10-K 1 zixi-10k_20161231.htm ZIXI-10K-20161231 zixi-10k_20161231.htm

 

 

United States

SECURITIES AND EXCHANGE COMMISSION

Washington, D.C. 20549

 

Form 10-K

 

(Mark One)

ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the fiscal year ended December 31, 2016

TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the transition period from            to            

Commission File Number: 0-17995

 

Zix Corporation

(Exact Name of Registrant as Specified in its Charter)

 

 

Texas

75-2216818

(State or Other Jurisdiction of

(I.R.S. Employer

Incorporation or Organization)

Identification Number)

 

2711 N. Haskell Avenue, Suite 2200, LB 36, Dallas, Texas 75204-2960

(Address of Principal Executive Offices)

(214) 370-2000

(Registrant’s Telephone Number, Including Area Code)

Securities Registered Pursuant to Section 12(b) of the Act:

 

Title of each class of stock

Name of each exchange on which registered

Common Stock

NASDAQ

$0.01 Par Value

 

 

Securities Registered Pursuant to Section 12(g) of the Act: None

 

Indicate by check mark whether the Registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act.    Yes      No  

Indicate by check mark whether the Registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act.    Yes      No  

Indicate by check mark whether the Registrant: (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the Registrant was required to file such reports) and (2) has been subject to such filing requirements for the past 90 days.    Yes      No  

Indicate by check mark whether the Registrant has submitted electronically and posted on its corporate Web site, if any, every Interactive Data File required to be submitted and posted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit and post such reports)    Yes      No  

Indicate by check mark if disclosure of delinquent filers pursuant to Item 405 of Regulation S-K (§229.405 of this chapter) is not contained herein, and will not be contained, to the best of Registrant’s knowledge, in definitive proxy or information statements incorporated by reference in Part III of this Form 10-K or any amendment to this Form 10-K.  

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, or a smaller reporting company. See definitions of “large accelerated filer”, “accelerated filer” and “smaller reporting company” in Rule 12b-2 of the Exchange Act. (Check one):

 

Large accelerated filer

 

Accelerated filer

 

 

 

 

 

Non-accelerated filer

(Do not check if a smaller reporting company)

Smaller reporting company

 

Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act).    Yes      No  

As of March 2, 2017, there were 54,367,481 shares of Zix Corporation $0.01 par value common stock outstanding. As of June 30, 2016, the aggregate market value of the shares of Zix Corporation common stock held by non-affiliates was $199,047,593.

DOCUMENTS INCORPORATED BY REFERENCE

Portions of the Registrant’s 2017 Proxy Statement are incorporated by reference into Part III of this Form 10-K.

 

 

 

 

 


 

TABLE OF CONTENTS

 

 

 

PART I

 

Item 1.

 

Business

3

Item 1A.

 

Risk Factors

8

Item 1B.

 

Unresolved Staff Comments

14

Item 2.

 

Properties

14

Item 3.

 

Legal Proceedings

14

Item 4.

 

Mine Safety Disclosures

14

 

 

PART II

 

Item 5.

 

Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities

15

Item 6.

 

Selected Financial Data

17

Item 7.

 

Management’s Discussion and Analysis of Financial Condition and Results of Operations

17

Item 7A.

 

Quantitative and Qualitative Disclosures About Market Risk

27

Item 8.

 

Financial Statements and Supplementary Data

27

Item 9.

 

Changes in and Disagreements with Accountants on Accounting and Financial Disclosure

27

Item 9A.

 

Controls and Procedures

27

Item 9B.

 

Other Information

29

 

 

PART III

 

Item 10.

 

Directors, Executive Officers and Corporate Governance

30

Item 11.

 

Executive Compensation

30

Item 12.

 

Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters

30

Item 13.

 

Certain Relationships and Related Transactions, and Director Independence

30

Item 14.

 

Principal Accountant Fees and Services

30

 

 

PART IV

 

Item 15.

 

Exhibits and Financial Statement Schedules

31

 

 

 

2


 

PART I

Item 1. Business

Zix Corporation (“Zix®,” the “Company,” “we,” “our,” or “us”) offers email encryption, data loss prevention (“DLP”) and Bring-Your-Own-Device (“BYOD”) security to meet business data protection and compliance needs. We primarily serve organizations in the healthcare, financial services, insurance and government sectors, including significant federal financial regulators, such as all members of the Federal Financial Institutions Examination Council (“FFIEC”), divisions of the U.S. Treasury, the U.S. Securities and Exchange Commission (“SEC”), 30 percent of U.S. banks, more than 30 Blue Cross Blue Shield organizations and more than 1,200 U.S. hospitals.

Zix® Email Encryption enables the secure exchange of emails that include sensitive information through a comprehensive secure messaging service, which allows an enterprise to use policy-driven rules to determine which email messages should be sent securely to comply with regulations or company-defined policies.

The main differentiator for Zix Email Encryption in the marketplace is its exceptional ease of use. The best example of this is its ability to provide transparent delivery of encrypted email. Most email encryption solutions are focused on the sender. They typically introduce an added burden on recipients, often requiring additional steps and passwords. We designed our solution to alleviate the recipient’s burden by enabling the delivery of encrypted email automatically and transparently. Zix enables transparent delivery through (1) ZixDirectory®, the world’s largest email encryption community, which is designed to share identities of our tens of millions of members (growing by approximately 170,000 members per week), (2) Zix’s patented Best Method of Delivery®, which is designed to deliver email in the most secure, most convenient method possible for the recipient, and (3) ZixGateway®, which automatically encrypts and decrypts messages with sensitive content. The result is the industry’s most advanced transparent encrypted email, such that secure email can be exchanged without extra steps or passwords for both senders and receivers. Zix delivers more than 1.5 million encrypted messages on a typical business day. On average, 70% of those encrypted messages are exchanged transparently between senders and recipients.

Zix launched ZixQuarantineSM, formerly ZixDLP®, an email-specific solution in early 2013. By focusing strictly on email, ZixQuarantine addresses business’s greatest source of data loss – corporate email. The straightforward DLP approach decreases the complexity and cost often associated with other DLP solutions. ZixQuarantine is also designed to reduce deployment time from months to hours and minimize impact on customer resources and workflow. In addition, ZixQuarantine offers a convenient experience for both employees interacting with the solution and administrators managing the system.

Leveraging the company’s leadership and expertise in email encryption, ZixQuarantine uses Zix’s proven policy and content scanning capabilities with quarantine functionality and an intuitive interface, which allow administrators to (1) easily define policies and create custom content filters for quarantining email messages, (2) conveniently manage quarantined messages using flexible searching and filtering options, (3) release or delete individual or multiple quarantined messages with one click, (4) review reports that monitor quarantine activities and trends and (5) automate custom notifications informing employees of quarantined messages.

ZixQuarantine is available as an add-on for existing Zix customers or as a bundle with Zix Email Encryption for new customers. ZixQuarantine is also available as a standalone solution that can easily integrate with most email systems and email encryption solutions.

In late 2013, Zix launched ZixOne®, a unique mobile email app that solves the key IT challenge created by the BYOD trend in the workplace. BYOD describes the increasing trend of employees using their personal devices to conduct work. ZixOne provides access to corporate email while never allowing that data to be persistently stored on the device where it is vulnerable to loss or theft. If the device is lost or stolen, an administrator can simply disable access to corporate email from that device through ZixOne.

Unlike other BYOD solutions, ZixOne meets employee demands of convenience, control and privacy while giving companies the ability to secure corporate data and meet compliance needs. With seamless access to work email in a secure, simple-to-use environment, employees can stay productive while preserving device independence. A BYOD solution that is acceptable to employees and yet provides strong data protection for corporate data solves one of today’s greatest IT management challenges.

Our business operations and service offerings are supported by the ZixData CenterTM, a SOC3 certified, SOC2 accredited, PCI DSS V3.2 certified facility. The operations of the ZixData Center are independently audited annually to maintain AICPA SOC3 certification in the areas of security, confidentiality, integrity and availability. Auditors also produce a SOC2 report on the effectiveness of operational controls used over the audit period. The ZixData Center is staffed 24 hours a day with a track record that exceeds 99.99% availability.

3


 

Our company was incorporated in Texas in 1988. Originally named Amtech Corporation, we changed our name to ZixIt® Corporation in 1999 when we entered the encrypted email market. In 2002, we became Zix Corporation. Our executive offices are located at 2711 North Haskell Avenue, Suite 2200, LB 36, Dallas, Texas 75204-2960, (214) 370-2000.

Overview

Email is a mission-critical means of communication for enterprises. However, if email leaves a secure network environment in clear text, it can be intercepted along the path between a sender and a recipient, which permits theft, redirection, manipulation or exposure to unauthorized parties. Failure to control and manage such risks can result in enforcement penalties for noncompliance under numerous regulations, in addition to damaged reputation, competitive disadvantage, a loss of intellectual property or other corporate assets, exposure to negligence or liability claims, and diversion of resources to repair such damage. For example, healthcare organizations, business associates and sub-contractors are subject to the Privacy, Security, and Enforcement Rules of the Health Information Portability and Accountability Act (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”). Financial institutions are subject to data privacy laws including the Gramm-Leach-Bliley Act (“GLBA”). These federal laws help drive the use of encrypted email. In addition, individual states such as Massachusetts and Nevada have enacted privacy laws requiring the safeguard of personal data, and almost all states encourage email encryption by allowing exemptions from data breach notification laws.

Corporations require easy to use, cost-effective email protection that can be used on an enterprise-wide basis. They need it to be quickly deployed and regularly updated to evolve with innovative technology practices and meet changing regulatory standards. To satisfy these needs, our Email Encryption Service provides a comprehensive solution that analyzes and encrypts email communications.

Our Email Encryption Service allows a user to send encrypted email to any email user anywhere and on any Internet-enabled device. Encrypted email is delivered through the patented Best Method of Delivery protocol which automatically determines the most direct and appropriate means of delivery, based on the sender’s and recipient’s communications environment and preferences. The protocol supports a number of encrypted email delivery mechanisms, including S/MIME, Transport Layer Security (“TLS”), Open Pretty Good Privacy (“PGP”), “push” delivery and secure portal “pull” delivery. These last two mechanisms enable users to send messages securely to anyone with an email address, including those who do not have an encryption tool. Our Best Method of Delivery makes the technology simple for end users and provides flexibility and ease of implementation for information technology professionals. We believe the ability to send messages through different modes of delivery is one of many differentiators that makes our Email Encryption Service superior to competitive offerings.

The deployment of our Email Encryption Service at the periphery of the customer’s network means our Email Encryption Service encrypts outbound email for an enterprise without the need to create, deploy or manage end user encryption keys or deploy desktop software. Our technology solutions are easy to use, easy to deploy, and can be made operational quickly.

Our service has an integrated policy management capability. This policy engine can inspect the contents of emails and apply policies matching specific industry criteria such as HIPAA, the HITECH Act and GLBA. Customers can also build their own custom policies. This policy driven email encryption for regulatory compliance means customers can reduce the training required of their staff and significantly reduce the risk of inadvertently sending sensitive content by controlling the method of delivery through preset policies.

Competition

The most significant differentiator for Zix Email Encryption Service as compared with our competition is ease of use. The best example of our unequalled ease of use is transparent delivery of encrypted email messages. We are able to deliver transparent email encryption as a result of our ZixDirectory, Best Method of Delivery and ZixGateway. The most critical and highly differentiated component of our solution is the ZixDirectory which provides the ability to share user identities for encryption, and in turn provides frictionless interoperability between users in a community of interest such as healthcare, finance or government.

Our capability to offer interoperability is particularly important when it is necessary to communicate with external networks, as is the case with the healthcare and financial services markets. Our customers become part of the ZixDirectory, a global “white pages” enabling transparent secure communications with other ZixGateway customers using our centralized key management system and overall unique approach to implementing secure email. We enable secure communications with other users via TLS, Open PGP, “push” delivery and secure portal “pull” delivery mechanisms. However, we believe our unique transparent delivery is the more preferred delivery model.

4


 

Zix Email Encryption and ZixQuarantine focus on the secure (i.e., encrypted) delivery and data loss prevention sub-segments of the email security market. We view our primary competitors in this space to be Proofpoint Inc., Microsoft, Barracuda Networks, and Sophos Inc. Technically, while these companies offer “send-to-anyone” encrypted email, we believe they are unable to offer the benefits that come from access to the ZixDirectory, use of our Best Method of Delivery protocol, and the industry’s only transparent email encryption. Nevertheless, some of these competitors are large enterprises with substantial financial and technical resources that exceed those we possess.

As discussed above, with the introduction of ZixOne, the Company entered the BYOD mobile device security market. In the BYOD market, we view our primary competitors as companies that provide enterprise mobility management (“EMM”), which includes but is not limited to mobile device management (“MDM”), containerization and app wrapping technology. EMM is premised on storing business data on an employee’s personally owned device. In order to secure business data on personal devices, EMM requires individual users to permit their employer access to and control over personally owned smartphones and tablet computers and therefore can create user concerns about loss of control and privacy of their devices. In contrast, ZixOne enables Android® or IOS® mobile devices to view remotely stored corporate email, calendar and contacts, and to interact with that data. ZixOne more effectively protects business email data by never allowing it to be stored on the device, where it might be subjected to exposure from theft or loss of the device. Moreover, ZixOne does not require employees to relinquish device control or personal privacy to their employer. We believe these differentiators make ZixOne an attractive BYOD solution. Competitors have an established brand in the market with substantial financial and technical resources that exceed those we possess. We view our primary competitors in this space to be AirWatch/VMware, Citrix (with XenMobile), Good Technology (purchased by Blackberry), IBM/Fiberlink (with MaaS360), Microsoft (with ActiveSync), and MobileIron.

Regulatory Drivers

We have been successful in securing additional market penetration for Zix Email Encryption in our target vertical markets of healthcare, finance services and government due to regulations that address the need for data privacy and security.

In addition to the need to protect personal data and sensitive business communication, demand for email encryption in the healthcare sector, including business associates of healthcare providers, is augmented by regulatory requirements under HIPAA and HITECH Act. The Privacy and Security rules under those acts provide severe penalties for violations, include strict breach notification requirements, and allow states to pursue HIPAA violations. In the financial services industry, financial institutions and their service providers are subject to the GLBA, which is enforced by the U.S. Federal Trade Commission (“FTC”). The FTC has issued guidance saying that businesses that transmit sensitive data by email should be sure to encrypt the data.

In choosing an email security provider, companies are influenced by the solutions chosen by their regulators. Our customers include all of the federal regulators that comprise the FFIEC as well as the state banking regulators in more than twenty states. Our service is also a recommended solution of the Conference of State Bank Supervisors, whose members regulate the more than 4,800 state-chartered banks in the U.S.

Additionally, state data breach laws and privacy regulations, along with highly publicized breaches, have enhanced security awareness in vertical markets outside of healthcare and financial services and have prompted affected organizations to consider adopting systems that ensure data security and privacy. Even where there are no specific regulations, businesses may require email protection to adhere to evolving industry best practices for protecting sensitive information.

Sales and Marketing

We sell our Zix Email Encryption, Zix DLP and ZixOne Services through a direct sales force that focuses on larger businesses and a telesales force that focuses on small to medium-sized accounts. We also use a network of resellers and other distribution partners, including other service providers seeking an email encryption offering in an original equipment manufacturing (“OEM”)-like relationship. New first year orders (“NFYOs”), defined as the twelve month value of orders received from new customers, derived from our value-added resellers, OEM and third party distribution channels for 2016 were 57% of the total new first year orders compared to 64% in 2015. Google, Inc. continues to be our largest third party reseller representing approximately 5% of NFYOs in 2016. As of December 31, 2016, we had 270 value-added resellers and 139 managed security service providers across the U.S.

Employees

We had 201 employees as of December 31, 2016. The majority of our employees are located in Dallas, Texas. We also have a sales office in Burlington, Massachusetts; and a smaller office located in Ottawa, Ontario, Canada.

5


 

Research and Development

We incurred research and development expenses of $9.6 million, $8.3 million, and $9.1 million for the twelve-month periods ended December 31, 2016, 2015, and 2014, respectively.

Over the course of 2016 we continued to make investments toward strengthening and expanding our service portfolio. We added new external sender capabilities, web authorization options, access security features and SIEM (Security Information and Event Monitoring) data feeds to ZixPort and invested in capacity and performance enhancements across our core suite of hosted services. We also migrated the Cisco SMIME and PGP capabilities from their legacy code base into our ZCT (ZixGateway with Cisco Technology) and enhanced the foreign language handling capabilities of that system. ZixOne was upgraded to align with the iPhone and Android evolutions and benefited from a number of stability enhancements.

On the ZixHosted front, we advanced deployment and upgrade automation capabilities for ZixGateway cloud instances and added ZixQuarantine functionality into our SMB (Small and Medium Business) product environment. We laid the foundation for better feature alignment between our premises and hosted ZixGateways, which will be leveraged as we move into 2017.

The following are registered trademarks of ours and certain of our subsidiaries: “Zix,” “ZixGateway,” “ZixDirectory,” “ZixIt”, and “ZixPort,”.

Intellectual Property

We depend upon our ability to develop, maintain and protect our proprietary technology and our related intellectual property rights. We rely on a combination of patent, trademark, trade secret and copyright law and contractual restrictions to protect the proprietary aspects of our technology and related property rights and to defend against infringement and/or misappropriation claims from others. We own 26 U.S. patents (including U.S. pending patents) with expiration dates ranging from 2019 through 2036. We have a program to file applications for and obtain patents and trademarks in the United States and in specific foreign countries where we believe filing for such protection is appropriate. While intellectual property rights are generally important to our business, we do not believe that our business is dependent on any single item of intellectual property, or that any single item of intellectual property is material to the operation of our business. Rather, we believe that our intellectual property rights provide us with a competitive advantage, and from time to time we have taken steps to enforce our intellectual property rights as a means of protecting that competitive advantage.

Please see generally the risks that are more fully disclosed in “Item 1A. Risk Factors” for risks related to our intellectual property.

Compliance with Environmental Regulations

We have not incurred, and do not expect to incur, any material expenditures or obligations related to environmental compliance issues.

Governmental Contracts

We have contracts with many local, state and federal agencies and regulators, which in the aggregate contribute approximately 7 percent of our annual revenue.

Significant Customers

In each of 2016, 2015, and 2014, no single customer accounted for 10% or more of our total revenues.

Backlog

Our backlog is comprised of contractual commitments that we expect to recognize as revenue in the future. Our backlog was $81.7 million at December 31, 2016, compared to $74.2 million at December 31, 2015.

As of December 31, 2016, our backlog is comprised of the following elements: $27.2 million of deferred revenue that has been billed and paid, $7.1 million billed but unpaid, and approximately $47.4 million of unbilled contracts.

The backlog is recognized into revenue ratably as the services are performed. Approximately 57% of our total backlog at December 31, 2016, is expected to be recognized as revenue during 2017.

6


 

Seasonality

The Company typically experiences lower NFYO’s in the first quarter of the calendar year. Our budget anticipates fewer NFYO’s in the first quarter, but historically this has not resulted in a material impact to our revenue or earnings on a seasonal basis.

Geographic Information

Our operations are primarily based in the U.S., with approximately 5% of our employees located in Canada. Except for a United Kingdom based data center, we do not operate in, or have dependencies on, any other foreign countries. Our revenues and orders to-date are almost entirely sourced in the U.S. and all significant corporate assets at December 31, 2016, were located in the U.S.

Financial Information About Industry Segments

We have one reportable segment consisting of email encryption and security solutions. We internally evaluate all of our product offerings and other sources of revenue as one industry segment, and, accordingly, do not report segment information.

Available Information

Our Internet address is www.zixcorp.com. Our Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, and amendments to those reports filed or furnished pursuant to Section 13(a) or 15(d) of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), are available on our website, without charge, as soon as reasonably practicable after we electronically file such material with, or furnish it to, the SEC. The information found on our website shall not be considered to be part of this or any other report filed with or furnished to the SEC.

In addition to our website, you may read and copy any materials we file with the SEC at the SEC’s Public Reference Room at 450 Fifth Street, N.W., Washington, D.C. 20549. You may obtain information on the operation of the SEC’s Public Reference Room by calling the SEC at 1-800-SEC-0330. The SEC maintains a website that contains reports, proxy and other information statements, and other information regarding issuers, including us, that file electronically with the SEC. The address of the website is www.sec.gov.

NOTE ON FORWARD-LOOKING STATEMENTS AND RISK FACTORS

This document contains “forward-looking statements” (including the discussion appearing under the caption “Liquidity Summary” in “Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations,”) within the meaning of Section 27A of the Securities Act of 1933, as amended (the “Act”) and Section 21E of the Exchange Act. All statements other than statements of historical fact are “forward-looking statements” for purposes of federal and state securities laws, including: any projections of future business, market share, earnings, revenues, recognition of revenues from backlog, cash receipts, or other financial items; any statements of the plans, strategies, and objectives of management for future operations; any statements concerning proposed new products, services, or developments; any statements regarding future economic conditions or performance; any statements of belief; and any statements of assumptions underlying any of the foregoing. Forward-looking statements may, but need not, include words such as “may,” “will,” “predict,” “project,” “forecast,” “plan,” “should,” “could,” “goal,” “estimate,” “intend,” “continue,” “believe,” “expect,” “outlook,” “anticipate,” “hope,” and other similar expressions. Any forward-looking statements involve risks and uncertainties that could cause actual events or results to differ materially from the events or results described in the forward-looking statements, including, but not limited to, the risks and uncertainties described in the “Item 1A Risk Factors” section.

Although we believe that expectations reflected in and the assumptions underlying our forward-looking statements are reasonable, actual results or assumptions made could differ materially from those projected or assumed in any of our forward-looking statements. Our future financial condition and results of operations, as well as any forward-looking statements, are subject to change and to inherent risks and uncertainties, including, but not limited to, those disclosed in this document. Forward-looking statements speak only as of the date on which they are made, and we do not intend, and undertake no obligation, to update any forward-looking statement.

7


 

Item 1A. Risk Factors

The following is a cautionary discussion of risks, uncertainties and assumptions that we believe are significant to our business, financial condition and financial results. In addition to the factors discussed elsewhere in this Annual Report on Form 10-K, the following are some of the important factors that, individually or in the aggregate, we believe could make our results differ materially from those described in any forward-looking statements. It is impossible to predict or identify all such factors and, as a result, you should not consider the following factors to be a complete discussion of risks, uncertainties and assumptions.

Our business depends upon customers using email to exchange confidential information, and a significant shift of those messages to other communication channels could impair our growth prospects and negatively affect our business, financial condition and financial results.

Our customers deploy and use our products and services to easily, securely and confidentially send and receive email messages. Our business and revenue substantially depend on our current and potential customers using email to exchange sensitive information electronically. New technologies, products, or business models that could support secure communications could be disruptive to our business. If prospective or current customers were to send and receive sensitive information using technology or communication channels other than email, our growth prospects and our business, financial condition and financial results could be materially adversely affected.

Our business depends on market acceptance of our products and services, and our failure to achieve and maintain influential customers could negatively affect our business, financial condition and financial results.

In order to continue to operate profitably and grow, we must achieve and maintain broad market acceptance of our products and services at a price that provides us with an acceptable rate of return relative to our costs. We have been successful in selling our Email Encryption products and services to high-profile customers in the healthcare, financial services and government segments of the market. The acceptance and use of our products and services by those significant customers facilitates our sales to other potential customers, and an expanding base of users in the Zix Directory aids in our market penetration and expansion. The loss of an influential customer of our existing products and services, or the failure to achieve sufficient market adoption of new products including ZixQuarantine and ZixOne, could impair our ability to expand the market penetration of our products and services, or cause us to reduce or increase prices, which could reduce our revenues and net income and materially adversely affect our business, financial condition and financial results.

Our business relies on securing new customer subscriptions and subscription renewals from existing customers.

A large portion of our revenue is derived from customer subscriptions, and existing customers have no contractual obligations to purchase beyond the initial subscription or contract period. We may not maintain historical subscription rates, and we may be unable to accurately predict our customer renewal rates. Although we have historically retained approximately 90% of our recurring revenue on an annual basis, our customers’ renewal rates may decline or fluctuate as a result of a number of factors, including the level of their satisfaction with our products and technical support services, customer merger or acquisition activity, customer budgets, the pricing of our products compared with those offered by our competitors, technology trends, the prevailing regulatory regime and general market conditions. If new subscriptions or subscription renewals decline, our revenue or revenue growth may decline, and our business may suffer.

The security of our networks and data centers is critical to our business and an actual or perceived breach of security through a cyber-attack or otherwise could cause us to lose customers and could negatively affect our reputation, business, financial condition and financial results.

We are dependent on our networks and data centers to provide our products and services. Due to the nature of the products and services we provide and the sensitive nature of the information we collect, process, store, use and transmit, we may face cyber-attacks, data protection breaches, computer viruses and other similar disruptions from unauthorized tampering or human error that attempt to penetrate and could harm our networks and data centers. Our business depends on customers having and maintaining confidence that we provide effective network and security protection. To reduce the risk of a successful cyber-attack or similar event, we have implemented significant physical and logical security measures to detect, identify and mitigate threats as well as to monitor for and respond to potential breaches and incidents. Despite these security measures, our networks and data centers may remain vulnerable. We may not be able to correct a security flaw or particular vulnerability promptly, or at all.  Further efforts to limit the ability of malicious third parties to disrupt or undermine our security efforts may be costly to implement and may not be successful. If a cyber-attack or other breach of security occurs, or is perceived to have occurred, in our internal systems or at our data centers and networks, it could cause negative publicity, interruption of our services, damage to our reputation, unauthorized disclosure of our customers’ confidential or proprietary information (including personally identifiable information), disclosure of our intellectual property,

8


 

disclosure, modification or removal of our confidential or sensitive information, theft or unauthorized use or publication of our trade secrets, loss of customers, lost revenue and increased expense (including potentially indemnification or warranty costs), any of which could have a material adverse effect on our business, financial condition and financial results.

Public key cryptography technology used in our businesses is subject to technology integrity risks that could reduce demand for our products and services and could negatively affect our business, financial condition and financial results.

Our business employs public key cryptography technology and other encryption technologies to encrypt and decrypt messages. The security afforded by encryption depends on the integrity of the private key, which is predicated on the assumption that it is very difficult to mathematically derive the private key from the related public key. Successful decryption of intercepted encrypted email, or public reports of successful decryption, whether or not true, could reduce demand for our products and services. If new methods or technologies, such as quantum computing, make it easier to derive the private key from the related public key, the security of encryption services using public key cryptography technology could be impaired and our products and services could become less marketable. That could require us to make significant changes to our services, which could increase our costs, damage our reputation, or otherwise harm our business. Any of these events could reduce our revenues, increase our expenses and materially adversely affect our business, financial condition and financial results.

Our business depends substantially on our data center facilities, and their unreliability or unavailability for a significant period could cause us to lose customers and could negatively affect our business, financial condition and financial results.

Much of the computer and communications hardware upon which our businesses depend is located in our data center facilities in Dallas and Austin, Texas and in the United Kingdom. Our data centers might be damaged or interrupted by fire, flood, power loss, telecommunications failure, break-ins, cyber-attacks, earthquakes, terrorist attacks, hostilities or war or other events. Computer viruses, equipment failure, denial of service attacks, and similar disruptions affecting the internet or our systems might cause service interruptions, delays and loss of critical data, and could prevent us from providing our services. Problems affecting our data center operations or the networks on which we rely could result in loss of revenues, increased expenses, failure to achieve market acceptance, diversion of resources, injury to our reputation, liability and increased costs. We do not carry sufficient insurance to compensate us for all losses that may occur as a result of any of these events. The occurrence of any of these events could materially adversely affect our business, financial condition and financial results.

Outages or problems with systems and infrastructure supplied by third parties could negatively affect our business, financial condition and financial results.

Our business relies on third-party suppliers of the telecommunications infrastructure. We use various communications service suppliers and the global internet to provide network access between our data centers, our customers and end-users of our services. If those suppliers do not enable us to provide our customers with reliable, real-time access to our systems, we may be unable to gain or retain customers. These suppliers periodically experience outages or other operational problems as a result of internal system failures or external third party actions. Though our products generally tolerate isolated supplier failures, multiple supplier outages or problems could materially adversely affect our business, financial condition and financial results.

The infrastructure supporting our business may suffer capacity constraints and business interruptions that could cause us to lose customers, increase our operating costs and could negatively affect our business, financial condition and financial results.

Our business depends on our providing our customers reliable, real-time access to our data centers and networks. Customers will not tolerate a service hampered by slow delivery times, unreliable service levels, service outages, or insufficient capacity. System capacity limits or constraints arising from unexpected increases in our volume of business or network traffic could cause interruptions, outages or delays in our services, or deterioration in their performance, or could impair our ability to process transactions. We may not be able to accurately project the rate of increase in usage of our systems or to timely increase capacity to accommodate increased traffic on our systems. System delays or interruptions may prevent us from efficiently providing services to our customers or other third parties, which could result in our losing customers and revenues, or incurring liabilities that could have a material adverse effect on our business, financial condition and financial results.

The growth of our business may require significant investment in systems and infrastructure and these investments may achieve delayed, or lower than expected benefits, which could impair our profitability and negatively affect our business, financial condition and financial results.

As our operations grow in size and scope, we continually need to improve and upgrade our technology offerings, systems and infrastructure to offer an increasing number of customers enhanced products, services, features and functionality, while maintaining the reliability and integrity of our systems and infrastructure and pursuing reduced costs per transaction. Expanding our technology

9


 

offerings, systems and infrastructure may require us to commit substantial financial, operational and technical resources, with no assurance that the volume of our business will increase, which could reduce our net income, deplete our cash, and materially adversely affect our business, financial condition and financial results. Developing and launching new product offerings adjacent to or outside of our core encrypted email offerings can be particularly costly in terms of capital investments for both product development and marketing. At the same time, these new offerings involve greater uncertainty concerning both market acceptance and our ability to successfully execute a sales and marketing strategy that justifies our investments. Our failure to properly manage and execute new product initiatives could materially adversely affect our business, financial condition and financial results.

Our failure to keep pace with rapid technology changes could have a negative impact on our business, financial condition and financial results.

The markets for our products and services are characterized by rapid technological developments and frequent changes in customer requirements. We must continually improve the performance, features and reliability of our products and services, particularly in response to competitive offerings, to keep pace with these developments. We must ensure that our products and services address evolving operating environments, devices, industry trends, certifications and standards. For example, we have been required to expand our offerings for virtual computer environments and mobile environments to support a broader range of mobile devices. We also may need to develop products that are compatible with new operating systems while remaining compatible with existing, popular operating systems. Our business could be harmed by our competitors announcing or introducing new products and services that could be perceived by customers as superior to ours. We spend considerable resources on technology research and development, but our research and development resources are more limited than many of our competitors. Our failure to introduce new or enhanced products on a timely basis, to keep pace with rapid industry, technological or market changes or to gain customer acceptance for our new and existing products and services, such as mobile device data protection, could have a material adverse effect on our business, financial condition and financial results.

We face strong competition, which could negatively affect our business, financial condition and financial results.

The markets in which we compete are characterized by rapid change and converging technologies and are very competitive. With rising demand for private and secure email communications, there is strong competition for email encryption products and services. Our Email Encryption and data loss prevention business competes with products and services offered by companies such as Microsoft, Barracuda Networks, Inc., Proofpoint, Virtru, HP (Voltage), and Sophos Inc. Our ZixOne business completes with products and services offered by companies such as AirWatch/VMWare, Citrix (with XenMobile), Blackberry, IBM/Fiberlink (with MaaS360), Microsoft (with ActiveSync), and MobileIron. Strong competition requires us to develop new technology solutions and service offerings to expand the functionality and value that we offer to our customers. Many of our competitors bundle their competing products and services with products and services that we do not offer, which could make our offerings less attractive by comparison. As a result of the bundling by these competitors, it can be difficult for our customers to compare the cost of our offerings with competing offerings. In some instances, competing products and services may seem to be offered by our competitors at little to no additional cost to the customer. In addition, our competitors may develop products and services that are perceived by customers as equivalent to, or having advantages over, our products and services. Competitors could capture a significant share in our markets, causing our sales and revenue to decline or grow more slowly. Barriers to entry are relatively low, and new ventures are often formed that create products competitive with our products. Competitive pressures could lead to price discounting or to increases in expenses such as advertising and marketing costs. Increased competition could also decrease demand for our products and services. Competition could reduce our revenues and net income and materially adversely affect our business, financial condition and financial results.

Industry consolidation may lead to increased competition and may harm our operating results.

There has been a trend toward industry consolidation in our industry for several years. We expect this trend to continue as companies attempt to strengthen or hold their market positions in an evolving industry and as companies are acquired or are unable to continue operations. For example, some of our current and potential competitors have made acquisitions, or announced new strategic alliances. Companies that are strategic alliance partners in some areas of our business may acquire or form alliances with our competitors, thereby reducing their business with us. We believe that industry consolidation may result in stronger competitors that are better able to compete as sole-source vendors for customers. This could have a material adverse effect on our business, financial condition and financial results.

Some competitors have advantages that may allow them to compete more effectively than us, which could negatively affect our business, financial condition and financial results.

Some of our competitors have longer operating histories, more extensive operations, greater name recognition, larger technical staffs, bigger product development and acquisition budgets, established relationships with more distributors and hardware vendors,

10


 

and greater financial and marketing resources than we do. These advantages might enable them (independently or through alliances) to develop and expand functionality of products and services faster than we can, to spend more money to market and distribute products and services than we can, or to offer their products and services at prices lower than ours. These advantages could reduce our revenues and net income and materially adversely affect our business, financial condition and financial results.

If we do not successfully manage our strategic alliances, we may not realize the expected benefits from such alliances and we may experience increased competition or delays in product development.

We have entered into several strategic alliances with other companies to offer complementary products and services. These arrangements are generally limited to specific projects or series of projects, and their main goal is generally to facilitate product compatibility and adoption of industry standards. There can be no assurance that we will realize the expected benefits from these strategic alliances. If successful, these relationships may be mutually beneficial and result in industry growth. However, alliances carry an element of risk because, in most cases, we must compete in some business areas with a company with which we have a strategic alliance and, at the same time, cooperate with that company in other business areas. Also, if these partner companies fail to perform or if these relationships fail to materialize as expected, we could suffer delays in product development or other operational difficulties.

We enlist third party distributors to market our products and services, and our failure to succeed in those relationships could negatively affect our business, financial condition and financial results.

We distribute a significant percentage of our products and services by entering into alliances with third parties who can offer our products and services along with their own or our competitors’ products and services. Increased reliance on third parties to market and distribute our products and services exposes us to a variety of risks. For example, we have limited control over and visibility into the sales cycles of third party distributors, which could increase the length of our sales cycle, cause our revenue to fluctuate unpredictably and make it difficult to accurately forecast our revenue. In addition, we may not succeed in developing or maintaining marketing alliances. Companies with which we have marketing alliances may in the future discontinue their relationships with us, form marketing alliances with our competitors, or develop and market their own products and services that compete with ours. If a significant distributor were to discontinue its relationship with us, we could experience an interruption in the distribution of our products and services and our revenues could decline. Our failure to develop, maintain and expand strategic distribution relationships could reduce our revenues and net income and materially adversely affect our business, financial condition and financial results.

We may acquire product lines or businesses, which could impact our business, financial condition and financial results.

As part of our business strategy, we may periodically seek to acquire products lines or businesses from third parties that complement our current product lines and businesses. Acquisitions involve numerous risks, including difficulties in the assimilation of the operations, technologies, services and products of the acquired product lines or businesses, estimation and assumption of liabilities and contingencies, personnel turnover and the diversion of management’s attention from other business concerns. We may be unable to successfully integrate and manage product lines or businesses that we acquire in the future, or be unable to achieve anticipated benefits or costs savings from acquisitions in the timeframe we anticipate, or at all. The inability to effectively and efficiently manage acquisitions with the results we expect or in the timeframe we anticipate could adversely affect our business, financial condition and financial results.

Unfavorable economic environments, particularly in the U.S., could negatively affect our business, financial condition and financial results.

Challenging economic conditions worldwide have from time to time contributed, and may continue to contribute, to slowdowns in the technology and networking industries at large, as well as in the encrypted email/data security market and in specific geographic markets in which we operate. If economic growth in those markets, particularly in the U.S., which accounts for a substantial majority of our revenue, slows, or credit is unavailable at a reasonable cost, current and potential customers may delay or reduce technology purchases, including the deployment or expansion of our products and services. Additionally, as we continue our corporate strategy of exploring additional international markets, we may become more susceptible to unfavorable economic environments outside the U.S. and that could compound the negative effects of unfavorable economic environments in markets in which we currently operate. This could result in reduced sales of our products and services, longer sales cycles, slower adoption of new technologies and increased price competition. In addition, adverse economic conditions could negatively affect the cash flow of our customers and distributors, which might result in failures or delays in payments to us. This could increase our credit risk exposure and delay our recognition of revenue. Specific economic trends, such as declines in the demand for cloud computing services and computing devices, or softness in corporate information technology spending, could have a more direct impact on our business. If these conditions persist, spread or deteriorate further, our business, financial condition and financial results could be materially adversely affected.

11


 

If our products do not work properly or have security vulnerabilities, our reputation, business, financial condition and financial results could be negatively affected and we could experience negative publicity, declining sales and legal liability.

The threats facing our customers are constantly evolving and the techniques used by experienced hackers to access or sabotage data change frequently, often are not recognized until launched against a target, and may originate from less regulated or remote areas around the world.  As a result, we must constantly update our product solutions to respond to these threats.  We produce complex solutions that incorporate leading-edge technology, including both hardware and software, that must operate in a wide variety of technology environments. Software may contain defects or “bugs” that can interfere with expected operations or introduce security vulnerabilities that can lead to unauthorized use or data loss. There can be no assurance that our testing programs will be adequate to detect all defects prior to the product being introduced, which might decrease customer satisfaction with our products and services. The product reengineering cost to remedy a product defect or mitigate vulnerabilities could be material to our operating results. Our inability to cure a product defect could result in the temporary or permanent withdrawal of a product or service from the market, a security breach, negative publicity, damage to our reputation, failure to achieve market acceptance, lost revenue and increased expense, any of which could have a material adverse effect on our reputation, business, financial condition and financial results.

Our transmission and storage of personally identifiable information including the personal data of European data subjects and other confidential information, and inadvertent exposure of PII or CI, could cause us to violate data privacy laws or lose customers and could negatively affect our business, financial condition and financial results.

We transmit and store large amounts of personally identifiable information (“PII”) about individuals, which may include healthcare or financial information, and other confidential information (“CI”). Although we have established, and continue to develop and enhance, security measures and controls to help protect against unauthorized disclosure of such PII and other CI, an inadvertent disclosure of, or unauthorized third-party access to, PII or CI, could disrupt our operations, damage our reputation and subject us to claims or other liabilities.

In addition, our processing and storage of certain types of data is subject to confidentiality agreements with our clients and handling PII is increasingly subject to a variety of changing privacy and data security regulations around the world, such as the European Union’s Data Protection Directive and the forthcoming European Union Data Protection Regulation. Such laws and regulations are subject to new and differing interpretations and may be inconsistent among jurisdictions. For example, in October 2015, the European Court of Justice invalidated the U.S.-EU Safe Harbor framework that had been in place since 2000, which allowed companies including us to meet certain European legal requirements for the transfer of personal data from the European Economic Area to the United States. In the wake of that decision, we decided to participate in the new EU-U.S. Privacy Shield framework established by the U.S. Department of Commerce and the European Commission and opened for participation on August 1, 2016. We applied for and were approved for certification and are now an Active Participant in the Privacy Shield program. Our Privacy Shield self-certification was finalized by the Department of Commerce and became effective as of November 9, 2016. This will allow us to transfer personal data of European data subjects that we receive from customers to the United States, in compliance with the Privacy Shield principles. While our Privacy Shield certification and other mechanisms (such as Model Clauses) to lawfully transfer such data remain, Privacy Shield and other transfer mechanisms are also subject to pending legal challenges and these legal challenges  may result in different European data protection regulators applying differing standards for the transfer of personal data. Future changes in requirements under these regulations may be inconsistent with our existing data management practices. If so, we could be required to fundamentally change our business activities and practices or modify our software, which could have an adverse effect on our business, including increased cost of compliance and limitations on data transfer for us and our customers.

Any inability to adequately address privacy concerns, even if unfounded, or to comply with applicable privacy or data protection laws, regulations and policies, could result in additional costs and liability to us, damage our reputation, inhibit sales and harm our business. Furthermore, any inadvertent disclosure of, or unauthorized access (including due to a cyber-attack) to, PII or other CI or other failure by us to comply with data privacy requirements could subject us to significant penalties, damages, remediation and other expenses, and damage our reputation, any of which could have a material adverse effect on our business, financial condition and financial results.

12


 

Problems with enforcing our intellectual property rights or using third party intellectual property could negatively affect our business, financial condition and financial results.

We rely on a combination of contractual rights, trademarks, trade secrets, patents and copyrights to establish and protect intellectual property rights and other proprietary rights in our products and services. These intellectual property rights or other proprietary rights might be challenged, invalidated or circumvented. The steps we have taken to protect our proprietary information may not prevent its misuse, theft or misappropriation. Competitors may independently develop technologies or products that are substantially equivalent or superior to our products or that inappropriately incorporate our intellectual property rights or other proprietary technology into their products. Competitors may hire our former employees who may misappropriate our intellectual property rights or other proprietary technology. Some jurisdictions may not provide adequate legal protection of our intellectual property rights or other proprietary technology.

We may have to defend or assert our rights in intellectual property that we use in our services, and we could be found to infringe the intellectual property rights of others, which could be disruptive and expensive to our business.

We may have to defend against claims that we or our customers are infringing the rights of third parties in patents, copyrights, trademarks and other intellectual property. If we acquire technology to include in our products from third parties, our exposure to infringement actions may increase because we must rely upon these third parties to verify the origin and ownership of such technology. Also, we may be required to spend significant resources to monitor and protect our intellectual property rights, including initiating claims or litigation against third parties for infringement or misappropriation. Intellectual property litigation and controversies are disruptive and expensive, whether or not resolved in our favor. Even unmeritorious claims brought against us or our customers may harm our reputation and customer relationships, may cause us to incur significant legal and other fees to defend, and may have to be settled for significant amounts. Infringement claims against us could require us to develop non-infringing services or enter into expensive royalty or licensing arrangements. Our business, financial condition and financial results could be materially adversely affected if we are not able to develop non-infringing technology or license technology on commercially reasonable terms.

We may face risks from using “open source” software that could negatively affect our business, financial condition and financial results.

Like many other software companies, we use “open source” software in order to take advantage of common industry building blocks and to add functionality to our products quickly and inexpensively. Open source software license terms could adversely affect our intellectual property rights in our products that include open source software. Depending upon how the open source software is deployed, we could be required to offer products that use the open source software for no cost, or make available the source code for modifications or derivative works. Any of these obligations could have an adverse impact on our intellectual property rights and revenue from products incorporating the open source software. Using open source code could also cause us to inadvertently infringe third-party intellectual property rights or require us to publicly disclose proprietary information. We have processes and controls in place that are designed to address these risks and concerns, but we cannot be sure that our process or controls will be sufficient to mitigate all risk in this regard. Open source software might also introduce security vulnerabilities or defective functionality. The open source community may not always respond with adequate urgency to mitigate the impacts of such defects.

We rely on the availability of third-party intellectual property, which may not be accessible to us on reasonable terms or at all.

Some of our products include third party intellectual property, which may require licenses from third parties. Based on past experience and industry practice, we believe that such licenses can be obtained on reasonable terms; however, there can be no assurance that we will be able to obtain the necessary licenses for new or current products on acceptable terms or at all. Failure to obtain such licenses may limit our ability to sell our products, which could have a material adverse effect on our business, financial condition and financial results.  

We may fail to recruit and retain key personnel, which could impair our ability to meet key objectives.

Our success depends on our ability to attract and retain highly-skilled technical, managerial, sales, and marketing personnel. Changes in key personnel may be disruptive to our business. It could be difficult, time consuming and expensive to replace key personnel. Integrating new key personnel may be difficult and costly. Volatility, lack of positive performance in our stock price or changes to our overall compensation program including our stock incentive program may adversely affect our ability to retain key employees, many of whom are compensated, in part, based on the performance of our stock price. The loss of services of any of our key personnel, the inability to retain and attract qualified personnel in the future or delays in hiring required personnel could make it difficult to meet key objectives. Any of these impairments related to our key personnel could negatively affect our business, financial condition and financial results.

13


 

Governmental restrictions on the sale of our products and services in non-U.S. markets could negatively affect our business, financial condition and financial results.

Exports of software solutions and services using encryption technology such as ours are generally restricted by the U.S. government. Although we have obtained U.S. government approval to export our service to almost all countries, the list of countries to which we (and our distributors) cannot export our products and services could be expanded in the future. In addition, some countries impose restrictions on the importation and use of encryption solutions and services such as ours. The cost of compliance with U.S. and other export laws, or our failure to obtain governmental approvals to offer our products and services in non-U.S. markets, could affect our ability to sell our products and services and could impair our international expansion. We face a variety of other legal and compliance risks. If we or our distributors fail to comply with applicable law and regulations, we may become subject to penalties, fines or restrictions that could materially adversely affect our business, financial condition and financial results.

Exercises and vesting of equity awards relating to our common stock may dilute the ownership interests of existing shareholders and could negatively affect the value of our common stock.

Our employees hold a significant number of outstanding options and other equity awards. The vesting and exercise of these awards, and the resulting issuance of additional shares of our common stock, dilutes the ownership interests and voting rights of our current shareholders. Issuances and/or sales of those additional shares could cause our common stock to decline in value. In recent years, we have completed several share repurchase programs, the effect of which has been to mitigate the dilutive effect of our employee equity grants.  There can be no assurance, however, that we will continue these share repurchase programs in the future.

Item 1B. Unresolved Staff Comments

None.

Item 2. Properties

We leased properties during 2016 that are considered significant to the operations of the business in the following locations: Burlington, Massachusetts; Ottawa, Ontario, Canada; the United Kingdom; and Dallas and Austin, Texas. Our Burlington employees perform sales and marketing activities. Our Ottawa employees perform both client services and sales support activities. The United Kingdom facility provides data center support for our European customers. The Dallas office is our headquarters, which includes research and development, marketing, sales and all general administrative services, and the ZixData Center. Our Austin location is used primarily for fail-over and business continuity services and is used to some extent to support normal ongoing operations. Our facilities are suitable for our current needs and are considered adequate to support expected near term growth.

Item 3. Legal Proceedings

We are subject to legal proceedings, claims, and litigation involving our business. While the outcome of these matters is currently not determinable, and the costs and expenses of resolving these matters may be significant, we currently do not expect that the ultimate costs to resolve these matters will have a material adverse effect on our consolidated financial statements.

Item 4. Mine Safety Disclosures

Not applicable.

 

 

14


 

PART II

Item 5. Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities

Our common stock trades on The Nasdaq Stock Market under the symbol ZIXI. The table below shows the high and low sales prices by quarter for fiscal 2016 and 2015.

 

 

 

2016

 

 

2015

 

Quarter Ended

 

High

 

 

Low

 

 

High

 

 

Low

 

March 31

 

$

5.09

 

 

$

3.23

 

 

$

4.41

 

 

$

3.31

 

June 30

 

$

4.18

 

 

$

3.61

 

 

$

5.47

 

 

$

3.88

 

September 30

 

$

4.28

 

 

$

3.65

 

 

$

5.40

 

 

$

3.98

 

December 31

 

$

5.08

 

 

$

3.91

 

 

$

5.78

 

 

$

4.12

 

 

At March 2, 2017, there were 54,367,481 shares of common stock outstanding held by 426 shareholders of record. On that date, the last reported sales price of the common stock was $5.19.

We have not paid any cash dividends on our common stock and do not anticipate doing so in the foreseeable future.

For information regarding options and stock-based compensation awards outstanding and available for future grants, see “Item 12. Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters.”

Performance Graph

The following graph compares the cumulative total return of an investment in our common stock over the five-year period ended December 31, 2016, as compared with the cumulative total return of an investment in (i) the Center for Research in Securities Prices (“CRSP”) Total Return Index for Nasdaq Stock Market (U.S. companies) and (ii) the CRSP Total Return Index for Nasdaq Computer and Data Processing Stocks. The comparison assumes $100 was invested on December 31, 2011, in our common stock and in each of the two indices and assumes reinvestment of all dividends, if any. The stock price performance on the following graph is not necessarily indicative of future stock price performance. A listing of the companies comprising each of the CRSP- NASDAQ indices used in the following graph is available, without charge, upon written request.

 

15


 

Sale of Unregistered Securities

None.

Purchases of Equity Securities by the Issuer

 

Period

 

Total Number of Shares Purchased(1)

 

 

Average Price

Paid per Share

 

 

Total Number of Shares

Purchased as part of

Publically Announced

Plans or Programs

 

 

Maximum Number (or

Appropriate Dollar

Value) of Shares (or

Units) that May Yet Be

Purchased Under the

Plans or Programs

 

October 1, 2016 to October 31, 2016

 

 

 

 

$

 

 

 

 

 

$

 

November 1, 2016 to November 30, 2016

 

 

6,838

 

 

$

4.08

 

 

 

 

 

$

 

December 1, 2016 to December 31, 2016

 

 

 

 

$

 

 

 

 

 

$

 

Total

 

 

6,838

 

 

$

4.08

 

 

 

 

 

$

 

 

1 The shares repurchased for the one month period ended November 30, 2016, represent shares of Restricted Stock withheld by us upon the vesting of outstanding Restricted Stock. These shares were withheld by us to satisfy the minimum statutory tax withholding for the employee for whom the Restricted Stock vested during the period, which is required once the Restricted Stock is vested.

16


 

Item 6. Selected Financial Data

The following selected financial data should be read in conjunction with “Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations,” the consolidated financial statements and notes thereto. No cash dividends were declared in any of the five years shown below:

 

 

 

Year Ended December 31,

 

 

 

2016

 

 

2015

 

 

2014

 

 

2013

 

 

2012

 

 

 

(In thousands, except per share data)

 

Statement of Operations Data:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Revenues

 

$

60,144

 

 

$

54,713

 

 

$

50,347

 

 

$

48,138

 

 

$

43,356

 

Cost of revenue

 

 

10,533

 

 

 

9,593

 

 

 

8,324

 

 

 

7,614

 

 

 

7,609

 

Gross margin

 

 

49,611

 

 

 

45,120

 

 

 

42,023

 

 

 

40,524

 

 

 

35,747

 

Research and development expenses

 

 

9,553

 

 

 

8,317

 

 

 

9,051

 

 

 

9,563

 

 

 

7,419

 

Selling, general and administrative expenses

 

 

30,742

 

 

 

28,887

 

 

 

26,222

 

 

 

21,646

 

 

 

19,385

 

Income tax expense (benefit)(1)

 

 

3,692

 

 

 

3,144

 

 

 

2,830

 

 

 

(1,006

)

 

 

(1,949

)

Net income

 

 

5,837

 

 

 

5,016

 

 

 

4,103

 

 

 

10,453

 

 

 

11,003

 

Basic income per common share

 

$

0.11

 

 

$

0.09

 

 

$

0.07

 

 

$

0.17

 

 

$

0.18

 

Diluted income per common share

 

$

0.11

 

 

$

0.09

 

 

$

0.07

 

 

$

0.17

 

 

$

0.17

 

Shares used in computing basic income per common share

 

 

53,820

 

 

 

56,422

 

 

 

57,949

 

 

 

61,139

 

 

 

62,211

 

Shares used in computing diluted income per common

   share

 

 

54,395

 

 

 

57,476

 

 

 

58,967

 

 

 

62,527

 

 

 

62,875

 

Statements of Cash Flows Data:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Net cash flows provided by (used for):

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Operating activities

 

$

15,251

 

 

$

15,617

 

 

$

13,317

 

 

$

13,298

 

 

$

12,533

 

Investing activities

 

 

(2,136

)

 

 

(1,951

)

 

 

(3,402

)

 

 

(1,593

)

 

 

(1,533

)

Financing activities

 

 

(15,322

)

 

 

(6,687

)

 

 

(15,748

)

 

 

(7,175

)

 

 

(8,692

)

Balance Sheet Data:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Cash, Cash Equivalents and Marketable Securities

 

$

26,457

 

 

$

28,664

 

 

$

21,685

 

 

$

27,518

 

 

$

22,988

 

Working capital(2)

 

 

2

 

 

 

3,821

 

 

 

2,249

 

 

 

12,127

 

 

 

6,626

 

Total assets

 

 

82,358

 

 

 

87,286

 

 

 

83,724

 

 

 

90,702

 

 

 

82,849

 

Stockholders’ equity

 

 

49,070

 

 

 

56,772

 

 

 

56,270

 

 

 

66,234

 

 

 

61,245

 

 

 

(1)

The $1.0 million and $1.9 million tax benefits in 2013 and 2012 resulted from the release of a portion of our deferred tax asset valuation allowance. Based on analysis of both projected and current earnings excluding discontinued operations, we have estimated these tax assets as likely to be utilized prior to expiration. See “Income Taxes” in “Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations.”

(2)

Working capital includes deferred revenue totaling $25.8 million, $23.2 million, $21.6 million, $19.1 million, and $17.5 million, as of December 31, 2016, 2015, 2014, 2013, and 2012, respectively.

 

 

Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations

The following discussion and analysis contains forward-looking statements about trends, uncertainties and our plans and expectations of what may happen in the future. Forward-looking statements involve risks and uncertainties that could cause actual events or results to differ materially from the events or results described in the forward-looking statements, including risks and uncertainties described above in “Item 1A. Risk Factors.” Readers are cautioned not to place undue reliance on forward-looking statements. The forward-looking statements are based upon information available to us on the date of this report. We undertake no obligation to publicly update or revise any forward-looking statements. See “Item 1. NOTE ON FORWARD-LOOKING STATEMENTS AND RISK FACTORS.”

The following discussion should be read in conjunction with the consolidated financial statements and related notes beginning on page F-1.

Overview

We are a leader in providing secure email encryption. We provide email encryption, DLP and BYOD solutions to meet the data protection and compliance needs of organizations primarily in the healthcare, finance, and government sectors. A core competency is our ability to deliver this complex service offering with a high level of availability, reliability, integrity and security.

17


 

Our 2016 results included record revenues. We attribute our success to on-going efforts to build a solid and predictable business based on our successful recurring revenue subscription business model. For 2016, we continued to benefit from growing concerns for data security and integrity issues, which continue to make headline news, as well as the growing acceptance of cloud-based offerings along with the growing need for regulatory compliance.

For 2016, we reported revenue of $60.1 million, an increase of $5.4 million over the prior year, driven principally by continued growth in our Email Encryption business.  

For the year ended December 31, 2016, our gross profit of $49.6 million increased 10% compared to 2015. This increase was primarily driven by increased revenue. Our 2016 operating income of $9.3 million increased $1.4 million over the prior year, as the gross profit increase was offset by increased research and development headcount and increased selling, general and administrative expense primarily related to patent defense and planned advertising and promotional spending.

Our $5.8 million net income in 2016 is an increase of 16% compared to our $5.0 million net income in 2015.

Other Financial Highlights

 

Backlog was $81.7 million at the end of 2016, compared with $74.2 million at the end of 2015

 

Total orders for 2016 were $68.6 million, an increase of 12% from the 2015 total orders of $61.0 million

 

Our deferred revenue at the end of 2016 was $27.2 million, compared with $24.0 million at the end of 2015

 

We generated cash flows from operations of $15.3 million during fiscal 2016. Our cash and cash equivalents were $26.5 million at the end of 2016, compared with $28.7 million at the end of 2015.

 

Our shared, cloud-based ZixDirectory now has approximately 55 million members including some of the most respected institutions in the country.

Our services are sold on a subscription basis with contract terms generally ranging from one to five years. We provide a financial incentive to our customers and sales force to contract for three to five years. Historically, most of our customers contract for three year terms, except for our large partner (i.e., “OEM”) orders which for the most part contain one year terms. At the end of the contract term we attempt to renew the subscription, again attempting to secure a three to five year term. Our customers pay us annually at the start of the subscription term and each succeeding year on the anniversary of the commencement of the service. We recognize revenue ratably on a monthly basis over the term of the subscription once service commences.

We attempt to grow the business by signing new customers to subscription services and/or selling new or higher volume services to existing customers (i.e., “upsell”) while retaining existing customers through renewal of their services.

Our total orders consist of orders from new customers, upsell to existing customers, plus renewal orders. Total orders may vary from quarter to quarter due to the timing of renewal orders, which will fluctuate in amount due to timing and length of expiring subscription terms. Similarly, total new orders and upsell orders will fluctuate in amount due to term length.

To better understand new orders, management tracks the first year value of new orders as well as the total order value for the subscription term because total order value will exceed the first year value on multi-year orders. By segregating the first year value of new orders, we eliminate the fluctuation in total order amount caused by the dollar impact of multi-year contracts. We refer to this metric as New First Year Orders (“NFYOs”).

Our backlog consists of the total order value of contracted business that has not yet been recognized into revenue. Backlog is calculated by adding to the existing contracted order value the total value of all orders booked in the period (e.g., quarterly) less the value of revenue recognized for that period. Although orders are non-cancellable, occasionally we adjust backlog for customer bankruptcy or change of term, but these instances are rare and do not materially impact the backlog amount. The backlog will grow if the value of total orders added in a period exceeds the value of revenue recognized in that period. Conversely, the backlog amount will decline if revenue recognized exceeds the total order value added for the period. Although rare, a decline in backlog may result from fluctuations in total orders caused by timing of renewal orders described above.

18


 

We retain approximately 90% of our recurring revenue on an annual basis. We calculate this percentage by identifying the current period revenue less revenue associated with orders for new services received in the prior twelve month period and comparing this amount to the total revenue in the corresponding prior year period. Deferred revenue is the value of contracted business that has been paid but has not been recognized as revenue. See description of the components of the backlog following in Item 7 of this Form 10-K under the heading, “Backlog and Orders.”

Our revenue growth is dependent on our ability to sell subscription services to new customers, upsell new services or increase volume with existing customers and retain existing customers by renewing their subscription services. Generally, if annual NFYOs exceed the annual value of cancelled subscriptions, revenue should grow. However, revenue growth may fluctuate due to timing of deployment of new services and subscription cancellations. For example, a new order reported in NFYOs in one quarter may not be deployed to the customer until the following quarter and therefore delay commencement of revenue recognition. Similarly, a cancellation of a contract with an expiration in the first month of a quarter will have a higher negative impact on revenue in the quarter than a contract of the same amount with an expiration in the last month of a quarter. The impact of these quarter to quarter fluctuations tends to diminish over annual periods making year over year quarterly revenue comparisons more indicative of revenue growth than sequential quarterly revenue comparisons.

Our operations and future prospects are further discussed throughout this “Management’s Discussion and Analysis of Financial Condition and Results of Operations” (“MD&A”).

There are no assurances we will be successful in our efforts to achieve continued growth. Our continued growth depends on the timely development and market acceptance of our products and services. See “Item 1A. Risk Factors” for more information on the risks relative to our operations and future prospects.

Revenue

Revenue increased by 10% in 2016 compared with 2015. Our revenue growth was driven by our successful subscription model that continues to yield steady additions to the subscriber base coupled with a high rate of renewing existing customers.

Critical Accounting Policies and Estimates

In preparing our consolidated financial statements, we make estimates, assumptions and judgments that can have a significant impact on revenue, income from operations and net income, as well as the value of certain assets and liabilities on our consolidated balance sheet. The application of our critical accounting policies requires an evaluation of a number of complex criteria and significant accounting judgements by us. Management bases its estimates on historical experience and on various other assumptions that are believed to be reasonable under the circumstances, the results of which form the basis for making judgements about the carrying values of assets and liabilities. We evaluate our estimates on a regular basis and make changes accordingly. Senior management has discussed the development, selection and disclosure of these estimates with the Audit Committee of our Board of Directors. Actual results may materially differ from these estimates under different assumptions or conditions. If actual results were to differ from these estimates materially, the resulting changes could have a material adverse effect on our consolidated financial statements.

We consider accounting policies to be critical when they require us to make assumptions about matters that are highly uncertain at the time the accounting estimate is made and when different estimates that our management reasonably has used have a material effect on the presentation of our financial condition, changes in financial condition or results of operations. Management believes the following critical accounting policies reflect our more significant estimates and assumptions used in the preparation of the consolidated financial statements.

Our critical accounting policies included the following:

 

Revenue recognition

 

Income taxes

 

Valuation of goodwill and other intangible assets

 

Stock-based compensation costs

19


 

For additional discussion of the Company’s significant accounting policies, refer to Note 2 to our consolidated financial statements.

Revenue Recognition

We develop market, and support applications that connect, protect and deliver information in a secure manner. We derive our revenue from subscription fees for rights related to the use of our software. Software subscription terms typically range from one to three years.

Revenue is recognized when all of the following have been met:

 

persuasive evidence of an arrangement exists,

 

delivery has occurred or services have been rendered,

 

the price is fixed and determinable, and

 

collectability is probable.

Discounts provided to customers are recorded as reductions in revenue.

We have determined that substantially all of our revenue arrangements are in the scope of the software revenue recognition rules. Multiple elements in our software arrangements are sold as a single unit consisting of the following elements: (i) subscription licensed software delivered to the customer’s site, (ii) ongoing customer support and (iii) access to our hosted encryption network (Zix encryption network) during the term of the agreement.

 

(i)

Software at the customer site performs critical functions of the email encryption process and is the predominant element in our arrangements. Actions performed by the software at the customer site include identifying when encryption is needed through the use of filters and lexicons, determining the best method of delivery (BMOD) by examining secure connection options and selecting the BMOD. BMOD is a key marketing differentiator for us and is defined as the most secure and easiest method to deliver encrypted email. Customers can install the software on their own hardware or we can deliver hardware that we own to the customer site.

 

(ii)

Customer support includes unspecified software upgrades, updates and bug fixes and access to live technical support technicians and on-line knowledge resources

 

(iii)

The Zix encryption network includes access to our central network which facilitates transparent encrypted email exchange among all of our customers by providing public encryption keys (asymmetrical encryption requires two keys- a public key provided by the central network and a private key generated by the software at the customer site). The delivered software element is essential to the functionality and utility of this central network. The network also enables our customers to send encrypted emails to non-Zix customer recipients through a portal.

Approximately 9% of our revenue in 2016 was derived from hosted email encryption solutions. We apply general revenue recognition guidance to these hosted arrangements.

In all revenue arrangements we cannot determine vendor specific objective evidence (VSOE) and we cannot establish separate units of accounting for the multiple elements of our arrangements that are bundled and sold as one unit. All revenue arrangements are sales of subscription based (i.e. time-based) licenses. We defer revenue until the software is delivered and the service is deployed. Upon deployment, we commence revenue recognition and revenue is recognized ratably over the subscription period generally ranging from one to three years.

Income Taxes

Deferred tax assets are recognized if it is “more likely than not” that the benefit of the deferred tax asset will be realized on future federal or state income tax returns. At December 31, 2016, we provided a valuation allowance against a significant portion, $46.0 million, of our accumulated U.S. deferred tax assets. This significant valuation allowance reflects our historical losses and the uncertainty of future taxable income sufficient to utilize net operating loss carryforwards prior to their expiration. Our total deferred tax asset not subject to a valuation allowance is valued at $45.7 million, and consists of $39.0 million for federal net operating loss carryforwards, $3.7 million relating to temporary timing differences between U.S. generally accepted accounting principles (“GAAP”) and tax-related expense, $1.7 million relating to U.S. state income tax credits, and $1.3 million related to Alternative Minimum Tax credits. If U.S. taxable income increases from its current level in a future period or if the facts and circumstances on which our estimates and assumptions are based were to change, thereby impacting the likelihood of realizing the deferred tax assets, judgement

20


 

would have to be applied in determining the amount of valuation allowance no longer required. Reversal of all or a part of this valuation allowance could have a significant positive impact on operating results in the period that it becomes more likely than not that certain of the Company’s deferred tax assets will be realized. Alternatively, should our future income decrease from current levels, a resulting increase to all or a part of this valuation allowance could also have a significant negative impact on our operating results.

Valuation of Goodwill and Other Intangible Assets

We account for the valuation of goodwill and other intangible assets after classifying intangible assets into three categories: (1) intangible assets with finite lives subject to amortization; (2) intangible assets with indefinite lives not subject to amortization; and (3) goodwill. For intangible assets with finite lives, tests for impairment must be performed if conditions exist that indicate that the carrying value may not be recoverable. For intangible assets with indefinite lives and goodwill, tests for impairment must be performed at least annually or more frequently if events or circumstances indicate that assets might be impaired.

Goodwill was $2.2 million, or 3% and 2% of total assets, in each of the years ended December 31, 2016 and 2015.

Our goodwill is not being amortized, but we do evaluate the goodwill for impairment annually in the fourth quarter, or when there is reason to believe that the value has been diminished or impaired. Evaluations for possible impairment are based upon a comparison of the estimated fair value of the reporting unit to which the goodwill has been assigned, versus the sum of the carrying value of the assets and liabilities of that unit including the assigned goodwill value. We include our entire Company as the reporting unit. The fair values used in this evaluation are estimated based on the Company’s market capitalization, which is based on the Company’s outstanding common stock and market price of the stock. Impairment is deemed to exist if the net book value of the unit exceeds its estimated fair value. We have evaluated our goodwill and determined no impairment adjustment is required.

Stock-based Compensation

Our share-based awards include stock options, restricted stock awards and restricted stock units. We have non-qualified stock options outstanding to employees and directors under various stock option plans. The plans require the exercise price of options granted under these plans to equal or exceed the fair market value of the Company’s common stock on the date of grant. The options, subject to termination of employment, generally expire ten years from the date of grant. Employee stock options typically vest pro-rata and quarterly over three or four years. Restricted stock is issued to the employee at grant but is subject to transfer restrictions. Stock is issued in exchange for restricted stock units when vesting conditions are met. The transfer restrictions and vesting conditions may be time- or performance-based. Restricted stock and restricted stock units typically vest pro-rata annually over three or four years. We use the straight-line amortization method for recognizing stock-based compensation costs. The weighted average grant-date fair value of awards of restricted stock, and restricted stock units is based on quoted market price of the Company’s common stock on the date of grant. Option, restricted stock and restricted stock unit grants to employees, officers and directors frequently contain accelerated vesting provisions upon the occurrence of a change of control, as defined in the applicable option agreements.

Full Year 2016 Summary of Operations

Financial

 

Revenue for 2016 was $60.1 million compared with $54.7 million in 2015 and $50.3 million in 2014.

 

Gross margin for 2016 was $49.6 million or 82% of revenues compared with $45.1 million or 82% of revenues in 2015 and with $42.0 million or 83% of revenues in 2014.

 

Net income for 2016 was $5.8 million compared with $5.0 million in 2015 and $4.1 million in 2014.

 

Net income per diluted share was $0.11 for 2016 compared with $0.09 for 2015 and $0.07 for 2014.

 

Unrestricted cash was $26.5 million on December 31, 2016.

21


 

Results of Operations

Revenue

The following table sets forth a year-over-year comparison of our total revenues:

 

 

 

Year Ended December 31,

 

 

Variance

2016 vs. 2015

 

 

Variance

2015 vs. 2014

 

(In thousands)

 

2016

 

 

2015

 

 

2014

 

 

$

 

 

%

 

 

$

 

 

%

 

Revenues

 

$

60,144

 

 

$

54,713

 

 

$

50,347

 

 

$

5,431

 

 

 

10

%

 

$

4,366

 

 

 

9

%

 

Our growth model seeks to continually add new users to the subscriber base, while at the same time retaining a high percentage of existing subscribers whose subscriptions are up for renewal. In the year ended December 31, 2016, we categorized our revenue in the following core verticals: 51% healthcare, 28% financial services, 7% government sector, and 14% as other. In the year ended December 31, 2015, we categorized our revenue in the following core verticals: 54% healthcare, 28% financial services, 6% government sector, and 12% as other. Additionally, sales continued from a wide base of distributors – new first year orders (“NFYO’s”) derived from our value-added resellers, OEM and other third party distribution channels for 2016 were 57% of total NFYOs compared to 64% in 2015 and 58% in 2014. We measure additions to the subscriber base by NFYOs, which is defined as the portion of new orders that are expected to be recognized into revenue in the first twelve months of the contract. NFYOs are summarized in the table below:

 

 

 

Year Ended December 31,

 

(In thousands)

 

2016

 

 

2015

 

 

2014

 

New first year order value

 

$

9,524

 

 

$

10,158

 

 

$

8,489

 

 

Our list pricing has remained generally consistent during the periods shown above. However, there are no assurances that potential increased competition in this market or other factors, including inflation, will not result in future price erosion. Price erosion, should it occur, could have a dampening effect on order growth and the revenue derived from our new orders.

Revenue Outlook:

We expect continued growth in our core Email Encryption offering and in our new products, along with increased sales from our indirect OEM distribution and value-added reseller channels to increase our NFYOs in 2017 and increase our year-over-year revenue.

Backlog and Orders

Backlog — Our backlog was $81.7 million at December 31, 2016 compared with $74.2 million at December 31, 2015. The backlog is comprised of contractual commitments that we expect to amortize into revenue. As of December 31, 2016, the backlog was comprised of the following elements: $27.2 million of deferred revenue that has been billed and paid, $7.1 million billed but unpaid, and approximately $47.4 million of unbilled contracts.

The backlog is recognized into revenue ratably as the services are performed. Approximately 57% of the total backlog is expected to be recognized as revenue during the next twelve months.

Orders — Total orders in 2016 were $68.6 million compared with $61.0 million in 2015. Total orders are comprised of contract renewals, NFYOs, and in the case of new multi-year contracts, the years beyond the first year of service.

Cost of Revenue

The following table sets forth a year-over-year comparison of the cost of revenue.

 

 

 

Year Ended December 31,

 

 

Variance

2016 vs. 2015

 

 

Variance

2015 vs. 2014

 

(In thousands)

 

2016

 

 

2015

 

 

2014

 

 

$

 

 

%

 

 

$

 

 

%

 

Cost of revenue

 

$

10,533

 

 

$

9,593

 

 

$

8,324

 

 

$

940

 

 

 

10

%

 

$

1,269

 

 

 

15

%

 

Cost of revenue is comprised of expenses related to operating and maintaining the ZixData Center, a field deployment team, customer service and support and the amortization of Company-owned, customer-based computer appliances. The 10% increase in cost of revenue in 2016 compared with 2015 reflected in the table above resulted primarily from increases in average headcount,

22


 

software maintenance and license support, costs associated with hardware sales related to our Cisco partnership as well as depreciation expense related to networking equipment. These investments support growth in customers and users.

The 15% increase in cost of revenue in 2015 compared with 2014 reflected in the table above resulted primarily from increases in average headcount and depreciation expense

Research and Development Expenses

The following table sets forth a year-over-year comparison of our research and development expenses:

 

 

 

Year Ended December 31,

 

 

Variance

2016 vs. 2015

 

 

Variance

2015 vs. 2014

 

(In thousands)

 

2016

 

 

2015

 

 

2014

 

 

$

 

 

%

 

 

$

 

 

%

 

Research and development expenses

 

$

9,553

 

 

$

8,317

 

 

$

9,051

 

 

$

1,236

 

 

 

15

%

 

$

(734

)

 

 

(8

)%

 

Research and development expenses consist primarily of salary, benefits and stock-based compensation for our development staff, independent contractor expense, and other direct and indirect costs associated with enhancing our existing products and services and developing new products and services.

The 15% increase in research and development expense in 2016 compared with 2015 reflected in the table above resulted primarily from increased in average headcount focused on development of our core email encryption portfolio, including performance enhancements to our hosted service solutions, and upgrades to our ZixOne product.

The 8% decrease in research and development expense in 2015 compared with 2014 reflected in the table above resulted primarily from reduction in average headcount and outside contractor expense, partially offset by increases in depreciation expense. The decrease in headcount and contractor expense reflects lower required investment in 2015 following the launch of the ZixOne product in 2014. Depreciation expense increased in 2015 due to upgrades to our development facilities and fixtures in our Dallas office.

Selling and Marketing Expenses

The following table sets forth a year-over-year comparison of our selling and marketing expenses:

 

 

 

Year Ended December 31,

 

 

Variance

2016  vs. 2015

 

 

Variance

2015  vs. 2014

 

(In thousands)

 

2016

 

 

2015

 

 

2014

 

 

$

 

 

%

 

 

$

 

 

%

 

Selling and marketing expenses

 

$

19,015

 

 

$

18,075

 

 

$

18,284

 

 

$

940

 

 

 

5

%

 

$

(209

)

 

 

(1

)%

 

Selling and marketing expenses consist primarily of salary, commissions, travel, stock-based compensation and employee benefits for selling and marketing personnel as well as costs associated with promotional activities and advertising.

The $0.9 million increase in selling and marketing expense in 2016 compared with 2015 resulted primarily from our 2016 branding initiative and planned increase in advertising and promotional expenses, as well as higher payroll costs associated with enhancing our product management team.

The slight decrease in selling and marketing expense in 2015 compared with 2014 resulted primarily from decreases in advertising expense partially offset by increases in commission and bonus expense. Commission and bonus expenses were higher in 2015 as a result of improved performance compared to 2014, primarily in NFYO and earnings metrics.

General and Administrative Expenses

The following table sets forth a year-over-year comparison of our general and administrative expenses:

 

 

 

Year Ended December 31,

 

 

Variance

2016 vs. 2015

 

 

Variance

2015 vs. 2014

 

(In thousands)

 

2016

 

 

2015

 

 

2014

 

 

$

 

 

%

 

 

$

 

 

%

 

General and administrative expenses

 

$

11,727

 

 

$

10,812

 

 

$

7,938

 

 

$

915

 

 

 

8

%

 

$

2,874

 

 

 

36

%

 

23


 

General and administrative expenses consist primarily of salary and bonuses, travel, stock-based compensation and benefits for administrative and executive personnel as well as fees for professional services and other general corporate activities.

The $0.9 million increase in general and administrative expense from 2016 compared with 2015 resulted primarily from an increase in litigation fees associated with defense our intellectual property and other consulting fees. These increases were partially offset by a decrease in year over year severance costs related to transition within our executive team.

The $2.9 million increase in general and administrative expense in 2015 compared with 2014 resulted primarily from CEO transition related severance costs, higher variable compensation bonus expense, and higher legal and consulting fees. These increases were partially offset by lower depreciation and facilities expense, including a utility true-up credit from our Dallas landlord.

Income Taxes

Our Company or one of our subsidiaries files income tax returns in the U.S. federal jurisdiction and various states and in the Canadian federal and provincial jurisdictions. We recognize and measure uncertain tax positions using a two-step approach. The first step is to evaluate the tax position for recognition by determining if the weight of available evidence indicates that it is more likely than not that the position will be sustained on audit, including resolution of related appeals or litigation processes, if any. The second step is to measure the tax benefit as the largest amount that is more than 50% likely of being realized upon settlement.

Our Company incurred tax expense of $3.7 million, $3.1 million and $2.8 million for 2016, 2015 and 2014, respectively. For all years presented, tax expense represented deferred tax expense, refundable U.S. Alternative Minimum Tax, U.S. research and development credits, non-U.S. taxes payable related to the operations of the Company’s Canadian subsidiary established in late 2002, and state income taxes.

Significant judgement is required in determining any valuation allowance recorded against deferred tax assets. In assessing the need for a valuation allowance, we consider available evidence, including past earnings, estimates of future taxable income, and the feasibility of tax planning strategies. At December 31, 2016, the Company partially reserved its U.S. net deferred tax assets due to the uncertainty of future taxable income sufficient to utilize net loss carryforwards prior to their expiration. The portion of the Company’s deferred tax asset not reserved was $45.7 million. The majority of this unreserved portion related to $39.0 million U.S. net operating losses (“NOLs”) because we believe the Company will generate sufficient taxable income in future years to utilize these NOLs prior to their expiration.  The remaining balance consists of $3.7million relating to temporary timing differences between GAAP and tax-related expense, $1.7 million relating to U.S. state tax income credits, and $1.3 million related to Alternative Minimum Tax credits.

We have determined that utilization of existing NOLs against future taxable income is not limited by Section 382 of the Internal Revenue Code. Future ownership changes, however, may limit the company's ability to fully utilize its existing net operating loss carryforwards against any future taxable income.

If we begin to generate additional U.S. taxable income in a future period or if the facts and circumstances on which our current estimates and assumptions are based were to change, thereby impacting the likelihood of realizing a greater or lesser amount of our deferred tax assets, judgement would have to be applied in determining the amount of valuation allowance required. Adjusting our valuation allowance could have a significant impact on operating results in the period that it becomes more likely than not that an additional portion of our deferred tax assets will or will not be realized.

Our provision for income taxes is subject to volatility and could be adversely impacted by earnings being lower or higher than anticipated; by tax effects of nondeductible compensation; or by changes in tax laws, regulations, or accounting principles, including accounting for uncertain tax positions or interpretations. Significant judgment is required to determine the recognition and measurement applicable to all income tax positions. This includes the potential recovery of previously paid taxes, which if settled unfavorably could adversely affect our provision for income taxes or additional paid-in capital. In addition, our income tax returns are subject to examination by the Internal Revenue Service and other tax authorities. We regularly assess the likelihood of adverse outcomes resulting from these examinations to determine the adequacy of our provision for income.

Net Income

Net Income – The Company generated net income of $5.8 million in 2016 compared with $5.0 million in 2015 and $4.1 million in 2014. The increase to our net income is due to revenue growth, offset by higher operating expenses, as discussed above.

24


 

Liquidity and Capital Resources

Overview

Based on our 2016 financial results and current expectations, we believe our cash and cash equivalents, and cash generated from operations, will satisfy our working capital needs, capital expenditures, investment requirements, contractual obligations, commitments, future customer financings, and other liquidity requirements associated with our operations through at least the next twelve months. We plan for and measure our liquidity and capital resources through an annual budgeting process. During 2016, our cash flow from operations was $15.3 million, which represents a slight decrease over the $15.6 million cash flow from operations during 2015. At December 31, 2016, our cash and cash equivalents totaled $26.5 million, and we had no debt. This represents a $2.2 million decrease over our cash balance as of December 31, 2015, which is partially attributed to to our expenditure of $15 million during 2016 under a share repurchase program that completed in July 2016.

For the year ended December 31, 2016, we achieved 10% growth in revenue, 82% gross margin and strong cash collections. While future results cannot be guaranteed, we expect these trends to continue in the foreseeable future, and believe a significant portion of our spending is discretionary and flexible and that we have the ability to adjust overall cash spending to react, as needed, to any shortfalls in projected cash.

Sources and Uses of Cash

 

 

 

Years Ended December 31,

 

(In thousands)

 

2016

 

 

2015

 

 

2014

 

Net cash provided by operations

 

$

15,251

 

 

$

15,617

 

 

$

13,317

 

Net cash used in investing activities

 

$

(2,136

)

 

$

(1,951

)

 

$

(3,402

)

Net cash used in financing activities

 

$

(15,322

)

 

$

(6,687

)

 

$

(15,748

)

 

Our primary source of liquidity from operations was the collection of revenue in advance from our customers, accounts receivable from our customers, and the management of the timing of payments to our vendors and service providers.

Cash used in our investing activities for 2016 consisted primarily of computer and networking equipment purchases to improve our capacity to provide hosting services. Cash used in our investing activities for 2015 consisted of $1.5 million computing equipment purchases primarily to satisfy customer contracts. Approximately 25% of these capital purchases were for computer servers, which are required to deliver our services. The remaining purchases consisted primarily of leasehold improvements.

Cash used in financing activities in 2016 included $15.0 million used to repurchase our common stock and $527 thousand used in the repurchase of common stock related to the tax impact of vesting restricted awards offset by $205 thousand received from the exercise of stock options. The stock repurchases were made pursuant to a stock repurchase program authorized by our board of directors, which was completed July 2016. Cash used in financing activities in 2015 included $15.0 million used to repurchase our common stock and $361 thousand used in the repurchase of common stock related to the tax impact of vesting restricted awards offset by $8.7 million received from the exercise of stock options. The stock repurchases were made pursuant to a stock repurchase program authorized by our board of directors, which was completed in October 2015.

Options of Zix Common Stock

We have significant options outstanding that are currently vested. There is no assurance that any of these options will be exercised; therefore the extent of future cash inflow and related dilution from additional option activity is not certain. The following table summarizes the options that were outstanding as of December 31, 2016. The vested options are a subset of the outstanding options. The value of the options is the number of options exercisable into shares multiplied by the exercise price for each share.

 

 

 

Summary of Outstanding Options

 

Exercise Price Range

 

Outstanding

Options

 

 

Total Value of

Outstanding

Options

(In thousands)

 

 

Vested Options

(included in

outstanding

options)

 

 

Total Value of

Vested Options

(In thousands)

 

$1.11 - $1.99

 

 

102,834

 

 

$

147

 

 

 

102,834

 

 

$

147

 

$2.00 - $3.49

 

 

522,938

 

 

 

1,355

 

 

 

522,938

 

 

 

1,355

 

$3.50 - $4.99

 

 

1,334,507

 

 

 

5,906

 

 

 

1,059,960

 

 

 

4,883

 

Total

 

 

1,960,279

 

 

$

7,408

 

 

 

1,685,732

 

 

$

6,385

 

 

25


 

Liquidity Summary

Based on our current 2017 budget plans, we believe we have adequate resources and liquidity to sustain operations for at least the next twelve months.

Off-Balance Sheet Arrangements

None.

Contractual Obligations and Contingent Liabilities and Commitments

We have total contractual obligations of $1.4 million over the next year and $3.8 million over the next three years primarily consisting of various operating office lease agreements. The lease of our headquarters facility in Dallas expires in 2024.

A summary of our fixed contractual obligations and commitments at December 31, 2016, is as follows:

 

 

 

Payments Due by Period

 

(In thousands)

 

Total

 

 

1 Year

 

 

2-3 Years

 

 

4-5 Years

 

 

> 5 Years

 

Operating leases

 

$

8,996

 

 

$

1,448

 

 

$

2,387

 

 

$

2,095

 

 

$

3,066

 

 

We have severance agreements with certain employees which would require us to pay up to approximately $4.6 million if all such employees separated from employment with our Company following a triggering event (e.g., change of control) as defined in the severance agreements.

New Accounting Standards

Revenue Recognition

In May 2014, the FASB issued Accounting Standards Update No. 2014-09, Revenue from Contracts with Customers (ASU 2014-09), which supersedes most current revenue recognition guidance under U.S. GAAP. The core principle of ASU 2014-09 is to recognize revenues when promised goods or services are transferred to customers in an amount that reflects the consideration to which an entity expects to be entitled for those goods or services. ASU 2014-09 defines a five step process to achieve this core principle and, in doing so, more judgement and estimates may be required within the revenue recognition process than are required under existing U.S. GAAP.

The standard is effective for us beginning in 2018, and requires using either of the following transition methods: (i) a full retrospective approach reflecting the application of the standard in each prior reporting period with the option to elect certain practical expedients, or (ii) a retrospective approach with the cumulative effect of initially adopting ASU 2014-09 recognized at the date of adoption (which includes additional footnote disclosures). We have begun an assessment of the guidance and expect our revenue to remain primarily unchanged. We are additionally analyzing the effect of the new guidance on the timing of our recognition of the incremental costs of obtaining contracts. Accordingly, we are still evaluating the impact of our pending adoption of ASU 2014-09 on our consolidated financial statements and we have not yet determined the method by which we will adopt the standard.

Leases

In February 2016, the FASB issued Accounting Standards Update No. 2016-02 Leases (Topic 842), which introduces a lessee model that brings most leases onto the balance sheet. The new ASU eliminates the requirement in U.S. GAAP that entities use bright-line tests in determining lease classifications and requires lessors to provide additional transparency into their exposure to the changes in value of their residual assets and how they manage that exposure.

The standard is effective for us beginning 2019. We expect the valuation of right to use assets and lease liabilities to be the present value of our forecasted future lease commitments and are assessing the discount rate to be applied in these valuations. We are currently evaluating the potential impact of this new guidance on our consolidated financial statements.

Accounting for Share-Based Payments

In March 2016, the FASB issued Accounting Standards Update No. 2016-09, Improvements to Employee Share-Based Payment Accounting (Topic 718), which simplifies several aspects of the accounting for employees of the accounting for employee share-based payment transactions including the accounting for income taxes, forfeitures, and statutory tax withholding requirements, as well as classification in the statement of cash flows.

26


 

The Company currently has been tracking $3.6 million of excess tax benefits that were not previously recognized, as required by existing GAAP, because the related tax deduction did not reduce current taxes payable. Upon adoption of the new standard beginning in year 2017, these benefits will be recorded on a modified retrospective basis through a cumulative-effect adjustment to retained earnings. A valuation allowance will also be recognized as a part of the cumulative-effect adjustment to retained earnings.

Item 7A. Quantitative and Qualitative Disclosures About Market Risk

We do not believe that we face exposure to material market risk with respect to our cash, cash equivalents and restricted cash investments, which totaled $26.5 and $28.7 million at December 31, 2016 and 2015, respectively. We held no marketable securities and no debt as of December 31, 2016 and 2015.

 

 

Item 8. Financial Statements and Supplementary Data

The information required by this Item 8 begins on page F-1 of this Annual Report on Form 10-K.

Item 9. Changes in and Disagreements with Accountants on Accounting and Financial Disclosure

None.

Item 9A. Controls and Procedures

Effectiveness of Disclosure Controls and Procedure

In accordance with Rule 13a-15(b) of the Exchange Act, as of the end of the period covered by this Annual Report on Form 10-K, management evaluated, with the participation of our principal executive officer and principal financial officer, the effectiveness of the design and operation of the Company’s disclosure controls and procedures (as defined in Rule 13a-15(e) under the Exchange Act). Based on their evaluation of these disclosure controls and procedures, they have concluded that our disclosure controls and procedures were effective as of the date of such evaluation.

Certifications of our principal executive officer and our principal accounting officer, which are required in accordance with Rule 13a- 14 of the Exchange Act, are attached as exhibits to this Annual Report. This “Controls and Procedures” section includes the information concerning controls evaluation referred to in the certifications, and it should be read in conjunction with the certifications for a more complete understanding of the topics presented.

Management’s Annual Report on Internal Control Over Financial Reporting

Management is responsible for establishing and maintaining adequate internal control over financial reporting, as such term is defined in Exchange Act Rule 13a-15(f). Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.

Management assessed the effectiveness of our internal control over financial reporting as of December 31, 2016. In making this assessment, management used the criteria set forth in 2013 by the Committee of Sponsoring Organizations of the Treadway Commission in “Internal Control—Integrated Framework”. Based on this assessment, our management concluded that, as of December 31, 2016, our internal control over financial reporting was effective based on those criteria.

The effectiveness of our internal control over financial reporting as of December 31, 2016, has been audited by Whitley Penn LLP, an independent registered public accounting firm, as stated in their report which is included herein.

Changes in Internal Controls over Financial Reporting

During the three months ended December 31, 2016, there have been no changes in our internal control over financial reporting identified in connection with the evaluation described above that have materially affected or are reasonably likely to materially affect internal control over financial reporting.

27


 

REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM

To the Board of Directors and Stockholders of

Zix Corporation

We have audited Zix Corporation and subsidiaries’ (the “Company”) internal control over financial reporting as of December 31, 2016 based on criteria established in Internal Control—Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). The Company’s management is responsible for maintaining effective internal control over financial reporting and for its assessment of the effectiveness of internal control over financial reporting included in the accompanying Management’s Annual Report on Internal Control Over Financial Reporting. Our responsibility is to express an opinion on the Company’s internal control over financial reporting based on our audit.

We conducted our audit in accordance with the standards of the Public Company Accounting Oversight Board (United States). Those standards require that we plan and perform the audit to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects. Our audit of internal control over financial reporting included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, and testing and evaluating the design and operating effectiveness of internal control based on the assessed risk. Our audit also included performing such other procedures as we considered necessary in the circumstances. We believe that our audit provides a reasonable basis for our opinion.

A company’s internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company’s internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements.

Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.

In our opinion, the Company maintained, in all material respects, effective internal control over financial reporting as of December 31, 2016, based on criteria established in Internal Control—Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission.

We have also audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States), the consolidated balance sheets of the Company as of December 31, 2016 and 2015, and the related consolidated statements of income, stockholders’ equity, and cash flows for each of the years in the three-year period ended December 31, 2016, and our report dated March 6, 2017, expressed an unqualified opinion on those consolidated financial statements.

/s/ WHITLEY PENN LLP

Dallas, Texas

March 6, 2017

28


 

Item 9B. Other Information

None.

 

 

 

29


 

PART III

Item 10. Directors, Executive Officers and Corporate Governance

Certain information required by this Item 10 is incorporated by reference from our Proxy Statement related to the 2017 Annual Meeting of Shareholders under the sections “OTHER INFORMATION YOU NEED TO MAKE AN INFORMED DECISION — Directors, Executive Officers and Significant Employees” and “Section 16(a) Beneficial Ownership Reporting Compliance,” and “CORPORATE GOVERNANCE — Code of Ethics,” and “Nominating and Corporate Governance Committee, Selection of Director Nominees,” and “Audit Committee.”

The board of directors has adopted a Code of Conduct and Code of Ethics that applies to all directors, officers and employees of the Company. A copy of this document is available on our website at www.zixcorp.com under “Corporate Governance.”  Any waiver or amendment of the Code of Ethics with respect to our chief executive officer and senior financial officers will be publicly disclosed as required by applicable law and regulation, including by posting the waiver on our website.

Item 11. Executive Compensation

The information required by this Item 11, including certain information pertaining to Company securities authorized for issuance under equity compensation plans, is incorporated by reference from our Proxy Statement related to the 2017 Annual Meeting of Shareholders under the section “COMPENSATION OF DIRECTORS AND EXECUTIVE OFFICERS.”

Item 12. Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters

The information required by this Item 12 is incorporated by reference from our Proxy Statement related to the 2017 Annual Meeting of Shareholders under the section “SECURITY OWNERSHIP OF CERTAIN BENEFICIAL OWNERS AND MANAGEMENT” and “COMPENSATION OF DIRECTORS AND EXECUTIVE OFFICERS — Equity Compensation Plan Information.”

Item 13. Certain Relationships and Related Transactions, and Director Independence

The information required by this Item 13 is incorporated by reference from our Proxy Statement related to the 2017 Annual Meeting of Shareholders under the section “COMPENSATION OF DIRECTORS AND EXECUTIVE OFFICERS — Certain Relationships and Related Transactions” and “CORPORATE GOVERNANCE — Corporate Governance Requirements and Board Member Independence.”

Item 14. Principal Accountant Fees and Services

The information required by this Item 14 is incorporated by reference from our Proxy Statement related to the 2017 Annual Meeting of Shareholders under the section “INDEPENDENT REGISTERED PUBLIC ACCOUNTANTS.”

 

 

30


 

PART IV

Item 15. Exhibits and Financial Statement Schedules

(a)(1) Financial Statements

See Index to Consolidated Financial Statements on page F-1 hereof.

(a)(2) Financial Statement Schedules

All schedules for which provision is made in the applicable accounting regulations of the SEC have been omitted because of the absence of the conditions under which they are required or because the information required is included in the consolidated financial statements or notes thereto.

(a)(3) Exhibits

 

Exhibit

Number

 

 

 

Description

 

 

 

 

 

3.1

 

 

Restated Articles of Incorporation of Zix Corporation, as filed with the Texas Secretary of State on November 10, 2005. Filed as Exhibit 3.1 to Zix Corporation’s Annual Report on Form 10-K for the year ended December 31, 2005, and incorporated herein by reference.

 

 

 

 

 

3.2

 

 

Second Amended and Restated Bylaws of Zix Corporation dated November 1, 2016. Filed as Exhibit 3.2 to Zix Corporation’s Quarterly Report on Form 10-Q for the quarterly period ended September 30, 2016, and incorporated herein by reference.

 

 

 

 

 

10.1†

 

 

1995 Long-Term Incentive Plan of Zix Corporation (Amended and Restated as of September 20, 2000). Filed as Exhibit 10.3 to Zix Corporation’s Quarterly Report on Form 10-Q for the quarterly period ended September 30, 2000, and incorporated herein by reference.

 

 

 

 

 

10.2†

 

 

Zix Corporation 1999 Directors’ Stock Option Plan (Amended and Restated as of August 1, 2002). Filed as Exhibit 10.1 to Zix Corporation’s Quarterly Report on Form 10-Q for the quarterly period ended June 30, 2002, and incorporated herein by reference.

 

 

 

 

 

10.3†

 

 

Zix Corporation 2001 Employee Stock Option Plan (Amended and Restated as of June 7, 2007). Filed as Exhibit 10.6 to Zix Corporation’s Current Report on Form 8-K, filed June 12, 2007, and incorporated herein by reference.

 

 

 

 

 

10.4†

 

 

Zix Corporation’s 2001 Stock Option Plan (Amended and Restated as of June 7, 2007). Filed as Exhibit 10.5 to Zix Corporation’s Current Report on Form 8-K, filed June 12, 2007, and incorporated herein by reference.

 

 

 

 

 

10.5†

 

 

Zix Corporation’s 2003 New Employee Stock Option Plan (Amended and Restated as of June 7, 2007). Filed as Exhibit 10.4 to Zix Corporation’s Current Report on Form 8-K, filed June 12, 2007, and incorporated herein by reference.

 

 

 

 

 

10.6†

 

 

Zix Corporation 2004 Stock Option Plan (Amended and Restated as of June 7, 2007). Filed as Exhibit 10.3 to Zix Corporation’s Current Report on Form 8-K, filed June 12, 2007, and incorporated herein by reference.

 

 

 

 

 

10.7†

 

 

Zix Corporation 2004 Stock Option Plan (Amended and Restated as of May 25, 2005). Filed as Exhibit 10.1 to Zix Corporation’s Registration Statement on Form S-8 (Registration No. 333-126576), dated July 13, 2005, and incorporated herein by reference.

 

 

 

 

 

10.8†

 

 

Zix Corporation 2004 Directors’ Stock Option Plan, dated May 6, 2004. Filed as Exhibit 10.2 to Zix Corporation’s Quarterly Report on Form 10-Q for the quarterly period ended March 31, 2004, and incorporated herein by reference.

 

 

 

 

 

10.9†

 

 

Zix Corporation 2006 Directors’ Stock Option Plan (Amended and Restated as of June 7, 2007). Filed as Exhibit 10.1 to Zix Corporation’s Current Report on Form 8-K, filed June 12, 2007, and incorporated herein by reference.

 

 

 

 

 

10.10†

 

 

Form of Stock Option Agreement (with no “change in control” provision) for Zix Corporation Stock Option Plans. Filed as Exhibit 10.2 to Zix Corporation’s Registration Statement on Form S-8 (Registration No. 333-126576), dated July 13, 2005, and incorporated herein by reference.

 

 

 

 

 

10.11†

 

 

Form of Stock Option Agreement (with “change in control” provision) for Zix Corporation Stock Option Plans. Filed as Exhibit 10.3 to Zix Corporation’s Registration Statement on Form S-8 (Registration No. 333-126576), dated July 13, 2005, and incorporated herein by reference.

31


 

Exhibit

Number

 

 

 

Description

 

 

 

 

 

10.12†

 

 

Form of Stock Option Agreement (with “acceleration event” provision) for Zix Corporation Stock Option Plans and applicable to option agreements held by the Company’s chief executive officer and direct reports. Filed as Exhibit 10.17 to Zix Corporation’s Annual Report on Form 10-K for the year ended December 31, 2007, and incorporated herein by reference.

 

 

 

 

 

10.13

 

 

Zix Corporation 401(k) Retirement Plan. Filed as Exhibit 10.10 to Zix Corporation’s Annual Report on Form 10-K for the year ended December 31, 2003, and incorporated herein by reference.

 

 

 

 

 

10.14

 

 

Adoption Agreement relating to Zix Corporation 401(k) Retirement Plan. Filed as Exhibit 10.11 to Zix Corporation’s Annual Report on Form 10-K for the year ended December 31, 2003, and incorporated herein by reference.

 

 

 

 

 

10.15†

 

 

Form of Zix Corporation Outside Director Stock Option Agreement. Filed as Exhibit 10.3 to Zix Corporation’s Quarterly Report on Form 10-Q for the quarterly period ended June 30, 2004, and incorporated herein by reference.

 

 

 

 

 

10.16†

 

 

Form of Zix Corporation Outside Director Stock Option Agreement. Filed as Exhibit 10.1 to Zix Corporation's Quarterly Report on Form 10-Q for the quarterly period ended June 30, 2010, and incorporated herein by reference.

 

 

 

 

 

10.17†

 

 

Form of Zix Corporation Employee Stock Option Agreement. Filed as Exhibit 10.2 to Zix Corporation's Quarterly Report on Form 10-Q for the quarterly period ended June 30, 2010, and incorporated herein by reference.

 

 

 

 

 

10.18†

 

 

Form of Director Indemnification Agreement.  Filed as Exhibit 10.1 to Zix Corporation’s Quarterly Report on Form 10-Q for the quarterly period ended September 30, 2016, and incorporated herein by reference.

 

 

 

 

 

10.19†

 

 

Form of Executive Termination Benefits Agreement.  Filed as Exhibit 10.1 to Zix Corporation's Quarterly Report on Form 10-Q for the quarterly period ended June 30, 2011, and incorporated herein by reference.

 

 

 

 

 

10.20†

 

 

Zix Corporation 2012 Incentive Plan. Filed as Appendix A of Schedule 14A on April 27, 2012, and incorporated herein by reference.

 

 

 

 

 

10.21†

 

 

Form of Executive Termination Benefits Agreement. Filed as Exhibit 10.1 to Zix Corporation’s Quarterly Report on Form 10-Q for the quarterly period ended September 30, 2012, and incorporated herein by reference.

 

 

 

 

 

10.22

 

 

Shareholder’s Agreement dated December 28, 2012, among Zix Corporation, and Rockall Emerging Markets Master Fund Limited, Meldrum Asset Management, LLC, Fulvio Dobrich, Con Egan, Conor O’Driscoll, Michael E. Dailey, and Mark J. Bonney. Filed as Exhibit 10.1 to Zix Corporation’s Current Report on Form 8-K dated December 31, 2012, and incorporated herein by reference.

 

 

 

 

 

10.23

 

 

Form of Amended and Restated Employment Termination Benefits Agreement. Filed as Exhibit 10.1 to Zix Corporation’s Quarterly Report on Form 10-Q for the quarterly period ended June 30, 2015, and incorporated herein by reference.

 

 

 

 

 

10.24†

 

 

Zix Corporation Amended and Restated 2012 Incentive Plan. Filed as Appendix A of Schedule 14A on May 13, 2015, and incorporated herein by reference.

 

 

 

 

 

10.25†

 

 

Letter Agreement Concerning Transition Matters, dated as of July 21, 2015, by and between Zix Corporation and Richard D. Spurr. Filed as exhibit 10.3 to Zix Corporation’s Quarterly report on Form 10-Q for the quarterly period ended June 30, 2015, and incorporated herein by reference.

 

 

 

 

 

10.26†

 

 

Second Amended and Restated Employment Termination Benefits Agreement, dated as of July 21, 2015, by and between Zix Corporation and Richard D. Spurr. Filed as Exhibit 10.4 to Zix Corporation’s Quarterly Report on Form 10-Q for the quarterly period ended June 30, 2015, and incorporated herein by reference.

 

 

 

 

 

10.27†

 

 

Amendment No. One to Zix Corporation Amended and Restated 2012 Incentive Plan. Filed as Exhibit 10.27 to Zix Corporation’s Annual Report on Form 10-K for the year ended December 31, 2015, and incorporated herein by reference.

 

 

 

 

 

10.28†

 

 

Amendment No. One to Zix Corporation Stock Option Agreement, dated as of January 18, 2016, between Richard D. Spurr and Zix Corporation. Filed as Exhibit 10.28 to Zix Corporation’s Annual Report on Form 10-K for the year ended December 31, 2015, and incorporated herein by reference.

32


 

Exhibit

Number

 

 

 

Description

 

 

 

 

 

10.29†

 

 

Amendment No. One to Zix Corporation Employee Stock Option Agreement, dated as of January 18, 2016, between Richard D. Spurr and Zix Corporation. Filed as Exhibit 10.29 to Zix Corporation’s Annual Report on Form 10-K for the year ended December 31, 2015, and incorporated herein by reference.

 

 

 

 

 

10.30†

 

 

Amendment No. One to Zix Corporation Employee Stock Option Agreement, dated as of January 18, 2016, between Richard D. Spurr and Zix Corporation. Filed as Exhibit 10.30 to Zix Corporation’s Annual Report on Form 10-K for the year ended December 31, 2015, and incorporated herein by reference.

 

 

 

 

 

21.1

 

 

Subsidiaries of Zix Corporation.  Filed as Exhibit 21.1 to Zix Corporation's Annual Report on Form 10-K dated December 31, 2009, and incorporated herein by reference.

 

 

 

 

 

23.1*

 

 

Consent of Independent Registered Public Accounting Firm (Whitley Penn LLP).

 

 

 

 

 

31.1*

 

 

Certification of David J. Wagner, President and Chief Executive Officer of the Company, pursuant to Section 302 of the Sarbanes-Oxley Act of 2002.

 

 

 

 

 

31.2*

 

 

Certification of David E. Rockvam, Chief Financial Officer (Principal Financial Officer and Principal Accounting Officer) of the Company, pursuant to Section 302 of the Sarbanes-Oxley Act of 2002.

 

 

 

 

 

32.1**

 

 

Certification of David J. Wagner and David E. Rockvam, pursuant to 18 U.S.C. Section 1350, as adopted, pursuant to Section 906 of the Sarbanes-Oxley Act of 2002.

 

 

 

 

 

101.1*

 

 

101. INS (XBRL Instance Document)

101. SCH (XBRL Taxonomy Extension Schema Document)

101. CAL (XBRL Calculation Linkbase Document)

101. LAB (XBRL Taxonomy Label Linkbase Document)

101. DEF (XBRL Taxonomy Linkbase Document)

101. PRE (XBRL Taxonomy Presentation Linkbase Document)

 

 

*

Filed herewith.

**

Furnished herewith.

Management contract or compensatory plan or arrangement.

33


 

SIGNATURES

Pursuant to the requirements of Section 13 or 15(d) of the Securities Exchange Act of 1934, the Registrant has duly caused this report to be signed on its behalf by the undersigned, thereunto duly authorized, in the city of Dallas, state of Texas, on March 6, 2017.

 

 

ZIX CORPORATION

 

 

 

By:

/s/ DAVID E. ROCKVAM

 

 

David E. Rockvam

 

 

Chief Financial Officer (Principal Financial Officer and Principal Accounting Officer)

Pursuant to the requirements of the Securities Exchange Act of 1934, this report has been signed below by the following persons on behalf of the Registrant and in the capacities indicated on March 6, 2017.

 

Signature

 

Title

 

 

 

/s/ DAVID J. WAGNER

 

Chief Executive Officer, President and Director

(David J. Wagner)

 

(Principal Executive Officer)

 

 

 

/s/ DAVID E. ROCKVAM

 

Chief Financial Officer

(David E. Rockvam)

 

(Principal Financial Officer and Principal Accounting Officer)

 

 

 

/s/ MARK J. BONNEY

 

Director

(Mark J. Bonney)

 

 

 

 

 

/s/ TAHER A. ELGAMAL

 

Director

(Taher A. Elgamal)

 

 

 

 

 

/s/ ROBERT C. HAUSMANN

 

Chairman, Director

(Robert C. Hausmann)

 

 

 

 

 

/s/ MARIBESS L. MILLER

 

Director

(Maribess L. Miller)

 

 

 

 

 

/s/ RICHARD D. SPURR

 

Director

(Richard D. Spurr)

 

 

 

 

 

34


 

INDEX TO CONSOLIDATED FINANCIAL STATEMENTS

 

 

 

 

 


 

REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM

To the Board of Directors and Stockholders of

Zix Corporation

We have audited the accompanying consolidated balance sheets of Zix Corporation and subsidiaries (the “Company”), as of December 31, 2016 and 2015, and the related consolidated statements of income, stockholders’ equity, and cash flows for each of the years in the three-year period ended December 31, 2016. The Company’s management is responsible for these financial statements. Our responsibility is to express an opinion on these financial statements based on our audits.

We conducted our audits in accordance with the standards of the Public Company Accounting Oversight Board (United States). Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. We believe that our audits provide a reasonable basis for our opinion.

In our opinion, the consolidated financial statements referred to above present fairly, in all material respects, the financial position of the Company, as of December 31, 2016 and 2015, and the results of their operations and their cash flows for each of the years in the three-year period ended December 31, 2016 in conformity with accounting principles generally accepted in the United States of America.

We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States), the Company’s internal control over financial reporting as of December 31, 2016, based on criteria established in Internal Control—Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission, and our report dated March 6, 2017 expressed an unqualified opinion.

/s/ WHITLEY PENN LLP

Dallas, Texas

March 6, 2017

 

 

 

F-2


 

ZIX CORPORATION

CONSOLIDATED BALANCE SHEETS

 

 

 

December 31,

 

(In thousands, except share and par value data)

 

2016

 

 

2015

 

ASSETS

 

 

 

 

 

 

 

 

Current assets:

 

 

 

 

 

 

 

 

Cash and cash equivalents

 

$

26,457

 

 

$

28,664

 

Receivables, net

 

 

1,209

 

 

 

498

 

Prepaid and other current assets

 

 

2,829

 

 

 

2,908

 

Total current assets

 

 

30,495

 

 

 

32,070

 

Property and equipment, net

 

 

3,976

 

 

 

4,143

 

Goodwill

 

 

2,161

 

 

 

2,161

 

Deferred tax assets

 

 

45,726

 

 

 

48,912

 

Total assets

 

$

82,358

 

 

$

87,286

 

LIABILITIES AND STOCKHOLDERS’ EQUITY

 

 

 

 

 

 

 

 

Current liabilities:

 

 

 

 

 

 

 

 

Accounts payable

 

$

355

 

 

$

370

 

Accrued expenses

 

 

4,365

 

 

 

4,697

 

Deferred revenue

 

 

25,773

 

 

 

23,182

 

Total current liabilities

 

 

30,493

 

 

 

28,249

 

Long-term liabilities:

 

 

 

 

 

 

 

 

Deferred revenue

 

 

1,448

 

 

 

839

 

Deferred rent

 

 

1,347

 

 

 

1,426

 

Total long-term liabilities

 

 

2,795

 

 

 

2,265

 

Total liabilities

 

 

33,288

 

 

 

30,514

 

Commitments and contingencies (Note 13)

 

 

 

 

 

 

 

 

Stockholders’ equity:

 

 

 

 

 

 

 

 

Preferred stock, $1 par value, 10,000,000 shares authorized; none issued

   and outstanding

 

 

 

 

 

 

Common stock, $0.01 par value, 175,000,000 shares authorized; 78,913,266 issued

   and 53,643,139 outstanding in 2016 and 77,852,453 issued

   and 56,546,879 outstanding in 2015

 

 

769

 

 

 

767

 

Additional paid-in capital

 

 

374,386

 

 

 

372,400

 

Treasury stock, at cost; 25,270,127 common shares in 2016 and 21,305,574 common

   shares in 2015

 

 

(97,770

)

 

 

(82,243

)

Accumulated deficit

 

 

(228,315

)

 

 

(234,152

)

Total stockholders’ equity

 

 

49,070

 

 

 

56,772

 

Total liabilities and stockholders’ equity

 

$

82,358

 

 

$

87,286

 

 

See notes to consolidated financial statements.

 

F-3


 

ZIX CORPORATION

CONSOLIDATED STATEMENTS OF INCOME

 

 

 

Year Ended December 31,

 

(In thousands, except share and per share data)

 

2016

 

 

2015

 

 

2014

 

Revenues

 

$

60,144

 

 

$

54,713

 

 

$

50,347

 

Cost of revenue

 

 

10,533

 

 

 

9,593

 

 

 

8,324

 

Gross margin

 

 

49,611

 

 

 

45,120

 

 

 

42,023

 

Research and development expenses

 

 

9,553

 

 

 

8,317

 

 

 

9,051

 

Selling, general and administrative expenses

 

 

30,742

 

 

 

28,887

 

 

 

26,222

 

Operating income

 

 

9,316

 

 

 

7,916

 

 

 

6,750

 

Other income (expense):

 

 

 

 

 

 

 

 

 

 

 

 

Investment and other income

 

 

246

 

 

 

244

 

 

 

183

 

Interest expense

 

 

33

 

 

 

 

 

 

 

Total other income

 

 

213

 

 

 

244

 

 

 

183

 

Income before income taxes