UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
__________________
FORM 10-K
__________________
x | Annual Report Pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934 |
For the Annual Period Ended December 31, 2013
or
o | Transition Report Pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934 |
For the transition period from to
Commission file number 001-35662
__________________
QUALYS, INC.
(Exact name of registrant as specified in its charter)
__________________
Delaware | 77-0534145 | |
(State or other jurisdiction of | (I.R.S. Employer | |
incorporation or organization) | Identification Number) | |
1600 Bridge Parkway, Redwood City, California 94065
(Address of principal executive offices, including zip code)
(650) 801-6100
(Registrant’s telephone number, including area code)
__________________
Securities registered pursuant to section 12(b) of the Act:
Title of each class | Name of each exchange on which registered | |
Common stock, $0.001 par value per share | NASDAQ Stock Market | |
Securities registered pursuant to section 12(g) of the Act: None
Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes o No x
Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act. Yes o No x
Indicate by check mark whether the Registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the Registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes x No o
Indicate by check mark whether the registrant has submitted electronically and posted on its corporate Web site, if any, every Interactive Data File required to be submitted and posted pursuant to Rule 405 of Regulation S-T during the preceding 12 months (or for such shorter period that the registrant was required to submit and post such files). Yes x No o
Indicate by check mark if disclosure of delinquent filers pursuant to Item 405 of Regulation S-K(§229.405 of this chapter) is not contained herein, and will not be contained, to the best of registrant's knowledge, in definitive proxy or information statements incorporated by reference in Part III of this From 10-K or any amendment to this Form 10-K. o
Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, or a smaller reporting company. See the definitions of “large accelerated filer,” “accelerated filer” and “smaller reporting company” in Rule 12b-2 of the Exchange Act. (Check one):
Large accelerated filer | o | Accelerated filer | x | Non-accelerated filer | o | Smaller reporting company | o | |||
(Do not check if a smaller reporting company) | ||||||||||
Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act). Yes o No x
As of June 30, 2013, the aggregate market value of voting shares of common stock held by non-affiliates of the registrant was $263.5 million based on the last reported sale price of the registrant's common stock on June 28, 2013. Shares of common stock held by each executive officer and director and by each person who owns 5% or more of the outstanding common stock have been excluded in that such persons may be deemed to be affiliates. This determination of affiliate status is not necessarily a conclusive determination for other purposes.
The number of shares of the Registrant's common stock outstanding as of January 31, 2014 was 32,451,633 shares.
DOCUMENTS INCORPORATED BY REFERENCE
Portions of the registrant's Proxy Statement for its 2013 Annual Meeting of Stockholders are incorporated by reference in Part III of this Annual Report on Form 10-K where indicated. Such proxy statement will be filed with the Securities and Exchange Commission within 120 days of the registrant's fiscal year ended December 31, 2013.
Qualys, Inc.
TABLE OF CONTENTS
Page | ||
PART I | ||
Item 1. | ||
Item 1A. | ||
Item 1B. | ||
Item 2. | ||
Item 3. | ||
Item 4. | ||
PART II | ||
Item 5. | ||
Item 6. | ||
Item 7. | ||
Item 7A. | ||
Item 8. | ||
Item 9. | ||
Item 9A. | ||
Item 9B. | ||
PART III | ||
Item 10. | ||
Item 11. | ||
Item 12. | ||
Item 13. | ||
Item 14. | ||
PART IV | ||
Item 15. | ||
2
PART I
Forward-Looking Statements
In addition to historical information, this Annual Report on Form 10-K contains “forward-looking” statements within the meaning of the federal securities laws, which statements involve substantial risks and uncertainties. Forward-looking statements generally relate to future events or our future financial or operating performance. In some cases, it is possible to identify forward-looking statements because they contain words such as “anticipates,” “believes,” “contemplates,” “continue,” “could,” “estimates,” “expects,” “future,” “intends,” “likely,” “may,” “plans,” “potential,” “predicts,” “projects,” “seek,” “should,” “target” or “will,” or the negative of these words or other similar terms or expressions that concern our expectations, strategy, plans or intentions. Forward-looking statements contained in this Annual Report on 10-K include, but are not limited to, statements about:
• | our financial performance, including our revenues, costs, expenditures, growth rates, operating expenses and ability to generate positive cash flow to attain and sustain profitability; |
• | anticipated technology trends, such as the use of cloud solutions; |
• | our ability to adapt to changing market conditions; |
• | economic and financial conditions, including volatility in foreign exchange rates; |
• | our ability to diversify our sources of revenues; |
• | the effects of increased competition in our market; |
• | our ability to effectively manage our growth; |
• | our anticipated investments in sales and marketing and research and development; |
• | maintaining and expanding our relationships with channel partners; |
• | our ability to maintain, protect and enhance our brand and intellectual property; |
• | costs associated with defending intellectual property infringement and other claims; |
• | our ability to attract and retain qualified employees and key personnel; |
• | our ability to successfully enter new markets and manage our international expansion; and |
• | other factors discussed in this Annual Report on Form 10-K in the sections titled “Risk Factors,” “Management's Discussion and Analysis of Financial Condition and Results of Operations” and “Business.” |
We have based the forward-looking statements contained in this Annual Report on Form 10-K primarily on our current expectations and projections about future events and trends that we believe may affect our business, financial condition, results of operations and prospects. The outcome of the events described in this forward-looking statements is subject to risks, uncertainties, assumptions, and other factors including those described in Part I, Item 1A (Risk Factors) of this Annual Report. Moreover, we operate in a very competitive and rapidly changing environment. New risks and uncertainties emerge from time to time, and it is not possible for us to predict all risks and uncertainties that could have an impact on the forward-looking statements used herein. We cannot provide assurance that the results, events, and circumstances reflected in the forward-looking statements will be achieved or occur, and actual results, events or circumstances could differ materially from those described in the forward-looking statements.
You should not rely on forward-looking statements as predictions of future events. Except as required by law, neither we nor any other person assumes responsibility for the accuracy and completeness of the forward-looking statements, and we undertake no obligation to update any forward-looking statements to reflect events or circumstances after the date of such statements.
Qualys, the Qualys logo and QualysGuard, and other trademarks and service marks of Qualys appearing in this Annual Report on Form 10-K are the property of Qualys. This Annual Report on Form 10-K also contains trademarks and trade names of other businesses that are the property of their respective holders. We have omitted the ® and ™ designations, as applicable, for the trademarks used in this Annual Report on Form 10-K.
3
Item 1. | Business |
Overview
We are a pioneer and leading provider of cloud security and compliance solutions that enable organizations to identify security risks to their IT infrastructures, help protect their IT systems and applications from ever-evolving cyber attacks and achieve compliance with internal policies and external regulations. Our cloud solutions address the growing security and compliance complexities and risks that are amplified by the dissolving boundaries between internal and external IT infrastructures and web environments, the rapid adoption of cloud computing and the proliferation of geographically dispersed IT assets. Our integrated suite of security and compliance solutions delivered on our QualysGuard Cloud Platform enables our customers to identify their IT assets, collect and analyze large amounts of IT security data, discover and prioritize vulnerabilities, recommend remediation actions and verify the implementation of such actions. Organizations use our integrated suite of solutions delivered on our QualysGuard Cloud Platform to cost-effectively obtain a unified view of their security and compliance posture across globally-distributed IT infrastructures.
IT infrastructures are more complex and globally-distributed today than ever before, as organizations of all sizes increasingly rely upon myriad interconnected information systems and related IT assets, such as servers, databases, web applications, routers, switches, desktops, laptops, other physical and virtual infrastructure, and numerous external networks and cloud services. In this environment, new and evolving technologies intended to improve organizations’ operations can also increase vulnerability to cyber attacks, which can expose sensitive data, damage IT and physical infrastructures, and result in serious financial or reputational consequences. In addition, the rapidly increasing amount of data and devices in IT environments makes it more difficult to identify and remediate vulnerabilities in a timely manner. The predominant approach to IT security has been to implement multiple disparate security products that can be costly and difficult to deploy, integrate and manage and may not adequately protect organizations. As a result, we believe there is a large and growing opportunity for comprehensive cloud security and compliance solutions.
We designed our QualysGuard Cloud Platform to transform the way organizations secure and protect their IT infrastructures and applications. Our cloud platform offers an integrated suite of solutions that automates the lifecycle of asset discovery, security assessments, and compliance management for an organization’s IT infrastructure and assets, whether they reside inside the organization, on their network perimeter or in the cloud. Since inception, our solutions have been designed to be delivered through the cloud and to be easily and rapidly deployed on a global scale across a broad range of industries, enabling faster implementation and lower total cost of ownership than traditional on-premise enterprise software products. Our customers, ranging from some of the largest organizations to small businesses, are served from our globally-distributed cloud platform, enabling us to rapidly deliver new solutions, enhancements and security updates.
We were founded and incorporated in December 1999 with a vision of transforming the way organizations secure and protect their IT infrastructure and applications and initially launched our first cloud solution, QualysGuard Vulnerability Management, in 2000. This solution has provided the substantial majority of our revenues to date, representing 84%, 87% and 90% of total revenues in 2013, 2012 and 2011, respectively. As this solution gained acceptance, we introduced new solutions to help customers manage increasing IT security and compliance requirements. In 2006, we added our PCI Compliance solution, and in 2008, we added our Policy Compliance solution. In 2009, we broadened the scope of our cloud services by adding Web Application Scanning. We continued our expansion in 2010, launching Malware Detection Service and Qualys SECURE Seal for automated protection of websites. In 2012, we introduced our virtualized private cloud platform as an additional deployment option of our solutions for customers and partners.
We provide our solutions through a software-as-a-service model, primarily with renewable annual subscriptions. These subscriptions require customers to pay a fee in order to access our cloud solutions. We invoice our customers for the entire subscription amount at the start of the subscription term, and the invoiced amounts are treated as deferred revenues and are recognized ratably over the term of each subscription. Historically, we have experienced significant revenue growth from existing customers as they renew and purchase additional subscriptions. Revenues from customers existing at or prior to December 31, 2012 grew $8.7 million to $100.1 million during 2013. We expect this trend to continue.
4
Our QualysGuard Cloud Platform is currently used by over 6,700 organizations in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Our revenues increased from $76.2 million in 2011 to $91.4 million in 2012, and reached $108.0 million in 2013. We generated net income of $2.0 million in 2011, $2.3 million in 2012, and $1.6 million in 2013. Total assets as of December 31, 2013 and 2012 were $192.6 million and $170.3 million, respectively.
Our Growth Strategy
We intend to leverage our innovation and extensive expertise to strengthen our leadership position as a trusted provider of cloud security and compliance solutions. The key elements of our growth strategy are:
• | Continue to innovate and enhance our cloud platform and suite of solutions. We intend to continue to make significant investments in research and development to extend our cloud platform’s functionality by developing new security solutions and further enhancing our existing suite of solutions. In 2013, we introduced several new solutions on our platform, including our Web Application Firewall and QualysGuard Connector for Amazon Web Services, and have additional solutions under development. |
• | Expand the use of our suite of solutions by our large and diverse customer base. With more than 6,700 customers across many industries and geographies, we believe we have a significant opportunity to sell additional solutions to our customers and expand their use of our suite of solutions. Since the majority of our customers initially deploy only one of our solutions and in select parts of their IT infrastructures, our existing customers serve as a strong source of new sales. In this regard, we continue to significantly expand our sales execution and marketing functions to increase adoption of our newly developed solutions among our existing customers. |
• | Drive new customer growth. We are pursuing new customers by targeting key accounts and expanding our sales and marketing organization and network of channel partners. We will continue to seek to make significant investments to encourage organizations to replace their existing security products with our cloud solutions. |
• | Broaden our global reach. We intend to expand our relationships with key security consulting organizations, managed security service providers and value added resellers to accelerate the adoption of our cloud platform. We seek to strengthen existing relationships as well as establish new relationships to increase the distribution and market awareness of our cloud platform and target new geographic regions. We also plan to partner with such security providers that can host our Private Cloud offering within their data centers, helping us expand our reach in new markets and new geographies. |
• | Selectively pursue technology acquisitions to bolster our capabilities and leadership position. We may explore acquisitions that are complementary to and can expand the functionality of our cloud platform. We may also seek to acquire technology teams to supplement our own team and increase the breadth of our cloud security and compliance solutions. |
Our Platform
Our QualysGuard Cloud Platform consists of a suite of IT security and compliance solutions that leverage our shared and extensible core services and our highly scalable multi-tenant cloud infrastructure.
Our suite of solutions provides security intelligence by automating the life cycle of IT asset discovery, security assessment and compliance management. Our core services layer provides a set of advanced shared technologies that are leveraged by our suite of security and compliance solutions, which we refer to as our Core Services.
Built on our cloud platform infrastructure, our Core Services provide an integrated framework with proprietary functionalities that act as building blocks to enable efficient and scalable delivery of our customer-facing cloud solutions. Our cloud platform’s infrastructure includes integrated services that deliver a highly automated and scalable scanning infrastructure capable of scanning IT systems and web applications, inside and outside corporate firewalls.
The Core Services and infrastructure layers of our cloud platform deliver benefits to our entire suite of security and compliance solutions, including:
• | Dynamic and interactive user interfaces with configurable report templates to present scan data with a wide range of presentation options to match a customer’s needs; |
5
• | Fast searching of several extensive QualysGuard data sets, including scan results, asset data, scan profiles, users and vulnerabilities; |
• | Asset management technology for hierarchical asset categorization via dynamic tagging and role-based customer access management; and |
• | Distributed scanning platform for global cloud-based environments. |
We also provide open application program interfaces, or APIs, and other developer tools that allow third parties to embed our technology into their solutions and build applications on our cloud platform.
Our cloud platform is delivered to customers via our shared platform offering from our global data centers or via our private platform offering (QualysGuard Private Cloud Platform, or PCP), for customers or partners that want the platform to reside within the customer's on-premise data center. The PCP is a standalone version of our multi-layer, multi-tenant services architecture and is a fully integrated turnkey solution, making it more scalable, cost effective and faster to deploy within a customer's on-premise data center. The virtualized PCP allows us to extend our security and compliance solutions without the complexity and cost associated with deploying traditional enterprise software.
QualysGuard Cloud Suite
Our suite of solutions, which we refer to as the QualysGuard Cloud Suite, currently includes seven solutions: Vulnerability Management, Web Application Scanning, Malware Detection Service, Web Application Firewall, Policy Compliance, PCI Compliance and Qualys SECURE Seal. This integrated set of cloud solutions enables organizations to:
• | Discover and catalogue information assets inside the organization, on the perimeter, or in the cloud; |
• | Manage assets on an ongoing basis to establish a trusted repository for IT system configurations and to maintain hierarchical relationships between them; |
• | Design policies to establish a secure and compliant IT infrastructure and automate ongoing security and compliance assessments of IT systems and applications in accordance with best practices; |
• | Proactively identify and help fix vulnerabilities to mitigate security risks and achieve compliance; |
• | Monitor and measure security and compliance through a unified user interface; |
• | Distribute security and compliance reports tailored to differing customer needs, including management personnel, auditors and security professionals; and |
• | Protect web applications from cyber attacks in real time. |
Our customers can subscribe to one or more of our security and compliance solutions based on their initial needs and expand their subscriptions over time to new areas within their organization or to additional QualysGuard solutions. We offer two editions of our QualysGuard Cloud Suite, the Enterprise edition for large and medium-sized enterprises and the Express edition for small and medium-sized businesses. QualysGuard Cloud Suite solutions are described below.
QualysGuard Vulnerability Management
QualysGuard Vulnerability Management, or QualysGuard VM, is an industry leading and award-winning solution that automates network auditing and vulnerability management across an organization, including network discovery and mapping, asset management, vulnerability reporting, and remediation tracking. Driven by our comprehensive KnowledgeBase of known vulnerabilities, QualysGuard VM enables cost-effective protection against vulnerabilities without substantial resource deployment.
QualysGuard Policy Compliance
QualysGuard Policy Compliance, or QualysGuard PC, allows customers to analyze and collect configuration and access control information from their networked devices and web applications and automatically maps this information to internal policies and external regulations in order to document compliance. QualysGuard PC is fully automated and helps reduce customers’ cost of compliance without requiring the use of software agents.
6
QualysGuard PCI Compliance
QualysGuard PCI Compliance, or QualysGuard PCI, provides organizations that store cardholder data a cost-effective and highly automated solution to verify and document compliance with PCI DSS. QualysGuard PCI allows merchants to complete the annual PCI Self-Assessment Questionnaire, or SAQ, to perform vulnerability scanning for quarterly PCI audits and to meet the demands of PCI for web application security.
QualysGuard Web Application Scanning
QualysGuard Web Application Scanning, or QualysGuard WAS, uses the scalability of our cloud platform to allow customers to discover, catalog and scan a large number of web applications. QualysGuard WAS scans and analyzes custom web applications and identifies vulnerabilities that threaten underlying databases or bypass access controls. These web applications are often the main attack vectors for cyber attackers.
QualysGuard Malware Detection Service
QualysGuard Malware Detection Service, or QualysGuard MDS, provides organizations with the ability to scan, identify and remove malware infections from their websites. QualysGuard MDS utilizes behavioral and static analysis to provide malware detection to organizations. It provides periodic scanning to monitor websites and delivers email alerts to notify customers of infections.
QualysGuard Web Application Firewall
QualysGuard Web Application Firewall, or QualysGuard WAF, currently in beta testing, delivers enterprise-grade web application security without the costs, footprint, and complexity associated with appliance-based web application firewall solutions. It is designed to protect web applications from attack vectors by enhancing default web application configurations and virtual patching. QualysGuard WAF can improve website performance by reducing page load times and optimizing bandwidth.
Qualys SECURE Seal
QualysGuard SECURE Seal helps organizations demonstrate to their online customers that they maintain a proactive security program. This solution includes scanning for the presence of malware, network and web application vulnerabilities and for SSL certificate validation. Websites that regularly perform these security scans with no critical security issues detected can display a QualysGuard SECURE Seal on their website to demonstrate to visitors that they are proactively securing their websites.
QualysGuard Core Services
Our Core Services enable integrated workflows, management and real-time analysis and reporting across all of our IT security and compliance solutions. Our Core Services include:
• | Asset Tagging and Management. Enables customers to easily identify, categorize and manage large numbers of assets in highly dynamic IT environments and automates the process of inventory management and hierarchical organization of IT assets. |
• | Reporting and Dashboards. A highly configurable reporting engine that provides customers with reports and dashboards based on their roles and access privileges. |
• | Questionnaires and Collaboration. A configurable workflow engine that enables customers to easily build questionnaires and capture existing business processes and workflows to evaluate controls and gather evidence to validate and document compliance. |
• | Remediation and Workflow. An integrated workflow engine that allows customers to automatically generate helpdesk tickets for remediation and to manage compliance exceptions based on customer-defined policies, enabling subsequent review, commentary, tracking and escalation. This engine automatically distributes remediation tasks to IT administrators upon scan completion, tracks remediation progress and closes open tickets once patches are applied and remediation is verified in subsequent scans. |
• | Big Data Correlation and Analytics Engine. Provides capabilities for indexing, searching and correlating large amounts of security and compliance data with other security incidents and third-party security intelligence data. Embedded workflows enable customers to quickly assess risk and access information for remediation, incident analysis and forensic investigations. |
7
• | Alerts and Notifications. Creates email notifications to alert customers of new vulnerabilities, malware infections, scan completion, open trouble tickets and system updates. |
QualysGuard Cloud Infrastructure
Our infrastructure layer, which we refer to as our Infrastructure, includes the data, data processing capabilities, software and hardware infrastructure and infrastructure management capabilities that provide the foundation for our cloud platform and allow us to automatically scale our Infrastructure and Core Services to scan millions of IPs. Each Infrastructure service is described below:
• | Scalable Capacity. We have designed a modular and scalable infrastructure that leverages virtualization and cloud technologies. This allows our operations team to dynamically allocate additional capacity on-demand across our entire QualysGuard Cloud Platform to address the growth and scalability of our solutions. |
• | Big Data Indexing and Storage. Built on top of our secure data storage model, this engine indexes petabytes of data and uses this information in real-time to execute tags or rules to dynamically update IT assets’ properties, which are used in various workflows for scanning, reporting and remediation. |
• | QualysGuard KnowledgeBase. QualysGuard relies on our comprehensive repository, which we refer to as our KnowledgeBase, of known vulnerabilities and compliance controls for a wide range of devices, technologies and applications that powers our security and compliance scanning technology. We update our KnowledgeBase daily with signatures for new vulnerabilities, control checks, validated fixes and improvements. |
• | Managed Scanner Appliances. As part of our cloud platform, we host and operate a large number of globally distributed physical scanner appliances that our customers use to scan their externally facing systems and web applications. To scan internal IT assets, customers can also deploy our scanners, which are available on a subscription basis as physical appliances or downloadable virtual images, within their internal networks. Our scanner appliances self-update daily in a transparent manner using our automated and proprietary scan management technology. These scanner appliances allow us to scale our cloud platform to scan networked devices and web applications across organizations’ networks around the world. |
Our Customers
We market and sell our solutions to enterprises, government entities and to small and medium-sized businesses across a broad range of industries, including education, financial services, government, healthcare, insurance, manufacturing, media, retail, technology and utilities. As of December 31, 2013, we had over 6,700 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. In each of 2013, 2012 and 2011, no one customer accounted for more than 10% of our revenues. In 2013, 2012 and 2011, approximately 70%, 68% and 67%, respectively, of our revenues were derived from customers in the United States. We sell our solutions to enterprises and government entities primarily through our field sales force and to small and medium-sized businesses through our inside sales force. We generate a significant portion of sales through our channel partners, including managed service providers, value-added resellers and consulting firms in the United States and internationally.
Sales and Marketing
Sales
We market and sell our IT security and compliance solutions to customers directly through our sales teams as well as indirectly through our network of channel partners.
Our global sales force is organized into a field sales team, which focuses on enterprises, generally including organizations with more than 5,000 employees, and an inside sales team, which focuses on small to medium businesses, which generally include organizations with less than 5,000 employees. Both our field and inside sales teams are divided into three geographic regions, including the Americas; Europe, Middle East and Africa; and Asia-Pacific. We also further segment each of our sales teams into groups that focus on adding new customers or expanding relationships with existing customers.
8
Our channel partners maintain relationships with their customers throughout the territories in which they operate and provide their customers with services and third-party solutions to help meet those customers’ evolving security and compliance requirements. As such, these partners offer our IT security and compliance solutions in conjunction with one or more of their own products or services and act as a conduit through which we can connect with these prospective customers to offer our solutions. Our channel partners include security consulting organizations, managed service providers and resellers, such as Accuvant, Computacenter UK Ltd., Dell Inc., FishNet Security, Inc., Insight Technologies, Inc., Symantec Corporation and Verizon Communications Inc.
For sales involving a channel partner, the channel partner engages with the prospective customer directly and involves our sales team as needed to assist in developing and closing an order. When a channel partner secures a sale, we sell the associated subscription to the channel partner who in turn resells the subscription to the customer, with the channel partner earning a fee based on the total value of the order. Once the order is completed, we provide these customers with direct access to our solutions and other associated back-office applications, enabling us to establish a direct relationship as part of ensuring customer satisfaction with our solutions. At the end of the subscription term, the channel partner engages with the customer to execute a renewal order, with our sales team providing assistance as required. In 2013, 2012 and 2011, 39%, 40% and 38%, respectively, of our revenues were generated by channel partners.
Marketing
Our marketing programs include a variety of online marketing, advertising, conferences, events, public relations activities and web-based seminar campaigns targeted at key decision makers within our prospective customers.
We have a number of marketing initiatives to build awareness and encourage customer adoption of our solutions. We offer free trials and services to allow prospective customers to experience the quality of our solutions, to learn in detail about the features and functionality of our cloud platform, and to quantify the potential benefits of our solutions.
Customer Support
We deliver 24x7x365 customer support from centers located in Redwood City, California; Raleigh, North Carolina; and Slough, United Kingdom. We recruit senior level technical personnel and trained subject matter experts who work closely with engineering and operations personnel to resolve issues quickly. Our security and compliance solutions can be deployed easily and are designed to be implemented and operated without the need for any professional services. Accordingly, we do not sell any professional services. However, we do offer various training programs as part of our subscriptions to all of our customers. We believe that our customer support helps ensure customer satisfaction and is critical to retaining and expanding our customer base. In addition, we leverage the insights drawn from our customers to further improve the functionality of our security and compliance solutions.
Research and Development and Operations
We devote significant resources to maintain, enhance and add new functionality to our QualysGuard Cloud Platform and the integrated suite of solutions that we offer. Our development organization consists of agile engineering teams with substantial security expertise in specific areas of our solutions. In addition to our development teams, we have also built a sophisticated research team focused on identifying threats and developing signatures for vulnerabilities and compliance checks so that we can provide our customers with daily updates and enable them to scan their assets for the latest threats. We conduct our research and development in the United States, China, France, India, and the United Kingdom, which gives us access to some of the best research and engineering talent in the world. Our focus remains to attract engineering talent as we continue to add new solutions and improve existing ones.
Our development team works closely with our customers and partners to gain valuable insights into their environments and gather feedback for threat research, product development and innovations. We typically release updates to our solutions, including enhancements and new features multiple times a year, and we measure the quality of our scan results on a frequent basis in an effort to maintain the highest level of scan accuracy.
The modular architecture of our cloud platform enables our engineering teams to simultaneously work on different features, accelerating the delivery of new functionalities to customers. Our research and development team also works collaboratively with our technical support team to ensure customer satisfaction and with our sales team to accelerate the adoption of our solutions.
9
Research and development expenses were $21.7 million, $20.2 million and $19.6 million for 2013, 2012 and 2011, respectively.
Manufacturing Agreement
Our physical appliances are provided by SYNNEX Corporation, or SYNNEX, pursuant to a manufacturing services agreement dated March 1, 2011. Under this agreement, SYNNEX manufactures, assembles and tests our physical scanner appliances. This agreement has an initial term of one year, which is automatically renewed for additional one-year terms, unless terminated (i) at anytime upon the mutual written agreement of us and SYNNEX, (ii) by either party upon 90 days or more written notice, (iii) upon written notice, subject to applicable cure periods, if the other party has materially breached its obligations under the agreement or (iv) by either party upon the other party seeking an order for relief under the bankruptcy laws of the United States or similar laws of any other jurisdiction, a composition with or assignment for the benefit of creditors, or dissolution or liquidation.
Data Center Agreements
Our data center operations are provided by large third-party data center vendors and are located in the United States and Switzerland. Our data center agreements have varying terms through January 2015.
Competition
The expanding capabilities of our security and compliance solutions have enabled us to address a growing array of opportunities in the cloud IT security and compliance market. We compete with a large and broad array of established and emerging vulnerability management vendors, compliance vendors and data security vendors in a highly fragmented and competitive environment.
We compete with large public companies, such as Barracuda Networks, Inc., Hewlett-Packard Company, Imperva, Inc., International Business Machines Corporation, McAfee, Inc. (a subsidiary of Intel Corporation) and Symantec Corporation, as well as private security providers including BeyondTrust Software, Inc., nCircle Network Security, Inc., NetIQ Corporation, Rapid7 LLC, Tenable Network Security, Inc. and Trustwave Holdings, Inc. We also seek to replace IT security and compliance solutions that organizations have developed internally. As we continue to extend our cloud platform’s functionality by further developing security and compliance solutions, such as web application scanning and firewalls, we expect to face additional competition in these new markets.
We believe that the principal competitive factors affecting the market for cloud security and compliance solutions include product functionality, breadth of offerings, flexibility of delivery models, ease of deployment and use, total cost of ownership, scalability and performance, customer support and extensibility of platform. We believe that our suite of solutions generally competes favorably with respect to these factors. However, many of our primary competitors have greater name recognition, longer operating histories, more established customer relationships, larger marketing budgets and significantly greater resources than we do.
Intellectual Property
We rely on a combination of trade secrets, copyrights, patents and trademarks, as well as contractual protections, to establish and protect our intellectual property rights and protect our proprietary technology. We have three issued patents, several pending U.S. patent applications and an exclusive license to four U.S. patents, which was obtained in connection with our acquisition of Nemean. The inbound license remains in effect until the licensed patents are no longer enforceable, unless the applicable license agreement is first terminated by us or terminated by the licensor for a breach of the agreement or if we undergo certain bankruptcy events. The licenses are currently exclusive and will remain exclusive so long as we make an appropriately-timed written election and pay an annual fixed royalty for ten years thereafter. These exclusive licenses are subject to the licensor’s reservation of certain rights in the patents and subject to the U.S. government’s reserved rights in the technology. We have a number of registered and unregistered trademarks. We require our employees, consultants and other third parties to enter into confidentiality and proprietary rights agreements and control access to software, documentation and other proprietary information. We view our trade secrets and know-how as a significant component of our intellectual property assets, as we have spent years designing and developing our QualysGuard Cloud Platform, which we believe differentiates us from our competitors.
Despite our efforts to protect our proprietary technology and our intellectual property rights, unauthorized parties may attempt to copy or obtain and use our technology to develop products with the same functionality as our solution. Policing unauthorized use of our technology and intellectual property rights is difficult.
10
We expect that software and other solutions in our industry may be subject to third-party infringement claims as the number of competitors grows and the functionality of products in different industry segments overlaps. Any of these third parties might make a claim of infringement against us at any time.
Employees
As of December 31, 2013, we had 406 full-time employees, including 147 in research and development, 147 in sales and marketing, 68 in operations and customer support and 44 in general and administrative. As of December 31, 2013, we had 285 employees in the United States and 121 employees internationally. None of our U.S. employees are covered by collective bargaining agreements. Employees in certain European countries have the benefits of collective bargaining arrangements at the national level. We believe our employee relations are good and we have not experienced any work stoppages.
Available Information
Our principal executive offices are located at 1600 Bridge Parkway, Redwood City, California 94065. The telephone number of our principal executive offices is (650) 801-6100, and our main corporate website is www.qualys.com. Information contained on, or that can be accessed through, our website, does not constitute part of this Annual Report on Form 10-K and inclusion of our website address in this Annual Report on Form 10-K is an inactive textual reference only.
We make available our Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K and amendments to those reports filed or furnished pursuant to Section 13(a) or Section 15(d) of the Securities Exchange Act of 1934, as amended, free of charge on our website, www.qualys.com as soon as reasonably practicable after they are electronically filed with or furnished to the Securities and Exchange Commission or SEC. Additionally, copies of materials filed by us with the SEC may be accessed at the SEC's Public Reference Room at 100 F Street, N.E., Washington, D.C. 20549 or at the SEC's website, www.sec.gov. For information about the SEC's Public Reference Room, contact 1-800-SEC-0330.
11
Item 1A. | Risk Factors |
An investment in our common stock involves a high degree of risk. You should carefully consider the risks and uncertainties described below, and all other information contained in this Annual Report on Form 10-K, including our consolidated financial statements and the related notes, before making a decision to invest in our common stock. Our business, operating results, financial condition, or prospects could be materially and adversely affected by any of these risks and uncertainties. In that case, the trading price of our common stock could decline, and you might lose all or part or all of your investment. In addition, the risks and uncertainties discussed below are not the only ones we face. Our business, operating results, financial performance or prospects could also be harmed by risks and uncertainties not currently known to us or that we currently do not believe are material.
We have a limited history of profitability and may not achieve or maintain profitability in the future.
We have not been consistently profitable on a quarterly or annual basis. While we have experienced significant revenue growth over recent years, we may not be able to sustain or increase our growth or maintain profitability in the future. Although we had net income for each of the three years ended December 31, 2013, 2012 and 2011, we had net losses in the first two quarters of 2012 and the first quarter of 2013. Our net income for the most recent year ended December 31, 2013 was also lower than the prior year. The reduced net income is primarily due increased sales and marketing activities, as we continued to expand our worldwide customer base and focus on the promotion of our new solutions; increased investments to expand our data center infrastructure and to add capacity to deploy new solutions on our cloud platform; and increased personnel, professional services and other expenses to operate as a public company. We plan to continue to invest in our infrastructure, new solutions, research and development and sales and marketing, and as a result, we cannot assure you that we will maintain profitability. In addition, we will continue to incur increased personnel and professional services expenses to ensure compliance with Section 404 of the Sarbanes-Oxley Act. As a result of these increased expenditures, we will have to generate and sustain increased revenues to achieve future profitability. We may incur losses in the future for a number of reasons, including without limitation, the other risks and uncertainties described in this Annual Report on Form 10-K. Additionally, we may encounter unforeseen operating expenses, difficulties, complications, delays and other unknown factors that may result in losses in future periods. If our revenue growth does not meet our expectations in future periods, our financial performance may be harmed and we may not again achieve or maintain profitability in the future.
If the market for cloud solutions for IT security and compliance does not evolve as we anticipate, our revenues may not grow and our operating results would be harmed.
Our success depends to a significant extent on the willingness of organizations to increase their use of cloud solutions for their IT security and compliance. However, the market for cloud solutions for IT security and compliance is at an early stage relative to on-premise solutions, and as such, it is difficult to predict important market trends, including the potential growth, if any, of the market for cloud security and compliance solutions. To date, some organizations have been reluctant to use cloud solutions because they have concerns regarding the risks associated with the reliability or security of the technology delivery model associated with these solutions. If other cloud service providers experience security incidents, loss of customer data, disruptions in service delivery or other problems, the market for cloud solutions as a whole, including our solutions, may be negatively impacted. Moreover, many organizations have invested substantial personnel and financial resources to integrate on-premise software into their businesses, and as a result may be reluctant or unwilling to migrate to a cloud solution. Organizations that use on-premise security products, such as network firewalls, security information and event management products or data loss prevention solutions, may also believe that these products sufficiently protect their IT infrastructure and deliver adequate security. Therefore, they may continue spending their IT security budgets on these products and may not adopt our security and compliance solutions in addition to or as a replacement for such products.
If the market for cloud solutions for IT security and compliance does not evolve in the way we anticipate or if customers do not recognize the benefits of our cloud solutions over traditional on-premise enterprise software products, and as a result we are unable to increase sales of subscriptions to our solutions, then our revenues may not grow or may decline, and our operating results would be harmed.
12
If we do not successfully anticipate market needs and opportunities or are unable to enhance our solutions and develop new solutions that meet those needs and opportunities on a timely basis, we may not be able to compete effectively and our business and financial condition may be harmed.
The IT security and compliance market is characterized by rapid technological advances, changes in customer requirements, frequent new product introductions and enhancements and evolving industry standards and regulatory mandates. We must also continually change and improve our solutions in response to changes in operating systems, application software, computer and communications hardware, networking software, data center architectures, programming tools and computer language technology.
We may not be able to anticipate future market needs and opportunities or develop enhancements or new solutions to meet such needs or opportunities in a timely manner or at all. The market for cloud solutions for IT security and compliance is relatively new, and it is uncertain whether our new solutions will gain market acceptance.
Our solution enhancements or new solutions could fail to attain sufficient market acceptance for many reasons, including:
• | failure to timely meet market demand for product functionality; |
• | inability to identify and provide intelligence regarding the attacks or techniques used by cyber attackers; |
• | inability to interoperate effectively with the database technologies, file systems or web applications of our prospective customers; |
• | defects, errors or failures; |
• | delays in releasing our enhancements or new solutions; |
• | negative publicity about their performance or effectiveness; |
• | introduction or anticipated introduction of products by our competitors; |
• | poor business conditions, causing customers to delay IT security and compliance purchases; |
• | easing or changing of external regulations related to IT security and compliance; and |
• | reluctance of customers to purchase cloud solutions for IT security and compliance. |
Furthermore, diversifying our solutions and expanding into new IT security and compliance markets will require significant investment and planning, require that our research and development and sales and marketing organizations develop expertise in these new markets, bring us more directly into competition with security and compliance providers that may be better established or have greater resources than we do, require additional investment of time and resources in the development and training of our channel partners and entail significant risk of failure.
If we fail to anticipate market requirements or fail to develop and introduce solution enhancements or new solutions to satisfy those requirements in a timely manner, such failure could substantially decrease or delay market acceptance and sales of our present and future solutions and cause us to lose existing customers or fail to gain new customers, which would significantly harm our business, financial condition and results of operations.
If we fail to continue to effectively scale and adapt our platform to meet the performance and other requirements of our customers, our operating results and our business would be harmed.
Our future growth is dependent upon our ability to continue to meet the expanding needs of our customers as their use of our cloud platform grows. As these customers gain more experience with our solutions, the number of users and the number of locations where our solutions are being accessed may expand rapidly in the future. In order to ensure that we meet the performance and other requirements of our customers, we intend to continue to
make significant investments to develop and implement new proprietary and third-party technologies at all levels of our cloud platform. These technologies, which include databases, applications and server optimizations, and network and hosting strategies, are often complex, new and unproven. We may not be successful in developing or implementing these technologies. To the extent that we do not effectively scale our platform to maintain performance as our customers expand their use of our platform, our operating results and our business may be harmed.
13
Our quarterly operating results may vary from period to period, which could result in our failure to meet expectations with respect to operating results and cause the trading price of our stock to decline.
Our operating results have historically varied from period to period, and we expect that they will continue to do so as a result of a number of factors, many of which are outside of our control, including:
• | the level of demand for our solutions; |
• | changes in customer renewals of our solutions; |
• | the extent to which customers subscribe for additional solutions; |
• | seasonal buying patterns of our customers; |
• | the level of perceived threats to IT security; |
• | security breaches, technical difficulties or interruptions with our service; |
• | changes in the growth rate of the IT security and compliance market; |
• | the timing and success of new product or service introductions by us or our competitors or any other changes in the competitive landscape of our industry, including consolidation among our competitors; |
• | the introduction or adoption of new technologies that compete with our solutions; |
• | decisions by potential customers to purchase IT security and compliance products or services from other vendors; |
• | the amount and timing of operating costs and capital expenditures related to the operations and expansion of our business; |
• | the timing of sales commissions relative to the recognition of revenues; |
• | the announcement or adoption of new regulations and policy mandates or changes to existing regulations and policy mandates; |
• | price competition; |
• | insolvency or credit difficulties confronting our customers, affecting their ability to purchase or pay for our solutions; |
• | changes in foreign currency exchange rates; |
• | general economic conditions, both domestically and in the foreign markets in which we sell our solutions; and |
• | future accounting pronouncements or changes in our accounting policies. |
Each factor above or discussed elsewhere in this Annual Report on Form 10-K or the cumulative effect of some of these factors may result in fluctuations in our operating results. This variability and unpredictability could result in our failure to meet expectations with respect to operating results, or those of securities analysts or investors, for a particular period. In addition, a significant percentage of our operating expenses are fixed in nature and based on forecasted trends in revenues. Accordingly, in the event of shortfalls in revenues, we are generally unable to mitigate the negative impact on margins in the short term by reducing our operating expenses. If we fail to meet or exceed expectations for our operating results for these or any other reasons, the trading price of our common stock could fall and we could face costly lawsuits, including securities class action suits.
Adverse economic conditions or reduced IT spending may adversely impact our business.
Our business depends on the overall demand for IT and on the economic health of our current and prospective customers. In general, worldwide economic conditions remain unstable, and these conditions make it difficult for our customers, prospective customers and us to forecast and plan future business activities accurately, and they could cause our customers or prospective customers to reevaluate their decision to purchase our solutions. Weak global economic conditions, or a reduction in IT spending even if economic conditions improve, could adversely impact our business, financial condition and results of operations in a number of ways, including longer sales cycles, lower prices for our solutions, reduced bookings and lower or no growth.
14
Our business depends substantially on retaining our current customers, and any reduction in our customer renewals or revenues from such customers could harm our future operating results.
We offer our QualysGuard Cloud Platform and integrated suite of solutions pursuant to a software-as-a-service model, and our customers purchase subscriptions from us that are generally one year in length. Our customers have no obligation to renew their subscriptions after their subscription period expires, and they may not renew their subscriptions at the same or higher levels or at all. As a result, our ability to grow depends in part on customers renewing their existing subscriptions and purchasing additional subscriptions and solutions. Our customers may choose not to renew their subscriptions to our solutions or purchase additional solutions due to a number of factors, including their satisfaction or dissatisfaction with our solutions, the prices of our solutions, the prices of products or services offered by our competitors, reductions in our customers’ spending levels due to the macroeconomic environment or other factors. If our customers do not renew their subscriptions to our solutions, renew on less favorable terms, or do not purchase additional solutions or subscriptions, our revenues may grow more slowly than expected or decline and our results of operations may be harmed.
If we are unable to continue to attract new customers and grow our customer base, our growth could be slower than we expect and our business may be harmed.
We believe that our future growth depends in part upon increasing our customer base. Our ability to achieve significant growth in revenues in the future will depend, in large part, upon continually attracting new customers and obtaining subscription renewals to our solutions from those customers. If we fail to attract new customers our revenues may grow more slowly than expected and our business may be harmed.
Subscriptions to our QualysGuard Vulnerability Management solution generate most of our revenues, and if we are unable to continue to renew and grow subscriptions for this solution, our operating results would suffer.
We derived 84%, 87%, and 90% of our revenues from subscriptions to our QualysGuard Vulnerability Management solution for the years ended December 31, 2013, 2012 and 2011, respectively, and we expect to continue to derive a significant majority of our revenues from sales of subscriptions to this solution for the foreseeable future. As a result, the market demand for our QualysGuard Vulnerability Management solution is critical to our continued success. Demand for this solution is affected by a number of factors beyond our control, including continued market acceptance of our solution for existing and new use cases, the timing of development and release of new products or services by our competitors, technological change, and growth or contraction in our market. Our inability to renew or increase subscriptions for this solution or a decline in price of this solution would harm our business and operating results more seriously than if we derived significant revenues from a variety of solutions.
If we are unable to sell subscriptions to additional solutions, our future revenue growth may be harmed and our business may suffer.
We will need to increase the revenues that we derive from our current and future solutions other than QualysGuard Vulnerability Management for our business and revenues to grow as we expect. Revenues from our other solutions, including our Web Application Scanning, Policy Compliance, PCI Compliance, Malware Detection
Service, and Qualys SECURE Seal, have been relatively modest compared to revenues from our QualysGuard Vulnerability Management solution. Our future success depends in part on our ability to sell subscriptions to these additional solutions to existing and new customers. This may require more costly sales and marketing efforts and may not result in additional sales. If our efforts to sell subscriptions to additional solutions to existing and new customers are not successful, our business may suffer.
Our security and compliance solutions are primarily delivered from four data centers, and any disruption of service at these facilities would interrupt or delay our ability to deliver our solutions to our customers which could reduce our revenues and harm our operating results.
We currently host substantially all of our solutions from four third-party data centers, located in the United States and Switzerland. These facilities are vulnerable to damage or interruption from earthquakes, hurricanes, floods, fires, cybersecurity attacks, terrorist attacks, employee negligence, power losses, telecommunications failures and similar events. The facilities also could be subject to break-ins, sabotage, intentional acts of vandalism
15
and other misconduct. The occurrence of a natural disaster, an act of terrorism or misconduct, a decision to close the facilities without adequate notice or other unanticipated problems could result in interruptions in our services.
Our data centers are not currently redundant and we cannot rapidly move customers from one data center to another, which may increase delays in the restoration of our service for our customers if an adverse event occurs. We added data center facilities in 2013 to provide additional capacity for our cloud platform and to enable disaster recovery. We are continuing to build out these facilities and anticipate they will be fully operational by the end of 2014. However, these additional facilities may not be operational in the anticipated time-frame and we may incur unplanned expenses.
Additionally, our existing data center facilities providers have no obligations to renew their agreements with us on commercially reasonable terms, or at all. If we are unable to renew our agreements with the facilities providers on commercially reasonable terms or if in the future we add additional data center facility providers, we may experience costs or downtime in connection with the loss of an existing facility or the transfer to, or addition of, new data center facilities.
Any disruptions or other performance problems with our solutions could harm our reputation and business and may damage our customers’ businesses. Interruptions in our service delivery might reduce our revenues, cause us to issue credits to customers, subject us to potential liability and cause customers to terminate their subscriptions or not renew their subscriptions.
If we are unable to increase market awareness of our company and our new solutions, our revenues may not continue to grow, or may decline.
We have a limited operating history, particularly in certain markets and solution offerings, and we believe that we need to continue to develop market awareness in the IT security and compliance market. Market awareness of our capabilities and solutions is essential to our continued growth and success in all of our markets, particularly for the large enterprise, service provider and government markets. If our marketing programs are not successful in creating market awareness of our company and our full suite of solutions, our business, financial condition and results of operations may be adversely affected, and we may not be able to achieve our expected growth.
If our solutions fail to help our customers achieve and maintain compliance with regulations and industry standards, our revenues and operating results could be harmed.
We generate a portion of our revenues from solutions that help organizations achieve and maintain compliance with regulations and industry standards. For example, many of our customers subscribe to our security and compliance solutions to help them comply with the security standards developed and maintained by the Payment Card Industry Security Standards Council, or the PCI Council, which apply to companies that store cardholder data. Industry organizations like the PCI Council may significantly change their security standards with little or no notice, including changes that could make their standards more or less onerous for businesses. Governments may also adopt new laws or regulations, or make changes to existing laws or regulations, that could impact the demand for or value of our solutions.
If we are unable to adapt our solutions to changing regulatory standards in a timely manner, or if our solutions fail to assist with or expedite our customers’ compliance initiatives, our customers may lose confidence in our solutions and could switch to products offered by our competitors. In addition, if regulations and standards related to data security, vulnerability management and other IT security and compliance requirements are relaxed or the penalties for non-compliance are changed in a manner that makes them less onerous, our customers may view government and industry regulatory compliance as less critical to their businesses, and our customers may be less willing to purchase our solutions. In any of these cases, our revenues and operating results could be harmed.
If our solutions fail to detect vulnerabilities or incorrectly detect vulnerabilities, our brand and reputation could be harmed, which could have an adverse effect on our business and results of operations.
If our solutions fail to detect vulnerabilities in our customers’ IT infrastructures, or if our solutions fail to identify and respond to new and increasingly complex methods of attacks, our business and reputation may suffer. There is no guarantee that our solutions will detect all vulnerabilities. Additionally, our security and compliance solutions may falsely detect vulnerabilities or threats that do not actually exist. For example, some of our solutions rely on information on attack sources aggregated from third-party data providers who monitor global malicious activity
16
originating from a variety of sources, including anonymous proxies, specific IP addresses, botnets and phishing sites. If the information from these data providers is inaccurate, the potential for false indications of security vulnerabilities increases. These false positives, while typical in the industry, may impair the perceived reliability of our solutions and may therefore adversely impact market acceptance of our solutions and could result in negative publicity, loss of customers and sales and increased costs to remedy any problem.
In addition, our solutions do not currently extend to cover mobile devices or personal devices that employees may bring into an organization. As such, our solutions would not identify or address vulnerabilities in mobile devices, such as mobile phones or tablets, or personal devices, and our customers’ IT infrastructures may be compromised by attacks that infiltrate their networks through such devices.
An actual or perceived security breach or theft of the sensitive data of one of our customers, regardless of whether the breach is attributable to the failure of our solutions, could adversely affect the market’s perception of our security solutions.
Incorrect or improper implementation or use of our solutions could result in customer dissatisfaction and harm our business and reputation.
Our solutions are deployed in a wide variety of IT environments, including large-scale, complex infrastructures. If our customers are unable to implement our solutions successfully, customer perceptions of our platform may be impaired or our reputation and brand may suffer. Our customers have in the past inadvertently misused our solutions, which triggered downtime in their internal infrastructure until the problem was resolved. Any misuse of our solutions could result in customer dissatisfaction, impact the perceived reliability of our solutions, result in negative press coverage, negatively affect our reputation and harm our financial results.
As a security provider, our platform, website and internal systems may be subject to intentional disruption that could adversely impact our reputation and future sales.
Our operations involve providing IT security solutions to our customers, and as a result we could be a target of cyber attacks designed to impede the performance of our solutions, penetrate our network security or the security of our cloud platform or our internal systems, misappropriate proprietary information and/or cause interruptions to our services. If an actual or perceived breach of our network security occurs, it could adversely affect the market perception of our solutions, negatively affecting our reputation, and may expose us to the loss of information, litigation and possible liability. Such a security breach could also divert the efforts of our technical and management personnel. In addition, such a security breach could impair our ability to operate our business and provide solutions to our customers. If this happens, our reputation could be harmed, our revenues could decline and our business could suffer.
Undetected software errors or flaws in our cloud platform could harm our reputation or decrease market acceptance of our solutions, which would harm our operating results.
Our solutions may contain undetected errors or defects when first introduced or as new versions are released. We have experienced these errors or defects in the past in connection with new solutions and solution upgrades and we expect that these errors or defects will be found from time to time in the future in new or enhanced solutions after commercial release of these solutions. Since our customers use our solutions for security and compliance reasons, any errors, defects, disruptions in service or other performance problems with our solutions may damage our customers’ business and could hurt our reputation. If that occurs, we may incur significant costs, the attention of our key personnel could be diverted, our customers may delay or withhold payment to us or elect not to renew, or other significant customer relations problems may arise. We may also be subject to liability claims for damages related to errors or defects in our solutions. A material liability claim or other occurrence that harms our reputation or decreases market acceptance of our solutions may harm our business and operating results.
Our solutions could be used to collect and store personal information of our customers’ employees or customers, and therefore privacy concerns could result in additional cost and liability to us or inhibit sales of our solutions.
We collect the names and email addresses of our customers in connection with subscriptions to our solutions. Additionally, the data that our solutions collect to help secure and protect the IT infrastructure of our customers may include additional personal information of our customers’ employees and their customers. Personal privacy has
17
become a significant issue in the United States and in many other countries where we offer our solutions. The regulatory framework for privacy issues worldwide is currently evolving and is likely to remain uncertain for the foreseeable future. Many federal, state and foreign government bodies and agencies have adopted or are considering adopting laws and regulations regarding the collection, use, disclosure and retention of personal information. In the United States, these include, for example, rules and regulations promulgated under the authority of the Federal Trade Commission, the Health Insurance Portability and Accountability Act of 1996, or HIPAA, the Gramm-Leach-Bliley Act, or GLB, and state breach notification laws. Internationally, virtually every jurisdiction in which we operate has established its own data security and privacy legal framework with which we or our customers must comply, including the Data Protection Directive established in the European Union and the Federal Data Protection Act passed in Germany.
In addition to laws and regulations, privacy advocacy and industry groups or other private parties may propose new and different privacy standards that either legally or contractually apply to us. Because the interpretation and application of privacy and data protection laws and privacy standards are still uncertain, it is possible that these laws or privacy standards may be interpreted and applied in a manner that is inconsistent with our existing data management practices or the features of our solutions. If so, in addition to the possibility of fines, lawsuits and other claims, we could be required to fundamentally change our business activities and practices or modify our solutions, which could have an adverse effect on our business. Any inability to adequately address privacy concerns, even if unfounded, or comply with applicable privacy or data protection laws, regulations and privacy standards, could result in additional cost and liability to us, damage our reputation, inhibit sales of subscriptions and harm our business.
Furthermore, the costs of compliance with, and other burdens imposed by, the laws, regulations, and privacy standards that are applicable to the businesses of our customers may limit the use and adoption of, and reduce the overall demand for, our solutions. Privacy concerns, whether valid or not valid, may inhibit market adoption of our solutions particularly in certain industries and foreign countries.
Disruptive technologies could gain wide adoption and supplant our cloud security and compliance solutions, thereby weakening our sales and harming our results of operations.
The introduction of products and services embodying new technologies could render our existing solutions obsolete or less attractive to customers. Our business could be harmed if new security and compliance technologies are widely adopted. We may not be able to successfully anticipate or adapt to changing technology or customer requirements on a timely basis, or at all. If we fail to keep up with technological changes or to convince
our customers and potential customers of the value of our solutions even in light of new technologies, our business could be harmed and our revenues may decline.
We face competition in our markets, and we may lack sufficient financial or other resources to maintain or improve our competitive position.
We compete with a large range of established and emerging vulnerability management vendors, compliance vendors and data security vendors in a highly fragmented and competitive environment. We face significant competition for each of our solutions from companies with broad product suites and greater name recognition and resources than we have, as well as from small companies focused on specialized security solutions.
We compete with large public companies, such as Barracuda Networks, Inc., Hewlett-Packard Company, Imperva, Inc., International Business Machines Corporation, McAfee, Inc. (a subsidiary of Intel Corporation), and Symantec Corporation, as well as private security providers including BeyondTrust Software, Inc., nCircle Network Security, Inc., NetIQ Corporation, Rapid7 LLC, Tenable Network Security, Inc. and Trustwave Holdings, Inc. We also seek to replace IT security and compliance solutions that organizations have developed internally. As we continue to extend our cloud platform’s functionality by further developing security and compliance solutions, such as web application scanning and firewalls, we expect to face additional competition in these new markets. Our competitors may also attempt to further expand their presence in the IT security and compliance market and compete more directly against one or more of our solutions.
18
We believe that the principal competitive factors affecting our markets include product functionality, breadth of offerings, flexibility of delivery models, ease of deployment and use, total cost of ownership, scalability and performance, customer support and extensibility of platform. Many of our existing and potential competitors have competitive advantages, including:
• | greater brand name recognition; |
• | larger sales and marketing budgets and resources; |
• | broader distribution networks and more established relationships with distributors and customers; |
• | access to larger customer bases; |
• | greater customer support resources; |
• | greater resources to make acquisitions; |
• | greater resources to develop and introduce products that compete with our solutions; |
• | greater resources to meet relevant regulatory requirements; and |
• | substantially greater financial, technical and other resources. |
As a result, our competitors may be able to respond more quickly and effectively than we can to new or changing opportunities, technologies, standards or customer requirements. With the introduction of new technologies, the evolution of our service and new market entrants, we expect competition to intensify in the future.
In addition, some of our larger competitors have substantially broader product offerings and can bundle competing products and services with other software offerings. As a result, customers may choose a bundled product offering from our competitors, even if individual products have more limited functionality than our solutions. These competitors may also offer their products at a lower price as part of this larger sale, which could increase pricing pressure on our solutions and cause the average sales price for our solutions to decline. These larger competitors are also often in a better position to withstand any significant reduction in capital spending, and will therefore not be as susceptible to economic downturns.
Furthermore, our current and potential competitors may establish cooperative relationships among themselves or with third parties that may further enhance their resources and product and services offerings in the markets we address. In addition, current or potential competitors may be acquired by third parties with greater available resources. As a result of such relationships and acquisitions, our current or potential competitors might be able to adapt more quickly to new technologies and customer needs, devote greater resources to the promotion or
sale of their products and services, initiate or withstand substantial price competition, take advantage of other opportunities more readily or develop and expand their product and service offerings more quickly than we do. For all of these reasons, we may not be able to compete successfully against our current or future competitors.
Our business and operations have experienced rapid growth, and if we do not appropriately manage any future growth, or are unable to improve our systems and processes, our operating results may be negatively affected.
We have experienced rapid growth over the last several years. From 2011 to 2013, our revenues have grown from $76.2 million to $108.0 million, and our headcount increased from 256 employees at the beginning of 2011 to 406 employees at December 31, 2013. We rely on information technology systems to help manage critical functions such as order processing, revenue recognition and financial forecasts. To manage any future growth effectively we must continue to improve and expand our IT systems, financial infrastructure, and operating and administrative systems and controls, and continue to manage headcount, capital and processes in an efficient manner. We may not be able to successfully implement improvements to these systems and processes in a timely or efficient manner.
Our failure to improve our systems and processes, or their failure to operate in the intended manner, may result in our inability to manage the growth of our business and to accurately forecast our revenues, expenses and earnings, or to prevent certain losses. In addition, as we continue to grow, our productivity and the quality of our solutions may also be adversely affected if we do not integrate and train our new employees quickly and effectively. Any future growth would add complexity to our organization and require effective coordination across our
19
organization. Failure to manage any future growth effectively could result in increased costs, harm our results of operations and lead to investors losing confidence in our internal systems and processes.
Forecasts of market growth may prove to be inaccurate, and even if the markets in which we compete achieve the forecasted growth, there can be no assurance that our business will grow at similar rates, or at all.
Growth forecasts relating to the expected growth in the market for IT security and compliance and other markets are subject to significant uncertainty and are based on assumptions and estimates which may prove to be inaccurate. Even if these markets experience the forecasted growth, we may not grow our business at similar rates, or at all. Our growth is subject to many factors, including our success in implementing our business strategy, which is subject to many risks and uncertainties. Accordingly, forecasts of market growth should not be taken as indicative of our future growth.
If we are unable to continue the expansion of our sales force, sales of our solutions and the growth of our business would be harmed.
We believe that our growth will depend, to a significant extent, on our success in recruiting and retaining a sufficient number of qualified sales personnel and their ability to obtain new customers, manage our existing customer base and expand the sales of our newer solutions. We plan to continue to expand our sales force and make significant investment in our sales and marketing activities. Our recent hires and planned hires may not become as productive as quickly as we would like, and we may be unable to hire or retain sufficient numbers of qualified individuals in the future in the markets where we do business. If we are unable to recruit and retain a sufficient number of productive sales personnel, sales of our solutions and the growth of our business may be harmed. Additionally, if our efforts do not result in increased revenues, our operating results could be negatively impacted due to the upfront operating expenses associated with expanding our sales force.
Our sales cycle can be long and unpredictable, and our sales efforts require considerable time and expense. As a result, revenues may vary from period to period, which may cause our operating results to fluctuate and could harm our business.
The timing of sales of subscriptions for our solutions is difficult to forecast because of the length and unpredictability of our sales cycle, particularly with large enterprises. We sell subscriptions to our security and compliance solutions primarily to IT departments that are managing a growing set of user and compliance demands, which has increased the complexity of customer requirements to be met and confirmed during the sales cycle and prolonged our sales cycle. Further, the length of time that potential customers devote to their testing and evaluation, contract negotiation and budgeting processes varies significantly, which has also made our sales cycle long and unpredictable. The length of the sales cycle for our solutions typically ranges from six to twelve months but can be more than eighteen months. In addition, we might devote substantial time and effort to a particular unsuccessful sales effort, and as a result we could lose other sales opportunities or incur expenses that are not offset by an increase in revenues, which could harm our business.
We rely on third-party channel partners to generate a substantial amount of our revenues, and if we fail to expand and manage our distribution channels, our revenues could decline and our growth prospects could suffer.
Our success is significantly dependent upon establishing and maintaining relationships with a variety of channel partners and we anticipate that we will continue to depend on these partners in order to grow our business. For 2013, 2012 and 2011, we derived approximately 39%, 40% and 38%, respectively, of our revenues from sales of subscriptions for our solutions through channel partners, and the percentage of revenues derived from channel partners may increase in future periods. Additionally, one of our channel partners, Dell, Inc. accounted for 5%, 5% and 4% of our revenues for the years ended December 31, 2013, 2012 and 2011, respectively. Our agreements with our channel partners are generally non-exclusive and do not prohibit them from working with our competitors or offering competing solutions, and many of our channel partners have more established relationships with our competitors. If our channel partners choose to place greater emphasis on products of their own or those offered by our competitors, do not effectively market and sell our solutions, or fail to meet the needs of our customers, then our ability to grow our business and sell our solutions may be adversely affected. In addition, the loss of one or more of our larger channel partners, who may cease marketing our solutions with limited or no notice, and our possible inability to replace them, could adversely affect our sales. Moreover, our ability to expand our distribution channels
20
depends in part on our ability to educate our channel partners about our solutions, which can be complex. Our failure to recruit additional channel partners, or any reduction or delay in their sales of our solutions or conflicts between channel sales and our direct sales and marketing activities may harm our results of operations. Even if we are successful, these relationships may not result in greater customer usage of our solutions or increased revenues.
We rely on software-as-a-service vendors to operate certain functions of our business and any failure of such vendors to provide services to us could adversely impact our business and operations.
We rely on software-as-a-service vendors to operate certain critical functions of our business, including financial management and human resource management. If these services become unavailable due to extended outages or interruptions or because they are no longer available on commercially reasonable terms or prices, our expenses could increase, our ability to manage our finances could be interrupted and our processes for managing sales of our solutions and supporting our customers could be impaired until equivalent services, if available, are identified, obtained and integrated, all of which could harm our business.
We use third-party software and data that may be difficult to replace or cause errors or failures of our solutions that could lead to lost customers or harm to our reputation and our operating results.
We license third-party software as well as security and compliance data from various third parties to deliver our solutions. In the future, this software or data may not be available to us on commercially reasonable terms, or at all. Any loss of the right to use any of this software or data could result in delays in the provisioning of our solutions
until equivalent technology or data is either developed by us, or, if available, is identified, obtained and integrated, which could harm our business. In addition, any errors or defects in or failures of this third-party software could result in errors or defects in our solutions or cause our solutions to fail, which could harm our business and be costly to correct. Many of these providers attempt to impose limitations on their liability for such errors, defects or failures, and if enforceable, we may have additional liability to our customers or third-party providers that could harm our reputation and increase our operating costs.
We will need to maintain our relationships with third-party software and data providers, and to obtain software and data from such providers that does not contain any errors or defects. Any failure to do so could adversely impact our ability to deliver effective solutions to our customers and could harm our operating results.
Our solutions contain third-party open source software components, and our failure to comply with the terms of the underlying open source software licenses could restrict our ability to sell our solutions.
Our solutions contain software licensed to us by third-parties under so-called “open source” licenses, including the GNU General Public License, or GPL, the GNU Lesser General Public License, or LGPL, the BSD License, the Apache License and others. From time to time, there have been claims against companies that distribute or use open source software in their products and services, asserting that such open source software infringes the claimants’ intellectual property rights. We could be subject to suits by parties claiming that what we believe to be licensed open source software infringes their intellectual property rights. Use and distribution of open source software may entail greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or other contractual protections regarding infringement claims or the quality of the code. In addition, certain open source licenses require that source code for software programs that are subject to the license be made available to the public and that any modifications or derivative works to such open source software continue to be licensed under the same terms. If we combine our proprietary software with open source software in certain ways, we could, in some circumstances, be required to release the source code of our proprietary software to the public. Disclosing the source code of our proprietary software could make it easier for cyber attackers and other third parties to discover vulnerabilities in or to defeat the protections of our solutions, which could result in our solutions failing to provide our customers with the security they expect from our services. This could harm our business and reputation. Disclosing our proprietary source code also could allow our competitors to create similar products with lower development effort and time and ultimately could result in a loss of sales for us. Any of these events could have a material adverse effect on our business, operating results and financial condition.
Although we monitor our use of open source software in an effort both to comply with the terms of the applicable open source licenses and to avoid subjecting our solutions to conditions we do not intend, the terms of many open source licenses have not been interpreted by U.S. courts, and there is a risk that these licenses could be construed in a way that could impose unanticipated conditions or restrictions on our ability to commercialize our
21
solutions. In this event, we could be required to seek licenses from third parties to continue offering our solutions, to make our proprietary code generally available in source code form, to re-engineer our solutions or to discontinue the sale of our solutions if re-engineering could not be accomplished on a timely basis, any of which could adversely affect our business, operating results and financial condition.
Delays or interruptions in the manufacturing and delivery of our physical scanner appliances by our sole source manufacturer may harm our business.
Upon customer request, we provide physical or virtual scanner appliances on a subscription basis as an additional capability to the customer’s subscription for use during their subscription term. Our physical scanner appliances are built by a single manufacturer. Our reliance on a sole manufacturer involves several risks, including a potential inability to obtain an adequate supply of physical scanner appliances and limited control over pricing, quality and timely deployment of such scanner appliances. In addition, replacing this manufacturer may be difficult and could result in an inability or delay in deploying our solutions to customers that request physical scanner appliances as part of their subscriptions.
Furthermore, our manufacturer’s ability to timely manufacture and ship our physical scanner appliances depends on a variety of factors, such as the availability of hardware components, supply shortages or contractual restrictions. In the event of an interruption from this manufacturer, we may not be able to develop alternate or secondary sources in a timely manner. If we are unable to purchase physical scanner appliances in quantities sufficient to meet our requirements on a timely basis, we may not be able to effectively deploy our solutions to new customers that request physical scanner appliances, which could harm our business.
A significant portion of our customers and channel partners are located outside of the United States, which subjects us to a number of risks associated with conducting international operations and if we are unable to successfully manage these risks, our business and operating results could be harmed.
We market and sell subscriptions to our solutions throughout the world and have personnel in many parts of the world. In addition, we have sales offices and research and development facilities outside the United States and we conduct, and expect to continue to conduct, a significant amount of our business with organizations that are located outside the United States, particularly in Europe and Asia. Therefore, we are subject to risks associated with having international sales and worldwide operations, including:
• | foreign currency exchange fluctuations; |
• | trade and foreign exchange restrictions; |
• | economic or political instability in foreign markets; |
• | greater difficulty in enforcing contracts, accounts receivable collection and longer collection periods; |
• | changes in regulatory requirements; |
• | difficulties and costs of staffing and managing foreign operations; |
• | the uncertainty and limitation of protection for intellectual property rights in some countries; |
• | costs of compliance with foreign laws and regulations and the risks and costs of non-compliance with such laws and regulations; |
• | costs of complying with U.S. laws and regulations for foreign operations, including the Foreign Corrupt Practices Act, import and export control laws, tariffs, trade barriers, economic sanctions and other regulatory or contractual limitations on our ability to sell our solutions in certain foreign markets, and the risks and costs of non-compliance; |
• | heightened risks of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of, and irregularities in, financial statements; |
• | the potential for political unrest, acts of terrorism, hostilities or war; |
• | management communication and integration problems resulting from cultural differences and geographic dispersion; and |
• | multiple and possibly overlapping tax structures. |
22
Our business, including the sales of subscriptions of our solutions, may be subject to foreign governmental regulations, which vary substantially from country to country and change from time to time. Failure to comply with these regulations could adversely affect our business. Further, in many foreign countries it is common for others to engage in business practices that are prohibited by our internal policies and procedures or U.S. regulations applicable to us. Although we have implemented policies and procedures designed to ensure compliance with these laws and policies, there can be no assurance that all of our employees, contractors, channel partners and agents have complied or will comply with these laws and policies. Violations of laws or key control policies by our employees, contractors, channel partners or agents could result in delays in revenue recognition, financial reporting misstatements, fines, penalties or the prohibition of the importation or exportation of our solutions and could have a material adverse effect on our business and results of operations. If we are unable to successfully manage the challenges of international operations, our business and operating results could be adversely affected.
We are exposed to fluctuations in currency exchange rates, which could negatively affect our financial condition and results of operations.
Our reporting currency is the U.S. dollar and we generate a majority of our revenues in U.S. dollars. However, in 2013, we incurred approximately 19% of our expenses outside of the United States in foreign currencies, primarily Euros, principally with respect to salaries and related personnel expenses associated with our European operations. Additionally, in 2013, approximately 18% of our revenues were generated in foreign currencies. Accordingly, changes in exchange rates may have a material adverse effect on our business, operating results and financial condition. The exchange rate between the U.S. dollar and foreign currencies has fluctuated substantially in recent years and may continue to fluctuate substantially in the future. We expect that a majority of our revenues will continue to be generated in U.S. dollars for the foreseeable future and that a significant portion of our expenses, including personnel costs, as well as capital and operating expenditures, will continue to be denominated in Euros. The results of our operations may be adversely affected by foreign exchange fluctuations.
We use forward foreign exchange contracts to mitigate the effect of changes in foreign exchange rates on cash and accounts receivable balances denominated in certain foreign currencies. However, we may not be able to purchase derivative instruments that are adequate to insulate ourselves from foreign currency exchange risks. Additionally, our hedging activities may contribute to increased losses as a result of volatility in foreign currency markets.
Failure to protect our proprietary technology and intellectual property rights could substantially harm our business and operating results.
The success of our business depends in part on our ability to protect and enforce our trade secrets, trademarks, copyrights, patents and other intellectual property rights. We attempt to protect our intellectual property under copyright, trade secret, patent and trademark laws, and through a combination of confidentiality procedures, contractual provisions and other methods, all of which offer only limited protection.
We primarily rely on our unpatented proprietary technology and trade secrets. Despite our efforts to protect our proprietary technology and trade secrets, unauthorized parties may attempt to misappropriate, reverse engineer or otherwise obtain and use them. The contractual provisions that we enter into with employees, consultants, partners, vendors and customers may not prevent unauthorized use or disclosure of our proprietary technology or intellectual property rights and may not provide an adequate remedy in the event of unauthorized use or disclosure of our proprietary technology or intellectual property rights. Moreover, policing unauthorized use of our technologies, solutions and intellectual property is difficult, expensive and time-consuming, particularly in foreign countries where the laws may not be as protective of intellectual property rights as those in the United States and where mechanisms for enforcement of intellectual property rights may be weak. We may be unable to determine the extent of any unauthorized use or infringement of our solutions, technologies or intellectual property rights.
We have three issued patents and several pending U.S. patent applications, and may file additional patent applications in the future. Additionally, we have an exclusive license to four third-party patents. The process of obtaining patent protection is expensive and time-consuming, and we may not be able to prosecute all necessary or desirable patent applications at a reasonable cost or in a timely manner, if at all. We may choose not to seek patent protection for certain innovations and may choose not to pursue patent protection in certain jurisdictions.
23
Furthermore, it is possible that our patent applications may not result in granted patents, that the scope of our issued patents will be limited or not provide the coverage originally sought, that our issued patents will not provide us with any competitive advantages, or that our patents and other intellectual property rights may be challenged by others or invalidated through administrative processes or litigation. In addition, issuance of a patent does not guarantee that we have an absolute right to practice the patented invention. As a result, we may not be able to obtain adequate patent protection or to enforce our issued patents effectively.
From time to time, legal action by us may be necessary to enforce our patents and other intellectual property rights, to protect our trade secrets, to determine the validity and scope of the intellectual property rights of others or to defend against claims of infringement or invalidity. Such litigation could result in substantial costs and diversion of resources and could negatively affect our business, operating results and financial condition. If we are unable to
protect our intellectual property rights, we may find ourselves at a competitive disadvantage to others who need not incur the additional expense, time and effort required to create the innovative solutions that have enabled us to be successful to date.
Assertions by third parties of infringement or other violations by us of their intellectual property rights could result in significant costs and harm our business and operating results.
Patent and other intellectual property disputes are common in our industry. Some companies, including some of our competitors, own large numbers of patents, copyrights and trademarks, which they may use to assert claims against us. Third parties may in the future assert claims of infringement, misappropriation or other violations of intellectual property rights against us. They may also assert such claims against our customers or channel partners whom we typically indemnify against claims that our solutions infringe, misappropriate or otherwise violate the intellectual property rights of third parties. As the numbers of products and competitors in our market increase and overlaps occur, claims of infringement, misappropriation and other violations of intellectual property rights may increase. Any claim of infringement, misappropriation or other violation of intellectual property rights by a third party, even those without merit, could cause us to incur substantial costs defending against the claim and could distract our management from our business.
The patent portfolios of our most significant competitors are larger than ours. This disparity may increase the risk that they may sue us for patent infringement and may limit our ability to counterclaim for patent infringement or settle through patent cross-licenses. In addition, future assertions of patent rights by third parties, and any resulting litigation, may involve patent holding companies or other adverse patent owners who have no relevant product revenues and against whom our own patents may therefore provide little or no deterrence or protection. There can be no assurance that we will not be found to infringe or otherwise violate any third-party intellectual property rights or to have done so in the past.
An adverse outcome of a dispute may require us to:
• | pay substantial damages, including treble damages, if we are found to have willfully infringed a third party’s patents or copyrights; |
• | cease making, licensing or using solutions that are alleged to infringe or misappropriate the intellectual property of others; |
• | expend additional development resources to attempt to redesign our solutions or otherwise develop non-infringing technology, which may not be successful; |
• | enter into potentially unfavorable royalty or license agreements in order to obtain the right to use necessary technologies or intellectual property rights; and |
• | indemnify our partners and other third parties. |
In addition, royalty or licensing agreements, if required or desirable, may be unavailable on terms acceptable to us, or at all, and may require significant royalty payments and other expenditures. Some licenses may also be non-exclusive, and therefore our competitors may have access to the same technology licensed to us. Any of the foregoing events could seriously harm our business, financial condition and results of operations.
24
If we are required to collect sales and use or other taxes on the solutions we sell, we may be subject to liability for past sales and our future sales may decrease.
Taxing jurisdictions, including state and local entities, have differing rules and regulations governing sales and use or other taxes, and these rules and regulations are subject to varying interpretations that may change over time. In particular, the applicability of sales taxes to our subscription services in various jurisdictions is unclear. We have recorded sales tax liabilities of $0.5 million on our consolidated balance sheet as of December 31, 2013 with respect to sales and use tax liabilities in various jurisdictions where we have not yet billed sales tax to our customers and where we believe we may have exposure. It is possible that we could face sales tax audits and that our liability for these taxes could exceed our estimates as tax authorities could still assert that we are obligated to collect additional amounts as taxes from our customers and remit those taxes to those authorities. We could also be subject to audits with respect to state and international jurisdictions for which we have not accrued tax liabilities. A
successful assertion that we should be collecting additional sales or other taxes on our services in jurisdictions where we have not historically done so and do not accrue for sales taxes could result in substantial tax liabilities for past sales, discourage customers from purchasing our solutions or otherwise harm our business and operating results.
We are dependent on the continued services and performance of our senior management and other key employees, the loss of any of whom could adversely affect our business, operating results and financial condition.
Our future performance depends on the continued services and continuing contributions of our senior management, particularly Philippe F. Courtot, our Chairman and Chief Executive Officer, and other key employees to execute on our business plan and to identify and pursue new opportunities and product innovations. We do not maintain key-man insurance for Mr. Courtot or for any other member of our senior management team. From time to time, there may be changes in our senior management team resulting from the termination or departure of executives. Our senior management and key employees are generally employed on an at-will basis, which means that they could terminate their employment with us at any time. The loss of the services of our senior management, particularly Mr. Courtot, or other key employees for any reason could significantly delay or prevent the achievement of our development and strategic objectives and harm our business, financial condition and results of operations.
If we are unable to hire, retain and motivate qualified personnel, our business may suffer.
Our future success depends, in part, on our ability to continue to attract and retain highly skilled personnel. The loss of the services of any of our key personnel, the inability to attract or retain qualified personnel or delays in hiring required personnel, particularly in engineering and sales, may seriously harm our business, financial condition and results of operations. Any of our employees may terminate their employment at any time. Competition for highly skilled personnel is frequently intense, especially in the San Francisco Bay Area, one of the locations in which we have a substantial presence and need for highly-skilled personnel and we may not be able to compete for these employees.
We are required under accounting principles generally accepted in the United States (“U.S. GAAP”) to recognize compensation expense in our operating results for employee stock-based compensation under our equity grant programs, which may negatively impact our operating results and may increase the pressure to limit stock-based compensation that we might otherwise offer to current or potential employees. In addition, to the extent we hire personnel from competitors, we may be subject to allegations that they have been improperly solicited or divulged proprietary or other confidential information.
Changes in laws or regulations related to the Internet may diminish the demand for our solutions and could have a negative impact on our business.
We deliver our solutions through the Internet. Federal, state or foreign government bodies or agencies have in the past adopted, and may in the future adopt, laws or regulations affecting data privacy and the use of the Internet. In addition, government agencies or private organizations may begin to impose taxes, fees or other charges for accessing the Internet or on commerce conducted via the Internet. These laws or charges could limit the viability of Internet-based solutions such as ours and reduce the demand for our solutions.
25
A portion of our revenues are generated by sales to government entities, which are subject to a number of challenges and risks.
Government entities have historically been particularly concerned about adopting cloud-based solutions for their operations, including security solutions, and increasing sales of subscriptions for our solutions to government entities may be more challenging than selling to commercial organizations. Selling to government entities can be highly competitive, expensive and time-consuming, often requiring significant upfront time and expense without any assurance that we will win a sale. We have invested in the creation of a cloud offering certified under the Federal Information Security Management Act, or FISMA, for government usage but we cannot be sure that we will continue to sustain or renew this certification, that the government will continue to mandate such certification or that other
government agencies or entities will use this cloud offering. Government demand and payment for our solutions may be impacted by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our solutions. Government entities may have contractual or other legal rights to terminate contracts with our channel partners for convenience or due to a default, and any such termination may adversely impact our future results of operations. Governments routinely investigate and audit government contractors’ administrative processes, and any unfavorable audit could result in the government refusing to continue buying our solutions, a reduction of revenues or fines or civil or criminal liability if the audit uncovers improper or illegal activities. Any such penalties could adversely impact our results of operations in a material way.
Governmental export or import controls could subject us to liability if we violate them or limit our ability to compete in foreign markets.
Our solutions are subject to U.S. export controls, and we incorporate encryption technology into certain of our solutions. These encryption solutions and the underlying technology may be exported only with the required export authorizations, including by license, a license exception or other appropriate government authorizations. U.S. export controls may require submission of an encryption registration, product classification and/or annual or semi-annual reports. Governmental regulation of encryption technology and regulation of imports or exports of encryption products, or our failure to obtain required import or export authorization for our solutions, when applicable, could harm our international sales and adversely affect our revenues. Compliance with applicable regulatory requirements regarding the export of our solutions, including with respect to new releases of our solutions, may create delays in the introduction of our solutions in international markets, prevent our customers with international operations from deploying our solutions throughout their globally-distributed systems or, in some cases, prevent the export of our solutions to some countries altogether. In addition, various countries regulate the import of our appliance-based solutions and have enacted laws that could limit our ability to distribute solutions or could limit our customers’ ability to implement our solutions in those countries. Any new export or import restrictions, new legislation or shifting approaches in the enforcement or scope of existing regulations, or in the countries, persons or technologies targeted by such regulations, could result in decreased use of our solutions by existing customers with international operations, declining adoption of our solutions by new customers with international operations and decreased revenues. If we fail to comply with export and import regulations, we may be fined or other penalties could be imposed, including a denial of certain export privileges.
Our success in acquiring and integrating other businesses, products or technologies could impact our financial position.
In order to remain competitive, we have in the past and may in the future seek to acquire additional businesses, products or technologies. The environment for acquisitions in our industry is very competitive and acquisition candidate purchase prices will likely exceed what we would prefer to pay. Moreover, achieving the anticipated benefits of future acquisitions will depend in part upon whether we can integrate acquired operations, products and technology in a timely and cost-effective manner. The acquisition and integration process is complex, expensive and time-consuming, and may cause an interruption of, or loss of momentum in, product development and sales activities and operations of both companies. We may not find suitable acquisition candidates, and acquisitions we complete may be unsuccessful. If we consummate a transaction, we may be unable to integrate and manage acquired products and businesses effectively or retain key personnel. If we are unable to effectively execute acquisitions, our business, financial condition and operating results could be adversely affected.
26
Our financial results are based in part on our estimates or judgments relating to our critical accounting policies. These estimates or judgments may prove to be incorrect, which could harm our operating results and result in a decline in our stock price.
The preparation of financial statements in conformity with U.S. GAAP requires management to make estimates and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, as provided in the section titled “Part II, Item 7 - Management’s Discussion and Analysis of Financial Condition and Results of Operations,” the results of which form the basis for making judgments about the carrying values of assets, liabilities, equity, revenues and expenses that are not readily apparent from other sources. Our operating results may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our operating results to fall below the expectations of securities analysts and investors, resulting in a decline in our stock price. Significant assumptions and estimates used in preparing our consolidated financial statements include those related to revenue recognition, accounting for income taxes, stock-based compensation, common stock valuations and fair value measurement.
Changes in financial accounting standards may cause adverse and unexpected revenue fluctuations and impact our reported results of operations.
A change in accounting standards or practices could harm our operating results and may even affect our reporting of transactions completed before the change is effective. New accounting pronouncements and varying interpretations of accounting pronouncements have occurred and may occur in the future. Changes to existing rules or the questioning of current practices may harm our operating results or the way we conduct our business.
Because we expense commissions associated with sales of our solutions immediately upon receipt of a subscription order from a customer and generally recognize the revenues associated with such sale over the term of the agreement, our operating income in any period may not be indicative of our financial health and future performance.
We expense commissions paid to our sales personnel in the quarter in which the related order is received. In contrast, we generally recognize the revenues associated with a sale of our solutions ratably over the term of the subscription, which is typically one year. Although we believe increased sales is a positive indicator of the long-term health of our business, increased sales would increase our operating expenses and decrease net income in any particular period. Thus, we may report poor operating results due to higher sales commissions in a period in which we experience strong sales of our solutions. Alternatively, we may report better operating results due to the reduction of sales commissions in a period in which we experience a slowdown in sales. Therefore, you should not rely on our operating results during any one quarter as an indication of our financial health and future performance.
We recognize revenues from subscriptions over the term of the relevant service period, and therefore any decreases or increases in bookings are not immediately reflected in our operating results.
We recognize revenues from subscriptions over the term of the relevant service period, which is typically one year. As a result, most of our reported revenues in each quarter are derived from the recognition of deferred revenues relating to subscriptions entered into during previous quarters. Consequently, a shortfall in demand for our solutions in any period may not significantly reduce our revenues for that period, but could negatively affect revenues in future periods. Accordingly, the effect of significant downturns in bookings may not be fully reflected in our results of operations until future periods. We may be unable to adjust our costs and expenses to compensate for such a potential shortfall in revenues. Our subscription model also makes it difficult for us to rapidly increase our revenues through additional bookings in any period, as revenues are recognized ratably over the subscription period.
Changes in our provision for income taxes or adverse outcomes resulting from examination of our income tax returns could adversely affect our operating results.
We are subject to income taxes in the United States and various foreign jurisdictions, and our domestic and international tax liabilities are subject to the allocation of expenses in differing jurisdictions. Our tax rate is affected by changes in the mix of earnings and losses in countries with differing statutory tax rates, certain non-deductible expenses arising from the requirement to expense stock options and the valuation of deferred tax assets and
27
liabilities, including our ability to utilize our federal net operating losses, which were $51.4 million as of December 31, 2013. Increases in our effective tax rate could harm our operating results.
Our business is subject to the risks of earthquakes, fire, power outages, floods and other catastrophic events, and to interruption by manmade problems such as terrorism.
A significant natural disaster, such as an earthquake, fire or a flood, or a significant power outage could have a material adverse impact on our business, operating results and financial condition. Our corporate headquarters and a significant portion of our operations are located in the San Francisco Bay Area, a region known for seismic activity. In addition, natural disasters could affect our business partners’ ability to perform services for us on a timely basis. In the event we or our business partners are hindered by any of the events discussed above, our ability to provide our solutions to customers could be delayed, resulting in our missing financial targets, such as revenues and net income, for a particular quarter. Further, if a natural disaster occurs in a region from which we derive a significant portion of our revenues, customers in that region may delay or forego subscriptions of our solutions, which may materially and adversely impact our results of operations for a particular period. In addition, acts of terrorism could cause disruptions in our business or the business of our business partners, customers or the economy as a whole. All of the aforementioned risks may be exacerbated if the disaster recovery plans for us and our suppliers prove to be inadequate. To the extent that any of the above results in delays of customer subscriptions or commercialization of our solutions, our business, financial condition and results of operations could be adversely affected.
If we fail to maintain an effective system of internal control over financial reporting, our ability to produce timely and accurate financial statements or comply with applicable regulations could be impaired.
As a public company, we are subject to the reporting requirements of the Securities Exchange Act of 1934, or the Exchange Act, the Sarbanes-Oxley Act, and the rules and regulations of the NASDAQ Stock Market. To comply with the requirements of being a public company, we may need to undertake various actions, such as implementing new internal controls and procedures and hiring accounting or internal audit staff.
Our internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements in accordance with GAAP. Our current controls and any new controls that we develop may become inadequate because of changes in conditions in our business. Any failure to develop or maintain effective controls, or any difficulties encountered in their implementation or improvement, could harm our operating results or cause us to fail to meet our reporting obligations. Any failure to implement and maintain effective internal control over financial reporting also could adversely affect the results of periodic management evaluations and annual independent registered public accounting firm attestation reports regarding the effectiveness of our internal control over financial reporting that we will be required to include in our periodic reports we will file with the SEC under Section 404 of the Sarbanes-Oxley Act. In the event that we are not able to demonstrate compliance with Section 404 of the Sarbanes-Oxley Act, that our internal control over financial reporting is perceived as inadequate or that we are unable to produce timely or accurate financial statements, investors may lose confidence in our operating results and our stock price could decline. In addition, if we are unable to continue to meet these requirements, we may not be able to remain listed on the NASDAQ Stock Market.
As a public company, we are required to comply with certain of these rules, which require management to certify financial and other information in this Annual Report on Form 10-K and other quarterly and annual reports and provide an annual management report on the effectiveness of our internal control over financial reporting. Our independent registered public accounting firm is not required to formally attest to the effectiveness of our internal control over financial reporting until the first annual report required to be filed with the SEC following the date we are no longer an “emerging growth company” as defined in the JOBS Act. At such time, our independent registered public accounting firm may issue a report that is adverse in the event it is not satisfied with the level at which our controls are documented, designed or operating. Our remediation efforts may not enable us to avoid a material weakness in the future. We will cease to be an “emerging growth company” upon the earliest of (i) the first fiscal year following the fifth anniversary of September 28, 2012, the date of our initial public offering, (ii) the first fiscal year after our annual gross revenues are $1 billion or more, (iii) the date on which we have, during the previous three-year period, issued more than $1 billion in non-convertible debt securities, or (iv) the date on which we are deemed to be a “large accelerated filer” as defined in the Exchange Act.
28
We have incurred and expect to continue to incur significant costs and have devoted and will continue to devote substantial management time as a result of operating as a public company, and these commitments will increase after we are no longer an “emerging growth company,” which could adversely affect our business and operating results.
As a public company, we have incurred and expect to continue to incur significant legal, accounting and other expenses. For example, we are required to comply with certain of the requirements of the Sarbanes-Oxley Act and the Dodd Frank Wall Street Reform and Consumer Protection Act, as well as rules and regulations implemented by the SEC and the NASDAQ Stock Market, including the establishment and maintenance of effective disclosure controls and procedures, internal control over financial reporting, and changes in corporate governance practices. Despite recent reform made possible by the JOBS Act, which allows us to take advantage of certain exemptions from various reporting requirements applicable to other public companies that are not “emerging growth companies,” compliance with these requirements increases our legal and financial compliance costs and makes some activities more time-consuming and costly compared to when we were a privately-held company. In addition, our management and other personnel must divert attention from operational and other business matters to devote substantial time to these public company requirements.
After we are no longer an “emerging growth company,” we expect to incur significant expenses and devote substantial management effort toward ensuring compliance with the requirements of Section 404(b) of the Sarbanes-Oxley Act, when applicable to us.
We cannot predict or estimate the amount of additional costs we may incur in the future as a result of being a public company or the timing of such costs. Being a public company also makes it more difficult and more expensive for us to obtain director and officer liability insurance, and we may be required to accept reduced policy limits and coverage or incur substantially higher costs to obtain the same or similar coverage for our officers and directors in the future. As a result, it may be more difficult for us to attract and retain qualified people to serve on our board of directors and our board committees or as executive officers.
We are an “emerging growth company” and we cannot be certain if the reduced disclosure requirements applicable to emerging growth companies makes our common stock less attractive to investors.
We are an “emerging growth company,” as defined in the JOBS Act, and, for so long as we remain an "emerging growth company," we may choose to take advantage of certain exemptions from various reporting requirements that are applicable to other public companies that are not “emerging growth companies” including, but not limited to, the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act, reduced disclosure obligations regarding executive compensation in our periodic reports and proxy statements, and exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and shareholder approval of any golden parachute payments not previously approved. We cannot assess if investors find our common stock less attractive for so long as we choose to rely on these exemptions. If some investors find our common stock less attractive as a result of our choice to reduce disclosure, there may be a less active trading market for our common stock and our trading price may be more volatile.
Market volatility may affect our stock price and the value of an investment in our common stock and could subject us to litigation.
The trading price of our common stock has been, and may continue to be, subject to significant fluctuations in response to a number of factors, most of which we cannot predict or control, including:
• | announcements of new solutions, services or technologies, commercial relationships, acquisitions or other events by us or our competitors; |
• | fluctuations in stock market prices and trading volumes of securities of similar companies; |
• | general market conditions and overall fluctuations in U.S. equity markets; |
• | variations in our operating results, or the operating results of our competitors; |
• | changes in our financial guidance or securities analysts’ estimates of our financial performance; |
• | changes in accounting principles; |
29
• | sales of large blocks of our common stock, including sales by our executive officers, directors and significant stockholders; |
• | additions or departures of any of our key personnel; |
• | announcements related to litigation; |
• | changing legal or regulatory developments in the United States and other countries; and |
• | discussion of us or our stock price by the financial press and in online investor communities. |
In addition, the stock market in general, and the stocks of technology companies such as ours in particular, have experienced substantial price and volume volatility that is often seemingly unrelated to the operating performance of particular companies. These broad market fluctuations may cause the trading price of our common stock to decline. In the past, securities class action litigation has often been brought against a company after a period of volatility in the trading price of its common stock. We may become involved in this type of litigation in the future. Any securities litigation claims brought against us could result in substantial expenses and the diversion of our management’s attention from our business.
Our actual operating results may differ significantly from our guidance.
From time to time, we have released, and may continue to release guidance in our quarterly earnings conference calls, quarterly earnings releases, or otherwise, regarding our future performance that represents our management's estimates as of the date of release. This guidance, which includes forward-looking statements, has been and will be based on projections prepared by our management. These projections are not prepared with a view toward compliance with published guidelines of the American Institute of Certified Public Accountants, and neither our registered public accountants nor any other independent expert or outside party compiles or examines the projections. Accordingly, no such person expresses any opinion or any other form of assurance with respect to the projections.
Projections are based upon a number of assumptions and estimates that, while presented with numerical specificity, are inherently subject to significant business, economic and competitive uncertainties and contingencies, many of which are beyond our control and are based upon specific assumptions with respect to future business decisions, some of which will change. We intend to state possible outcomes as high and low ranges which are intended to provide a sensitivity analysis as variables are changed but are not intended to imply that actual results could not fall outside of the suggested ranges. The principal reason that we release guidance is to provide a basis for our management to discuss our business outlook with analysts and investors. We do not accept any responsibility for any projections or reports published by any such third parties.
Guidance is necessarily speculative in nature, and it can be expected that some or all of the assumptions underlying the guidance furnished by us will not materialize or will vary significantly from actual results. Accordingly, our guidance is only an estimate of what management believes is realizable as of the date of release. Actual results may vary from our guidance and the variations may be material. In light of the foregoing, investors are urged not to rely upon our guidance in making an investment decision regarding our common stock.
Any failure to successfully implement our operating strategy or the occurrence of any of the events or circumstances set forth in this “Risk Factors” section in this Annual Report on Form 10-K could result in the actual operating results being different from our guidance, and the differences may be adverse and material.
An active trading market for our common stock may not be sustained.
Our common stock is listed on the NASDAQ Stock Market under the symbol “QLYS.” However, there can be no assurance that an active trading market for our common stock will be sustained. Accordingly, we cannot provide any assurance regarding the liquidity of any trading market or the ability of an investor to sell shares of our common stock when desired or the prices that may be obtained for such shares.
30
Concentration of ownership among our existing executive officers, directors and holders of 5% or more of our outstanding common stock may prevent new investors from influencing significant corporate decisions.
As of December 31, 2013, our executive officers, directors and holders of 5% or more of our outstanding common stock beneficially own, in the aggregate, approximately 50% of our outstanding common stock. As a result, such persons, acting together, have significant ability to control our management and affairs and substantially all matters submitted to our stockholders for approval, including the election and removal of directors and approval of any significant transaction. These persons also have significant ability to control our management and business affairs. This concentration of ownership may have the effect of delaying, deferring or preventing a change in control, impeding a merger, consolidation, takeover or other business combination involving us, or discouraging a potential acquirer from making a tender offer or otherwise attempting to obtain control of our business, even if such a transaction would benefit other stockholders.
Future sales of shares by existing stockholders could cause our stock price to decline.
The market price of shares of our common stock could decline as a result of substantial sales of our common stock, particularly sales by our directors, executive officers, employees and significant stockholders, a large number of shares of our common stock becoming available for sale, or the perception in the market that holders of a large number of shares intend to sell their shares. As of December 31, 2013, we had approximately 32.4 million shares of our common stock outstanding. Certain holders of shares of common stock have rights, subject to some conditions, to require us to file registration statements covering their shares or to include these shares in registration statements that we may file for ourselves or other stockholders.
In addition, as of December 31, 2013, we had outstanding options to purchase approximately 7.0 million shares of common stock options that, if exercised, will result in these additional shares becoming available for sale. As of December 31, 2013, we had an aggregate of 1.2 million shares of our common stock reserved for future issuance under our 2012 Equity Incentive Plan, which can be freely sold in the public market upon issuance. If a large number of these shares are sold in the public market, the sales could reduce the trading price of our common stock.
If securities or industry analysts do not publish research or publish inaccurate or unfavorable research about our business, our stock price and trading volume could decline.
The trading market for our common stock depends in part on the research and reports that securities and industry analysts publish about us and our business. If we do not maintain adequate research coverage or if one or more of the analysts who covers us downgrades our stock or publishes inaccurate or unfavorable research about our business, our stock price would likely decline. If one or more of these analysts ceases coverage of our company or fails to publish reports on us regularly, demand for our stock could decrease, which could cause our stock price and trading volume to decline.
We do not intend to pay dividends on our common stock and therefore any returns will be limited to the value of our stock.
We have never declared or paid any cash dividend on our common stock. We currently anticipate that we will retain future earnings for the development, operation and expansion of our business and do not anticipate declaring or paying any cash dividends for the foreseeable future. Any return to stockholders will therefore be limited to the value of their stock.
Anti-takeover provisions in our charter documents and under Delaware law could make an acquisition of us, which may be beneficial to our stockholders, more difficult and may prevent attempts by our stockholders to replace or remove our current management.
Our amended and restated certificate of incorporation and amended and restated bylaws contain provisions that may delay or prevent an acquisition of us or a change in our management. These provisions include:
• | authorizing “blank check” preferred stock, which could be issued by the board without stockholder approval and may contain voting, liquidation, dividend and other rights superior to our common stock, which would increase the number of outstanding shares and could thwart a takeover attempt; |
31
• | a classified board of directors whose members can only be dismissed for cause; |
• | the prohibition on actions by written consent of our stockholders; |
• | the limitation on who may call a special meeting of stockholders; |
• | the establishment of advance notice requirements for nominations for election to our board of directors or for proposing matters that can be acted upon at stockholder meetings; and |
• | the requirement of at least two-thirds of the outstanding capital stock to amend any of the foregoing second through fifth provisions. |
In addition, because we are incorporated in Delaware, we are governed by the provisions of Section 203 of the Delaware General Corporation Law, which limits the ability of stockholders owning in excess of 15% of our outstanding voting stock to merge or combine with us. Although we believe these provisions collectively provide for an opportunity to obtain greater value for stockholders by requiring potential acquirers to negotiate with our board of directors, they would apply even if an offer rejected by our board were considered beneficial by some stockholders. In addition, these provisions may frustrate or prevent any attempts by our stockholders to replace or remove our current management by making it more difficult for stockholders to replace members of our board of directors, which is responsible for appointing the members of our management.
Item 1B. | Unresolved Staff Comments |
None.
Item 2. | Properties |
Our principal executive offices are located in Redwood City, California, where we occupy a 50,000 square-foot facility under a lease expiring on November 30, 2017. We have additional U.S. offices in Bellevue, Washington; Denver, Colorado; Raleigh, North Carolina; and Madison, Wisconsin. We also lease offices in Beijing, China; Courbevoie, France; Manila, Philippines; Moscow, Russia; Munich, Germany; Pune, India; Ras al-Khaimah, United Arab Emirates; Slough, United Kingdom; and Tokyo, Japan. We believe our facilities are adequate for our current needs and for the foreseeable future.
We operate four principal data centers at third-party facilities in Santa Clara, California; Bellevue, Washington, Ashburn, Virginia; and Geneva, Switzerland.
Item 3. | Legal Proceedings |
From time to time we may become involved in legal proceedings or be subject to claims arising in the ordinary course of our business. We are not presently a party to any legal proceedings that, if determined adversely to us, would individually or taken together have a material adverse effect on our business, operating results, financial condition or cash flows. Regardless of the outcome, litigation can have an adverse impact on us because of defense and settlement costs, diversion of management resources and other factors.
Item 4. | Mine Safety Disclosures. |
Not Applicable.
32
PART II
Item 5. | Market for Registrant's Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities |
Market Information
Our common stock has been listed on the NASDAQ Stock Market under the trading symbol “QLYS” since September 28, 2012. Prior to that date, there was no public trading market for our common stock. Our IPO was priced at $12.00 per share on September 27, 2012. The following table sets forth the high and low per share sales prices for our common stock as reported on the NASDAQ Stock Market for the periods indicated:
Low | High | |||||||
Fiscal 2013: | ||||||||
Fourth quarter | $ | 19.56 | $ | 24.90 | ||||
Third quarter | $ | 14.98 | $ | 23.21 | ||||
Second quarter | $ | 10.15 | $ | 16.25 | ||||
First quarter | $ | 10.18 | $ | 16.38 | ||||
Fiscal 2012: | ||||||||
Fourth quarter | $ | 11.07 | $ | 15.25 | ||||
Third quarter (from September 28, 2012) | $ | 12.00 | $ | 14.85 | ||||
Holders of Common Equity
As of January 31, 2014, there were approximately 199 holders of record of our common stock. Because many of our shares of common stock are held by brokers and other institutions on behalf of stockholders, we are unable to estimate the total number of stockholders represented by these record holders.
Dividend Policy
We have never declared or paid any cash dividends on our capital stock. We currently intend to retain any future earnings to fund business development and growth, and do not expect to pay any dividends in the foreseeable future. Any future determination to declare cash dividends will be made at the discretion of our board of directors, subject to applicable laws, and will depend on a number of factors, including our financial condition, results of operations, capital requirements, contractual restrictions, general business conditions and other factors that our board of directors may deem relevant.
Securities Authorized for Issuance under Equity Compensation Plans
The following table summarizes information about our equity compensation plans as of December 31, 2013. All outstanding awards relate to our common stock.
Plan Category | (a) Number of Securities to be Issued Upon Exercise of Outstanding Options, Warrants and Rights | (b) Weighted-Average Exercise Price of Outstanding Options, Warrants and Rights | (c) Number of Securities Remaining Available for Future Issuance Under Equity Compensation Plans (Excluding Securities Reflected in Column (a)) | |||||||
Equity compensation plans approved by security holders1 | 7,039,093 | $ | 7.17 | 1,173,450 | ||||||
1 Equity compensation plans approved by stockholders include the 2000 Equity Incentive Plan, as amended and the 2012 Equity Incentive Plan. Prior to our IPO, we issued securities under our 2000 Equity Incentive Plan, as amended. Following our IPO, we issued securities under our 2012 Equity Incentive Plan.
33
Stock Price Performance Graph
The following graph shows a comparison from September 28, 2012 (the date our common stock commenced trading on the NASDAQ Stock Market) through December 31, 2013 of the cumulative total return for an investment of $100 (and the reinvestment of dividends) in our common stock, the NASDAQ Global Select Market and the NASDAQ Computer. Such returns are based on historical results and are not intended to suggest future performance.
COMPARISON OF CUMULATIVE TOTAL RETURN*
Among Qualys, Inc, NASDAQ-Global Select Market Composite Index, and NASDAQ Computer Index
* $100 invested on 9/28/12 in stock or index, including reinvestment of dividends. Fiscal year ending December 31.
September 28, 2012 | December 31, 2012 | March 28, 2013 | June 28, 2013 | September 30, 2013 | December 31, 2013 | ||||||||||||||||||
Qualys Inc. | $ | 100.00 | $ | 104.45 | $ | 87.15 | $ | 113.84 | $ | 151.06 | $ | 163.21 | |||||||||||
NASDAQ Global Select Market | $ | 100.00 | $ | 96.97 | $ | 104.81 | $ | 109.04 | $ | 120.70 | $ | 133.81 | |||||||||||
NASDAQ Computer | $ | 100.00 | $ | 92.56 | $ | 94.63 | $ | 96.42 | $ | 107.05 | $ | 122.12 | |||||||||||
The information on the above Stock Price Performance Graph shall not be deemed to be “filed” for purposes of Section 18 of the Securities Exchange Act of 1934, as amended, or otherwise subject to the liabilities of that section or Sections 11 and 12(a)(2) of the Securities Act of 1933, as amended, and shall not be incorporated by reference into any registration statement or other document filed by us with the Securities and Exchange Commission, whether made before or after the date of this Annual Report on Form 10-K, regardless of any general incorporation language in such filing, except as shall be expressly set forth by specific reference in such filing.
34
Recent Sales of Unregistered Securities and Use of Proceeds
Use of Proceeds from Public Offering of Common Stock
The Form S-1 Registration Statement (Registration No. 333-182027) relating to our IPO was declared effective by the SEC on September 27, 2012 and the offering commenced on September 28, 2012. On October 3, 2012, we closed our IPO and received net proceeds of approximately $87.5 million after deducting underwriting discounts and commissions, and before deducting total expenses in connection with our IPO of approximately $2.9 million.
We believe our existing cash and cash from operations will be sufficient to fund our operations for at least the next twelve months. We intend to use the net proceeds from the offering for capital expenditures, working capital and other general corporate purposes, which may include hiring additional personnel and investing in sales and marketing and research and development. In addition, we expect to spend approximately $12 million through December 31, 2014 for capital expenditures, primarily related to infrastructure to support the anticipated growth in our business. We may also use a portion of the net proceeds to acquire or invest in complementary businesses, technologies, or other assets. We have not entered into any agreements or commitments with respect to any acquisitions or investments at this time.
Pending these uses, we invested the net proceeds in highly liquid money market funds, commercial paper, corporate bonds, municipal bonds, fixed-income U.S. government agency securities and asset-backed securities.
Purchases of Equity Securities by the Issuer and Affiliated Purchasers
No shares of our common stock were repurchased during the fourth quarter of 2013.
35
Item 6. | Selected Consolidated Financial and Other Data |
The following selected consolidated financial and other data should be read in conjunction with "Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations” and our consolidated financial statements, related notes and other financial information included elsewhere in this Annual Report on Form 10-K. Our historical results are not necessarily indicative of the results that may be expected in the future, and the results for the year ended December 31, 2013 are not necessarily indicative of operating results to be expected for any other period.
Year Ended December 31, | ||||||||||||||||||||
2013 | 2012 | 2011 | 2010 | 2009 | ||||||||||||||||
(in thousands, except per share data) | ||||||||||||||||||||
Consolidated Statements of Operations Data: | ||||||||||||||||||||
Revenues | $ | 107,962 | $ | 91,420 | $ | 76,212 | $ | 65,432 | $ | 57,425 | ||||||||||
Cost of revenues(1) | 24,660 | 18,404 | 13,247 | 11,204 | 10,692 | |||||||||||||||
Gross profit | 83,302 | 73,016 | 62,965 | 54,228 | 46,733 | |||||||||||||||
Operating expenses: | ||||||||||||||||||||
Research and development(1) | 21,678 | 20,195 | 19,633 | 15,780 | 13,377 | |||||||||||||||
Sales and marketing(1) | 42,523 | 37,738 | 31,526 | 29,056 | 24,782 | |||||||||||||||
General and administrative(1) | 16,792 | 12,079 | 8,900 | 8,183 | 7,455 | |||||||||||||||
Total operating expenses | 80,993 | 70,012 | 60,059 | 53,019 | 45,614 | |||||||||||||||
Income from operations | 2,309 | 3,004 | 2,906 | 1,209 | 1,119 | |||||||||||||||
Other income (expense), net: | ||||||||||||||||||||
Interest expense | (43 | ) | (192 | ) | (204 | ) | (186 | ) | (180 | ) | ||||||||||
Interest income | 375 | 14 | 14 | 3 | 10 | |||||||||||||||
Other income (expense), net | (517 | ) | (188 | ) | (346 | ) | (383 | ) | 130 | |||||||||||
Total other income (expense), net | (185 | ) | (366 | ) | (536 | ) | (566 | ) | (40 | ) | ||||||||||
Income before provision for (benefit from) income taxes | 2,124 | 2,638 | 2,370 | 643 | 1,079 | |||||||||||||||
Provision for (benefit from) income taxes | 500 | 358 | 416 | (204 | ) | 220 | ||||||||||||||
Net income | $ | 1,624 | $ | 2,280 | $ | 1,954 | $ | 847 | $ | 859 | ||||||||||
Net income attributable to common stockholders | $ | 1,622 | $ | 1,076 | $ | 436 | $ | 179 | $ | 171 | ||||||||||
Net income per share attributable to common stockholders: (2) | ||||||||||||||||||||
Basic | $ | 0.05 | $ | 0.09 | $ | 0.09 | $ | 0.04 | $ | 0.04 | ||||||||||
Diluted | $ | 0.05 | $ | 0.08 | $ | 0.08 | $ | 0.04 | $ | 0.04 | ||||||||||
Weighted-average shares used in computing net income per share attributable to common stockholders: (2) | ||||||||||||||||||||
Basic | 31,914 | 11,891 | 5,053 | 4,706 | 4,400 | |||||||||||||||
Diluted | 35,973 | 28,352 | 24,194 | 23,562 | 22,804 | |||||||||||||||
36
As of December 31, | ||||||||||||||||||||
2013 | 2012 | 2011 | 2010 | 2009 | ||||||||||||||||
(in thousands) | ||||||||||||||||||||
Consolidated Balance Sheet Data: | ||||||||||||||||||||
Cash, cash equivalents and short-term investments | $ | 97,196 | $ | 118,432 | $ | 24,548 | $ | 15,010 | $ | 9,949 | ||||||||||
Long-term investments | 35,608 | — | — | — | — | |||||||||||||||
Total assets | 192,603 | 170,318 | 68,789 | 44,360 | 34,244 | |||||||||||||||
Deferred revenues, current | 67,505 | 56,497 | 46,717 | 37,811 | 33,266 | |||||||||||||||
Deferred revenues, noncurrent | 8,889 | 8,616 | 4,713 | 1,734 | 1,864 | |||||||||||||||
Convertible preferred stock | — | — | 63,873 | 63,745 | 63,745 | |||||||||||||||
Total stockholders’ equity (deficit) | 103,117 | 91,555 | (64,424 | ) | (69,401 | ) | (72,740 | ) | ||||||||||||
(1) | Includes stock-based compensation as follows: |
Year Ended December 31, | ||||||||||||||||||||
2013 | 2012 | 2011 | 2010 | 2009 | ||||||||||||||||
(in thousands) | ||||||||||||||||||||
Cost of revenues | $ | 432 | $ | 276 | $ | 143 | $ | 80 | $ | 47 | ||||||||||
Research and development | 1,047 | 672 | 499 | 359 | 315 | |||||||||||||||
Sales and marketing | 1,244 | 1,074 | 578 | 467 | 284 | |||||||||||||||
General and administrative | 2,783 | 1,430 | 927 | 964 | 474 | |||||||||||||||
Total stock-based compensation | $ | 5,506 | $ | 3,452 | $ | 2,147 | $ | 1,870 | $ | 1,120 | ||||||||||
(2) | See Notes 1 and 12 to our consolidated financial statements included elsewhere in this Annual Report on Form 10-K for an explanation of the calculations of our basic and diluted income per share attributable to common stockholders. |
Other Financial Data (unaudited):
In addition to measures of financial performance presented in our consolidated financial statements, we monitor the key metrics set forth below to help us evaluate growth trends, establish budgets, measure the effectiveness of our sales and marketing efforts and assess operational efficiencies.
Four Quarters Ended December 31, | ||||||||||||||||||||
2013 | 2012 | 2011 | 2010 | 2009 | ||||||||||||||||
(in thousands) | ||||||||||||||||||||
Four-Quarter Bookings | $ | 118,970 | $ | 101,200 | $ | 85,118 | $ | 69,977 | $ | 61,672 | ||||||||||
Year Ended December 31, | ||||||||||||||||||||
2013 | 2012 | 2011 | 2010 | 2009 | ||||||||||||||||
(in thousands) | ||||||||||||||||||||
Adjusted EBITDA | $ | 17,427 | $ | 13,797 | $ | 10,426 | $ | 7,648 | $ | 6,162 | ||||||||||
Non-GAAP Financial Measures
Four-Quarter Bookings
Four-Quarter Bookings, a non-GAAP financial measure, is calculated as revenues for the preceding four quarters plus the change in current deferred revenues for the same period. This metric was provided as an additional tool for investors to use in assessing our business performance in a way that more fully reflected current business trends than reported revenues and reduced the variations in any particular quarter caused by customer subscription renewals. It included sales of subscriptions to new customers, as well as subscription renewals and upsells of additional subscriptions to existing customers.
37
The following unaudited table presents the reconciliation of revenues to Four-Quarter Bookings for the four quarters ended December 31, 2013, 2012, 2011, 2010 and 2009.
Four Quarters Ended December 31, | ||||||||||||||||||||
2013 | 2012 | 2011 | 2010 | 2009 | ||||||||||||||||
(in thousands) | ||||||||||||||||||||
Revenues | $ | 107,962 | $ | 91,420 | $ | 76,212 | $ | 65,432 | $ | 57,425 | ||||||||||
Deferred revenues, current | ||||||||||||||||||||
Beginning of the Four-Quarter Period | 56,497 | 46,717 | 37,811 | 33,266 | 29,019 | |||||||||||||||
Ending | 67,505 | 56,497 | 46,717 | 37,811 | 33,266 | |||||||||||||||
Net change | 11,008 | 9,780 | 8,906 | 4,545 | 4,247 | |||||||||||||||
Four-Quarter Bookings | $ | 118,970 | $ | 101,200 | $ | 85,118 | $ | 69,977 | $ | 61,672 | ||||||||||
As our revenues have increased over the last several years, we have determined that since a significant portion of this metric is based on revenues, it reflects more historical trends rather than a trend of future growth. Accordingly, this is the last period for which we will provide this metric because we believe that the change in deferred revenues is a more useful and accurate metric for investors to use in assessing the material sales trends in our business. Deferred revenues reflect transactions in prior periods that will be recognized as revenues in the future and thus is a better measure for investors to use as part of their assessment of our overall business performance.
Adjusted EBITDA
We monitor Adjusted EBITDA, a non-GAAP financial measure, to analyze our financial results and believe that it is useful to investors, as a supplement to U.S. GAAP measures, in evaluating our ongoing operational performance and enhancing an overall understanding of our past financial performance. We believe that Adjusted EBITDA helps illustrate underlying trends in our business that could otherwise be masked by the effect of the income or expenses that we exclude in Adjusted EBITDA. Furthermore, we use this measure to establish budgets and operational goals for managing our business and evaluating our performance. We also believe that Adjusted EBITDA provides an additional tool for investors to use in comparing our recurring core business operating results over multiple periods with other companies in our industry.
Adjusted EBITDA should not be considered in isolation from, or as a substitute for, financial information prepared in accordance with U.S. GAAP. We calculate Adjusted EBITDA as net income (loss) before (1) other (income) expense, net, which includes interest income, interest expense and other income and expense, (2) provision for (benefit from) income taxes, (3) depreciation and amortization of property and equipment, (4) amortization of intangible assets and (5) stock-based compensation.
The following unaudited table presents the reconciliation of net income to Adjusted EBITDA for the years ended December 31, 2013, 2012, 2011, 2010 and 2009.
Year Ended December 31, | ||||||||||||||||||||
2013 | 2012 | 2011 | 2010 | 2009 | ||||||||||||||||
(in thousands) | ||||||||||||||||||||
Net income | $ | 1,624 | $ | 2,280 | $ | 1,954 | $ | 847 | $ | 859 | ||||||||||
Other (income) expense, net | 185 | 366 | 536 | 566 | 40 | |||||||||||||||
Provision for (benefit from) income taxes | 500 | 358 | 416 | (204 | ) | 220 | ||||||||||||||
Depreciation and amortization of property and equipment | 9,195 | 6,895 | 4,939 | 4,400 | 3,868 | |||||||||||||||
Amortization of intangible assets | 417 | 446 | 434 | 169 | 55 | |||||||||||||||
Stock-based compensation | 5,506 | 3,452 | 2,147 | 1,870 | 1,120 | |||||||||||||||
Adjusted EBITDA | $ | 17,427 | $ | 13,797 | $ | 10,426 | $ | 7,648 | $ | 6,162 | ||||||||||
38
Limitations of Four-Quarter Bookings and Adjusted EBITDA
Four-Quarter Bookings and Adjusted EBITDA, non-GAAP financial measures, have limitations as analytical tools, and should not be considered in isolation from or as a substitute for the measures presented in accordance with U.S. GAAP. Some of these limitations are:
• | Four-Quarter Bookings reflects the amount of revenues over a four-quarter period, plus the net change in the current portion of deferred revenues, while revenues are recognized ratably over the subscription periods; |
• | Adjusted EBITDA does not reflect certain cash and non-cash charges that are recurring; |
• | Adjusted EBITDA does not reflect income tax payments that reduce cash available to us; |
• | Adjusted EBITDA excludes depreciation and amortization of property and equipment and, although these are non-cash charges, the assets being depreciated and amortized may have to be replaced in the future; and |
• | Other companies, including companies in our industry, may calculate Four-Quarter Bookings or Adjusted EBITDA differently or not at all, which reduces their usefulness as a comparative measure. |
Because of these limitations, Four-Quarter Bookings and Adjusted EBITDA should be considered alongside other financial performance measures, including revenues, net income and our financial results presented in accordance with U.S. GAAP.
39
Item 7. | Management's Discussion and Analysis of Financial Condition and Results of Operations |
You should read the following discussion in conjunction with the section titled "Selected Consolidated Financial and Other Data" and our consolidated financial statements and the related notes included elsewhere in this Annual Report on Form 10-K. In addition to historical information, this discussion contains forward-looking statements that involve risks and uncertainties that could cause our actual results to differ materially from our expectations, as discussed in "Forward-Looking Statements" in Part I of this Annual Report on Form 10-K. Factors that could cause such differences include, but are not limited to, those described in the section titled "Risk Factors" and elsewhere in this Annual Report on Form 10-K.
Overview
We are a pioneer and leading provider of cloud security and compliance solutions that enable organizations to identify security risks to their IT infrastructures, help protect their IT systems and applications from ever-evolving cyber attacks and achieve compliance with internal policies and external regulations. Our cloud solutions address the growing security and compliance complexities and risks that are amplified by the dissolving boundaries between internal and external IT infrastructures and web environments, the rapid adoption of cloud computing and the proliferation of geographically dispersed IT assets. Our integrated suite of security and compliance solutions delivered on our QualysGuard Cloud Platform enables our customers to identify their IT assets, collect and analyze large amounts of IT security data, discover and prioritize vulnerabilities, recommend remediation actions and verify the implementation of such actions. Organizations use our integrated suite of solutions delivered on our QualysGuard Cloud Platform to cost-effectively obtain a unified view of their security and compliance posture across globally-distributed IT infrastructures.
We were founded and incorporated in December 1999 with a vision of transforming the way organizations secure and protect their IT infrastructure and applications and initially launched our first cloud solution, QualysGuard Vulnerability Management, in 2000. This solution has provided the substantial majority of our revenues to date, representing 84%, 87% and 90% of total revenues in 2013, 2012 and 2011, respectively. As this solution gained acceptance, we introduced new solutions to help customers manage increasing IT security and compliance requirements. In 2006, we added our PCI Compliance solution, and in 2008, we added our Policy Compliance solution. In 2009, we broadened the scope of our cloud services by adding Web Application Scanning. We continued our expansion in 2010, launching Malware Detection Service and Qualys SECURE Seal for automated protection of websites. In 2012, we introduced our virtualized private cloud platform as an additional deployment option of our solutions for customers and partners.
We provide our solutions through a software-as-a-service model, primarily with renewable annual subscriptions. These subscriptions require customers to pay a fee in order to access our cloud solutions. We invoice our customers for the entire subscription amount at the start of the subscription term, and the invoiced amounts are treated as deferred revenues and are recognized ratably over the term of each subscription. Historically, we have experienced significant revenue growth from existing customers as they renew and purchase additional subscriptions. Revenues from customers existing at or prior to December 31, 2012 grew $8.7 million to $100.1 million during 2013. We expect this trend to continue.
We market and sell our solutions to enterprises, government entities and to small and medium-sized businesses across a broad range of industries, including education, financial services, government, healthcare, insurance, manufacturing, media, retail, technology and utilities. As of December 31, 2013, we had over 6,700 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. In 2013, 2012 and 2011, approximately 70%, 68% and 67%, respectively, of our revenues were derived from customers in the United States. We sell our solutions to enterprises and government entities primarily through our field sales force and to small and medium-sized businesses through our inside sales force. We generate a significant portion of sales through our channel partners, including managed service providers, value-added resellers and consulting firms in the United States and internationally.
We have had continued revenue growth over the past three years. Our revenues increased from $76.2 million in 2011 to $91.4 million in 2012, and reached $108.0 million in 2013, representing period-over-period increases of $15.2 million, and $16.5 million, or 20% and 18%, respectively. We generated net income of $2.0 million in 2011, $2.3 million in 2012, and $1.6 million in 2013.
40
On September 28, 2012, our common stock commenced trading on the NASDAQ Stock Market under the trading symbol “QLYS,” and on October 3, 2012 we closed our initial public offering. In our initial public offering, we sold and issued 7,836,250 shares and certain selling stockholders sold an additional 875,000 shares. The net proceeds to us from the offering were approximately $87.5 million, after deducting underwriting discounts and commissions, and before deducting total expenses in connection with this offering of $2.9 million.
Key Metrics
In addition to measures of financial performance presented in our consolidated financial statements, we monitor the key metrics set forth below to help us evaluate growth trends, establish budgets, measure the effectiveness of our sales and marketing efforts, and assess operational efficiencies.
Four-Quarter Bookings
Four-Quarter Bookings, a non-GAAP financial measure, is calculated as revenues for the preceding four quarters plus the change in current deferred revenues for the same period. This metric was provided as an additional tool for investors to use in assessing our business performance in a way that more fully reflected current business trends than reported revenues and reduced the variations in any particular quarter caused by customer subscription renewals. It included sales of subscriptions to new customers, as well as subscription renewals and upsells of additional subscriptions to existing customers. Four Quarter Bookings should not be considered in isolation from, or as a substitute for, financial information prepared in accordance with U.S. GAAP.
See the section titled “Selected Consolidated Financial and Other Data - Non-GAAP Financial Measures” for a reconciliation of revenues to Four-Quarter Bookings.
Four Quarters Ended December 31, | ||||||||||||
2013 | 2012 | 2011 | ||||||||||
(in thousands, except percentages) | ||||||||||||
Four-Quarter Bookings | $ | 118,970 | $ | 101,200 | $ | 85,118 | ||||||
Percentage change from prior year period | 18 | % | 19 | % | 22 | % | ||||||
As our revenues have increased over the last several years, we have determined that since a significant portion of this metric is based on revenues, it reflects more historical trends rather than a trend of future growth. Accordingly, this is the last period for which we will provide this metric because we believe that the change in deferred revenues is a more useful and accurate metric for investors to use in assessing the material sales trends in our business. Deferred revenues reflect transactions in prior periods that will be recognized as revenues in the future and thus is a better measure for investors to use as part of their assessment of our overall business performance.
Adjusted EBITDA
We monitor Adjusted EBITDA, a non-GAAP financial measure, to analyze our financial results and believe that it is useful to investors, as a supplement to U.S. GAAP measures, in evaluating our ongoing operational performance and enhancing an overall understanding of our past financial performance. We believe that Adjusted EBITDA helps illustrate underlying trends in our business that could otherwise be masked by the effect of the income or expenses that we exclude in Adjusted EBITDA. Furthermore, we use this measure to establish budgets and operational goals for managing our business and evaluating our performance. We also believe that Adjusted EBITDA provides an additional tool for investors to use in comparing our recurring core business operating results over multiple periods with other companies in our industry. See the section titled “Selected Consolidated Financial and Other Data - Non-GAAP Financial Measures” for a reconciliation of net income to Adjusted EBITDA.
Adjusted EBITDA should not be considered in isolation from, or as a substitute for, financial information prepared in accordance with U.S. GAAP. We calculate Adjusted EBITDA as net income before (1) other (income) expense, net, which includes interest income, interest expense and other income and expense, (2) provision for income taxes, (3) depreciation and amortization of property and equipment, (4) amortization of intangible assets and (5) stock-based compensation.
41
Year Ended December 31, | ||||||||||||
2013 | 2012 | 2011 | ||||||||||
(in thousands) | ||||||||||||
Adjusted EBITDA | $ | 17,427 | $ | 13,797 | $ | 10,426 | ||||||
Percentage of revenues | 16 | % | 15 | % | 14 | % | ||||||
Key Components of Results of Operations
Revenues
We derive revenues from the sale of subscriptions to our security and compliance solutions, which are delivered on our cloud platform. We generate the substantial majority of our revenues through the sale of subscriptions to our QualysGuard Vulnerability Management solution, and we also have a growing number of customers who have purchased our additional solutions. Subscriptions to our solutions allow customers to access our cloud security and compliance solutions through a unified, web-based interface. Customers generally enter into one year renewable subscriptions. The subscription fee entitles the customer to an unlimited number of scans for a specified number of networked devices or web applications and, if requested by a customer as part of their subscription, a specified number of physical or virtual scanner appliances. Our physical and virtual scanner appliances are requested by certain customers as part of their subscriptions in order to scan IT infrastructures within their firewalls and do not function without, and are not sold separately from, subscriptions for our solutions. Customers are required to return physical scanner appliances if they do not renew their subscriptions.
We typically invoice our customers for the entire subscription amount at the start of the subscription term. Invoiced amounts are reflected on our consolidated balance sheet as accounts receivable or as cash when collected, and as deferred revenues until earned and recognized ratably over the subscription period. Accordingly, deferred revenues represents the amount billed to customers that has not yet been earned or recognized as revenues, pursuant to subscriptions entered into in current and prior periods.
Cost of Revenues
Cost of revenues consists primarily of personnel expenses, comprised of salaries, benefits, performance-based compensation and stock-based compensation, for employees who operate our data centers and provide support services to our customers. Other expenses include depreciation of data center equipment and physical scanner appliances and computer hardware provided to certain customers as part of their subscriptions, expenses related to the use of third-party data centers, amortization of third-party technology licensing fees, fees paid to contractors who supplement or support our operations center personnel and overhead allocations. We expect to continue to make capital investments to expand and support our data center operations, which will increase the cost of revenues in absolute dollars.
Operating Expenses
Research and Development
Research and development expenses consist primarily of personnel expenses, comprised of salaries, benefits, performance-based compensation and stock-based compensation, for our research and development teams. Other expenses include third-party contractor fees, amortization of intangibles related to prior acquisitions and overhead allocations. All research and development costs are expensed as incurred. We expect to continue to devote substantial resources to research and development in an effort to continuously improve our existing solutions as well as develop new solutions and expect that research and development expenses will increase in absolute dollars.
42
Sales and Marketing
Sales and marketing expenses consist primarily of personnel expenses, comprised of salaries, benefits, sales commissions, performance-based compensation and stock-based compensation for our worldwide sales and marketing teams. Other expenses include marketing and promotional events, lead-generation marketing programs, public relations, travel and overhead allocations. All costs are expensed as incurred, including sales commissions. Sales commissions are expensed in the quarter in which the related order is received and are paid in the month subsequent to the end of that quarter, which results in increased expenses prior to the recognition of related revenues. Our new sales personnel are typically not immediately productive, and the resulting increase in sales and marketing expenses we incur when we add new personnel may not result in increased revenues if these new sales personnel fail to become productive. The timing of our hiring of sales personnel and the rate at which they generate incremental revenues may affect our future operating results. We expect to invest significantly in additional sales personnel and more marketing programs as we introduce new solutions to our platform, which will increase sales and marketing expenses in absolute dollars.
General and Administrative
General and administrative expenses consist primarily of personnel expenses, comprised of salaries, benefits, performance-based compensation and stock-based compensation, for our executive, finance and accounting, legal, human resources and internal information technology support teams as well as professional services, insurance, fees, certain other corporate governance-related expenses, and overhead allocations. We expect that general and administrative expenses will increase in absolute dollars as we continue to add personnel and incur professional services to support our continued growth and operate as a public company, including compliance with Section 404 of the Sarbanes-Oxley Act.
Other Income (Expense), Net
Our other income (expense), net consists primarily of interest and investment income from our short-term and long-term investments; foreign exchange gains and losses, the majority of which result from fluctuations between the U.S. dollar and the Euro, British pound and Japanese yen; and interest expense associated with our capital leases.
Provision for Income Taxes
Our provision for income taxes consists primarily of corporate income taxes resulting from profits generated in foreign jurisdictions by wholly-owned subsidiaries, along with state income taxes payable in the United States. The provision for income taxes also includes changes to unrecognized tax benefits related to uncertain tax positions.
Income taxes are accounted for under the asset and liability method. Deferred tax assets and liabilities are recognized for the tax impact of timing differences between the financial statement carrying amounts of existing assets and liabilities and their respective tax bases and operating loss and tax credit carry-forwards. Deferred tax assets and liabilities are measured using statutory tax rates expected to apply to taxable income in the years in which those temporary differences are expected to be recovered or settled. The effect on deferred tax assets and liabilities of a change in tax rates is recognized in income in the period when the statutory rate change is enacted into law.
We maintain a valuation allowance on our U.S. federal and state net deferred tax assets. Our cash tax expense is impacted by each jurisdiction’s individual tax rates, laws on timing of recognition of income and deductions and availability of net operating losses and tax credits. Given the valuation allowance and sensitivity of current cash taxes to local rules, our effective tax rate could fluctuate significantly on a quarterly basis, to the extent earnings are lower than anticipated in countries that have lower statutory rates and higher than anticipated in countries that have higher statutory rates, and also due to changes in our earnings projections, by changes in the valuation of our deferred tax assets or liabilities, or by changes in tax laws, regulations, or accounting principles, as well as certain discrete items.
43
Results of Operations
The following tables set forth selected consolidated statements of income data for each of the periods presented.
Year Ended December 31, | ||||||||||||
2013 | 2012 | 2011 | ||||||||||
(in thousands) | ||||||||||||
Consolidated Statements of Income Data: | ||||||||||||
Revenues | $ | 107,962 | $ | 91,420 | $ | 76,212 | ||||||
Cost of revenues (1) | 24,660 | 18,404 | 13,247 | |||||||||
Gross profit | 83,302 | 73,016 | 62,965 | |||||||||
Operating expenses: | ||||||||||||
Research and development (1) | 21,678 | 20,195 | 19,633 | |||||||||
Sales and marketing (1) | 42,523 | 37,738 | 31,526 | |||||||||
General and administrative (1) | 16,792 | 12,079 | 8,900 | |||||||||
Total operating expenses | 80,993 | 70,012 | 60,059 | |||||||||
Income from operations | 2,309 | 3,004 | 2,906 | |||||||||
Other income (expense), net | (185 | ) | (366 | ) | (536 | ) | ||||||
Income before provision for income taxes | 2,124 | 2,638 | 2,370 | |||||||||
Provision for income taxes | 500 | 358 | 416 | |||||||||
Net income | $ | 1,624 | $ | 2,280 | $ | 1,954 | ||||||
____________________
(1) Includes stock-based compensation as follows:
Year Ended December 31, | ||||||||||||
2013 | 2012 | 2011 | ||||||||||
(in thousands) | ||||||||||||
Cost of revenues | $ | 432 | $ | 276 | $ | 143 | ||||||
Research and development | 1,047 | 672 | 499 | |||||||||
Sales and marketing | 1,244 | 1,074 | 578 | |||||||||
General and administrative | 2,783 | 1,430 | 927 | |||||||||
Total stock-based compensation | $ | 5,506 | $ | 3,452 | $ | 2,147 | ||||||
44
The following table sets forth selected consolidated statements of income data for each of the periods presented as a percentage of revenues.
Year Ended December 31, | |||||||||
2013 | 2012 | 2011 | |||||||
Revenues | 100 | % | 100 | % | 100 | % | |||
Cost of revenues | 23 | % | 20 | % | 17 | % | |||
Gross profit | 77 | % | 80 | % | 83 | % | |||
Operating expenses: | |||||||||
Research and development | 20 | % | 22 | % | 26 | % | |||
Sales and marketing | 39 | % | 41 | % | 41 | % | |||
General and administrative | 16 | % | 14 | % | 12 | % | |||
Total operating expenses | 75 | % | 77 | % | 79 | % | |||
Income from operations | 2 | % | 3 | % | 4 | % | |||
Other income (expense), net | 0 | % | 0 | % | (1 | )% | |||
Income before provision for income taxes | 2 | % | 3 | % | 3 | % | |||
Provision for income taxes | 0 | % | 1 | % | 0 | % | |||
Net income | 2 | % | 2 | % | 3 | % | |||
Comparison of Years Ended December 31, 2013 and 2012
Revenues
Year Ended | |||||||||||||||
December 31, | Change | ||||||||||||||
2013 | 2012 | $ | % | ||||||||||||
(in thousands, except percentages) | |||||||||||||||
Revenues | $ | 107,962 | $ | 91,420 | $ | 16,542 | 18 | % | |||||||
Revenues increased $16.5 million in 2013 compared to 2012. Revenues from customers existing at or prior to December 31, 2012 grew $8.7 million to $100.1 million in 2013 due to increased subscriptions. Subscriptions from new customers added in 2013 contributed $7.8 million to the increase in revenues. Of the total increase of $16.5 million, $12.9 million was from customers in the United States and the remaining $3.6 million was from customers in foreign countries. The growth in revenues reflects increased demand for our solutions.
Cost of Revenues
Year Ended | |||||||||||||||
December 31, | Change | ||||||||||||||
2013 | 2012 | $ | % | ||||||||||||
(in thousands, except percentages) | |||||||||||||||
Cost of revenues | $ | 24,660 | $ | 18,404 | $ | 6,256 | 34 | % | |||||||
Percentage of revenues | 23 | % | 20 | % | |||||||||||
Gross profit percentage | 77 | % | 80 | % | |||||||||||
Cost of revenues increased $6.3 million in 2013 compared to 2012, primarily due to a $2.3 million increase in depreciation expenses primarily related to additional computer hardware and software for our new and existing data centers; increased personnel expenses of $1.9 million, principally driven by the addition of employees in our operations staff; increased data center costs of $0.9 million, driven by new data centers, expanded storage and other data center-related costs; and increased third-party software maintenance expense of $0.7 million. The decrease in gross profit percentage reflects the impact of continued increased
45
investments to expand our data center infrastructure, to further enable disaster recovery of our solutions, and to add capacity to deploy new solutions on our cloud platform.
Research and Development Expenses
Year Ended | |||||||||||||||
December 31, | Change | ||||||||||||||
2013 | 2012 | $ | % | ||||||||||||
(in thousands, except percentages) | |||||||||||||||
Research and development | $ | 21,678 | $ | 20,195 | $ | 1,483 | 7 | % | |||||||
Percentage of revenues | 20 | % | 22 | % | |||||||||||
Research and development expenses increased $1.5 million in 2013 compared to 2012, primarily due to an increase in personnel expenses of $1.5 million, including higher stock-based compensation, principally driven by the addition of employees as we continue to invest in enhancing our platform and developing new solutions.
Sales and Marketing Expenses
Year Ended | |||||||||||||||
December 31, | Change | ||||||||||||||
2013 | 2012 | $ | % | ||||||||||||
(in thousands, except percentages) | |||||||||||||||
Sales and marketing | $ | 42,523 | $ | 37,738 | $ | 4,785 | 13 | % | |||||||
Percentage of revenues | 39 | % | 41 | % | |||||||||||
Sales and marketing expenses increased $4.8 million in 2013 compared to 2012, primarily due to an increase in personnel expenses of $3.3 million, principally driven by the addition of employees as we continue to expand our domestic and international sales and marketing efforts, and higher sales commissions as a result of higher bookings. We also incurred increased travel-related costs of $0.4 million and increased recruiting expenses of $0.4 million.
General and Administrative Expenses
Year Ended | |||||||||||||||
December 31, | Change | ||||||||||||||
2013 | 2012 | $ | % | ||||||||||||
(in thousands, except percentages) | |||||||||||||||
General and administrative | $ | 16,792 | $ | 12,079 | $ | 4,713 | 39 | % | |||||||
Percentage of revenues | 16 | % | 14 | % | |||||||||||
General and administrative expenses increased $4.7 million in 2013 compared to 2012, primarily due to an increase in personnel expenses of $2.2 million, including higher stock-based compensation, principally due to the addition of employees to support the growth of our business and building out our infrastructure to support public company requirements. We also incurred increased insurance, director fees and other fees of $0.8 million; as well as increased stock-based compensation of $0.5 million related to non-employees, primarily due to relatively higher stock prices; and increased professional services of $0.5 million.
46
Other Income (Expense), Net
Year Ended | |||||||||||||||
December 31, | Change | ||||||||||||||
2013 | 2012 | $ | % | ||||||||||||
(in thousands, except percentages) | |||||||||||||||
Other income (expense), net | $ | (185 | ) | $ | (366 | ) | $ | 181 | (49 | )% | |||||
Percentage of revenues | 0 | % | 0 | % | |||||||||||
Other income (expense), net increased $0.2 million in 2013 compared to 2012, primarily due to increased investment income of $0.3 million; proceeds of $0.2 million received from a negotiated settlement in 2013; and decreased interest expense of $0.1 million; partially offset by an increase in foreign currency exchange losses of $0.4 million.
Provision for Income Taxes
Year Ended | |||||||||||||||
December 31, | Change | ||||||||||||||
2013 | 2012 | $ | % | ||||||||||||
(in thousands, except percentages) | |||||||||||||||
Provision for income taxes | $ | 500 | $ | 358 | $ | 142 | 40 | % | |||||||
Percentage of revenues | 0 | % | 1 | % | |||||||||||
Provision for income taxes increased $0.1 million in 2013 compared to 2012, primarily due to increases in foreign and state taxes and also due to a reduction of the liability for uncertain tax positions for closure of tax years in foreign jurisdictions in 2012.
Comparison of Years Ended December 31, 2012 and 2011
Revenues
Year Ended | |||||||||||||||
December 31, | Change | ||||||||||||||
2012 | 2011 | $ | % | ||||||||||||
(in thousands, except percentages) | |||||||||||||||
Revenues | $ | 91,420 | $ | 76,212 | $ | 15,208 | 20 | % | |||||||
Revenues increased $15.2 million in 2012 compared to 2011. Revenues from customers existing at or prior to December 31, 2011 grew $7.8 million to $84.0 million in 2012 due to increased subscriptions. Subscriptions from new customers added in 2012 contributed $7.4 million to the increase in revenues. Of the total increase of $15.2 million, $11.6 million was from customers in the United States and the remaining $3.6 million was from customers in foreign countries. The growth in revenues reflects increased demand for our solutions.
Cost of Revenues
Year Ended | |||||||||||||||
December 31, | Change | ||||||||||||||
2012 | 2011 | $ | % | ||||||||||||
(in thousands, except percentages) | |||||||||||||||
Cost of revenues | $ | 18,404 | $ | 13,247 | $ | 5,157 | 39 | % | |||||||
Percentage of revenues | 20 | % | 17 | % | |||||||||||
Gross profit percentage | 80 | % | 83 | % | |||||||||||
47
Cost of revenues increased $5.2 million in 2012 compared to 2011, primarily due to $2.0 million of higher depreciation expenses related to additional data center equipment, third-party software and physical scanner appliances deployed to customers; increased personnel expenses of $1.5 million, principally driven by the addition of employees in our operations team; and increased third-party software maintenance expense of $1.0 million. The decrease in gross profit percentage reflects the impact of increased investments to expand our data center infrastructure and to add capacity to deploy new solutions on our cloud platform.
Research and Development Expenses
Year Ended | |||||||||||||||
December 31, | Change | ||||||||||||||
2012 | 2011 | $ | % | ||||||||||||
(in thousands, except percentages) | |||||||||||||||
Research and development | $ | 20,195 | $ | 19,633 | $ | 562 | 3 | % | |||||||
Percentage of revenues | 22 | % | 26 | % | |||||||||||
Research and development expenses increased $0.6 million in 2012 compared to 2011, primarily due to an increase in personnel expenses of $0.6 million, principally driven by the addition of employees as we continue to invest in enhancing our platform and developing new solutions.
Sales and Marketing Expenses
Year Ended | |||||||||||||||
December 31, | Change | ||||||||||||||
2012 | 2011 | $ | % | ||||||||||||
(in thousands, except percentages) | |||||||||||||||
Sales and marketing | $ | 37,738 | $ | 31,526 | $ | 6,212 | 20 | % | |||||||
Percentage of revenues | 41 | % | 41 | % | |||||||||||
Sales and marketing expenses increased $6.2 million in 2012 compared to 2011, primarily due to an increase in personnel expenses of $4.9 million, principally driven by the addition of employees as we continue to expand our domestic and international sales and marketing efforts, and higher sales commissions as a result of higher bookings; increased travel and related expense of $0.5 million; and increased marketing program and event expenses of $0.3 million.
General and Administrative Expenses
Year Ended | |||||||||||||||
December 31, | Change | ||||||||||||||
2012 | 2011 | $ | % | ||||||||||||
(in thousands, except percentages) | |||||||||||||||
General and administrative | $ | 12,079 | $ | 8,900 | $ | 3,179 | 36 | % | |||||||
Percentage of revenues | 14 | % | 12 | % | |||||||||||
General and administrative expenses increased $3.2 million in 2012 compared to 2011, primarily due to an increase in personnel expenses of $1.4 million, principally driven by the addition of employees to support the growth of our business; an increase in non-employee stock-based compensation of $0.3 million; and an increase in professional services expenses of $0.7 million.
48
Other Income (Expense), Net
Year Ended | |||||||||||||||
December 31, | Change | ||||||||||||||
2012 | 2011 | $ | % | ||||||||||||
(in thousands, except percentages) | |||||||||||||||
Other income (expense), net | $ | (366 | ) | $ | (536 | ) | $ | 170 | (32 | )% | |||||
Percentage of revenues | 0 | % | (1 | )% | |||||||||||
Other income (expense), net decreased $0.2 million in 2012 compared to 2011, primarily due to lower foreign currency exchange losses in 2012 compared to 2011.
Provision for (Benefit from) Income Taxes
Year Ended | ||||||||||||||
December 31, | Change | |||||||||||||
2012 | 2011 | $ | % | |||||||||||
(in thousands, except percentages) | ||||||||||||||
Provision for (benefit from) income taxes | $ | 358 | $ | 416 | $ | (58 | ) | (14)% | ||||||
Percentage of revenues | 1 | % | 0 | % | ||||||||||
Provision for income taxes decreased $0.1 million in 2012 compared to 2011, primarily due to a reduction of the liability for uncertain tax positions of $0.1 million, primarily resulting from closure of tax years in foreign jurisdictions during 2012, partially offset by increase in foreign and state taxes.
Liquidity and Capital Resources
Since our inception, we had financed our operations primarily through proceeds from the issuance of our preferred stock, including $23.2 million invested by Philippe F. Courtot, our Chairman and Chief Executive Officer, and cash flows from operations. On October 3, 2012, we closed our IPO and received net proceeds of approximately $87.5 million after deducting underwriting discounts and commissions, and before deducting total expenses in connection with our IPO of $2.9 million. At December 31, 2013, our principal source of liquidity was cash, cash equivalents and short-term and long-term investments of $132.8 million, including $2.2 million held outside of the United States by our foreign subsidiaries. We do not anticipate that we will need funds generated from foreign operations to fund our domestic operations. However, if we repatriate these funds, we could be subject to U.S. income taxes on such amounts, less previously paid foreign income taxes.
We have experienced positive cash flows from operations during the years ended December 31, 2013, 2012 and 2011. We believe our existing cash, cash equivalents, short-term and long-term investments, and cash from operations will be sufficient to fund our operations for at least the next twelve months. We expect to spend approximately $12 million through December 31, 2014 for capital expenditures, primarily related to infrastructure to support the anticipated growth in our business. Our future capital requirements will depend on many factors, including our rate of revenue growth, the expansion of our sales and marketing activities, the timing and extent of our spending on research and development efforts, international expansion and investment in data centers. We may also seek to invest in or acquire complementary businesses or technologies.
To the extent that existing cash, cash equivalents, short-term and long-term investments, and cash from operations are insufficient to fund our future activities, we may need to raise additional funding through debt and equity financing. Additional funds may not be available on favorable terms or at all.
49
Cash Flows
The following summary of cash flows for the periods indicated has been derived from our consolidated financial statements included elsewhere in this report:
Year Ended December 31, | ||||||||||||
2013 | 2012 | 2011 | ||||||||||
(in thousands) | ||||||||||||
Cash provided by operating activities | $ | 25,146 | $ | 21,952 | $ | 17,190 | ||||||
Cash used in investing activities | (20,688 | ) | (94,784 | ) | (7,499 | ) | ||||||
Cash provided by (used in) financing activities | 3,077 | 83,202 | (10 | ) | ||||||||
Effect of exchange rate changes on cash and cash equivalents | (51 | ) | (33 | ) | (143 | ) | ||||||
Net increase in cash and cash equivalents | $ | 7,484 | $ | 10,337 | $ | 9,538 | ||||||
Cash Flows from Operating Activities
In 2013, cash flows from operating activities of $25.1 million resulted from our net income of approximately $1.6 million, as adjusted by an increase in deferred revenues of $11.3 million, attributable to our continued growth. These working capital increases are further increased by non-cash items including depreciation and amortization expense of $9.6 million and stock-based compensation expense of $5.5 million. These working capital increases are partially offset by an increase in accounts receivable of $4.3 million, due to the overall growth of our business.
In 2012, operating activities provided $22.0 million in cash related to an increase of $13.7 million in deferred revenues, attributable to our continued growth and an increase in subscriptions exceeding one year; and net income of $2.3 million; adjusted by non-cash items including depreciation and amortization of $7.3 million and stock-based compensation of $3.5 million. These sources of cash were partially offset by an increase of $4.0 million in accounts receivable due to the overall growth of our business and a decrease of $1.4 million in accounts payable and accrued liabilities due to the timing of payments.
In 2011, operating activities provided $17.2 million in cash as a result of net income of $2.0 million, adjusted by non-cash items, including depreciation and amortization of $5.4 million and stock-based compensation of $2.1 million. Working capital sources of cash were related to an increase of $11.9 million in deferred revenues, attributable to our continued growth and an increase in subscriptions exceeding one year; a $4.0 million increase in accounts payable and accrued liabilities primarily related to increased headcount and operations; and a $1.8 million increase in other non-current liabilities related to obligations for multi-year maintenance and support agreements for third-party licensed technology. These sources of cash were partially offset by an increase of $6.7 million in accounts receivable due to the overall growth of our business as new bookings outpaced collections of existing receivables and a $3.6 million increase in prepaid expenses and other assets related to long-term maintenance contracts on third-party licensed technology.
Cash Flows from Investing Activities
In 2013, cash used in investing activities of $20.7 million was primarily attributable to $13.7 million of cash for capital expenditures, including computer hardware and software for our data centers to support our growth and development, and to purchase physical scanner appliances and computer hardware provided to certain customers as part of their subscriptions. Additionally, there were also purchases of investments of $145.3 million, partially offset by the sales and maturities of investments of $138.1 million.
In 2012, we invested $83.5 million of our IPO proceeds in short-term investments. In 2012 and 2011, we used $11.2 million and $7.5 million, respectively, of cash for capital expenditures, including computer hardware and software for our data centers to support our growth and development, and to purchase physical scanner appliances provided to certain customers as part of their subscriptions.
50
Cash Flows from Financing Activities
In 2013, cash provided by financing activities of $3.1 million was primarily attributable to $4.1 million of proceeds from the exercise of stock options, partially offset by repayments on our capital lease obligations of $1.2 million.
In 2012, cash provided by financing activities of $83.2 million was primarily attributable to proceeds of $84.5 million from our initial public offering, net of offering costs, and $2.1 million of proceeds from the exercise of stock options. These cash inflows were partially offset by repayments on our capital lease obligations of $2.4 million and payment of non-contingent consideration related to our Nemean acquisition of $1.0 million.
In 2011, cash used in financing activities of $10,000 was primarily attributable to repayments on our capital lease obligations of $1.5 million partially offset by $1.5 million of proceeds from the exercise of stock options and warrants.
Contractual Obligations
Our principal commitments consist of obligations under our outstanding leases for office space and third-party data centers, and capital lease and third-party software maintenance obligations. The following table summarizes our contractual cash obligations, including future interest payments, at December 31, 2013 and the effect such obligations are expected to have on our liquidity and cash flows in future periods:
Payment Due by Period | ||||||||||||||||||||
Contractual Obligations | Total | Less Than 1 Year | 1-3 Years | 3-5 Years | More than 5 Years | |||||||||||||||
(in thousands) | ||||||||||||||||||||
Operating lease obligations(1) | $ | 10,476 | $ | 4,014 | $ | 4,536 | $ | 1,891 | $ | 35 | ||||||||||
Capital lease obligations(2) | 812 | 812 | — | — | — | |||||||||||||||
Maintenance obligations(3) | 289 | 289 | — | — | — | |||||||||||||||
Total | $ | 11,577 | $ | 5,115 | $ | 4,536 | $ | 1,891 | $ | 35 | ||||||||||
(1) | Operating lease obligations represent our obligations to make payments under the lease agreements for our facilities, data centers and office equipment. |
(2) | Capital lease obligations represent financing on computer software purchases. |
(3) | Maintenance obligations relate to third-party software licenses. |
Off-Balance Sheet Arrangements
During the periods presented, we did not have, nor do we currently have, any relationships with unconsolidated entities or financial partnerships, such as entities often referred to as structured finance or special purpose entities.
Recent Accounting Pronouncements
See Note 1 to the consolidated financial statements in Part II, Item 8 of this Annual Report on Form10-K for a discussion of recent accounting pronouncements.
Critical Accounting Policies and Estimates
Our consolidated financial statements are prepared in accordance with U.S. GAAP. The preparation of these financial statements requires us to make estimates and assumptions that affect the reported amounts of assets, liabilities, revenues, expenses and related disclosures. On an ongoing basis, we evaluate our estimates and assumptions. Our actual results may differ from these estimates under different assumptions or conditions.
We believe that of our significant accounting policies, which are described in the notes to our consolidated financial statements, the following accounting policies involve the greatest degree of judgment and complexity and have the greatest potential impact on our consolidated financial statements. A critical accounting policy is one that is material to the presentation of our consolidated financial statements and requires us to make difficult, subjective or complex judgments for uncertain matters that could have a material effect on our financial condition and results of operations. Accordingly, these are the policies we believe are the most critical to aid in fully understanding and evaluating our financial condition and results of operations.
51
Revenue Recognition
We derive revenues from subscriptions that require customers to pay a fee in order to access our cloud solutions. The subscription fee entitles the customer to an unlimited number of scans for a specified number of networked devices or web applications and, if requested by a customer as part of their subscription, a specified number of physical or virtual scanner appliances. Our physical and virtual scanner appliances are requested by certain customers as part of their subscriptions in order to scan IT infrastructures within their firewalls and do not function without, and are not sold separately from, subscriptions for our solutions. Customers are required to return physical scanner appliances if they do not renew their subscriptions. In some limited cases, we also provide certain computer equipment used to extend our QualysGuard Cloud Platform into our customers’ private cloud environment. Customers generally enter into one year renewable annual subscriptions. We assess the ability to separate multiple deliverables in accordance with the relevant accounting literature.
We recognize revenues when all of the following conditions are met: (a) there is persuasive evidence of an arrangement; (b) the service has been provided to the customer; (c) the collection of the fees is reasonably assured; and (d) the amount of fees to be paid by the customer is fixed or determinable.
Subscriptions for unlimited scans and certain limited scan arrangements with firm expiration dates are recognized ratably over the period in which the services are performed, generally one year. We recognize revenues for certain other limited scan arrangements, where expiration dates can be extended, on an as-used basis. We recognize the subscription of physical scanner appliances and other computer equipment as revenues ratably over the period of the subscription, which is commensurate with the term of the related subscription. Because the customer’s access to our cloud solutions are delivered at the same time or within close proximity to the delivery of physical scanner appliances and the terms are commensurate for these services and equipment, we consider these elements as a single unit of accounting recognized ratably over the subscription term. Costs of shipping and handling charges associated with physical scanner appliances and other computer equipment are included in cost of revenues.
Deferred revenues consist of revenues billed or received that will be recognized in the future under subscriptions existing at the balance sheet date.
Income Taxes
We are subject to taxes in the United States as well as other tax jurisdictions in which we conduct business. Earnings from our non-U.S. activities are subject to local income tax and may be subject to U.S. income tax.
Income taxes are accounted for under the asset and liability method. Deferred tax assets and liabilities are recognized for the tax impact of timing differences between the financial statement carrying amounts of existing assets and liabilities and their respective tax bases and operating loss and tax credit carry-forwards. Deferred tax assets and liabilities are measured using statutory tax rates and laws expected to apply to taxable income in the years in which those temporary differences are expected to reverse. The effect on deferred tax assets and liabilities of a change in tax rates is recognized in income in the period in which the statutory rate change is enacted in law.
As of December 31, 2013, we had recorded a valuation allowance on our net deferred tax assets. In assessing the recoverability of deferred tax assets, management considers whether it is more likely than not that some portion or all of the deferred tax assets will be realized. The realization of deferred tax assets is dependent upon generation of future taxable income during the periods in which temporary differences such as loss carry-forwards and tax credits become deductible. Management considers projected future taxable income and tax planning strategies in making this assessment and ensuring that the deferred tax asset valuation allowance is adjusted as appropriate. As of December 31, 2013, based on the accumulation of negative evidence, such as inconsistent quarterly earnings, including operating losses in the three months ended March 31, 2013, March 31, 2012 and June 30, 2012, continued significant investment in sales personnel and marketing programs, research and development activities and in our infrastructure, and international expansion, management determined it was not more likely than not that the benefits of our deferred tax assets will be realized. If we determine in the future that we will be able to realize all or a portion of our net operating loss or tax credit carryforwards and other deferred tax assets, an adjustment to our net operating loss or tax credit carryforwards and other deferred tax assets would increase net income in the period in which we make such a determination.
We have assessed our income tax positions and recognized tax benefits for all years subject to examination, based upon evaluation of the facts, circumstances and information available at the end of each period. We recognize tax benefits from uncertain tax positions when it is more likely than not that the position will be sustained
52
upon examination, including resolutions of any related appeals or litigation processes, based on the technical merits of the position. We record interest and penalties related to unrecognized tax benefits in our provision for income taxes.
Significant judgment is required in evaluating tax positions and determining the provision for income taxes. The objectives of accounting for income taxes are to recognize the amount of taxes payable or refundable for the current year and the deferred tax liabilities and assets for the future tax consequences of events that have been recognized in an entity’s financial statements or tax returns. Variations in the actual outcome of these future tax consequences could materially impact our financial position, results of operations or cash flows.
Stock-Based Compensation
We recognize compensation expense for our employee stock options over the requisite service period for awards of equity instruments based on the grant-date fair value of those awards ultimately expected to vest. Forfeitures are estimated on the date of grant and revised if actual or expected forfeiture activity differs materially from original estimates.
Determining the appropriate fair value model and calculating the fair value of stock-based payment awards requires the use of highly subjective assumptions, including the expected life of the stock-based payment awards and stock price volatility. The assumptions used in calculating the fair value of stock-based payment awards represent management’s best estimates, but the estimates involve inherent uncertainties and the application of management’s judgment. As a result, if factors change and we use different assumptions, our stock-based compensation expense could be materially different in the future.
We also record compensation representing the fair value of stock options granted to non-employees. Stock-based non-employee compensation is recognized over the vesting periods of the options. The value of options granted to non-employees is periodically remeasured as they vest over a service period.
Until the completion of our IPO on October 3, 2012, we were a private company and lacked company-specific historical and implied volatility information. Accordingly, we have estimated our expected volatility based on the historical volatility of our self-designated peer group consisting of publicly-held companies selected because of the similarity of their industry, business model and financial risk profile. The expected volatility of options granted has been determined using an average of the historical volatility measures of this peer group of companies for a period equal to the expected term of the option. We intend to continue to consistently apply this process using the same or similar entities until such time that sufficient information regarding the volatility of our share price becomes available or we determine that other companies should be added or are no longer suitable.
The expected term of options was estimated by analyzing the historical period from grant to settlement of the stock option. This analysis includes exercises and forfeitures, and also gives consideration to the expected holding period for those options that were still outstanding. The risk-free interest rate is based on a daily treasury yield curve rate that has a term consistent with the expected life of the stock option. We have not paid and do not anticipate paying cash dividends on our common stock, and therefore our expected dividend yield is assumed to be zero. We also estimate forfeitures at the time of grant and revise those estimates in subsequent periods if actual forfeitures differ from those estimates. We use historical data to estimate pre-vesting option forfeitures and record stock-based compensation expense only for those awards that are expected to vest. If our actual forfeiture rate is materially different from our estimate, the stock-based compensation expense could be significantly different from what we have recorded in the current period.
Pre-IPO Common Stock Valuations
We have historically granted stock options at exercise prices equal to the fair value as determined by our board of directors on the date of grant, with inputs from management. Because our common stock was not publicly traded prior to our IPO, our board of directors exercised significant judgment in determining the fair value of our common stock on the date of grant based on a number of objective and subjective factors. Factors considered by our board of directors included:
• | contemporaneous independent valuations performed at periodic intervals by outside firms; |
• | our results of operations, financial condition and future financial projections; |
• | peer group trading multiples; |
53
• | changes in the company since the last time the board of directors approved option grants and made a determination of fair value; |
• | the illiquidity of shares of our common stock; and |
• | our future prospects and opportunity for liquidity events such as an initial public offering and possible strategic merger or sale. |
Significant Factors, Assumptions and Methodologies Used in Determining the Fair Value of Common Stock
Prior to our IPO in September 2012, our valuation analysis was conducted under a probability-weighted expected return method, or PWERM, as prescribed by the AICPA Practice Aid, Valuation of Privately-Held-Company Equity Securities Issued as Compensation. The PWERM approach employs various market approach and income approach calculations depending upon the likelihood of various liquidation scenarios. For each of the various scenarios, an equity value is estimated and the rights and preferences for each shareholder class are considered to allocate the equity value to common shares. The common share value is then multiplied by a discount factor reflecting the calculated discount rate and the timing of the event. Lastly, the common share value is multiplied by an estimated probability for each scenario. The probability and timing of each scenario are based upon discussions between our board of directors and our management team. Under the PWERM, the value of our common stock is based on upon three possible future events for our company:
• | Completion of an initial public offering; |
• | Strategic merger or sale; and |
• | Continuation as a private company. |
The market approach uses similar companies or transactions in the marketplace. We utilized the guideline publicly traded company method of the market approach for the initial public offering scenario and the guideline merged and acquired company method of the market approach for the strategic merger or sale scenario. We identified companies similar to our business and used this peer group of companies to develop relevant market multiples and ratios. We then applied these market multiples and ratios to our financial forecasts to create an indication of total equity value. The income approach, which we utilized to assess fair value of the common stock under the assumption we remained a private company, is an estimate of the present value of the future monetary benefits generated by an investment in that asset. Specifically, debt-free cash flows and the estimated terminal value are discounted at appropriate risk-adjusted discount rates to estimate the total invested capital value of the equity.
When considering which companies to include in our comparable peer companies, we focused on U.S. publicly traded companies in the IT security industry in which we operate and software-as-a-service companies with business models similar to ours. We considered a number of factors which required us to make judgments as to the comparability of these companies to ours, including business description, business size, revenue model, development stage and historical operating results. We then analyzed the business and financial profiles of the selected companies for similarities to us and, based on this assessment, we selected our comparable peer companies.
The selection of our comparable peer companies changed over time as we continued evaluating whether the selected companies remained comparable to us and considering recent initial public offerings and sale transactions. Based on these considerations, we believed the comparable peer companies were a representative group for purposes of performing contemporaneous valuations. However, there could be inherent differences that may impact comparability. Several of the comparable companies are larger than us in terms of total revenues and assets, and several have experienced net operating losses and have not yet generated net income.
Companies in the comparable peer group used for the initial public offering scenario were generally consistent with the peer group utilized to determine estimated volatility, subject to the following differences. The peer group of companies used to determine volatility was made up of a larger number of companies than that considered in our peer group for contemporaneous valuation purposes, primarily due to fewer common comparabilities to us. All but one company in our peer group used for contemporaneous valuation purposes were included in our peer group used to determine estimated volatility.
54
For all valuation periods presented, for the initial public offering scenario, we reviewed the forecasted twelve-month revenue and last twelve-month revenue multiples of comparable peer companies and selected an appropriate multiple based on our assessment of our comparability to these companies. We then applied the selected multiple to our forecasted twelve-month revenues and last twelve-month revenues and used an average of the two resulting values, which was weighted more heavily for the forecasted revenues, to determine our enterprise value under the initial public offering scenario.
For all valuation periods presented, for the merger or sale scenario, we reviewed the last twelve-month revenue and last twelve-month EBITDA multiples of comparable peer companies who were recently acquired and selected an appropriate multiple based on our assessment of our comparability to these companies. We then applied the selected multiple to our last twelve-month revenues and last twelve-month EBITDA and used an average of the two resulting values to determine our enterprise value under the merger or sale scenario.
We did not use comparable peer companies for any other estimates used in determining valuations. All other assumptions, such as the risk-adjusted discount rate, discount for lack of marketability, expected term and interest rate, were determined based on the analysis performed by us without reference to comparable peer companies.
Post-IPO Common Stock Valuations
Following our IPO, we established a policy of using the closing sales price per share as quoted on the NASDAQ Stock Market on the date of grant for purposes of determining the exercise price per share for our common stock options.
Fair Value Measurement
Fair value is defined as the price that would be received to sell an asset or paid to transfer a liability in an orderly transaction between market participants at the measurement date. For certain of our financial instruments, including cash and certain cash equivalents, accounts receivable, accounts payable, and other current liabilities, the carrying amounts approximate their fair value due to the relatively short maturity of these balances.
We measure and report certain cash equivalents, investments and derivative forward currency contracts at fair value in accordance with the provisions of the authoritative accounting guidance that addresses fair value measurements. This guidance establishes a hierarchy for inputs used in measuring fair value that maximizes the use of observable inputs and minimizes the use of unobservable inputs by requiring that the most observable inputs be used when available. The hierarchy is broken down into three levels based on the reliability of inputs as follows:
Level 1—Valuations based on quoted prices in active markets for identical assets or liabilities.
Level 2—Valuations based on other than quoted prices in active markets for identical assets and liabilities, quoted prices for identical or similar assets or liabilities in inactive markets, or other inputs that are observable or can be corroborated by observable market data for substantially the full term of the assets or liabilities.
Level 3—Valuations based on inputs that are generally unobservable and typically reflect management’s estimates of assumptions that market participants would use in pricing the asset or liability.
Our financial instruments consist of assets measured using Level 1 and 2 inputs. Level 1 assets include a highly liquid money market fund, which is valued using unadjusted quoted prices that are available in an active market for an identical asset. Level 2 assets include fixed-income U.S. government agency securities, commercial paper, corporate bonds, municipal bonds, asset-backed securities and derivative financial instruments consisting of forward currency contracts. The securities, bonds and commercial paper are valued using prices from independent pricing services based on quoted prices in active markets for similar instruments or on industry models using data inputs such as interest rates and prices that can be directly observed or corroborated in active markets. The foreign currency forward contracts are valued using observable inputs.
55
Item 7A. | Quantitative and Qualitative Disclosures about Market Risk |
We have domestic and international operations and we are exposed to market risks in the ordinary course of our business. These risks primarily include interest rate, foreign exchange and inflation risks, as well as risks relating to changes in the general economic conditions in the countries where we conduct business. To reduce certain of these risks, we monitor the financial condition of our large customers and limit credit exposure by collecting subscription fees in advance.
Foreign Currency Risk
Our results of operations and cash flows have been and will continue to be subject to fluctuations because of changes in foreign currency exchange rates, particularly changes in exchange rates between the U.S. dollar and the Euro and British pound, the currencies of countries where we currently have our most significant international operations. A portion of our invoicing is denominated in the Euro, British pound and Japanese yen. Our expenses in international locations are generally denominated in the currencies of the countries in which our operations are located.
We use use foreign exchange forward contracts to partially mitigate the impact of fluctuations in cash and accounts receivable balances denominated in Euros and British pound. We do not use these contracts for speculative or trading purposes, nor are they designated as hedges. These contracts typically have a maturity of one month, and we record gains and losses from these instruments in other income (expense), net. The effect of an immediate 10% adverse change in foreign exchange rates would not be material to our financial condition, operating results or cash flows.
Interest Rate Sensitivity
We have $132.8 million in cash, cash equivalents and short-term and long-term investments at December 31, 2013. Cash and cash equivalents include cash held in banks, highly liquid money market funds and commercial paper. Investments consist of fixed-income U.S. government agency securities, corporate bonds, municipal bonds, asset-backed securities and commercial paper. All of these investments, excluding long-term investments, have maturities of less than one year from date of purchase. Long-term investments have maturities that extend more than one year from date of purchase.
The primary objectives of our investment activities are the preservation of principal and support of our liquidity requirements. We do not enter into investments for trading or speculative purposes. Our investments are subject to market risk due to changes in interest rates, which may affect the interest income we earn and the fair market value. Due to the nature of these investments held as available-for-sale securities, we do not believe that a 10% increase or decrease in interest rates would have a material impact on our operating results or cash flows.
56
Item 8. | Financial Statements and Supplementary Data |
Qualys, Inc.
INDEX TO CONSOLIDATED FINANCIAL STATEMENTS
Table of Contents
Page | |
Report of Independent Registered Public Accounting Firm | |
Consolidated Balance Sheets | |
Consolidated Statements of Income | |
Consolidated Statements of Comprehensive Income | |
Consolidated Statements of Cash Flows | |
Consolidated Statements of Convertible Preferred Stock and Stockholders' Equity (Deficit) | |
Notes to Consolidated Financial Statements | |
57
Report of Independent Registered Public Accounting Firm
Board of Directors and Stockholders
Qualys, Inc.
We have audited the accompanying consolidated balance sheets of Qualys, Inc. (a Delaware corporation) and subsidiaries (the “Company”) as of December 31, 2013 and 2012 and the related consolidated statements of income, comprehensive income, cash flows and convertible preferred stock and stockholders’ equity (deficit) for each of the three years in the period ended December 31, 2013. Our audits of the basic consolidated financial statements included the financial statement schedule listed in the index appearing under Item 15(a)(2). These financial statements and financial statement schedule are the responsibility of the Company’s management. Our responsibility is to express an opinion on these financial statements and financial statement schedule based on our audits.
We conducted our audits in accordance with the standards of the Public Company Accounting Oversight Board (United States). Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement. We were not engaged to perform an audit of the Company’s internal control over financial reporting. Our audits included consideration of internal control over financial reporting as a basis for designing audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the Company’s internal control over financial reporting. Accordingly, we express no such opinion. An audit also includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements, assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. We believe that our audits provide a reasonable basis for our opinion.
In our opinion, the consolidated financial statements referred to above present fairly, in all material respects, the financial position of Qualys, Inc. and subsidiaries as of December 31, 2013 and 2012, and the results of their operations and their cash flows for each of the three years in the period ended December 31, 2013 in conformity with accounting principles generally accepted in the United States of America. Also in our opinion, the related financial statement schedule, when considered in relation to the basic consolidated financial statements taken as a whole, presents fairly, in all material respects, the information set forth therein.
/s/ GRANT THORNTON LLP
San Francisco, California
February 28, 2014
58
Qualys, Inc.
CONSOLIDATED BALANCE SHEETS
(in thousands, except share and per share data)
December 31, | ||||||||
2013 | 2012 | |||||||
Assets | ||||||||
Current assets: | ||||||||
Cash and cash equivalents | $ | 42,369 | $ | 34,885 | ||||
Short-term investments | 54,827 | 83,547 | ||||||
Accounts receivable, net of allowance of $389 and $331 at December 31, 2013 and 2012, respectively | 28,581 | 24,545 | ||||||
Prepaid expenses and other current assets | 4,679 | 4,377 | ||||||
Total current assets | 130,456 | 147,354 | ||||||
Long-term investments | 35,608 | — | ||||||
Property and equipment, net | 23,075 | 18,148 | ||||||
Intangible assets, net | 2,394 | 2,811 | ||||||
Goodwill | 317 | 317 | ||||||
Other noncurrent assets | 753 | 1,688 | ||||||
Total assets | $ | 192,603 | $ | 170,318 | ||||
Liabilities and Stockholders’ Equity | ||||||||
Current liabilities: | ||||||||
Accounts payable | $ | 1,930 | $ | 2,031 | ||||
Accrued liabilities | 9,037 | 7,803 | ||||||
Deferred revenues, current | 67,505 | 56,497 | ||||||
Capital lease obligations, current | 805 | 1,183 | ||||||
Total current liabilities | 79,277 | 67,514 | ||||||
Deferred revenues, noncurrent | 8,889 | 8,616 | ||||||
Income taxes payable, noncurrent | 717 | 594 | ||||||
Other noncurrent liabilities | 603 | 1,231 | ||||||
Capital lease obligations, noncurrent | — | 808 | ||||||
Total liabilities | 89,486 | 78,763 | ||||||
Commitments and contingencies (Note 6) | ||||||||
Stockholders’ equity: | ||||||||
Preferred stock: $0.001 par value; 20,000,000 shares authorized, no shares issued and outstanding at December 31, 2013 and 2012 | — | — | ||||||
Common stock, $0.001 par value; 1,000,000,000 shares authorized, 32,375,299 and 31,420,028 shares issued and outstanding at December 31, 2013 and 2012, respectively | 32 | 31 | ||||||
Additional paid-in capital | 176,641 | 166,651 | ||||||
Accumulated other comprehensive loss | (1,088 | ) | (1,035 | ) | ||||
Accumulated deficit | (72,468 | ) | (74,092 | ) | ||||
Total stockholders’ equity | 103,117 | 91,555 | ||||||
Total liabilities and stockholders’ equity | $ | 192,603 | $ | 170,318 | ||||
See accompanying Notes to Consolidated Financial Statements
Qualys, Inc.
CONSOLIDATED STATEMENTS OF INCOME
(in thousands, except per share data)
Year Ended December 31, | ||||||||||||
2013 | 2012 | 2011 | ||||||||||
Revenues | $ | 107,962 | $ | 91,420 | $ | 76,212 | ||||||
Cost of revenues | 24,660 | 18,404 | 13,247 | |||||||||
Gross profit | 83,302 | 73,016 | 62,965 | |||||||||
Operating expenses: | ||||||||||||
Research and development | 21,678 | 20,195 | 19,633 | |||||||||
Sales and marketing | 42,523 | 37,738 | 31,526 | |||||||||
General and administrative | 16,792 | 12,079 | 8,900 | |||||||||
Total operating expenses | 80,993 | 70,012 | 60,059 | |||||||||
Income from operations | 2,309 | 3,004 | 2,906 | |||||||||
Other income (expense), net: | ||||||||||||
Interest expense | (43 | ) | (192 | ) | (204 | ) | ||||||
Interest income | 375 | 14 | 14 | |||||||||
Other income (expense), net | (517 | ) | (188 | ) | (346 | ) | ||||||
Total other income (expense), net | (185 | ) | (366 | ) | (536 | ) | ||||||
Income before provision for income taxes | 2,124 | 2,638 | 2,370 | |||||||||
Provision for income taxes | 500 | 358 | 416 | |||||||||
Net income | $ | 1,624 | $ | 2,280 | $ | 1,954 | ||||||
Net income attributable to common stockholders | $ | 1,622 | $ | 1,076 | $ | 436 | ||||||
Net income per share attributable to common stockholders: | ||||||||||||
Basic | $ | 0.05 | $ | 0.09 | $ | 0.09 | ||||||
Diluted | $ | 0.05 | $ | 0.08 | $ | 0.08 | ||||||
Weighted average shares used in computing net income per share attributable to common stockholders: | ||||||||||||
Basic | 31,914 | 11,891 | 5,053 | |||||||||
Diluted | 35,973 | 28,352 | 24,194 | |||||||||
See accompanying Notes to Consolidated Financial Statements
59
Qualys, Inc.
CONSOLIDATED STATEMENTS OF COMPREHENSIVE INCOME
(in thousands)
Year Ended December 31, | ||||||||||||
2013 | 2012 | 2011 | ||||||||||
Net income | $ | 1,624 | $ | 2,280 | $ | 1,954 | ||||||
Change in foreign currency translation gain (loss), net of zero tax | (83 | ) | (59 | ) | (166 | ) | ||||||
Available-for-sale investments: | ||||||||||||
Change in net unrealized gain on investments, net of zero tax | 38 | 8 | — | |||||||||
Less: reclassification adjustment for net gain included in net income | (8 | ) | — | — | ||||||||
Net change, net of zero tax | 30 | 8 | — | |||||||||
Other comprehensive income (loss), net | (53 | ) | (51 | ) | (166 | ) | ||||||
Comprehensive income | $ | 1,571 | $ | 2,229 | $ | 1,788 | ||||||
See accompanying Notes to Consolidated Financial Statements
60
Qualys, Inc.
CONSOLIDATED STATEMENTS OF CASH FLOWS
(in thousands)
Year Ended December 31, | ||||||||||||
2013 | 2012 | 2011 | ||||||||||
(in thousands) | ||||||||||||
Cash flows from operating activities: | ||||||||||||
Net income | $ | 1,624 | $ | 2,280 | $ | 1,954 | ||||||
Adjustments to reconcile net income to net cash provided by operating activities: | ||||||||||||
Depreciation and amortization expense | 9,612 | 7,341 | 5,373 | |||||||||
Bad debt expense | 307 | 218 | 193 | |||||||||
Loss on disposal of property and equipment | 12 | 10 | 1 | |||||||||
Stock-based compensation | 5,506 | 3,452 | 2,147 | |||||||||
Non-cash interest expense | — | 24 | 36 | |||||||||
Amortization of premiums on investments | 282 | 7 | — | |||||||||
Changes in operating assets and liabilities: | ||||||||||||
Accounts receivable | (4,343 | ) | (4,014 | ) | (6,651 | ) | ||||||
Prepaid expenses and other assets | 510 | 92 | (3,564 | ) | ||||||||
Accounts payable | (112 | ) | (242 | ) | 1,248 | |||||||
Accrued liabilities | 303 | (1,110 | ) | 2,752 | ||||||||
Deferred revenues | 11,281 | 13,683 | 11,885 | |||||||||
Other noncurrent liabilities | 164 | 211 | 1,816 | |||||||||
Net cash provided by operating activities | 25,146 | 21,952 | 17,190 | |||||||||
Cash flows from investing activities: | ||||||||||||
Purchases of investments | (145,263 | ) | (83,547 | ) | — | |||||||
Sales and maturities of investments | 138,124 | — | — | |||||||||
Purchases of property and equipment | (13,663 | ) | (11,188 | ) | (7,499 | ) | ||||||
Release of restricted cash | 114 | — | — | |||||||||
Purchases of intangible assets | — | (49 | ) | — | ||||||||
Net cash used in investing activities | (20,688 | ) | (94,784 | ) | (7,499 | ) | ||||||
Cash flows from financing activities: | ||||||||||||
Proceeds from initial public offering, net of offering costs | — | 84,534 | — | |||||||||
Proceeds from exercise of stock options | 4,073 | 1,685 | 948 | |||||||||
Proceeds from early exercise of stock options | 40 | 384 | 390 | |||||||||
Income tax benefits from exercise of stock options | 150 | — | — | |||||||||
Proceeds from issuance of Series C Preferred Stock | — | — | 128 | |||||||||
Principal payments under capital lease obligations | (1,186 | ) | (2,401 | ) | (1,476 | ) | ||||||
Non-contingent payment related to acquisition | — | (1,000 | ) | — | ||||||||
Net cash provided by (used in) financing activities | 3,077 | 83,202 | (10 | ) | ||||||||
Effect of exchange rate changes on cash and cash equivalents | (51 | ) | (33 | ) | (143 | ) | ||||||
Net increase in cash and cash equivalents | 7,484 | 10,337 | 9,538 | |||||||||
Cash and cash equivalents at beginning of period | 34,885 | 24,548 | 15,010 | |||||||||
Cash and cash equivalents at end of period | $ | 42,369 | $ | 34,885 | $ | 24,548 | ||||||
Supplemental disclosures of cash flow information | ||||||||||||
Cash paid for interest expense | $ | 43 | $ | 162 | $ | 128 | ||||||
Cash paid for income taxes, net of refunds | 390 | 299 | 108 | |||||||||
Non-cash investing and financing activities | ||||||||||||
Purchase of property and equipment recorded in accrued liabilities | 487 | — | — | |||||||||
Purchase of property and equipment under capital lease | — | — | 3,100 | |||||||||
Vesting of early exercised common stock options | 262 | 155 | 52 | |||||||||
Conversion of convertible preferred stock to common stock | — | 63,873 | — | |||||||||
Issuance of common stock for acquisition of license | — | 51 | — | |||||||||
See accompanying Notes to Consolidated Financial Statements
61
Qualys, Inc.
CONSOLIDATED STATEMENTS OF CONVERTIBLE PREFERRED STOCK
AND STOCKHOLDERS’ EQUITY (DEFICIT)
(in thousands, except share data)
Convertible Preferred Stock | Common Stock | Additional Paid-In Capital | Accumulated Other Comprehensive Loss | Accumulated Deficit | Total Stockholders’ Equity (Deficit) | |||||||||||||||||||||||||
Shares | Amount | Shares | Amount | |||||||||||||||||||||||||||
(in thousands, except share data) | ||||||||||||||||||||||||||||||
Balances at December 31, 2010 | 17,562,410 | $ | 63,745 | 4,862,351 | $ | 5 | $ | 9,738 | $ | (818 | ) | $ | (78,326 | ) | $ | (69,401 | ) | |||||||||||||
Net income | — | — | — | — | — | — | 1,954 | 1,954 | ||||||||||||||||||||||
Foreign currency translation | — | — | — | — | — | (166 | ) | — | (166 | ) | ||||||||||||||||||||
Issuance of Series C Preferred Stock upon exercise of warrants | 34,848 | 128 | — | — | — | — | — | — | ||||||||||||||||||||||
Issuance of common stock upon exercise of stock options | — | — | 432,687 | — | 948 | — | — | 948 | ||||||||||||||||||||||
Vesting of early exercised common stock options | — | — | — | — | 52 | — | — | 52 | ||||||||||||||||||||||
Repurchase of unvested early exercised stock options | — | — | (1,000 | ) | — | — | — | — | — | |||||||||||||||||||||
Issuance of common stock in exchange for services | — | — | 6,250 | — | 59 | — | — | 59 | ||||||||||||||||||||||
Stock-based compensation | — | — | — | — | 2,088 | — | — | 2,088 | ||||||||||||||||||||||
Other adjustments | — | — | — | — | 42 | — | — | 42 | ||||||||||||||||||||||
Balances at December 31, 2011 | 17,597,258 | 63,873 | 5,300,288 | 5 | 12,927 | (984 | ) | (76,372 | ) | (64,424 | ) | |||||||||||||||||||
Net income | — | — | — | — | — | — | 2,280 | 2,280 | ||||||||||||||||||||||
Foreign currency translation | — | — | — | — | — | (59 | ) | — | (59 | ) | ||||||||||||||||||||
Change in unrealized gain(loss) on short-term investments | — | — | — | — | — | 8 | — | 8 | ||||||||||||||||||||||
Issuance of common stock upon initial public offering, net of offering costs | — | — | 7,836,250 | 8 | 84,526 | — | 84,534 | |||||||||||||||||||||||
Conversion of preferred stock to common stock upon initial public offering | (17,597,258 | ) | (63,873 | ) | 17,597,258 | 17 | 63,856 | — | 63,873 | |||||||||||||||||||||
Issuance of common stock upon exercise of stock options | — | — | 724,316 | 1 | 1,684 | — | — | 1,685 | ||||||||||||||||||||||
Vesting of early exercised common stock options | — | — | — | — | 155 | — | — | 155 | ||||||||||||||||||||||
Repurchase of unvested early exercised stock options | — | — | (60,126 | ) | — | — | — | — | — | |||||||||||||||||||||
Issuance of common stock in exchange for services | — | — | 15,945 | — | 45 | — | — | 45 | ||||||||||||||||||||||
Issuance of common stock for acquisition of license | — | — | 6,097 | — | 51 | — | — | 51 | ||||||||||||||||||||||
Stock-based compensation | — | — | — | — | 3,407 | — | — | 3,407 | ||||||||||||||||||||||
Balances at December 31, 2012 | — | — | 31,420,028 | 31 | 166,651 | (1,035 | ) | (74,092 | ) | 91,555 | ||||||||||||||||||||
Net income | — | — | — | — | — | — | 1,624 | 1,624 | ||||||||||||||||||||||
Foreign currency translation | — | — | — | — | — | (83 | ) | — | (83 | ) | ||||||||||||||||||||
Change in unrealized gain (loss) on investments | — | — | — | — | — | 30 | — | 30 | ||||||||||||||||||||||
Issuance of common stock upon exercise of stock options | — | — | 952,871 | 1 | 4,072 | — | — | 4,073 | ||||||||||||||||||||||
Vesting of early exercised common stock options | — | — | — | — | 262 | — | — | 262 | ||||||||||||||||||||||
Income tax benefits from exercise of stock options | — | — | — | — | 150 | — | — | 150 | ||||||||||||||||||||||
Repurchase of unvested early exercised stock options | — | (500 | ) | — | — | — | — | — | ||||||||||||||||||||||
Issuance of common stock in exchange for services | — | — | 2,900 | — | 41 | — | — | 41 | ||||||||||||||||||||||
Stock-based compensation | — | — | — | — | 5,465 | — | — | 5,465 | ||||||||||||||||||||||
Balances at December 31, 2013 | — | $ | — | 32,375,299 | $ | 32 | $ | 176,641 | $ | (1,088 | ) | $ | (72,468 | ) | $ | 103,117 | ||||||||||||||
See accompanying Notes to Consolidated Financial Statements
62
Qualys, Inc.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
NOTE 1. | The Company and Summary of Significant Accounting Policies |
Description of Business
Qualys, Inc. (the “Company”) was incorporated in the state of Delaware on December 30, 1999. The Company is headquartered in Redwood City, California and has majority-owned subsidiaries throughout the world. The Company is a pioneer and leading provider of cloud security and compliance solutions that enable organizations to identify security risks to their IT infrastructures, help protect their IT systems and applications from ever-evolving cyber attacks and achieve compliance with internal policies and external regulations. The Company’s cloud solutions address the growing security and compliance complexities and risks that are amplified by the dissolving boundaries between internal and external IT infrastructures and web environments, the rapid adoption of cloud computing and the proliferation of geographically dispersed IT assets. Organizations can use the Company’s integrated suite of solutions delivered on its QualysGuard Cloud Platform to cost-effectively obtain a unified view of their security and compliance posture across globally-distributed IT infrastructures.
Initial Public Offering
On October 3, 2012, the Company closed its initial public offering ("IPO") of 8,711,250 shares of common stock at an offering price of $12.00 per share. The offering included 7,836,250 shares sold and issued by the Company and 875,000 shares sold by selling stockholders. The shares sold in the offering included 1,136,250 shares sold by the Company pursuant to the underwriters’ full exercise of their over-allotment option. The net proceeds to the Company from the offering were approximately $87.5 million after deducting underwriting discounts and commissions, and before deducting total expenses in connection with this offering of $2.9 million. Immediately prior to the closing, all of the Company’s 17,597,258 outstanding shares of convertible preferred stock converted into an equivalent number of shares of common stock. The related carrying value of the convertible preferred stock of $63.9 million was reclassified to common stock and additional paid-in capital at the time of the conversion.
Basis of Presentation
The accompanying consolidated financial statements and footnotes have been prepared in accordance with accounting principles generally accepted in the United States (“U.S. GAAP”) and include all adjustments necessary for the fair presentation of the Company’s consolidated financial position, results of operations and cash flows for the periods presented. The accompanying consolidated financial statements include the accounts of the Company and its majority-owned subsidiaries. All significant intercompany transactions and balances have been eliminated.
Certain prior year amounts have been reclassified to conform to the current year presentation. These reclassifications did not change previously reported total assets, liabilities, convertible preferred stock, stockholders' equity (deficit), income from operations or net income.
Use of Estimates
The preparation of the consolidated financial statements in conformity with U.S. GAAP requires management to make certain estimates and assumptions that affect the reported amounts of assets and liabilities and disclosure of contingent assets and liabilities at the date of the consolidated financial statements and the reported results of operations during the reporting period. The Company’s management regularly assesses these estimates, which primarily affect revenue recognition, the valuation of accounts receivable, goodwill and intangible assets, common stock, stock-based compensation and the valuation allowances associated with deferred tax assets. Actual results could differ from those estimates and such differences may be material to the accompanying consolidated financial statements.
Concentration of Credit Risk
The Company invests its cash and cash equivalents with major financial institutions. Cash balances with any one institution at times may be in excess of federally insured limits. Cash equivalents are invested in high-quality investment grade financial instruments and are diversified. The Company has not experienced any losses in such accounts and believes it is not exposed to any significant credit risk.
63
Qualys, Inc.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (Continued)
Credit risk with respect to accounts receivable is dispersed due to the large number of customers. In addition, the Company’s credit risk is mitigated by the relatively short collection period. Collateral is not required for accounts receivable. The Company maintains an allowance for potential credit losses based upon the expected collectability of accounts receivable. The Company writes off its receivables when collectability is deemed to be doubtful. As of December 31, 2013 and 2012, no customer or channel partner accounted for more than 10% of the Company's accounts receivable balance.
Cash, Cash Equivalents, Short-Term and Long-Term Investments
Cash and cash equivalents include cash held in banks and highly liquid money market funds and commercial paper, all with original maturities of three months or less when acquired. The Company’s investments consist of fixed-income U.S. government agency securities, corporate bonds, municipal bonds, asset-backed securities and commercial paper. Management determines the appropriate classification of the Company's investments at the time of purchase and reevaluates such designation at each balance sheet date. The Company classifies its investments as either short-term or long-term based on each instrument's underlying contractual maturity date.
Cash is stated at cost, which approximates fair market value. Cash equivalents and short-term and long-term investments are classified as available-for-sale and are carried at fair value. Unrealized gains and losses in fair value are reported in other comprehensive income (loss). When the available-for-sale securities are sold, cost is based on the specific identification method, and the realized gains and losses are included in other income (expense) in the consolidated statements of income. Short-term and long-term investments are reviewed quarterly for impairment that is deemed to be other-than-temporary. An investment is considered other-than-temporarily impaired when its fair value is below its amortized cost and (1) there is an intent to sell the security, (2) it is “more likely than not” that the security will be sold before recovery of its amortized cost basis or (3) the present value of expected cash flows from the investment is not expected to recover the entire amortized cost basis. Declines in value that are considered to be other-than-temporary and adjustments to amortized cost for the amortization of premiums and the accretion of discounts are recorded in other income (expense). Interest and dividends are recorded in interest income as earned.
Accounts Receivable
Accounts receivable are recorded at the invoiced amount and do not bear interest. The allowance for doubtful accounts represents the Company’s best estimate of the amount of probable credit losses and is determined based on a review of existing accounts receivable by aging category to identify significant customers or invoices with collectability issues. For those invoices not specifically reviewed, the reserve is calculated based on the age of the receivable.
Any change in the assumptions used in analyzing a specific account receivable may result in an additional provision for doubtful accounts being recognized in the period in which the change occurs. When the Company ultimately concludes that a receivable is uncollectible, the balance is written off against the allowance for doubtful accounts. Payments subsequently received on such receivables are credited back to the allowance for doubtful accounts.
Property and Equipment, net
Property and equipment are stated at cost less accumulated depreciation and amortization. Depreciation is computed using the straight-line method over the estimated useful lives of the assets, which range from three to five years. Leasehold improvements are amortized on a straight-line basis over the lesser of the estimated useful life of the asset or the lease term. Property under capital lease is amortized over the term of the respective lease or the estimated useful life of the asset, whichever is shorter.
The Company purchases physical scanner appliances and other computer equipment that are provided on a subscription basis. This equipment is recorded within property and equipment on the accompanying consolidated balance sheet, and the depreciation is recorded to cost of revenues over an estimated useful life of three years.
64
Qualys, Inc.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (Continued)
Upon retirement or disposal, the cost of assets and the related accumulated depreciation are removed from the accounts and any resulting gain or loss is reflected in the consolidated statements of operations. Repairs and maintenance that do not extend the life of an asset are expensed as incurred and major improvements are capitalized as property and equipment.
Impairment of Long-Lived Assets
The Company evaluates its long-lived assets, which consist of property and equipment, and intangible assets subject to amortization, for indicators of possible impairment when events or changes in circumstances indicate the carrying amount of an asset may not be recoverable. Impairment exists if the carrying amounts of such assets exceed the estimates of future undiscounted cash flows expected to be generated by such assets. Should an impairment exist, the impairment loss would be measured based on the excess carrying value of the asset over the asset’s estimated fair value. As of December 31, 2013 and 2012, the Company has not written down any of its long-lived assets as a result of impairment.
Goodwill and Intangible Assets
Goodwill represents the excess of the purchase price over the fair value of the net tangible and identifiable intangible assets acquired in a business combination and is not subject to amortization. Goodwill and other intangible assets with indefinite lives are not amortized, but tested for impairment annually or if certain circumstances indicate a possible impairment may exist. These tests are performed at the reporting unit level. The Company’s operations are organized as one reporting unit.
In testing for a potential impairment of goodwill, the Company first performs a qualitative assessment of its reporting unit to determine if it is more likely than not (a more than 50% likelihood) that the fair value of the reporting unit is less than its carrying amount. If the fair value is not considered to be less than the carrying amount, no further evaluation is necessary. The Company performed the annual qualitative assessment for the year ended December 31, 2013 and concluded there was no impairment of goodwill.
In testing for a potential impairment of intangible assets with indefinite lives that are not subject to amortization, the Company first performs a qualitative assessment to determine if it is more likely than not (a more than 50% likelihood) that the fair value of the indefinite-lived intangible assets is less than the carrying amount. If the fair value is not considered to be less than the carrying amount, no further evaluation is necessary. The Company performed the annual qualitative assessment as of December 31, 2013 and concluded there was no impairment of the indefinite-lived intangible assets.
If the qualitative assessment indicates there is more than a 50% likelihood that the fair value is less than the carrying amount, the Company would perform a two-step test. In the first step, the carrying value of the reporting unit or intangible asset is compared to its estimated fair value. If the estimated fair value is less than the carrying value, then potential impairment exists. In the second step, for goodwill, the Company calculates the amount of any impairment by determining the implied fair value of goodwill using a hypothetical purchase price allocation, similar to that which would be applied if it were an acquisition and the purchase price was equivalent to fair value as calculated in the first step. Impairment is equivalent to any excess of goodwill carrying value over its implied fair value. For indefinite-lived intangible assets, the Company performs the currently prescribed quantitative impairment test by comparing the fair value of the indefinite-lived intangible asset with its carrying value.
Certain other intangible assets acquired are amortized over their estimated useful lives and tested for impairment if certain circumstances indicate an impairment may exist. The Company’s intangible assets are comprised primarily of existing technology, patent license, and non-competition agreements and are amortized over periods ranging from three to fourteen years on a straight-line basis.
65
Qualys, Inc.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (Continued)
Software Development Costs
The Company capitalizes qualifying software costs developed or obtained for internal use. These costs generally include internal costs, such as payroll and benefits of those employees directly associated with the development of the software. Total capitalized development costs are $0.3 million at December 31, 2013 and 2012. The capitalized development costs are recorded within other noncurrent assets and were fully amortized at December 31, 2013 and 2012.
Derivative Financial Instruments
Derivative financial instruments are utilized by the Company to reduce foreign currency exchange risks. The Company uses foreign currency forward contracts to mitigate the impact of foreign currency fluctuations of certain non-U.S. dollar denominated asset positions, primarily cash and accounts receivable. These contracts are recorded within prepaid expenses and other current assets in the consolidated balance sheets. Gains and losses resulting from currency exchange rate movements on these forward contracts are recognized in other income (expense) in the accompanying consolidated statements of income in the period in which the exchange rates change and offset the foreign currency gains and losses on the underlying exposure being hedged. The Company does not enter into derivative financial instruments for trading or speculative purposes.
At December 31, 2013, the Company had two outstanding forward contracts with notional amounts of 6.3 million Euros and 2.0 million British Pounds, which expired on January 31, 2014. At December 31, 2012, the Company had one outstanding forward contract with a notional amount of 10.7 million Euros, which expired on January 31, 2013. These contracts were entered into as of December 31, 2013 and 2012 respectively, and thus the fair value of the contracts was $0 at December 31, 2013 and 2012. The Company began to use these forward contracts in December 2011. In 2013, the Company recorded a loss of $0.8 million from these contracts, which was partially offset by foreign currency transaction gains of $0.2 million for the year. In 2012, the Company recorded a loss of $0.4 million from these contracts, which was partially offset by foreign currency transaction gains of $0.2 million for the year. These derivatives were not designated as hedges.
Stock-Based Compensation
The Company recognizes stock-based compensation expense for its employee stock options over the requisite service period for awards of equity instruments based on the grant-date fair value of those awards expected to vest. Forfeitures are estimated on the date of grant and revised if actual or expected forfeiture activity differs materially from original estimates.
Option grants to non-employees are accounted for at the fair value of the equity instrument issued, as calculated using the Black-Scholes model and the expense is recognized over the period in which services are received. The stock-based compensation expense for non-employees is subject to periodic adjustments as the options vest.
Revenue Recognition
The Company derives revenues from subscriptions that require customers to pay a fee in order to access the Company’s cloud solutions. Customers generally enter into one year renewable subscriptions. The subscription fee entitles the customer to an unlimited number of scans for a specified number of networked devices or web applications and, if requested by a customer as part of their subscription, a specified number of physical or virtual scanner appliances. The Company’s physical and virtual scanner appliances are requested by certain customers as part of their subscriptions in order to scan IT infrastructures within their firewalls and do not function without, and are not sold separately from, subscriptions for the Company’s solutions. Customers are required to return physical scanner appliances if they do not renew their subscriptions.
The Company recognizes revenues when all of the following conditions are met:
• | There is persuasive evidence of an arrangement. |
• | The service has been provided to the customer. |
• | The collection of the fees is reasonably assured. |
66
Qualys, Inc.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (Continued)
• | The amount of fees to be paid by the customer is fixed or determinable. |
Subscriptions are recognized ratably over the subscription period. The Company recognizes revenues from subscriptions that include physical scanner appliances and other computer equipment ratably over the period of the subscription. Because the customer’s access to the Company’s cloud solutions are delivered at the same time as or within close proximity to the delivery of physical scanner appliances and the terms are commensurate for these services and equipment, the Company considers these elements as a single unit of accounting recognized ratably over the subscription period.
Deferred revenues consist of revenues billed or received that will be recognized in the future under subscriptions existing at the balance sheet date. The current portion of deferred revenues represents amounts that are expected to be recognized within one year of the balance sheet date.
Costs of shipping and handling charges incurred by the Company associated with physical scanner appliances and other computer equipment are included in cost of revenues.
Sales taxes and other taxes collected from customers to be remitted to government authorities are excluded from revenues.
Advertising Expenses
Advertising costs are expensed as incurred and include costs of advertising, trade show costs and promotional materials. The Company incurred advertising costs of $4.2 million, $4.3 million, and $4.1 million for 2013, 2012 and 2011, respectively.
Income Taxes
The Company uses the asset and liability method to account for income taxes. Under this method, deferred tax assets and liabilities are determined based on differences between the financial reporting and tax basis of assets and liabilities. Deferred tax assets and liabilities are measured using statutory tax rates and laws that will be in effect when the differences are expected to reverse. A valuation allowance is established, when necessary, to reduce deferred tax assets to the amount expected to be realized.
The Company operates in various tax jurisdictions and is subject to audit by various tax authorities. Tax positions are based upon their technical merits, relevant tax law and the specific facts and circumstances as of each reporting period. Changes in facts and circumstances could result in material changes to the amounts recorded for such tax positions. A tax position is only recognized in the financial statements if it is “more likely than not” to be sustained based solely on its technical merits as of the reporting date. The Company considers many factors when evaluating and estimating its tax positions and tax benefits, which may require periodic adjustments that could result in recognition of additional tax benefits or additional charges to the tax provision and may not accurately reflect the actual outcomes. The Company’s policy is to recognize interest and penalties relating to unrecognized tax benefits as a component of the provision for income taxes.
Other Comprehensive Income (Loss)
Other comprehensive income (loss) consists of foreign currency translation adjustments and unrealized gains (losses) on available-for-sale investments, which are not included in the Company’s net income. Both of these items are reflected net of tax. Total comprehensive income includes net income and other comprehensive income (loss) and is included in the consolidated statements of comprehensive income.
Foreign Currency Translation and Transactions
The Company’s operations are conducted in various countries around the world and the financial statements of its foreign subsidiaries are reported in the applicable local foreign currencies (functional currencies). Financial information is translated from the applicable functional currency to the U.S. dollar, the reporting currency, for inclusion in the Company’s consolidated financial statements. Accordingly, the assets and liabilities of the Company’s foreign subsidiaries are translated using exchange rates in effect as of the balance sheet date, and income and expenses are translated at average exchange rates during the period. Resulting translation
67
Qualys, Inc.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (Continued)
adjustments are included as a component of accumulated other comprehensive income (loss) in stockholders’ equity.
Foreign currency transaction gains or losses are recognized in other income (expense). The Company recorded foreign currency transaction losses of $(0.6) million, $(0.2) million and $(0.3) million during 2013, 2012 and 2011, respectively.
Fair Value Measurements
Fair value is defined as the price that would be received to sell an asset or paid to transfer a liability in an orderly transaction between market participants at the measurement date. For certain of the Company’s financial instruments, including cash and certain cash equivalents, accounts receivable, accounts payable, and other current liabilities, the carrying amounts approximate their fair value due to the relatively short maturity of these balances.
The Company measures and reports certain cash equivalents, investments and derivative forward currency contracts at fair value in accordance with the provisions of the authoritative accounting guidance that addresses fair value measurements. This guidance establishes a hierarchy for inputs used in measuring fair value that maximizes the use of observable inputs and minimizes the use of unobservable inputs by requiring that the most observable inputs be used when available. The hierarchy is broken down into three levels based on the reliability of inputs as follows:
Level 1—Valuations based on quoted prices in active markets for identical assets or liabilities.
Level 2—Valuations based on other than quoted prices in active markets for identical assets and liabilities, quoted prices for identical or similar assets or liabilities in inactive markets, or other inputs that are observable or can be corroborated by observable market data for substantially the full term of the assets or liabilities.
Level 3—Valuations based on inputs that are generally unobservable and typically reflect management’s estimates of assumptions that market participants would use in pricing the asset or liability.
The Company's financial instruments consist of assets measured using Level 1 and 2 inputs. Level 1 assets include a highly liquid money market fund, which is valued using unadjusted quoted prices that are available in an active market for an identical asset. Level 2 assets include fixed-income U.S. government agency securities, commercial paper, corporate bonds, municipal bonds and asset-backed securities and derivative financial instruments consisting of forward currency contracts. The securities, bonds and commercial paper are valued using prices from independent pricing services based on quoted prices in active markets for similar instruments or on industry models using data inputs such as interest rates and prices that can be directly observed or corroborated in active markets. The foreign currency forward contracts are valued using observable inputs. See Note 2 for more information regarding the fair value measurement of the Company's financial instruments.
Net Income Per Share Attributable to Common Stockholders
The Company computes net income attributable to common stockholders using the two-class method required for participating securities. Convertible preferred stock and common stock subject to repurchase resulting from the early exercise of stock options are considered to be participating securities since they contain non-forfeitable rights to dividends or dividend equivalents in the event the Company declares a dividend for common stock. In accordance with the two-class method, earnings allocated to these participating securities are subtracted from net income after deducting preferred stock dividends, if any, to determine total undistributed earnings to be allocated to common stockholders. The holders of our convertible preferred stock did not have a contractual obligation to share in our net losses and such shares were excluded from the computation of basic earnings per share in periods of net loss.
Basic net income per share attributable to common stockholders is computed by dividing net income attributable to common stockholders by the weighted-average number of common shares outstanding during the period. All participating securities are excluded from basic weighted average common shares outstanding. In computing diluted net income attributable to common stockholders, undistributed earnings are reallocated to reflect the potential impact of dilutive securities. Diluted net income per share is computed by dividing net income
68
Qualys, Inc.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (Continued)
attributable to common stockholders by the weighted-average number of shares of common stock outstanding during the period, adjusted for the effects of potentially dilutive common shares, which comprise outstanding stock options, warrants, convertible preferred stock and contingently issuable shares related to an acquisition. The dilutive potential common shares are computed using the treasury stock method or the as-if converted method, as applicable. The effects of outstanding stock options, warrants, convertible preferred stock and contingently issuable shares related to an acquisition are excluded from the computation of diluted net income per common share in periods in which the effect would be antidilutive.
Recent Accounting Pronouncements
In December 2011, the FASB issued ASU 2011-11, Balance Sheet (Topic 210): Disclosures about Offsetting Assets and Liabilities. This newly issued accounting standard requires an entity to disclose both gross and net information about instruments and transactions eligible for offset in the statement of financial position as well as instruments and transactions executed under a master netting or similar arrangement and was issued to enable users of financial statements to understand the effects or potential effects of those arrangements on its financial position. The Company adopted this standard in 2013 and the adoption of this standard did not have a material impact on the consolidated financial statements.
In February 2013, the FASB issued an update to ASC 220: Reporting of Amounts Reclassified Out of Accumulated Other Comprehensive Income. Under this update, an entity is required to provide information about the amounts reclassified out of accumulated other comprehensive income (”AOCI”) by component. In addition, an entity is required to present, either on the face of the financial statements or in the notes, significant amounts reclassified out of AOCI by the respective line items of net income, but only if the amount reclassified is required to be reclassified in its entirety in the same reporting period. For amounts that are not required to be reclassified in their entirety to net income, an entity is required to cross-reference to other disclosures that provide additional details about those amounts. The Company adopted this standard in the first quarter of 2013, and the adoption of this standard did not have a material impact on the consolidated financial statements.
In July 2013, the FASB issued ASU 2013-11: Presentation of an Unrecognized Tax Benefit when a Net Operating Loss Carryforward, a Similar Tax Loss, or a Tax Credit Carryforward Exists. This update provides guidance on the financial statement presentation of unrecognized tax benefits when a net operating loss carryforward, a similar tax loss, or a tax credit carryforward exists. An unrecognized tax benefit should be presented as a reduction to a deferred tax asset for a net operating loss carryforward, a similar tax loss, or a tax credit carryforward when settlement in this manner is available under the tax law. The Company will adopt this amendment as of January 2014. The result of adoption may be to offset certain long-term liabilities to long-term deferred tax assets and the adoption will not result in a change to the tax provision. The Company does not believe that the impact on the balance sheet will be significant.
Reverse Stock Split
In September 2012, the Company’s board of directors and stockholders approved an amendment to the Company’s amended and restated certificate of incorporation effecting a one-for-ten reverse stock split of the Company’s issued and outstanding shares of common and convertible preferred stock. The par value of the common and convertible preferred stock was not adjusted as a result of the reverse stock split. All issued and outstanding common stock, convertible preferred stock, warrants for convertible preferred stock, options for common stock, contingently issuable shares of common stock and per share amounts contained in the Company’s consolidated financial statements have been retroactively adjusted to reflect this reverse stock split for all periods presented.
69
Qualys, Inc.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (Continued)
NOTE 2. | Fair Value of Financial Instruments |
The Company's cash and cash equivalents, short-term investments, and long-term investments consist of the following:
December 31, 2013 | ||||||||||||||||
Amortized Cost | Unrealized Gains | Unrealized Losses | Fair Value | |||||||||||||
(in thousands) | ||||||||||||||||
Cash and cash equivalents: | ||||||||||||||||
Cash | $ | 27,488 | $ | — | $ | — | $ | 27,488 | ||||||||
Money market funds | 183 | — | — | 183 | ||||||||||||
Commercial paper | 14,697 | 1 | — | 14,698 | ||||||||||||
Total | 42,368 | 1 | — | 42,369 | ||||||||||||
Short-term investments: | ||||||||||||||||
Commercial paper | 32,784 | 6 | — | 32,790 | ||||||||||||
Corporate bonds | 16,894 | 11 | — | 16,905 | ||||||||||||
Municipal bonds | 1,128 | — | — | 1,128 | ||||||||||||
U.S. government agencies | 4,004 | — | — | 4,004 | ||||||||||||
Total | 54,810 | 17 | — | 54,827 | ||||||||||||
Long-term investments: | ||||||||||||||||
Asset-backed securities | 5,497 | 4 | — | 5,501 | ||||||||||||
U.S. government agencies | 14,835 | 1 | (3 | ) | 14,833 | |||||||||||
Corporate bonds | 15,256 | 22 | (4 | ) | 15,274 | |||||||||||
Total | 35,588 | 27 | (7 | ) | 35,608 | |||||||||||
Total | 132,766 | 45 | (7 | ) | 132,804 | |||||||||||
December 31, 2012 | ||||||||||||||||
Amortized Cost | Unrealized Gains | Unrealized Losses | Fair Value | |||||||||||||
(in thousands) | ||||||||||||||||
Cash and cash equivalents: | ||||||||||||||||
Cash | $ | 23,419 | $ | — | $ | — | $ | 23,419 | ||||||||
Money market funds | 170 | — | — | 170 | ||||||||||||
Commercial paper | 11,294 | 2 | — | 11,296 | ||||||||||||
Total | 34,883 | 2 | — | 34,885 | ||||||||||||
Short-term investments: | ||||||||||||||||
Commercial paper | 21,078 | 2 | — | 21,080 | ||||||||||||
U.S. government agencies | 62,463 | 4 | — | 62,467 | ||||||||||||
Total | 83,541 | 6 | — | 83,547 | ||||||||||||
Total | $ | 118,424 | $ | 8 | $ | — | $ | 118,432 | ||||||||
70
Qualys, Inc.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (Continued)
The following table sets forth by level within the fair value hierarchy the fair value of the Company's available-for-sale securities measured on a recurring basis:
December 31, 2013 | ||||||||||||||||
Level 1 | Level 2 | Level 3 | Fair Value | |||||||||||||
(in thousands) | ||||||||||||||||
Commercial paper | $ | — | $ | 47,488 | $ | — | $ | 47,488 | ||||||||
U.S. government agencies | — | 18,837 | — | 18,837 | ||||||||||||
Municipal bonds | — | 1,128 | — | 1,128 | ||||||||||||
Corporate bonds | — | 32,179 | — | 32,179 | ||||||||||||
Asset-backed securities | — | 5,501 | — | 5,501 | ||||||||||||
Total | $ | — | $ | 105,133 | $ | — | $ | 105,133 | ||||||||
December 31, 2012 | ||||||||||||||||
Level 1 | Level 2 | Level 3 | Fair Value | |||||||||||||
(in thousands) | ||||||||||||||||
Commercial paper | $ | — | $ | 32,376 | $ | — | $ | 32,376 | ||||||||
U.S. government agencies | — | 62,467 | — | 62,467 | ||||||||||||
Total | $ | — | $ | 94,843 | $ | — | $ | 94,843 | ||||||||
The following summarizes the fair value of securities classified as available-for-sale by contractual maturity:
December 31, 2013 | ||||||||||||||||
Mature within One Year | After One Year through Two Years | Over Two Years | Fair Value | |||||||||||||
(in thousands) | ||||||||||||||||
Commercial paper | $ | 47,488 | $ | — | $ | — | $ | 47,488 | ||||||||
U.S. government agencies | 4,004 | 14,833 | — | 18,837 | ||||||||||||
Municipal bonds | 1,128 | — | — | 1,128 | ||||||||||||
Corporate bonds | 16,905 | 15,274 | — | 32,179 | ||||||||||||
Asset-backed securities | — | — | 5,501 | 5,501 | ||||||||||||
Total | $ | 69,525 | $ | 30,107 | $ | 5,501 | $ | 105,133 | ||||||||
71
Qualys, Inc.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (Continued)
December 31, 2012 | ||||||||||||||||
Mature within One Year | After One Year through Two Years | Over Two Years | Fair Value | |||||||||||||
(in thousands) | ||||||||||||||||
Commercial paper | $ | 32,376 | $ | — | $ | — | $ | 32,376 | ||||||||
U.S. government agencies | 62,467 | — | — | 62,467 | ||||||||||||
Total | $ | 94,843 | $ | — | $ | — | $ | 94,843 | ||||||||
At December 31, 2013 and 2012, derivative financial instruments, consisting of foreign currency forward contracts, were valued at $0 as the contracts were entered into on the last day of the respective reporting periods. These instruments were valued using Level 2 inputs.
There were no transfers between Level 1, Level 2 or Level 3 of the fair value hierarchy, as determined at the end of each reporting period.
NOTE 3. | Property and Equipment, Net |
Property and equipment, which includes assets under capital lease, consists of the following:
December 31, | ||||||||
2013 | 2012 | |||||||
(in thousands) | ||||||||
Computer equipment | $ | 27,464 | $ | 18,798 | ||||
Computer software | 9,277 | 6,327 | ||||||
Furniture, fixtures and equipment | 2,031 | 1,545 | ||||||
Scanner appliances | 17,055 | 16,470 | ||||||
Leasehold improvements | 2,100 | 1,672 | ||||||
Total property and equipment | 57,927 | 44,812 | ||||||
Less: accumulated depreciation and amortization | (34,852 | ) | (26,664 | ) | ||||
Property and equipment, net | $ | 23,075 | $ | 18,148 | ||||
Assets held under capital lease included in computer software at December 31, 2013 and 2012 totaled approximately $3.1 million and $3.8 million, respectively. The related accumulated depreciation at December 31, 2013 and 2012 totaled $1.2 million. The capital lease obligations are secured by the related software.
Physical scanner appliances and other computer equipment that are or will be subject to subscriptions by customers have a net carrying value of $4.7 million and $5.5 million at December 31, 2013 and 2012, respectively, including assets that have not been placed in service of $0.6 million and $1.5 million, respectively. Other fixed assets not placed in service at December 31, 2013 and 2012, included in computer equipment and leasehold improvements, relate to new information technology systems and tenant improvements of approximately $1.6 million and $1.7 million, respectively. Depreciation and amortization expense relating to property and equipment, including capitalized leases, was $9.2 million, $6.9 million and $4.9 million for 2013, 2012 and 2011, respectively.
72
Qualys, Inc.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (Continued)
NOTE 4. | Business Combination |
On August 31, 2010, the Company acquired Nemean Networks, LLC (“Nemean”), a company developing network security solutions for detection and awareness of external intrusions to computer networks. The Company acquired Nemean to provide additional solutions on its cloud platform. The consideration for this acquisition consisted of $3.7 million in cash and common stock, including a non-contingent payment of $1.0 million in cash and 6,250 shares of common stock, both of which occurred in September 2012. The Company accounted for this transaction as a business combination.
NOTE 5. | Goodwill and Intangible Assets, Net |
Intangible assets consist primarily of existing technology, patent license and non-competition agreements acquired in business combinations. Acquired intangibles are amortized on a straight-line basis over the respective estimated useful lives of the assets.
The carrying values of intangible assets are as follows (in thousands):
December 31, | ||||||||||||||||||||||
2013 | 2012 | |||||||||||||||||||||
Estimated Lives | Cost | Accumulated Amortization | Net Book Value | Accumulated Amortization | Net Book Value | |||||||||||||||||
Existing technology | 7 years | $ | 1,910 | $ | (909 | ) | $ | 1,001 | $ | (637 | ) | $ | 1,273 | |||||||||
Patent license | 14 years | 1,388 | (323 | ) | 1,065 | (223 | ) | 1,165 | ||||||||||||||
Non-competition agreements and other | 3 years | 171 | (138 | ) | 33 | (93 | ) | 78 | ||||||||||||||
Total intangibles subject to amortization | $ | 3,469 | $ | (1,370 | ) | 2,099 | $ | (953 | ) | 2,516 | ||||||||||||
Intangible assets not subject to amortization | 295 | 295 | ||||||||||||||||||||
Total intangible assets, net | $ | 2,394 | $ | 2,811 | ||||||||||||||||||
Intangibles amortization expense for 2013, 2012 and 2011 was $0.4 million.
As of December 31, 2013, the Company expects amortization expense in future periods to be as follows (in thousands):
2014 | $ | 392 | |
2015 | 386 | ||
2016 | 373 | ||
2017 | 282 | ||
2018 | 100 | ||
2019 and thereafter | 566 | ||
Total expected future amortization expense | $ | 2,099 | |
Goodwill, which is not subject to amortization, totaled $0.3 million as of December 31, 2013 and 2012.
73
Qualys, Inc.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (Continued)
NOTE 6. | Commitments and Contingencies |
Leases
The Company leases certain computer equipment and its corporate office and data center facilities under noncancelable operating leases for varying periods through 2019. The Company has also entered into a capital lease obligation, with an interest rate of 1.8%, a portion of which is secured by the related computer equipment software as of December 31, 2013 and 2012.
In 2011, the Company entered into a $3.1 million financing arrangement for computer software, accounted for as a capital lease, with minimum quarterly payments scheduled through 2014. In connection with this transaction, the Company also has minimum obligations for related maintenance and support, which were amended in June 2013. The minimum obligations were $0.3 million and $1.6 million at December 31, 2013 and 2012, respectively. Such obligations for maintenance and support are recorded in current liabilities in the accompanying consolidated balance sheets at December 31, 2013 and current and noncurrent liabilities at December 31, 2012.
The following are the minimum annual lease payments due under these leases at December 31, 2013:
Operating Leases | Capital Leases | |||||||
(in thousands) | ||||||||
2014 | $ | 4,014 | $ | 812 | ||||
2015 | 2,682 | — | ||||||
2016 | 1,854 | — | ||||||
2017 | 1,627 | — | ||||||
2018 | 264 | — | ||||||
2019 | 35 | — | ||||||
Total minimum lease payments | $ | 10,476 | 812 | |||||
Less amount representing interest | (7 | ) | ||||||
Present value of minimum payments | 805 | |||||||
Less current portion | (805 | ) | ||||||
Capital lease obligations, noncurrent | $ | — | ||||||
Rent expense was $5.4 million, $4.3 million and $3.4 million for 2013, 2012 and 2011, respectively. Although certain of the operating lease agreements provide for escalating rent payments over the terms of the leases, rent expense under these agreements is recognized on a straight-line basis. As of December 31, 2013 and 2012, the Company has accrued $0.6 million and $0.4 million, respectively, of deferred rent related to these agreements, which is reflected in other noncurrent liabilities in the accompanying consolidated balance sheets.
Sales and Other Taxes
The Company’s software-as-a-service solutions are subject to sales and other taxes in certain jurisdictions where the Company does business. The Company bills sales and other taxes to customers and remits these to the respective government authorities. For those jurisdictions where the Company has not yet billed sales tax to its customers and believes it may have exposure, it has recorded a provision of $0.5 million and $0.4 million at December 31, 2013 and 2012, respectively, which is recorded within accrued liabilities in the consolidated balance sheets. However, taxing jurisdictions have differing rules and regulations, which are subject to varying interpretations that may change over time. Other than the liability that the Company has accrued in its consolidated balance sheets, the Company has been unable to assess the probability, or estimate the amount, of its sales tax exposure, if any. There are no pending reviews at December 31, 2013 of which the outcome is expected to result in sales and other taxes due in excess of accrued liabilities. Management does not anticipate that its sales tax exposure, if any, would have a material adverse effect on the financial position, results of operations or cash flows of the Company.
74
Qualys, Inc.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (Continued)
Indemnifications
The Company from time to time enters into certain types of contracts that contingently require it to indemnify various parties against claims from third parties. These contracts primarily relate to (i) the Company's by-laws, under which it must indemnify directors and executive officers, and may indemnify other officers and employees, for liabilities arising out of their relationship, (ii) contracts under which the Company must indemnify directors and certain officers for liabilities arising out of their relationship, and (iii) contracts under which the Company may be required to indemnify customers or resellers from certain liabilities arising from potential infringement of intellectual property rights, as well as potential damages caused by limited product defects. To date, the Company has not incurred and has not recorded any liability in connection with such indemnifications.
The Company maintains director and officer insurance, which may cover certain liabilities arising from its obligation to indemnify its directors.
Contingencies
From time to time, the Company may have certain contingent liabilities that arise in the ordinary course of its business activities. The Company accrues a liability for such matters when it is probable a loss has been incurred and such loss can be reasonably estimated. At December 31, 2013, the Company has not recorded any material liabilities in accordance with accounting for contingencies.
75
Qualys, Inc.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (Continued)
NOTE 7. | Stockholders' Equity |
Common Stock
The Company had reserved shares of common stock for future issuance as of December 31, 2013:
Options outstanding under equity incentive plans | |||
2000 Equity Incentive Plan (1) | 5,176,506 | ||
2012 Equity Incentive Plan (1) | 1,862,587 | ||
Shares available for future grants under equity incentive plans | |||
2012 Equity Incentive Plan (1) | 1,173,450 | ||
Total shares reserved for future issuance | 8,212,543 | ||
(1) See Note 8 for a description of these plans.
Preferred Stock
Effective October 3, 2012, the Company is authorized to issue 20,000,000 shares of undesignated preferred stock with a par value of $0.001 per share. Each series of preferred stock will have such rights and preferences including dividend rights, dividend rate, conversion rights, voting rights, rights and terms of redemption (including sinking fund provisions), redemption price, and liquidation preferences as determined by the Board. As of December 31, 2013 and 2012, there are no issued or outstanding shares of preferred stock.
Accumulated Other Comprehensive Income (Loss)
The following table presents the components of accumulated other comprehensive income (loss):
December 31, | ||||||||
2013 | 2012 | |||||||
(in thousands) | ||||||||
Foreign currency translation gain (loss), net of zero tax | $ | (1,126 | ) | $ | (1,043 | ) | ||
Net unrealized gain on investments, net of zero tax | 38 | 8 | ||||||
Total | $ | (1,088 | ) | $ | (1,035 | ) | ||
NOTE 8. | Employee Stock and Benefit Plans |
Stock Options
2012 Equity Incentive Plan
The 2012 Equity Incentive Plan (the "2012 Plan") was adopted and approved in September 2012 and became effective on September 26, 2012. Under the 2012 Plan, the Company is authorized to grant to eligible participants incentive stock options (“ISOs”), nonstatutory stock options (“NSOs”), stock appreciation rights ("SARs"), restricted stock awards ("RSAs"), restricted stock units ("RSUs"), performance units and performance shares equivalent to up to 3,050,000 shares of common stock. The number of shares of common stock available for issuance under the 2012 Plan includes an annual increase on January 1 of each year starting on January 1, 2014 by an amount equal to the least of 3,050,000 shares; 5% of the outstanding shares of stock as of the last day of the immediately preceding fiscal year; or an amount determined by the board of directors. Options may be granted with an exercise price that is at least equal to the fair market value of the Company's stock at the date of grant and are exercisable when vested. Options granted generally vest over a period of up to four years, with a maximum term of ten years. ISOs may only be granted to employees and any subsidiary corporations' employees. All other awards may be granted to employees, directors and consultants and our subsidiary corporations' employees and consultants.
76
Qualys, Inc.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (Continued)
Options, SARs, RSAs, RSUs, performance units and performance awards may be granted with vesting terms as determined by the board of directors and expire no more than ten years after the date of grant or earlier if employment or service is terminated. As of December 31, 2013, 1,173,450 shares were available for grant under the 2012 Plan.
2000 Equity Incentive Plan
Under the 2000 Equity Incentive Plan (the "2000 Plan"), the Company was authorized to grant to eligible participants either ISOs or NSOs. The ISOs were granted at a price per share not less than the fair market value at the date of grant. The NSOs were granted at a price per share not less than 85% of the fair market value at the date of grant. Options granted generally vest over a period of up to four years, with a maximum term of ten years. The 2000 Plan was terminated in connection with the closing of the IPO, and accordingly, no shares are currently available for issuance under the 2000 Plan. The 2000 Plan continues to govern outstanding awards granted thereunder.
Options granted under the 2000 Plan were immediately exercisable, and unvested shares are subject to repurchase by the Company. Upon termination of employment of an option holder, the Company has the right to repurchase at the original purchase price any issued but unvested common shares. At December 31, 2013 and 2012, there were 11,145 and 47,220 shares, respectively, that were subject to the Company’s right to repurchase. The Company repurchased 500, 60,126 and 1,000 unvested common shares in 2013, 2012 and 2011, respectively. The amounts paid for these shares purchased under an early exercise of stock options are not reported as a component of stockholders’ equity (deficit) until those shares vest. The amounts received in exchange for these shares totaled $0.1 million and $0.3 million as of December 31, 2013 and 2012, respectively, have been recorded as an accrued liability in the accompanying consolidated balance sheets and will be reclassified to common stock and additional paid-in capital as the shares vest.
Employee Stock-based Compensation
Stock-based employee compensation is included in the consolidated statements of income as follows:
Year Ended December 31, | ||||||||||||
2013 | 2012 | 2011 | ||||||||||
(in thousands) | ||||||||||||
Cost of revenues | $ | 421 | $ | 272 | $ | 139 | ||||||
Research and development | 1,038 | 649 | 458 | |||||||||
Sales and marketing | 1,244 | 993 | 579 | |||||||||
General and administrative | 1,842 | 1,008 | 811 | |||||||||
Total stock-based employee compensation | $ | 4,545 | $ | 2,922 | $ | 1,987 | ||||||
Compensation cost is recognized on a straight-line basis over the service period. Forfeitures are estimated at the time of grant and revised, if necessary, in subsequent periods if actual forfeitures differ from those estimates.
As of December 31, 2013, the Company had $11.1 million of total unrecognized employee compensation cost related to nonvested awards that it expects to recognize over a weighted-average period of 2 years.
77
Qualys, Inc.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (Continued)
The fair value of each option granted to employees is estimated on the date of grant using the Black-Scholes option-pricing model based on the following assumptions:
Year Ended December 31, | ||||||
2013 | 2012 | 2011 | ||||
Expected term (in years) | 5.4 to 6.1 | 5.3 to 6.1 | 5.6 | |||
Volatility | 52% to 53% | 52% to 53% | 55% | |||
Risk-free interest rate | 0.7% to 1.5% | 0.6% to 0.9% | 0.9% to 2.3% | |||
Dividend yield | — | — | — | |||
The expected term of the options is based on evaluations of historical and expected future employee exercise behavior. The risk-free interest rate is based on the U.S. Treasury rates at the date of grant with maturity dates approximately equal to the expected term at the grant date. Volatility is based on historical volatility of several public entities that are similar to the Company, as the Company does not have sufficient historical transactions in its own shares on which to base expected volatility. The Company has not historically issued any dividends and does not expect to in the future.
Non-Employee Stock-based Compensation
The Company records compensation representing the fair value of stock options granted to non-employees. Stock-based non-employee compensation was $0.9 million, $0.5 million and $0.1 million for 2013, 2012 and 2011, respectively. Non-employee stock-based compensation is recognized over the vesting periods of the options. The value of options granted to non-employees is remeasured as they vest over a service period.
Stock Option Plan Activity
A summary of the Company’s stock option activity is as follows:
Outstanding Shares | Weighted Average Exercise Price | Weighted Average Remaining Contractual Life (Years) | Aggregate Intrinsic Value | ||||||||||
(in thousands) | |||||||||||||
Balance as of December 31, 2010 | 5,600,875 | $ | 2.86 | 6.4 | $ | 6,964 | |||||||
Granted | 1,816,850 | 5.06 | |||||||||||
Exercised | (432,687 | ) | 3.09 | ||||||||||
Canceled | (672,997 | ) | 3.89 | ||||||||||
Balance as of December 31, 2011 | 6,312,041 | 3.36 | 6.9 | 16,012 | |||||||||
Granted | 1,478,781 | 8.94 | |||||||||||
Exercised | (724,316 | ) | 2.86 | ||||||||||
Canceled | (552,998 | ) | 6.79 | ||||||||||
Balance as of December 31, 2012 | 6,513,508 | 4.39 | 6.6 | 67,711 | |||||||||
Granted | 2,001,400 | 15.78 | |||||||||||
Exercised | (952,871 | ) | 4.32 | ||||||||||
Canceled | (522,944 | ) | 10.71 | ||||||||||
Balance as of December 31, 2013 | 7,039,093 | 7.17 | 6.5 | 112,312 | |||||||||
Vested and expected to vest—December 31, 2013 | 6,472,113 | 6.49 | 6.3 | 107,622 | |||||||||
Exercisable—December 31, 2013 | 5,331,893 | 4.32 | 5.8 | 85,073 | |||||||||
78
Qualys, Inc.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (Continued)
The following table summarizes the outstanding and vested stock options at December 31, 2013:
Outstanding | Vested | |||||||||||||||
Exercise Price | Number of Shares | Weighted Average Exercise Price Per Share | Weighted Average Remaining Contractual Life (Years) | Number of Shares | Weighted Average Exercise Price Per Share | |||||||||||
$0.10 - $1.90 | 1,357,956 | $ | 1.73 | 2.9 | 1,357,956 | $ | 1.73 | |||||||||
$2.10 - $2.80 | 582,998 | 2.63 | 4.7 | 582,998 | 2.63 | |||||||||||
$3.80 - $3.80 | 1,165,018 | 3.80 | 5.9 | 879,766 | 3.80 | |||||||||||
$4.10 - $5.10 | 1,116,084 | 4.44 | 6.9 | 916,914 | 4.37 | |||||||||||
$5.90 - $10.77 | 1,229,305 | 8.64 | 8.2 | 399,243 | 8.06 | |||||||||||
$12.68 - $16.68 | 1,003,657 | 13.91 | 9.0 | 129,143 | 13.24 | |||||||||||
$20.80 - $23.81 | 584,075 | 21.63 | 9.7 | 10,537 | 20.80 | |||||||||||
7,039,093 | 7.17 | 6.5 | 4,276,557 | 3.83 | ||||||||||||
The weighted-average grant date fair value of the Company’s stock options granted during 2013, 2012 and 2011 was $7.62, $4.27 and $2.56, respectively. The aggregate grant date fair value of the Company’s stock options granted during 2013, 2012 and 2011 was $15.2 million, $6.3 million and $4.7 million, respectively.
The intrinsic value of options exercised was $11.1 million, $4.0 million and $0.8 million during 2013, 2012 and 2011, respectively. Intrinsic value of an option is the difference between the fair value of the Company’s common stock at the time of exercise and the exercise price paid.
Restricted Stock
The terms and conditions of RSAs, including vesting criteria and timing are set by the board of directors. The cost of RSAs is determined using the fair value of the Company’s common stock on the date of the grant. Compensation cost is recognized on a straight-line basis over the requisite service period of each grant adjusted for estimated forfeitures. Recipients of RSAs generally have voting and dividend rights without regard to vesting. The Company has the right to repurchase shares that do not vest.
During 2013 and 2012, the Company granted 2,900 and 3,750 shares of restricted stock, respectively, which vested immediately and had no further restrictions or service period, and resulted in compensation expense of $41,000 and $37,000, respectively.
401(k) Plan
The Company’s 401(k) Plan (the “401(k) Plan”) was established in 2000 to provide retirement and incidental benefits for its employees. As allowed under section 401(k) of the Internal Revenue Code, the 401(k) Plan provides tax-deferred salary deductions for eligible employees. Contributions to the 401(k) Plan are limited to a maximum amount as set periodically by the Internal Revenue Service. To date, the Company has not made any contributions to the 401(k) Plan.
79
Qualys, Inc.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (Continued)
NOTE 9. | Other Income (Expense), Net |
Other income (expense), net consists of the following:
Year Ended December 31, | ||||||||||||
2013 | 2012 | 2011 | ||||||||||
(in thousands) | ||||||||||||
Foreign exchange gains (losses) | $ | (596 | ) | $ | (179 | ) | $ | (338 | ) | |||
Other income (expense) | 79 | (9 | ) | (8 | ) | |||||||
Other income (expense), net | $ | (517 | ) | $ | (188 | ) | $ | (346 | ) | |||
NOTE 10. | Income Taxes |
The Company’s geographical breakdown of income before provision for income taxes is as follows:
Year Ended December 31, | ||||||||||||
2013 | 2012 | 2011 | ||||||||||
(in thousands) | ||||||||||||
Domestic | $ | 947 | $ | 1,656 | $ | 1,593 | ||||||
Foreign | 1,177 | 982 | 777 | |||||||||
Income before provision for income taxes | $ | 2,124 | $ | 2,638 | $ | 2,370 | ||||||
The provision for income taxes consists of the following:
Year Ended December 31, | ||||||||||||
2013 | 2012 | 2011 | ||||||||||
(in thousands) | ||||||||||||
Current | ||||||||||||
Federal | $ | (40 | ) | $ | (18 | ) | $ | 45 | ||||
State | 154 | 202 | 112 | |||||||||
Foreign | 452 | 147 | 259 | |||||||||
Total current provision | 566 | 331 | 416 | |||||||||
Deferred | ||||||||||||
Federal | $ | 6 | $ | 27 | $ | — | ||||||
State | — | — | — | |||||||||
Foreign | (72 | ) | — | — | ||||||||
Total deferred provision (benefit) | (66 | ) | 27 | — | ||||||||
Total provision for income taxes | $ | 500 | $ | 358 | $ | 416 | ||||||
80
Qualys, Inc.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (Continued)
The reconciliation of the statutory federal income tax rate of 34.0% to the Company’s effective tax rate is as follows:
Year Ended December 31, | |||||||||
2013 | 2012 | 2011 | |||||||
Federal statutory rate | 34.0 | % | 34.0 | % | 34.0 | % | |||
State taxes | 4.9 | 5.4 | 3.5 | ||||||
Stock-based compensation | 8.7 | 22.4 | 19.4 | ||||||
Foreign source income | 0.5 | (4.1 | ) | 1.4 | |||||
Change in valuation allowance | (27.3 | ) | (46.9 | ) | (44.0 | ) | |||
Other | 2.7 | 2.8 | 3.3 | ||||||
Provision for income taxes | 23.5 | % | 13.6 | % | 17.6 | % | |||
Deferred income taxes reflect the tax effects of temporary differences between the carrying amounts of assets and liabilities for financial reporting purposes and the amounts used for income tax purposes. The components of the Company’s deferred tax assets and liabilities are as follows:
December 31, | ||||||||
2013 | 2012 | |||||||
(in thousands) | ||||||||
Deferred tax assets | ||||||||
Net operating loss carryforwards | $ | 18,894 | $ | 19,658 | ||||
Research and development credit carryforwards | 5,189 | 4,055 | ||||||
Accrued liabilities | 581 | 535 | ||||||
Deferred revenues | 3,188 | 3,085 | ||||||
Deferred rent | 210 | 153 | ||||||
Intangible assets | 440 | 385 | ||||||
Stock-based compensation | 1,714 | 843 | ||||||
Foreign | — | 4 | ||||||
Other | 521 | 403 | ||||||
Gross deferred tax assets | 30,737 | 29,121 | ||||||
Valuation allowance | (27,181 | ) | (26,257 | ) | ||||
Net deferred tax assets | 3,556 | 2,864 | ||||||
Deferred tax liabilities | ||||||||
Fixed assets | (3,484 | ) | (2,854 | ) | ||||
Intangible assets | (34 | ) | (27 | ) | ||||
Total deferred tax liabilities | (3,518 | ) | (2,881 | ) | ||||
Net deferred tax assets (liabilities) | $ | 38 | $ | (17 | ) | |||
Current and non-current deferred tax assets and liabilities included in the consolidated balance sheets are recorded as follows:
December 31, | ||||||||
2013 | 2012 | |||||||
(in thousands) | ||||||||
Current deferred tax assets | $ | 113 | $ | 106 | ||||
Current deferred tax liabilities | — | — | ||||||
Noncurrent deferred tax assets | 72 | — | ||||||
Noncurrent deferred tax liabilities | (147 | ) | (123 | ) | ||||
Net deferred tax assets (liabilities) | $ | 38 | $ | (17 | ) | |||
81
Qualys, Inc.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (Continued)
Realization of deferred tax assets is dependent upon future earnings, if any, the timing and amount of which are uncertain. As of December 31, 2013, we have provided a valuation allowance for our deferred tax assets that we believe are not more likely than not realizable. The valuation allowance increased by $0.9 million for 2013 and decreased by $0.5 million for 2012.
At December 31, 2013, the Company had federal and state net operating loss carryforwards of approximately $51.4 million and $21.9 million respectively, available to reduce federal and state taxable income. The Company’s federal net operating losses expire in the years 2021 to 2033, and its state net operating losses expire from 2014 to 2033. Utilization of the Company’s net operating loss carryforwards may be subject to a substantial annual limitation due to the ownership change limitations provided by the Internal Revenue Code and similar state provisions. Such an annual limitation could result in the expiration of the net operating loss carryforwards before utilization. As of December 31, 2013, the Company had federal and state research and development credits of $4.3 million and $4.6 million, respectively. Federal research and development credits expire in the years 2022 to 2033. State research and development credits do not expire.
U.S. income taxes were not provided on undistributed earnings from investments in non-U.S. subsidiaries as the Company intends to continue to reinvest the earnings of these foreign subsidiaries indefinitely. The Company’s share of undistributed earnings of foreign subsidiaries that could be subject to additional U.S. income tax if remitted was approximately $8.5 million and $8.2 million as of December 31, 2013 and 2012, respectively. Determination of the amount of unrecognized deferred tax liability for temporary differences related to investments in these non-U.S. subsidiaries that are essentially permanent in duration is not practicable.
The evaluation of a tax position is a two-step process. The first step requires the Company to determine whether it is more likely than not that a tax position will be sustained upon examination based on the technical merits of the position. The second step requires the Company to recognize in the financial statement each tax position that meets the more likely than not criteria, measured at the amount of benefit that has a greater than fifty percent likelihood of being realized.
A reconciliation of the Company’s unrecognized tax benefits is as follows:
Year Ended December 31, | ||||||||||||
2013 | 2012 | 2011 | ||||||||||
(in thousands) | ||||||||||||
Unrecognized tax benefits beginning balance | $ | 2,647 | $ | 2,792 | $ | 2,648 | ||||||
Gross increase for tax positions of prior years | 241 | — | 87 | |||||||||
Gross decrease for tax positions of prior years | — | (46 | ) | (120 | ) | |||||||
Gross increase for tax positions of current year | 446 | 140 | 242 | |||||||||
Settlements | — | (106 | ) | — | ||||||||
Lapse of statute of limitations | (79 | ) | (133 | ) | (65 | ) | ||||||
Total unrecognized tax benefits | $ | 3,255 | $ | 2,647 | $ | 2,792 | ||||||
The unrecognized tax benefits, if recognized and in absence of full valuation allowance, would impact the income tax provision by $1.0 million, $1.0 million and $1.2 million as of December 31, 2013, 2012 and 2011, respectively.
The Company has elected to include interest and penalties as a component of income tax expense. The amounts were not material for 2013, 2012 and 2011.
The Company files income tax returns in the United States, including various state jurisdictions. The Company’s subsidiaries file tax returns in various foreign jurisdictions. The tax years 2008 to 2013 remain open to examination by the major taxing jurisdictions in which the Company is subject to tax, with the exception of France which remains open to examination for the 2011 through 2013 tax years only. As of December 31, 2013, the Company was not under examination by the Internal Revenue Service or any state tax jurisdictions.
On January 2, 2013, the American Taxpayer Relief Act of 2012 (H.R. 8) was signed into law which retroactively extends the federal research and development credit from January 1, 2012 through December 31, 2013.
82
Qualys, Inc.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (Continued)
NOTE 11. | Segment Information and Information about Geographic Area |
The Company operates in one segment. The Company’s chief operating decision maker is the Chairman and Chief Executive Officer, who makes operating decisions, assesses performance and allocates resources on a consolidated basis. All of the Company’s principal operations and decision-making functions are located in the United States. Revenues by geographic area, based on the location of the customer, are as follows:
Year Ended December 31, | ||||||||||||
2013 | 2012 | 2011 | ||||||||||
(in thousands) | ||||||||||||
United States | $ | 75,485 | $ | 62,616 | $ | 51,044 | ||||||
Other | 32,477 | 28,804 | 25,168 | |||||||||
Total revenues | $ | 107,962 | $ | 91,420 | $ | 76,212 | ||||||
Property and equipment, net, by geographic area, are as follows:
December 31, | ||||||||
2013 | 2012 | |||||||
(in thousands) | ||||||||
United States | $ | 19,909 | $ | 16,495 | ||||
Other | 3,166 | 1,653 | ||||||
Total property and equipment, net | $ | 23,075 | $ | 18,148 | ||||
83
Qualys, Inc.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (Continued)
NOTE 12. | Net Income Per Share Attributable to Common Stockholders |
The computations for basic and diluted net income per share attributable to common stockholders are as follows:
Year Ended December 31, | ||||||||||||
2013 | 2012 | 2011 | ||||||||||
(in thousands, except per share data) | ||||||||||||
Numerator: | ||||||||||||
Net income | $ | 1,624 | $ | 2,280 | $ | 1,954 | ||||||
Net income attributable to participating securities | (2 | ) | (1,204 | ) | (1,518 | ) | ||||||
Net income attributable to common stockholders - basic | 1,622 | 1,076 | 436 | |||||||||
Undistributed earnings reallocated to participating securities | — | 1,201 | 1,516 | |||||||||
Net income attributable to common stockholders - diluted | $ | 1,622 | $ | 2,277 | $ | 1,952 | ||||||
Denominator: | ||||||||||||
Weighted-average shares used in computing net income per share attributable to common stockholders - basic | 31,914 | 11,891 | 5,053 | |||||||||
Effect of potentially dilutive securities: | ||||||||||||
Convertible preferred stock | — | 13,270 | 17,590 | |||||||||
Common stock options | 4,059 | 3,187 | 1,537 | |||||||||
Warrants | — | — | 2 | |||||||||
Contingently issuable shares related to an acquisition | — | 4 | 12 | |||||||||
Weighted-average shares used in computing net income per share attributable to common stockholders - diluted | 35,973 | 28,352 | 24,194 | |||||||||
Net income per share attributable to common stockholders | ||||||||||||
Basic | $ | 0.05 | $ | 0.09 | $ | 0.09 | ||||||
Diluted | $ | 0.05 | $ | 0.08 | $ | 0.08 | ||||||
Potentially dilutive securities not included in the calculation of diluted net income per share because doing so would be antidilutive are as follows:
Year Ended December 31, | |||||||||
2013 | 2012 | 2011 | |||||||
(in thousands) | |||||||||
Common stock options | 952 | 772 | 2,758 | ||||||
NOTE 13. | Quarterly Financial Information (Unaudited) |
The following table sets forth our unaudited consolidated statements of income data for each of the quarters in the two-year period ended December 31, 2013. The unaudited quarterly consolidated statements of income data set forth below have been prepared on the same basis as the audited consolidated financial statements included elsewhere in this Annual Report on Form 10-K and, in the opinion of management, reflect all necessary adjustments, which consist only of normal recurring adjustments, necessary for a fair presentation of such data. Our historical results are not necessarily indicative of the results for the full year or any other period. This data should be read together with our consolidated financial statements and the related notes included elsewhere in this Annual Report on Form 10-K.
84
Qualys, Inc.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (Continued)
Three Months Ended | ||||||||||||||||||||||||||||||||
Mar. 31, 2012 | Jun. 30, 2012 | Sep. 30, 2012 | Dec. 31, 2012 | Mar. 31, 2013 | Jun. 30, 2013 | Sep. 30, 2013 | Dec. 31, 2013 | |||||||||||||||||||||||||
(unaudited) | ||||||||||||||||||||||||||||||||
(in thousands, except per share data) | ||||||||||||||||||||||||||||||||
Revenues | $ | 21,191 | $ | 22,190 | $ | 23,382 | $ | 24,657 | $ | 24,883 | $ | 26,291 | $ | 27,749 | $ | 29,039 | ||||||||||||||||
Cost of revenues | 4,160 | 4,629 | 4,634 | 4,981 | 5,795 | 5,924 | 6,415 | 6,526 | ||||||||||||||||||||||||
Gross profit | 17,031 | 17,561 | 18,748 | 19,676 | 19,088 | 20,367 | 21,334 | 22,513 | ||||||||||||||||||||||||
Operating expenses: | ||||||||||||||||||||||||||||||||
Research and development | 5,101 | 5,148 | 5,076 | 4,870 | 5,297 | 5,291 | 5,151 | 5,939 | ||||||||||||||||||||||||
Sales and marketing | 9,246 | 9,784 | 8,797 | 9,911 | 10,168 | 10,160 | 10,411 | 11,784 | ||||||||||||||||||||||||
General and administrative | 2,814 | 2,843 | 3,154 | 3,268 | 3,896 | 4,053 | 4,277 | 4,566 | ||||||||||||||||||||||||
Total operating expenses | 17,161 | 17,775 | 17,027 | 18,049 | 19,361 | 19,504 | 19,839 | 22,289 | ||||||||||||||||||||||||
Income (loss) from operations | (130 | ) | (214 | ) | 1,721 | 1,627 | (273 | ) | 863 | 1,495 | 224 | |||||||||||||||||||||
Other income (expense), net | (77 | ) | (141 | ) | 23 | (171 | ) | (260 | ) | 102 | 24 | (51 | ) | |||||||||||||||||||
Income (loss) before provision for (benefit from) income taxes | (207 | ) | (355 | ) | 1,744 | 1,456 | (533 | ) | 965 | 1,519 | 173 | |||||||||||||||||||||
Provision for (benefit from) income taxes(1) | 78 | (78 | ) | 77 | 281 | 70 | 92 | 210 | 128 | |||||||||||||||||||||||
Net income (loss) | $ | (285 | ) | $ | (277 | ) | $ | 1,667 | $ | 1,175 | $ | (603 | ) | $ | 873 | $ | 1,309 | $ | 45 | |||||||||||||
Net income (loss) attributable to common stockholders | $ | (285 | ) | $ | (277 | ) | $ | 415 | $ | 1,159 | $ | (603 | ) | $ | 872 | $ | 1,308 | $ | 45 | |||||||||||||
Net income (loss) per share attributable to common stockholders: | ||||||||||||||||||||||||||||||||
Basic | $ | (0.05 | ) | $ | (0.05 | ) | $ | 0.07 | $ | 0.04 | $ | (0.02 | ) | $ | 0.03 | $ | 0.04 | $ | 0.00 | |||||||||||||
Diluted | $ | (0.05 | ) | $ | (0.05 | ) | $ | 0.06 | $ | 0.03 | $ | (0.02 | ) | $ | 0.02 | $ | 0.04 | $ | 0.00 | |||||||||||||
(1) Includes a benefit from income taxes in the three months ended June 30, 2012 primarily resulting from reductions in the liability for uncertain tax positions due to the lapse of the statute of limitations or closure of tax years due to a completed audit of our French subsidiary. Provision in other periods consist primarily of taxes on income in foreign jurisdictions and state income taxes in the United States.
Item 9. | Changes In and Disagreements with Accountants on Accounting and Financial Disclosure |
None.
Item 9A. | Controls and Procedures |
Evaluation of Disclosure Controls and Procedures
Our management, with the participation of our Chief Executive Officer and our Chief Financial Officer, evaluated the effectiveness of our disclosure controls and procedures as of December 31, 2013. The term “disclosure controls and procedures,” as defined in Rules 13a-15(e) and 15d-15(e) under the Exchange Act, means controls and other procedures of a company that are designed to ensure that information required to be disclosed by a company in the reports that it files or submits under the Exchange Act is recorded, processed, summarized and reported, within the time periods specified in the Securities and Exchange Commission’s rules and forms. Disclosure controls and procedures include, without limitation, controls and procedures designed to ensure that
information required to be disclosed by a company in the reports that it files or submits under the Exchange Act is accumulated and communicated to the company’s management, including its principal executive and principal financial officers, as appropriate to allow timely decisions regarding required disclosure. Management recognizes that any controls and procedures, no matter how well designed and operated, can provide only reasonable assurance of achieving their objectives and management necessarily applies its judgment in evaluating the cost-benefit relationship of possible controls and procedures. Based on the evaluation of our disclosure controls and procedures as of December 31, 2013, our Chief Executive Officer and Chief Financial Officer concluded that, as of such date, our disclosure controls and procedures were effective at the reasonable assurance level.
85
Management's Annual Report on Internal Control over Financial Reporting
Our management is responsible for establishing and maintaining adequate internal control over financial reporting, as such term is defined in Rules 13a-15(f) and 15d-15(f) of the Exchange Act. Our internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with U.S. generally accepted accounting principles, or GAAP. Our internal control over financial reporting includes those policies and procedures that: (i) pertain to the maintenance of records that in reasonable detail accurately and fairly reflect the transactions and dispositions of our assets, (ii) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with GAAP, and that our receipts and expenditures are being made only in accordance with authorizations of our management and directors, and (iii) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of our assets that could have a material effect on our financial statements.
Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.
Under the supervision and with the participation of our management, including our Chief Executive Officer and Chief Financial Officer, we conducted an evaluation of the effectiveness of our internal control over financial reporting as of December 31, 2013 based on the criteria established in the 1992 Internal Control - Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission, or COSO. Based on our evaluation under the criteria set forth in the 1992 Internal Control - Integrated Framework issued by the COSO, our management concluded our internal control over financial reporting was effective as of December 31, 2013.
Changes in Internal Control over Financial Reporting
There was no change in our internal control over financial reporting identified in connection with the evaluation required by Rule 13a-15(d) and 15d-15(d) of the Exchange Act that occurred during the fourth quarter ended December 31, 2013 that has materially affected, or is reasonably likely to materially affect, our internal control over financial reporting.
Item 9B. | Other Information |
None.
PART III
Item 10. | Directors, Executive Officers and Corporate Governance |
Executive Officers and Directors
Except as set forth below, the information required by this item is incorporated by reference to our Proxy Statement for our 2014 Annual Meeting of Stockholders to be filed with the SEC within 120 days after the end of the fiscal year ended December 31, 2013.
Codes of Business Conduct and Ethics
Our board of directors has adopted a code of business conduct and ethics that applies to all of our employees, officers and directors, including our Chief Executive Officer, Chief Financial Officer and other executive and senior financial officers. The code of business conduct and ethics is available on our website. We expect that, to the extent required by law, any amendments to the code, or any waivers of its requirements, will be disclosed on our website. We intend to disclose any waiver to the provisions of the code of business conduct and ethics that applies specifically to directors or executive officers by filing such information on a Current Report on Form 8-K with the SEC, to the extent such filing is required by the NASDAQ Stock Market's listing requirements; otherwise, we will disclose such waiver by posting such information on our website.
Item 11. | Executive Compensation |
The information required by this item is incorporated by reference to our Proxy Statement for our 2014 Annual Meeting of Stockholders to be filed with the SEC within 120 days after the end of the fiscal year ended December 31, 2013.
Item 12. | Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters |
Security Ownership of Certain Beneficial Owners and Management
The information required by this item with respect to Item 403 of Regulation S-K regarding security ownership of certain beneficial owners and management is incorporated by reference to our Proxy Statement for our 2014 Annual Meeting of Stockholders to be filed with the SEC within 120 days after the end of the fiscal year ended December 31, 2013. For the information required by this item with respect to Item 201(d) of Regulation S-K regarding securities authorized for issuance under equity compensation plans, see “Item 5: Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities—Securities Authorized for Issuance under Equity Compensation Plans.”
Item 13. | Certain Relationships and Related Transactions, and Director Independence |
The information required by this item is incorporated by reference to our Proxy Statement for our 2014 Annual Meeting of Stockholders to be filed with the SEC within 120 days after the end of the fiscal year ended December 31, 2013.
86
Item 14. | Principal Accounting Fees and Services |
The information required by this item is incorporated by reference to our Proxy Statement for our 2014 Annual Meeting of Stockholders to be filed with the SEC within 120 days after the end of the fiscal year ended December 31, 2013.
PART IV
Item 15. | Exhibits and Financial Statement Schedules |
(a)(1) Financial Statements - The financial statements filed as part of this Annual Report on Form 10-K are listed on the Index to Consolidated Financial Statements in Item 8.
(a)(2) Financial Statement Schedules
SCHEDULE II
SUPPLEMENTARY CONSOLIDATED FINANCIAL STATEMENT SCHEDULE
VALUATION AND QUALIFYING ACCOUNTS
(in thousands)
Additions | ||||||||||||||||
Balance at Beginning of Year | Charged to Costs and Expenses | Deductions and Other (1) | Balance at End of Year | |||||||||||||
Allowance for Doubtful Accounts | ||||||||||||||||
Year ended December 31, 2013 | $ | 331 | $ | 307 | $ | (249 | ) | $ | 389 | |||||||
Year ended December 31, 2012 | $ | 230 | $ | 218 | $ | (117 | ) | $ | 331 | |||||||
Year ended December 31, 2011 | $ | 138 | $ | 193 | $ | (101 | ) | $ | 230 | |||||||
(1) Primarily represents write-offs of uncollectible accounts, net of recoveries.
All other schedules have been omitted because they are not required, not applicable, or the required information is otherwise included.
(b) Exhibits
The exhibits listed on the Exhibit Index (following the Signatures section of this report) are included, or incorporated by reference, in this Annual Report on Form 10-K.
87
SIGNATURES
Pursuant to the requirements of Section 13 or 15(d) of the Securities Exchange Act of 1934, the registrant has duly caused this Annual Report on Form 10-K to be signed on its behalf by the undersigned, thereunto duly authorized, in the City of Redwood City, State of California on February 28, 2014.
QUALYS, INC. | |
By: | /s/ PHILIPPE F. COURTOT |
Name: Philippe F. Courtot | |
Title: Chairman and Chief Executive Officer | |
(principal executive officer) | |
Pursuant to the requirements of the Securities Exchange Act of 1934, this report has been signed below by the following persons on behalf of the Registrant and in the capacities indicated:
Signature | Title | Date | |
/s/ PHILIPPE F. COURTOT | Chairman and Chief Executive Officer (principal executive officer) | February 28, 2014 | |
Philippe F. Courtot | |||
/s/ DONALD C. MCCAULEY | Chief Financial Officer (principal financial and accounting officer) | February 28, 2014 | |
Donald C. McCauley | |||
/s/ SANDRA E. BERGERON | Director | February 28, 2014 | |
Sandra E. Bergeron | |||
/s/ DONALD R. DIXON | Director | February 28, 2014 | |
Donald R. Dixon | |||
/s/ JEFFREY P. HANK | Director | February 28, 2014 | |
Jeffrey P. Hank | |||
/s/ GENERAL PETER PACE | Director | February 28, 2014 | |
General Peter Pace | |||
/s/ KRISTI M. ROGERS | Director | February 28, 2014 | |
Kristi M. Rogers | |||
/s/ HOWARD A. SCHMIDT | Director | February 28, 2014 | |
Howard A. Schmidt | |||
88
EXHIBIT INDEX
Incorporated by Reference | |||||||
Exhibit | Description | Filed Herewith | Form | File No. | Exhibit No. | Filing Date | |
Number | |||||||
3.1 | Amended and Restated Certificate of Incorporation of Qualys, Inc. | S-1/A | 333-182027 | 3.3 | September 12, 2012 | ||
3.2 | Amended and Restated Bylaws of Qualys, Inc. | S-1/A | 333-182027 | 3.5 | September 12, 2012 | ||
4.1 | Form of common stock certificate. | S-1/A | 333-182027 | 4.1 | September 12, 2012 | ||
4.2 | Amended and Restated Investor Rights Agreement, by and among Qualys, Inc. and the investors party thereto, dated July 12, 2005. | S-1 | 333-182027 | 4.2 | June 8, 2012 | ||
10.1* | 2000 Equity Incentive Plan, as amended, and the form of stock option agreement thereunder. | S-1 | 333-182027 | 10.1 | June 8, 2012 | ||
10.2* | 2012 Equity Incentive Plan and forms of agreements thereunder. | S-1/A | 333-182027 | 10.2 | September 12, 2012 | ||
10.3* | Offer Letter, between Qualys, Inc. and Philippe F. Courtot, dated December 7, 2000. | S-1 | 333-182027 | 10.3 | June 8, 2012 | ||
10.4* | Offer Letter, between Qualys, Inc. and Amer S. Deeba, dated September 4, 2001. | S-1 | 333-182027 | 10.4 | June 8, 2012 | ||
10.5* | Offer Letter, between Qualys, Inc. and Sumedh S. Thakar, dated January 20, 2003. | S-1 | 333-182027 | 10.5 | June 8, 2012 | ||
10.6* | Offer Letter, between Qualys, Inc. and Donald C. McCauley, dated February 7, 2006, as amended. | S-1 | 333-182027 | 10.6 | June 8, 2012 | ||
10.7* | Offer Letter, between Qualys, Inc. and John N. Wilson, dated August 20, 2010. | S-1 | 333-182027 | 10.7 | June 8, 2012 | ||
10.8* | Offer Letter, between Qualys, Inc. and Peter Albert, dated April 14, 2011. | S-1 | 333-182027 | 10.8 | June 8, 2012 | ||
10.9* | Offer Letter, between Qualys, Inc. and Bruce K. Posey, dated May 8, 2012. | S-1 | 333-182027 | 10.9 | June 8, 2012 | ||
10.10* | Form of director and executive officer indemnification agreement. | S-1/A | 333-182027 | 10.10 | August 10, 2012 | ||
10.11 | Lease Agreement, between Qualys, Inc. and Westport Office Park, LLC, dated July 11, 2006, as amended August 10, 2007, May 20, 2010 and December 5, 2011. | S-1 | 333-182027 | 10.11 | June 8, 2012 | ||
10.12* | 2011 Corporate Bonus Plan. | S-1 | 333-182027 | 10.12 | June 8, 2012 | ||
10.13* | 2012 Corporate Bonus Plan. | S-1 | 333-182027 | 10.13 | June 8, 2012 | ||
10.14 | Master Services Agreement, between Qualys, Inc. and Savvis Communications Corporation, dated June 22, 2010. | S-1/A | 333-182027 | 10.14 | September 12, 2012 | ||
10.15† | Master Agreement, between Qualys, Inc. and Interoute Communications Limited, dated March 31, 2008. | S-1/A | 333-182027 | 10.15 | September 12, 2012 | ||
89
10.16† | Manufacturing Services Agreement, between Qualys, Inc. and Synnex Corporation, dated March 1, 2011. | S-1/A | 333-182027 | 10.16 | September 12, 2012 | ||
10.17* | Offer Letter, between Qualys, Inc. and Ann S. Johnson, dated November 7, 2013 | 8-K | 001-35662 | 10.1 | November 12, 2013 | ||
21.1 | List of subsidiaries of Qualys, Inc. | X | |||||
23.1 | Consent of Grant Thornton LLP, independent registered public accounting firm. | X | |||||
31.1 | Certification of Chief Executive Officer pursuant to Rule 13a-14(a) or Rule 15d-14(a) of the Securities Exchange Act of 1934, as adopted pursuant to Section 302 of The Sarbanes-Oxley Act of 2002. | X | |||||
31.2 | Certification of Chief Financial Officer pursuant to Rule 13a-14(a) or Rule 15d-14(a) of the Securities Exchange Act of 1934, as adopted pursuant to Section 302 of The Sarbanes-Oxley Act of 2002. | X | |||||
32.1 | Certification of Chief Executive Officer pursuant to Rule 13a-14(b) or Rule 15d-14(b) of the Securities Exchange Act of 1934 and 18 U.S.C. Section 1350 as adopted pursuant to Section 906 of The Sarbanes-Oxley Act of 2002. | X | |||||
32.2 | Certification of Chief Financial Officer pursuant to Rule 13a-14(b) or Rule 15d-14(b) of the Securities Exchange Act of 1934 and 18 U.S.C. Section 1350 as adopted pursuant to Section 906 of The Sarbanes-Oxley Act of 2002. | X | |||||
101.INS | XBRL Instance Document | X | |||||
101.SCH | XBRL Taxonomy Extension Schema Document | X | |||||
101.CAL | XBRL Taxonomy Extension Calculation Linkbase Document | X | |||||
101.DEF | XBRL Taxonomy Extension Definition Linkbase | X | |||||
101.LAB | XBRL Taxonomy Extension Labels Linkbase Document | X | |||||
101.PRE | XBRL Taxonomy Extension Presentation Linkbase Document | X | |||||
* | Indicates a management contract or compensatory plan or arrangement. | ||||||
† | Portions of this exhibit have been omitted due to a determination by the Securities and Exchange Commission that these portions should be granted confidential treatment. | ||||||
90
Exhibit 21.1
List of subsidiaries of Qualys, Inc.
Name of Subsidiary | Jurisdiction of Incorporation | |
Qualys International, Inc. | United States | |
Qualys Brazil Desenvolvimento de Produtos e Consultoria de Tecnologias de Seguranca LTDA. | Brazil | |
Qualys Canada, Ltd. | Canada | |
Qualys Technologies, S.A. | France | |
Qualys GmbH | Germany | |
Qualys Hong Kong Limited | Hong Kong | |
Qualys Security TechServices Private Ltd. | India | |
Qualys Japan K.K. | Japan | |
Qualys (Beijing) Information Technology Ltd. Corp. | People's Republic of China | |
Qualys Singapore Pte. Ltd. | Singapore | |
Qualys FZE | United Arab Emirates | |
Qualys Ltd. | United Kingdom | |
Exhibit 23.1
CONSENT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM
We have issued our report dated February 28, 2014, with respect to the consolidated financial statements and schedule included in the Annual Report of Qualys, Inc. on Form 10-K for the year ended December 31, 2013. We hereby consent to the incorporation by reference of said report in the Registration Statements of Qualys, Inc. on Forms S-8 (File No. 333-184394 and File No. 333-193576).
/s/ GRANT THORNTON LLP
San Francisco, California
February 28, 2014
Exhibit 31.1
CERTIFICATION OF CHIEF EXECUTIVE OFFICER
PURSUANT TO RULE 13a-14(a) OR RULE 15d-14(a)
OF THE SECURITIES EXCHANGE ACT OF 1934
I, Philippe F. Courtot, certify that:
1. | I have reviewed this annual report on Form 10-K of Qualys, Inc.; |
2. | Based on my knowledge, this report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statements made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this report; |
3. | Based on my knowledge, the financial statements, and other financial information included in this report, fairly present in all material respects the financial condition, results of operations and cash flows of the registrant as of, and for, the periods presented in this report; |
4. | The registrant's other certifying officer and I are responsible for establishing and maintaining disclosure controls and procedures (as defined in Exchange Act Rules 13a-15(e) and 15d-15(e)) and internal control over financial reporting (as defined in Exchange Act Rules 13a-15(f) and 15d-15(f)) for the registrant and have: |
(a) Designed such disclosure controls and procedures, or caused such disclosure controls and procedures to be designed under our supervision, to ensure that material information relating to the registrant, including its consolidated subsidiaries, is made known to us by others within those entities, particularly during the period in which this report is being prepared;
(b) Designed such internal control over financial reporting, or caused such internal control over financial reporting to be designed under our supervision, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles;
(c) Evaluated the effectiveness of the registrant's disclosure controls and procedures and presented in this report our conclusions about the effectiveness of the disclosure controls and procedures, as of the end of the period covered by this report based on such evaluation; and
(d) Disclosed in this report any change in the registrant's internal control over financial reporting that occurred during the registrant's most recent fiscal quarter (the registrant's fourth fiscal quarter in the case of an annual report) that has materially affected, or is reasonably likely to materially affect, the registrant's internal control over financial reporting; and
5. | The registrant's other certifying officer and I have disclosed, based on our most recent evaluation of internal control over financial reporting, to the registrant's auditors and the audit committee of the registrant's board of directors (or persons performing the equivalent functions): |
(a) All significant deficiencies and material weaknesses in the design or operation of internal control over financial reporting which are reasonably likely to adversely affect the registrant's ability to record, process, summarize and report financial information; and
(b) Any fraud, whether or not material, that involves management or other employees who have a significant role in the registrant's internal control over financial reporting.
Date: | February 28, 2014 | |
By: | /s/ PHILIPPE F. COURTOT | |
Philippe F. Courtot | ||
Chairman, President and Chief Executive Officer | ||
Qualys, Inc. | ||
Exhibit 31.2
CERTIFICATION OF CHIEF FINANCIAL OFFICER
PURSUANT TO RULE 13a-14(a) OR RULE 15d-14(a)
OF THE SECURITIES EXCHANGE ACT OF 1934
I, Donald C. McCauley, certify that:
1. | I have reviewed this annual report on Form 10-K of Qualys, Inc.; |
2. | Based on my knowledge, this report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statements made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this report; |
3. | Based on my knowledge, the financial statements, and other financial information included in this report, fairly present in all material respects the financial condition, results of operations and cash flows of the registrant as of, and for, the periods presented in this report; |
4. | The registrant's other certifying officer and I are responsible for establishing and maintaining disclosure controls and procedures (as defined in Exchange Act Rules 13a-15(e) and 15d-15(e)) and internal control over financial reporting (as defined in Exchange Act Rules 13a-15(f) and 15d-15(f)) for the registrant and have: |
(a) Designed such disclosure controls and procedures, or caused such disclosure controls and procedures to be designed under our supervision, to ensure that material information relating to the registrant, including its consolidated subsidiaries, is made known to us by others within those entities, particularly during the period in which this report is being prepared;
(b) Designed such internal control over financial reporting, or caused such internal control over financial reporting to be designed under our supervision, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles;
(c) Evaluated the effectiveness of the registrant's disclosure controls and procedures and presented in this report our conclusions about the effectiveness of the disclosure controls and procedures, as of the end of the period covered by this report based on such evaluation; and
(d) Disclosed in this report any change in the registrant's internal control over financial reporting that occurred during the registrant's most recent fiscal quarter (the registrant's fourth fiscal quarter in the case of an annual report) that has materially affected, or is reasonably likely to materially affect, the registrant's internal control over financial reporting; and
5. | The registrant's other certifying officer and I have disclosed, based on our most recent evaluation of internal control over financial reporting, to the registrant's auditors and the audit committee of the registrant's board of directors (or persons performing the equivalent functions): |
(a) All significant deficiencies and material weaknesses in the design or operation of internal control over financial reporting which are reasonably likely to adversely affect the registrant's ability to record, process, summarize and report financial information; and
(b) Any fraud, whether or not material, that involves management or other employees who have a significant role in the registrant's internal control over financial reporting.
Date: | February 28, 2014 | |
By: | /s/ DONALD C. McCAULEY | |
Donald C. McCauley | ||
Chief Financial Officer | ||
Qualys, Inc. | ||
Exhibit 32.1
CERTIFICATION OF CHIEF EXECUTIVE OFFICER
PURSUANT TO RULE 13a-14(b) OR RULE 15d-14(b)
OF THE SECURITIES EXCHANGE ACT OF 1934 AND 18 U.S.C. SECTION 1350
In connection with the Annual Report of Qualys, Inc. (the “Company”) on Form 10-K for the year ended December 31, 2013, as filed with the Securities and Exchange Commission on the date hereof (the “Report”), I, Philippe F. Courtot, Chairman, President and Chief Executive Officer of the Company, certify, pursuant to 18 U.S.C. § 1350, as adopted pursuant to § 906 of the Sarbanes-Oxley Act of 2002, that, to the best of my knowledge:
(1) The Report fully complies with the requirements of Section 13(a) or 15(d) of the Securities Exchange Act of 1934; and
(2) The information contained in the Report fairly presents, in all material respects, the financial condition and results of operations of the Company.
Date: | February 28, 2014 | |
By: | /s/ PHILIPPE F. COURTOT | |
Philippe F. Courtot | ||
Chairman, President and Chief Executive Officer | ||
Qualys, Inc. | ||
Exhibit 32.2
CERTIFICATION OF CHIEF FINANCIAL OFFICER
PURSUANT TO RULE 13a-14(b) OR RULE 15d-14(b)
OF THE SECURITIES EXCHANGE ACT OF 1934 AND 18 U.S.C. SECTION 1350
In connection with the Annual Report of Qualys, Inc. (the “Company”) on Form 10-K for the year ended December 31, 2013, as filed with the Securities and Exchange Commission on the date hereof (the “Report”), I, Donald C. McCauley, Chief Financial Officer of the Company, certify, pursuant to 18 U.S.C. § 1350, as adopted pursuant to § 906 of the Sarbanes-Oxley Act of 2002, that, to the best of my knowledge:
(1) The Report fully complies with the requirements of Section 13(a) or 15(d) of the Securities Exchange Act of 1934; and
(2) The information contained in the Report fairly presents, in all material respects, the financial condition and results of operations of the Company.
Date: | February 28, 2014 | |
By: | /s/ DONALD C. McCAULEY | |
Donald C. McCauley | ||
Chief Financial Officer | ||
Qualys, Inc. | ||