Item 1A. Risk Factors
A description of the risk factors associated with our business is set forth below. The list is not exhaustive, and you should carefully consider these risks and uncertainties before investing in our common stock.
RISKS RELATED TO THE PROPOSED MERGER
We may fail to consummate the Proposed Merger with Avast plc, may not consummate the Proposed Merger on the expected terms, or may not achieve the anticipated benefits.
It is currently anticipated that the Proposed Merger will be consummated in late calendar year 2022. Completion of the Proposed Merger is subject to, among other things, approval from the U.K. Competition and Markets Authority (the CMA) and other customary closing conditions for the acquisition of a UK public company, including the sanction of the UK’s High Court. All necessary regulatory approvals have been satisfied, with the exception of final approval required from the CMA, which has provisionally cleared the Proposed Merger on August 3, 2022. As a result, the possible timing and likelihood of completion are uncertain, and, accordingly, there can be no assurance that the Proposed Merger will be completed on the expected terms, on the anticipated schedule or at all. In addition, the CMA may require, in connection with granting its approval of the transaction, divestitures or ongoing restrictions on the operation of the combined business, each of which could have a material impact on the anticipated strategic benefits and synergies from the combination. Any delay in consummation of the Proposed Merger will result in greater transaction costs and professional fees and continue to expose us to market risk. If we fail to receive final approval from the CMA and cannot consummate the Proposed Merger, we may be required to pay Avast a break fee of up to $200 million under the Co-operation Agreement. If consummated, the success of the Proposed Merger will depend, in significant part, on our ability to successfully integrate Avast and its subsidiaries, grow the revenue of the combined company and realize the anticipated strategic benefits and synergies from the combination. We believe that the addition of Avast and its subsidiaries represents an attractive opportunity to create a new, industry leading consumer Cyber Safety business, leveraging the established brands, technical expertise and innovation of both groups to deliver substantial benefits to consumers, shareholders and other stakeholders. Achieving these goals requires growth of the revenue of the combined company and realization of the targeted synergies expected from the Proposed Merger. This growth and the anticipated benefits of the Proposed Merger may not be realized fully or at all, or may take longer to realize than we expect. Actual operating, technological, strategic and revenue opportunities, if achieved at all, may be less significant than we expect or may take longer to achieve than anticipated. If we are not able to achieve these objectives and realize the anticipated benefits and synergies expected from the Proposed Merger within a reasonable time, our business, financial condition and operating results may be adversely affected.
Litigation filed against us could prevent or delay the completion of the Proposed Merger or result in the payment of damages following completion of the Proposed Merger.
As previously reported in our Form 8-K dated October 29, 2021, we received letters on behalf of our purported stockholders, in each case stating the stockholder’s belief that the proxy statement filed by us on October 4, 2021 omitted material information with respect to the Merger and demanding that we make additional and supplemental disclosures regarding the Merger. Additionally, six complaints have been filed by our purported stockholders in connection with the Merger (collectively, the Merger Complaints). The Merger Complaints were brought by the plaintiffs individually and also allege that the proxy statement omitted material information with respect to the Merger. After the Company issued its October 29, 2021 Form 8-K, the plaintiffs in the Merger Complaints dismissed their actions as moot while reserving the right to seek a fee in connection with their respective litigations.
RISKS RELATED TO COVID-19
The COVID-19 pandemic has affected how we are operating our business, and the duration and extent to which this will impact our future results of operations and overall financial performance remains uncertain.
The COVID-19 pandemic has had widespread, rapidly evolving, and unpredictable impacts on global society, economies, financial markets, and business practices. At the onset of the pandemic, to protect the health and well-being of our employees, partners and third-party service providers, we facilitated a work-from-home requirement for most employees and established site-specific COVID-19 prevention protocols. We continue to monitor the situation and over the past several months have adjusted our policies and protocols to reflect changes to public health regulations and guidance. Our offices are now open to employees on a voluntary basis. To date, we have not seen any meaningful negative impact on our customer success efforts, sales and marketing efforts, or employee productivity. Nevertheless, as more employees, partners or third-party services providers return to work during the COVID-19 pandemic, the risk of inadvertent transmission of COVID-19 through human contact could still occur and result in litigation.
While the COVID-19 pandemic has negatively impacted many sectors of the U.S. and global economies, the consumer Cyber Safety market experienced increased demand as the pandemic greatly accelerated the digital lives of people around the world. However, with the extended duration of the pandemic and the easing of prevention protocols and restrictions, we are seeing decreasing demand and increased competition. In addition, should the negative macroeconomic impacts of the COVID-19 pandemic persist or worsen, we may experience continued slowdowns in our business activity and an increase in cancellations
by customers or a material reduction in our retention rate in the future, especially in the event of a prolonged recession. A prolonged recession could adversely affect demand for our offerings, retention rates and harm our business and results of operations, particularly in light of the fact that our solutions are discretionary purchases and thus may be more susceptible to macroeconomic pressures, as well impact the value of our common stock, ability to refinance our debt and our access to capital.
The duration and extent of the impact from the COVID-19 pandemic depends on future developments that cannot be accurately forecasted at this time, such as the severity and transmission rate of new variants of the disease, the extent, effectiveness and acceptance of containment actions, such as vaccination programs, and the impact of these and other factors on our employees, customers and the overall demand for our products, partners and third-party service providers. If we are not able to respond to and manage the impact of such events effectively and if the macroeconomic conditions of the general economy or the industries in which we operate do not improve, or deteriorate further, our business, operating results, financial condition and cash flows could be adversely affected.
RISKS RELATED TO OUR BUSINESS STRATEGY AND INDUSTRY
If we are unable to develop new and enhanced solutions, or if we are unable to continually improve the performance, features, and reliability of our existing solutions, our business and operating results could be adversely affected.
Our future success depends on our ability to effectively respond to evolving threats to consumers, as well as competitive technological developments and industry changes, by developing or introducing new and enhanced solutions on a timely basis.
We have in the past incurred, and will continue to incur, significant research and development expenses as we focus on organic growth through internal innovation. We believe that we also must continue to dedicate a significant amount of resources to our research and development efforts to decrease our reliance on third parties. If we do not achieve the benefits anticipated from these investments, or if the achievement of these benefits is delayed, our operating results may be adversely affected. Additionally, we must continually address the challenges of dynamic and accelerating market trends and competitive developments. Customers may require features and capabilities that our current solutions do not have. Our failure to develop new solutions and improve our existing solutions to satisfy customer preferences and effectively compete with other market offerings in a timely and cost-effective manner may harm our ability to retain our customers and attract new customers. A loss of customers would adversely impact our business and operating results.
The development and introduction of new solutions involve a significant commitment of time and resources and are subject to a number of risks and challenges including but not limited to:
•Lengthy development cycles;
•Evolving industry and regulatory standards and technological developments by our competitors and customers;
•Rapidly changing customer preferences;
•Evolving platforms, operating systems, and hardware products, such as mobile devices;
•Product and service interoperability challenges with customer’s technology and third-party vendors;
•The integration of products and solutions from acquired companies;
•Entering into new or unproven market segments; and
•Executing new product and service strategies.
In addition, third parties, including operating systems and internet browser companies, may take steps to further limit the interoperability of our solutions with their own products and services, in some cases to promote their own offerings. This could delay the development of our solutions or our solutions may be unable to operate effectively. This could also result in decreased demand for our solutions, decreased revenue, and harm to our reputation, and adversely affect our business, financial condition, results of operations, and cash flows.
If we are not successful in managing these risks and challenges, or if our new or improved solutions are not technologically competitive or do not achieve market acceptance, our business and operating results could be adversely affected.
We operate in a highly competitive and dynamic environment, and if we are unable to compete effectively, we could experience a loss in market share and a reduction in revenue.
We operate in intensely competitive and dynamic markets that experience frequent and rapid technological developments, changes in industry and regulatory standards, changes in customer requirements and preferences, and frequent new product introductions and improvements. If we are unable to anticipate or react to these continually evolving conditions, we could experience a loss of market share and a reduction in our revenues, which could materially and adversely affect our business and financial results. To compete successfully, we must maintain an innovative research and development effort to develop new solutions and enhance our existing solutions, effectively adapt to changes in the technology or product rights held by our competitors as well as the ways our information is accessed, used and stored by our customers, and appropriately respond to competitive strategies.
We face competition from a broad range of companies, including software vendors focusing on Cyber Safety solutions, operating system providers such as Apple, Google and Microsoft, and ‘pure play’ companies that currently specialize in one or a few particular segments of the market and many of which are expanding their product portfolios into different segments. Many of these competitors offer solutions or are currently developing solutions that directly compete with our offerings. We also face
growing competition from other technology companies, as well as from companies in the identity threat protection space such as credit bureaus. Further, many of our competitors are increasingly developing and incorporating into their products data protection software and other competing Cyber Safety products such as antivirus protection or VPN, often free of charge, that compete with our offerings. Our competitive position could be adversely affected by the functionality incorporated into these products rendering our existing solutions obsolete. In addition, the introduction of new products or services by competitors, and/or market acceptance of products or services based on emerging or alternative technologies, could make it easier for other products or services to compete with our solutions.
We anticipate facing additional competition as new participants continue to enter the Cyber Safety market and as our current competitors seek to increase their market share and expand their existing offerings. Some of our competitors have greater financial, technical, marketing, or other resources than we do, including in new Cyber Safety and digital life segments, and consequently, may have the ability to influence customers to purchase their products instead of ours, including through investing more in internal innovation than we can and through benefiting from unique access to customer engagement points. Further consolidation among our competitors and within our industry or, in addition to other changes in the competitive environment, such as greater vertical integration from key computing and operating system suppliers could result in larger competitors that compete more frequently with us.
In addition to competing with these vendors directly for sales to end-users of our solutions, we compete with them for the opportunity to have our solutions bundled with the offerings of our strategic partners, such as computer hardware original equipment manufacturers (OEMs) and internet service providers (ISPs) and operating systems. Our competitors could gain market share from us if any of these strategic partners replace our solutions with those of our competitors or with their own solutions; similarly, they could gain market share from us if these partners more actively promote our competitors’ solutions or their own solutions than our solutions. In addition, software vendors who have bundled our solutions with theirs may choose to bundle their solutions with their own or other vendors’ solutions or may limit our access to standard interfaces and inhibit our ability to develop solutions for their platform. In the future, further product development by these vendors could cause our solutions to become redundant, which could significantly impact our sales and operating results.
We may need to change our pricing models to compete successfully.
The intense competition we face, in addition to general and economic business conditions, can put pressure on us to change our pricing practices. If our competitors offer deep discounts on certain solutions or provide offerings, or offer free introductory products that compete with ours, we may need to lower prices or offer similar free introductory products in order to compete successfully. Similarly, if external factors, such as economic conditions or market trends, require us to raise our prices, our ability to acquire new customers and retain existing customers may be diminished. Any such changes may reduce revenue and margins and could adversely affect our financial results.
Additionally, our business may be affected by changes in the macroeconomic environment. Our solutions are discretionary purchases, and customers may reduce or eliminate their discretionary spending on our solutions during a difficult macroeconomic environment. Although we did not experience a material increase in cancellations by customers or a material reduction in our retention rate in fiscal 2022 or in the first quarter of fiscal 2023, we may experience such an increase or reduction in the future, especially in the event of a prolonged recession or a worsening of current conditions as a result of the COVID-19 pandemic. In addition, during a recession, consumers may experience a decline in their credit or disposable income, which may result in less demand for our solutions. As a result, we may have to lower our prices or make other changes to our pricing model to address these dynamics, any of which could adversely affect our business and financial results.
In addition, in January 2021, we acquired Germany-based Avira. Many of Avira’s users are freemium subscribers, meaning they do not pay for its basic services. Much of our anticipated growth in connection with the Avira acquisition is attributable to attracting and converting Avira’s freemium users to a paid subscription option. Numerous factors, however, may impede our ability to attract, retain and convert these users into paying customers.
If we fail to manage our sales and distribution channels effectively, or if our partners choose not to market and sell our solutions to their customers, our operating results could be adversely affected.
A portion of our revenues is derived from sales through indirect channels, including, but not limited to, distributors that sell our products to end-users and other resellers, and OEM partners that incorporate our products into, or bundle our products with, their products. These channels involve a number of risks, including:
•Our resellers, distributors and OEMs are generally not subject to minimum sales requirements or any obligation to market our solutions to their customers;
•Our reseller and distributor agreements are generally nonexclusive and may be terminated at any time without cause and our OEM partners may terminate or renegotiate their arrangements with us and new terms may be less favorable due to competitive conditions in our markets and other factors;
•Our resellers, distributors and OEMs may encounter issues or have violations of applicable law or regulatory requirements or otherwise cause damage to our reputation through their actions;
•Our resellers and distributors frequently market and distribute competing solutions and may, from time to time, place greater emphasis on the sale of these competing solutions due to pricing, promotions, and other terms offered by our competitors;
•Any consolidation of electronics retailers can increase their negotiating power with respect to software providers such as us and any decline in the number of physical retailers could decrease the channels of distribution for us;
•The continued consolidation of online sales through a small number of larger channels has been increasing, which could reduce the channels available for online distribution of our solutions; and
•Sales through our partners are subject to changes in general economic conditions, strategic direction, competitive risks, and other issues that could result in a reduction of sales, or cause our partners to suffer financial difficulty which could delay payments to us, affecting our operating results.
If we fail to manage our sales and distribution channels successfully, these channels may conflict with one another or otherwise fail to perform as we anticipate, which could reduce our sales and increase our expenses as well as weaken our competitive position.
Our revenue and operating results depend significantly on our ability to retain our existing customers, convert existing non-paying customers to paying customers, and add new customers.
We generally sell our solutions to our customers on a monthly or annual subscription basis. Customers may choose not to renew their membership with us at any time. Renewing customers may require additional incentives to renew, may not renew for the same contract period, or may change their subscriptions. We therefore may be unable to retain our existing customers on the same or on more profitable terms, if at all. In addition, we may not be able to accurately predict or anticipate future trends in customer retention or effectively respond to such trends.
Our customer retention rates may decline or fluctuate due to a variety of factors, including the following:
•Our customers’ levels of satisfaction or dissatisfaction with our solutions and the value they place on our solutions;
•The quality, breadth, and prices of our solutions;
•Our general reputation and events impacting that reputation;
•The services and related pricing offered by our competitors; including increasing availability and efficacy of free solutions;
•Disruption by new services or changes in law or regulations that impact the need for efficacy of our products and services;
•Changes in auto-renewal regulations;
•Our customers’ dissatisfaction with our efforts to market additional products and services;
•Our customer service and responsiveness to the needs of our customers; and
•Changes in our target customers’ spending levels as a result of general economic conditions, inflationary pressures or other factors.
Declining customer retention rates could cause our revenue to grow more slowly than expected or decline; and our operating results, gross margins and business will be harmed.
Our acquisitions and divestitures create special risks and challenges that could adversely affect our financial results.
As part of our business strategy, we may acquire or divest businesses or assets. For example, in 2019 we completed the sale of certain of our enterprise security assets to Broadcom Inc. (the Broadcom sale) and in January 2021, we completed the acquisition of Avira. These activities can involve a number of risks and challenges, including:
•Complexity, time, and costs associated with managing these transactions, including the integration of acquired and the winding down of divested business operations, workforce, products, IT systems, and technologies;
•Challenges in retaining customers of acquired businesses, or providing the same level of service to existing customers with reduced resources;
•Diversion of management time and attention;
•Loss or termination of employees, including costs associated with the termination or replacement of those employees;
•Assumption of liabilities of the acquired and divested business or assets, including pending or future litigation, investigations or claims related to the acquired business or assets;
•The addition of acquisition-related debt;
•Difficulty in entering into or expanding in new markets or geographies;
•Increased or unexpected costs and working capital requirements;
•Dilution of stock ownership of existing stockholders;
•Unanticipated delays or failure to meet contractual obligations;
•Substantial accounting charges for acquisition-related costs, asset impairments, amortization of intangible assets, and higher levels of stock-based compensation expense; and
•Difficulty in realizing potential benefits, including cost savings and operational efficiencies, synergies and growth prospects from integrating acquired businesses.
Moreover, to be successful, large complex acquisitions depend on large-scale product, technology, and sales force integrations that are difficult to complete on a timely basis or at all and may be more susceptible to the special risks and challenges described above. Any of the foregoing, and other factors, could harm our ability to achieve anticipated levels of profitability or other financial benefits from our acquired or divested businesses, product lines or assets or to realize other anticipated benefits of divestitures or acquisitions.
Changes in industry structure and market conditions could lead to charges related to discontinuance of certain of our products or businesses and asset impairments.
In response to changes in industry structure and market conditions, we may be required to strategically reallocate our resources and consider restructuring, disposing of, or otherwise exiting certain businesses. Any decision to limit investment in or dispose of or otherwise exit businesses may result in the recording of special charges, such as technology-related write-offs, workforce reduction costs, charges relating to consolidation of excess facilities, or claims from third parties who were resellers or users of discontinued products. Our estimates with respect to the useful life or ultimate recoverability of our carrying basis of assets, including purchased intangible assets, could change as a result of such assessments and decisions. Although in certain instances our vendor agreements allow us the option to cancel, reschedule, and adjust our requirements based on our business needs, our loss contingencies may include liabilities for contracts that we cannot cancel, reschedule or adjust with suppliers.
Further, our estimates relating to the liabilities for excess facilities are affected by changes in real estate market conditions. Additionally, we are required to evaluate goodwill impairment on an annual basis and between annual evaluations in certain circumstances, and future goodwill impairment evaluations may result in a charge to earnings.
RISKS RELATED TO OUR OPERATIONS
We are dependent upon Broadcom for certain engineering and threat response services, which are critical to our products and business.
Our endpoint security solution has historically relied upon certain threat analytics software engines and other software (the Engine-Related Services) that have been developed and provided by engineering teams that have transferred to Broadcom as part of the Broadcom sale. The technology, including source code, at issue is shared, and pursuant to the terms of the Broadcom sale, we retain rights to use, modify, enhance and create derivative works from such technology. Broadcom has committed to provide these Engine-Related Services substantially to the same extent and in substantially the same manner, as has been historically provided under a license agreement with a limited term.
As a result, we are dependent on Broadcom for services and technology that are critical to our Norton business, and if Broadcom fails to deliver these Engine-Related Services it would result in significant business disruption, and our business and operating results and financial condition could be materially and adversely affected. Furthermore, if our current sources become unavailable, and if we are unable to develop or obtain alternatives to integrate or deploy them in time, our ability to compete effectively could be impacted and have a material adverse effect on our business. Additionally, in connection with the Broadcom sale, we lost other capabilities, including certain threat intelligence data which were historically provided by our former Enterprise Security business, the lack of which could have a negative impact on our business and products.
Our future success depends on our ability to attract and retain personnel in a competitive marketplace.
Our future success depends upon our ability to recruit and retain key management, technical (including cyber security experts), sales, marketing, e-commerce, finance, and other personnel. Our officers and other key personnel are “at will” employees and we generally do not have employment or non-compete agreements with our employees. Competition for people with the specific skills that we require is significant. While we continue to monitor the competitive environment, it is possible that the COVID-19 pandemic may affect the productivity of our employees and our ability to attract and retain key talent. As a result of the pandemic, in March 2020, we transitioned to a remote working environment for the substantial majority of our employees. While our employees have transitioned effectively to working from home, over time such remote operations may decrease the cohesiveness of our employees and our ability to maintain our culture, both of which are integral to our success. Additionally, a remote working environment may impede our ability to undertake new business projects, to foster a creative environment, to hire new employees and to retain existing employees.
In order to attract and retain personnel in a competitive marketplace, we must provide competitive pay packages, including cash and equity-based compensation. Additionally, changes in immigration laws could impair our ability to attract and retain highly qualified employees. If we fail to attract, retain and motivate new or existing personnel, our business, results of operations and future growth prospects could suffer. The volatility in our stock price may from time to time adversely affect our ability to recruit or retain employees. In addition, we may not have an adequate number of shares reserved under our equity compensation plans, forcing us to reduce awards of equity-based compensation, which could impair our efforts to attract, retain and motivate necessary personnel. If we are unable to hire and retain qualified employees, or conversely, if we fail to manage employee performance or reduce staffing levels when required by market conditions, our business and operating results could be adversely affected.
Effective succession planning is also important to our long-term success. Failure to ensure effective transfer of knowledge and smooth transitions involving key employees could hinder our strategic planning and execution. From time to time, key personnel leave our company and the frequency and number of such departures have widely varied and have, in the past, resulted in significant changes to our executive leadership team. The loss of any key employee could result in significant
disruptions to our operations, including adversely affecting the timeliness of product releases, the successful implementation and completion of company initiatives, our internal control over financial reporting, and our results of operations. In addition, hiring, training, and successfully integrating replacement personnel can be time consuming and expensive, may cause additional disruptions to our operations, and may be unsuccessful, which could negatively impact future financial results.
Our inability to successfully recover from a disaster or other business continuity event could impair our ability to deliver our products and services and harm our business.
We are heavily reliant on our technology and infrastructure to provide our products and services to our customers. For example, we host many of our products using third-party data center facilities, and while we require them to maintain formal service level agreements around availability, we do not control the operation of these facilities. These facilities are vulnerable to damage, interruption, or performance problems from earthquakes, hurricanes, floods, fires, power loss, telecommunications failures, pandemics and similar events. They are also subject to break-ins, computer viruses, sabotage, intentional acts of vandalism, and other misconduct. The occurrence of a natural disaster, an act of terrorism, a pandemic, and similar events could result in a decision to close the facilities without adequate notice or other unanticipated problems, which in turn, could result in lengthy interruptions in the delivery of our products and services, which could negatively impact our sales and operating results.
Furthermore, our business administration, human resources, compliance efforts, and finance services depend on the proper functioning of our computer, telecommunication, and other related systems and operations. A disruption or failure of these systems or operations because of a disaster, cyber-attack or other business continuity event, such as the COVID-19 pandemic, could cause data to be lost or otherwise delay our ability to complete sales and provide the highest level of service to our customers. In addition, we could have difficulty producing accurate financial statements on a timely basis, and deficiencies may arise in our internal control over financial reporting, which may impact our ability to certify our financial results, all of which could adversely affect the trading value of our stock. Although we endeavor to ensure there is redundancy in these systems and that they are regularly backed-up, there are no assurances that data recovery in the event of a disaster would be effective or occur in an efficient manner. If these systems or their functionality do not operate as we expect them to, we may be required to expend significant resources to make corrections or find alternative sources for performing these functions.
If we fail to offer high-quality customer support, our customer satisfaction may suffer and have a negative impact on our business and reputation.
Many of our customers rely on our customer support services to resolve issues, including technical support, billing and subscription issues, that may arise. If demand increases, or our resources decrease, we may be unable to offer the level of support our customers expect. Any failure by us to maintain the expected level of support could reduce customer satisfaction and negatively impact our customer retention and our business.
Our international operations involve risks that could increase our expenses, adversely affect our operating results and require increased time and attention of our management.
We derive a portion of our revenues from customers located outside of the U.S., and we have significant operations outside of the U.S., including engineering, finance, sales and customer support. Our international operations are subject to risks in addition to those faced by our domestic operations, including:
•Potential loss of proprietary information due to misappropriation or laws that may be less protective of our intellectual property rights than U.S. laws or that may not be adequately enforced;
•Requirements of foreign laws and other governmental controls, including tariffs, trade barriers and labor restrictions, and related laws that reduce the flexibility of our business operations;
•Potential changes in trade relations arising from policy initiatives or other political factors;
•Regulations or restrictions on the use, import, or export of encryption technologies that could delay or prevent the acceptance and use of encryption products and public networks for secure communications;
•Local business and cultural factors that differ from our normal standards and practices, including business practices that we are prohibited from engaging in by the Foreign Corrupt Practices Act and other anti-corruption laws and regulations;
•Central bank and other restrictions on our ability to repatriate cash from our international subsidiaries or to exchange cash in international subsidiaries into cash available for use in the U.S.;
•Fluctuations in currency exchange rates, economic instability, and inflationary conditions could make our solutions more expensive or could increase our costs of doing business in certain countries;
•Limitations on future growth or inability to maintain current levels of revenues from international sales if we do not invest sufficiently in our international operations;
•Difficulties in staffing, managing, and operating our international operations;
•Difficulties in coordinating the activities of our geographically dispersed and culturally diverse operations;
•Costs and delays associated with developing software and providing support in multiple languages; and
•Political unrest, war, or terrorism, or regional natural disasters, particularly in areas in which we have facilities.
RISKS RELATED TO OUR SOLUTIONS
Our solutions, systems, websites and the data on these sources may be subject to intentional disruption that could materially harm to our reputation and future sales.
Despite our precautions and significant ongoing investments to protect against security risks, data protection breaches, cyber-attacks, and other intentional disruptions of our solutions, we expect to be an ongoing target of attacks specifically designed to impede the performance and availability of our offerings and harm our reputation as a leading cyber security company. Similarly, experienced computer programmers or other sophisticated individuals or entities, including malicious hackers, state-sponsored organizations, and insider threats including actions by employees and third-party service providers, may attempt to penetrate our network security or the security of our systems and websites and misappropriate proprietary information or cause interruptions of our products and services. Such attempts are increasing in number and in technical sophistication, and if successful could expose us and the affected parties, to risk of loss or misuse of proprietary or confidential information or disruptions of our business operations.
While we engage in a number of measures aimed to protect against security breaches and to minimize the impact if a data breach were to occur, our information technology systems and infrastructure may be vulnerable to damage, compromise, disruption, and shutdown due to attacks or breaches by hackers or other circumstances, such as error or malfeasance by employees or third party service providers or technology malfunction. The occurrence of any of these events, as well as a failure to promptly remedy these events should they occur, could compromise our systems, and the information stored in our systems could be accessed, publicly disclosed, lost, stolen, or damaged. Any such circumstance could adversely affect our ability to attract and maintain customers as well as strategic partners, cause us to suffer negative publicity or damage to our brand, and subject us to legal claims and liabilities or regulatory penalties. In addition, unauthorized parties might alter information in our databases, which would adversely affect both the reliability of that information and our ability to market and perform our services as well as undermine our ability to remain compliant with relevant laws and regulations. Techniques used to obtain unauthorized access or to sabotage systems change frequently, are constantly evolving and generally are difficult to recognize and react to effectively. We may be unable to anticipate these techniques or to implement adequate preventive or reactive measures. Several recent, highly publicized data security breaches, including a large-scale attack on SolarWinds customers by a foreign nation state actor and a significant uptick in ransomware/extortion attacks at other companies have heightened consumer awareness of this issue and may embolden individuals or groups to target our systems or those of our strategic partners or enterprise customers. In December 2021, a critical remote code execution (RCE) vulnerability was identified in the Apache Software Foundation’s Log4j software library (Log4j), which if exploited could result in unauthorized access to Company systems and data, and acquisition of the same. We are taking, and have taken, steps to remediate all known Log4j vulnerabilities within our environment, deployed compensating controls, and implemented additional changes to protect against an exploit of those vulnerabilities. A threat actor could exploit a Log4j vulnerability or newly discovered vulnerabilities before we complete our remediation work or identify a vulnerability that we did not effectively remediate. If that happens, there could be unauthorized access to, or acquisition of, data we maintain, and damage to Company systems. We could also face legal action from individuals, business partners, and regulators in connection with exploitation of those vulnerabilities, which would result in increased costs and fees incurred in our defense against those proceedings.
Our solutions are complex and operate in a wide variety of environments, systems and configurations, which could result in failures of our solutions to function as designed.
Because we offer very complex solutions, errors, defects, disruptions, or other performance problems with our solutions may and have occurred. For example, we may experience disruptions, outages, and other performance problems due to a variety of factors, including infrastructure changes, human or software errors, capacity constraints due to an overwhelming number of users accessing our websites simultaneously, fraud, or security attacks. In some instances, we may not be able to identify the cause or causes of these performance problems within an acceptable period of time. Interruptions in our solutions, could impact our revenues or cause customers to cease doing business with us. Our operations are dependent upon our ability to protect our technology infrastructure against damage from business continuity events that could have a significant disruptive effect on our operations. We could potentially lose customer data or experience material adverse interruptions to our operations or delivery of solutions to our clients in a disaster recovery scenario.
Negative publicity regarding our brand, solutions and business could harm our competitive position.
Our brand recognition and reputation as a trusted service provider are critical aspects of our business and key to retaining existing customers and attracting new customers. Our business could be harmed due to errors, defects, disruptions or other performance problems with our solutions causing our customers and potential customers to believe our solutions are unreliable. Furthermore, negative publicity, whether or not justified, including intentional brand misappropriation, relating to events or activities attributed to us, our employees, our strategic partners, our affiliates, or others associated with any of these parties, may tarnish our reputation and reduce the value of our brands. In addition, the rapid rise and use of social media has the potential to harm our brand and reputation. We may be unable to timely respond to and resolve negative and inaccurate social media posts regarding our company, solutions and business in an appropriate manner. Damage to our reputation and loss of brand equity may reduce demand for our solutions and have an adverse effect on our business, operating results, and financial condition. Moreover, any attempts to rebuild our reputation and restore the value of our brands may be costly and time consuming, and such efforts may not ultimately be successful.
We collect, use, disclose, store or otherwise process personal information, which subjects us to privacy and data security laws and contractual commitments.
We collect, use, process, store, transmit or disclose (collectively, process) an increasingly large amount of confidential information, including personally identifiable information, credit card information and other critical data from employees and customers, in connection with the operation of our business, particularly in relation to our identity and information protection offerings.
The personal information we process is subject to an increasing number of federal, state, local, and foreign laws regarding privacy and data security, as well as contractual commitments. Any failure or perceived failure by us to comply with such obligations may result in governmental enforcement actions, fines, litigation, or public statements against us by consumer advocacy groups or others and could cause our customers to lose trust in us, which could have an adverse effect on our reputation and business.
Additionally, changes to applicable privacy or data security laws could impact how we process personal information and therefore limit the effectiveness of our solutions or our ability to develop new solutions. For example, the European Union General Data Protection Regulation imposes more stringent data protection requirements and provides for greater penalties for noncompliance of up to the greater of €20 million or four percent of our worldwide annual revenues.
Data protection legislation is also becoming increasingly common in the U.S. at both the federal and state level. For example, the California Consumer Privacy Act of 2018 (the CCPA) requires, among other things, covered companies to provide new disclosures to California consumers regarding the use of personal information, gives California residents expanded rights to access their personal information that has been collected and allows such consumers new abilities to opt-out of certain sales of personal information. Further, the new California Privacy Rights Act (the CPRA) significantly modifies the CCPA. These modifications may result in additional uncertainty and require us to incur additional costs and expenses in our effort to comply. Additionally, the Federal Trade Commission (the FTC) and many state attorneys general are interpreting federal and state consumer protection laws to impose standards for the online collection, use, dissemination, and security of data. The burdens imposed by the CCPA, CPRA and other similar laws that may be enacted at the federal and state level may require us to modify our data processing practices and policies, adapt our goods and services and incur substantial expenditures in order to comply.
Global privacy and data protection legislation, enforcement, and policy activity are rapidly expanding and evolving, and may be inconsistent from jurisdiction to jurisdiction. We may be or become subject to data localization laws mandating that data collected in a foreign country be processed and stored only within that country. If any country in which we have customers were to adopt a data localization law, we could be required to expand our data storage facilities there or build new ones in order to comply. The expenditure this would require, as well as costs of compliance generally, could harm our financial condition.
Additionally, third parties with whom we work, such as vendors or developers, may violate applicable laws or our policies and such violations can place personal information of our customers at risk. In addition, our customers may also accidentally disclose their passwords or store them on a device that is lost or stolen, creating the perception that our systems are not secure against third-party access. This could have an adverse effect on our reputation and business. In addition, such third parties could expose us to compromised data or technology, or be the target of cyberattack and other data breaches which could impact our systems or our customers’ records. Further, we could be the target of a cyberattack or other action that impacts our systems and results in a data breach of our customers’ records. This could have an adverse effect on our reputation and business.
LEGAL AND COMPLIANCE RISKS
Matters relating to or arising from our completed Audit Committee Investigation, including litigation matters, and potential additional expenses, may adversely affect our business and results of operations.
As previously disclosed in our public filings, the Audit Committee completed its internal investigation in September 2018. In connection with the Audit Committee Investigation, we voluntarily self-reported to the SEC. The SEC commenced a formal investigation with which we cooperated. In April 2022, the SEC Staff informed the Company that it concluded its investigation and does not intend to recommend an enforcement action by the Commission against us.
We have incurred, and may continue to incur, significant expenses related to legal and other professional services in connection with or relating to the SEC investigation, which may continue to adversely affect our business and financial condition. In addition, securities class actions and other lawsuits have been filed against us, certain current and former directors, and former officers. The outcome of the securities class actions and other litigation is difficult to predict, and the cost to defend, settle, or otherwise resolve these matters may be significant. Plaintiffs in these matters may seek recovery of very large or indeterminate amounts. The monetary and other impact of these litigations, proceedings, or actions may remain unknown for substantial periods of time. Further, an unfavorable resolution of litigations, proceedings or actions could have a material adverse effect on our business, financial condition, and results of operations and cash flows. Any future investigations or additional lawsuits may also adversely affect our business, financial condition, results of operations, and cash flows.
Our solutions are highly regulated, which could impede our ability to market and provide our solutions or adversely affect our business, financial position, and results of operations.
Our solutions are subject to a high degree of regulation, including a wide variety of federal, state, and local laws and regulations, such as the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, the Federal Trade Commission Act (FTC Act), and comparable state laws that are patterned after the FTC Act. LifeLock has previously entered into consent decrees and similar arrangements with the FTC and the attorney generals of 35 states as well as a settlement with the FTC relating to allegations that certain of LifeLock’s advertising, marketing and security practices constituted deceptive acts or practices in
violation of the FTC Act, which impose additional restrictions on our business, including prohibitions against making any misrepresentation of “the means, methods, procedures, effects, effectiveness, coverage, or scope of” our solutions. NortonLifeLock signed an Undertaking, effective June 14, 2021, with the United Kingdom’s Competition and Markets Authority (CMA) requiring NortonLifeLock to make certain changes to its policies and practices related to automatically renewing subscriptions in the United Kingdom as part of the CMA’s investigation into auto-renewal practices in the antivirus sector it launched in December 2018. Any of the laws and regulations that apply to our business are subject to revision or new or changed interpretations, and we cannot predict the impact of such changes on our business.
Additionally, the nature of our identity and information protection products subjects us to the broad regulatory, supervisory, and enforcement powers of the Consumer Financial Protection Bureau which may exercise authority with respect to our services, or the marketing and servicing of those services, through the oversight of our financial institution or credit reporting agency customers and suppliers, or by otherwise exercising its supervisory, regulatory, or enforcement authority over consumer financial products and services.
If we do not protect our proprietary information and prevent third parties from making unauthorized use of our products and technology, our financial results could be harmed.
Much of our software and underlying technology is proprietary. We seek to protect our proprietary rights through a combination of confidentiality agreements and procedures and through copyright, patent, trademark, and trade secret laws. However, these measures afford only limited protection and may be challenged, invalidated, or circumvented by third parties. Third parties may copy all or portions of our products or otherwise obtain, use, distribute, and sell our proprietary information without authorization.
Third parties may also develop similar or superior technology independently by designing around our patents. Our consumer agreements do not require a signature and therefore may be unenforceable under the laws of some jurisdictions. Furthermore, the laws of some foreign countries do not offer the same level of protection of our proprietary rights as the laws of the U.S., and we may be subject to the unauthorized use of our products in those countries. The unauthorized copying or use of our products or proprietary information could result in reduced sales of our products. Any legal action to protect proprietary information that we may bring or be engaged in with a strategic partner or vendor could adversely affect our ability to access software, operating system, and hardware platforms of such partner or vendor, or cause such partner or vendor to choose not to offer our products to their customers. In addition, any legal action to protect proprietary information that we may bring or be engaged in, could be costly, may distract management from day-to-day operations, and may lead to additional claims against us, which could adversely affect our operating results.
From time to time we are a party to lawsuits and investigations, which typically require significant management time and attention and result in significant legal expenses.
We are frequently involved in litigation and other proceedings, including, but not limited to, patent litigation, class actions, and governmental claims or investigations, some of which may be material initially or become material over time. The expense of initiating and defending, and in some cases settling, such matters may be costly and divert management’s attention from the day-to-day operations of our business, which could have a materially adverse effect on our business, results of operations, and cash flows. In addition, such matters may thru the course of litigation or other proceedings incur an unfavorable change which could alter the profile of the matter and create potential material risk to the company. Any unfavorable outcome in a matter could result in significant fines, settlements, monetary damages, or injunctive relief that could negatively and materially impact our ability to conduct our business, results of operations, and cash flows. Additionally, in the event we did not previously accrue for such litigation or proceeding in our financial statements, we may be required to record retrospective accruals that adversely affect our results of operations and financial condition.
Third parties claiming that we infringe their proprietary rights could cause us to incur significant legal expenses and prevent us from selling our products.
From time to time, third parties may claim that we have infringed their intellectual property rights, including claims regarding patents, copyrights, and trademarks. Because of constant technological change in the segments in which we compete, the extensive patent coverage of existing technologies, and the rapid rate of issuance of new patents, it is possible that the number of these claims may grow. In addition, former employers of our former, current, or future employees may assert claims that such employees have improperly disclosed to us confidential or proprietary information of these former employers. Any such claim, with or without merit, could result in costly litigation and distract management from day-to-day operations. If we are not successful in defending such claims, we could be required to stop selling, delay shipments of, or redesign our solutions, pay monetary amounts as damages, enter into royalty or licensing arrangements, or satisfy indemnification obligations that we have with some of our partners. We cannot assure you that any royalty or licensing arrangements that we may seek in such circumstances will be available to us on commercially reasonable terms or at all. We have made and expect to continue making significant expenditures to investigate, defend, and settle claims related to the use of technology and intellectual property rights as part of our strategy to manage this risk.
In addition, we license and use software from third parties in our business. These third-party software licenses may not continue to be available to us on acceptable terms or at all and may expose us to additional liability. This liability, or our inability to use any of this third-party software, could result in delivery delays or other disruptions in our business that could materially and adversely affect our operating results.
Some of our products contain “open source” software, and any failure to comply with the terms of one or more of these open source licenses could negatively affect our business.
Certain of our products are distributed with software licensed by its authors or other third parties under so-called “open source” licenses. Some of these licenses contain requirements that we make available source code for modifications or derivative works we create based upon the open source software and that we license such modifications or derivative works under the terms of a particular open source license or other license granting third parties certain rights of further use. By the terms of certain open source licenses, we could be required to release the source code of our proprietary software if we combine our proprietary software with open source software in a certain manner. In addition to risks related to license requirements, usage of open source software can lead to greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or controls on origin of the software. We have established processes to help alleviate these risks, including a review process for screening requests from our development organizations for the use of open source, but we cannot be sure that all open source is submitted for approval prior to use in our products. In addition, many of the risks associated with usage of open source may not or cannot be eliminated and could, if not properly addressed, negatively affect our business.
RISKS RELATED TO OUR LIQUIDITY AND INDEBTEDNESS
There are risks associated with our outstanding and future indebtedness that could adversely affect our financial condition.
As of July 1, 2022, we had an aggregate of $3,336 million of outstanding indebtedness that will mature in calendar years 2022 through 2030, and $1,000 million available for borrowing under our revolving credit facility. See Note 10 of the Notes to the Condensed Consolidated Financial Statements included in this Quarterly Report on Form 10-Q for further information on our outstanding debt. Our ability to meet expenses, remain in compliance with the covenants under our debt instruments, pay interest and repay principal for our substantial level of indebtedness depends on, among other things, our operating performance, competitive developments, and financial market conditions, all of which are significantly affected by financial, business, economic and other factors. We are not able to control many of these factors. Accordingly, our cash flow may not be sufficient to allow us to pay principal and interest on our debt, including the notes, and meet our other obligations. Our level of indebtedness could have other important consequences, including the following:
•We must use a substantial portion of our cash flow from operations to pay interest and principal on the term loans and revolving credit facility, our existing senior notes, and other indebtedness, which reduces funds available to us for other purposes such as working capital, capital expenditures, other general corporate purposes, and potential acquisitions;
•We may be unable to refinance our indebtedness or to obtain additional financing for working capital, capital expenditures, acquisitions, or general corporate purposes;
•We are exposed to fluctuations in interest rates because borrowings under our senior secured credit facilities bear interest at variable rates;
•Our leverage may be greater than that of some of our competitors, which may put us at a competitive disadvantage and reduce our flexibility in responding to current and changing industry and financial market conditions;
•We may be more vulnerable to an economic downturn or recession and adverse developments in our business;
•We may be unable to comply with financial and other covenants in our debt agreements, which could result in an event of default that, if not cured or waived, may result in acceleration of certain of our debt and would have an adverse effect on our business and prospects and could force us into bankruptcy or liquidation;
•Changes by any rating agency to our outlook or credit rating could negatively affect the value of our debt and/or our common stock, adversely affect our access to debt markets, and increase the interest we pay on outstanding or future debt; and
•Conversion of our convertible note could result in significant dilution of our common stock, which could result in significant dilution to our existing stockholders and cause the market price of our common stock to decline.
There can be no assurance that we will be able to manage any of these risks successfully. In addition, we conduct a significant portion of our operations through our subsidiaries. Accordingly, repayment of our indebtedness will be dependent in part on the generation of cash flow by our subsidiaries and their ability to make such cash available to us by dividend, debt repayment, or otherwise, which may not always be possible. In the event that we do not receive distributions from our subsidiaries, we may be unable to make the required principal and interest payments on our indebtedness.
The elimination of LIBOR after June 2023 may affect our financial results.
All LIBOR tenors relevant to us will cease to be published or will no longer be representative after June 30, 2023. This means that any of our LIBOR-based borrowings that extend beyond June 30, 2023 will need to be converted to a replacement rate. In the U.S., the Alternative Reference Rates Committee, a committee of private sector entities convened by the Federal Reserve Board and the Federal Reserve Bank of New York, has recommended the Secured Overnight Financing Rate (SOFR) plus a recommended spread adjustment as LIBOR's replacement. There are significant differences between LIBOR and SOFR, such as LIBOR being an unsecured lending rate while SOFR is a secured lending rate, and SOFR is an overnight rate while LIBOR reflects term rates at different maturities. If our LIBOR-based borrowings are converted to SOFR, the differences between LIBOR and SOFR, plus the recommended spread adjustment, could result in interest costs that are higher than if LIBOR remained
available, which could have a material adverse effect on our operating results. Although SOFR is the ARRC's recommended replacement rate, it is also possible that lenders may instead choose alternative replacement rates that may differ from LIBOR in ways similar to SOFR or in other ways that would result in higher interest costs for us. It is not yet possible to predict the magnitude of LIBOR's end on our borrowing costs given the remaining uncertainty about which rates will replace LIBOR.
Our term loan and revolving credit facility agreement impose operating and financial restrictions on us.
Our term loan and revolving credit facility agreement contain covenants that limit our ability and the ability of our restricted subsidiaries to:
•Incur additional debt;
•Create liens on certain assets to secure debt;
•Enter into certain sale and leaseback transactions;
•Pay dividends on or make other distributions in respect of our capital stock or make other restricted payments; and
•Consolidate, merge, sell or otherwise dispose of all or substantially all of our assets.
All of these covenants may adversely affect our ability to finance our operations, meet or otherwise address our capital needs, pursue business opportunities, react to market conditions, or otherwise restrict activities or business plans. A breach of any of these covenants could result in a default in respect of the related indebtedness. If a default occurs, the relevant lenders could elect to declare the indebtedness, together with accrued interest and other fees, to be immediately due and payable and, to the extent such indebtedness is secured in the future, proceed against any collateral securing that indebtedness.
GENERAL RISKS
Fluctuations in our quarterly financial results have affected the trading price of our outstanding securities in the past and could affect the trading price of our outstanding securities in the future.
Our quarterly financial results have fluctuated in the past and are likely to vary in the future due to a number of factors, many of which are outside of our control. If our quarterly financial results or our predictions of future financial results fail to meet our expectations or the expectations of securities analysts and investors, the trading price of our outstanding securities could be negatively affected. Volatility in our quarterly financial results may make it more difficult for us to raise capital in the future or pursue acquisitions. Factors associated with our industry, the operation of our business, and the markets for our solutions may cause our quarterly financial results to fluctuate, including but not limited to:
•Fluctuations in demand for our solutions;
•Disruptions in our business operations or target markets caused by, among other things, terrorism or other intentional acts, outbreaks of disease, such as the COVID-19 pandemic, or earthquakes, floods, or other natural disasters;
•Entry of new competition into our markets;
•Our ability to achieve targeted operating income and margins and revenues;
•Competitive pricing pressure or free offerings that compete with one or more of our solutions;
•Our ability to timely complete the release of new or enhanced versions of our solutions;
•The amount and timing of commencement and termination of major marketing campaigns;
•The number, severity, and timing of threat outbreaks and cyber security incidents;
•Loss of customers or strategic partners;
•Changes in the mix or type of solutions and subscriptions sold and changes in consumer retention rates;
•The rate of adoption of new technologies and new releases of operating systems, and new business processes;
•Consumer confidence and spending changes;
•The impact of litigation, regulatory inquiries, or investigations;
•The impact of acquisitions and divestitures and our ability to achieve expected synergies or attendant cost savings;
•Fluctuations in foreign currency exchange rates and interest rates;
•The publication of unfavorable or inaccurate research reports about our business by cybersecurity industry analysts;
•The success of our corporate responsibility initiatives;
•Changes in tax laws, rules, and regulations; and
•Changes in consumer protection laws and regulations.
Any of the foregoing factors could cause the trading price of our outstanding securities to fluctuate significantly.
Changes to our effective tax rate could increase our income tax expense and reduce (increase) our net income (loss), cash flows and working capital.
Our effective tax rate could be adversely affected by several factors, many of which are outside of our control, including:
•Changes to the U.S. federal income tax laws, including the potential for federal tax law changes put forward by Congress and the Biden administration including potentially increased corporate tax rates, new minimum taxes and other changes to the way that our US tax liability has been calculated following the 2017 Tax Cuts and Jobs Act. Certain of these proposals could have significant retroactive adjustments adding cash tax payments/liabilities if adopted;
•Changes to other tax laws, regulations, and interpretations in multiple jurisdictions in which we operate, including actions resulting from the Organisation for Economic Co-operation and Development's (OECD) base erosion and profit shifting project including recent proposals for a global minimum tax rate, proposed actions by international bodies such as digital services taxation, as well as the requirements of certain tax rulings. In October 2021, the OECD/G20 inclusive framework on Base Erosion and Profit Shifting (the Inclusive Framework) published a statement updating and finalizing the key components of a two-pillar plan on global tax reform which has now been agreed upon by the majority of OECD members. Pillar One allows countries to reallocate a portion of residual profits earned by multinational enterprises (MNE), with an annual global turnover exceeding €20 billion and a profit margin over 10%, to other market jurisdictions. Pillar Two requires MNEs with an annual global turnover exceeding €750 million to pay a global minimum tax of 15%. Additional guidance is expected to be published in 2022. We will continue to monitor the implementation of the Inclusive Framework agreement by the countries in which we operate. We are unable to predict if and how these legislative changes will be enacted into law, and it is possible that they could have a material effect on our corporate tax liability and our global effective tax rate;
•Changes in the relative proportions of revenues and income before taxes in the various jurisdictions in which we operate that have differing statutory tax rates;
•The tax effects of significant infrequently occurring events that may cause fluctuations between reporting periods;
•Tax assessments, or any related tax interest or penalties, that could significantly affect our income tax expense for the period in which the settlements take place; and
•Taxes arising in connection to changes in our workforce, corporate entity structure or operations as they relate to tax incentives and tax rates.
From time to time, we receive notices that a tax authority in a particular jurisdiction believes that we owe a greater amount of tax than we have reported to such authority. We are regularly engaged in discussions and sometimes disputes with these tax authorities. If the ultimate determination of our taxes owed in any of these jurisdictions is for an amount in excess of the tax provision we have recorded or reserved for, our operating results, cash flows, and financial condition could be adversely affected.