2

---

3

---

4

---

5

---

6

---

7

---

•	our ability to attract and retain new customers;

 

•	our ability to sell additional products to current customers;

 

•	the ability of our service operation to keep pace with license sales to new and existing customers and to satisfy customer demands for consultancy and professional services;

 

•	the amount and timing of our operating costs;

 

•	a change in our mix of products and services;

 

•	the ability of our channel partners to accurately predict the timing and scope of significant sales;

 

•	increases or decreases in our expenses caused by fluctuations in foreign currency exchange rates or changes in taxes or other applicable regulations (See “—We are exposed to fluctuations in currency exchange rates, which could negatively affect our financial condition and results of operations”);

 

•	introduction of new accounting pronouncements or changes in our accounting policies or practices;

 

•	changes in the nature and methodology of cyber attacks and other threats to corporate data;

 

•	changes in customer or channel partner requirements or market needs;

 

•	changes in the growth rate of the information security market;

 

•	the timing and success of new product and service introductions by us or our competitors or any other change in the competitive landscape of the information security market, including consolidation among our customers or competitors;

 

•	changes in our pricing policies or those of our competitors;

 

•	general economic conditions in our markets;

 

•	a disruption in, or termination of, our relationship with channel partners;

 

•	our ability to successfully expand our business globally; and

 

•	reductions in maintenance and SaaS subscription renewal rates.

 

Any of these factors, individually or in the aggregate, may result in significant fluctuations in our financial and other operating results from period to period. These fluctuations could result in our failure to meet our operating plan or the expectations of investors or analysts for any given period. If we fail to meet such expectations for these or other reasons, the market price of our ordinary shares could decrease substantially, and we could face costly lawsuits, including securities class action suits, which could adversely affect our results of operations and business.

 

Our reputation and business could be harmed based on real or perceived shortcomings, defects or vulnerabilities in our solutions or the provision of our services, or due to the failure of our customers, channel partners, managed security service providers, or subcontractors to correctly implement, manage and maintain our solutions, resulting in lawsuits or financial losses.

 

Security products and solutions are complex in design and deployment, and may contain errors that are not capable of being remediated or detected until after their deployment. Any errors, defects, or misconfigurations could cause our products or services to be vulnerable to security attacks, cause them to fail to secure networks, and negatively impact customer operations. If we fail to identify and respond to new and increasingly complex methods of attack on privileged accounts and update our products to detect or prevent such threats effectively, which would require significant resources, our business and reputation will suffer. In particular, we may suffer significant adverse publicity and reputational harm if our solutions (or the services we provide in relation to our solutions) are associated, or are believed to be associated, with a significant breach or a breach at a high profile customer or managed service provider network, or in the event of a breach in third party systems utilized by us as part of our cloud-based security solution.

 

In addition, our Endpoint Privilege Manager product is made available to our customers both as on-premises software and as software as a service (SaaS). Providing SaaS involves storage and transmission of customers’ policies for management of their network and operational proprietary information related to their assets and users, security breaches or product defects in our SaaS solutions could result in loss or alteration of this data, unauthorized access to multiple customers’ data and ultimately lead to downtime or compromise of the customers’ systems on which our SaaS solution is installed. Further, the third party data hosting facilities used for the provision of our SaaS solutions are vulnerable to damages, interruptions or other unanticipated problems that could result in disruption in the provision of these solutions. Any disruptions or other performance problems with our SaaS solutions could harm our reputation and business, damage our customers’ businesses, subject us to potential liability and cause customers to terminate or not renew their subscriptions to our SaaS solutions.

 

False detection of threats (referred to as “false positives”), while typical in our industry, may reduce perception of the reliability of our products and may therefore adversely impact market acceptance of our products. If our solutions restrict legitimate privileged access by authorized personnel to IT systems and applications by falsely identifying those users as an attack or otherwise unauthorized, our customers’ businesses could be harmed. There can be no assurance that, despite our testing efforts, errors will not be found in existing and new versions of our products, resulting in loss of or delay in market acceptance. In such instances, we may be required, or may choose, for customer relations or other reasons, to expend additional resources in order to help correct such problem.

 

As our solutions not only reinforce but also rely on the common security concept of placing multiple layers of security controls throughout an IT system, the failure of our customers, channel partners, managed service providers or subcontractors to correctly implement and effectively manage and maintain our solutions (and the environments in which they are utilized), or to consistently implement and utilize generally accepted and comprehensive, multi-layered security measures and processes in the customer networks, may lessen the efficacy of our solutions. Additionally, our customers or our channel partners may independently develop plug-ins or change existing plug-ins or APIs that we provided to them for interfacing purposes in an incorrect or insecure manner. Such failure or these other customer and partner actions may lead to breaches of our customers’ IT systems and loss or alteration of sensitive data or systems, and potentially to a perception that our solutions failed. Further, our failure to provide our customers and channel partners with adequate services related to the use, implementation and maintenance of our solutions, could lead to claims against us.

 

An actual or perceived cyber attack, other security breach or theft of our customers’ data, regardless of whether the breach or theft is attributable to the failure of our products (or the services we provided in relation to our products), could adversely affect the market’s perception of the efficacy of our solutions and current or potential customers may look to our competitors for alternatives to our solutions. An actual or perceived failure of our products, or our failure to provide adequate services to our customers and channel partners, may also subject us to lawsuits, indemnity claims and financial losses, as well as the expenditure of significant financial resources to analyze, correct or eliminate any vulnerabilities. Although our license agreements typically contain provisions that limit our liabilities towards our customers, partners and relevant third parties, there is no assurance these provisions will withstand legal challenges, and certain liabilities may not be limited or capped. It could also cause us to suffer reputational harm, lose existing customers, or deter new and existing customers from purchasing our solutions, additional products or our services.

 

If we are unable to acquire new customers or sell additional products and services to our existing customers, our future revenues and operating results will be harmed.

 

Our success and continued growth depends, in part, on our ability to acquire a sufficient number of new customers. The number of customers that we add in a given period impacts both our short- and long-term revenues. Similarly, a significant portion of our revenues is generated from sales to existing customers. If we are unable to attract a sufficient number of new customers or fail to continue to sell new licenses and incremental licenses to our existing customers, we may be unable to generate revenue growth at desired rates.

 

The IT security market is competitive and many of our competitors have substantial financial, personnel, and other resources that they utilize to develop products and attract customers.

 

We devote significant efforts to developing, marketing and selling additional licenses and associated maintenance and support to existing customers and rely on these efforts for a portion of our revenues, and to a lesser extent, renewing SaaS or term based license agreements. These efforts require a significant investment in building and maintaining customer relationships, as well as significant research and development efforts in order to provide product upgrades and launch new products.

 

As we expand our market reach to gain new business, we may experience difficulties in gaining traction and raising awareness among potential customers regarding the critical role that our solutions play in securing medium-sized businesses and addressing the vulnerabilities associated with emerging types of accounts (such as our expansion into securing DevOps environments), and may face more competitive pressure in such markets. Even if we are successful in promoting the need for securing accounts in DevOps environments, potential customers may prefer to use the open source version of our Conjur solution which we released in 2017, instead of purchasing a license for the comprehensive DevOps security solution we offer and we may be unable to generate revenue growth at desired rates.

 

As a result, it may be difficult for us to add new customers to our customer base and to retain our existing customers. Competition in the marketplace may lead us to acquire fewer new customers or result in us providing discounts and other commercial incentives to new or existing customers.

 

Additional factors that impact our ability to acquire new customers or sell additional products and services to our existing customers include the perceived need for IT security, the size of our prospective and existing customers’ IT budgets, the utility and efficacy of our existing and new offerings, whether proven or perceived, changes in our pricing model that may impact the size of new business transactions, and general economic conditions. These factors may have a material negative impact on future revenues and operating results.

 

We face intense competition from a wide variety of IT security vendors operating in different market segments and across diverse IT environments, which may challenge our ability to maintain or improve our competitive position or to meet our planned growth rates.

 

The IT security market in which we operate is characterized by intense competition, constant innovation, rapid adoption of different technological solutions and services, and evolving security threats. We compete with a multitude of companies that offer a broad array of IT security products that employ different approaches and delivery models to address these evolving threats.

 

Our current and potential future competitors include CA, Inc., International Business Machines Corporation, One Identity LLC and Oracle Corporation in the access and identity management market. We also compete with smaller companies such as BeyondTrust, Inc., that may offer solutions at lower price points or with a more limited range of functionality than our own offerings, or with smaller companies that operate in specific market segments or in certain geographies Further, we may face competition due to changes in the manner that organizations utilize IT assets and the security solutions applied to them, such as the provision of privileged account security functionalities as part of public cloud providers’ infrastructure offerings, or cloud-based identity management solutions. We also may compete, to a certain extent, with vendors that offer products or services in adjacent or complementary markets to privileged account security. Limited IT budgets may also result in competition with providers of other advanced threat protection solutions such as McAfee, LLC, Palo Alto Networks, RSA Security LLC., and Symantec Corporation. Some of our competitors are large companies that have the technical and financial resources and broad customer bases needed to bring competitive solutions to the market and already have existing relationships as an established vendor for other product offerings. Such companies may use these advantages to offer products and services that are perceived to be as effective as ours at a lower price or for free as part of a larger product package or solely in consideration for maintenance and services fees, which could result in increased market pressure to offer our solutions and services at lower prices. They may also develop different products to compete with our current solutions and respond more quickly and effectively than we do to new or changing opportunities, technologies, standards or client requirements or enjoy stronger sales and service capabilities in certain regions.

 

Our competitors may enjoy potential competitive advantages over us, such as:

 

•	greater name recognition, a longer operating history and a larger customer base, notwithstanding the increased visibility of our brand in recent years since our initial public offering;

 

•	larger sales and marketing budgets and resources;

 

•	broader distribution and established relationships with channel partners, advisory firms and customers;

 

•	increased effectiveness in protecting, detecting and responding to cyber attacks.

 

•	greater or localized resources for customer support and provision of services;

 

•	greater speed at which a solution can be deployed;

 

•	greater resources to make acquisitions;

 

•	larger intellectual property portfolios; and

 

•	greater financial, technical and other resources

 

Our current and potential competitors may also establish cooperative relationships among themselves or with third parties that may further enhance their resources and capabilities. Current or potential competitors may be acquired by third parties with greater resources. As a result of such acquisitions, our current or potential competitors may be able to adapt more quickly to new technologies and customer needs, devote greater resources to the promotion or sale of their products and services, initiate or withstand substantial price competition, take advantage of other opportunities more readily or develop and expand their product and service offerings more quickly than we do. Larger competitors with more diverse product offerings may reduce the price of products that compete with ours in order to promote the sale of other products or may bundle them with other products, which would lead to increased pricing pressure on our products and could cause the average sales prices for our products to decline. Similarly, we may also face increased competition following an acquisition of new lines of business that compete with providers of such technologies.

 

In addition, other IT security technologies exist or could be developed in the future by current or future competitors, and our business could be materially and adversely affected if such technologies are widely adopted. We may not be able to successfully anticipate or adapt to changing technology or customer requirements on a timely basis, or at all. If we fail to keep up with technological changes or to convince our customers and potential customers of the value of our solutions even in light of new technologies, our business, results of operations and financial condition could be materially and adversely affected.

 

Our share price may be adversely affected if our investments in our business do not deliver anticipated growth and we are unable to increase our operating and net income margins.

We have experienced a decrease in our operating and net income margins in recent periods. From the year ended December 31, 2015 to the year ended December 31, 2017, our revenue grew from $160.8 million to $261.7 million, representing a compound annual growth rate of approximately 28%. Over the same period, we experienced declines in our operating and net income margins from 21% to 8% and from 16% to 6%, respectively. The primary driver of the decline in margins has been our investment in expanding our sales force and marketing activity relative to the growth we achieved. We are making significant investments in our business in order to drive future growth. For example, we expect to continue to expand our sales and marketing personnel significantly and face a number of challenges in achieving our hiring and integration goals. It takes time and resources to train and integrate new sales force members across our global operations. Costs associated with adding new personnel to our sales force are expensed before their positive impact on our sales is recognized, and even then a significant portion of any revenues that they generate from maintenance and services are deferred over the delivery period of those services. We have also spent increased amounts on research and development and general and administrative costs associated with scaling our business. Our share price may be adversely affected even if we generate future growth if we are unable to increase our operating and net margins at the same time or if the growth rate generated was less than anticipated causing the operating and net margins to still decline.

 

We may fail to fully integrate, or realize the benefits expected from acquisitions, which may require significant management attention, disrupt our business, dilute shareholder value and adversely affect our results of operations.

 

As part of our business strategy and in order to remain competitive, we continue to evaluate acquiring or making investments in complementary companies, products or technologies. We may not be able to find suitable acquisition candidates or complete such acquisitions on favorable terms. If we do complete acquisitions, we may not ultimately strengthen our competitive position or achieve our goals, and any acquisitions we complete could be viewed negatively by our customers, analysts and investors. In addition, if we are unsuccessful at integrating our acquisitions or the technologies associated with such acquisitions or fail to fully attain the expected benefits of these acquisitions, our revenues and results of operations could be adversely affected. Any integration process may require significant time and resources, and we may not be able to manage the process successfully and may experience a decline in our profitability as we incur expenses prior to fully realizing the benefits of the acquisition. We may not successfully evaluate or utilize the acquired technology or personnel, or accurately forecast the financial impact of an acquisition transaction, including accounting charges and tax liabilities. We could become subject to legal claims following the acquisition, or fail to accurately forecast the potential impact of any pre-existing claims. Further, the issuance of equity or debt to finance any such acquisitions could result in dilution to our shareholders and could subject us to covenants or other restrictions that would impede our ability to manage our operations. While we have experienced some of these types of issues in connection with past acquisitions, none of which has materially affected our operations or financial condition, we cannot guarantee that any such event will not have a material adverse impact on our business and results in the future.

 

 

We are subject to a number of risks, including regulatory risks, associated with global sales and operations, which could materially affect our business.

 

We are a global company subject to varied and complex laws, regulations and customs. The application of these laws and regulations to our business is often unclear and may at times conflict. Compliance with these laws and regulations may involve significant costs or require changes in our business practices that result in reduced revenue and profitability. Furthermore, business practices in the global markets that we serve may differ from those in the United States and may require us to include non-standard terms in customer contracts, such as extended payment or warranty terms. To the extent that we enter into customer contracts that include non-standard terms related to payment, warranties, or performance obligations, our results of operations may be adversely impacted.

 

Additionally, our global sales and operations are subject to a number of risks, including the following:

 

•

higher costs of doing business globally, including costs incurred in maintaining office space, securing adequate staffing and localizing our contracts;

 

•

fluctuations in exchange rates between the U.S. dollar and foreign currencies in markets where we do business (See “—We are exposed to fluctuations in currency exchange rates, which could negatively affect our financial condition and results of operations”);

 

•

Uncertainty of the economic, financial, regulatory, trade, tax and legal implications of the withdrawal of the U.K. from the E.U. (“Brexit”) and how this could affect our business, both globally and specifically in the region;

 

•

greater difficulty in enforcing contracts and managing collections, as well as longer collection periods;

 

•

compliance with anti-bribery laws, including, without limitation, compliance with the U.S. Foreign Corrupt Practices Act and the U.K. Anti-Bribery Act;

 

•

heightened risk of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of, or irregularities in, financial statements;

 

•

risks associated with trade restrictions and foreign legal requirements, including any importation, certification, and localization of our platform that may be required in foreign countries;

 

•

greater risk of unexpected changes in regulatory practices, tariffs, and tax laws and treaties (See “— Our business may be materially affected by changes to fiscal and tax policies. Potentially negative or unexpected tax consequences of these policies, or the uncertainty surrounding their potential effects, could adversely affect our results of operations and share price;

 

•

compliance with, and the uncertainty of, laws and regulations that apply to our areas of business, including corporate governance, anti-trust and competition, import and export control, employee and third-party complaints, conflicts of interest, securities regulations and other regulatory requirements affecting trade and investment;

 

•

reduced or uncertain protection of intellectual property rights in some countries;

 

•

social, economic and political instability, terrorist attacks and security concerns in general; and

 

•

management communication and integration problems resulting from cultural and geographic dispersion.

 

These and other factors could harm our ability to generate future global revenues and, consequently, materially impact our business, results of operations and financial condition. Non-compliance could also result in fines, damages, or criminal sanctions against us, our officers or our employees, prohibitions on the conduct of our business, and damage to our reputation.

 

If our internal IT network system is compromised by cyber attackers or other data thieves, or by a critical system failure, our reputation, financial condition and operating results could be materially adversely affected.

 

Our solution and product offerings will not gain market share unless the marketplace is confident that we provide effective IT security protection. As we provide privileged account security products, we may be an attractive target for cyber attackers or other data thieves since a breach of our system could provide data information regarding not only us, but potentially regarding the customers that our solutions protect. Further, we may be targeted by cyber terrorists because we are an Israeli company.

 

While, from time to time we encounter intrusion incidents and attempts, none of which to date has resulted in any material adverse impact to our business or operations, we cannot guarantee that any future attacks will not materially adversely affect our business or results of operations. In addition, as our market position continues to grow specifically in the security industry, an increasing number of cyber attackers may begin to focus on finding ways to penetrate our network systems, which might eventually affect our products and services. The risk of cyber attacks to our company may also result from breaches of our contractors, business partners, vendors and other third parties associated with us, or due to human errors of those acting on our behalf.

 

Separately, we may be subject to information technology system failures or network disruptions caused by natural disasters, accidents, power disruptions, telecommunications failures, acts of terrorism, security breaches, wars, computer viruses, or other events or disruptions. System redundancy and other continuity measures may be ineffective or inadequate, and our business continuity and disaster recovery planning may not be sufficient for all eventualities. These events could adversely affect our operation, reputation, financial condition and operating results.

 

In addition, we rely on hosted SaaS technologies from third parties in order to operate critical functions of our business, including customer relationship management and financial operation services (provided by our ERP system). If these services are breached or become unavailable due to extended outages or interruptions or because they are no longer available on commercially reasonable terms, our expenses could increase, our ability to manage our operations could be interrupted and our processes for managing sales of our products and services and supporting our customers could be impaired until equivalent services, if available, are identified, obtained and integrated; all of which could materially harm our business.

 

If we experience a significant technology incident, such as a serious product vulnerability, security breach or a failure of a system that is critical for the operations of our business, it could impair our ability to operate our business, including our ability to provide maintenance and support services to our customers. If this happens, our revenues could decline and our business could suffer, and we may need to make significant further investments to protect data and infrastructure. Because we are in the computer security industry, an actual or perceived vulnerability, failure, disruption, or breach of our network or privileged account security in our systems also could adversely affect the market perception of our products and services, or of our expertise in this field, as well as our perception among new and existing customers. Additionally, a significant security breach could subject us to potential liability, litigation and regulatory or other government action. If any of the foregoing were to occur, our business may suffer and our share price may be negatively impacted.

 

If we do not effectively expand, train and retain our sales and marketing personnel, we may be unable to acquire new customers or sell additional products and services to existing customers, and our business will suffer.

 

We depend significantly on our sales force to attract new customers and expand sales to existing customers. We generate approximately 40% of our revenues from direct sales. As a result, our ability to grow our revenues depends in part on our success in recruiting, training and retaining sufficient numbers of sales personnel to support our growth, particularly in the United States. The number of our sales and marketing personnel increased from 377 as of December 31, 2016 to 491 as of December 31, 2017. We expect to continue to expand our sales and marketing personnel significantly and face a number of challenges in achieving our hiring and integration goals. There is intense competition for individuals with sales training and experience. In addition, the training and integration of a large number of sales and marketing personnel in a short time requires the allocation of significant internal resources. We invest significant time and resources in training new sales force personnel to understand our solutions and growth strategy. Based on our past experience, it takes an average of approximately six to nine months before a new sales force member operates at target performance levels. However, we may be unable to achieve or maintain our target performance levels with large numbers of new sales personnel as quickly as we have done in the past. Our failure to hire a sufficient number of qualified sales force members and train them to operate at target performance levels may materially and adversely impact our projected growth rate.

 

We rely on channel partners to generate a significant portion of our revenue, market our solutions and provide necessary services to our customers. If we fail to maintain successful relationships with our channel partners, or if our channel partners fail to perform, our ability to market, sell and distribute our solutions will be limited, and our business, financial position and results of operations will be harmed.

 

In addition to our direct sales force, we rely on our channel partners to market, sell, support and implement our solutions, particularly in Europe and the Asia Pacific and Japan regions. We expect that sales through our channel partners will continue to account for a significant percentage of our revenue. In the year ended December 31, 2017, we generated approximately 60% of our revenues from sales to channel partners such as distributors, systems integrators, value-added resellers and managed security service providers, and we expect that channel partners will represent a substantial portion of our revenues for the foreseeable future. Further, we cooperate with advisory firms in marketing our solutions and providing implementation services to our customers, in both direct and indirect sales. Our agreements with channel partners are non-exclusive, meaning our partners may offer customers IT security products from other companies, including products that compete with our solutions. If our channel partners do not effectively market and sell our solutions, or choose to use greater efforts to market and sell their own products and services or the products and services of our competitors, our ability to grow our business will be adversely affected. Our channel partners may cease or deemphasize the marketing of our solutions with limited or no notice and with little or no penalty. Further, new channel partners require training and may take several months or more to achieve productivity. The loss of key channel partners, the inability to replace them or the failure to recruit additional channel partners could materially and adversely affect our results of operations. Our reliance on channel partners could also subject us to lawsuits or reputational harm if, for example, a channel partner misrepresents the functionality of our solutions to customers, fails to appropriately implement our solutions or violates applicable laws, and may further result in termination of such partner’s agreement and potentially curb future revenues associated with it. Our ability to grow revenues in the future will depend in part on our success in maintaining successful relationships with our channel partners and training our channel partners to independently sell and install our solutions. If we are unable to maintain our relationship with channel partners or otherwise develop and expand our indirect sales channel, or if our channel partners fail to perform, our business, financial position and results of operations could be adversely affected.

 

Failure by us or our channel partners to maintain sufficient levels of customer support could have a material adverse effect on our business, financial condition and results of operations.

 

Our customers depend, in large part, on customer support and professional services delivered through our channel partners or by us to implement and roll out our solutions, and resolve issues relating to their use. Even with our support and that of our channel partners, our customers are ultimately responsible for effectively using our solutions and ensuring that their IT staff and other relevant users are properly trained in the use of our products and complementary security products, methodologies and processes. Failure of our channel partners or ourselves to support and train our customers in the correct use of our solutions, or failure to effectively assist customers in installing our solutions and providing effective ongoing support, may result in an increase in the vulnerability of our customers’ IT systems and sensitive data. Additionally, if our channel partners do not effectively provide support and professional services to the satisfaction of our customers, we may be required to provide support to such customers, which would require us to invest in additional personnel and expend significant time and resources. We may not be able to keep up with demand for our services and support, particularly if the sales of our solutions exceed our internal forecasts. To the extent that we or our channel partners are unsuccessful in hiring, training and retaining adequate support resources, our ability and the ability of our channel partners to provide adequate and timely support and other services to our customers will be negatively impacted, and our customers’ satisfaction with us and our products may be adversely affected. Accordingly, our failure to provide satisfactory maintenance and technical support services, whether directly or through our partners, could have a material and adverse effect on our business and results of operations.

 

We are exposed to fluctuations in currency exchange rates, which could negatively affect our financial condition and results of operations.

 

Our functional and reporting currency is the U.S. dollar and we generate a majority of our revenues in U.S. dollars. In 2017, the majority of our revenues were denominated in U.S. dollars and the remainder primarily in euros and British pounds sterling. In 2017, the substantial majority of our cost of revenues and operating expenses were denominated in U.S. dollars and New Israeli Shekels (NIS) and the remainder primarily in euros and British pounds sterling. Our foreign currency-denominated expenses consist primarily of personnel, rent and other overhead costs. Since a significant portion of our expenses is incurred in NIS and is substantially greater than our revenues in NIS, any appreciation of the NIS relative to the U.S. dollar could materially adversely impact our net income. For example, during 2017, appreciation of NIS relative to the U.S. dollar affected our operating profit by approximately $4.0 million. In addition, since the portion of our revenues generated in euros and British pounds sterling is greater than our expenses incurred in euros and British pounds sterling, respectively, any depreciation of the euro or the British pounds sterling relative to the U.S. dollar would adversely impact our net income. While any such currency exchange rate fluctuations did not have a material impact on our financial condition in 2017, we cannot guarantee that we would not experience adverse impact from currency exchange rate fluctuations in the future. We estimate that a 10% strengthening or weakening in the value of the NIS against the U.S. dollar would have decreased or increased, respectively, our net income by approximately $5.0 million in 2017. We estimate that a 10% strengthening or weakening in the value of the euro against the U.S. dollar would have increased or decreased, respectively, our net income by approximately $2.1 million in 2017. We estimate that a 10% strengthening or weakening in the value of the British pounds sterling against the U.S. dollar would have increased or decreased, respectively, our net income by approximately $0.8 million in 2017. These estimates of the impact of fluctuations in currency exchange rates on our historic results of operations may be different from the impact of fluctuations in exchange rates on our future results of operations since the mix of currencies comprising our revenues and expenses may change. We evaluate periodically the various currencies to which we are exposed and take hedging measures to reduce the potential adverse impact from the appreciation or the depreciation of our non U.S. dollar-denominated operations, as appropriate. We expect that the majority of our revenues will continue to be generated in U.S. dollars with the balance primarily in euros and British pounds sterling for the foreseeable future and that a significant portion of our expenses will continue to be denominated in NIS, U.S. dollars, British pounds sterling and in euros. We cannot provide any assurances that our hedging activities will be successful in protecting us from adverse impacts from currency exchange rate fluctuations. See “Item 11—Quantitative and Qualitative Disclosures About Market Risk—Foreign Currency Risk.”

 

Our research and development efforts may not produce successful products or enhancements to our solutions that result in significant revenue or other benefits in the near future, if at all.

 

We expect to continue to dedicate significant financial and other resources to our research and development efforts in order to maintain our competitive position. For example, in 2017, we increased our dedicated research and development personnel by 22% compared to 2016. However, investing in research and development personnel, developing new products and enhancing existing products is expensive and time consuming, and there is no assurance that such activities will successfully anticipate market needs and result in significant new marketable products or enhancements to our products, design improvements, cost savings, revenues or other expected benefits. If we spend significant time and effort on research and development and are unable to generate an adequate return on our investment, we may not be able to compete effectively and our business and results of operations may be materially and adversely affected.

 

Our investment in product enhancements or new products could fail to attain sufficient market acceptance for many reasons, including:

 

•

delays in releasing product enhancements or new products;

 

•

failure to accurately predict market demand and to supply products that meet this demand in a timely fashion;

 

•

inability to interoperate effectively with the existing or newly introduced technologies, systems or applications of our existing and prospective customers;

 

•

defects in our products, errors or failures of our solutions to secure and protect privileged accounts against existing and new types of attacks;

 

•

negative publicity about the performance or effectiveness of our products;

 

•

introduction or anticipated introduction of competing products by our competitors;

 

•

installation, configuration or usage errors by our customers; and

 

•

easing or changing of regulatory requirements related to security.

 

If we fail to anticipate market requirements or fail to develop and introduce product enhancements or new products to meet those needs in a timely manner, it could cause us to lose existing customers and prevent us from gaining new customers, which would significantly harm our business, financial condition and results of operations.

 

If we are unable to hire, retain and motivate qualified personnel, our business will suffer.

 

Our future success depends, in part, on our ability to continue to attract and retain highly skilled personnel. Our inability to attract or retain qualified personnel or delays in hiring required personnel may seriously harm our business, financial condition and results of operations. Any of our employees may terminate their employment at any time. Competition for highly skilled personnel, specifically engineers for Research & Development positions, is often intense and results in increasing wages, especially in Israel, where we are headquartered, and where several large multinational corporations have entered the market. We may struggle to retain employees, and due to our profile and market position competitors actively seek to hire skilled personnel away from us. Furthermore, from time to time we have been subject to allegations that employees that have been hired from competitors may have been improperly solicited or divulged proprietary or other confidential information.

 

Our business may be materially affected by changes to fiscal and tax policies. Potentially negative or unexpected tax consequences of these policies, or the uncertainty surrounding their potential effects, could adversely affect our results of operations and share price.

As a multinational corporation, we are subject to income taxes, withholding taxes and indirect taxes in numerous jurisdictions worldwide. Significant judgment and management attention and resources are required in evaluating our tax positions and our worldwide provision for taxes. In the ordinary course of business, there are many activities and transactions for which the ultimate tax determination is uncertain. In addition, our tax obligations and effective tax rates could be adversely affected by changes in the relevant tax, accounting, and other laws, regulations, principles and interpretations. This may include recognizing tax losses or lower than anticipated earnings in jurisdictions where we have lower statutory rates and higher than anticipated earnings in jurisdictions where we have higher statutory rates, changes in foreign currency exchange rates, or changes in the valuation of our deferred tax assets and liabilities.

We may be audited in various jurisdictions, and such jurisdictions may assess additional taxes against us. If we experience unfavorable results from one or more such tax audits, there could be an adverse effect on our tax rate and therefore on our net income. Although we believe our tax estimates are reasonable, the final determination of any tax audits or litigation could be materially different from our historical tax provisions and accruals, which could have a material adverse effect on our operating results or cash flows in the period or periods for which a determination is made. Additionally, we are subject to transfer pricing rules and regulations, including those relating to the flow of funds between us and our affiliates, which are designed to ensure that appropriate levels of income are reported in each jurisdiction in which we operate.

The U.S. Tax Cuts and Jobs Act of 2017 (the “Act”), enacted in December 2017, introduced significant changes to the U.S. Internal Revenue Code. While it is still uncertain how these changes will affect us, certain of these changes could have a negative impact on our results of operations and business or the price of our ordinary shares. In addition,   the final impacts of the Act could be different from our expectations.

 

Intellectual property claims may increase our costs or require us to cease selling certain products, which could adversely affect our financial condition and results of operations.

 

The IT security industry is characterized by the existence of a large number of relevant patents and frequent claims and related litigation regarding patent and other intellectual property rights. Leading companies in the IT security industry have extensive patent portfolios. From time to time, third-parties have asserted and may assert their patent, copyright, trademark and other intellectual property rights against us, our channel partners or our customers. Furthermore, we may be subject to indemnification obligations with respect to third-party intellectual property rights pursuant to our agreements with our customers and channel partners. Such indemnification provisions are customary for our industry. Any claims of intellectual property infringement or misappropriation brought against us, our channel partners or customers, even those without merit, could be expensive and time-consuming to defend, and divert management’s attention. We cannot assure you that we will have the resources to defend against all such claims. Successful claims of infringement or misappropriation by a third-party against us or a third-party that we indemnify could prevent us from distributing certain products or performing certain services or could require us to pay substantial damages (including, for example, treble damages if we are found to have willfully infringed patents and increased statutory damages if we are found to have willfully infringed copyrights), royalties or other fees. Such claims also could require us to cease making, licensing or using solutions that are alleged to infringe or misappropriate the intellectual property of others, to expend additional development resources to attempt to redesign our products or services or otherwise to develop non-infringing technology, to enter into potentially unfavorable royalty or license agreements in order to obtain the right to use necessary technologies or intellectual property rights, and to indemnify our customers and partners (and parties associated with them). Even if third parties may offer a license to their technology, the terms of any offered license may not be acceptable, and the failure to obtain a license or the costs associated with any license could cause our business, results of operations or financial condition to be materially and adversely affected. Defending against claims of infringement or being deemed to be infringing the intellectual property rights of others could impair our ability to innovate, develop, distribute and sell our current and planned products and services. If we are unable to ensure that we are not violating the intellectual property rights of others, our financial position may be adversely affected.

 

If our products fail to help our customers achieve and maintain compliance with certain government regulations and industry standards, our business and results of operations could be materially and adversely affected.

 

We generate a substantial portion of our revenues from our products and services which enable our customers to achieve and maintain compliance with certain government regulations and industry standards, and we expect that to continue for the foreseeable future. This includes third party certifications where our solutions are being utilized by our customers as a control demonstrating compliance with specific elements of certain third party certification standards. These industry standards may change with little or no notice, including changes that could make them more or less onerous for businesses. In addition, governments may also adopt new laws or regulations, or make changes to existing laws or regulations, some of which may conflict with each other, that could impact whether our solutions enable our customers to maintain compliance with such laws or regulations. If we are unable to adapt our solutions to changing government regulations and industry standards in a timely manner, or if our solutions fail to expedite our customers’ compliance initiatives, our customers may lose confidence in our products and could switch to products offered by our competitors. In addition, if government regulations and industry standards related to IT security are changed in a manner that makes them less onerous, our customers may view compliance as less critical to their businesses, and our customers may be less willing to purchase our products and services. In either case, our sales and financial results would suffer.

 

Regulatory data privacy concerns, evolving regulations of cloud computing, cross-border data transfer restrictions and other domestic or foreign regulations may limit the use and adoption of, or require modification of, our products and services, which could limit our ability to attract new customers or support our current customers, thus reducing our revenues, harming our operating results and adversely affecting our business.

 

Regulation related to the provision of services on the Internet is increasing, as federal, state and foreign governments continue to adopt new laws and regulations addressing cybersecurity, privacy, data protection and the collection, processing, storage and use of personal information. Such laws and regulations, such as the 2016 E.U.-U.S. framework for data transfers known as Privacy Shield or the adoption and implementation of the E.U. General Data Protection Regulation (“GDPR”) which becomes effective in May 2018, are subject to new and differing interpretations and may be inconsistent among jurisdictions. Engineering efforts to build new capabilities to facilitate compliance with the law may entail substantial expense and the diversion of engineering resources from other projects. If we are unable to engineer products that meet our legal duties or help our customers meet their obligations under the GDPR or other data regulations, we might experience reduced demand for our products or services. Non-compliance with such existing or new regulations may result in substantial monetary penalties and compliance reviews by regulators may result in burdensome or inconsistent requirements affecting the location and management of our customer and internal employee data. Compliance may require changes in services, business practices, or internal systems resulting in increased costs, lower revenue, reduced efficiency, or greater difficulty in competing with foreign-based firms.

 

These and other regulatory requirements around the privacy or cross-border transfer of personal data could restrict our ability to store and process data as part of our SaaS solutions, or, in some cases, impact our ability to offer our SaaS products in certain jurisdictions. Such laws may also impact our customers’ ability to deploy certain of our solutions globally, to the extent they utilize our products for storing personal information that they store and process. In addition, in many cases these privacy laws apply not only to transfers of information to third parties, but also within an enterprise, including our company or our customers. The costs of compliance with, and other burdens imposed by, such laws, regulations and standards (regardless of whether there was any data breach) may require resources to create new products or modify existing products, lead to us being subject to significant fines, penalties or liabilities for noncompliance, and may slow the pace at which we close sales transactions, any of which could harm our business. Further, mandatory disclosures regarding a breach of certain information are costly to implement and may lead to widespread negative publicity, which may cause customers to lose confidence in the effectiveness of our data security measures and harm our reputation and business.

 

If our products do not effectively interoperate with our customers’ existing or future IT infrastructures, installations could be delayed or cancelled, which could harm our business.

 

Our products must effectively interoperate with our customers’ existing or future IT infrastructures, which often have different specifications, utilize multiple protocol standards, deploy products from multiple vendors and contain multiple generations of products that have been added over time. If we find errors in the existing software or defects in the hardware used in our customers’ infrastructure or problematic network configurations or settings, we may have to modify our software so that our products will interoperate with our customers’ infrastructure and business processes. In addition, to stay competitive within certain markets, we may be required to make software modifications in future releases to comply with new statutory or regulatory requirements. These issues could result in longer sales cycles for our products and order cancellations, either of which could adversely affect our business, results of operations and financial condition.

 

If we are unable to adequately protect our proprietary technology and intellectual property rights, our business could suffer substantial harm.

 

The success of our business depends on our ability to protect our proprietary technology, brands and other intellectual property and to enforce our rights in that intellectual property. We attempt to protect our intellectual property under patent, copyright, trademark and trade secret laws, and through a combination of confidentiality procedures, contractual provisions and other methods, all of which offer only limited protection.

 

As of December 31, 2017, we had 14 issued patents in the United States, 2 provisional U.S. patent applications and 26 pending U.S. patent applications. We also had 2 International PCT applications as well as 5 issued patents and 12 applications pending for examination in non-U.S. jurisdictions, all of which are counterparts of our U.S. patent applications. We expect to file additional patent applications in the future.

 

The process of obtaining patent protection is expensive and time-consuming, and we may not be able to prosecute all necessary or desirable patent applications at a reasonable cost or in a timely manner all the way through to the successful issuance of a patent. We may choose not to seek patent protection for certain innovations and may choose not to pursue patent protection in certain jurisdictions. Furthermore, it is possible that our patent applications may not issue as granted patents, that the scope of our issued patents will be insufficient or not have the coverage originally sought, that our issued patents will not provide us with any competitive advantages, and that our patents and other intellectual property rights may be challenged by others or invalidated through administrative processes or litigation. Finally, issuance of a patent does not guarantee that we have an absolute right to practice the patented invention. Our policy is to require our employees (and our consultants and service providers that develop intellectual property included in our products) to execute written agreements in which they assign to us their rights in potential inventions and other intellectual property created within the scope of their employment (or, with respect to consultants and service providers, their engagement to develop such intellectual property), but we cannot be certain that we have adequately protected our rights in every such agreement or that we have executed an agreement with every such party. Finally, in order to benefit from the protection of patents and other intellectual property rights, we must monitor and detect infringement and pursue infringement claims in certain circumstances in relevant jurisdictions, all of which are costly and time-consuming. As a result, we may not be able to obtain adequate protection or to effectively enforce our issued patents or other intellectual property rights.

 

In addition to patents, we rely on trade secret rights, copyrights and other rights to protect our unpatented proprietary intellectual property and technology. Despite our efforts to protect our proprietary technologies and our intellectual property rights, unauthorized parties, including our employees, consultants, service providers or customers, may attempt to copy aspects of our products or obtain and use our trade secrets or other confidential information. We generally enter into confidentiality agreements with our employees, consultants, service providers, vendors, channel partners, subcontractors and customers, and generally limit access to and distribution of our proprietary information and proprietary technology through certain procedural safeguards. These agreements may not effectively prevent unauthorized use or disclosure of our intellectual property or technology and may not provide an adequate remedy in the event of unauthorized use or disclosure of our intellectual property or technology. We cannot be certain that the steps taken by us will prevent misappropriation of our intellectual property or technology or infringement of our intellectual property rights. In addition, the laws of some foreign countries where we sell our products do not protect intellectual property rights and technology to the same extent as the laws of the United States, and these countries may not enforce these laws as diligently as government agencies and private parties in the United States. If we are unable to protect our intellectual property, we may find ourselves at a competitive disadvantage to others who need not incur the additional expense, time and effort required to create the innovative products that have enabled us to be successful to date.

 

Our use of open source software, third-party software and other intellectual property may expose us to risks.

 

We license and integrate certain open source software components from third parties into our software and we expect to continue to use open source software in the future. Some open source software licenses require users who distribute or make available as a service open source software as part of their own software product to publicly disclose all or part of the source code of the users’ developed software or to make available any derivative works of the open source code on unfavorable terms or at no cost. While we try to use the open source software in a manner consistent with the relevant license terms that would not require us to disclose our proprietary code or license our proprietary software at no cost, we cannot assure that our efforts will be successful. We may face claims by third parties seeking to enforce the license terms applicable to, such open source software, including by demanding the release of the open source software, derivative works or our proprietary source code that was developed using such software. In addition, if the license terms for the open source code change, we may be forced to re-engineer our software or incur additional costs.

 

Further, some of our products and services include other software or intellectual property licensed from third parties, and we also use software and other intellectual property licensed from third parties in our business. This exposes us to risks over which we may have little or no control. For example, a licensor may have difficulties keeping up with technological changes or may stop supporting the software or other intellectual property that it licenses to us. There can be no assurance that the licenses we use will be available on acceptable terms, if at all. In addition, a third party may assert that we or our customers are in breach of the terms of a license, which could, among other things, give such third party the right to terminate a license or seek damages from us, or both. Our inability to obtain or maintain certain licenses or other rights or to obtain or maintain such licenses or rights on favorable terms, or the need to engage in litigation regarding these matters, could result in delays in releases of new products, and could otherwise disrupt our business, until equivalent technology can be identified, licensed or developed.

 

Prolonged economic uncertainties or downturns in certain regions or industries could materially adversely affect our business.

 

Our business depends on our current and prospective customers’ ability and willingness to invest money in IT security, which in turn is dependent upon their overall economic health. Negative economic conditions in the global economy or certain regions such as U.S. or Europe, including conditions resulting from financial and credit market fluctuations, could cause a decrease in corporate spending on information security software. In 2017, we generated 56% of our revenues from the United States, 31% of our revenues from Europe, the Middle East and Africa and 13% from the rest of the world, which includes countries from Asia Pacific and Japan region, Latin America region and Canada.

 

In addition, a significant portion of our revenues is generated from customers in the financial services industry, including banking and insurance. Negative economic conditions may cause customers generally and in that industry in particular to reduce their IT spending. Customers may delay or cancel IT projects, choose to focus on in-house development efforts or seek to lower their costs by renegotiating maintenance and support agreements. To the extent purchases of licenses for our software are perceived by customers and potential customers to be discretionary, our revenues may be disproportionately affected by delays or reductions in general IT spending. If the economic conditions of the general economy or industries in which we operate worsen from present levels, our results of operation could be adversely affected.

We rely significantly on revenues from maintenance and support contracts, which we recognize ratably over the term of the associated contract and, to a lesser extent, from professional services contracts, which we recognize as services are performed, and any downturns in sales of these contracts would not be immediately reflected in full in our quarterly operating results.

 

Maintenance and support and professional services revenues accounted for 44% of our total revenues in 2017. Sales of maintenance and support and professional services may decline or fluctuate as a result of a number of factors, including the number of product licenses we sell, our customers’ level of satisfaction with our products and services, the prices of our products and services, the prices of products and services offered by our competitors or reductions in our customers’ spending levels. If our sales of maintenance and support and professional services contracts decline, our revenues or revenue growth may decline and our business will suffer. We recognize revenues from maintenance and support contracts ratably on a straight-line basis over the term of the related contract which is typically one year and, to a lesser extent, three years, and from professional services as services are performed. As a result, a meaningful portion of the revenues we report each quarter results from the recognition of deferred revenues from maintenance and support and professional services contracts entered into during previous quarters. Consequently, a decline in the number or size of such contracts in any one quarter will not be fully reflected in revenues in that quarter, but will negatively affect our revenues in future quarters. Accordingly, the effect of significant downturns in maintenance and support and professional services contracts would not be reflected in full in our results of operations until future periods.

A portion of our revenues is generated by sales to government entities, which are subject to a number of challenges and risks, such as increased competitive pressures, administrative delays and additional approval requirements.

 

A portion of our revenues is generated by sales to U.S. and foreign federal, state and local governmental agency customers, and we may in the future increase sales to government entities. Selling to government entities can be highly competitive, expensive and time consuming, often requiring significant upfront time and expense without any assurance that we will complete a sale or imposing terms of sale which are less favorable than the prevailing market terms. Government demand and payment for our products and services may be impacted by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our products. Additionally, for purchases by the U.S. government, the government may require certain products to be manufactured in the United States and other high cost manufacturing locations, and we may not manufacture all products in locations that meet the requirements of the U.S. government. Finally, some government entities require our products to be certified by industry-approved security agencies as a pre-condition of purchasing our products. The grant of such certifications depends on the then-current requirements of the certifying agency. We cannot be certain that any certificate will be granted or renewed or that we will be able to satisfying the technological and other requirements to maintain certifications. The loss of any of our product certificates, or the failure to obtain new ones, could cause us to suffer reputational harm, lose existing customers, or deter new and existing customers from purchasing our solutions, additional products or our services.

We are subject to governmental export and import controls that could subject us to liability in the event of non-compliance or impair our ability to compete in international markets.

 

We incorporate encryption capabilities into certain products and these products are subject to U.S. export control requirements. We are also subject to Israeli export controls on encryption technology since our product development initiatives are primarily conducted in Israel. If the applicable U.S. or Israeli requirements regarding the export of encryption technology were to change or if we change the encryption functionality in our products, we may need to satisfy additional requirements or obtain specific permissions (licenses) in the United States or Israel in order to continue to export our products to the same range of customers and countries as we presently do. There can be no assurance that we will be able to satisfy such additional requirements or obtain specific licenses under these circumstances in either the United States or Israel. Furthermore, various other countries regulate the import of certain encryption products and technology, including import permitting and licensing requirements, and have enacted laws that could limit our ability to distribute our products or could limit our customers’ ability to implement our products in those countries.

 

We are also subject to U.S., Israeli and other applicable export control and economic sanctions laws, which prohibit the export or sale of certain products or services to embargoed or sanctioned countries, governments and persons. Our products could be exported to these sanctioned targets by our channel partners or sold directly by us to such targets despite our due diligence and, in the case of sanctionable activities by our channel partners, the contractual undertakings they have given us, and any such export could have negative consequences, including government investigations, penalties and reputational harm. Any change in export or import regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential customers with international operations. Any decreased use of our products or limitation on our ability to export or sell our products and services would likely adversely affect our business, financial condition and results of operations.

 

In addition, in the future we may be subject to defense-related export controls. For example, currently our solutions are not subject to supervision under the Israeli Defense Export Control Law, 5767-2007, but if they were used for purposes that are classified as defense-related or if they fall under “dual-use goods and technology” as referred to below, we could become subject to such regulation. In particular, under the Israeli Defense Export Control Law, 5767-2007, an Israeli company may not conduct “defense marketing activity” without a defense marketing license from the Israeli Ministry of Defense (MOD) and may be subject to a requirement to obtain a specific license from the MOD for any export of defense related products and/or knowhow. The definition of defense marketing activity is broad and includes any marketing of “defense equipment,” “defense knowhow” or “defense services” outside of Israel, which includes “dual-use goods and technology” (material and equipment intended in principle for civilian use and that can also be used for defensive purposes, such as our cybersecurity solutions) that is specified in the list of Goods and Dual-Use Technology annexed to the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies, if intended for defense use only, or is specified under Israeli legislation. “Dual-use goods and technology” will be subject to control by the Ministry of Economy if intended for civilian use only. In December 2013, regulations under the Wassenaar Arrangement included for the first time a chapter on cyber-related matters, which chapter was last amended in December 2017. We believe that our products do not fall under this chapter; however, in the future we may become subject to this regulation or similar regulations, which would limit our sales and marketing activities and could therefore have an adverse effect on our results of operations. Similar issues could arise under the U.S. defense/military export controls under the Arms Export Control Act and the International Traffic in Arms Regulations. Accordingly, there can be no assurance whether our solutions would be impacted by any potential new regulations pertaining to cybersecurity products and services similar to those provided by us, and what impact potential new regulations would have on our sales or our costs relating to compliance.

 

Risks Related to Our Ordinary Shares

 

Our share price may be volatile, and you may lose all or part of your investment.

 

Since our initial public offering in September 2014, our ordinary shares have traded on the Nasdaq Global Select Market as high as $76.35 per share and as low as $22.12 per share through February 28, 2018. In addition, the market price of our ordinary shares could be highly volatile and may fluctuate substantially as a result of many factors, some of which are beyond our control, including, but not limited to:

 

•

actual or anticipated fluctuations in our results of operations and the results of other similar companies;

 

•

variance in our financial performance from the expectations of market analysts;

 

•

announcements by us or our competitors of significant business developments, changes in service provider relationships, acquisitions or expansion plans;

 

•

changes in the prices of our products and services or in our pricing models;

 

•

our involvement in litigation;

 

•

our sale of ordinary shares or other securities in the future;

 

•

market conditions in our industry;

 

•

changes in key personnel;

 

•

speculation in the press or the investment community;

 

•

the trading volume of our ordinary shares;

 

•

changes in the estimation of the future size and growth rate of our markets;

 

•

any merger and acquisition activities; and

 

•

general economic and market conditions.

 

In addition, the stock markets have experienced price and volume fluctuations. Broad market and industry factors may materially harm the market price of our ordinary shares, regardless of our operating performance. In the past, following periods of volatility in the market price of a company’s securities, securities class action litigation has often been instituted against that company. If we were involved in any similar litigation we could incur substantial costs and our management’s attention and resources could be diverted, which could materially adversely affect our business.

 

If securities or industry analysts cease to publish research or publish inaccurate or unfavorable research reports about our business, our share price and trading volume could decline.

 

The trading price for our ordinary shares is affected by any research or reports that securities or industry analysts publish about us or our business. If one or more of the analysts who cover us or our business publish inaccurate or unfavorable research reports about us or our business, and in particular, if they downgrade their evaluations of our ordinary shares, the price of our ordinary shares would likely decline. If one or more of these analysts cease coverage of our company, we could lose visibility in the market for our ordinary shares, which in turn could cause our share price to decline.

 

As a foreign private issuer whose shares are listed on the NASDAQ Stock Market, or NASDAQ, we may follow certain home country corporate governance practices instead of otherwise applicable SEC and NASDAQ requirements, which may result in less protection than is accorded to investors under rules applicable to domestic U.S. issuers.

 

As a foreign private issuer whose shares are listed on the NASDAQ Global Select Market, we are permitted to follow certain home country corporate governance practices instead of certain rules of NASDAQ. We currently follow Israeli home country practices with regard to the quorum requirement for shareholder meetings and NASDAQ requirements relating to distribution of our annual report to shareholders. As permitted under the Israeli Companies Law, 5759-1999, or the Companies Law, our articles of association provide that the quorum for any meeting of shareholders shall be the presence of at least two shareholders present in person or by proxy who hold at least 25% of the voting power of our shares instead of 33 1/3% of our issued share capital (as prescribed by NASDAQ’s rules). Further, as permitted by the Companies Law and in accordance with the generally accepted business practice in Israel, we do not distribute our annual report to shareholders but make it available through our public website. We may in the future elect to follow Israeli home country practices with regard to other matters such as director nomination procedures, separate executive sessions of independent directors and the requirement to obtain shareholder approval for certain dilutive events (such as for the establishment or amendment of certain equity-based compensation plans, issuances that will result in a change of control of the company, certain transactions other than a public offering involving issuances of a 20% or more interest in the company and certain acquisitions of the stock or assets of another company). Accordingly, our shareholders may not be afforded the same protection as provided under NASDAQ corporate governance rules. Following our home country governance practices as opposed to the requirements that would otherwise apply to a United States company listed on NASDAQ may provide less protection than is accorded to shareholders of domestic issuers. See “Item16.G. Corporate Governance.”

Our business could be negatively affected as a result of the actions of activist shareholders, and such activism could impact the trading value of our securities.

In recent years, U.S. and non-U.S. companies listed on securities exchanges in the United States have been faced with governance-related demands from activist shareholders, unsolicited tender offers and proxy contests. Although as a foreign private issuer we are not subject to U.S. proxy rules, responding to any action of this type by activist shareholders could be costly and time-consuming, disrupting our operations and diverting the attention of management and our employees. Such activities could interfere with our ability to execute our strategic plans. In addition, a proxy contest for the election of directors at our annual meeting would require us to incur significant legal fees and proxy solicitation expenses and require significant time and attention by management and our board of directors. The perceived uncertainties due to such actions of activist shareholders also could affect the market price of our securities.

 

As a foreign private issuer we are not subject to the provisions of Regulation FD or U.S. proxy rules and are exempt from filing certain Exchange Act reports.

 

As a foreign private issuer, we are exempt from a number of requirements under U.S. securities laws that apply to public companies that are not foreign private issuers. In particular, we are exempt from the rules and regulations under the Exchange Act related to the furnishing and content of proxy statements, and our officers, directors and principal shareholders are exempt from the reporting and short-swing profit recovery provisions contained in Section 16 of the Exchange Act. In addition, we are not required under the Exchange Act to file annual and current reports and financial statements with the SEC as frequently or as promptly as U.S. domestic companies whose securities are registered under the Exchange Act and we are generally exempt from filing quarterly reports with the SEC under the Exchange Act. We are also exempt from the provisions of Regulation FD, which prohibits issuers from making selective disclosure of material nonpublic information to, among others, broker-dealers and holders of a company’s securities under circumstances in which it is reasonably foreseeable that the holder will trade in the company’s securities on the basis of the information. Even though we intend to comply voluntarily with Regulation FD, these exemptions and leniencies will reduce the frequency and scope of information and protections to which you are entitled as an investor. For so long as we qualify as a foreign private issuer, we are not required to comply with the proxy rules applicable to U.S. domestic companies, although pursuant to the Companies Law, we disclose the annual compensation of our five most highly compensated office holders (as defined under the Companies Law) on an individual basis, including in this annual report.

 

Since a majority of our voting securities are either directly or indirectly owned of record by residents of the United States, we would lose our foreign private issuer status if any of the following were to occur: (i) the majority of our executive officers or directors were United States citizens or residents, (ii) more than 50 percent of our assets were located in the United States, or (iii) our business was administered principally in the United States. Although we have elected to comply with certain U.S. regulatory provisions, our loss of foreign private issuer status would make such provisions mandatory. The regulatory and compliance costs to us under U.S. securities laws as a U.S. domestic issuer may be significantly higher. We may also be required to modify certain of our policies to comply with good governance practices associated with U.S. domestic issuers. Such conversion and modifications will involve additional costs. In addition, we would lose our ability to rely on the Nasdaq exemptions from certain corporate governance requirements that are available to foreign private issuers.

 

If we sell our ordinary shares in future financings, ordinary shareholders could experience immediate dilution and, as a result, the market price of our ordinary shares may decline.

 

We may from time to time issue additional ordinary shares at a discount from the current trading price of our ordinary shares. As a result, our ordinary shareholders would experience immediate dilution upon the purchase of any ordinary shares sold at such discount. In addition, as opportunities present themselves, we may enter into equity or debt financings or similar arrangements in the future, including the issuance of convertible debt securities, preferred shares or ordinary shares. If we issue ordinary shares or securities convertible into ordinary shares, holders of our ordinary shares could experience dilution.

 

If we are unable to satisfy the requirements of Sections 404(a) and 404(b) of the Sarbanes-Oxley Act of 2002, or the Sarbanes-Oxley Act, or if our internal control over financial reporting is not effective, investors may lose confidence in the accuracy and the completeness of our financial reports   and the trading price of our ordinary shares may be negatively affected.

 

Pursuant to Section 404(a) of the Sarbanes-Oxley Act, we are required to furnish a report by management on the effectiveness of our internal control over financial reporting. Additionally, pursuant to Section 404(b) of the Sarbanes-Oxley Act, we must include an auditor attestation on our internal control over financial reporting.

 

To maintain the effectiveness of our disclosure controls and procedures and our internal control over financial reporting, we expect that we will need to continue enhancing existing, and implement new, financial reporting and management systems, procedures and controls to manage our business effectively and support our growth in the future. The process of evaluating our internal control over financial reporting requires an investment of substantial time and resources, including by our Chief Financial Officer and other members of our senior management. As a result, this process may divert internal resources and take a significant amount of time and effort to complete. Additionally, as part of management assessments of the effectiveness of our internal control over financial reporting required by Section 404(a), our management may conclude that our internal control over financial reporting is not effective due to our failure to cure any identified material weakness or otherwise, which would require us to employ remedial actions to implement effective controls. If we identify material weaknesses in our internal control over financial reporting, if we are unable to comply with the requirements of Section 404(a) or 404(b) in a timely manner or to assert that our internal control over financial reporting is effective, or if our independent registered public accounting firm is unable to express an opinion or issues an adverse opinion in its attestation as to the effectiveness of our internal control over financial reporting required by Section 404(b), investors may lose confidence in the accuracy and completeness of our financial reports and the trading price of our ordinary shares could be negatively affected. We could also become subject to investigations by Nasdaq, the SEC or other regulatory authorities, which could require additional financial and management resources.

 

Irrespective of compliance with Sections 404(a) and 404(b), any failure of our internal control could have a material adverse effect on our stated results of operations and harm our reputation. In order to implement changes to our internal control over financial reporting triggered by a failure of those controls, we could experience higher than anticipated operating expenses, as well as higher independent auditor fees during and after the implementation of these changes.

 

As a public company we may become subject to further compliance obligations, which may strain our resources and divert management’s attention.

 

Changing laws, regulations and standards in the United States relating to corporate governance and public disclosure and other matters may be implemented in the future, which may increase our legal and financial compliance costs, make some activities more time consuming and divert management’s time and attention from revenue-generating activities to compliance activities. If our efforts to comply with new laws, regulations and standards differ from the activities intended by regulatory or governing bodies due to ambiguities related to practice, regulatory authorities may initiate legal proceedings against us and our business may be harmed. Being a publicly traded company in the United States and being subject to U.S. rules and regulations may make it more expensive for us to obtain director and officer liability insurance, and we may be required to accept reduced coverage or incur substantially higher costs to obtain coverage. These factors could also make it more difficult for us to attract and retain qualified members of our board of directors, particularly to serve on our audit committee, and qualified executive officers.

 

Our U.S. shareholders may suffer adverse tax consequences if we are classified as a passive foreign investment company or as a “controlled foreign corporation”.

 

Generally, if for any taxable year 75% or more of our gross income is passive income, or at least 50% of the average quarterly value of our assets (which may be measured in part by the market value of our ordinary shares, which is subject to change) are held for the production of, or produce, passive income, we would be characterized as a passive foreign investment company, or PFIC, for U.S. federal income tax purposes under the Internal Revenue Code of 1986, as amended, or the Code. Based on our gross income and gross assets, and the nature of our business, we believe that we were not classified as a PFIC for the taxable year ended December 31, 2017. Because PFIC status is determined annually based on our income, assets and activities for the entire taxable year, it is not possible to determine whether we will be characterized as a PFIC for the taxable year ending December 31, 2018, or for any subsequent year, until we finalize our financial statements for that year. Furthermore, because the value of our gross assets is likely to be determined in large part by reference to our market capitalization, a decline in the value of our ordinary shares may result in our becoming a PFIC. Accordingly, there can be no assurance that we will not be considered a PFIC for any taxable year. Our characterization as a PFIC could result in material adverse tax consequences for you if you are a U.S. investor, including having gains realized on the sale of our ordinary shares treated as ordinary income, rather than a capital gain, the loss of the preferential rate applicable to dividends received on our ordinary shares by individuals who are U.S. holders, and having interest charges apply to distributions by us and the proceeds of share sales. Certain elections exist that may alleviate some of the adverse consequences of PFIC status and would result in an alternative treatment (such as mark-to-market treatment) of our ordinary shares. Prospective U.S. investors should consult their own tax advisers regarding the potential application of the PFIC rules to them. Prospective U.S. investors should refer to “Item 10.E. Taxation—Certain United States Federal Income Tax Consequences” for discussion of additional U.S. income tax considerations applicable to them based on our treatment as a PFIC.

 

Certain U.S. holders of our ordinary shares may suffer adverse tax consequences if we or any of our non-U.S. subsidiaries are characterized as a “controlled foreign corporation”, or a CFC, under Section 957(a) of the Code. Certain changes to the CFC constructive ownership rules under Section 958(b) of the Code introduced by the TCJA may cause one or more of our non-U.S. subsidiaries to be treated as CFCs, may also impact our CFC status, and may affect holders of our ordinary shares that are United States shareholders. Generally, for U.S. shareholders that own 10% or more of the combined vote or combined value of our ordinary shares, this may result in negative U.S. federal income tax consequences and these shareholders may be subject to certain reporting requirements with the U.S. Internal Revenue Service. Any such 10% U.S. shareholder should consult its own tax advisors regarding the U.S. tax consequences of acquiring, owning, or disposing our ordinary shares and the impact of the TCJA, especially the changes to the rules relating to CFCs.

 

Risks Relating to Our Incorporation and Location in Israel

 

Our headquarters, substantially all of research and development activities and other significant operations are located in Israel and, therefore, our results may be adversely affected by political, economic and military instability in Israel.

 

Our headquarters and principal research and development facilities are located in Israel. In addition, the majority of our key employees, officers and directors are residents of Israel. Accordingly, political, economic and military conditions in Israel may directly affect our business. Since the establishment of the State of Israel in 1948, a number of armed conflicts have taken place between Israel and its neighboring countries. In recent years, these have included hostilities between Israel and Hezbollah in Lebanon and Hamas in the Gaza strip, both of which resulted in rockets being fired into Israel causing casualties and disruption of economic activities. In addition, Israel faces threats from more distant neighbors, including, in particular, Iran. Our commercial insurance does not cover losses that may occur as a result of an event associated with the security situation in the Middle East. Although the Israeli government is currently committed to covering the reinstatement value of direct damages that are caused by terrorist attacks or acts of war, we cannot assure you that this government coverage will be maintained, or if maintained, will be sufficient to compensate us fully for damages incurred. Any losses or damages incurred by us could have a material adverse effect on our business. Any armed conflict involving Israel could adversely affect our operations and results of operations.

 

Further, our operations could be disrupted by the obligations of personnel to perform military service. As of December 31, 2017, we had 378 employees based in Israel, certain of which may be called upon to perform up to 54 days in each three year period (and in the case of non-officer commanders or officers, up to 70 or 84 days, respectively, in each three year period) of military reserve duty until they reach the age of 40 (and in some cases, depending on their specific military profession up to 45 or even 49 years of age) and, in certain emergency circumstances, may be called to immediate and unlimited active duty. Our operations could be disrupted by the absence of a significant number of employees related to military service, which could materially adversely affect our business and results of operations.

 

Several countries, principally in the Middle East, restrict doing business with Israel and Israeli companies, and additional countries may impose restrictions on doing business with Israel and Israeli companies whether as a result of hostilities in the region or otherwise. In addition, there have been increased efforts by activists to cause companies and consumers to boycott Israeli goods based on Israeli government policies. Such actions, particularly if they become more widespread, may adversely impact our ability to sell our products. Any hostilities involving Israel or any interruption or curtailment of trade between Israel and its present trading partners, or a significant downturn in the economic or financial condition of Israel, could adversely affect our business, financial condition and results of operations. We may also be targeted by cyber terrorists specifically because we are an Israeli company.

 

The tax benefits that are available to us require us to continue to meet various conditions and may be terminated or reduced in the future, which could increase our costs and taxes.

 

We were granted Approved Enterprise status under the Israeli Law for the Encouragement of Capital Investments, 5719-1959, or the Investment Law. We elected the alternative benefits program, pursuant to which income derived from the Approved Enterprise program is tax-exempt for two years and enjoys a reduced tax rate of 10.0% to 25.0% for up to a total of eight years, subject to an adjustment based on the percentage of foreign investors’ ownership. We were also eligible for certain tax benefits provided to Benefited Enterprises under the Investment Law. In March 2013, we notified the Israel Tax Authority that we apply the new tax Preferred Enterprise regime under the Investment Law instead of our Approved Enterprise and Benefited Enterprise. Accordingly, we are eligible for certain tax benefits provided to Preferred Enterprises under the Investment Law. If we do not meet the conditions stipulated in the Investment Law and the regulations promulgated thereunder, as amended, for the Preferred Enterprise, any of the associated tax benefits may be canceled and we would be required to repay the amount of such benefits, in whole or in part, including interest and CPI linkage (or other monetary penalties). Further, in the future these tax benefits may be reduced or discontinued. If these tax benefits are reduced, cancelled or discontinued, our Israeli taxable income would be subject to regular Israeli corporate tax rates which would harm our financial condition and results of operation. Additionally, if we increase our activities outside of Israel through acquisitions, for example, our expanded activities might not be eligible for inclusion in future Israeli tax benefit programs. See “Item 5. Operating and Financial Review and Prospects—Operating Results—Israeli Tax Considerations and Government Programs—Law for the Encouragement of Capital Investments, 5719-1959.”  

 

We may become subject to claims for remuneration or royalties for assigned service invention rights by our employees.

 

We enter into assignment-of-invention agreements with our employees pursuant to which such individuals agree to assign to us all rights to any inventions created in the scope of their employment or engagement with us. A significant portion of our intellectual property has been developed by our employees during the course of their employment by us. Under the Israeli Patent Law, 5727-1967, inventions conceived by an employee during the scope of his or her employment with a company are regarded as “service inventions” which belong to the employer, absent a specific agreement between the employee and employer giving the employee service invention rights. Although our employees have agreed to assign to us service invention rights, as a result of uncertainty under Israeli law with respect to service invention rights and the efficacy of related waivers, including with respect to remuneration and its extent, we may face claims demanding remuneration in consideration for assigned inventions. As a consequence of such claims, we could be required to pay additional remuneration or royalties to our current and/or former employees, or be forced to litigate such claims, which could negatively affect our business.

 

Provisions of Israeli law and our articles of association may delay, prevent or otherwise impede a merger with or an acquisition of us, even when the terms of such a transaction are favorable to us and our shareholders.

 

Our articles of association contain certain provisions that may delay or prevent a change of control. These provisions include that our directors (other than external directors, if applicable) are elected on a staggered basis, and therefore a potential acquirer cannot readily replace our entire board of directors at a single annual general shareholder meeting. In addition, Israeli corporate law regulates acquisitions of shares through tender offers and mergers, requires special approvals for transactions involving directors, officers or significant shareholders and regulates other matters that may be relevant to such types of transactions. See “Item 10.B. Articles of Association—Acquisitions under Israeli Law” for additional information.

 

Furthermore, Israeli tax considerations may make potential transactions unappealing to us or to our shareholders whose country of residence does not have a tax treaty with Israel exempting such shareholders from Israeli tax. For example, Israeli tax law does not recognize tax-free share exchanges to the same extent as U.S. tax law. With respect to mergers involving an exchange of shares, Israeli tax law allows for tax deferral in certain circumstances but makes the deferral contingent on the fulfillment of a number of conditions, including, in some cases, a holding period of two years from the date of the transaction during which sales and dispositions of shares of the participating companies are subject to certain restrictions. Moreover, with respect to certain share swap transactions, the tax deferral is limited in time, and when such time expires, the tax becomes payable even if no disposition of the shares has occurred. These provisions of Israeli law and our articles of association could have the effect of delaying or preventing a change in control in us and may make it more difficult for a third-party to acquire us, even if doing so would be beneficial to our shareholders, and may limit the price that investors may be willing to pay in the future for our ordinary shares.

 

It may be difficult to enforce a judgment of a U.S. court against us, our officers and directors or the Israeli auditors named in this annual report in Israel or the United States, to assert U.S. securities laws claims in Israel or to serve process on our officers and directors and these auditors.

 

We are incorporated in Israel. The majority of our directors and executive officers, and the Israeli auditors listed in this annual report reside outside of the United States, and most of our assets and most of the assets of these persons are located outside of the United States. Therefore, a judgment obtained against us, or any of these persons, including a judgment based on the civil liability provisions of the U.S. federal securities laws, may not be collectible in the United States and may not be enforced by an Israeli court. It also may be difficult for you to effect service of process on these persons in the United States or to assert U.S. securities law claims in original actions instituted in Israel. Israeli courts may refuse to hear a claim based on an alleged violation of U.S. securities laws reasoning that Israel is not the most appropriate forum in which to bring such a claim. In addition, even if an Israeli court agrees to hear a claim, it may determine that Israeli law and not U.S. law is applicable to the claim. If U.S. law is found to be applicable, the content of applicable U.S. law must be proven as a fact by expert witnesses, which can be a time consuming and costly process. Certain matters of procedure will also be governed by Israeli law. There is little binding case law in Israel that addresses the matters described above. As a result of the difficulty associated with enforcing a judgment against us in Israel, you may not be able to collect any damages awarded by either a U.S. or foreign court.

 

Your rights and responsibilities as a shareholder are, and will continue to be, governed by Israeli law which differs in some material respects from the rights and responsibilities of shareholders of U.S. companies.

 

The rights and responsibilities of the holders of our ordinary shares are governed by our articles of association and by Israeli law. These rights and responsibilities differ in some material respects from the rights and responsibilities of shareholders in U.S.-based corporations. In particular, a shareholder of an Israeli company has a duty to act in good faith and in a customary manner in exercising its rights and performing its obligations towards the company and other shareholders, and to refrain from abusing its power in the company, including, among other things, in voting at a general meeting of shareholders on matters such as amendments to a company’s articles of association, increases in a company’s authorized share capital, mergers and acquisitions and related party transactions requiring shareholder approval. In addition, shareholders have a general duty to refrain from discriminating against other shareholders and a shareholder who is aware that it possesses the power to determine the outcome of a shareholder vote or to appoint or prevent the appointment of a director or chief executive officer in the company has a duty of fairness toward the company with regard to such vote or appointment. There is limited case law available to assist us in understanding the nature of this duty or the implications of these provisions. These provisions may be interpreted to impose additional obligations and liabilities on holders of our ordinary shares that are not typically imposed on shareholders of U.S. corporations. See “Item 6.C. Board Practices — Approval of Related Party Transactions under Israeli Law—Fiduciary Duties of Directors and Executive Officers.”