foreign currency risk increases in the future and we are not able to successfully hedge against the risks associated with currency fluctuations, our results of operations could be adversely affected.

Unfavorable conditions in our industry or the global economy, including those caused by the ongoing conflicts around the world, or reductions in technology spending, could limit our ability to grow our business and negatively affect our results of operations.

Global business activities face widespread macroeconomic uncertainties, and our results of operations may vary based on the impact of changes in our industry or the global economy on us or our customers and potential customers. Negative conditions in the general economy both in the United

 

52


Table of Contents

States and abroad, including conditions resulting from changes in gross domestic product growth, financial and credit market fluctuations, inflation and efforts to control further inflation, including rising interest rates, bank failures, international trade relations, political turmoil, including the conflict in Israel and the surrounding area and the ongoing conflict between Russia and Ukraine, potential U.S. federal government shutdowns, natural catastrophes, warfare, and terrorist attacks could cause a decrease in business investments by existing or potential customers, including spending on technology, and negatively affect the growth of our business. As an example, in the United States, capital markets have experienced and continue to experience volatility and disruption. Furthermore, inflation rates in the United States have recently increased to levels not seen in decades. In addition to the foregoing, adverse developments that affect financial institutions, transactional counterparties, or other third parties, such as bank failures or concerns or speculation about any similar events or risks, could lead to market-wide liquidity problems, which in turn may cause third parties, including our customers, to become unable to meet their obligations under various types of financial arrangements as well as general disruptions or instability in the financial markets. Such economic volatility could adversely affect our business, financial condition, results of operations, and cash flows, and future market disruptions could negatively impact us. In particular, we have experienced and may continue to experience longer sales cycles and related negotiations for prospective customers and existing customer expansions, a reduction in multi-year upfront payments for our subscription offerings, reduced contract sizes or generally increased scrutiny on technology spending and budgets from existing and potential customers, due in part to the effects of macroeconomic uncertainty. These customer dynamics may persist in the future, even if macroeconomic conditions improve, and to the extent there is a sustained general economic downturn, a recession, or another situation where technology budgets grow at a slower rate or contract, these customer dynamics may be exacerbated. In addition to the foregoing, we have operations in Israel, which have been affected and may continue to be affected by the ongoing conflict in Israel and the surrounding area, and our growth, business, and results of operations could be further negatively impacted if the current conflict in Israel and the surrounding area continues, worsens, or expands to other nations or regions. Our competitors, many of whom are larger and have greater financial resources than we do, may respond to challenging market conditions by lowering prices in an attempt to attract our customers, which may require us to respond in kind and may negatively impact our existing customer relationships and new customer acquisition strategy. In addition, the increased pace of consolidation in certain industries may result in reduced overall spending on our data security solutions. We cannot predict the timing, strength, or duration of any economic slowdown, instability, or recovery, generally or within any particular industry.

We typically provide service-level commitments under our customer agreements. If we fail to meet these commitments, we could face customer terminations, a reduction in renewals, and damage to our reputation, which would lower our revenue and harm our business, financial condition, and results of operations.

Our agreements with our customers typically provide for service-level commitments relating to service availability. If we fail to meet these commitments, we could be required to extend affected services at no charge and could face customer terminations, or a reduction in renewals, which could significantly affect both our current and future revenue. Any service-level commitment failures could also damage our reputation. The complexity and quality of our customers’ implementation and the performance and availability of cloud services and cloud infrastructure are outside our control, and therefore, we are not in full control of whether we can meet these service-level commitments. Our business, financial condition, and results of operations could be adversely affected if we fail to meet our service-level commitments for any reason. Any extended service outages could adversely affect our business, reputation, and brand.

 

53


Table of Contents

Sales to enterprise customers involve risks that may not be present or that are present to a lesser extent with respect to sales to smaller organizations.

We are seeing an increasing volume of sales to large, enterprise customers. Sales to enterprise customers and large organizations involve risks that may not be present or that are present to a lesser extent with sales to smaller customers, including the commercial customer segment. These risks include longer sales cycles and negotiations, more complex customer requirements (including audit and other requirements driven by such customers’ regulatory and industry contexts), substantial upfront sales costs, and less predictability in completing some of our sales. For example, enterprise customers may require considerable time to evaluate and test our data security solutions and those of our competitors prior to making a purchase decision and placing an order or may need specialized security features to meet regulatory requirements. A number of factors influence the length and variability of our sales cycle, including the need to educate potential customers about the uses and benefits of our data security solutions, the discretionary nature of purchasing and budget cycles, the macroeconomic uncertainty and challenges and resulting increased technology spending scrutiny, and the competitive nature of evaluation and purchasing approval processes. Since the processes for deployment, configuration, and management of our data security solutions are complex, we are also often required to invest significant time and other resources to train and familiarize potential customers with our data security solutions. Customers may engage in extensive evaluation, testing, and quality assurance work before making a purchase commitment, which increases our upfront investment in sales, marketing, and deployment efforts, with no guarantee that these customers will make a purchase or increase the scope of their subscriptions. In certain circumstances, an enterprise customer’s decision to use our data security solutions may be an organization-wide decision, and therefore, these types of sales require us to provide greater levels of education regarding the use and benefits of our data security solutions. As a result, the length of our sales cycle, from identification of the opportunity to deal closure, has varied, and may continue to vary, significantly from customer to customer, with sales to large enterprises and organizations typically taking longer to complete. Moreover, large enterprise customers often begin to deploy our data security solutions on a limited basis but nevertheless demand configuration, integration services, and pricing negotiations, which increase our upfront investment in the sales effort with no guarantee that these customers will deploy our data security solutions widely enough across their organization to justify our substantial upfront investment.

Given these factors, it is difficult to predict whether and when a sale will be completed and when revenue from a sale will be recognized due to the variety of ways in which customers may purchase our data security solutions. This may result in lower than expected revenue in any given period, which would have an adverse effect on our business, financial condition, and results of operations.

Our intellectual property rights may not adequately protect our business.

To be successful, we must protect our technology, know-how, and brand in the United States and other jurisdictions through trademarks, trade secrets, patents, copyrights, service marks, invention assignments, contractual restrictions, and other intellectual property rights and confidentiality procedures. Despite our efforts to implement these protections, they may not adequately protect our business for a variety of reasons, including:

 

   

our inability to successfully register or obtain patents, trademarks, and other intellectual property rights that sufficiently protect our brand and the full scope of important innovations;

 

   

any inability by us to maintain appropriate confidentiality and other protective measures to establish and maintain our trade secrets;

 

   

uncertainty in, and evolution of, legal standards relating to the validity, enforceability, and scope of protection of intellectual property rights;

 

54


Table of Contents
   

potential invalidation of our intellectual property rights through administrative processes or litigation; and

 

   

other practical, resource, or business limitations on our ability to detect and prevent infringement or misappropriation of our rights and to enforce our rights.

Further, the laws of certain foreign countries, particularly certain developing countries, do not provide the same level of protection of corporate proprietary information and assets, such as intellectual property, including trademarks, trade secrets, know-how, and records, as the laws of the United States and mechanisms for enforcement of intellectual property rights may be inadequate. As a result, we may encounter significant problems in protecting and defending our intellectual property or proprietary rights abroad. Additionally, we may also be exposed to material risks of theft or unauthorized reverse engineering of our proprietary information and other intellectual property, including software source code, designs, specifications, or other sensitive information. Our efforts to enforce our intellectual property rights in such foreign countries may be inadequate to obtain a significant commercial advantage from the intellectual property that we develop, which could have an adverse effect on our business, financial condition, and results of operations. Moreover, if we are unable to prevent the disclosure of our trade secrets to third parties, or if our competitors independently develop any of our trade secrets, we may not be able to establish or maintain a competitive advantage in our market, which could seriously harm our business.

We also contribute to open-source projects. Although we have internal policies and procedures designed to pre-approve the incorporation of any of our source code into open-source projects, any such contribution becomes publicly available, subject to the relevant open source license. As a result, our ability to protect some of our intellectual property rights in such source code may be limited or lost entirely, and we would be unable to prevent our competitors or others from using such contributed source code in accordance with the relevant open source license.

Litigation may be necessary to enforce our intellectual property or proprietary rights, protect our trade secrets, or determine the validity and scope of proprietary rights claimed by others. Any litigation, whether or not resolved in our favor, could result in significant expense to us, divert the time and efforts of our technical and management personnel, and result in counterclaims alleging infringement of intellectual property rights by us or challenging the validity or scope of our intellectual property rights, which may lead to the impairment or loss of portions of our intellectual property. If we are unable to prevent third parties from infringing upon or misappropriating our intellectual property or are required to incur substantial expenses defending our intellectual property rights, our business, financial condition, and results of operations may be adversely affected.

If we are not successful in expanding our operations and customer base internationally, our business and results of operations could be negatively affected.

A component of our growth strategy involves the further expansion of our operations and customer base internationally. Customers outside the United States generated 31% and 32% of our total revenue for fiscal 2023 and fiscal 2024, respectively. We are continuing to adapt to and develop strategies to expand in international markets, but there is no guarantee that such efforts will have the desired effect. For example, we anticipate that we will need to establish relationships with new Channel Partners in order to expand into certain countries, and if we fail to identify, establish, and maintain such relationships, we may be unable to execute on our expansion plans. As of January 31, 2024, approximately 46% of our full-time employees were located outside of the United States, with approximately 26% of our full-time employees located in India. We expect that our international activities will continue to grow for the foreseeable future as we continue to pursue opportunities in existing and new international markets, which will require significant dedication of management

 

55


Table of Contents

attention and financial resources. If we invest substantial time and resources to further expand our international operations and are unable to do so successfully and in a timely manner, our business and results of operations will suffer.

We are subject to stringent and evolving U.S. and foreign laws, regulations, rules, contractual obligations, policies, and other requirements relating to privacy and data security. Our actual or perceived failure to comply with such obligations could lead to regulatory investigations or actions, litigation, fines and penalties, disruptions of our business operations, reputational harm, loss of revenue, loss of customers or sales, and other adverse business consequences.

Due to the nature of the data security services and solutions we provide to our customers, we process various categories of data, including proprietary and confidential business data, trade secrets, intellectual property, data about individuals, and other data considered to be sensitive. Our data processing activities may subject us to numerous obligations relating to privacy and data security, such as various laws, regulations, guidance, industry standards, internal and external privacy and security policies, contractual requirements, and other obligations.

In the United States, federal, state, and local governments have enacted numerous data privacy and data security laws, including data breach notification laws, laws governing information about individuals, and consumer protection laws (e.g., Section 5 of the Federal Trade Commission Act). For example, the federal Health Insurance Portability and Accountability Act of 1996, or HIPAA, as amended by the Health Information Technology for Economic and Clinical Health Act, or HITECH, imposes specific requirements relating to the privacy, security, and transmission of individually identifiable health information. As another example, the California Consumer Privacy Act, or CCPA, requires businesses to provide specific disclosures in privacy notices, implement new operational practices, and honor requests from California residents to exercise certain privacy rights. The CCPA contains significant potential penalties for noncompliance (up to $7,500 per violation). California has adopted a new law, the California Privacy Rights Act of 2020, or CPRA, that substantially expands the CCPA, effective January 1, 2023, including by establishing a new California Privacy Protection Agency and by applying to certain business contact information and employment-related data. Other states also passed comprehensive privacy laws, and similar laws are being considered in many other states as well as at the federal level. These developments may further complicate compliance efforts and may increase legal risk and compliance costs for us, the third parties upon whom we rely, and our customers.

Outside the United States, an increasing number of laws, regulations, and industry standards may apply to our data processing activities. For example, the European Union’s General Data Protection Regulation, or EU GDPR, the United Kingdom’s General Data Protection Regulation, or UK GDPR, and Brazil’s General Data Protection Law (Lei Geral de Proteção de Dados Pessoais, or LGPD) (Law No. 13,709/2018) impose strict requirements for processing personal data. Under the EU GDPR, companies may face fines of up to the greater of 20 million Euros or 4% of their global annual revenues, temporary or definitive bans on data processing and other collective action, and private litigation related to the processing of personal data brought by classes of data subjects or consumer protection organizations authorized at law to represent their interests. Furthermore, in Europe, there is a proposed regulation related to AI that, if adopted, could impose onerous obligations related to the use of AI-related systems. In Canada, the Personal Information Protection and Electronic Documents Act, or PIPEDA, and various related provincial laws, as well as Canada’s Anti-Spam Legislation, or CASL, may apply to our operations. We also have operations in Japan and Singapore and may be subject to new and emerging data privacy regimes in Asia, including Japan’s Act on the Protection of Personal Information and Singapore’s Personal Data Protection Act.

Additionally, we may transfer personal data from Europe and other jurisdictions to the United States or other countries. Europe and other jurisdictions have enacted laws regulating the cross-border transfer of personal data from Europe to other countries, and, in particular, the European Economic

 

56


Table of Contents

Area and the United Kingdom, or UK, have significantly restricted the cross-border transfer of personal data to the United States, unless the entity has achieved compliance under the Data Privacy Framework and is listed as an active participant on the International Trade Administration’s website. Currently, we are a listed participant. However, given historical challenges to similarly positioned frameworks, it is possible that the Data Privacy Framework is invalidated in the future, and we will need to rely on other established transfer mechanisms for cross border transfers. Other jurisdictions may adopt similarly stringent interpretations of their cross-border data transfer laws. Although standard contractual clauses, or SCCs, and other mechanisms, currently may be used to transfer personal data from European Economic Area to the United States, these mechanisms are frequently subject to legal challenges, and the efficacy and longevity of such mechanisms for making data transfers from the European Economic Area to the United States remains uncertain. If there is no lawful manner for us to transfer personal data from the European Economic Area or other jurisdictions to the United States, we could face significant consequences, including restricting our operations or relocating part of or all of our business to other jurisdictions and increased exposure to regulatory actions, substantial fines, civil proceedings, and injunctions against processing or transferring personal data, as well as incurring the associated legal and compliance costs. Some European regulators have prevented companies from transferring personal data out of Europe.

In addition to privacy, data protection, and data security laws and regulations, we may be contractually subject to industry standards adopted by industry groups, such as the Payment Card Industry Data Security Standards, or PCI, and may become subject to such obligations in the future. Additionally, the demands our customers place on us relating to privacy, data protection, and data security are becoming more stringent. Data protection laws, such as the EU GDPR, UK GDPR, and CCPA, increasingly require companies to impose specific contractual restrictions on their service providers and contractors. In addition, customers that use certain of our data security solutions to process protected health information may require us to sign business associate agreements that subject us to the privacy and security requirements under HIPAA and HITECH, as well as state laws that govern the privacy and security of health information. Our customers’ increasing data privacy and data security standards also increase the cost and complexity of ensuring that we, and the third parties we rely on to operate our business and deliver our services, can meet these standards. If we, or the third parties on which we rely, are unable to meet our customers’ demands or comply with the increasingly stringent legal or contractual requirements relating to data privacy and data security, we may face increased legal liability, customer contract terminations, and reduced demand for our data security solutions.

Finally, we publish privacy policies, marketing materials, and other statements, such as compliance with certain certifications or self-regulatory principles, as well as other documentation regarding our processing of information about individuals. If these policies, materials, statements, or documentations are found to be deficient, lacking in transparency, deceptive, unfair, or misrepresentative of our practices, we may be subject to investigation, regulatory enforcement actions, costly legal claims by affected individuals or our customers, or other adverse consequences.

Obligations related to data privacy and data security are quickly changing, becoming increasingly stringent, and creating regulatory uncertainty. Additionally, these obligations may be subject to differing applications and interpretations by regulators and other stakeholders, which may be inconsistent or conflict among jurisdictions. Preparing for and complying with these obligations requires us to devote significant resources. These obligations may necessitate changes to our services, information technologies, systems, and practices and to those of any third parties that process personal data on our behalf. In addition, these obligations may require us to change our business model.

Our business model materially depends on our ability to process personal data, so we are particularly exposed to the risks associated with the rapidly changing legal landscape. We may be at

 

57


Table of Contents

heightened risk of regulatory scrutiny, and any changes in the regulatory framework could require us to fundamentally change our business model. Despite our efforts to comply with applicable data privacy and data security obligations, we may at times fail (or be perceived to have failed) in our efforts to comply. Moreover, despite our efforts, our personnel or third parties on whom we rely may fail to comply with such obligations, which could negatively impact our business operations. If we, or the third parties on which we rely, fail, or are perceived to have failed, to address or comply with applicable data privacy and data security obligations, we could face significant consequences, including but not limited to: government enforcement actions (e.g., investigations, fines, penalties, audits, inspections, and similar); litigation (including class-action claims); additional reporting requirements and/or oversight; bans on processing personal data; orders to destroy or not use information about individuals; and imprisonment of company officials. As a data security company, we could be exposed to additional reputational risks should a data privacy incident occur.

As a result of being a public company, we are obligated to develop and maintain proper and effective internal control over financial reporting, and any failure to maintain the adequacy of these internal controls may adversely affect investor confidence in our company and, as a result, the value of our Class A common stock.

We are required, pursuant to Section 404 of the Sarbanes-Oxley Act of 2002, as amended, or the Sarbanes-Oxley Act, to furnish a report by management on, among other things, the effectiveness of our internal control over financial reporting for the fiscal year ending January 31, 2026. This assessment will need to include disclosure of any material weaknesses identified by our management in our internal control over financial reporting. In addition, our independent registered public accounting firm will be required to attest to the effectiveness of our internal control over financial reporting in our first annual report required to be filed with the Securities and Exchange Commission, or the SEC, following the date we are no longer an “emerging growth company.” We have recently commenced the costly and challenging process of compiling the system and processing documentation necessary to perform the evaluation needed to comply with Section 404 of the Sarbanes-Oxley Act, or Section 404, but we may not be able to complete our evaluation, testing, and any required remediation in a timely fashion once initiated. Our compliance with Section 404 will require that we incur substantial expenses and expend significant management efforts. Although we currently have an internal audit group, we will need to hire additional accounting and financial staff with appropriate public company experience and compile the system and process documentation necessary to perform the evaluation needed to comply with Section 404.

During the evaluation and testing process of our internal controls, if we identify one or more material weaknesses in our internal control over financial reporting, we will be unable to certify that our internal control over financial reporting is effective. We cannot assure you that there will not be material weaknesses or significant deficiencies in our internal control over financial reporting in the future. Any failure to maintain internal control over financial reporting could severely inhibit our ability to accurately report our financial condition or results of operations. If we are unable to conclude that our internal control over financial reporting is effective, or if our independent registered public accounting firm determines we have a material weakness or significant deficiency in our internal control over financial reporting, we could lose investor confidence in the accuracy and completeness of our financial reports, the market price of our Class A common stock could decline, and we could be subject to sanctions or investigations by the SEC or other regulatory authorities. Failure to remedy any material weakness in our internal control over financial reporting, or to implement or maintain other effective control systems required of public companies, could also restrict our future access to the capital markets.

 

58


Table of Contents

We may become subject to intellectual property disputes, which can be costly and may subject us to significant liability and increased costs of doing business.

We have been and may continue in the future to be subject to intellectual property disputes. In regard to future litigation, our success depends, in part, on our ability to develop and commercialize our data security solutions without infringing, misappropriating, or otherwise violating the intellectual property rights of third parties. However, we may not be aware that our data security solutions are infringing, misappropriating, or otherwise violating third-party intellectual property rights, and such third parties may bring claims against us, our business partners, and our customers alleging such infringement, misappropriation, or violation. Companies in the software industry are often required to defend against litigation claims based on allegations of infringement, misappropriation, or other violations of intellectual property rights. For example, between 2020 and 2021, we were involved in patent disputes with two of our competitors which have since been resolved. However, we may not in all instances be able to obtain a settlement, or proactively defend or ascertain all third-party rights implicated by our business. Further, certain patent holders that own large numbers of patents and other intellectual property, including “non-practicing entities,” often threaten or enter into litigation based on allegations of infringement or other violations of intellectual property rights. Any claims of intellectual property infringement, even those without merit, may be time-consuming and expensive to resolve, divert management’s time and attention, cause us to cease using or incorporating the challenged technology, expose us to other legal liabilities, such as indemnification obligations, or require us to enter into licensing agreements to obtain the right to use a third-party’s intellectual property. In addition, many companies have the capability to dedicate substantially greater resources to enforce their intellectual property rights and to defend claims that may be brought against them. Any litigation may also involve patent holding companies or other adverse patent owners that have no relevant product revenue, and therefore, our patents may provide little or no deterrence as we would not be able to assert them against such entities or individuals. If we are found to infringe a third-party’s intellectual property rights and we cannot obtain a license or develop a non-infringing alternative, we would be forced to cease business activities related to such intellectual property. Although we carry general liability insurance, our insurance may not cover potential claims of this type or may not be adequate to indemnify us for all liability that may be imposed. We cannot predict the outcome of lawsuits and cannot ensure that the results of any such actions will not have an adverse effect on our business, financial condition, or results of operations. Any intellectual property litigation to which we might become a party, or for which we are required to provide indemnification, may require us to do one or more of the following:

 

   

cease selling or using data security solutions that incorporate the intellectual property rights that we allegedly infringe, misappropriate, or violate;

 

   

make substantial payments for legal fees, settlement payments, or other costs or damages;

 

   

obtain a license, which may not be available on reasonable terms or at all, to sell or use the relevant technology; or

 

   

redesign the allegedly infringing data security solutions to avoid infringement, misappropriation, or violation, which could be costly, time-consuming, or impossible.

Even if the claims do not result in litigation or are resolved in our favor, these claims, and the time and resources necessary to resolve them, could divert the resources of our management and harm our business and results of operations. Moreover, there could be public announcements of the results of hearings, motions or other interim proceedings or developments, and if securities analysts or investors perceive these results to be negative, it could have a substantial adverse effect on the price of our Class A common stock. We expect that the occurrence of infringement claims is likely to grow as our business grows. Accordingly, our exposure to damages resulting from infringement claims could increase, and this could further exhaust our financial and management resources.

 

59


Table of Contents

We and our employees have and may continue to be subject to claims alleging violations of our employees’ contractual obligations to their prior employers. These claims may be costly to defend, and if we do not successfully do so, our business could be harmed.

Many of our employees were previously employed at current or potential competitors. Although we have processes to ensure that our employees do not use proprietary information or disclose confidential information from their prior employer in their work for us or otherwise violate their contractual post-employment obligations such as customer and employee non-solicits, we or our employees may still in the future become subject to claims alleging such violations. Litigation may be necessary to defend against these claims. If we fail in defending such claims, in addition to paying monetary damages, we may lose valuable intellectual property rights or personnel. A loss of key personnel or their work product could negatively impact our business. Even if we are successful in defending against these claims, litigation efforts are costly, time-consuming, and a significant distraction to management.

Our company values have contributed to our success. If we cannot maintain these values as we grow, we could lose certain benefits we derive from them, and our employee turnover could increase, which could harm our business.

We believe our culture is driven by our company values which have been and will continue to be a key contributor to our success. Our core company values are:

 

   

Relentlessness. Unyielding will and curiosity to tackle the hardest challenges.

 

   

Integrity. Do what you say and do the right thing.

 

   

Velocity. Drive clarity, decide quickly, and move fast to delight our customers.

 

   

Excellence. Set a high standard and strive for greatness.

 

   

Transparency. Build trust and drive smart decisions through transparent communication.

We have rapidly increased our workforce across all departments, and we expect to continue to hire across our business. Our anticipated headcount growth, combined with our transition from a privately held to a publicly traded company, may result in changes to certain employees’ adherence to our core company values. If we do not continue to maintain our adherence to our company values as we grow, including through any future acquisitions or other strategic transactions, we may experience increased turnover in a portion of our current employee base and may not continue to be successful in hiring future employees. Moreover, following this offering, many of our employees may be eligible to receive significant proceeds from the sale of common stock in the public markets. This may lead to higher employee attrition rates or disparities in wealth among our employees, which may harm our culture and relations among employees.

We are subject to risks inherent in international operations that can harm our business, financial condition, and results of operations.

Our current and future international business and operations involve a variety of risks, including:

 

   

slower than anticipated availability and adoption of cloud-based data security solutions by international organizations;

 

   

changes in a specific country’s or region’s political or economic conditions;

 

   

the need to adapt and localize our data security solutions for specific countries;

 

   

greater difficulty collecting accounts receivable and longer payment cycles;

 

   

potential changes in trade relations, regulations, or laws;

 

   

unexpected changes in laws, including tax laws, or regulatory requirements;

 

60


Table of Contents
   

more stringent regulations relating to privacy, data security, and data localization requirements and the unauthorized use of, or access to, commercial and personal information;

 

   

differing and potentially more onerous labor regulations, especially in Europe, where labor laws are generally more advantageous to employees as compared to the United States, including deemed hourly wage and overtime regulations in these locations;

 

   

challenges inherent in efficiently managing, and the increased costs associated with, an increased number of employees over large geographic distances, including the need to implement appropriate systems, policies, benefits, and compliance programs that are specific to each jurisdiction;

 

   

difficulties in managing a business in new markets with diverse cultures, languages, customs, legal systems, alternative dispute systems, and regulatory systems;

 

   

increased travel, real estate, infrastructure, and legal compliance costs associated with international operations;

 

   

currency exchange rate fluctuations and the resulting effect on our revenue and expenses, and the cost and risk of entering into hedging transactions if we choose to do so in the future;

 

   

limitations on our ability to reinvest earnings from operations in one country to fund the capital needs of our operations in other countries;

 

   

laws and business practices favoring local competitors or general market preferences for local vendors;

 

   

limited or insufficient intellectual property protection or difficulties obtaining, maintaining, protecting, or enforcing our intellectual property rights, including our trademarks and patents, in the United States or other foreign jurisdictions, such as China;

 

   

political instability, economic sanctions, terrorist activities, or international conflicts, including the conflict in Israel and the surrounding area and the ongoing conflict between Russia and Ukraine, which have in the past and may in the future impact the operations of our business or the businesses of our customers;

 

   

inflationary pressures, such as those the global market is currently experiencing, which may increase costs for certain services;

 

   

health epidemics or pandemics, such as the COVID-19 pandemic;

 

   

exposure to liabilities under anti-corruption and similar laws, including FCPA, U.S. domestic bribery laws, the UK Bribery Act, and similar laws and regulations in other jurisdictions; and

 

   

adverse tax burdens and foreign exchange controls that could make it difficult to repatriate earnings and cash.

The occurrence of any one of these risks could harm our international business and, consequently, our results of operations. Additionally, operating in international markets requires significant management attention and financial resources. We cannot be certain that the investment and additional resources required to operate in other countries will produce desired levels of revenue or profitability.

Changes in tax laws or regulations could harm our financial condition and results of operations.

The tax regimes to which we are subject or under which we operate, including income and non-income taxes, are unsettled in certain respects and may be subject to significant change. Changes in tax laws or regulations, or changes in interpretations of existing laws and regulations, could materially affect our financial condition and results of operations. For example, the Tax Cuts and Jobs Act, or the Tax Act, the Coronavirus Aid, Relief, and Economic Security Act, and the Inflation

 

61


Table of Contents

Reduction Act made many significant changes to the U.S. tax laws. Effective January 1, 2022, the Tax Act eliminated the option to deduct research and development expenses for tax purposes in the year incurred and instead requires taxpayers to capitalize and subsequently amortize such expenses over five years for research activities conducted in the United States and over 15 years for research activities conducted outside the United States. Although there have been legislative proposals to repeal or defer the capitalization requirement to later years, there can be no assurance that the provision will be repealed or otherwise modified. The Tax Act also includes certain U.S. tax base anti-erosion provisions, the global intangible low-taxed income, or GILTI, provisions and the base erosion anti-abuse tax, or BEAT, provisions. The GILTI provisions require us to include in our U.S. taxable income foreign subsidiary earnings in excess of an allowable return on the foreign subsidiary’s tangible assets. We currently have no foreign subsidiaries with material earnings. Therefore, this provision currently has no material impact on us. The BEAT provisions apply to companies with average annual gross receipts of $500 million or more for the prior three-year period, eliminate the deduction of certain base-erosion payments made to related foreign corporations, and impose a minimum tax if greater than regular tax. We are evaluating the BEAT rules and do not currently expect the BEAT rules to have a material impact on U.S. tax expense in the near term; however, the potential impact of the BEAT rules on us in the future is not certain.

In addition, our tax obligations and effective tax rate in the jurisdictions in which we conduct business could increase, including as a result of the base erosion and profit shifting, or BEPS, project that is being led by the Organization for Economic Co-operation and Development, or OECD, and other initiatives led by the OECD or the European Commission. For example, the OECD is leading work on proposals commonly referred to as “BEPS 2.0,” which, if and to the extent implemented, would make important changes to the international tax system. These proposals are based on two “pillars,” involving the reallocation of taxing rights in respect of certain profits of multinational enterprises above a fixed profit margin to the jurisdictions within which they carry on business (subject to certain revenue threshold rules, which we do not currently meet but may meet in the future), referred to as “Pillar One,” and imposing a minimum effective tax rate on certain multinational enterprises, referred to as “Pillar Two.” A number of countries in which we conduct business have enacted with effect from January 1, 2024, or are in the process of enacting, core elements of the Pillar Two rules. Based on our current understanding of the minimum revenue thresholds contained in the Pillar Two proposal, we expect that we are likely to fall within the scope of its rules in the short-to-medium term. The OECD has issued administrative guidance providing transition and safe harbor rules in relation to the implementation of the Pillar Two proposal. We are monitoring developments and evaluating the potential impacts of these new rules, including on our effective tax rates, and considering our eligibility to qualify for these safe harbor rules. As another example, several countries have proposed or enacted taxes applicable to digital services, which could apply to our business.

Due to the large and expanding scale of our international business activities, these types of changes to the taxation of our activities could increase our worldwide effective tax rate, increase the amount of taxes imposed on our business and increase our compliance costs. Such changes also may apply retroactively to our historical operations and result in taxes greater than the amounts estimated and recorded in our consolidated financial statements. Any of these outcomes could harm our financial position and results of operations.

We could be required to collect additional sales or other indirect taxes or be subject to other tax liabilities in various jurisdictions that may adversely affect our results of operations.

We sell subscriptions and services primarily through a distribution channel, but if we were to begin selling more (or, in respect of certain jurisdictions, any) subscriptions and services directly to end user or non-business customers, we may be adversely impacted because an increasing number of U.S. states and foreign jurisdictions are considering or have adopted laws that impose tax collection

 

62


Table of Contents

obligations on out-of-state companies or on companies with no taxable presence within such jurisdictions. State, local, or foreign governments may interpret existing laws, or have adopted or may adopt new laws, requiring us to calculate, collect and remit taxes on sales in their jurisdictions. A successful assertion by one or more taxing jurisdictions requiring us to collect taxes in jurisdictions in which we do not currently do so or to collect additional taxes in jurisdictions in which we currently collect taxes, could result in substantial tax liabilities, including taxes on past sales, as well as penalties and interest, and additional administrative expenses, which could harm our business. The imposition by state, local, or foreign governments of sales or other indirect tax collection obligations on out-of-state sellers or sellers with no taxable presence within the relevant jurisdiction also could create additional administrative burdens for us, put us at a competitive disadvantage if they do not impose similar obligations on our competitors, and decrease our future sales, which could have an adverse effect on our business and results of operations.

Our ability to use our net operating losses to offset future taxable income may be subject to certain limitations.

As of January 31, 2024, we had net operating loss, or NOL, carryforwards for federal and state income tax purposes of $533.6 million and $250.9 million, respectively, which may be available to offset taxable income in the future, and portions of which expire in various years beginning in 2037 for federal purposes and 2028 for state purposes if not utilized. Under current law, U.S. federal NOLs incurred in taxable years beginning after December 31, 2017 may be carried forward indefinitely, but such federal NOLs are permitted to be used in any taxable year to offset only up to 80% of taxable income in such year. A lack of future taxable income would adversely affect our ability to utilize certain of these NOLs before they expire. In addition, under Section 382 of the Internal Revenue Code of 1986, as amended, or the Code, a corporation that undergoes an “ownership change” (as defined under Section 382 of the Code and applicable Treasury Regulations; generally a greater than 50 percentage point change (by value) in its equity ownership by certain stockholders over a three-year period) is subject to limitations on its ability to utilize its pre-change NOLs to offset future taxable income. We have experienced ownership changes under Section 382 of the Code in the past and we may experience additional ownership changes in the future (including, potentially, in connection with this initial public offering) which could affect our ability to utilize our NOLs to offset our income. Similar provisions of state tax law may also apply. Furthermore, our ability to utilize NOLs of companies that we have acquired or may acquire in the future also may be subject to limitations. There is also a risk that due to regulatory changes, such as suspensions on the use of NOLs or other unforeseen reasons, our existing NOLs could expire or otherwise be unavailable to reduce future income tax liabilities, including for state tax purposes. For these reasons, we may not be able to utilize a material portion of the NOLs reflected on our balance sheet, even if we attain profitability, which could potentially result in increased future tax liability to us and could adversely affect our results of operations and financial condition.

We may be subject to additional tax liabilities, which could adversely affect our results of operations.

We are subject to taxes in the United States in federal, state, and local jurisdictions and in certain foreign jurisdictions in which we operate. The amount of taxes we pay in different jurisdictions depends on the application of the relevant tax laws to our business activities, the relative amounts of income before taxes in the various jurisdictions in which we operate, the application of new or revised tax laws, the interpretation of existing tax laws and policies, the outcome of current and future tax audits, examinations, or administrative appeals, our ability to realize our deferred tax assets, and our ability to operate our business in a manner consistent with our corporate structure and intercompany arrangements. We generally conduct our international operations through subsidiaries and report our taxable income in various jurisdictions worldwide based upon our business operations in those jurisdictions. Our intercompany relationships are subject to complex transfer pricing regulations

 

63


Table of Contents

administered by taxing authorities in various jurisdictions. We may be subject to examination by U.S. federal, state, local, and foreign tax authorities, and such tax authorities may disagree with our tax positions. Our methodologies for pricing intercompany transactions may be challenged, or the taxing authorities in the jurisdictions in which we operate may disagree with our determinations as to the income and expenses attributable to specific jurisdictions or the ownership of certain property acquired or developed pursuant to our intercompany arrangements or property of companies that we have acquired or may acquire in the future. If such a challenge or disagreement were to occur and our position was not sustained, we could be required to pay additional taxes, interest, and penalties, which could result in one-time tax charges, higher effective tax rates, reduced cash flows, and lower overall profitability of our operations. While we regularly assess the likelihood of adverse outcomes from any such examinations and the adequacy of our provision for taxes, there can be no assurance that such provision is sufficient or that a determination by a tax authority would not adversely affect our business, financial condition, and results of operations. The determination of our overall provision for income and other taxes is inherently uncertain because it requires significant judgment with respect to complex transactions and calculations. As a result, fluctuations in our tax liabilities may differ materially from amounts recorded in our financial statements and could adversely affect our business, financial condition, and results of operations in the periods for which such determination is made.

If our estimates or judgments relating to our critical accounting policies prove to be incorrect, our results of operations could be adversely affected.

The preparation of financial statements in conformity with GAAP requires management to make estimates and assumptions that affect the amounts reported in our consolidated financial statements and accompanying notes appearing elsewhere in this prospectus. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, as provided in the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Critical Accounting Policies and Estimates.” The results of these estimates form the basis for making judgments about the carrying values of assets, liabilities and equity, and the amount of revenue and expenses that are not readily apparent from other sources. Significant estimates and judgments involve our common stock valuations, the identification of the number of performance obligations in our RSC subscription offerings, and our material rights associated with our Refresh Rights and Subscription Credits. Our results of operations may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our results of operations to fall below the expectations of securities analysts and investors, resulting in a decline in the market price of our Class A common stock.

Our leverage could adversely affect our financial condition, our ability to raise additional capital to fund our operations, our ability to operate our business, and our ability to react to changes in the economy or our industry, as well as divert our cash flow from operations for debt payments and prevent us from meeting our debt obligations.

We entered into the Amended Credit Facility in August 2023 with Goldman Sachs BDC, Inc., as administrative agent, and the other lenders party thereto, consisting of a $289.5 million term loan and $40.5 million of committed delayed draw term loans. The term loans mature in August 2028, and the interest payments associated with the term loans are due quarterly. The Amended Credit Facility refinanced and replaced the term loan facility we previously entered into in June 2022 with Goldman Sachs BDC, Inc., as administrative agent, and the other lenders party thereto.

Our leverage could have an adverse effect on our business and financial condition, including:

 

   

requiring a substantial portion of cash flow from operations to be dedicated to the payment of principal and interest on our indebtedness, thereby reducing our ability to use our cash flow to fund our operations and capital expenditures and pursue future business opportunities;

 

64


Table of Contents
   

exposing us to increased interest expense, as our degree of leverage may cause the interest rates of any future indebtedness, whether fixed or floating rate interest, to be higher than they would be otherwise;

 

   

making it more difficult for us to satisfy our obligations with respect to our indebtedness, and any failure to comply with the obligations of any of our debt instruments, including restrictive covenants, could result in an event of default that accelerates our obligation to repay indebtedness;

 

   

restricting us from making strategic acquisitions;

 

   

limiting our ability to obtain additional financing for working capital, capital expenditures, product development, satisfaction of debt service requirements, acquisitions, and general corporate or other purposes;

 

   

increasing our vulnerability to adverse economic, industry, or competitive developments; and

 

   

limiting our flexibility in planning for, or reacting to, changes in our business or market conditions and placing us at a competitive disadvantage compared to our competitors who may be better positioned to take advantage of opportunities that our existing indebtedness prevents us from exploiting.

A substantial majority of our existing indebtedness consists of indebtedness under our Amended Credit Facility with Goldman Sachs BDC, Inc., as administrative agent, and the other lenders party thereto, which matures in August 2028. We may not be able to further refinance the existing indebtedness because of the amount of our debt, debt incurrence restrictions under our debt agreements, or adverse conditions in credit markets generally. Our inability to generate sufficient cash flow to satisfy our obligations, or to refinance our indebtedness on commercially reasonable terms or at all, would result in an adverse effect on our business, financial condition, and results of operations.

Furthermore, we may incur significant additional indebtedness in the future. Although the financing documents that govern substantially all of our indebtedness contain restrictions on the incurrence of additional indebtedness and entering into certain types of other transactions, these restrictions are subject to a number of qualifications and exceptions. Additional indebtedness incurred in compliance with these restrictions could be substantial. To the extent we incur additional indebtedness, the significant leverage risks described above would be exacerbated.

The terms of the financing documents governing our term loan and credit facilities restrict our current and future operations, particularly our ability to respond to changes or to take certain actions.

The financing documents governing our credit facilities impose significant operating and financial restrictions on us and may limit our ability to engage in acts that may be in our long-term best interests, including restrictions on our ability to:

 

   

incur or guarantee additional indebtedness;

 

   

pay dividends and make other distributions on, or redeem or repurchase, capital stock;

 

   

make certain investments;

 

   

incur certain liens;

 

   

enter into transactions with affiliates;

 

   

merge or consolidate;

 

   

enter into agreements that restrict the ability of subsidiaries to make certain intercompany dividends, distributions, payments, or transfers; and

 

   

transfer or sell assets, including our intellectual property.

 

65


Table of Contents

As a result of the restrictions described above, we will be limited as to how we conduct our business, and we may be unable to raise additional debt or equity financing to compete effectively or to take advantage of new business opportunities. The terms of any future indebtedness we may incur could include more restrictive covenants. We cannot assure you that we will be able to maintain compliance with these covenants in the future and, if we fail to do so, that we will be able to obtain waivers from the lenders or amend the covenants.

Our failure to comply with the restrictive covenants described above as well as other terms of our indebtedness or the terms of any future indebtedness we may incur from time to time could result in an event of default, which, if not cured or waived, could result in our being required to repay these borrowings before their due date. If we are forced to refinance these borrowings on less favorable terms or are unable to refinance these borrowings, our business, financial condition, and results of operations could be adversely affected.

Risks Related to Ownership of Our Common Stock

The dual class structure of our common stock as contained in our amended and restated certificate of incorporation has the effect of concentrating voting control with those stockholders who held our stock prior to this offering, including our executive officers, employees, and directors and their affiliates, and limiting your ability to influence corporate matters, which could adversely affect the trading price of our Class A common stock.

Our Class B common stock has 20 votes per share, and our Class A common stock, which is the stock we are offering in this initial public offering, has one vote per share. Following the completion of this offering, stockholders who hold shares of Class B common stock, including our executive officers and directors and their affiliates, will together hold approximately 99.3% of the voting power of our outstanding capital stock following this offering, and our directors, executive officers, and principal stockholders will beneficially own approximately 55.8% of our outstanding classes of common stock as a whole, but will control approximately 63.6% of the voting power of our outstanding common stock, following this offering. As a result, our executive officers, directors, and other affiliates will have significant influence over our management and affairs and over all matters requiring stockholder approval, including election of directors and significant corporate transactions, such as a merger or other sale of the company or our assets, for the foreseeable future.

In addition, the holders of Class B common stock collectively will continue to be able to control all matters submitted to our stockholders for approval even if their stock holdings represent less than 50% of the outstanding shares of our common stock. Because of the 20-to-1 voting ratio between our Class B common stock and Class A common stock, the holders of our Class B common stock collectively will continue to control a majority of the combined voting power of our common stock even when the shares of Class B common stock represent as little as 5% of the outstanding shares of our Class A common stock and Class B common stock. This concentrated control will limit your ability to influence corporate matters for the foreseeable future, and, as a result, the market price of our Class A common stock could be adversely affected.

Future transfers by holders of shares of Class B common stock will generally result in those shares converting to shares of Class A common stock, which will have the effect, over time, of increasing the relative voting power of those holders of Class B common stock who retain their shares in the long term. Certain permitted transfers, as specified in our amended and restated certificate of incorporation that will be in effect immediately prior to the closing of this offering, will not result in shares of Class B common stock automatically converting to shares of Class A common stock.

FTSE Russell does not allow most newly public companies utilizing dual or multi-class capital structures to be included in their indices, including the Russell 2000. Also, in 2017, MSCI, a leading

 

66


Table of Contents

stock index provider, opened public consultations on its treatment of no-vote and multi-class structures and temporarily barred new multi-class listings from certain of its indices; however, in October 2018, MSCI announced its decision to include equity securities “with unequal voting structures” in its indices and to launch a new index that specifically includes voting rights in its eligibility criteria. Under the announced policies, our dual class capital structure would make us ineligible for inclusion in certain indices, and as a result, mutual funds, exchange-traded funds, and other investment vehicles that attempt to passively track these indices will not be investing in our stock. In addition, we cannot assure you that other stock indices will not take similar actions. Given the sustained flow of investment funds into passive strategies that seek to track certain indices, exclusion from certain stock indices would likely preclude investment by many of these funds and would make our Class A common stock less attractive to other investors. As a result, the trading price, volume, and liquidity of our Class A common stock could be adversely affected.

Our stock price may be volatile, and the value of our Class A common stock may decline.

The market price of our Class A common stock may be highly volatile and may fluctuate or decline substantially as a result of a variety of factors, some of which are beyond our control, including:

 

   

actual or anticipated fluctuations in our financial condition or results of operations;

 

   

variance in our financial performance from our forecasts or the expectations of securities analysts;

 

   

changes in our revenue mix;

 

   

changes in the pricing of our data security solutions;

 

   

changes in our projected operating and financial results;

 

   

changes in laws or regulations applicable to our data security solutions;

 

   

announcements by us or our competitors of significant business developments, acquisitions, or new data security solutions;

 

   

significant data breaches, disruptions to, or other incidents involving our data security solutions;

 

   

our involvement in litigation;

 

   

future sales of our Class A common stock by us or our stockholders, as well as the anticipation of lock-up releases;

 

   

changes in senior management or key personnel;

 

   

the trading volume of our Class A common stock;

 

   

changes in the anticipated future size and growth rate of our market;

 

   

changes in demand for cybersecurity offerings;

 

   

rumors and market speculation involving us or other companies in our industry;

 

   

overall performance of the equity markets; and

 

   

general political, social, economic, and market conditions, in both domestic and our foreign markets, including effects of increased interest rates, inflationary pressures, bank failures, and macroeconomic uncertainty and challenges.

Broad market and industry fluctuations, as well as general economic, political, regulatory, and market conditions, may also negatively impact the market price of our Class A common stock. In addition, technology stocks have historically experienced high levels of volatility. In the past, companies that have experienced volatility in the market price of their securities have been subject to

 

67


Table of Contents

securities class action litigation. We may be the target of this type of litigation in the future, which could result in substantial expenses and divert our management’s attention.

No public market for our Class A common stock currently exists, and an active public trading market may not develop or be sustained following this offering.

No public market for our Class A common stock currently exists. An active public trading market for our Class A common stock may not develop following the closing of this offering or, if developed, it may not be sustained. The lack of an active market may impair your ability to sell your shares at the time you wish to sell them or at a price that you consider reasonable. The lack of an active market may also reduce the fair value of your shares. An inactive market may also impair our ability to raise capital to continue to fund operations by selling shares and may impair our ability to acquire other companies or technologies by using our shares as consideration.

We will have broad discretion in the use of the net proceeds to us from this offering and may not use them effectively.

We will have broad discretion in the application of the net proceeds to us from this offering, including for any of the purposes described in the section titled “Use of Proceeds,” and you will not have the opportunity as part of your investment decision to assess whether the net proceeds are being used appropriately. Because of the number and variability of factors that will determine our use of the net proceeds from this offering, our ultimate use may vary substantially from our currently intended use. Investors will need to rely on the judgment of our management with respect to the use of proceeds. Pending use, we may invest the net proceeds from this offering in short-term, investment-grade, interest-bearing securities, such as money market funds, corporate notes and bonds, certificates of deposit, commercial paper, and guaranteed obligations of the U.S. government that may not generate a high yield for our stockholders. If we do not use the net proceeds that we receive in this offering effectively, our business, financial condition, results of operations, and growth prospects could be harmed, and the market price of our Class A common stock could decline.

Future sales of our Class A common stock in the public market could cause the market price of our Class A common stock to decline.

Sales of a substantial number of shares of our Class A common stock in the public market following the closing of this offering, or the perception that these sales might occur, could depress the market price of our Class A common stock and could impair our ability to raise capital through the sale of additional equity securities. Many of our existing equity holders have substantial unrecognized gains on the value of the equity they hold based upon the price of this offering, and therefore, they may take steps to sell their shares or otherwise secure the unrecognized gains on those shares. We are unable to predict the timing of or the effect that such sales may have on the prevailing market price of our Class A common stock.

All of our directors, executive officers, and the holders of substantially all of our common stock outstanding and securities exercisable for or convertible into our common stock, have entered or will enter into lock-up agreements with the underwriters and/or agreements with market stand-off provisions that restrict our and their ability to sell or transfer shares of our capital stock and securities convertible into or exercisable or exchangeable for shares of our capital stock, for a period of 180 days from the date of this prospectus, subject to earlier termination on the date on which an open trading window period commences following our release of earnings for the quarter ending July 31, 2024, or the Lock-up Period, subject to certain customary exceptions and certain provisions that provide for the release of certain shares of our common stock. In addition, Goldman Sachs & Co. LLC may release any of the securities subject to these lock-up agreements at any time, subject to the applicable notice

 

68


Table of Contents

requirements. See the sections titled “Shares Eligible for Future Sale” and “Underwriting (Conflicts of Interest)” for a discussion of such exceptions and of the provisions that may allow for sales during the Lock-up Period. If not earlier released, all of the shares of Class A common stock not sold in this offering will become eligible for sale upon expiration of the Lock-up Period, except for any shares held by our affiliates as defined in Rule 144 under the Securities Act of 1933, as amended, or the Securities Act.

In addition, there were 3,185,020 shares of Class B common stock issuable upon the exercise of options and 29,296,462 restricted stock units, or RSUs, to be settled in shares of our Class B common stock (after giving effect to the RSU Net Settlement) as of the date of this prospectus. We intend to register all of the shares of common stock issuable upon exercise of outstanding options, the vesting and settlement of outstanding RSUs, and other equity incentives we may grant in the future, for public resale under the Securities Act. The shares of common stock will become eligible for sale in the public market to the extent such options are exercised or RSUs are vested and settled, subject to the lock-up agreements described above comply with applicable securities laws.

Further, based on shares outstanding as of January 31, 2024, holders of approximately 74,182,559 shares of our Class B common stock, or 42.3% of our shares outstanding after the closing of this offering, will have rights, subject to some conditions, to require us to file registration statements covering the sale of their shares or to include their shares in registration statements that we may file for ourselves or other stockholders.

We anticipate incurring substantial tax obligations on the initial settlement of certain RSUs in connection with this offering. The manner in which we fund these tax liabilities may have an adverse effect on our financial condition and may further dilute our stockholders.

In light of the large number of RSUs that will initially settle in connection with this offering, we anticipate that we will expend substantial funds, primarily using net proceeds from this offering, to satisfy tax withholding and remittance obligations. The majority of the RSUs granted prior to the date of this prospectus vest upon the satisfaction of service-based and performance-based conditions. The service-based condition is generally satisfied over a period of four years. The performance-based condition will be satisfied as of the effective date of the registration statement of which this prospectus forms a part. As a result, such RSUs that have previously satisfied the service-based condition will vest in connection with the effectiveness of the registration statement of which this prospectus forms a part. In connection with the settlement of these RSUs, we plan to withhold certain shares underlying RSUs and remit income taxes on behalf of the holders of such RSUs at applicable statutory tax withholding rates based on the initial public offering price per share in this offering. See the section titled “Use of Proceeds.” For RSUs that will vest after the effectiveness of the registration statement of which this prospectus forms a part and prior to the expiration of the lock-up and/or market stand-off period, we will have discretion to net settle or sell-to-cover shares underlying these RSUs and also to delay settlement of these RSUs following vesting until the expiration of the lock-up and/or market stand-off period.

Based on the number of RSUs for which the service-based condition was fully or partially satisfied on or before the date of this prospectus, and assuming (i) that the value of our Class B common stock at the time of settlement was equal to the assumed initial public offering price of $29.50 per share, the midpoint of the price range set forth on the cover page of this prospectus, and (ii) an assumed 44.5% tax withholding rate for the RSUs, we estimate that our tax liability on the settlement date for these RSUs will be approximately $379.8 million in the aggregate. Accordingly, we would expect to deliver an aggregate of approximately 17.0 million shares of our Class B common stock to RSU holders after withholding an aggregate of approximately 12.9 million shares of our Class B common stock. The amount of these tax liabilities and withholdings could be higher or lower, depending on, among other things, the actual price of shares of our Class A common stock sold in this offering, the actual tax withholding rates, and the actual

 

69


Table of Contents

number of RSUs for which the service-based condition has been satisfied on the settlement or vesting date (after accounting for forfeitures prior to the settlement or vesting date). As a result, depending on these factors, we may need to use existing cash, cash equivalents, and short-term investments to fund a portion of these tax withholding and remittance obligations.

Our issuance of additional capital stock in connection with financings, acquisitions, investments, our equity incentive plans, or otherwise will dilute all other stockholders.

We expect to issue additional capital stock in the future that will result in dilution to all other stockholders. We expect to grant equity awards to employees, directors, and consultants under our equity incentive plans. We may also raise capital through equity financings in the future. As part of our business strategy, we may acquire or make investments in companies, products or technologies and issue equity securities to pay for any such acquisition or investment. Any such issuances of additional capital stock may cause stockholders to experience significant dilution of their ownership interests and the per share value of our Class A common stock to decline.

You will experience immediate and substantial dilution in the net tangible book value of the shares of common stock you purchase in this offering.

The initial public offering price of our Class A common stock is substantially higher than the pro forma net tangible book value per share of our Class A common stock immediately after this offering. If you purchase shares of our Class A common stock in this offering, you will suffer immediate dilution of $33.76 per share, representing the difference between our pro forma as adjusted net tangible book value per share after giving effect to the sale of Class A common stock in this offering, the RSU Net Settlement, and the assumed initial public offering price of $29.50 per share, the midpoint of the price range set forth on the cover page of this prospectus. See the section titled “Dilution.”

We do not intend to pay dividends for the foreseeable future and, as a result, your ability to achieve a return on your investment will depend on appreciation in the price of our Class A common stock.

We have never declared or paid any cash dividends on our capital stock, and we do not intend to pay any cash dividends in the foreseeable future. Any determination to pay dividends in the future will be at the discretion of our board of directors. In addition, our Amended Credit Facility contains restrictions on our ability to pay cash dividends on our Class A Common Stock. Additionally, our ability to pay dividends may be further restricted by agreements we may enter into in the future. Accordingly, you may need to rely on sales of our Class A common stock after price appreciation, which may never occur, as the only way to realize any future gains on your investment.

We are an “emerging growth company,” and we cannot be certain if the reduced reporting and disclosure requirements applicable to emerging growth companies will make our Class A common stock less attractive to investors.

We are an “emerging growth company,” as defined in the JOBS Act, and we may take advantage of certain exemptions from various reporting requirements that are applicable to other public companies that are not “emerging growth companies,” including the auditor attestation requirements of Section 404, reduced disclosure obligations regarding executive compensation in our periodic reports and proxy statements, and exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved. Pursuant to Section 107 of the JOBS Act, as an emerging growth company, we have elected to use the extended transition period for complying with new or revised accounting standards until those standards would otherwise apply to private companies. As a result, our consolidated financial statements may not be comparable to the financial statements of issuers who are required to

 

70


Table of Contents

comply with the effective dates for new or revised accounting standards that are applicable to public companies, which may make our Class A common stock less attractive to investors. In addition, if we cease to be an emerging growth company, we will no longer be able to use the extended transition period for complying with new or revised accounting standards.

We will remain an emerging growth company until the first to occur of: (1) the last day of the year following the fifth anniversary of this offering; (2) the last day of the first year in which our annual gross revenue is $1.235 billion or more; (3) the date on which we have, during the previous rolling three-year period, issued more than $1.0 billion in non-convertible debt securities; and (4) the date we qualify as a “large accelerated filer,” with at least $700 million of equity securities held by non-affiliates.

We cannot predict if investors will find our Class A common stock less attractive if we choose to rely on these exemptions. For example, if we do not adopt a new or revised accounting standard, our future results of operations may not be as comparable to the results of operations of certain other companies in our industry that adopted such standards. If some investors find our Class A common stock less attractive as a result, there may be a less active trading market for our Class A common stock, and our stock price may be more volatile.

We will incur increased costs as a result of operating as a public company, and our management will be required to devote substantial time to compliance with our public company responsibilities and corporate governance practices.

As a public company, we will incur significant legal, accounting, and other expenses that we did not incur as a private company, which we expect to further increase after we are no longer an “emerging growth company.” The Sarbanes-Oxley Act, the Dodd-Frank Wall Street Reform and Consumer Protection Act, the listing requirements of the securities exchange on which our Class A common stock trades, and other applicable securities rules and regulations impose various requirements on public companies. Our management and other personnel will devote a substantial amount of time to compliance with these requirements. Moreover, these rules and regulations will increase our legal and financial compliance costs and will make some activities more time-consuming and costly. We cannot predict or estimate the amount of additional costs we will incur as a public company or the specific timing of such costs.

Anti-takeover provisions in our charter documents and under Delaware law could make an acquisition of our company more difficult, limit attempts by our stockholders to replace or remove our current management, and limit the market price of our Class A common stock.

Provisions in our amended and restated certificate of incorporation and amended and restated bylaws, as they will be in effect immediately prior to the closing of this offering, may have the effect of preventing a change of control or changes in our management. Our amended and restated certificate of incorporation and amended and restated bylaws will include provisions that:

 

   

authorize our board of directors to issue, without further action by the stockholders, shares of undesignated preferred stock with terms, rights, and preferences determined by our board of directors that may be senior to our Class A common stock;

 

   

require that any action to be taken by our stockholders be effected at a duly called annual or special meeting and not by written consent;

 

   

specify that special meetings of our stockholders can be called only by our board of directors, the chairperson of our board of directors, our chief executive officer, or our president (in the absence of a chief executive officer);

 

   

establish an advance notice procedure for stockholder proposals to be brought before an annual meeting, including proposed nominations of persons for election to our board of directors;

 

71


Table of Contents
   

establish that our board of directors is divided into three classes, with each class serving three-year staggered terms;

 

   

prohibit cumulative voting in the election of directors;

 

   

provide that our directors may be removed for cause only upon the vote of at least 66 2/3% of our outstanding shares of voting stock;

 

   

provide that vacancies on our board of directors may be filled only by the affirmative vote of a majority of directors then in office, even though less than a quorum, or by a sole remaining director; and

 

   

require the approval of our board of directors or the holders of at least 66 2/3% of our outstanding shares of voting stock to amend our bylaws and certain provisions of our certificate of incorporation.

These provisions may frustrate or prevent any attempts by our stockholders to replace or remove our current management by making it more difficult for stockholders to replace members of our board of directors, which is responsible for appointing the members of our management. In addition, because we are incorporated in Delaware, we are governed by the provisions of Section 203 of the Delaware General Corporation Law, which generally, subject to certain exceptions, prohibits a Delaware corporation from engaging in any of a broad range of business combinations with any “interested” stockholder for a period of three years following the date on which the stockholder became an “interested” stockholder. Any of the foregoing provisions could limit the price that investors might be willing to pay in the future for shares of our Class A common stock, and they could deter potential acquirers of our company, thereby reducing the likelihood that you would receive a premium for your shares of our Class A common stock in an acquisition.

Our amended and restated certificate of incorporation will designate the Court of Chancery of the State of Delaware and the federal district courts of the United States of America as the exclusive forums for certain disputes between us and our stockholders, which will restrict our stockholders’ ability to choose the judicial forum for disputes with us or our directors, officers, or employees.

Our amended and restated certificate of incorporation, to be effective immediately prior to the closing of this offering, will provide that the Court of Chancery of the State of Delaware (or, if and only if the Court of Chancery of the State of Delaware lacks subject matter jurisdiction, any state court located within the State of Delaware or, if and only if all such state courts lack subject matter jurisdiction, the federal district court for the District of Delaware) is the sole and exclusive forum for the following types of actions or proceedings under Delaware statutory or common law: (i) any derivative action or proceeding brought on our behalf; (ii) any action or proceeding asserting a claim of breach of a fiduciary duty owed by any of our current or former directors, officers, or other employees to us or our stockholders, or any action asserting a claim for aiding and abetting such breach of fiduciary duty; (iii) any action or proceeding asserting a claim against us or any of our current or former directors, officers or other employees arising out of or pursuant to any provision of the Delaware General Corporation Law, our amended and restated certificate of incorporation or our amended and restated bylaws; (iv) any action or proceeding to interpret, apply, enforce or determine the validity of our amended and restated certificate of incorporation or our amended and restated bylaws (including any right, obligation, or remedy thereunder); (v) any action or proceeding as to which the Delaware General Corporation Law confers jurisdiction to the Court of Chancery of the State of Delaware; and (vi) any action or proceeding asserting a claim against us or any of our current or former directors, officers, or other employees that is governed by the internal affairs doctrine, in all cases to the fullest extent permitted by law and subject to the court’s having personal jurisdiction over the indispensable parties named as defendants. This provision would not apply to suits brought to enforce a duty or liability

 

72


Table of Contents

created by the Securities Exchange Act of 1934, as amended, or the Exchange Act, or any other claim for which the federal courts have exclusive jurisdiction. In addition, to prevent having to litigate claims in multiple jurisdictions and the threat of inconsistent or contrary rulings by different courts, among other considerations, our amended and restated certificate of incorporation to be effective immediately prior to the closing of this offering will provide that, unless we consent in writing to the selection of an alternative forum, to the fullest extent permitted by law, the federal district courts of the United States of America will be the exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act, including all causes of action asserted against any defendant named in such complaint. For the avoidance of doubt, this provision is intended to benefit and may be enforced by us, our officers and directors, the underwriters to any offering giving rise to such complaint, and any other professional entity whose profession gives authority to a statement made by that person or entity and who has prepared or certified any part of the documents underlying the offering. However, as Section 22 of the Securities Act creates concurrent jurisdiction for federal and state courts over all suits brought to enforce any duty or liability created by the Securities Act or the rules and regulations thereunder, there is uncertainty as to whether a court would enforce such provision. Our amended and restated certificate of incorporation, to be effective immediately prior to the closing of this offering, will further provide that any person or entity holding, owning or otherwise acquiring any interest in any of our securities shall be deemed to have notice of and consented to these provisions. Investors also cannot waive compliance with the federal securities laws and the rules and regulations thereunder.

These choice of forum provisions may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or our directors, officers, or other employees. While the Delaware courts have determined that such choice of forum provisions are facially valid, a stockholder may nevertheless seek to bring such a claim arising under the Securities Act against us, our directors, officers, or other employees in a venue other than in the federal district courts of the United States of America. In such instance, we would expect to vigorously assert the validity and enforceability of the exclusive forum provisions of our amended and restated certificate of incorporation. This may require significant additional costs associated with resolving such action in other jurisdictions and we cannot assure you that the provisions will be enforced by a court in those other jurisdictions. If a court were to find either exclusive-forum provision in our amended and restated certificate of incorporation to be inapplicable or unenforceable in an action, we may incur further significant additional costs associated with resolving the dispute in other jurisdictions, all of which could harm our business.

If securities or industry analysts do not publish research or publish unfavorable or inaccurate research about our business, the market price and trading volume of our Class A common stock could decline.

The market price and trading volume of our Class A common stock following the closing of this offering will be heavily influenced by the way analysts interpret our financial information and other disclosures. We do not have control over these analysts. If few securities analysts commence coverage of us, or if industry analysts cease coverage of us, our stock price would be negatively affected. If securities or industry analysts do not publish research or reports about our business, downgrade our Class A common stock, or publish negative reports about our business, our stock price would likely decline. If one or more of these analysts cease coverage of us or fail to publish reports on us regularly, demand for our Class A common stock could decrease, which might cause our stock price to decline and could decrease the trading volume of our Class A common stock.

 

73


Table of Contents

General Risk Factors

Any future litigation against us could be costly and time-consuming to defend.

We have in the past been and in the future may become subject to legal proceedings and claims that arise in the ordinary course of business, such as intellectual property claims, including trade secret misappropriation and breaches of confidentiality terms, alleged breaches of non-competition or non-solicitation terms, or employment claims made by our current or former employees. Litigation might result in substantial costs and may divert management’s attention and resources, which might seriously harm our business, financial condition, and results of operations. Insurance might not cover such claims, might not provide sufficient payments to cover all the costs to resolve one or more such claims, and might not continue to be available on terms acceptable to us. A claim brought against us that is uninsured or underinsured could result in unanticipated costs, potentially harming our business, financial condition, and results of operations.

Our business could be disrupted by catastrophic events.

Occurrence of any catastrophic event, including earthquake, fire, flood, tsunami, or other weather event, power loss, telecommunications failure, software or commodity appliance malfunction, cyberattack, war, or terrorist attack, explosion, or pandemic could impact our business. In particular, our corporate headquarters are located in the San Francisco Bay Area, a region known for seismic activity, and are thus vulnerable to damage in an earthquake. Our insurance coverage may not compensate us for losses that may occur in the event of an earthquake or other significant natural disaster. Additionally, we rely on third-party cloud providers and enterprise applications, technology systems, and our website for our development, marketing, operational support, hosted services, and sales activities. In the event of a catastrophic event, we may be unable to continue our operations and may endure system interruptions, reputational harm, delays in our product development, lengthy interruptions in our data security solutions, and breaches of data security, all of which could have an adverse effect on our results of operations. If we are unable to develop adequate plans to ensure that our business functions continue to operate during and after a disaster and to execute successfully on those plans in the event of a disaster or emergency, our business would be harmed.

 

74


Table of Contents

SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS

This prospectus contains forward-looking statements about us and our industry that involve substantial risks and uncertainties. All statements other than statements of historical facts contained in this prospectus, including statements regarding our future financial condition or results of operations, business strategy and plans, and objectives of management for future operations are forward-looking statements. In some cases, you can identify forward-looking statements because they contain words such as “anticipate,” “believe,” “continue,” “could,” “estimate,” “expect,” “intend,” “may,” “plan,” “potential,” “predict,” “project,” “should,” “target,” “toward,” “will,” “would,” or the negative of these words or other similar terms or expressions. These forward-looking statements include, but are not limited to, statements concerning the following:

 

   

our expectations regarding our revenue, cost of revenue, gross profit or gross margin, operating leverage, operating expenses, and other results of operations, including our key metrics;

 

   

the growth rate of the market in which we compete;

 

   

our business plan and our ability to effectively manage our growth and associated investments;

 

   

anticipated trends, growth rates, and challenges in our business and in the markets in which we operate;

 

   

our ability to achieve or sustain our profitability;

 

   

future investments in our business, our anticipated capital expenditures, and our estimates regarding our capital requirements;

 

   

the costs and success of our marketing efforts and our ability to promote our brand;

 

   

our beliefs and objectives for future operations;

 

   

our ability to increase sales of our products;

 

   

our ability to acquire new customers and successfully retain and expand platform usage with existing customers;

 

   

our ability to successfully transition our customers to RSC;

 

   

our ability and expectations to continue to innovate and enhance our platform;

 

   

our reliance on key personnel and our ability to identify, recruit, and retain skilled personnel;

 

   

our ability to obtain, maintain, protect, and enforce our intellectual property rights and any costs associated therewith;

 

   

our ability to operate our business under evolving macroeconomic conditions, such as high inflation, bank failures and related uncertainties, or recessionary or uncertain environments;

 

   

the impact of the ongoing conflicts in Israel and the surrounding area and between Russia and Ukraine on our business and operations;

 

   

the effects of the COVID-19 pandemic or other epidemics or pandemics;

 

   

our ability to compete effectively with existing competitors and new market entrants;

 

   

our ability to introduce new products on top of our platform;

 

   

our ability and expectations to expand internationally;

 

   

our ability to utilize AI successfully in our current and future products;

 

   

our ability to comply or remain in compliance with laws and regulations that currently apply or become applicable to our business in the United States and other jurisdictions where we elect to do business;

 

75


Table of Contents
   

the expiration or release of market stand-off or contractual lock-up agreements, anticipation of such events, and sales of shares of our Class A common stock by us or our stockholders; and

 

   

our intended use of the net proceeds from this offering.

We caution you that the foregoing list may not contain all of the forward-looking statements made in this prospectus.

You should not rely on forward-looking statements as predictions of future events. We have based the forward-looking statements contained in this prospectus primarily on our current expectations and projections about future events and trends that we believe may affect our business, financial condition, and results of operations. The outcome of the events described in these forward-looking statements is subject to risks, uncertainties, and other factors described in the section titled “Risk Factors” and elsewhere in this prospectus. Moreover, we operate in a very competitive and rapidly changing environment. New risks and uncertainties emerge from time to time, and it is not possible for us to predict all risks and uncertainties that could have an impact on the forward-looking statements contained in this prospectus. The results, events, and circumstances reflected in the forward-looking statements may not be achieved or occur, and actual results, events, or circumstances could differ materially from those described in the forward-looking statements.

In addition, statements that “we believe” and similar statements reflect our beliefs and opinions on the relevant subject. These statements are based on information available to us as of the date of this prospectus. While we believe such information provides a reasonable basis for these statements, such information may be limited or incomplete. Our statements should not be read to indicate that we have conducted an exhaustive inquiry into, or review of, all relevant information. These statements are inherently uncertain, and investors are cautioned not to unduly rely on these statements.

The forward-looking statements made in this prospectus relate only to events as of the date on which the statements are made. We undertake no obligation to update any forward-looking statements made in this prospectus to reflect events or circumstances after the date of this prospectus or to reflect new information, actual results, revised expectations, or the occurrence of unanticipated events, except as required by law. We may not actually achieve the plans, intentions, or expectations disclosed in our forward-looking statements, and you should not place undue reliance on our forward-looking statements. Our forward-looking statements do not reflect the potential impact of any future acquisitions, mergers, dispositions, joint ventures, or investments.

 

76


Table of Contents

MARKET, INDUSTRY, AND OTHER DATA

This prospectus contains statistical data, estimates, forecasts, and information concerning our industry, including the market size and growth of the markets in which we participate, that are based on independent industry publications or other publicly available information, as well as other information based on our internal sources. While we believe the industry and market data included in this prospectus are reliable and are based on reasonable assumptions, these data involve many assumptions and limitations, and you are cautioned not to give undue weight to these estimates. We have not independently verified the accuracy or completeness of the data contained in these industry publications and other publicly available information. The industry in which we operate is subject to a high degree of uncertainty and risk due to a variety of factors, including those described in the sections titled “Risk Factors” and “Special Note Regarding Forward-Looking Statements.” These and other factors could cause results to differ materially from those expressed in the projections and estimates made by the independent third parties and us.

The sources of certain statistical data, estimates, and forecasts contained in this prospectus are:

 

   

Customer Relationship Management Institute LLC, 2023.

 

   

Cybersecurity Ventures, Top 10 Cybersecurity Predictions and Statistics for 2024, February 2024.

 

   

Gartner, Inc., Forecast Analysis: Cloud Security Posture Management, Worldwide, July 2023.

 

   

Gartner, Inc., Forecast: Enterprise Infrastructure Software, Worldwide, 2021-2027, 4Q23 Update, December 2023.

 

   

Gartner, Inc., Forecast: Information Security and Risk Management, Worldwide, 2021-2027, 4Q23 Update, December 2023.

 

   

Gartner, Inc., Press Release, Gartner Forecasts Global Security and Risk Management Spending to Grow 14% in 2024, September 28, 2023. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

 

   

International Data Corporation (IDC), Worldwide IDC Global DataSphere Forecast, 2023-2027: It’s a Distributed, Diverse, and Dynamic (3D) DataSphere, April 2023 (#US50554523).

 

   

International Data Corporation (IDC), IDC MarketScape: Worldwide Cyber-Recovery 2023 Vendor Assessment, November 2023 (#US49787923).

 

   

Netskope, Inc., Cloud Report, August 2019.

The Gartner® content described herein, or the Gartner Content, represent(s) research opinions or viewpoints published, as part of a syndicated subscription service, by Gartner, Inc., or Gartner, and are not representations of fact. Each Gartner Content speaks as of its original publication date (and not as of the date of this prospectus) and the opinions expressed in the Gartner Content are subject to change without notice.

 

77


Table of Contents

USE OF PROCEEDS

We estimate that we will receive net proceeds from this offering of approximately $632.6 million (or approximately $729.3 million if the underwriters’ option to purchase additional shares is exercised in full) based on an assumed initial public offering price of $29.50 per share, the midpoint of the price range set forth on the cover page of this prospectus, after deducting underwriting discounts and commissions and estimated offering expenses payable by us.

The principal purposes of this offering are to increase our capitalization and financial flexibility and create a public market for our Class A common stock. We intend to use a portion of the net proceeds we receive from this offering to repay in full the aggregate principal amount of the Bridge Notes and accrued interest thereon as well as estimated debt issuance costs relating to the Bridge Notes. Prior to the closing of this offering, we intend to use the borrowed amounts under the Bridge Notes, together with existing cash, cash equivalents, and short-term investments, to pay all of our anticipated tax withholding and remittance obligations related to the RSU Net Settlement. In connection with the RSU Net Settlement, assuming (i) the fair market value of our Class B common stock at the time of settlement will be equal to the assumed initial public offering price per share of $29.50, the midpoint of the price range set forth on the cover page of this prospectus, and (ii) an assumed 44.5% tax withholding rate, we estimate that these tax withholding and remittance obligations on the RSU Net Settlement will be $379.8 million in the aggregate.

The Bridge Notes will be terminated following our repayment in full of the aggregate principal amount thereof and accrued interest thereon. The Bridge Notes will accrue interest at 7.00% per year prior to the closing of this offering. We intend to repay the Bridge Notes in full in connection with the closing of this offering, with such date being the earliest that the Bridge Notes may mature.

Each $1.00 increase (decrease) in the assumed initial public offering price of $29.50 per share, the midpoint of the price range set forth on the cover page of this prospectus, would increase (decrease) the net proceeds to us from this offering by approximately $21.9 million, assuming the number of shares offered by us, as set forth on the cover page of this prospectus, remains the same, and after deducting underwriting discounts and commissions and estimated offering expenses payable by us. Similarly, each increase (decrease) of 1.0 million shares in the number of shares of Class A common stock offered by us would increase (decrease) the net proceeds to us from this offering by approximately $28.0 million, assuming the assumed initial public offering price per share remains the same, and after deducting underwriting discounts and commissions and estimated offering expenses payable by us.

Each $1.00 increase (decrease) in the assumed initial public offering price per share of $29.50, which is the midpoint of the price range set forth on the cover page of this prospectus, assuming no change in the assumed settlement date or applicable tax withholding rate, would increase (decrease) the amount we would be required to pay to satisfy our tax withholding and remittance obligations described above by approximately $12.9 million. In addition, each 1.0% increase (decrease) in the tax withholding rate, assuming no change in the assumed initial public offering price per share, would increase (decrease) the amount of tax withholding and remittance obligations described above by approximately $8.6 million.

We intend to use the remaining net proceeds we receive from this offering for general corporate purposes, including working capital, operating expenses, and capital expenditures. We cannot specify with certainty all of the particular uses for the remaining net proceeds to us from this offering. We may also use a portion of the remaining net proceeds for the acquisitions of, or strategic investments in, complementary businesses, products, services, or technologies. However, we do not have any agreements or commitments to enter into any material acquisitions or investments at this time. We will

 

78


Table of Contents

have broad discretion over how we use the net proceeds from this offering. Pending the use of the proceeds from this offering as described above, we intend to invest the net proceeds from the offering that are not used as described above in investment-grade, interest-bearing instruments such as money market funds, corporate notes and bonds, certificates of deposit, commercial paper, and guaranteed obligations of the U.S. government.

 

79


Table of Contents

DIVIDEND POLICY

We have never declared or paid cash dividends on our capital stock. We currently intend to retain all available funds and future earnings, if any, to fund the development and expansion of our business, and we do not anticipate paying any cash dividends in the foreseeable future. Any future determination regarding the declaration and payment of dividends, if any, will be at the discretion of our board of directors and will depend on then-existing conditions, including our financial condition, results of operations, contractual restrictions, capital requirements, business prospects, and other factors our board of directors may deem relevant. Our Amended Credit Facility contains restrictions on our ability to pay cash dividends on our capital stock. Additionally, our ability to pay dividends may be further restricted by agreements we may enter into in the future.

 

80


Table of Contents

CAPITALIZATION

The following table sets forth our cash, cash equivalents, and short-term investments and our capitalization as of January 31, 2024 on:

 

   

an actual basis;

 

   

a pro forma basis, to reflect (i) the automatic conversion of all outstanding shares of our redeemable convertible preferred stock, of which there were 74,182,559 shares outstanding as of January 31, 2024, into an equal number of shares of Class B common stock, as if such conversion had occurred on January 31, 2024; (ii) the automatic conversion of all outstanding shares of convertible founders stock, of which there were 5,400,000 shares outstanding, as of January 31, 2024, into an equal number of shares of Class B common stock as if such conversion had occurred on January 31, 2024; (iii) the reclassification of our outstanding common stock as Class B common stock; (iv) stock-based compensation expense of $621.5 million related to RSUs subject to the RSU Net Settlement, reflected as an increase to additional paid-in capital and accumulated deficit, as further described in Notes 2 and 11 of our consolidated financial statements included elsewhere in this prospectus; (v) the net issuance of 16,988,497 shares of Class B common stock in connection with the RSU Net Settlement, after withholding 12,875,284 shares to satisfy estimated tax withholding and remittance obligations of $379.8 million (based on the assumed initial public offering price of $29.50 per share, the midpoint of the price range set forth on the cover page of this prospectus, and an assumed 44.5% tax withholding rate); (vi) the incurrence of the Bridge Notes in an aggregate principal amount of $304.8 million, together with existing cash, cash equivalents, and short-term investments, to pay the estimated tax withholding and remittance obligations in connection with the RSU Net Settlement prior to the closing of this offering; (vii) the related $304.8 million net increase in total debt and total liabilities (without giving effect to $0.3 million in estimated debt issuance costs relating to the Bridge Notes) and the corresponding $379.8 million decrease in additional paid-in capital and $75.0 million net decrease in cash, cash equivalents, and short-term investments resulting from (A) the RSU Net Settlement and related tax withholding and remittance obligations and (B) the subsequent incurrence and use of proceeds from the Bridge Notes, together with existing cash, cash equivalents, and short-term investments, to repay such tax withholding and remittance obligations prior to the closing of this offering; and (vii) the filing and effectiveness of our amended and restated certificate of incorporation, which will occur immediately prior to the closing of this offering; and

 

   

a pro forma as adjusted basis, to reflect the adjustments described above and further reflect (i) our receipt of $639.0 million in estimated net proceeds from the sale and issuance by us of 23,000,000 shares of Class A common stock in this offering, at an assumed initial public offering price of $29.50 per share, the midpoint of the price range set forth on the cover page of this prospectus, after deducting underwriting discounts and commissions and estimated offering expenses payable by us (which offering expenses exclude $6.5 million of deferred offering costs that have been previously paid as of January 31, 2024); (ii) the use of net proceeds from this offering, together with existing cash, cash equivalents, and short-term investments, if necessary, to repay in full the aggregate principal amount under the Bridge Notes, $0.2 million of accrued interest thereon as well as $0.3 million of estimated debt issuance costs relating to the Bridge Note in connection with the closing of this offering; and (iii) the related $0.5 million increase in accumulated deficit for debt issuance costs and interest expense.

 

81


Table of Contents

The pro forma as adjusted information below is illustrative only, and our capitalization following the closing of this offering will be adjusted based on, among other things, the actual initial public offering price and other terms of this offering determined at pricing, the actual tax withholding rates, as well as the actual amount of RSUs settled in connection with this offering. You should read this information together with the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and our consolidated financial statements and the related notes included elsewhere in this prospectus.

 

     January 31, 2024  
     Actual     Pro Forma(1)     Pro Forma
as Adjusted(1)
 
     (in thousands, except share and per share
amounts)
 

Cash, cash equivalents, and short-term investments

   $ 279,251     $ 204,251     $ 537,931  
  

 

 

   

 

 

   

 

 

 

Total debt(3)

   $ 287,042     $ 591,863     $ 287,042  
  

 

 

   

 

 

   

 

 

 

Redeemable convertible preferred stock, par value $0.000025 per share; 74,182,559 shares authorized, issued, and outstanding, actual; no shares authorized, issued, or outstanding, pro forma and pro forma as adjusted

     714,713              
  

 

 

   

 

 

   

 

 

 

Stockholders’ (deficit) equity:

      

Preferred stock, par value $0.000025 per share; no shares authorized, issued, or outstanding, actual; no shares authorized, issued, or outstanding, pro forma and pro forma as adjusted

     —               

Common stock, par value $0.000025 per share; 203,935,682 shares authorized, 55,862,729 shares issued and outstanding, actual; no shares authorized, issued, or outstanding, pro forma and pro forma as adjusted

     1              

Convertible founders stock, par value $0.000025 per share; 5,400,000 shares authorized, 5,400,000 shares issued and outstanding, actual; no shares authorized, issued, or outstanding, pro forma and pro forma as adjusted

     —               

Class A common stock, par value $0.000025 per share; no shares authorized, issued, or outstanding, actual; 1,070,000,000 shares authorized, no shares issued or outstanding, pro forma; 1,070,000,000 shares authorized, 23,000,000 shares issued and outstanding, pro forma as adjusted

     —              1  

Class B common stock, par value $0.000025 per share; no shares authorized, issued, or outstanding, actual; 210,000,000 shares authorized, 152,433,785 shares issued and outstanding, pro forma and pro forma as adjusted

     —        4       4  

Additional paid-in capital

     265,494       1,221,884       1,854,458  
  

 

 

   

 

 

   

 

 

 

Accumulated other comprehensive (loss)

     (2,239     (2,239     (2,239
  

 

 

   

 

 

   

 

 

 

Accumulated deficit

     (1,682,513     (2,304,014     (2,304,548
  

 

 

   

 

 

   

 

 

 

Total stockholders’ (deficit) equity

     (1,419,257     (1,084,365     (452,324
  

 

 

   

 

 

   

 

 

 

Total capitalization

   $ (417,502   $ (492,502   $ (165,282
  

 

 

   

 

 

   

 

 

 

 

(1)

Each $1.00 increase (decrease) in the assumed initial public offering price of $29.50 per share, the midpoint of the price range set forth on the cover page of this prospectus, would increase (decrease) the amount of pro forma as adjusted cash, cash equivalents, and short-term investments, total stockholders’ (deficit) equity, and total capitalization by $21.9 million,

 

82


Table of Contents
  assuming the number of shares offered by us, as set forth on the cover page of this prospectus, remains the same and after deducting underwriting discounts and commissions and estimated offering expenses payable by us. We may also increase (decrease) the number of shares we are offering. An increase (decrease) of 1.0 million in the number of shares we are offering would increase or decrease the amount of pro forma as adjusted cash, cash equivalents, and short-term investments, total stockholders’ (deficit) equity, and total capitalization by $28.0 million, assuming the assumed initial public offering price per share, the midpoint of the price range set forth on the cover page of this prospectus, remains the same and after deducting underwriting discounts and commissions and estimated offering expenses payable by us. In addition, each 1.0% increase (decrease) in the tax withholding rate would increase (decrease) the amount of tax withholding and remittance obligations related to the RSU Net Settlement and increase (decrease) cash, cash equivalents, and short term investments, additional paid-in capital, total stockholders’ (deficit) equity, and total capitalization by $8.6 million, assuming that the assumed initial public offering price remains the same, that the number of shares of Class A common stock offered by us, as set forth on the cover page of this prospectus, remains the same, and after deducting underwriting discounts and commissions and estimated offering expenses payable by us in connection with this offering. Each $1.0 increase (decrease) in the assumed initial public offering price of $29.50 per share, the midpoint of the price range set forth on the cover page of this prospectus, would increase (decrease) the amount of tax withholding and remittance obligations related to the RSU Net Settlement and increase (decrease) cash, cash equivalents, and short term investments, additional paid-in capital, total stockholders’ (deficit) equity, and total capitalization by $12.9 million, assuming that the tax withholding rate remains the same, that the number of shares of Class A common stock offered by us, as set forth on the cover page of this prospectus, remains the same, and after deducting underwriting discounts and commissions and estimated offering expenses payable by us in connection with this offering.
(3)

Net of debt discount and issuance costs, other than for the Bridge Notes.

The number of shares of our Class A common stock and Class B common stock that will be outstanding after this offering is based on no shares of our Class A common stock and 152,433,785 shares of our Class B common stock (including shares of our redeemable convertible preferred stock and convertible founders stock on an as-converted basis and after giving effect to the RSU Net Settlement) outstanding as of January 31, 2024, and excludes:

 

   

3,185,020 shares of Class B common stock issuable upon the exercise of stock options outstanding as of January 31, 2024, with a weighted-average exercise price of $6.23 per share;

 

   

8,000,000 shares of Class B common stock issuable upon the exercise of a stock option to be granted to an executive officer immediately prior to the effectiveness of the registration statement of which this prospectus forms a part, which will be subject to market-based conditions, with an exercise price equal to the initial public offering price per share set forth on the cover page of this prospectus (see the section titled “Executive Compensation” for additional information on the market-based conditions);

 

   

29,296,462 shares of Class B common stock issuable upon the vesting and settlement of RSUs, outstanding as of the date of this prospectus subject to service-based, market-based and/or performance-based conditions, for which (i) the service-based condition or market-based condition, as applicable, was not satisfied as of such date and (ii) the performance-based condition, if applicable, and will not be satisfied prior to the effectiveness of the registration statement of which this prospectus forms a part and (ii) the performance-based condition, if applicable, will be satisfied upon the effectiveness of the registration statement of which this prospectus forms a part;

 

   

1,354,671 shares of our Class A common stock that we have reserved and may issue and donate in the future to fund our social impact and environmental, social, and governance initiatives, as more fully described in the section titled “Business—Social Responsibility and Community Initiatives”;

 

   

86,426,166 shares of our common stock reserved for future issuance under our 2024 Plan, which will become effective upon the effectiveness of the registration statement of which this prospectus forms a part, including 44,417,163 new shares and the number of shares (not to exceed 42,009,003 shares) (i) that remain available for grant of future awards under our 2014 Plan at the time the 2024 Plan becomes effective, which shares will cease to be available for issuance under the 2014 Plan at such time, and (ii) any shares underlying outstanding stock awards granted under our 2014 Plan that expire, or are forfeited, cancelled, withheld, or reacquired; and

 

83


Table of Contents
   

4,607,303 shares of Class A common stock reserved for future issuance under our 2024 ESPP, which will become effective in connection with this offering.

Our 2024 Plan and 2024 ESPP provide for annual automatic increases in the number of shares reserved thereunder. See the section titled “Executive Compensation—Employee Benefit and Stock Plans” for additional information.

 

84


Table of Contents

DILUTION

If you invest in our Class A common stock in this offering, your ownership interest will be immediately diluted to the extent of the difference between the initial public offering price per share of Class A common stock and the pro forma as adjusted net tangible book value per share of Class A common stock immediately after this offering.

Our historical net tangible book deficit as of January 31, 2024 was $(1,722.2) million, or $(28.11) per share of common stock. Historical net tangible book deficit represents the amount of our total tangible assets less our total liabilities and redeemable convertible preferred stock, divided by the number of shares of common and convertible founders stock outstanding as of January 31, 2024.

Our pro forma net tangible book deficit as of January 31, 2024 was $(1,387.3) million, or $(9.10) per share. Pro forma net tangible book value per share represents the amount of our total tangible assets less our total liabilities, divided by the number of shares of our common stock outstanding as of January 31, 2024, after giving effect to (i) the automatic conversion of all outstanding shares of our redeemable convertible preferred stock, of which there were 74,182,559 shares outstanding as of January 31, 2024, into an equal number of shares of Class B common stock as if such conversion had occurred on January 31, 2024; (ii) the automatic conversion of all outstanding shares of convertible founders stock, of which there were 5,400,000 shares outstanding as of January 31, 2024, into an equal number of shares of Class B common stock as if such conversion had occurred on January 31, 2024; (iii) the net issuance of 16,988,497 shares of Class B common stock in connection with the RSU Net Settlement, after withholding 12,875,284 shares to satisfy estimated tax withholding and remittance obligations of $379.8 million (based on the assumed initial public offering price of $29.50 per share, the midpoint of the price range set forth on the cover page of this prospectus, and an assumed 44.5% tax withholding rate); (iv) the incurrence of an aggregate principal amount of $304.8 million of Bridge Notes and the use of such borrowed amounts, together with existing cash, cash equivalents, and short-term investments, to pay the estimated tax withholding and remittance obligations in connection with the RSU Net Settlement prior to the closing of this offering; and (v) the $304.8 million net increase in liabilities (without giving effect to $0.3 million in estimated debt issuance costs relating to the Bridge Notes) and the corresponding $379.8 million decrease in additional paid-in capital and $75.0 million net decrease in cash, cash equivalents, and short-term investments resulting from (A) the RSU Net Settlement and related tax withholding and remittance obligations and (B) the subsequent incurrence and use of proceeds from the Bridge Notes, together with existing cash, cash equivalents, and short-term investments, to repay such tax withholding and remittance obligations prior to the closing of this offering.

After giving further effect to (i) our receipt of $639.0 million in estimated net proceeds from the sale and issuance by us of shares of Class A common stock in this offering at an assumed initial public offering price of $29.50 per share, the midpoint of the price range set forth on the cover page of this prospectus, and after deducting underwriting discounts and commissions and estimated offering expenses payable by us (which offering expenses exclude $6.5 million of deferred offering costs that have been previously paid as of January 31, 2024), and (ii) the use of net proceeds from this offering to repay in full the aggregate principal amount of the Bridge Notes, $0.2 million of accrued interest thereon as well as $0.3 million of debt issuance costs relating to the Bridge Notes in connection with the closing of this offering, our pro forma as adjusted net tangible book value as of January 31, 2024 would have been $(747.9) million, or $(4.26) per share. This amount represents an immediate increase in pro forma net tangible book value of $4.84 per share to our existing stockholders and immediate dilution in pro forma as adjusted net tangible book value of approximately $33.76 per share to new investors purchasing shares of Class A common stock in this offering.

Dilution per share to new investors is determined by subtracting pro forma as adjusted net tangible book value per share after this offering from the initial public offering price per share paid by

 

85


Table of Contents

new investors. The following table illustrates this dilution (without giving effect to any exercise by the underwriters of their option to purchase additional shares):

 

Assumed initial public offering price per share

     $ 29.50  

Historical net tangible book deficit per share as of January 31, 2024

   $ (28.11  

Increase per share attributable to the pro forma adjustments described above

   $ 19.01    
  

 

 

   

Pro forma net tangible book value per share as of January 31, 2024, before giving effect to this offering

   $ (9.10  

Increase in pro forma net tangible book value per share attributable to investors purchasing shares in this offering

   $ 4.84    
  

 

 

   

Pro forma as adjusted net tangible book value per share after this offering

     $ (4.26
    

 

 

 

Dilution in pro forma as adjusted net tangible book value per share to new investors in this offering

     $ 33.76  
    

 

 

 

The dilution information discussed above is illustrative only and may change based on, among other things, the actual initial public offering price and other terms of this offering, the actual tax withholding rates, as well as the actual amount of RSUs settled in connection with this offering. Each $1.00 increase (decrease) in the assumed initial public offering price of $29.50 per share, the midpoint of the price range set forth on the cover page of this prospectus, would increase (decrease) our pro forma as adjusted net tangible book value per share after this offering by approximately $0.05 per share, and increase (decrease) the dilution in the pro forma as adjusted net tangible book value per share to new investors by approximately $0.95 per share, in each case, assuming that the number of shares of Class A common stock offered by us, as set forth on the cover page of this prospectus, remains the same and after deducting underwriting discounts and commissions and estimated offering expenses payable by us. Each increase (decrease) of 1.0 million shares in the number of shares of Class A common stock offered by us would increase (decrease) our pro forma as adjusted net tangible book value per share after this offering by approximately $0.18 per share and increase (decrease) the dilution to investors participating in this offering by approximately $0.18 per share, in each case assuming that the assumed initial public offering price remains the same, and after deducting underwriting discounts and commissions and estimated offering expenses payable by us.

If the underwriters exercise their option to purchase additional shares in full, the pro forma as adjusted net tangible book value after the offering would be $(3.64) per share and the dilution per share to new investors would be $33.14 per share, in each case assuming an initial public offering price of $29.50 per share, the midpoint of the estimated price range set forth on the cover page of this prospectus.

The following table summarizes, on the pro forma as adjusted basis described above, as of January 31, 2024, the differences between the number of shares of our Class B common stock purchased from us by our existing stockholders and our Class A common stock purchased from us by new investors purchasing shares in this offering, the total consideration paid to us in cash, the average price per share paid by existing stockholders for shares of common stock issued prior to this offering, and the price to be paid by new investors for shares of Class A common stock in this offering. The calculation below is based on the assumed initial public offering estimated price of $29.50 per share, the midpoint of the price range set forth on the cover page of the prospectus, before deducting underwriting discounts and commissions and estimated offering expenses payable by us.

 

86


Table of Contents
     Shares Purchased     Total Consideration     Average
Price
per
Share
 
     Number      Percent     Amount
(in millions)
     Percent  

Existing stockholders

     152,433,785        87   $ 762        53   $ 5.00  

New investors

     23,000,000        13     $ 679        47     $ 29.50  
  

 

 

    

 

 

   

 

 

    

 

 

   

Total

     175,433,785        100%     $ 1,441        100%     $ 8.21  
  

 

 

    

 

 

   

 

 

    

 

 

   

If the underwriters exercise their option to purchase additional shares in full, our existing stockholders would own 85%, and the investors purchasing shares of our common stock in this offering would own 15% of the total number of shares of our Class A common stock outstanding immediately after the closing of this offering.

The number of shares of our Class A common stock and Class B common stock that will be outstanding after this offering is based on no shares of our Class A common stock and 152,433,785 shares of our Class B common stock (including shares of our redeemable convertible preferred stock and convertible founders stock on an as-converted basis and after giving effect to the RSU Net Settlement) outstanding as of January 31, 2024, and excludes:

 

   

3,185,020 shares of Class B common stock issuable upon the exercise of stock options outstanding as of January 31, 2024, with a weighted-average exercise price of $6.23 per share;

 

   

8,000,000 shares of Class B common stock issuable upon the exercise of a stock option to be granted to an executive officer immediately prior to the effectiveness of the registration statement of which this prospectus forms a part, which will be subject to market-based conditions, with an exercise price equal to the initial public offering price per share set forth on the cover page of this prospectus (see the section titled “Executive Compensation” for additional information on the market-based conditions);

 

   

29,296,462 shares of Class B common stock issuable upon the vesting and settlement of RSUs outstanding as of the date of this prospectus, for which (i) the service-based condition or market-based condition, as applicable, was not satisfied as of such date and (ii) the performance-based condition, if applicable, will be satisfied upon the effectiveness of the registration statement of which this prospectus forms a part;

 

   

1,354,671 shares of our Class A common stock that we have reserved and may issue and donate in the future to fund our social impact and environmental, social, and governance initiatives, as more fully described in the section titled “Business—Social Responsibility and Community Initiatives”;

 

   

86,426,166 shares of our common stock reserved for future issuance under our 2024 Plan, which will become effective upon the effectiveness of the registration statement of which this prospectus forms a part, including 44,417,163 new shares and the number of shares (not to exceed 42,009,003 shares) (i) that remain available for grant of future awards under our 2014 Plan at the time the 2024 Plan becomes effective, which shares will cease to be available for issuance under the 2014 Plan at such time, and (ii) any shares underlying outstanding stock awards granted under our 2014 Plan that expire, or are forfeited, cancelled, withheld, or reacquired; and

 

   

4,607,303 shares of Class A common stock reserved for future issuance under our 2024 ESPP, which will become effective in connection with this offering.

Our 2024 Plan and 2024 ESPP provide for annual automatic increases in the number of shares reserved thereunder. See the section titled “Executive Compensation—Employee Benefit and Stock Plans” for additional information.

To the extent any outstanding options are exercised, or any outstanding RSUs settle, or new stock options or RSUs are issued under our equity incentive plans, or we issue additional equity or convertible

 

87


Table of Contents

debt securities in the future, there will be further dilution to investors participating in this offering. If all outstanding options and RSUs under our 2014 Plan as of the date of this prospectus were exercised or settled, then our existing stockholders, including the holders of these securities would own approximately 89% and our new investors would own approximately 11% of the total number of shares of our Class A common stock and Class B common stock outstanding on the closing of this offering. In addition, we may choose to raise additional capital because of market conditions or strategic considerations, even if we believe that we have sufficient funds for our current or future operating plans. If we raise additional capital through the sale of equity or convertible debt securities, the issuance of these securities could result in further dilution to our stockholders.

 

88


Table of Contents

MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION

AND RESULTS OF OPERATIONS

The following discussion and analysis of our financial condition and results of operations should be read in conjunction with the section titled “Summary Consolidated Financial and Other Data,” and the consolidated financial statements and related notes included elsewhere in this prospectus. Some of the information contained in this discussion and analysis, including information with respect to our planned investments in our research and development, sales and marketing, and general and administrative functions, includes forward-looking statements that involve risks and uncertainties. You should review the sections titled “Special Note Regarding Forward-Looking Statements” and “Risk Factors” for a discussion of forward-looking statements and important factors that could cause actual results to differ materially from the results described in or implied by the forward-looking statements contained in the following discussion and analysis. Our fiscal year end is January 31, and our fiscal quarters end on April 30, July 31, October 31, and January 31. References to fiscal 2023 and fiscal 2024, for example, refer to the fiscal years ended January 31, 2023 and January 31, 2024, respectively.

Overview

We are on a mission to secure the world’s data.

Cyberattacks are inevitable. Realizing that cyberattacks ultimately target data, we created Zero Trust Data Security to deliver cyber resilience so that organizations can secure their data across the cloud and recover from cyberattacks. We believe that the future of cybersecurity is data security—if your data is secure, your business is resilient.

We built Rubrik Security Cloud, or RSC, with Zero Trust design principles to secure data across enterprise, cloud, and SaaS applications. RSC delivers a cloud native SaaS platform that detects, analyzes, and remediates data security risks and unauthorized user activities. Our platform is architected to help organizations achieve cyber resilience, which encompasses cyber posture and cyber recovery. We enable organizations to confidently accelerate digital transformation and leverage the cloud to realize business agility.

 

89


Table of Contents

LOGO

We launched our first enterprise software product, Converged Data Management, in fiscal 2016, which combined data and metadata together into a single layer of software to offer Zero Trust data protection, and sold it as a perpetual license along with associated maintenance contracts. Our early customers deployed Converged Data Management as a self-managed platform on our Rubrik-branded commodity servers, or Rubrik-branded Appliances, purchased from us to protect their enterprise data across hybrid cloud environments.

 

LOGO

In fiscal 2019, we extended data protection to cloud native applications and rebranded Converged Data Management to Cloud Data Management, or CDM. Data protection for cloud native applications are sold as a SaaS subscription product. In addition, we began offering new SaaS subscription products, Ransomware Monitoring & Investigation (now known as Anomaly Detection), and Sensitive Data Monitoring & Management (now known as Sensitive Data Monitoring). In fiscal 2020, we continued our business evolution to a subscription pricing model by offering our CDM

 

90


Table of Contents

platform as a subscription term-based license with associated support. Included in this subscription term-based license was the right to next generation Rubrik-branded Appliances at no cost for qualified customers, which we refer to as Refresh Rights. As of February 1, 2022, we generally stopped offering CDM as a perpetual license.

 

LOGO

In fiscal 2023, to meet customer demands for data security and a single, unified cloud-based control plane, we launched RSC, a comprehensive Zero Trust Data Security platform. RSC culminates our early vision of providing one point of control to secure data across enterprise, cloud, and SaaS applications. RSC is primarily adopted by our customers as a cloud-native, fully managed SaaS solution. It is also available as an enterprise-ready, self-managed version, or RSC-Private, for a few select customers that are subject to stringent data control policies. For U.S. public sector organizations, we also offer a specialized cloud-native fully managed SaaS solution called RSC-Government. We continued to innovate in our security product portfolio on the RSC platform by releasing Threat Hunting, Threat Containment, and Cyber Recovery, in addition to previously released subscription products Anomaly Detection (formerly known as Ransomware Monitoring Investigation) and Sensitive Data Monitoring (formerly known as Sensitive Data Monitoring & Management).

We began transitioning customers from our legacy CDM capabilities to RSC in fiscal 2023, all of which are subscription-based offerings. As part of this business transition, we began transitioning the sale of Rubrik-branded Appliances from us to our contract manufacturers and stopped offering the Refresh Rights as part of our subscription offerings. In lieu of the outstanding Refresh Rights, upon qualification, we offer Subscription Credits, with an associated expiration date, which, if utilized, will offset against Subscription ARR and revenue. As of the end of fiscal 2024, RSC represented a majority of our total revenue.

We recognize revenue from the sales of our RSC platform (excluding RSC-Private) ratably over the term of the subscription. We recognize a portion of revenue from sales of RSC-Private upon delivery and the remainder ratably over the term of the subscription. The majority of sales of our subscriptions are for three-year terms with upfront payment, and renewals are typically for one-year terms.

 

91


Table of Contents

LOGO

We expect new and existing customers to increasingly adopt RSC. As such, sales of RSC contributed to the majority of our subscription revenue at the end of fiscal 2024. Our new customers have generally been rapidly adopting the RSC platform. We are actively migrating our existing customers from our legacy CDM capabilities to RSC. As part of this migration, we expect certain existing customers, to consume our platform and products through a mix of RSC and a transitional CDM license, or CDM-T, during which time we expect to continue recognizing a portion of the associated revenue from these customers upfront at the time we transfer control of the license to the customer. We cannot predict how long these customers will use this mix before they complete their transition. Our revenue will fluctuate when qualified customers choose to exercise or forfeit their Subscription Credits upon expiry date which are customer options that are accounted for as material rights. Due to the ratable revenue recognition related to new and existing customer adoption of RSC and the impact of the Subscription Credits, we believe our subscription revenue growth will fluctuate through fiscal 2027, depending in part on the timing of completing the migration of existing customers to RSC. See the risk factor titled, “We expect our revenue mix and certain business factors to impact the amount of revenue recognized period to period, which could make period-to-period revenue comparisons not meaningful and difficult to predict” in the section titled “Risk Factors.”

As part of our business transition, we expect our maintenance revenue to continue to decrease as we generally no longer offer new perpetual licenses. In addition, we are converting existing maintenance customers into subscription customers as their maintenance contracts come up for renewal. We expect the conversion of maintenance contracts to subscription offerings to be largely completed by the end of fiscal 2026.

 

92


Table of Contents

We expect our other revenue to decrease as a percentage of total revenue as we transition the sale of Rubrik-branded Appliances from us to our contract manufacturers and generally no longer offer perpetual licenses.

The trends described above are a result of our business transition which will cause fluctuations to our total revenue growth through fiscal 2027 and limit the comparability of our revenue with past performance. As a result, we measure the success of our business on the basis of Subscription ARR. Subscription ARR illustrates our success in acquiring new subscription customers and maintaining and expanding our relationships with existing subscription customers.

Our total revenue increased from $599.8 million in fiscal 2023 to $627.9 million in fiscal 2024. Our Subscription ARR grew from $532.9 million as of January 31, 2023 to $784.0 million as of January 31, 2024, representing a 47% increase. Of the 47% increase, approximately four percentage points are a result of transitioning our existing maintenance customers to our subscription editions. In addition, as customers experience the benefits of our platform, they typically expand their usage significantly, as evidenced by our average subscription dollar-based net retention rate of 133% as of January 31, 2024.

As a result of our business transition and resulting fluctuations to revenue, we expect our net income (losses) to fluctuate through fiscal 2027 and limit the comparability of our net income (losses) with past performance. In fiscal 2023 and fiscal 2024, we incurred net losses of $(277.7) million and $(354.2) million, respectively. In fiscal 2023 and fiscal 2024, operating cash flow was $19.3 million and $(4.5) million, respectively, and free cash flow was $(15.0) million and $(24.5) million, respectively.

Our Go-to-Market Strategy

RSC is primarily adopted by our customers as a cloud-native, fully managed, SaaS solution. For select customers in highly regulated industries subject to stringent data control policies, we offer RSC-Private as an enterprise-ready, self-managed version. Both versions of our platform include various products built on top of RSC that, in combination, help organizations achieve business resilience against cyberattacks, malicious insiders, and operational disruptions.

Our platform can be purchased in three subscription editions. Our various editions include a combination of products across data sources (enterprise, cloud, and SaaS applications). We price our subscription editions primarily based on edition tier and data volume. Our subscription editions are as follows:

 

   

Foundation Edition. Keeps data secure and recoverable from cyberattacks and operational failures.

 

   

Business Edition. Builds upon Foundation Edition by proactively monitoring for ransomware.

 

   

Enterprise Edition. Builds upon Business Edition by continuously monitoring data risk and orchestrating cyber recovery.

 

93


Table of Contents

LOGO

We primarily sell subscriptions of RSC through our global sales team and partner network, where we target the largest organizations worldwide to mid-sized organizations. We also sell to smaller customers through a high-velocity engagement model driven by our inside sales team. Our platform’s broad capability allows us to serve organizations of all sizes across a wide range of industries and geographies. We are trusted by some of the world’s largest organizations and brands to protect their data.

We utilize a land and expand approach, acquiring new customers and expanding with existing customers. We sell our products through subscription editions and can land in four distinct ways by securing private cloud (which we refer to as enterprise), enterprise NAS(1) (which we refer to as unstructured data), cloud, and SaaS applications. After the initial purchase, our customers often expand the adoption of our platform within their organization. Expansion happens along three vectors: the growth of data from applications already secured by Rubrik, new applications secured, and additional data security products. This expansion is driven by a natural flywheel effect in which the value of our platform increases as our customers’ data grows across various applications. As organizations manage more data with RSC and adopt additional data security products, they gain deeper insights into their data, strengthen their overall security posture, and reduce compliance risk, thereby increasing their overall affinity with Rubrik and driving further adoption.

Key Factors Affecting Our Performance

Evolution of the Market and Adoption of Our Solutions

Our future success depends in part on the market adoption of our approach to Zero Trust Data Security. Many organizations have focused on preventing cyberattacks instead of protecting their data and having a plan to recover it in case of a cyberattack. We believe that the existing security ecosystem lacks a data security platform that will secure a customer’s data, wherever it lives, across enterprise, cloud, and SaaS applications. RSC is our Zero Trust Data Security platform that addresses the growing demand from organizations of virtually any size, across a wide range of industries, to address data security and cyberattack risks. As the data security market continues to evolve, we expect to continuously innovate our platform and product functionality to keep us in a strong position to capture the large opportunity ahead.

 

(1) 

Network-Attached Storage.

 

94


Table of Contents

New Customer Acquisition

Our business model relies on rapidly and efficiently engaging with new customers. Our ability to attract new customers will depend on a number of factors, including our ability to innovate upon our product breadth and capabilities, our success in recruiting and scaling our sales and marketing organization, our ability to accelerate ramp time of our sales force, our ability to develop and maintain strong partnerships, the impact of marketing efforts to enhance our brand, and competitive dynamics in our target markets. We have seen our customer count grow to over 6,100 as of January 31, 2024 from over 5,000 as of January 31, 2023.

Retaining and Expanding Within Our Existing Customer Base

Our ability to retain customers and expand within existing customers is integral to our growth and future success. Our growing base of customers represents a significant opportunity for further expansion across our platform. Our customers typically start with securing data in one or more applications on our platform, and then expand by securing additional applications and increasing the amount of data secured. They further extend their use of our platform through adoption of additional security products. Several of our largest customers have deployed our platform to protect enterprise, unstructured data, cloud, and SaaS applications, securing large amounts of their data. Our ability to expand and extend within our customer base will depend on a number of factors, including platform performance, our customers’ satisfaction with our platform, competitive offerings, pricing, overall changes in our customers’ spending levels, and the effectiveness of our efforts to help our customers realize the benefits of our platform.

Key Business Metrics

We monitor the following key business metrics to help us evaluate our business.

Subscription ARR

Subscription ARR is calculated as the annualized value of our active subscription contracts as of the measurement date, assuming any contract that expires during the next 12 months is renewed on existing terms. Subscription contracts include offerings for our RSC platform and related SaaS products, term-based licenses for our RSC-Private platform and related products, prior sales of CDM sold as a subscription term-based license with associated support and related SaaS products, and standalone sales of our SaaS subscription products like Ransomware Monitoring & Investigation (now known as Anomaly Detection) and Sensitive Data Monitoring & Management (now known as Sensitive Data Monitoring). We believe Subscription ARR illustrates our success in acquiring new subscription customers and maintaining and expanding our relationships with existing subscription customers.

The following table sets forth our Subscription ARR as of the dates presented:

 

     January 31,  
        2023           2024     
     (in thousands, except percentages)  

Subscription ARR

   $   532,929     $   784,029  

% growth

     96     47

Subscription ARR does not include any maintenance revenue associated with perpetual licenses, which we generally no longer offer. Of the 96% and 47% growth, approximately 17 percentage points and four percentage points of growth for fiscal 2023 and fiscal 2024, respectively, were a result of transitioning our existing maintenance customers to our subscription editions.

 

95


Table of Contents

Cloud Annual Recurring Revenue, or Cloud ARR

Cloud ARR is calculated as the annualized value of our active cloud-based subscription contracts as of the measurement date, based on our customers’ total contract value and, assuming any contract that expires during the next 12 months is renewed on existing terms. Our cloud-based subscription contracts include RSC and RSC-Government (excluding RSC-Private) and SaaS subscription products like Ransomware Monitoring & Investigation (now known as Anomaly Detection) and Sensitive Data Monitoring & Management (now known as Sensitive Data Monitoring). Cloud ARR also includes SaaS subscription products like Ransomware Monitoring & Investigation (now known as Anomaly Detection) and Sensitive Data Monitoring & Management (now known as Sensitive Data Monitoring) sold standalone or with prior sales of term-license offerings of CDM. We believe that Cloud ARR provides important information on new and existing customers purchasing new RSC subscription offerings and existing subscription term-based license customers renewing with RSC subscription offerings. Sales of RSC contributed the majority of our subscription revenue by the end of fiscal 2024.

The following table sets forth our Cloud ARR as of the dates presented:

 

     January 31,  
      2023              2024   
     (in thousands)  

Cloud ARR

   $ 239,198        $ 524,767  

% Growth

     229        119

 

 

LOGO

 

96


Table of Contents

Average Subscription Dollar-Based Net Retention Rate

Our average subscription dollar-based net retention rate compares our Subscription ARR from the same set of subscription customers across comparable periods. We calculate our average subscription dollar-based net retention rate by first identifying subscription customers, or the Prior Period Subscription Customers, which were subscription customers at the end of a particular quarter, or the Prior Period. We then calculate the Subscription ARR from these Prior Period Subscription Customers at the end of the same quarter of the subsequent year, or the Current Period. This calculation captures upsells, contraction, and attrition since the Prior Period. We then divide total Current Period Subscription ARR by the total Prior Period Subscription ARR for Prior Period Subscription Customers. Our average subscription dollar-based net retention rate in a particular quarter is obtained by averaging the result from that particular quarter with the corresponding results from each of the prior three quarters. We believe that our average subscription dollar-based net retention rate provides useful information about the evolution of our existing customers as they expand through the increase of data from applications we already secure, new applications for us to secure, additional data security products, and conversion of our recurring revenue related to maintenance contracts into subscription revenue.

The following table sets forth our Average Subscription Dollar-Based Net Retention Rate as of the dates presented:

 

     January 31,  
      2023              2024   

Average Subscription Dollar-Based Net Retention Rate

     150        133

Customers with $100,000 or More in Subscription ARR

We believe that customers with $100,000 or more in Subscription ARR is a helpful metric in measuring our ability to scale with our customers and the success of our ability to acquire large customers. Additionally, we believe that our ability to increase the number of customers with $100,000 or more in Subscription ARR is a useful indicator of our market penetration and demand for our platform. As of January 31, 2024, the number of customers with $100,000 or more in Subscription ARR accounted for 80% of total Subscription ARR.

The following table sets forth the number of customers with $100,000 or more in Subscription ARR as of the dates presented:

 

            January 31,  
             2023              2024   

Customers with $100,000 or more in Subscription ARR

        1,204          1,742  

% growth

        92        45

Additionally, as of January 31, 2018, 2019, 2020, 2021, and 2022 the number of customers generating more than $100,000 in Subscription ARR was 1, 23, 137, 309, and 628, respectively.

Non-GAAP Financial Measures

We believe that non-GAAP financial measures, when taken collectively, may be helpful to investors because they provide consistency and comparability with past financial performance. However, non-GAAP financial measures are presented for supplemental informational purposes only, have limitations as an analytical tool, and should not be considered in isolation or as a substitute for financial information presented in accordance with GAAP. Other companies, including companies in our industry, may calculate similarly titled non-GAAP financial measures differently or may use other measures to evaluate their performance, all of which could reduce the usefulness of our non-GAAP

 

97


Table of Contents

financial measures as tools for comparison. A reconciliation is provided below for each non-GAAP financial measure to the most directly comparable financial measure stated in accordance with GAAP. Investors are encouraged to review the related GAAP financial measures and the reconciliation of these non-GAAP financial measures to their most directly comparable GAAP financial measures, and not to rely on any single financial measure to evaluate our business.

Free Cash Flow

Free cash flow is a non-GAAP financial measure that we calculate as net cash provided by (used in) operating activities less cash used for purchases of property and equipment and capitalized internal-use software. We believe that free cash flow is a helpful indicator of liquidity that provides information to management and investors about the amount of cash generated or used by our operations that, after the investments in property and equipment and capitalized internal-use software, can be used for strategic initiatives, including investing in our business and strengthening our financial position. One limitation of free cash flow is that it does not reflect our future contractual commitments. Additionally, free cash flow is not a substitute for cash used in operating activities and the utility of free cash flow as a measure of our liquidity is further limited as it does not represent the total increase or decrease in our cash balance for a given period.

Free cash flow was $(103.2) million, $(15.0) million, and $(24.5) million for fiscal year ended January 31, 2022, or fiscal 2022, fiscal 2023, and fiscal 2024, respectively. In fiscal 2023, the increase in new customer commitments, which were mostly paid upfront, and efficiency gains in our cost structure drove significant improvements in our free cash flow. In addition, as we transitioned sales of Rubrik-branded Appliances from us to contract manufacturers, our fulfillment cycles were shortened. Shortened fulfillment cycles positively impacted our free cash flow which may not continue in future periods. In the longer term, we view continued Subscription ARR growth and our multi-year cash collection as drivers of free cash flow. While we continue to see the majority of our customers pay us for new multi-year commitments upfront, in fiscal 2024, we have experienced an increase in annual and consumption payments due to the growth in our SaaS products and uncertain macroeconomic environment. See the risk factor titled “We expect fluctuations in our financial results, making it difficult to project future results, and if we fail to meet the expectations of securities analysts or investors with respect to our results of operations, our stock price and the value of your investment could decline” in the section titled “Risk Factors.” This trend, when combined with changes in new business growth, may result in free cash flow volatility across periods. Additionally, free cash flow does not represent the total increase or decrease in our cash balance for a given period.

The following table presents a reconciliation of free cash flow to net cash provided by (used in) operating activities for the periods presented:

 

     Year Ended January 31,  
        2022           2023           2024     
     (in thousands)  

Net cash provided by (used in) operating activities

   $ (82,785   $ 19,287     $ (4,518

Less: Purchase of property and equipment

     (14,986     (25,017     (12,333

Less: Capitalized internal-use software

     (5,463     (9,281     (7,675
  

 

 

   

 

 

   

 

 

 

Free cash flow

   $  (103,234   $ (15,011   $ (24,526
  

 

 

   

 

 

   

 

 

 

Net cash provided by (used in) investing activities

   $  8,417     $  (125,188   $  (93,623

Net cash provided by financing activities

   $  22,872     $ 171,823     $ 95,949  

Subscription ARR Contribution Margin

We define Subscription ARR Contribution Margin, a non-GAAP financial measure, as the Subscription ARR Contribution (as defined below) divided by Subscription ARR at the end of the period. We define

 

98


Table of Contents

Subscription ARR Contribution as Subscription ARR at the end of the period less: (i) our non-GAAP subscription cost of revenue and (ii) our non-GAAP operating expenses for the prior 12-month period ending on that date. In fiscal 2023, we began transitioning customers from our legacy CDM capabilities to our subscription-based RSC offerings. As a result of differing revenue recognition treatment between CDM and RSC, this business transition will cause fluctuations to our total revenue growth and limit the comparability of our revenue with past performance. As a result, we measure the performance of our business on the basis of Subscription ARR. We believe that Subscription ARR Contribution Margin is a helpful indicator of operating leverage during this business transition. One limitation of Subscription ARR Contribution Margin is that the factors that impact Subscription ARR will vary from those that impact subscription revenue and, as such, may not provide an accurate indication of our actual or future GAAP results. Additionally, the historical expenses in this calculation may not accurately reflect the costs associated with future commitments.

Subscription ARR Contribution Margin was (117)%, (38)%, and (12)% for fiscal 2022, fiscal 2023, and fiscal 2024, respectively. The increase in Subscription ARR Contribution Margin was primarily driven by the strong year-over-year growth in Subscription ARR, compared to year-over-year growth in non-GAAP subscription costs of sales and non-GAAP operating expenses. We believe that this increase in Subscription ARR Contribution Margin reflects increased operating leverage in our business.

The following table presents the calculation of Subscription ARR Contribution Margin for the periods presented as well as a reconciliation of (i) non-GAAP subscription cost of revenue to cost of revenue and (ii) non-GAAP operating expenses to operating expenses.

 

     Year Ended January 31,  
     2022     2023     2024  
     (in thousands, except percentages)  

GAAP subscription cost of revenue

   $ 32,385     $ 62,294     $ 97,927  

Amortization of acquired intangibles

     (944     (822     (1,676

Stock-based compensation expense

     (1,175     (53     (45

Stock-based compensation from amortization of capitalized internal-use software

     (261     (287     (153
  

 

 

   

 

 

   

 

 

 

Non-GAAP subscription cost of revenue

   $ 30,005     $ 61,132     $ 96,053  

GAAP operating expenses

   $ 602,975     $ 679,353     $ 789,436  

Stock-based compensation expense

     (42,590     (6,727     (5,652
  

 

 

   

 

 

   

 

 

 

Non-GAAP operating expenses

   $ 560,385     $ 672,626     $ 783,784  

Subscription ARR

   $ 271,735     $ 532,929     $ 784,029  

Non-GAAP subscription cost of revenue

     (30,005     (61,132     (96,053

Non-GAAP operating expenses

     (560,385     (672,626     (783,784
  

 

 

   

 

 

   

 

 

 

Subscription ARR Contribution

   $ (318,655   $ (200,829   $ (95,808

Subscription ARR Contribution Margin

     (117 )%      (38 )%      (12)%  

Components of Results of Operations

Revenue

We generate revenue primarily from sales of subscriptions and typically invoice our customers at the inception of the contract. We previously sold perpetual licenses for our CDM product, which we generally no longer offer.

We expect new and existing customers to increasingly purchase subscriptions of RSC, which is recognized ratably over the term of the subscription. Our revenue will fluctuate based on the timing for transitioning our existing customers to RSC and when qualified customers choose to exercise or forfeit

 

99


Table of Contents

their customer options that are accounted for as material rights. These expected trends, when combined with the transition of the sale of Rubrik-branded Appliances from us to our contract manufacturers, will limit and cause fluctuations to our revenue growth through fiscal 2027. We primarily measure our business on the basis of Subscription ARR, as we believe it best reflects our actual growth and our growth prospects.

Subscription Revenue

Our subscription revenue consists of SaaS subscriptions and subscription term-based licenses with related support services.

SaaS includes SaaS subscription products like Ransomware Monitoring & Investigation (now known as Anomaly Detection) and Sensitive Data Monitoring & Management (now known as Sensitive Data Monitoring) sold standalone or with prior sales of term-license offerings of CDM prior to the launch of the RSC platform as well as sales of RSC. RSC is offered as a fully-hosted subscription or a hybrid cloud subscription. RSC is a fully-hosted subscription in the case of protection of cloud, SaaS and unstructured data applications. When RSC is securing enterprise applications, it is a hybrid cloud subscription which includes software hosted from the cloud (as a service) and an on-premise license for securing enterprise applications. The hybrid cloud subscription is accounted for as a single performance obligation because the software hosted from the cloud (as a service) and the on-premise software licenses are not separately identifiable and serve together to fulfill our promise to the customer, which is to provide a single, unified data security solution. Our subscription capabilities are primarily sold as editions which bundle multiple products into our Foundation Edition, Business Edition, and Enterprise Edition. Subscription revenue related to SaaS is recognized ratably over the subscription period.

Subscription term-based licenses provide our customer with a right to use the software for a fixed term commencing upon delivery of the license to our customer. Support services are bundled with each subscription term-based license for the term of the subscription. Subscription revenue related to subscription term-based licenses includes upfront revenue recognized at the later of the start date of the subscription term-based license and the date when the subscription term-based license is delivered. The remainder of the revenue is recognized ratably over the subscription period for support services, commencing with the date the service is made available to customers.

As customers continue to adopt or transition to RSC, we expect the ratable portion of our subscription revenue to increase. We expect certain customers to consume our platform and products through a mix of RSC and CDM-T as they complete the migration, which will result in a recognition of a portion of the associated revenue for these customers upfront. Furthermore, our subscription revenue will also fluctuate when qualified customers choose to exercise or forfeit their customer options that are accounted for as material rights. The combination of both of these factors will limit and cause fluctuations in our subscription revenue growth through fiscal 2027, depending in part on the timing of our existing customers’ transition to RSC.

Maintenance Revenue

Maintenance revenue represents fees earned from software updates on a when-and-if-available basis, telephone support, integrated web-based support, and Rubrik-branded Appliance maintenance relating to our perpetual licenses. Maintenance revenue is recognized ratably over the term of the service period. As we generally no longer offer new perpetual licenses, we expect our maintenance revenue to decrease as we drive adoption of RSC for existing maintenance customers.

Other Revenue

Other revenue represents fees earned from sales of perpetual licenses, Rubrik-branded Appliances, and professional services. We recognize revenue for the amount allocated to the perpetual

 

100


Table of Contents

software license at the later of the license term start date or the date the license is delivered. Revenue for Rubrik-branded Appliances is recognized when shipped to the customer. When we sell our software license with our Rubrik-branded Appliances, revenue for both the Rubrik-branded Appliances and software licenses are recognized at the same time. Revenue related to professional services is typically recognized as the services are performed. In the third quarter of fiscal 2023, we began transitioning the sale of Rubrik-branded Appliances from us to our contract manufacturers. Additionally, we generally no longer offer new perpetual licenses. As a result, we expect other revenue as a percentage of total revenue to decrease over time.

Cost of Revenue

Cost of revenue primarily includes employee compensation and related expenses associated with customer support, certain hosting costs, amortization of capitalized internal-use software, and cost of Rubrik-branded Appliances. In the several quarters following the closing of this offering, we expect to recognize a portion of stock-based compensation related to the equity awards that include a performance-based condition that will be met in connection with this offering. We expect our cost of revenue as a percentage of revenue to increase in the near term due to the stock-based compensation expense that we expect to recognize in connection with this offering and following this offering, but over the long-term, we expect our cost of revenue as a percentage of revenue to decrease as we increasingly transition the sale of Rubrik-branded Appliances from us to our contract manufacturers.

Cost of Subscription Revenue

Cost of subscription revenue primarily includes employee compensation and related expenses associated with customer support for our subscription offerings, certain hosting costs, and amortization of capitalized internal-use software. We expect our cost of subscription revenue to increase as our subscription revenue increases.

Cost of Maintenance Revenue

Cost of maintenance revenue primarily includes employee compensation and related expenses associated with customer support from our perpetual licenses. Over the long-term, as we generally no longer offer new perpetual licenses, we expect our cost of maintenance revenue to decrease as our maintenance revenue decreases.

Cost of Other Revenue

Cost of other revenue primarily includes the cost of Rubrik-branded Appliances and professional services. We expect cost of other revenue as a percentage of total cost of revenue to decrease due to the sales of Rubrik-branded Appliances transitioning from us to our contract manufacturers.

Gross Profit and Margin

Gross profit is revenue less cost of revenue.

Gross margin is gross profit expressed as a percentage of revenue. Our gross margin has been, and will continue to be, affected by a number of factors, including the mix of subscription term-based licenses, SaaS subscriptions, and other products, when qualified customers choose to exercise or forfeit their customer options that are accounted for as material rights, the timing and extent of our investments in our global customer support organization, certain hosting costs, the amortization of capitalized internal-use software, and stock-based compensation expense in periods following this offering. We expect our gross margin to be negatively impacted in the quarter in which we complete

 

101


Table of Contents

this offering due to the stock-based compensation expense that we expect to recognize in connection with this offering and following this offering. Over time, we expect our gross margin to fluctuate due to the factors described above.

Subscription Gross Margin

With increased adoption of RSC, we expect SaaS revenue to increase as a percentage of total revenue, which we expect will result in an increase in associated hosting costs. As customers adopt RSC, we expect our subscription gross margin to fluctuate through fiscal 2027. This is due to the revenue being recognized ratably over the subscription term rather than a portion being recognized upfront from subscription term-based licenses and associated increases in hosting costs for our SaaS solutions.

Maintenance Gross Margin

We expect maintenance revenue to decrease as a percentage of total revenue, which we expect will result in a decrease in maintenance costs. We expect our maintenance margin to fluctuate until the end of fiscal 2026 as maintenance revenue and related costs decline as customers adopt RSC.

Other Gross Margin

We expect sales of Rubrik-branded Appliances to decrease as we transition the sale from us to contract manufacturers, which will result in a decrease in associated Rubrik-branded Appliance costs. We expect our other gross margin to fluctuate through fiscal 2025 as we ceased offering new perpetual licenses and are transitioning the sale of Rubrik-branded Appliances from us to our contract manufacturers.

Operating Expenses

Our operating expenses consist of research and development, sales and marketing, and general and administrative expenses. Personnel costs are the most significant component of operating expenses. We also incur other non-personnel costs such as colocation and certain hosting costs, office space costs, fees for third-party professional services, and costs associated with software and subscription services. In the several quarters following the closing of this offering, we expect to recognize a portion of stock-based compensation related to the equity awards that include a performance-based condition that will be met in connection with this offering. We also expect to incur additional stock-based compensation expense in future periods following this offering as additional equity awards vest. We expect our operating expense as a percentage of revenue to increase in the near term due to the stock-based compensation expense that we expect to recognize in connection with this offering and following this offering, but over the long term, we expect our operating expenses as a percentage of revenue to decrease.

Research and Development

Research and development expenses consist primarily of employee compensation and related expenses, net of capitalized amounts, and colocation and certain hosting costs. To capture share in the ever-growing data security market, we expect to continuously innovate our platform and product functionality and will continue to invest in research and development. We expect our research and development expenses will continue to increase as our business grows. We also expect our research and development expenses as a percentage of revenue to increase in the near term due to the stock-based compensation expense that we expect to recognize in connection with this offering and following this offering, but over the long term, we expect our research and development expenses as a percentage of revenue to decrease.

 

102


Table of Contents

Sales and Marketing

Sales and marketing expenses consist primarily of employee compensation and related expenses including sales commissions, marketing programs, and travel-related costs. We expect our sales and marketing expenses will increase over time and continue to be our largest operating expense for the foreseeable future as we expand our sales force, increase our marketing efforts, and expand into new markets. We also expect our sales and marketing expenses as a percentage of revenue to increase in the near term due to the stock-based compensation expense that we expect to recognize in connection with this offering and following this offering, but over the long term, we expect our sales and marketing expenses as a percentage of revenue to decrease.

General and Administrative

General and administrative expense consists primarily of employee compensation and related expenses for administrative functions, including finance, legal, human resources, information technology, and fees for third-party professional services. Leading up to and following the closing of this offering, we expect to incur additional general and administrative expenses as a result of operating as a public company, including costs to comply with the rules and regulations applicable to companies listed on a national securities exchange, costs related to compliance and reporting obligations, and increased expenses for investor relations and third-party professional services. We also expect that our general and administrative expenses will increase as our business grows. We also expect our general and administrative expenses as a percentage of revenue to increase in the near term due to the stock-based compensation expense that we expect to recognize in connection with this offering and following this offering, but over the long term, we expect our general and administrative expenses as a percentage of revenue to decrease.

Other Non-Operating Income (Expense)

Other non-operating income (expense) consists primarily of interest income, interest expense, and foreign exchange gains and losses.

Income Tax Expense

Income tax expense consists primarily of income taxes in certain foreign jurisdictions in which we conduct business, as well as federal and state income taxes in the United States. We have recorded U.S. federal and state net deferred tax assets for which we provide a full valuation allowance, which includes net operating loss carryforwards and tax credits. We expect to maintain this full valuation allowance for the foreseeable future as it is more likely than not that some or all of those deferred tax assets may not be realized based on our history of losses.

 

103


Table of Contents

Results of Operations

The following tables summarize our consolidated statements of operations data for the periods presented. The period-to-period comparison of results is not necessarily indicative of results for future periods.

 

     Year Ended January 31,  
       2023         2024    
     (in thousands)  

Revenue

    

Subscription

   $  385,272     $  537,869  

Maintenance

     76,220       38,745  

Other

     138,327       51,278  
  

 

 

   

 

 

 

Total revenue

     599,819       627,892  
  

 

 

   

 

 

 

Cost of revenue

    

Subscription(1)

     62,294       97,927  

Maintenance(1)

     15,059       6,472  

Other(1)

     104,661       40,563  
  

 

 

   

 

 

 

Total cost of revenue

     182,014       144,962  
  

 

 

   

 

 

 

Gross profit

     417,805       482,930  

Operating expenses

    

Research and development(1)

     175,057       206,527  

Sales and marketing(1)

     417,542       482,532  

General and administrative(1)

     86,754       100,377  
  

 

 

   

 

 

 

Total operating expenses

     679,353       789,436  
  

 

 

   

 

 

 

Loss from operations

     (261,548     (306,506

Interest income

     5,140       11,216  

Interest expense

     (11,709     (30,295

Other income (expense), net

     (1,033     (1,884
  

 

 

   

 

 

 

Loss before income taxes

     (269,150     (327,469

Income tax expense

     8,596       26,689  
  

 

 

   

 

 

 

Net loss

   $ (277,746   $ (354,158
  

 

 

   

 

 

 

 

(1)

Includes stock-based compensation expense as follows:

 

     Year Ended January 31,  
       2023          2024    
     (in thousands)  

Cost of revenue

     

Subscription

   $ 53      $ 45  

Maintenance

     34        7  

Other

     140        11  

Research and development

     3,044        3,590  

Sales and marketing

     2,399        1,313  

General and administrative

     1,284        749  
  

 

 

    

 

 

 

Total stock-based compensation expense

   $  6,954      $ 5,715  
  

 

 

    

 

 

 

 

104


Table of Contents

The following table sets forth our consolidated statements of operations data expressed as a percentage of revenue for the periods indicated:

 

     Year Ended January 31,  
       2023         2024    

Revenue

    

Subscription

     64     86

Maintenance

     13       6  

Other

     23       8  
  

 

 

   

 

 

 

Total revenue

        100          100  
  

 

 

   

 

 

 

Cost of revenue

    

Subscription

     10       16  

Maintenance

     3       1  

Other

     17       6  
  

 

 

   

 

 

 

Total cost of revenue

     30       23  
  

 

 

   

 

 

 

Gross margin

     70       77  

Operating expenses

    

Research and development

     29       33  

Sales and marketing

     71       77  

General and administrative

     14       16  
  

 

 

   

 

 

 

Total operating expenses

     114       126  
  

 

 

   

 

 

 

Loss from operations

     (44     (49

Interest income

     1       2  

Interest expense

     (2     (5

Other income (expense), net

     —        —   
  

 

 

   

 

 

 

Loss before income taxes

     (45     (52

Income tax expense

     1       4  
  

 

 

   

 

 

 

Net loss

     (46 )%      (56 )% 
  

 

 

   

 

 

 

Comparison of Fiscal 2023 and Fiscal 2024

Revenue

 

     Year Ended January 31,  
       2023          2024    
    

(in thousands)

 

Revenue

     

Subscription

   $  385,272      $  537,869  

Maintenance

     76,220        38,745  

Other

     138,327        51,278  
  

 

 

    

 

 

 

Total revenue

   $  599,819      $  627,892  
  

 

 

    

 

 

 

Subscription revenue increased by $152.6 million, or 40%, in fiscal 2024 as compared to fiscal 2023. Approximately 41% of this increase from fiscal 2024 as compared to fiscal 2023 was from sales to new customers and the remaining increase was attributable to sales to existing customers. Our Subscription ARR grew from $532.9 million as of January 31, 2023 to $784.0 million as of January 31, 2024, representing a 47% increase. Of the increase, approximately four percentage points are a result of transitioning our existing maintenance customers to our subscription editions. A further indication of our ability to expand revenue from existing customers is through our average subscription dollar-based

 

105


Table of Contents

net retention rate which was 133% as of January 31, 2024. We had 1,742 customers with $100,000 or more in Subscription ARR as of January 31, 2024, increasing from 1,204 as of January 31, 2023.

Maintenance revenue associated with sales of perpetual licenses of our legacy CDM product decreased by $37.5 million, or 49%, in fiscal 2024 as compared to fiscal 2023. Maintenance revenue represented 13% and 6% of total revenue for fiscal 2023 and fiscal 2024, respectively. This decrease is a result of generally no longer offering new perpetual licenses as well as existing maintenance customers adopting RSC subscription offerings. We expect this transition to be largely completed by the end of fiscal 2026.

Other revenue, which consists primarily of sales of perpetual licenses, Rubrik-branded Appliances, and professional services, decreased by $87.0 million, or 63%, in fiscal 2024 as compared to fiscal 2023. Sales of Rubrik-branded Appliances and our perpetual licenses decreased by $83.2 million, as we are transitioning our sales of our Rubrik-branded Appliances from us to our contract manufacturers and no longer offer new perpetual licenses. We expect our other revenue as a percentage of total revenue to continue to decrease.

Cost of Revenue

 

     Year Ended January 31,  
       2023          2024    
    

(in thousands)

 

Cost of revenue

     

Subscription

   $ 62,294      $ 97,927  

Maintenance

     15,059        6,472  

Other

     104,661        40,563  
  

 

 

    

 

 

 

Total cost of revenue

   $  182,014      $  144,962  
  

 

 

    

 

 

 

Cost of subscription revenue increased by $35.6 million, or 57%, in fiscal 2024 as compared to fiscal 2023, primarily due to the development and launch of more SaaS products, which resulted in increases of $22.7 million in hosting costs, and the growth in our customer support organization, which resulted in an increase of $8.5 million.

Cost of maintenance revenue decreased by $8.6 million, or 57%, in fiscal 2024 as compared to fiscal 2023, due to a decrease in our customer support organization costs relating to maintenance revenue, as we no longer offer new perpetual licenses and as existing maintenance customers adopt RSC subscription offerings.

Cost of other revenue decreased by $64.1 million, or 61%, in fiscal 2024 as compared to fiscal 2023, as we no longer offer new perpetual licenses and are transitioning the sale of Rubrik-branded Appliances from us to our contract manufacturers.

Gross Profit and Gross Margin

 

     Year Ended January 31,  
       2023          2024    
    

(in thousands)

 

Gross profit

     

Subscription

   $  322,978      $  439,942  

Maintenance

     61,161        32,273  

Other

     33,666        10,715  
  

 

 

    

 

 

 

Total gross profit

   $ 417,805      $ 482,930  
  

 

 

    

 

 

 

 

106


Table of Contents
     Year Ended January 31,  
       2023         2024    

Gross margin

    

Subscription

         84         82

Maintenance

     80       83  

Other

     24       21  

Total gross margin

     70     77

Subscription gross margin decreased to 82% in fiscal 2024 from 84% in fiscal 2023 as revenue became increasingly ratable with customer adoption of our SaaS products and due to increasing hosting costs associated with our development and launch of more SaaS products.

Maintenance gross margin increased to 83% in fiscal 2024 from 80% in fiscal 2023 due to efficiencies from our customer support organization.

Other gross margin decreased to 21% in fiscal 2024 from 24% in fiscal 2023 due to a decrease in sales of perpetual licenses and Rubrik-branded Appliances.

Operating Expenses

Research and Development

 

     Year Ended January 31,  
       2023          2024    
     (in thousands)  

Research and Development

   $  175,057      $  206,527  

Research and development expenses increased by $31.5 million, or 18%, in fiscal 2024 as compared to fiscal 2023. Employee compensation and related expenses increased by $21.2 million due to increases in headcount as we continued to release new products and develop and enhance the functionalities of our existing products. The remainder of the increase was primarily attributable to an increase of $4.5 million in colocation and hosting fees in developing our new and existing products and an increase of $3.6 million of software and subscription services.

Sales and Marketing

 

     Year Ended January 31,  
       2023          2024    
     (in thousands)  

Sales and marketing

   $  417,542      $  482,532  

Sales and marketing expenses increased by $65.0 million, or 16%, in fiscal 2024 as compared to fiscal 2023. Employee compensation and related expenses increased by $47.9 million due to increases in headcount. The remainder of the increase was primarily attributable to increased marketing and pipeline generation activities of $4.9 million, travel and entertainment related expenses of $2.5 million, and software and subscription services of $2.3 million.

 

107


Table of Contents

General and Administrative

 

     Year Ended January 31,  
       2023          2024    
     (in thousands)  

General and administrative

   $    86,754      $    100,377  

General and administrative expenses increased by $13.6 million, or 16%, in fiscal 2024 as compared to fiscal 2023. Employee compensation and related expenses increased by $3.7 million due to increases in headcount. The remainder of the increase was primarily attributable to increased third-party professional services.

Other Non-Operating Income (Expense)

 

     Year Ended January 31,  
       2023         2024    
     (in thousands)  

Interest income

     $    5,140       $   11,216  

Interest expense

     (11,709     (30,295

Other income (expense), net

        (1,033        (1,884

Interest income increased by $6.1 million in fiscal 2024 as compared to fiscal 2023 due to higher cash, cash equivalents, and investment balances and higher interest rates.

Interest expense increased by $18.6 million in fiscal 2024 as compared to fiscal 2023 due to our Existing and Amended Credit Facilities (as defined in the subsection titled “—Liquidity and Capital Resources”).

Income Tax Expense

 

     Year Ended January 31,  
       2023          2024    
     (in thousands)  

Income tax expense

   $     8,596      $    26,689  

Our income tax expense increased by $18.1 million, or 210%, in fiscal 2024 as compared to fiscal 2023, primarily due to an increase in our uncertain tax positions related to the Laminar acquisition and the integration of its operations as well as a waiver of certain deductions. Our effective tax rate may fluctuate significantly on a quarterly basis and could be adversely affected to the extent that earnings are lower than anticipated in countries that have lower statutory tax rates and higher than anticipated in countries that have higher statutory tax rates. In addition, tax authorities may challenge our transfer pricing policies, resulting in a higher effective tax rate.

 

108


Table of Contents

Quarterly Results of Operations

The following tables set forth our unaudited quarterly consolidated statements of operations data for each of the quarters indicated as well as the percentage that each line item represents of our total revenue for each quarter presented. The information for each quarter has been prepared on a basis consistent with our audited consolidated financial statements included in this prospectus and reflect, in the opinion of management, all adjustments of a normal, recurring nature that are necessary for a fair presentation of the financial information contained in those statements. Our historical results are not necessarily indicative of the results that may be expected in the future. The following quarterly financial data should be read in conjunction with our consolidated financial statements included elsewhere in this prospectus.

 

    Three Months Ended  
    April 30,
2022
    July 31,
2022
    October 31,
2022
    January 31,
2023
    April 30,
2023
    July 31,
2023
    October 31,
2023
    January 31,
2024
 

Revenue

               

Subscription

  $ 77,994     $ 105,480     $ 103,363     $  98,435     $  108,398     $  127,456       $ 143,363     $  158,652  

Maintenance

    21,856       20,850       18,219       15,295       12,288       10,594       8,979       6,884  

Other

    32,300       40,894       43,148       21,985       15,054       13,485       13,262       9,477  
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total revenue

    132,150       167,224       164,730       135,715       135,740       151,535       165,604       175,013  
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Cost of revenue

               

Subscription

    11,664       13,744       17,363       19,523       21,637       23,204       22,697       30,389  

Maintenance

    4,625       4,277       3,355       2,802       2,271       1,749       1,398       1,054  

Other

    24,468       31,073       33,361       15,759       11,983       10,437       9,613       8,530  
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total cost of revenue

    40,757       49,094       54,079       38,084       35,891       35,390       33,708       39,973  
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Gross profit

    91,393       118,130       110,651       97,631       99,849       116,145       131,896       135,040  
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Operating expenses

               

Research and development

    42,409       43,778       43,411       45,459       46,266       49,762       51,372       59,127  

Sales and marketing

    93,424       111,515       104,823       107,780       115,362       117,615       120,847       128,708  

General and administrative

    21,095       20,976       21,579       23,104       22,817       22,288       24,956       30,316  
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total operating expenses

    156,928       176,269       169,813       176,343       184,445       189,665       197,175       218,151  
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Loss from operations

    (65,535     (58,139     (59,162     (78,712     (84,596     (73,520     (65,279     (83,111

Interest income

    450       668       1,697       2,325       2,617       2,745       2,934       2,920  

Interest expense

          (2,017     (4,496     (5,196     (5,532     (6,173     (9,006     (9,584

Other income (expense), net

    (140     (345     (245     (303     (554     (1,124     104       (310
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Loss before income taxes

    (65,225     (59,833     (62,206     (81,886     (88,065     (78,072     (71,247     (90,085

Income tax expense

    1,425       2,235       844       4,092       1,208       3,049       15,020       7,412  
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Net loss

  $ (66,650   $ (62,068   $ (63,050   $ (85,978   $ (89,273   $ (81,121   $ (86,267   $ (97,497
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

 

109


Table of Contents

 

Percentage of Revenue Data

 

 

   
    Three Months Ended  
    April 30,
2022
    July 31,
2022
    October 31,
2022
    January 31,
2023
    April 30,
2023
    July 31,
2023
    October 31,
2023
    January 31,
2024
 

Revenue

               

Subscription

    59     63     63     73     80     84     87     91

Maintenance

    17       12       11       11       9       7       5       4  

Other

    24       25       26       16       11       9       8       5  
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total revenue

     100        100        100        100        100        100        100        100  
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Cost of revenue

               

Subscription

      9         8         11         15         15        15       14       17  

Maintenance

    4       2       2       2       2       1       1       1  

Other

    18       19       20       11       9       7       5       5  
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total cost of revenue

    31       29       33       28       26       23       20       23  
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Gross margin

    69       71       67       72       74       77       80       77  
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Operating expenses

               

Research and development

    32       26       26       33       34       33       31       34  

Sales and marketing

    71       67       64       80       85       78       73       73  

General and administrative

    16       13       13       17       17       15       15       17  
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total operating expenses

    119       106       103       130       136       126       119       124  
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Loss from operations

    (50     (35     (36     (58     (62     (49     (39     (47

Interest income

                1       2       1       2       1       1  

Interest expense

          (1     (3     (4     (4     (4     (5     (5

Other income (expense), net

    1                               (1            
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Loss before income taxes

    (49     (36     (38     (60     (65     (52     (43     (51

Income tax expense

    1       1             3       1       2       9       5  
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Net loss

    (50 )%      (37 )%      (38 )%      (63 )%      (66 )%      (54 )%      (52 )%      (56 )% 
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Quarterly Trends in Revenue

Our quarterly subscription revenue increased in each period presented when compared to the results of the same period in the prior year primarily due to increases in the number of new customers as well as retention with existing customers and sales of new products year over year. The RSC adoption by new and existing customers began in the third quarter of fiscal 2023. We recognize revenue from the sales of RSC ratably over the term of the subscription, and sales of RSC contributed to the majority of our subscription revenue by the end of fiscal 2024. Our revenue will fluctuate when qualified customers choose to exercise or forfeit their Subscription Credits upon expiry date, which are customer options that are accounted for as material rights. Both of these factors will drive fluctuations in our subscription revenue through fiscal 2027.

Our quarterly maintenance revenue has declined as we generally no longer offer new perpetual licenses. In addition, we are converting existing maintenance customers into subscription customers as their maintenance contracts come upon renewal. We expect the conversion of maintenance contracts to subscription offerings to be largely completed by the end of fiscal 2026.

Our quarterly other revenue has fluctuated quarter to quarter as we generally no longer offer CDM as a perpetual license. In addition, in the fourth quarter of fiscal 2023, we began the transition of the sale

 

110


Table of Contents

of Rubrik-branded Appliances from us to our contract manufacturers. We expect our other revenue to continue to decrease as a percentage of total revenue.

The trends described above are a result of our business transition and will cause fluctuations to our total revenue growth through fiscal 2027 and limit the comparability of our revenue with past performance. As such, we measure the success of our business on the basis of Subscription ARR. Subscription ARR illustrates our success in acquiring new subscription customers and maintaining and expanding our relationships with existing subscription customers.

Quarterly Trends in Operating Expenses 

Our quarterly operating expenses have generally increased in each period presented when compared to the results of the same quarter in the prior year primarily related to increases in personnel-related costs to support our expanded operations and our continued investment to release new products and develop and enhance the functionalities of existing products.

Key Business Metrics

In addition to the measures presented in our quarterly consolidated financial data, we use the following key business metrics and non-GAAP financial measures to help us evaluate our business and operating performance, identify trends affecting our business, formulate plans, and make strategic decisions:

 

    As of  
    April 30,
2022
    July 31,
2022
    October 31,
2022
    January 31,
2023
    April 30,
2023
    July 31,
2023
    October 31,
2023
    January 31,
2024
 
    (in thousands, except percentages and customers)  

Subscription ARR

  $  315,500     $  381,510     $  459,888     $  532,929     $  587,454     $  655,022     $  724,811     $  784,029  

Cloud ARR

  $ 94,637     $ 125,357     $ 172,059     $ 239,198     $ 296,917     $ 376,800     $ 454,866     $ 524,767  

Customers with Subscription ARR $100K

    732       870       1,031       1,204       1,314       1,463       1,581       1,742  

Average Subscription Dollar-Based Net Retention Rate

    144     146     149     150     149     146     140     133

Liquidity and Capital Resources

To date, we have financed our operations principally through private placements of our redeemable convertible preferred stock, our term loan credit facility, and payments received from customers.

In June 2022, we entered into a $195.0 million credit facility, or the Existing Credit Facility, consisting of initial term loans in an aggregate principal amount of $175.0 million and delayed draw term loan commitments in an aggregate principal amount of $20.0 million. The Existing Credit Facility was scheduled to mature in June 2027. We borrowed the full amount of the initial term loans in June 2022, the proceeds of which were used for general corporate purposes, and subsequently drew approximately $14.5 million of delayed draw term loans to pay accrued quarterly interest payments under the Existing Credit Facility.

In August 2023, we amended and restated the Existing Credit Facility, or the Amended Credit Facility, to increase the total borrowing capacity thereunder to $330.0 million, consisting of initial term

 

111


Table of Contents

loans in an aggregate principal amount of approximately $289.5 million and delayed draw term loan commitments in an aggregate principal amount of approximately $40.5 million. The Amended Credit Facility will mature in August 2028. We borrowed the full amount of the initial term loans and approximately $4.1 million of delayed draw term loans under the Amended Credit Facility on the closing date of the Amended Credit Facility in order to (i) refinance and replace in full the outstanding term loans under the Existing Credit Facility, (ii) finance the consideration for the acquisition of Laminar, and (iii) pay the accrued quarterly interest under the Existing Credit Facility then due. Borrowings under the Amended Credit Facility will bear interest, at our option, at a rate per annum equal to (i) (x) a base rate equal to the highest of (A) the prime rate as published by The Wall Street Journal, (B) the federal funds rate plus 0.5%, and (C) an adjusted SOFR rate for a one-month interest period plus 1.0% plus (y) a margin of 6.0%, or (ii) an adjusted SOFR rate for a selected interest period plus a margin of 7.0%. We have the option to elect to fund up to 100.0% of the interest payments under the Amended Credit Facility with the incurrence of additional delayed draw term loans, subject to a temporary increase of 0.5% in the annual interest rate due on outstanding term loans for a period of 90 to 180 days from the latest date of incurrence of such additional delayed draw term loans. The annual interest rate on outstanding term loans under the Amended Credit Facility can also decrease by 0.5% if we achieve certain financial targets. In connection with each of the Existing Credit Facility and the Amended Credit Facility, we were also required to pay customary fees for a credit facility of this size and type, including an upfront fee. We have the option to prepay the loans under the Amended Credit Facility at any time subject to a prepayment premium of (i) 1.5% in the first year following the closing of the Amended Credit Facility, (ii) 0.5% in the second year following the closing of the Amended Credit Facility, and (iii) 0.0% thereafter.

In August 2023, we acquired all of the outstanding stock of Laminar, a data security posture management, or DSPM platform. We accounted for this transaction as a business combination. The acquisition date fair value of the purchase consideration was $104.9 million, of which $90.8 million was paid in cash and the remainder in common stock. The cash consideration of $90.8 million excludes $23.8 million we held back, which is subject to service-based vesting and will be recorded as expense over the period the services are provided. The acquisition of Laminar is intended to support our leadership position as a data security platform provider and help accelerate our cyber posture offerings.

Our billings grow with new business growth. The majority of our billings are driven by invoicing our customers for multi-year commitments. However, this may evolve as customers have opted to, and may continue to opt to, pay us on an annual basis based on products purchased due to the growth in our SaaS product offerings and the uncertain macroeconomic environment. In addition, our billings are subject to seasonality, with billings in the fourth quarter being substantially higher than in the other three quarters. As of January 31, 2024, we had cash, cash equivalents, and short-term investments of $279.3 million. Our cash equivalents and investments primarily consist of money market funds, U.S. treasuries, commercial paper, corporate bonds, and U.S. government agencies securities. We have generated significant operating losses from our operations as reflected in our accumulated deficit of $(1,682.5) million as of January 31, 2024. We expect to continue to incur operating losses, and our operating cash flows may fluctuate between positive and negative amounts for the foreseeable future due to the investments we intend to make as described above. As a result, we may require additional capital resources to execute strategic initiatives to grow our business.

We believe that our existing cash and cash equivalents will be sufficient to fund our operating and capital needs for at least the next 12 months.

Our longer-term future capital requirements will depend on many factors, including our subscription growth rate, subscription renewal activity, including the timing and the amount of cash received from customers, the expansion of sales and marketing activities, the timing and extent of spending to support development efforts, the introduction of new and enhanced products, and the

 

112


Table of Contents

continuing market adoption of our platform. We may in the future enter into arrangements to acquire or invest in complementary businesses, services, and technologies, including intellectual property rights. We continue to assess our capital structure and evaluate the merits of deploying available cash. We may be required to seek additional equity or debt financing. In the event that additional financing is required from outside sources, we may not be able to raise it on terms acceptable to us or at all. If we are unable to raise additional capital when desired, or if we cannot expand our operations or otherwise capitalize on our business opportunities because we lack sufficient capital, our business, financial condition, and operating results would be adversely affected.

The following table summarizes our cash flows for the periods presented:

 

     Year Ended January 31,  
       2023          2024    
     (in thousands)  

Net cash provided by (used in) operating activities

   $ 19,287      $ (4,518)  

Net cash used in investing activities

   $ (125,188)      $ (93,623)  

Net cash provided by financing activities

   $ 171,823      $ 95,949  

Operating Activities

Our largest source of operating cash is payments received from our customers. We typically invoice our customers in advance for multi-year contracts. Therefore, a substantial source of our cash is from such prepayments, which are included on our consolidated balance sheets in deferred revenue. We generally experience seasonality based on when we enter into agreements with our customers. Given the seasonality in our business, the operating cash flow benefit from increased collections from our customers generally occurs in the subsequent quarter after billing. We expect seasonality, timing of billings, and collections from our customers to have a material impact on our cash flow from operating activities from period to period. Our primary uses of cash from operating activities are for employee compensation and related expenses, sales commissions, fees for third-party professional services, colocation and hosting costs, and marketing programs.

Net cash used in operating activities during fiscal 2024 of $4.5 million resulted primarily from a net loss of $(354.2) million, partially offset by $76.5 million of amortization of deferred commissions, $24.3 million for depreciation and amortization, $10.1 million for non-cash interest related to debt, $5.7 million of stock-based compensation, and $234.1 million of net cash inflow from changes in operating assets and liabilities. The net cash inflow from changes in operating assets and liabilities was primarily the result of a $299.8 million increase in deferred revenue, resulting primarily from increased billings, a $22.9 million increase in accrued expenses and other liabilities, and a $17.2 million decrease in accounts receivables. The cash inflow was partially offset by a $107.1 million increase in deferred commissions.

Net cash provided by operating activities during fiscal 2023 of $19.3 million resulted primarily from a net loss of $(277.7) million, partially offset by $81.3 million of amortization of deferred commissions, $22.4 million for depreciation and amortization, $8.5 million for non-cash interest related to debt, $7.0 million of stock-based compensation, and $174.5 million of net cash inflow from changes in operating assets and liabilities. The net cash inflow from changes in operating assets and liabilities was primarily the result of a $338.8 million increase in deferred revenue, resulting primarily from increased billings and a $8.8 million decrease in accounts receivables. The cash inflow was partially offset by a $135.0 million increase in deferred commissions and $32.7 million increase in prepaid expenses and other assets.

Investing Activities

Net cash used in investing activities during fiscal 2024 of $93.6 million resulted from $246.0 million in purchases of investments, $90.3 million paid for acquiring Laminar, $12.3 million in

 

113