56629000 60691000 60691000 60691000 18802000 18802000 0001757399 false --12-31 FY 2020 IL IL IL true 0001757399 2018-12-31 iso4217:USD 0001757399 srt:AmericasMember 2018-12-31 0001757399 us-gaap:EMEAMember 2018-12-31 0001757399 country:IL 2018-12-31 0001757399 2020-12-31 0001757399 srt:AmericasMember 2020-12-31 0001757399 us-gaap:EMEAMember 2020-12-31 0001757399 country:IL 2020-12-31 0001757399 2019-12-31 0001757399 srt:AmericasMember 2019-12-31 0001757399 us-gaap:EMEAMember 2019-12-31 0001757399 country:IL 2019-12-31 0001757399 2017-12-31 0001757399 us-gaap:CommonStockMember 2017-12-31 0001757399 us-gaap:CommonStockMember 2018-12-31 0001757399 us-gaap:AdditionalPaidInCapitalMember 2017-12-31 0001757399 us-gaap:AdditionalPaidInCapitalMember 2018-12-31 0001757399 us-gaap:RetainedEarningsMember 2017-12-31 0001757399 us-gaap:RetainedEarningsMember 2018-12-31 0001757399 TUFN:RedeemableConvertiblePreferredStocksMember 2017-12-31 0001757399 TUFN:RedeemableConvertiblePreferredStocksMember 2018-12-31 0001757399 TUFN:RedeemableConvertiblePreferredStocksMember 2020-12-31 0001757399 us-gaap:CommonStockMember 2020-12-31 0001757399 us-gaap:AdditionalPaidInCapitalMember 2020-12-31 0001757399 us-gaap:RetainedEarningsMember 2020-12-31 0001757399 TUFN:RedeemableConvertiblePreferredStocksMember 2019-12-31 0001757399 us-gaap:CommonStockMember 2019-12-31 0001757399 us-gaap:AdditionalPaidInCapitalMember 2019-12-31 0001757399 us-gaap:RetainedEarningsMember 2019-12-31 0001757399 us-gaap:AccumulatedOtherComprehensiveIncomeMember 2020-12-31 iso4217:ILS i:shares 0001757399 TUFN:TwoThousandsNinteenStockOptionPlanMember 2020-12-31 i:shares 0001757399 2018-01-01 2018-12-31 0001757399 us-gaap:ProductMember 2018-01-01 2018-12-31 0001757399 us-gaap:ServiceMember 2019-01-01 2019-12-31 0001757399 us-gaap:ServiceMember 2018-01-01 2018-12-31 0001757399 country:US 2018-01-01 2018-12-31 0001757399 TUFN:AmericasOtherMember 2018-01-01 2018-12-31 0001757399 srt:AmericasMember 2018-01-01 2018-12-31 0001757399 country:IL 2018-01-01 2018-12-31 0001757399 TUFN:EMEAExcludingGermanyMember 2018-01-01 2018-12-31 0001757399 country:DE 2018-01-01 2018-12-31 0001757399 TUFN:APACMember 2018-01-01 2018-12-31 0001757399 TUFN:HardwareProductsMember 2019-01-01 2019-12-31 0001757399 TUFN:SoftwareProductsMember 2018-01-01 2018-12-31 0001757399 TUFN:HardwareProductsMember 2018-01-01 2018-12-31 0001757399 us-gaap:MaintenanceMember 2018-01-01 2018-12-31 0001757399 TUFN:ProfessionalServicesMember 2018-01-01 2018-12-31 0001757399 2020-01-01 2020-12-31 0001757399 us-gaap:ProductMember 2020-01-01 2020-12-31 0001757399 us-gaap:ServiceMember 2020-01-01 2020-12-31 0001757399 TUFN:SoftwareProductsMember 2020-01-01 2020-12-31 0001757399 TUFN:HardwareProductsMember 2020-01-01 2020-12-31 0001757399 us-gaap:MaintenanceMember 2020-01-01 2020-12-31 0001757399 TUFN:ProfessionalServicesMember 2020-01-01 2020-12-31 0001757399 country:US 2020-01-01 2020-12-31 0001757399 TUFN:AmericasOtherMember 2020-01-01 2020-12-31 0001757399 srt:AmericasMember 2020-01-01 2020-12-31 0001757399 country:IL 2020-01-01 2020-12-31 0001757399 TUFN:EMEAExcludingGermanyMember 2020-01-01 2020-12-31 0001757399 country:DE 2020-01-01 2020-12-31 0001757399 TUFN:APACMember 2020-01-01 2020-12-31 0001757399 2019-01-01 2019-12-31 0001757399 us-gaap:ProductMember 2019-01-01 2019-12-31 0001757399 country:US 2019-01-01 2019-12-31 0001757399 TUFN:AmericasOtherMember 2019-01-01 2019-12-31 0001757399 srt:AmericasMember 2019-01-01 2019-12-31 0001757399 country:IL 2019-01-01 2019-12-31 0001757399 TUFN:EMEAExcludingGermanyMember 2019-01-01 2019-12-31 0001757399 country:DE 2019-01-01 2019-12-31 0001757399 TUFN:APACMember 2019-01-01 2019-12-31 0001757399 TUFN:SoftwareProductsMember 2019-01-01 2019-12-31 0001757399 us-gaap:MaintenanceMember 2019-01-01 2019-12-31 0001757399 TUFN:ProfessionalServicesMember 2019-01-01 2019-12-31 0001757399 country:IL 2018-01-01 2018-12-31 0001757399 us-gaap:NonUsMember 2018-01-01 2018-12-31 0001757399 country:IL 2020-01-01 2020-12-31 0001757399 us-gaap:NonUsMember 2020-01-01 2020-12-31 0001757399 country:IL 2019-01-01 2019-12-31 0001757399 us-gaap:NonUsMember 2019-01-01 2019-12-31 0001757399 us-gaap:RetainedEarningsMember 2018-01-01 2018-12-31 0001757399 us-gaap:RetainedEarningsMember 2020-01-01 2020-12-31 0001757399 us-gaap:RetainedEarningsMember 2019-01-01 2019-12-31 0001757399 us-gaap:CommonStockMember 2018-01-01 2018-12-31 0001757399 us-gaap:AdditionalPaidInCapitalMember 2018-01-01 2018-12-31 0001757399 us-gaap:CommonStockMember 2020-01-01 2020-12-31 0001757399 us-gaap:AdditionalPaidInCapitalMember 2020-01-01 2020-12-31 0001757399 us-gaap:CommonStockMember 2019-01-01 2019-12-31 0001757399 us-gaap:AdditionalPaidInCapitalMember 2019-01-01 2019-12-31 0001757399 us-gaap:EmployeeStockOptionMember 2020-01-01 2020-12-31 0001757399 us-gaap:IPOMember 2019-04-01 2019-04-30 0001757399 us-gaap:CostOfSalesMember 2018-01-01 2018-12-31 0001757399 us-gaap:ResearchAndDevelopmentExpenseMember 2018-01-01 2018-12-31 0001757399 us-gaap:SellingAndMarketingExpenseMember 2018-01-01 2018-12-31 0001757399 us-gaap:GeneralAndAdministrativeExpenseMember 2018-01-01 2018-12-31 0001757399 us-gaap:CostOfSalesMember 2020-01-01 2020-12-31 0001757399 us-gaap:ResearchAndDevelopmentExpenseMember 2020-01-01 2020-12-31 0001757399 us-gaap:SellingAndMarketingExpenseMember 2020-01-01 2020-12-31 0001757399 us-gaap:GeneralAndAdministrativeExpenseMember 2020-01-01 2020-12-31 0001757399 us-gaap:CostOfSalesMember 2019-01-01 2019-12-31 0001757399 us-gaap:ResearchAndDevelopmentExpenseMember 2019-01-01 2019-12-31 0001757399 us-gaap:SellingAndMarketingExpenseMember 2019-01-01 2019-12-31 0001757399 us-gaap:GeneralAndAdministrativeExpenseMember 2019-01-01 2019-12-31 0001757399 us-gaap:FurnitureAndFixturesMember 2020-01-01 2020-12-31 0001757399 us-gaap:ComputerEquipmentMember 2020-01-01 2020-12-31 0001757399 us-gaap:LeaseholdImprovementsMember 2020-01-01 2020-12-31 0001757399 TUFN:ElectronicEquipmentMember 2020-01-01 2020-12-31 0001757399 us-gaap:AccountsReceivableMember TUFN:CustomerAMember 2019-01-01 2019-12-31 i:pure 0001757399 us-gaap:AccountsReceivableMember TUFN:CustomerBMember 2019-01-01 2019-12-31 0001757399 us-gaap:AccountsReceivableMember TUFN:CustomerCMember 2019-01-01 2019-12-31 0001757399 TUFN:CustomerOneMember 2018-01-01 2018-12-31 0001757399 TUFN:CustomerTwoMember 2018-01-01 2018-12-31 0001757399 us-gaap:AccountsReceivableMember TUFN:CustomerAMember 2020-01-01 2020-12-31 0001757399 us-gaap:AccountsReceivableMember TUFN:CustomerBMember 2020-01-01 2020-12-31 0001757399 us-gaap:AccountsReceivableMember TUFN:CustomerCMember 2020-01-01 2020-12-31 0001757399 TUFN:CustomerOneMember 2020-01-01 2020-12-31 0001757399 TUFN:CustomerTwoMember 2020-01-01 2020-12-31 0001757399 TUFN:CustomerOneMember 2019-01-01 2019-12-31 0001757399 TUFN:CustomerTwoMember 2019-01-01 2019-12-31 0001757399 TUFN:CustomerThreeMember 2018-01-01 2018-12-31 0001757399 TUFN:CustomerThreeMember 2019-01-01 2019-12-31 0001757399 TUFN:CustomerThreeMember 2020-01-01 2020-12-31 0001757399 us-gaap:SeriesAPreferredStockMember 2018-12-31 0001757399 us-gaap:SeriesAPreferredStockMember 2019-12-31 0001757399 us-gaap:IPOMember 2019-04-30 0001757399 us-gaap:EmployeeStockOptionMember 2020-12-31 0001757399 us-gaap:EmployeeStockOptionMember 2019-12-31 0001757399 us-gaap:RestrictedStockUnitsRSUMember 2020-12-31 0001757399 us-gaap:FairValueMeasurementsRecurringMember us-gaap:NotDesignatedAsHedgingInstrumentTradingMember us-gaap:FairValueInputsLevel2Member 2020-12-31 0001757399 us-gaap:FairValueMeasurementsRecurringMember us-gaap:NotDesignatedAsHedgingInstrumentTradingMember us-gaap:FairValueInputsLevel2Member 2019-12-31 0001757399 us-gaap:FurnitureAndFixturesMember 2019-12-31 0001757399 us-gaap:ComputerEquipmentMember 2019-12-31 0001757399 us-gaap:LeaseholdImprovementsMember 2019-12-31 0001757399 TUFN:ElectronicEquipmentMember 2019-12-31 0001757399 us-gaap:FurnitureAndFixturesMember 2020-12-31 0001757399 us-gaap:ComputerEquipmentMember 2020-12-31 0001757399 us-gaap:LeaseholdImprovementsMember 2020-12-31 0001757399 TUFN:ElectronicEquipmentMember 2020-12-31 0001757399 us-gaap:ForeignExchangeForwardMember us-gaap:NotDesignatedAsHedgingInstrumentTradingMember 2020-12-31 0001757399 us-gaap:ForeignExchangeForwardMember us-gaap:NotDesignatedAsHedgingInstrumentTradingMember 2019-12-31 iso4217:USD i:shares 0001757399 2019-04-01 2019-04-30 0001757399 TUFN:RedeemableConvertiblePreferredStocksMember 2019-01-01 2019-12-31 0001757399 country:US 2020-01-01 2020-12-31 0001757399 country:DE 2020-01-01 2020-12-31 0001757399 country:GB 2020-01-01 2020-12-31 0001757399 country:FR 2020-01-01 2020-12-31 0001757399 dei:BusinessContactMember 2020-01-01 2020-12-31 0001757399 us-gaap:AccumulatedOtherComprehensiveIncomeMember 2020-01-01 2020-12-31 0001757399 us-gaap:USGovernmentDebtSecuritiesMember 2020-12-31 0001757399 us-gaap:CorporateDebtSecuritiesMember 2020-12-31 0001757399 us-gaap:USGovernmentDebtSecuritiesMember 2020-01-01 2020-12-31 0001757399 us-gaap:CorporateDebtSecuritiesMember 2020-01-01 2020-12-31 0001757399 TUFN:TwoThousandsNinteenStockOptionPlanMember TUFN:OptionsRestrictedSharesAndOtherSharebasedAwardsMember 2020-01-01 2020-12-31 0001757399 us-gaap:SubsequentEventMember us-gaap:RestrictedStockUnitsRSUMember 2021-02-28 2021-03-01 0001757399 us-gaap:RestrictedStockUnitsRSUMember 2020-01-01 2020-12-31 0001757399 TUFN:TwoThousandsNinteenStockOptionPlanMember TUFN:OptionsRestrictedSharesAndOtherSharebasedAwardsMember srt:MinimumMember 2020-12-31 0001757399 us-gaap:SubsequentEventMember TUFN:TwoThousandsNinteenStockOptionPlanMember TUFN:OptionsRestrictedSharesAndOtherSharebasedAwardsMember srt:MaximumMember 2021-01-01 0001757399 TUFN:ExercisePriceOneMember 2020-01-01 2020-12-31 0001757399 TUFN:ExercisePriceTwoMember 2020-01-01 2020-12-31 0001757399 TUFN:ExercisePriceThreeMember 2020-01-01 2020-12-31 0001757399 TUFN:ExercisePriceFourMember 2020-01-01 2020-12-31 0001757399 TUFN:ExercisePriceOneMember 2020-12-31 0001757399 TUFN:ExercisePriceTwoMember 2020-12-31 0001757399 TUFN:ExercisePriceThreeMember 2020-12-31 0001757399 TUFN:ExercisePriceFourMember 2020-12-31 0001757399 us-gaap:EmployeeStockOptionMember srt:MinimumMember 2020-01-01 2020-12-31 0001757399 us-gaap:EmployeeStockOptionMember srt:MaximumMember 2020-01-01 2020-12-31 0001757399 us-gaap:EmployeeStockOptionMember srt:MinimumMember 2019-01-01 2019-12-31 0001757399 us-gaap:EmployeeStockOptionMember srt:MaximumMember 2019-01-01 2019-12-31 0001757399 us-gaap:EmployeeStockOptionMember 2019-01-01 2019-12-31

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

WASHINGTON, D.C. 20549

FORM 20-F

REGISTRATION STATEMENT PURSUANT TO SECTION 12(b) OR (g) OF THE SECURITIES EXCHANGE ACT OF 1934

OR

ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934  

For the fiscal year ended December 31, 2020

OR

TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934  

OR

SHELL COMPANY REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

Date of event requiring this shell company report ______________

For the transition period from ____________ to ____________.

Commission file number 001-38866

IMAGE PROVIDED BY CLIENT

TUFIN SOFTWARE TECHNOLOGIES LTD.

(Exact name of Registrant as specified in its charter)

ISRAEL

(Jurisdiction of incorporation or organization)

5 HaShalom Road, ToHa Tower

Tel Aviv 6789205, Israel

(Address of principal executive offices)

 

Yuval Fessler

General Counsel

Telephone: +972 (3) 612-8118

Tufin Software Technologies Ltd.

5 HaShalom Road, ToHa Tower

Tel Aviv 6789205, Israel

(Name, telephone, e-mail and/or facsimile number and address of company contact person)

Securities registered or to be registered pursuant to Section 12(b) of the Act:

Title of each class

Trading Symbol(s)

Name of each exchange on which registered

Ordinary shares, par value NIS 0.015 per share

TUFN

New York Stock Exchange

Securities registered or to be registered pursuant to Section 12(g) of the Act: None.

Securities for which there is a reporting obligation pursuant to Section 15(d) of the Act: None.

Indicate the number of outstanding shares of each of the issuer’s classes of capital or common stock as of the close of the period covered by the annual report: As of December 31, 2020, the registrant had outstanding 35,972,470 ordinary shares, par value NIS 0.015 per share.


Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act.

Yes ☐  No ☒

If this report is an annual or transition report, indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934.

Yes ☐  No ☒

Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days.

Yes ☒  No ☐

Indicate by check mark whether the registrant has submitted electronically and posted on its corporate website, if any, every Interactive Data File required to be submitted and posted pursuant to Rule 405 of Regulation S-T (§229.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit and post such files).

Yes ☒  No ☐

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated file, a non-accelerated filer, or an emerging growth company. See definition of “large accelerated filer,” “ accelerated filer,” and “emerging growth company” in Rule 12b-2 of the Exchange Act:

 

Large accelerated filer ☐

Accelerated filer ☒

Non-accelerated filer ☐

Emerging growth company ☒

 

If an emerging growth company that prepares its financial statements in accordance with U.S. GAAP, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☒

Indicate by check mark whether the registrant has filed a report on the attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report. ☐

Indicate by check mark which basis for accounting the registrant has used to prepare the financing statements included in this filing:

 

U.S. GAAP ☒

International Financial Reporting Standards as issued by the International Accounting Standards Board ☐

Other ☐

If “Other” has been checked in response to the previous question, indicate by check mark which financial statement item the registrant has elected to follow.

☐ Item 17  ☐ Item 18

If this is an annual report, indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act).

Yes ☐  No ☒


TABLE OF CONTENTS

Page

Introduction

1

Special Note Regarding Forward-Looking Statements

1

PART I

Item 1.Identity of Directors, Senior Management and Advisers

3

Item 2.Offer Statistics and Expected Timetable

3

Item 3.Key Information

3

Item 4.Information on the Company

32

Item 4A.Unresolved Staff Comments

42

Item 5.Operating and Financial Review and Prospects

43

Item 6.Directors, Senior Management and Employees

56

Item 7.Major Shareholders and Related Party Transactions

77

Item 8.Financial Information

81

Item 9.The Offer and Listing

82

Item 10.Additional Information

83

Item 11.Quantitative and Qualitative Disclosures About Market Risk

96

Item 12.Description of Securities Other Than Equity Securities

96

PART II

Item 13.Defaults, Dividend Arrearages and Delinquencies

96

Item 14.Material Modifications to the Rights of Security Holders and Use of Proceeds

97

Item 15.Controls and Procedures

97

Item 16.[Reserved]

98

Item 16A.Audit Committee Financial Expert

98

Item 16B.Code of Ethics

98

Item 16C.Principal Accountant Fees and Services

99

Item 16D.Exemptions from the Listing Standards for Audit Committees

99

Item 16E.Purchases of Equity Securities by the Issuer and Affiliated Purchasers

99

Item 16F.Change in Registrant’s Certifying Accountant

99

Item 16G.Corporate Governance

99

Item 16H.Mine Safety Disclosure

99

PART III

Item 17.Financial Statements

99

Item 18.Financial Statements

99

Item 19.Exhibits

162


INTRODUCTION

In this annual report, the terms “Tufin,” “we,” “us,” “our” and “the company” refer to Tufin Software Technologies Ltd. and its subsidiaries.

Throughout this annual report, we refer to various trademarks, service marks and trade names that we use in our business. The “Tufin” design logo is the property of Tufin Software Technologies Ltd. Tufin® is our registered trademark in the United States. We have several other trademarks, service marks and pending applications relating to our products. In particular, although we have omitted the “®” and “™” trademark designations in this annual report from each reference to Unified Security Policy, Tufin Orchestration Suite, SecureChange, SecureTrack, SecureApp and Tufin SecureCloud, all rights to such trademarks are nevertheless reserved. Other trademarks and service marks appearing in this annual report are the property of their respective holders.

References in this annual report to the Global 2000 are to the world’s 2,000 largest public companies as published by Forbes Media LLC according to its Forbes Global 2000: The World's Largest Public Companies, June 2018.

SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS AND RISK FACTORS SUMMARY

We make forward-looking statements in this annual report that are subject to risks and uncertainties. The Private Securities Litigation Reform Act of 1995 provides safe harbor protections for forward-looking statements in order to encourage companies to provide prospective information about their business. These forward-looking statements include information about possible or assumed future results of our business, financial condition, results of operations, liquidity, plans and objectives. In some cases, you can identify forward-looking statements by terminology such as “believe,” “may,” “estimate,” “continue,” “anticipate,” “intend,” “should,” “plan,” “expect,” “predict,” “potential,” “will,” “likely,” “continue” or the negative of these terms or other similar expressions. The statements we make regarding the following matters are forward-looking by their nature, and the risks and uncertainties they involve include, but are not limited to, the items in the following list, which summarizes some of the principal risks relating to the Company and its business:

the impact of the global pandemic caused by the novel coronavirus (“COVID-19”) on the budgets of our customers and on economic conditions generally, as well as the length, severity of and pace of recovery following the pandemic;

political conditions and economic downturns, particularly in areas where we operate;

compliance, managerial and regulatory risks associated with international sales and operations;

our expectation that policy-centric, automated solutions will garner a growing share of enterprise security spend;

our expectations for growth in certain key verticals and geographic regions and our intention to expand international operations;

our ability to maintain effective internal controls over financial reporting;

our expectations concerning seasonality and the predictability of our sales cycle;

our expectation regarding customer relationships developed by our hybrid sales model, including our ability to acquire new customers and maintain a high level of customer retention;

our ability to compete and increase positive market awareness of our brand, particularly with respect to markets for security policy management;

our ability to align our future and past performance by continuing to generate sufficient revenues;

the successful management of our business model, as well as current and future growth, particularly with respect to our plans to transition to a subscription-based product model over time;

the compatibility of our product and service offerings with customers’ existing technologies and applications;

our plans to deploy additional cloud-based subscription products over time, to enable more customers to consume our products beyond our existing on-premise solutions;

our reliance on certain products and customers to generate revenue;

our intention to invest further in the Tufin Orchestration Suite to extend its functionality and features;

1


our expectations regarding sales of our new product, SecureCloud;

our expectations regarding sales driven by channel partners and our technology alliance partners through joint selling efforts and go-to-market strategies;

our dependence on a single third-party manufacturer to fulfill certain software license orders;

the effect of cybersecurity threats or attacks on our technologies, products and services;

the effect of any real or perceived shortcomings, defects or vulnerabilities in our solutions;

compliance laws, regulations and requirements in the jurisdictions where we operate, including with respect to with data protection and privacy and export and import control requirements;

our expectations regarding the outcome of certain litigation relating to our initial and secondary public offerings;

our ability to adequately protect and defend our intellectual property and other proprietary rights;

our ability to effectively manage invest in, grow and retain our sales force, research and development capabilities, marketing team and other key personnel;

the volatility of our share price and active trading market for our shares;

political, economic, governmental and tax consequences associated with our incorporation and location in Israel; and

our expectations regarding our tax classifications.

The preceding list is not intended to be an exhaustive list of all of our forward-looking statements. The forward-looking statements are based on our beliefs, assumptions and expectations of future performance, taking into account the information currently available to us. These statements are only predictions based upon our current expectations and projections about future events. There are important factors that could cause our actual results, levels of activity, performance or achievements to differ materially from the results, levels of activity, performance or achievements expressed or implied by the forward-looking statements. In particular, you should consider the risks provided under “Risk Factors” in this annual report.

You should not rely upon forward-looking statements as predictions of future events. Although we believe that the expectations reflected in the forward-looking statements are reasonable, we cannot guarantee that future results, levels of activity, performance and events and circumstances reflected in the forward-looking statements will be achieved or will occur. Except as required by law, we undertake no obligation to update publicly any forward-looking statements for any reason after the date of this annual report, to conform these statements to actual results or to changes in our expectations.

2


PART I

ITEM 1.IDENTITY OF DIRECTORS, SENIOR MANAGEMENT AND ADVISERS

Not applicable.

ITEM 2.OFFER STATISTICS AND EXPECTED TIMETABLE

Not applicable.

ITEM 3.KEY INFORMATION

A.Selected Financial Data

The following tables set forth our selected consolidated financial data. You should read the following selected consolidated financial data in conjunction with “Item 5. Operating and Financial Review and Prospects” and our consolidated financial statements and related notes included elsewhere in this annual report. Historical results are not necessarily indicative of the results that may be expected in the future. Our financial statements have been prepared in accordance with U.S. Generally Accepted Accounting Principles, or U.S. GAAP.

The selected consolidated statements of operations data for each of the years in the three-year period ended December 31, 2020 and the consolidated balance sheet data as of December 31, 2019 and 2020 are derived from our audited consolidated financial statements appearing elsewhere in this annual report. The below selected consolidated balance sheet data as of December 31, 2017 and 2018, has been derived from our previously reported audited consolidated financial statements, which are not included in this annual report.

Year ended December 31,

2017

2018

2019

2020

(in thousands except share and per share data)

Consolidated Statements of Operations:

Revenues:

Product

$

30,855

$

42,554

$

47,365

$

38,690

Maintenance and professional services

33,685

42,427

55,905

62,144

Total revenues

64,540

84,981

103,270

100,834

Cost of revenues:

Product

1,702

2,324

2,716

2,940

Maintenance and professional services

7,778

11,112

17,141

17,307

Total cost of revenues (1)

9,480

13,436

19,857

20,247

Gross profit

55,060

71,545

83,413

80,587

Operating expenses:

Research and development (1)

17,672

21,363

31,571

34,978

Sales and marketing (1)

35,042

46,092

63,981

59,484

General and administrative (1)

4,608

6,022

14,884

20,050

Total operating expenses

57,322

73,477

110,436

114,512

Operating loss

$

(2,262

)

$

(1,932

)

$

(27,023

)

$

(33,925

)

Financial income (loss), net

267

(1,047

)

(85

)

114

Loss before taxes on income

$

(1,995

)

$

(2,979

)

$

(27,108

)

$

(33,811

)

Taxes on income

(797

)

(1,283

)

(1,011

)

(1,595

)

Net loss

(2,792

)

(4,262

)

(28,119

)

(35,406

)

Basic and diluted net loss per ordinary share (2)

$

(0.35

)

$

(0.53

)

$

(1.04

)

$

(0.99

)

Weighted average number of ordinary shares used in computing basic and diluted net loss per ordinary share (2)

7,872,545

8,045,647

27,088,274

35,674,258

3


December 31,

2017

2018

2019

2020

(in thousands)

Consolidated Balance Sheet Data (3):

Cash and cash equivalents

$

14,700

$

15,248

$

118,661

$

58,449

Working capital, excluding deferred revenue (4)

15,247

17,781

115,963

75,973

Deferred revenue, current and non-current

23,957

31,464

35,563

37,755

Total assets

35,126

47,133

176,732

160,351

Redeemable convertible preferred shares

26,699

26,699

Total shareholders’ equity (deficit)

(29,028

)

(29,946

)

94,322

75,179

December 31,

2017

2018

2019

2020

(in thousands)

Supplemental Financial Data:

Non-GAAP gross profit (5)

$

55,392

$

72,179

$

84,927

$

82,611

Non-GAAP operating income (loss) (5)

$

(152

)

$

1,249

$

(15,234

)

$

(18,452

)

Non-GAAP net loss (5)

$

(682

)

$

(1,081

)

$

(17,054

)

$

(20,634

)

____________________________

(1)

Includes share-based compensation expense as follows:

Year ended December 31,

2017

2018

2019

2020

(in thousands)

Share-based Compensation Expense:

Cost of revenues

$

332

$

634

$

1,514

$

2,024

Research and development

660

731

2,370

4,437

Sales and marketing

765

1,458

4,849

4,635

General and administrative

353

358

2,194

3,929

Total share-based compensation expenses

$

2,110

$

3,181

$

10,927

$

15,025

4


 

(2)

Basic and diluted net loss per ordinary share is computed based on the weighted average number of ordinary shares outstanding during each period. For additional information, see Note 2 to our consolidated financial statements included elsewhere in this annual report.

(3)

We adopted ASC 842 - “Leases” on January 1, 2019, and recorded right-of-use assets and lease liabilities, which are reflected on our balance sheet as of December 31, 2019 and 2020. As permitted, comparative figures were not adjusted. For additional information, see our consolidated financial statements included elsewhere in this annual report.

(4)

We define working capital as total current assets minus total current liabilities.

(5)

Non-GAAP gross profit, non-GAAP operating income (loss) and non-GAAP net loss are non-GAAP financial measures. We define non-GAAP gross profit as gross profit excluding share-based compensation expense. We define non-GAAP operating income (loss) as operating income (loss) excluding share-based compensation expense, shelf registration costs, one-time expenses associated with the reorganization of one of our subsidiaries and secondary offering costs. We define non-GAAP net loss as net loss excluding share-based compensation expense, shelf registration costs, one-time expenses associated with the reorganization of one of our subsidiaries, secondary offering costs and the tax effect of these non-GAAP adjustments. Because of varying available valuation methodologies, subjective assumptions and the variety of equity instruments that can impact a company’s non-cash expense, we believe that providing non-GAAP financial measures that exclude non-cash share-based compensation expense allow for more meaningful comparisons between our operating results from period to period. In addition, we believe that providing non-GAAP financial measures that exclude shelf registration costs, one-time expenses associated with the reorganization of one of our subsidiaries and secondary offering costs allows for more meaningful comparisons between our operating results from period to period since these non-recurring costs are not representative or indicative of our ongoing operations. We also believe that the tax effects related to the non-GAAP adjustments set forth above do not reflect the performance of our core business and would impact period-to-period comparability.

These non-GAAP financial measures are an important tool for financial and operational decision-making and for evaluating our operating results over different periods. The presentation of these non-GAAP financial measures is not meant to be considered in isolation or as a substitute for comparable GAAP financial measures and should be read only in conjunction with our consolidated financial statements prepared in accordance with GAAP.

The following tables reconcile gross profit, operating loss and net loss, the most directly comparable U.S. GAAP measures, to non-GAAP gross profit, non-GAAP operating income (loss) and non-GAAP net loss for the periods presented:

Year ended December 31,

2017

2018

2019

2020

(in thousands)

Reconciliation of Gross Profit to Non-GAAP Gross Profit:

Gross profit

$

55,060

$

71,545

$

83,413

$

80,587

Add:

Share-based compensation expense

$

332

$

634

$

1,514

$

2,024

Non-GAAP gross profit

$

55,392

$

72,179

$

84,927

$

82,611

Year ended December 31,

2017

2018

2019

2020

(in thousands)

Reconciliation of Operating Loss to Non-GAAP Operating Loss:

Operating loss

$

(2,262

)

$

(1,932

)

$

(27,023

)

$

(33,925

)

Add:

Share-based compensation expense

$

2,110

$

3,181

$

10,927

$

15,025

Shelf registration costs

126

One-time reorganization charges

322

Secondary offering costs

862

Non-GAAP operating income (loss)

$

(152

)

$

1,249

$

(15,234

)

$

(18,452

)

5


Year ended December 31,

2017

2018

2019

2020

(in thousands)

Reconciliation of Net Loss to Non-GAAP Net Loss:

 

Net loss

$

(2,792

)

$

(4,262

)

$

(28,119

)

$

(35,406

)

Add:

Share-based compensation expense

$

2,110

$

3,181

$

10,927

$

15,025

Shelf registration costs

126

One-time reorganization charges

322

Secondary offering costs

862

Taxes on income related to non-GAAP adjustments

(724

)

(701

)

Non-GAAP net loss

$

(682

)

$

(1,081

)

$

(17,054

)

$

(20,634

)

Other companies, including companies in our industry, may calculate non-GAAP gross profit, non-GAAP operating income (loss) and non-GAAP loss differently or not at all, which reduces their usefulness as a comparative measure. You should consider non-GAAP gross profit, operating income (loss) and non-GAAP net loss along with other financial performance measures and our financial results presented in accordance with U.S. GAAP.

B.Capitalization and Indebtedness

Not applicable.

C.Reasons for the Offer and Use of Proceeds

Not applicable.

D.Risk Factors

Our business faces significant risks. You should carefully consider all of the information set forth in this annual report and in our other filings with the U.S. Securities and Exchange Commission, or the SEC, including the following risk factors which we face and which are faced by our industry. If any of the following risks actually occurs, our business, financial condition and results of operations could be materially and adversely affected. In that event, the trading price of our ordinary shares would likely decline, and you might lose all or part of your investment. This annual report also contains forward-looking statements, as a result of certain risk factors including the risks described below and elsewhere in this report and our other SEC filings. See also “Special Note Regarding Forward-Looking Statements” on page 1 of this annual report.

Risks Related to Our Business and Our Industry

Economic and External Risks

COVID-19, including the efforts to mitigate its impact, has had and may continue to have a material adverse effect on our business, liquidity, results of operations, financial condition and price of our securities.

The ongoing pandemic caused by COVID-19 has had a significant impact on global economic activity. Efforts to contain or reduce the spread of COVID-19, such as shutdowns and “shelter-in-place” orders, have been suggested or mandated by governmental authorities or otherwise elected by companies as a preventative measure. Such efforts have adversely affected workforces, customers, consumer sentiment, economies and financial markets, and, along with decreased consumer spending, have led to an economic downturn in many of our markets. For example, Israel and federal and state governments in the United States, the locations in which our primary offices are located, have imposed limitations on gatherings, social distancing measures and restrictions on movement, only allowing essential businesses to remain open. Such orders or restrictions have resulted in temporary store closures, work stoppages, slowdowns and delays, travel restrictions and cancellation of events, among other effects, any of which may negatively impact workforces, customers, consumer sentiment and the economies in many of our markets, and as a result, may further adversely affect our operations.

6


As a result of COVID-19 and its widespread economic effects, we have implemented certain cost-reduction measures, including workforce reduction. Because we cannot predict the trajectory of COVID-19, we may need to implement additional cost-reduction measures in the future.

Operationally, as a result of COVID-19 and related response measures, we have transitioned our employees to remote working arrangements and temporarily closed and/or otherwise implemented hybrid remote-work with limited onsite presence in all of our offices worldwide. Due to the uncertainty of COVID-19, we will continue to assess the situation, including abiding by any government-imposed restrictions, market by market.

To date, this shift to remote work has not had a material adverse impact on our ability to continue our operations. Although currently our operations are handled mostly remotely (with some onsite hybrid presence) and run smoothly, the remote work arrangements could, if interrupted, negatively impact the execution of our business plans and operating results. In addition, continuous remote work arrangements could result in increased turnover or make it more difficult to train new employees. Similarly, if a natural disaster, power outage, connectivity issue, or other event were to occur that would inhibit or preclude our employees’ ability to work remotely, it may be difficult or, in certain cases, impossible, for us to continue our business for a substantial period of time. The increase in remote work also increases our potential exposure to security breaches and fraud attempts.

In the event that COVID-19 continues to persist, it is plausible that the ongoing global economic downturn will continue in parallel, which could adversely affect the demand for our products generally. A continued economic recession could also have a material adverse impact on the stability and financial strength of our business partners. Similarly, the widespread economic impact on certain business segments and verticals, such as travel and hospitality, has led to reductions in IT spending within those industries. In addition, the lack of visibility in the mitigation of the pandemic has led some businesses to prioritize shorter term budget planning and the deferral of strategic, longer-term IT projects. Our customers and partners, as a result, may adopt a similar budgetary approach which, if adopted, would impair our operations and results moving forward. While we have a strong cash position, we cannot guarantee that our financial condition will not be adversely affected in a material manner.

There are additional variables that frustrate our ability to accurately predict the impact that COVID-19 will have on our operations going forward. Despite the recent development and introduction of different vaccines to COVID-19, there is still much uncertainty as to the length of time that the pandemic and related disruptions will continue, the impact of governmental regulations or easement of regulations in response to the strengthening or weakening of the pandemic, and the degree of overall changes in consumer behavior.

To the extent COVID-19 adversely affects our business and financial results, it may also have the effect of heightening many of the other risks described herein.

Prolonged economic uncertainties or downturns could materially adversely affect our business.

Our business depends on our current and prospective customers’ ability and willingness to invest money in security policy management, which in turn is dependent upon their overall economic health. Negative economic conditions in the global economy, including, for instance, conditions resulting from COVID-19 or financial and credit market fluctuations, could cause a decrease in corporate spending on security software. The Americas accounted for the majority of our revenues in each of the years ended December 31, 2019 and 2020. EMEA also accounted for a significant portion of our revenues in each of the years ended December 31, 2019 and 2020, with revenues generated in Germany representing 30% and 29%, respectively, of EMEA revenues. Economic downturns and geopolitical challenges in the Americas, EMEA or certain other parts of the world may cause our customers in those locations to reevaluate decisions to purchase our solutions or to delay their purchasing decisions, which could adversely impact our results of operations due to the importance that region to us.

In addition, a significant portion of our revenues is generated from customers in the financial services industry, including banking and insurance, and the telecommunications industry. In the years ended December 31, 2019 and 2020, we generated approximately 47% and 48%, respectively, of our revenues from customers in the financial services and telecommunications industries. Negative economic conditions may cause customers in those industries in particular to reduce their IT spending. Customers may delay or cancel IT projects, choose to focus on in-house development efforts or seek to lower their costs by renegotiating maintenance and support agreements. To the extent purchases of licenses for our software are perceived by customers and potential customers to be discretionary, our revenues may be disproportionately affected by delays or reductions in general IT spending. If the economic conditions of the general economy or industries in which we operate worsen from present levels, our results of operation could be adversely affected.

7


The security policy management market is rapidly evolving and difficult to predict. If the market does not continue to develop as we anticipate or if our target customers do not adopt our solutions, our revenues may not grow as expected and our share price may decline.

We believe our future success depends in large part on growth in the security policy management market in which we compete. The security policy management market is subject to rapid technological change, evolving industry standards and a shift in the enforcement or scope of regulations to which our customers are subject, as well as changing customer needs, requirements and preferences. As such, it is difficult to predict important market trends, including potential growth. For example, organizations that currently use homegrown tools may believe that they already have sufficient security policy management products. Therefore, such organizations may allocate all or most of their network infrastructure budgets on other products and may not adopt our solutions in addition to or in lieu of other existing solutions. If the security policy management market does not continue to develop in the way we anticipate or if organizations do not recognize the benefits our solutions offer in addition to or in place of other existing solutions, then our revenues may not grow as expected and our share price could decline.

Estimates of market opportunity and forecasts of market growth included in this annual report and in our public disclosures may prove to be inaccurate.

Growth forecasts included in this annual report and in our public disclosures relating to our market opportunity and the expected growth in the security policy management market, which are subject to significant uncertainty, may prove to be inaccurate. We believe our policy management and automation functionalities define a new market, and we are not aware of any third-party research that accurately defines the scope of our directly addressable opportunity. As such, in early 2019 we estimated the market size using third-party data and, when third-party data was not available, internal estimates. We segment enterprises based on our estimates of their network infrastructure size and their need for our solutions across their networks, and apply an average annual billings figure per segment based on an estimated prior five years of inventory, resulting in an estimated directly addressable market of $10.3 billion, which includes on-premise firewalls, private cloud and public cloud orchestration segments.

The addressable market we estimate may not materialize for many years. Even if the markets in which we compete meet the size estimates and growth forecast in this annual report or in our public disclosures, our business could fail to grow at similar rates. Our growth is subject to many factors, including our success in implementing our business strategy, which is subject to many risks and uncertainties. Accordingly, the forecasts of market growth included in this annual report or in our public disclosures are not indicative of our future growth.

Political and economic uncertainty arising from the outcome of the United Kingdom’s referendum on its membership in the European Union could adversely affect our business and results of operations.

Part of our European sales team is currently located in England. In the United Kingdom, following the vote to approve an exit from the European Union, or EU, commonly referred to as “Brexit,” the government officially separated from the EU on January 31, 2020. A transition period ended on December 31, 2020, during which the United Kingdom and the EU negotiated the terms of the United Kingdom’s relationship with the EU going forward. With the implementation of the EU-United Kingdom Trade and Cooperation Agreement beginning on January 1, 2021, it is still unclear how the deal will impact relationships within the United Kingdom and between the United Kingdom and other countries on many aspects of fiscal policy, cross-border trade and international relations. The effects of and the perceptions as to the impact from the withdrawal of the United Kingdom from the European Union has and may continue to adversely affect business activity and economic and market conditions in the United Kingdom, Europe and globally, and could contribute to instability in global financial and foreign exchange markets, including volatility in the value of the pound sterling and the euro. In addition, Brexit could lead to additional political, legal and economic instability in the European Union.

It is also unclear what long-term economic, financial, trade and legal implications the withdrawal of the United Kingdom from the EU will have and how such withdrawal will affect our customers and our operations in the United Kingdom. As a result, it is possible that the level of economic activity in this region will be adversely impacted and that there will be increased regulatory and legal complexities. Therefore, it may be time-consuming and expensive for us to alter our internal operations in order to comply with any new regulations. Any of these effects of Brexit, and others we cannot anticipate, could adversely affect our business in the United Kingdom, as well as our financial condition, results of operations and cash flows.

Our investment portfolio may be adversely affected by market conditions and interest rates.

We maintain substantial balances of liquid investments for operational and general corporate purposes. Our marketable securities amounted to $42.3 million as of December 31, 2020. Our investments in marketable securities might be negatively affected by liquidity, credit deterioration, financial results and interest rate fluctuations, as well as other factors which may be impacted by market downturns or events that affect global financial markets. We generally buy and hold our marketable securities portfolio with the objective to minimize the potential risk of principal loss. Our investment policy sets limits for minimum credit rating and maximum concentration per issuer, as well as maximum time to maturity. Our investments consist primarily of government and corporate debentures.

Although we believe that we generally adhere to conservative investment guidelines, the continuing uncertainty in the financial markets, including due COVID-19, may result in impairments of the carrying value of our investment assets. Any significant decline in our financial income or the value of our investments as a result of the changes in interest rates and interest rate expectations of the financial markets, deterioration in the credit rating of the securities in which we have invested, or general market conditions, could have an adverse effect on our results of operations and financial condition.

8


Operational Risks

If we are unable to acquire new customers, particularly large organizations, our future revenues and operating results will be harmed.

Our growth strategy is dependent, in part, on our ability to acquire new customers, particularly large organizations, which we define as those comprising the Global 2000. For example, in the year ended December 31, 2020, large organizations accounted for 63% of our revenues, excluding maintenance renewals. The size and number of customers that we add in a given period significantly and directly impact both our short-term and long-term revenues. If we are unable to attract a sufficient number of new large organization customers or if we attract customers that place orders of an insufficient size, we may be unable to generate revenue growth at desired rates. The security policy management market is competitive and we cannot guarantee that we will out-perform our competitors. In addition, in many cases, our primary competition is in-house, manual, spreadsheet driven processes and home-grown approaches to security management. As a result, we may not be able to add new customers at the levels we expect, or may need to spend more than we budgeted on our efforts to do so. Competition in the marketplace may also result in us winning fewer new customers, lowering prices or offering sales incentives to new customers. These factors may have a material negative impact on our future revenues and operating results.

Sales to large organizations involve risks that may not be present (or that are present to a lesser extent) with sales to smaller entities. These risks include:

increased purchasing power and leverage held by large organizations in negotiating contractual arrangements with us, including, in certain cases, clauses that provide preferred pricing of configurations with similar specifications;

the timing of individual large sales, which in some cases have occurred in a quarter subsequent to those we anticipated, or have not occurred at all;

longer sales cycles and the associated risk that substantial time and resources may be spent on a potential customer that ultimately elects not to purchase our products or purchases fewer products than we anticipated;

more stringent or costly requirements imposed upon us in our maintenance and professional services contracts with such customers, including stricter response times and penalties for any failure to meet maintenance and professional services requirements;

more complicated and costly implementation processes and network infrastructure; and

closer relationships with, and increased dependence upon, large technology companies who may offer competing products and have stronger brand recognition.

If we are unable to increase sales of our solutions and products to large organizations while mitigating the risks associated with serving such customers, our business, results of operations, prospects and financial condition may suffer.

If the transition to a subscription-based business model fails to yield the benefits that we expect, our results of operations could be negatively impacted.

We are in the process of transitioning to a subscription-based business model. It is uncertain whether this transition will prove successful. Market acceptance of our products is dependent on our ability to include functionality and usability that address certain customer requirements. Additionally, we must optimally price our products in light of marketplace conditions, our costs and customer demand. This transition may have negative revenue, earnings and cash flow implications, including on our quarterly results of operations. If we are unable to respond to challenges that may develop in our transition to subscription, our business could be harmed.

This subscription-based business strategy may give rise to a number of risks, including the following:

our revenues and cash flows may fluctuate more than anticipated over the short-term;

if new or current customers do not desire to consume our offerings under a subscription model, our subscription sales may lag behind our expectations;

the shift to a subscription model may raise concerns among new or existing customers, resellers and investors, including concerns with respect to changes to pricing over time and access to our products once a given subscription has expired, which could slow adoption rates;

9


our success in maintaining or implementing our target pricing or new pricing models, product adoption and projected renewal rates, or selection of a target price or new pricing model that is not optimal and could negatively affect our sales or earnings;

the shift to subscription may create a subscription pricing disadvantage against our competition and increase our loss rates against competition;

if our customers do not renew their subscriptions or do not renew them on a timely basis, our revenues may decline and our business may suffer;

we may incur sales compensation costs at a higher than forecasted rate if the pace of our subscription transition is faster than anticipated; and

our sales force may have difficulty with the transition which may lead to increased turnover rates and lower headcount.

If we are required to and fail to successfully manage any changes to our business model, including the transition of our products to subscription services, our results of operations could be harmed.

In February 2021, we announced our intention to transition from perpetual licenses to a subscription-based sales model. This adjustment to our business model requires a considerable investment of technical, financial, legal and sales resources. We may assume greater responsibilities for implementation related services during this transition. As a result, we may face risks associated with new and complex implementations, the cost of which may differ from original estimates. As a result of the transition to a subscription-based sales model, we may experience consequences such as monetary credits for current or future service engagements, reduced fees for additional product sales and refusal by our customers to pay contractually-obligated subscription or service fees.

Our failure in transitioning our business model to be primarily subscription may adversely affect valuation methods applied by investors and analysts on our enterprise value.

Enterprise valuation methods, may be applied differently on enterprises that are operating primarily under a subscription based recurring revenue model than an enterprise that is operating primarily under a perpetual license sales model. Investors and/or analysts applying valuation methods to our company under the assumption that we will be successful with transitioning to a primarily subscription based sales model, may have to adversely revise their valuations if we fail to achieve this transition in line with their expectations.

Our business depends substantially on our ability to retain existing customers and expand our offerings to them, and our failure to do so could harm future results of operations.

We generate a significant portion of our revenues from sales to existing customers and our business depends substantially on our ability to retain customers and expand our offerings to them. For example, during the year ended December 31, 2020, we generated approximately 71% of our revenues, excluding maintenance renewals, from sales to existing customers. We offer four products that comprise the Tufin Orchestration Suite: SecureTrack, SecureChange, SecureApp and, as of February 2020, SecureCloud. The majority of our customers initially purchase SecureTrack to monitor part of their networks. Initial product deployments frequently expand across departments, divisions and geographies and result in the purchase of additional products, such as SecureChange and SecureApp. We also expect SecureCloud, which allows for visibility and control of the security posture in cloud-native and hybrid cloud environments, to contribute to our revenues over time. Finally, we introduced the Tufin Marketplace in 2020 as a place where customers can find and deploy applications and extensions that enhance the overall value of their Tufin security policy management implementations. A number of the applications in the Marketplace, including the recently released Vulnerability Mitigation App, require a paid license and are expected to generate revenue in the future.

The rate at which our existing customers purchase additional products and services depends on a number of factors, including the perceived need for additional IT security, our customers’ IT budgets, the efficacy of our solutions, general economic conditions, our customers’ overall satisfaction with our products and services and the continued growth and economic health of our customer base. If our efforts to sell additional products and services to our customers are not successful, our future revenues and operating results will be harmed.

We devote significant efforts to developing and marketing product updates to existing customers and rely on these efforts for a portion of our revenues. This requires a significant investment in building and maintaining customer relationships, as well as significant research and development efforts in order to launch product updates and new products. Our future success depends, in part, on our ability to continue to expand sales of our current product offerings to existing customers, sell additional licenses for our current products to our existing customers and develop and sell new products to existing customers.

10


Our sales cycle is long and unpredictable, which may cause significant fluctuations in our quarterly results of operations.

The timing of our sales and related revenue recognition is difficult to predict because of the length and unpredictability of the sales cycle for our products. We and our channel partners often spend significant time and resources to better educate and familiarize potential customers with the value proposition of our products and platform. Our sales cycle usually lasts several months from proof of concept to purchase order from our customers, and it is often even longer, less predictable and more resource-intensive for larger transactions. Customers may also require additional internal approvals or seek to test our products for a longer trial period before deciding to purchase our solutions. Furthermore, even if we close a large transaction during a given quarter, we may be unable to recognize the revenues derived from such a transaction due to our revenue recognition policy. See “Item 5.A. Operating and Financial Review and Prospects—Operating Results—Application of Critical Accounting Policies and Estimates—Revenue Recognition.”

In addition, in the past, customers have deferred significant purchases to the last quarter of the year when they can determine what amount of their annual budget remains unused. As a result, the timing of individual sales can be difficult to predict. We generally expect an increase in business activity as we approach our fiscal year end in December, driven by our customers’ buying patterns. We believe that these seasonal trends will continue to affect our quarterly results. Large individual sales have, in some cases, occurred in quarters subsequent to those we anticipated or have not occurred at all. The loss or delay of one or more large transactions in a quarter could impact our anticipated results from operations for that quarter and future quarters for which revenues from those transactions are delayed. We may not be able to accurately predict or forecast the timing of sales, which has caused and could again cause our results to vary significantly from our expectations and the expectations of market analysts. In addition, we might devote substantial time and effort to a particular unsuccessful sales effort, and as a result we could lose other sales opportunities or incur expenses that are not offset by an increase in revenue, which could harm our business.

We face competition in the security policy management market in which we operate, and we may lack sufficient financial or other resources to maintain or improve our competitive position.

We face competition in the security policy management market in which we operate. In many cases, our primary competition is in-house, manual, spreadsheet driven processes and home-grown approaches to security management, and we and our channel partners may not be successful in educating and familiarizing potential customers with the value associated with our products and services. Our direct competitors include vendors such as AlgoSec, Inc., FireMon, LLC and Skybox Security LLC that offer solutions that compete with all or some of our products or product features. We also indirectly compete with large security companies that offer a broad array of traditional security management solutions, such as Palo Alto Networks, Inc. and Cisco Systems, Inc., for a share of enterprises’ IT security budgets.

Some of our competitors are large companies that have the technical and financial resources and broad customer bases needed to bring products that are competitive with ours to market and already have existing relationships as a trusted vendor for other products. Such companies may use these advantages to offer products and services that are perceived to be as effective as ours at a lower price or for free as part of a larger product package or solely in consideration for maintenance and professional services fees. As the security policy management market grows, we expect competition to increase in the future from both existing competitors and new companies that may enter our markets. Some of our competitors may develop different products that compete with our current solutions and respond more quickly and effectively than we do to new or changing opportunities, technologies, standards or client requirements, including in cloud-native environments.

Organizations that use other products or home-grown tools may believe that these products or tools are sufficient to meet their security policy management needs or that our products only serve the needs of a portion of the enterprise security market. Accordingly, these organizations may continue allocating their IT budgets for other products, and may not adopt our products. Further, many organizations have invested substantial personnel and financial resources to design and operate their networks and have established deep relationships with other providers of networking and security products. As a result, these organizations may prefer to purchase from their existing suppliers rather than add or switch to a new supplier, such as us, regardless of product performance, features, or greater services offerings or may be more willing to incrementally add solutions to their existing security infrastructure from existing suppliers than to replace it wholesale with our solutions.

Our current and potential competitors may also establish cooperative relationships among themselves or with third parties that may further enhance their resources. For instance, in February of 2020, a direct competitor of ours, AlgoSec, Inc., announced that they have entered into an agreement with Cisco Systems Inc. in which AlgoSec’s products were listed in Cisco’s price list and can be sold by some of Cisco’s sales force, expanding AlgoSec’s potential market reach. Current or potential competitors may be acquired by third parties with greater available resources. As a result of such acquisitions, our current or potential competitors might be able to adapt more quickly to new technologies and customer needs, devote greater resources to the promotion or sale of their products and services, initiate or withstand substantial price competition, take advantage of other opportunities more readily or develop and expand their product and service offerings more quickly than we do.

11


The recent decrease to our revenue may be indicative of our future performance.

For the years ended December 31, 2019 and 2020, our revenues were $103.3 million and $100.8 million, respectively, representing a year-over-year decrease of 2%. While in the year ended December 31, 2019 we reported a revenue growth rate of 22%, our revenue decreased in the year ended December 31, 2020, which may be indicative of our future performance and we may not return to our growth rate trajectory reported in prior fiscal periods. Factors that could impact our ability to return to positive revenue growth include the impact of COVID-19 on customer demand for our products and services, the unsuccessful transition to a subscription-based business model, our ability to increase the size or efficiency of our sales force, which has expanded rapidly in recent years, our ability to achieve repeat purchases by existing customers, our ability to successfully compete with other companies and the extent to which we are successful in securing large-scale deployments, particularly among our large, Global 2000 customers. If we are unable to increase revenues, our share price could experience volatility, and our ability to achieve and maintain profitability could be adversely affected.

Our business and operations have slowed down in relation to recent periods of growth, and if we do not appropriately manage our current business and operations, our results of operations may not return to previous growth rates and outputs.

During previous fiscal periods, we experienced growth that placed significant demands on our management, administrative, operational and financial infrastructure. During the year end December 31, 2020, we were required to adapt to a variety of challenging economic conditions, including COVID-19 which triggered certain cost reduction initiatives, including workforce reduction, as well as increasing recruitment efforts initiated by competitors, threatening both our ability to maintain current talent and hire potential talent. Specifically, as of December 31, 2020, we had 533 employees and contractors compared to 568 as of December 31, 2019. While we expect that the transition to a subscription-based business model will have a positive impact on our business in the long-term, we cannot guarantee that our business and operations will return to the growth rates experienced in previous fiscal periods.

Our success and return to previous growth rates will depend in part upon, among other things, our ability to manage and increase the productivity of our existing employees, particularly our sales force, and hire, train, and manage new employees and expand our network of channel partners. To manage the domestic and international growth of our operations and personnel, we will need maintain or to continue to improve our operational, financial, and management controls, as well as our reporting processes and procedures.

These additional investments will increase our operating costs, which will make it more difficult for us to offset any future revenue shortfalls by reducing expenses in the short term. We may not be able to successfully acquire or implement these or other improvements to our systems and processes in an efficient or timely manner, or once implemented, we may discover deficiencies in their capabilities or effectiveness. We may experience difficulties in managing improvements to our systems and processes or in integrating with third-party technology. In addition, our systems and processes may fail to prevent or detect errors, omissions or fraud. Our failure to improve our systems and processes, or their failure to operate effectively and in the intended manner, may result in the disruption of our current operations and customer relationships, our inability to manage the growth of our business and our inability to accurately forecast and report our revenues, expenses and earnings, any of which may materially harm our business, results of operations, prospects and financial condition.

We have a history of losses, and we may not be able to generate sufficient revenues to achieve and sustain profitability.

We have incurred net losses in each period since our inception, including net losses of $28.1 million and $35.4 million for the years ended December 31, 2019 and 2020, respectively. As of December 31, 2020, our accumulated deficit was $103.8 million. We expect our operating expenses to increase significantly as we continue to expand our sales and marketing efforts, in part, by building our sales platforms, continue to devote significant research and development resources to our solutions and continue to expand our operations in existing and new geographies and vertical markets. Given that we reported a year-over-year decrease in revenues for 2020, we may continue to generate losses. In addition, as we transition to a subscription-based business model, our revenues and cash flows may fluctuate more than anticipated over the short-term. We cannot assure investors that we will achieve profitability in the future or that, if we do become profitable, we will be able to sustain profitability.

We are subject to a number of risks associated with international sales and operations.

We operate a global business with offices located primarily in Israel and the United States. In the year ended December 31, 2020, we generated 54%, 40% and 6% of our revenues from customers in the Americas, EMEA and APAC, respectively. Business practices in the international markets that we serve may differ from those in the United States and may require us to include non-standard terms in customer contracts, such as extended payment or warranty terms. To the extent that we enter into customer contracts that include non-standard terms related to payment, warranties, or performance obligations, our results of operations may be adversely impacted.

Additionally, our international sales and operations are subject to a number of risks, including the following:

greater difficulty in enforcing contracts and managing collections, as well as longer collection periods;

higher costs of doing business internationally, including costs incurred in establishing and maintaining office space and equipment for our international operations;

management communication and integration problems resulting from cultural and geographic dispersion;

risks associated with trade restrictions and foreign legal requirements, including any importation, certification, and localization of our platforms that may be required in foreign countries;

12


greater risk of unexpected changes in regulatory practices, tariffs and tax laws and treaties;

compliance with anti-bribery laws, including, without limitation, compliance with the U.S. Foreign Corrupt Practices Act, the bribery sections of the Israeli Penal Law, 5737-1977 and the U.K. Bribery Act;

heightened risk of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of, or irregularities in, financial statements;

the uncertainty of protection for intellectual property rights in some countries;

general political and economic conditions, including due to the impact of COVID-19, in these foreign markets; and

double taxation of our international earnings and potentially adverse tax consequences due to changes in the tax laws of the United States, Israel or the other jurisdictions in which we operate.

These and other factors could harm our ability to generate future international revenues and, consequently, materially impact our business, results of operations and financial condition.

If third-party applications and network products change such that we do not or cannot maintain the compatibility of our platforms and solutions with these applications and products, or if we fail to provide integrations that our customers desire, demand for our solutions and platforms could decline.

The attractiveness of our platforms depends, in part, on our ability to integrate with third-party applications and network products that our customers use or desire to use. Third-party providers may change the features of their applications and platforms or alter the terms governing use of their applications and platforms in an adverse manner. Further, third-party application providers may refuse to partner with us, or limit or restrict our access to their applications and platforms. Such changes could functionally limit or terminate our ability to use these third-party applications and systems with our platform, which could negatively impact our offerings and harm our business. If we fail to integrate our platforms with new third-party applications that our customers desire, or to adapt to the requirements of such third-party applications and platforms, we may not be able to offer the functionality that our customers expect, which would negatively impact our ability to retain current customers or obtain new customers. As a result, our offerings and, consequently, our business, could be adversely harmed.

If our products and services do not effectively interoperate with our customers’ existing or future IT infrastructures, deployments and integrations could be delayed or canceled, which would harm our business.

Our products and services must effectively interoperate with our customers’ existing or future IT infrastructure, which often has different specifications, utilizes multiple protocol standards, deploys products from multiple vendors and contains multiple generations of products that have been added over time. As a result, when problems occur in a network, it may be difficult to identify the sources of these problems. If we find errors in the existing software or defects in the hardware used in our customers’ infrastructure or problematic network configurations or settings, we may have to modify and improve our software so that our products will integrate with our customers’ infrastructure. In such cases, our products may be unable to support some of the configurations or protocols used in our customers’ infrastructure. These issues could cause longer deployment and integration times for our products and could cause order cancelations, either of which would adversely affect our business, results of operations and financial condition. Additionally, any changes in our customers’ IT infrastructure that degrade the functionality of our products or services but which are better supported by competitive software, could adversely affect the adoption and usage of our products.

Because we derive most of our revenues from sales of licenses and maintenance for SecureTrack, SecureChange and SecureApp, which belong to a single platform of products – the Tufin Orchestration Suite – the failure of these products to satisfy customers or to achieve increased market acceptance would adversely affect our business.

In the fiscal year ended December 31, 2020, we generated most of our revenues from sales of licenses and maintenance for SecureTrack, SecureChange and SecureApp. We recently introduced SecureCloud and the Tufin Marketplace apps to the market, and have not yet derived significant revenues from the sales of these products and applications. We expect to continue to derive a majority of our revenues from license and maintenance sales relating to the Tufin Orchestration Suite in the future. As such, market acceptance of this platform of products is critical to our continued success. Demand for licenses for the Tufin Orchestration Suite is affected by a number of factors, some of which are outside of our control, including continued market acceptance of our software by our customers and potential customers, the viability of existing and new use cases, technological change and growth or contraction in our market. If we are unable to continue to meet customer demands or to achieve more widespread market acceptance of our software, our business, operations, financial results and growth prospects will be materially and adversely affected.

13


If we are unable to increase market awareness of our company and our solutions, or fail to successfully promote or protect our brand, our competitive market position and revenues may not continue to grow or may decline.

We believe that improved awareness of our brand and the value proposition of our solutions will be essential to our continued growth and our success. Many factors, some of which are beyond our control, are important to maintaining and enhancing our brand, including our ability to increase awareness among existing and potential channels partners through various means of marketing and promotional activities. For example, as a result of various restrictions implemented by governments across the globe as a response to COVID-19, we were compelled to adjust the way in which we market and sell our products, either by way of virtual conferences or otherwise. We cannot guarantee that we will be successful in our transition to a more virtually-inclined marketing and sales model, and if unsuccessful our results of operations may be materially and adversely affected. If our marketing efforts are unsuccessful in improving market awareness of our brand and our solutions, then our business, results of operations, prospects, and financial condition will be adversely affected, and we will not be able to achieve sustained growth.

Moreover, due to the intensely competitive nature of our market, we believe that building and maintaining our brand and reputation is critical to our success and that the importance of positive brand recognition will increase as competition in our market may further intensify. While we believe that we are successfully building a well-established brand and have invested and expect to continue to invest substantial resources to promote and maintain our brand, both domestically and internationally, there can be no assurances that our brand development strategies will enhance our reputation or brand recognition or lead to increased revenue.

Furthermore, an increasing number of independent industry analysts and researchers, such as Gartner, IDC and 451 Research LLC, regularly evaluate, compare and publish reviews regarding the functionality of security products and services, including our solutions. These reviews may significantly influence the market perception of our solutions. We do not have any control over the content of these independent industry analysts and researchers’ reports, and our reputation and brand could be harmed if they publish negative reviews of our solutions or do not view us as a market leader. The strength of our brand may also be negatively impacted by our competitors’ marketing efforts, which may include incomplete, inaccurate and misleading statements about our business, products and services. If we are unable to maintain a strong brand and reputation, sales to new and existing customers could be adversely affected, and our financial performance could be harmed.

Our business and reputation could be harmed based on real or perceived shortcomings, defects or vulnerabilities in our solutions or the failure of our solutions to meet customers’ expectations.

Our products are designed to assist customers in the management of their IT networks, enhance visibility and control across their networks, ensure compliance with security standards and embed security enforcement into their workstreams. However, despite the implementation of security measures, the solutions we sell to customers, including our cloud-based solutions, could contain vulnerabilities that are not capable of being remedied or detected until after their deployment. If we fail to update our products to remedy, detect or prevent such threats, our business and reputation will suffer. Moreover, as our solutions are adopted by an increasing number of enterprises and governmental entities, including the U.S. federal government, cyberattackers may focus on finding ways to defeat our solutions. The data stored in our products’ database is highly sensitive, and includes our customers’ current enterprise-wide network configuration and security policies. If our products’ security configuration is breached, this data could be used by malicious actors, including external hackers and rogue employees within our customers’ organizations, to plan how they could effectively traverse our customers’ networks and gain unauthorized access to critical systems and data. A breach or theft of our customers’ sensitive business data, regardless of whether the breach or theft is attributable to the failure of our products, could adversely affect the market’s perception of the efficacy of our solutions and current or potential customers may look to our competitors for alternatives to our solutions. The failure of our products may also subject us to lawsuits and financial losses stemming from indemnification of our partners and other third parties, as well as the expenditure of significant financial resources to analyze, correct or eliminate any vulnerabilities. Although we seek to limit our financial exposure in such circumstances through caps on our indemnification obligations to customers, customers may litigate the enforceability of such caps and it is possible that such litigation may be successful in certain circumstances. Any such event could also cause us to suffer reputational harm, lose existing customers or deter them from purchasing additional products and services and prevent new customers from purchasing our solutions.

If we fail to maintain successful relationships with our channel partners, or if our channel partners fail to perform, our ability to market, sell and distribute our solutions will be limited, and our business, financial position and results of operations will be harmed.

We sell our products and services through our sales force, including our field sales team and our inside sales team, which works closely with our global network of over 150 active channel partners as of December 31, 2020. Our channel partners include distributors and resellers, as well as service delivery partners that help customers successfully deploy, configure, customize and maintain our products and services. Our channel partners fulfill orders constituting substantially all of our revenues. Certain of our new customer leads are generated by our channel partners. For the years ended December 31, 2019 and 2020, our two largest channel partners accounted for 15% and 9% of our revenues and 15% and 10% of our revenues, respectively. Our agreements with these channel partners provide that each partner agrees to sell and distribute our products within certain territories for one year. These agreements are nonexclusive and non-transferable, and automatically renew unless terminated by either party after providing prior written notice. As of December 31, 2020, three of our channel partners accounted for 10% or more of our accounts receivable, accounting for an aggregate of 39% of our accounts receivable. Our engagements with these channel partners are generally based on separate contractual relationships with different business units across multiple jurisdictions rather than on a single agreement.

14


As a result of this concentration, if a channel partner ceases to perform services for us, we may face disruptions in deploying solutions to our customers. Additionally, we are exposed to the credit risk of our channel partners in the event they become insolvent while owing us payment. If our channel partners do not effectively provide support to the satisfaction of our customers, we may be required to provide additional support to such customers, which would require us to invest in additional personnel and may require us to devote significant time and resources and divert attention away from other customers or opportunities. If our channel partners do not effectively market and sell our solutions, or choose to use greater efforts to market and sell the products and services of our competitors, our ability to grow our business may be adversely affected.

Our relationships with channel partners have been, and could in the future be, terminated with little or no notice if they become subject to bankruptcy or other similar proceedings. The loss of our major channel partners, the inability to replace them or the failure to recruit additional channel partners could materially and adversely affect our results of operations. If we are unable to maintain our relationship with channel partners or otherwise develop and expand our sales channels, or if our channel partners fail to perform, our business, financial position and results of operations could be adversely affected.

Our increasing focus on expanding security policy management to cloud-native environments presents execution and competitive risks.

While many organizations see the cloud as a scalable extension of their existing data center, some are adopting the DevOps approach to cloud application development. Pricing and delivery models are evolving. Different usage models and network security architectures in the cloud influence customers’ choice of cloud-based security products. Our ecosystem must continue to evolve with this changing environment. We plan to devote significant resources to develop and deploy our cloud-based strategies. Unlike traditional enterprise applications, in which every connectivity change is controlled and managed by IT, in cloud-native environments, the developers and DevOps engineers typically have administrative rights over the infrastructure. The connectivity decisions and changes made by developers in cloud-native applications can have an immediate impact on the organization’s security posture, with little or no oversight by the security team. Our success in developing cloud-native solutions is connected with the fragmentation of enterprise networks between on-premise networks and the cloud environment, the growing use of cloud infrastructure and cloud-native development environments and the level of adoption of cloud platforms such as such as Google Cloud, Amazon Web Services, or AWS, Microsoft Azure, Check Point and Palo Alto.

We may not establish sufficient market share to achieve the scale necessary to achieve our business objectives. If we are not effective in executing organizational and technical changes to increase efficiency and accelerate innovation, or if we fail to generate sufficient usage of our new products and services, we may not grow revenues in line with the infrastructure and development investments described above.

If our maintenance or professional services are not satisfactory to our customers, they may not renew their maintenance or professional services contracts, which could adversely affect our future results of operations.

Our customers depend in large part on customer support delivered through our channel partners or by us to resolve issues relating to the use of our solutions. Our agreements with customers typically provide certain service level commitments, including with respect to initial response time for support. Our business relies on our customers’ satisfaction with the technical maintenance and support and professional services we provide to support our products. While the majority of our software is sold under perpetual license agreements, all of our maintenance and professional services contracts are sold on a term basis. Our customers typically purchase one or three years of software maintenance in addition to their initial purchase of our products, with an option to renew their maintenance contracts. In order for us to maintain and improve our results of operations, it is important that our existing customers renew their maintenance contracts when the term expires. For example, for each of the years ended December 31, 2019 and 2020, our maintenance renewal rate was over 90%. Maintenance and support revenues have increased as a percentage of our revenues in each of these years.

The failure of our customers to correctly use our solutions, or our failure to effectively assist customers in deploying and integrating our solutions and providing effective ongoing support, may result in an increase in the vulnerability of our customers’ networks and their sensitive business data. If we fail to provide technical support services that are responsive, satisfy our customers’ expectations and resolve issues that they encounter with our products and services, then they may elect not to renew annual maintenance and support contracts and they may choose not to purchase additional products and services from us. Accordingly, our failure to provide satisfactory technical support or professional services could lead our customers not to renew their agreements with us or renew on terms less favorable to us, and therefore have a material and adverse effect on our business and results of operations.

We depend on a single third-party hardware manufacturer for the hardware that we use to fulfill certain orders for our software licenses, and delays or disruptions in fulfilling such orders could materially and adversely impact our operations.

We depend on a single third-party manufacturer to supply the computer hardware on which our licensed software is installed for certain customers. Specifically, when placing an order, a customer may elect to download our software onto its own computer hardware that meets our specifications or purchase computer hardware from us with our software pre-installed. In the years ended December 31, 2019 and 2020, transactions in which customers purchased software pre-installed on computer hardware that we supplied accounted for 28% and 21%, respectively, of our sales. Our computer hardware supplier fulfills our requirements on a purchase order basis and we hold only limited inventory. We do not have a long-term contract with the supplier that guarantees capacity or the continuation of particular pricing terms. There are alternative suppliers for the computer hardware, but that hardware would initially not be optimized for our software. Furthermore, in the event of a disruption in supply, we would need to inform customers with pending orders regarding the change in hardware and offer them the choice of supplying their own hardware or using alternate hardware that we would supply, both of which may cause delays in the timely fulfillment of their orders. This could have a material adverse effect on our business and results of operations.

15


Our business depends, in part, on sales to the public sector, and significant changes in the contracting or fiscal policies of the public sector could have an adverse effect on our business.

We derive a portion of our revenues from sales of our solutions to federal, state, local and foreign governments, and we believe that the success and growth of our business will continue to depend in part on our successful procurement of government contracts. Factors that could impede our ability to maintain or increase the amount of revenues derived from government contracts include:

changes in fiscal or contracting policies;

decreases in available government funding;

changes in government programs or applicable requirements;

the adoption of new laws or regulations or changes to existing laws or regulations; and

potential delays or changes in the government appropriations or other funding authorization processes.

The occurrence of any of the foregoing could cause governments and governmental agencies to delay or refrain from purchasing our solutions or otherwise have an adverse effect on our business, operating results and financial condition.

Legal, Regulatory and Security Risks

Our business and reputation could be harmed if cybersecurity risks materialize.

Our customers face increasingly sophisticated and targeted cyberthreats, including as a result of the increase in remote working arrangements due to COVID-19. Many of our enterprise customers are experiencing more cyberthreats as enterprise networks are becoming increasingly fragmented with firewalls from different vendors, public and private clouds and microservices in containers.

While our products and services specifically aim to offer solutions to these risks, they may nevertheless contain vulnerabilities to such threats, which are a growing and evolving risk and are often difficult or impossible to detect for long periods of time or to successfully defend against. Successful attacks, whether through external or internal actors, could harm the confidentiality, integrity and availability of personal data and other sensitive information, as well as the integrity and availability of our systems, products and services in a manner that could materially and adversely affect our business. Because techniques used to obtain unauthorized access or sabotage systems change frequently and generally are not identified until they are launched against a target, we may be unable to anticipate these techniques or to implement adequate preventative measures. In addition, such a security breach could impair our ability to operate our business, including our ability to provide maintenance and support services to our customers. If this happens, our revenues could decline and our business could suffer. In addition, if we suffer a highly publicized security breach, even if our platform and solutions perform effectively, such a breach could cause us to suffer reputational harm, lose existing commercial relationships and customers or deter customers from purchasing additional solutions and prevent new customers from purchasing our solutions.

We are subject to data protection and privacy laws, regulations, standards, and contractual obligations, the breach of which could subject us to fines and harm our reputation.

We are subject to an expanding number of domestic, international and contractual legal requirements regarding privacy, personal data rights and data protection ("Applicable Data Obligations"). The Applicable Data Obligations continue to evolve and address a range of issues, including restrictions or technological requirements regarding the collection, use, storage, protection, retention, and transfer of personal data. Violation of the Applicable Data Obligations could result in substantial fines, penalties and related defense costs. For example, the GDPR provides for penalties that could reach the greater of 20 million Euros or 4% of a company’s worldwide annual turnover for the most serious violations, as well as the right to compensation for financial or non-financial damages claimed by individuals under Article 82 of the GDPR.

Additionally, we are also subject to the California Consumer Privacy Act (“CCPA”), which came into effect in January 2020 and imposes heightened transparency obligations, adds restrictions on the “sale” of personal information, and creates new data privacy rights for California residents and carries significant enforcement penalties for non-compliance. The California Attorney General enforces the CCPA and can seek an injunction and civil penalties up to $7,500 per intentional violation and $2,500 per other violation. The CCPA also provides California consumers a private right of action for certain data breaches where they can recover up to $750 per incident, per consumer or actual damages, whichever is greater, and which is expected to increase data breach litigation. The CCPA may require us to modify our data practices and policies and to incur substantial costs and expenses in order to comply.

16


On November 3, 2020, California voters passed the California Privacy Rights Act (“CPRA”) into law, which will take effect in January 2023 and will significantly modify the CCPA, potentially resulting in further uncertainty and requiring us to incur additional costs and expenses in an effort to comply. More generally, some observers have noted the CCPA and CPRA could mark the beginning of a trend toward more stringent U.S. federal privacy legislation, which could increase our potential liability and adversely affect our business.

In addition, we are also subject to the Israeli Privacy Protection Law 5741-1981 (the “PPL”), and its regulations, including the Israeli Privacy Protection Regulations (Data Security) 2017 (“Data Security Regulations”, and collectively "Israeli Law"), which impose obligations with respect to the manner personal data is processed, maintained, transferred, disclosed, accessed and secured, as well as the guidelines of the Israeli Privacy Protection Authority. Failure to comply with the Israeli Law may expose us to administrative fines, civil claims (including class actions), and in certain exceptional and unusual circumstances, criminal liability. The Israeli Privacy Protection Authority may initiate administrative inspection proceedings, from time to time, without any suspicion of any particular breach of the PPL, as the Authority has done in the past with respect to dozens of Israeli organizations in various sectors. In addition, to the extent that any administrative supervision procedure is initiated by the Israeli Privacy Protection Authority that reveals certain irregularities with respect to our compliance with the PPL, in addition to our exposure to administrative fines, civil claims (including class actions) and in certain cases criminal liability, we may also need to take certain remedial actions to rectify such irregularities, which may increase our costs.

Any failure or perceived failure by us to comply with our posted privacy policies, our privacy-related obligations to users or other third parties, or any other legal obligations or regulatory requirements relating to privacy, data protection, or data security, may result in governmental investigations or enforcement actions, litigation, claims, or public statements against us by consumer advocacy groups or others and could result in significant liability, cause our users to lose trust in us, and otherwise materially and adversely affect our reputation and business.

These and other legal requirements may be interpreted and enforced in a manner that is inconsistent with our existing practices or the features of our products and services. We may also be subject to claims of liability or responsibility for the actions of third parties with whom we interact or upon whom we rely in relation to various products and services, including our channel partners. In addition to the possibility of our being subject to enforcement actions, fines, lawsuits and other claims with respect to these and other legal requirements, we could be required to fundamentally change our business activities and practices or modify our products and services, which could have an adverse effect on our business. Any inability to adequately address customer privacy and data protection concerns, even if unfounded, or to comply with Applicable Data Obligations, could result in additional cost and liability to us, damage our reputation, inhibit sales and adversely affect our business.

Our use of open source software could negatively affect our ability to sell our software and subject us to possible litigation.

We use open source software in our products and our development environments and expect to continue to use open source software in the future. Open source software is typically provided without warranties or assurances of any kind. Some open source licenses contain requirements that the users of such software make available source code for modifications or derivative works we create based upon the open source software used, and many open source licenses include provisions that have not been interpreted by the courts. We monitor and control our use of open source software in an effort to avoid unanticipated conditions or restrictions on our ability to successfully commercialize our products and solutions. We believe that our compliance with the obligations under the various applicable licenses has mitigated the risks that we would trigger any such conditions or restrictions. However, such use may have inadvertently occurred in the development and offering of our products and solutions. If we combine our proprietary software with open source software in a certain manner that is not intended under our policies or monitoring practices, we could, under certain open source licenses, be required to release the source code of our proprietary software to the public. This would allow our competitors to create similar products quickly with lower development effort and ultimately could result in a loss of sales for us.

The terms of many open source software licenses have not been interpreted by U.S. or foreign courts, and there is a risk that, once interpreted, those licenses could be construed in a manner that imposes unanticipated conditions or restrictions on our ability to successfully commercialize our products and solutions. For example, certain open source software licenses may be interpreted to require that we offer our products or solutions that use the open source software for no cost; that we make available the source code for modifications or derivative works we create based upon, incorporating or using the open source software (or that we grant third parties the right to decompile, disassemble, reverse engineer or otherwise derive such source code); that we license such modifications or derivative works under the terms of the particular open source license; or that otherwise impose limitations, restrictions or conditions on our ability to use, license, host or distribute our products and solutions in a manner that limits our ability to successfully commercialize our products.

This potential litigation could require us to purchase costly licenses or devote additional research and development resources to change our products or services, either of which would have a negative effect on our business and results of operations. In addition, if the license terms for the open source software we utilize change, we may be forced to reengineer our offerings or incur additional costs. Although we monitor the use and incorporation of open source software into our products, we cannot be certain that we have, in all cases, incorporated open source software in our products in a manner that is consistent with the applicable open source license terms.

17


We may become a party to commercial disputes, claims and legal actions, which are costly and may result in adverse outcomes for us.

Third parties may bring legal actions against us. Such actions, even if without merit, could harm our business. Although we have contractual protections, such as warranty disclaimers and limitation of liability provisions in our standard terms and conditions of sale (and we seek to include those protections when negotiating third party terms and conditions), they may not fully or effectively protect us from claims by customers, commercial relationships or other third parties.

In addition, we may become subject to disputes with customers over the terms of our agreements with them. Our agreements with certain larger customers grant those specific customers the right to use our software for specific purposes or within a specific scope. From time to time, we have disagreed with customers over the interpretation of those agreements. Such disagreements may harm our relationships with customers and could ultimately result in legal proceedings.

The results of complex legal proceedings, whether bought by us or by others against us, are difficult to predict. An unfavorable resolution of any lawsuit could adversely affect our business, results of operations, prospects or financial condition. Any insurance coverage that we have may not adequately cover all claims asserted against us, or may cover only a portion of such claims. In addition, even if claims do not result in litigation or ultimately are resolved in our favor, such claims could result in our expenditure of funds in litigation, and divert management’s time and other resources. Litigation in general and securities litigation in particular, can be expensive, lengthy and disruptive to normal business operations. For example, we are subject to putative class action lawsuits in New York state court alleging federal securities law violations in connection with our initial public offering, as well in the Southern District of New alleging federal securities law violations in connection with our initial public offering and secondary public offering. Based on information currently available and the current stage of the litigation, we are unable to reasonably estimate a possible loss or range of possible losses, if any, with regard to these claims. Our business, results of operations, and financial condition could be materially and adversely affected by such costs and any unfavorable outcomes in current or future litigation.

If our products fail to help our customers achieve and maintain compliance with government regulations and industry standards, our business and results of operations could be materially adversely affected.

We generate a substantial portion of our revenues from our products and services because they help our customers achieve and maintain compliance with government regulations and industry standards, and we expect that will continue for the foreseeable future. Industry standards may change with little or no notice, including changes that could make them more or less onerous for businesses. Governments may also adopt new laws or regulations, or make changes to existing laws or regulations, that could impact whether our solutions enable our customers to maintain compliance with such laws or regulations. Examples of industry and government regulations include the Payment Card Industry Data Security Standard, or PCI-DSS, the Sarbanes-Oxley Act, the North American Electric Reliability Corporation Critical Infrastructure Protection standards, or NERC-CIP, the General Data Protection Regulation, or GDPR, the NIST Cybersecurity Framework and the Health Insurance Portability and Accountability Act of 1996, or HIPAA. If we are unable to adapt our solutions to changing regulatory standards in a timely manner, or if our solutions fail to expedite our customers’ compliance initiatives, our customers may lose confidence in our products and could switch to products offered by our competitors. In addition, if regulations and standards related to information security change in a manner that makes them less onerous, our customers may view government and industry regulatory compliance as less critical to their businesses, and our customers may be less willing to purchase our products and services. In either case, our sales and financial results would suffer.

We are subject to governmental export and import controls that could subject us to liability in the event of non-compliance or impair our ability to compete in international markets.

We incorporate encryption capabilities into certain of our products and these products thus may be subject to U.S. export control requirements. We are also subject to Israeli regulations controlling the use, import and export of encryption technology since our product development initiatives are primarily conducted in Israel. In December 2013, regulations under the Wassenaar Arrangement for the first time included a chapter on cyber-related matters. We believe that our products do not fall under this chapter; however, in the future we may become subject to this regulation or similar regulations, which would limit our sales and marketing activities and could therefore have an adverse effect on our results of operations. We have satisfied U.S. and Israeli export control requirements to export our products to most customers and jurisdictions outside of the United States and Israel, and we have satisfied other provisions of Israeli law governing the use of encryption technology. If the applicable U.S. and Israeli requirements regarding the export of encryption software or technology change or if we change the encryption means in our products or technology, we may need to satisfy additional requirements in the United States or Israel. Furthermore, various other countries regulate the import of certain encryption products and technology, including import permitting and licensing requirements, and have enacted laws that could limit our ability to distribute our products or could limit our customers’ ability to implement our products in those countries.

We are also subject to U.S. and Israeli export control and economic sanctions laws, which prohibit the shipment of certain products to embargoed or sanctioned countries and regions, governments and persons. Our products and technologies could be exported to these sanctioned targets by our channel partners despite the contractual undertakings they have given us and any such export could have negative consequences, including government investigations, penalties and reputational harm. Any change in export or import regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential customers with international operations. Any decreased use of our products or limitation on our ability to export or sell our products would likely adversely affect our business, financial condition and results of operations.

18


In addition, in the future we may be subject to defense-related export controls. For example, currently our solutions are not subject to supervision under the Israeli Defense Export Control Law, 5767-2007, or the Import and Export Decree (Export Control over Dual Use Goods, Services and Technology), 5766-2006, but if the definitions of regulated cybersecurity are changed and our products are becoming classified as defense-related, we would become subject to such regulation. In particular, under the Defense Export Control Law, an Israeli company may not conduct “defense marketing activity” without a defense marketing license from the Israeli ministry of defense and may be subject to a requirement to obtain a specific license from the Israeli ministry of defense for any export of defense-related products, services and/or know-how. The definition of defense marketing activity is broad and includes any marketing of “defense equipment, services and/or know-how” outside of Israel or to a non-Israeli, which includes dual-use equipment, services and/or know-how (equipment, services and/or know-how that can be used for civilian or defensive purposes such as our cybersecurity solutions) that is specified in the list of Goods and Dual-Use Technology annexed to the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies, if intended for defense use or defense user only, or is specified under Israeli legislation. Similar issues could arise under the U.S. defense/military export controls under the Arms Export Control Act and the International Traffic in Arms Regulations.

Requirements associated with being a public company in the United States require significant resources and management attention.

Requirements associated with being a public company in the United States require significant resources and management attention. We are subject to certain reporting requirements of the Securities Exchange Act of 1934, or the Exchange Act, and the other rules and regulations of the Securities and Exchange Commission, or the SEC, and the New York Stock Exchange, or the NYSE. We are also subject to various other regulatory requirements, including under the Sarbanes-Oxley Act. We expect these rules and regulations to continue to increase our legal, accounting and financial compliance costs and to continue to make some activities more time-consuming and costly. We cannot predict or estimate the amount of additional costs we will continue to incur as a public company or the timing of such costs.

In the first quarter of 2019, we implemented a new ERP system to provide for greater depth and breadth of functionality and effectively manage our business data, communications, operations and other business processes. A failure of this system to perform as we anticipate may result in transaction errors, processing inefficiencies and sales losses, may harm our ability to fulfill our contractual and performance obligations, may harm our ability to accurately forecast sales demand and file reports with the SEC on a timely and accurate basis. In addition, due to the systemic internal control features within ERP systems, we may experience difficulties that may affect our internal control over financial reporting, which may create a significant deficiency or material weakness in our overall internal controls. The risks associated with a new ERP system are greater for us as we plan to expand our operations.

In addition, complying with these rules and regulations and the increasingly complex laws pertaining to public companies requires substantial attention from our senior management, which could divert their attention away from the day-to-day management of our business. These cost increases and the diversion of management’s attention could disrupt our operations and materially and adversely affect our business, financial condition and results of operations. We will also need to continue to hire additional personnel to support our financial reporting function, and may face challenges in doing so.

We are subject to governmental export and import controls that could subject us to liability in the event of non-compliance or impair our ability to compete in international markets.

We incorporate encryption capabilities into certain of our products and these products thus may be subject to U.S. export control requirements. We are also subject to Israeli regulations controlling the use, import and export of encryption technology since our product development initiatives are primarily conducted in Israel. In December 2013, regulations under the Wassenaar Arrangement for the first time included a chapter on cyber-related matters. We believe that our products do not fall under this chapter; however, in the future we may become subject to this regulation or similar regulations, which would limit our sales and marketing activities and could therefore have an adverse effect on our results of operations. We have satisfied U.S. and Israeli export control requirements to export our products to most customers and jurisdictions outside of the United States and Israel, and we have satisfied other provisions of Israeli law governing the use of encryption technology. If the applicable U.S. and Israeli requirements regarding the export of encryption software or technology change or if we change the encryption means in our products or technology, we may need to satisfy additional requirements in the United States or Israel. Furthermore, various other countries regulate the import of certain encryption products and technology, including import permitting and licensing requirements, and have enacted laws that could limit our ability to distribute our products or could limit our customers’ ability to implement our products in those countries.

We are also subject to U.S. and Israeli export control and economic sanctions laws, which prohibit the shipment of certain products to embargoed or sanctioned countries and regions, governments and persons. Our products and technologies could be exported to these sanctioned targets by our channel partners despite the contractual undertakings they have given us and any such export could have negative consequences, including government investigations, penalties and reputational harm. Any change in export or import regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential customers with international operations. Any decreased use of our products or limitation on our ability to export or sell our products would likely adversely affect our business, financial condition and results of operations.

19


In addition, in the future we may be subject to defense-related export controls. For example, currently our solutions are not subject to supervision under the Israeli Defense Export Control Law, 5767-2007, or the Import and Export Decree (Export Control over Dual Use Goods, Services and Technology), 5766-2006, but if the definitions of regulated cybersecurity are changed and our products are becoming classified as defense-related, we would become subject to such regulation. In particular, under the Defense Export Control Law, an Israeli company may not conduct “defense marketing activity” without a defense marketing license from the Israeli ministry of defense and may be subject to a requirement to obtain a specific license from the Israeli ministry of defense for any export of defense-related products, services and/or know-how. The definition of defense marketing activity is broad and includes any marketing of “defense equipment, services and/or know-how” outside of Israel or to a non-Israeli, which includes dual-use equipment, services and/or know-how (equipment, services and/or know-how that can be used for civilian or defensive purposes such as our cybersecurity solutions) that is specified in the list of Goods and Dual-Use Technology annexed to the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies, if intended for defense use or defense user only, or is specified under Israeli legislation. Similar issues could arise under the U.S. defense/military export controls under the Arms Export Control Act and the International Traffic in Arms Regulations.

Risks Related to Our Intellectual Property and Proprietary Rights

If we are unable to adequately protect our proprietary technology and intellectual property rights, our business could suffer substantial harm.

Our commercial success depends, in part, on our ability to protect our core technologies and other intellectual property assets. We rely on a combination of trade secrets, copyright and trademark laws, confidentiality procedures, technical know-how and continuing innovation to protect our intellectual property and maintain our competitive advantage.

Our software and other proprietary information are protected by copyright on creation. Copyright registrations, which have so far not been necessary, may be sought on an as-needed basis. We also control access to and use of our proprietary software, proprietary technology and other confidential information through the use of internal and external controls, including contractual agreements containing confidentiality obligations with our employees, independent consultants, independent contractors, professional services team, partners and customers. Our confidentiality agreements are designed to protect our proprietary information, and the clauses requiring assignment of inventions are designed to grant us ownership of technologies that are developed through our relationship with the respective counterparty. Despite our efforts to protect our trade secrets and proprietary rights through intellectual property rights, confidentiality agreements and licenses (including non-disclosure and invention assignment agreements), unauthorized parties may still copy or otherwise obtain and use our intellectual property and technology.

In addition, we seek to protect our intellectual property by filing Israeli, U.S. and other foreign patent applications related to our proprietary technology. As of December 31, 2020, we had 14 issued patents in the United States and five issued patents in Israel. We may file additional patent applications in the future. In order to benefit from the protection of patents and other intellectual property rights, we must monitor and detect infringement and pursue infringement claims in certain circumstances in relevant jurisdictions, all of which are costly, time-consuming and uncertain. We may choose not to seek patent protection for certain innovations or in certain jurisdictions. Furthermore, the scope of our issued patents may be insufficient, and they may not provide us with any competitive advantages. Our patents and other intellectual property rights may be challenged by others or invalidated through administrative processes or litigation. In addition, the issuance of a patent does not guarantee that we have an absolute right to practice the patented invention. As a result, we may not be able to obtain adequate protection or effectively enforce our issued patents or other intellectual property rights.

We cannot assure you that the steps taken by us will deter or prevent infringement or misappropriation of our intellectual property or technology. In addition, the laws of some foreign countries where we operate do not protect our intellectual property and technology to as great an extent as the laws of the United States, and many foreign countries do not enforce these laws as diligently as government agencies and private parties in the United States.

We may be subject to intellectual property rights claims by third parties, which may be costly to defend, could require us to pay significant damages and could limit our ability to use certain technologies.

Companies in the software and technology industries, including some of our current and potential competitors, own large numbers of copyrights, trademarks, trade secrets and patents, and frequently enter into litigation based on allegations of infringement, misappropriation or other violations of intellectual property rights. From time to time, third parties may assert their patent, copyright, trademark and other intellectual property rights against us, our channel partners or our customers.

20


Successful claims of infringement or misappropriation by a third-party could prevent us from using or distributing certain products or performing certain services or could require us to pay substantial damages (including, for example, treble damages if we are found to have willfully infringed patents and increased statutory damages if we are found to have willfully infringed copyrights), royalties or other fees. Such claims also could require us to cease making, licensing or using solutions that are alleged to infringe or misappropriate the intellectual property of others, to expend additional development resources to attempt to redesign our products or services or otherwise to develop non-infringing technology, to enter into potentially unfavorable royalty or license agreements in order to obtain the right to use necessary technologies or intellectual property rights, and to indemnify our partners and other third parties, including our customers and channel partners whom we typically indemnify against such claims. Even if third parties may offer a license to their intellectual property, the terms of any offered license may not be acceptable, and the failure to obtain a license or the costs associated with any license could cause our business, results of operations or financial condition to be materially and adversely affected.

We indemnify our channel partners and customers against claims that our products infringe the intellectual property rights of third parties. Defending against claims of infringement or being deemed to be infringing the intellectual property rights of others could impair our ability to innovate, develop, distribute and sell our current and planned products and services. If we are unable to protect our intellectual property and technology and ensure that we are not violating the intellectual property rights of others, we may find ourselves at a competitive disadvantage to others who need not incur the additional expense, time and effort required to create the innovative products that have enabled us to be successful to date.

Risks Related to Our Personnel

We have undergone a recent change to our senior management team and if we are unable to integrate new members of our senior management team, or if we lose the services of any of our senior management or other key personnel, our business, operating results, and financial condition could be adversely affected.

In January 2021, Kevin Maloney resigned from his role as Senior Vice President of Global Sales. Raymond Brancato has been appointed as our Chief Revenue Officer, with Mr. Maloney assisting with the transition through the end of February 2021. This or any other significant leadership change or senior management transition involves inherent risk and any failure to ensure a smooth transition could hinder our strategic planning, business execution and future performance. In particular, this or any future leadership transition may result in a loss of personnel with deep institutional or technical knowledge, and has the potential to disrupt our operations and relationships with employees and customers due to added costs, operational inefficiencies, decreased employee morale and productivity and increased turnover. We must successfully integrate our new leadership team member within our organization to achieve our operating objectives.

If we do not effectively expand, train and retain our sales force, we may be unable to acquire new customers or sell additional products and services to existing customers, and our business will suffer.

Our future success depends, in part, on our ability to expand, train and retain our sales force. Our inability to attract or retain qualified personnel or delays in hiring required sales personnel may seriously harm our business, financial condition and results of operations. Any of our employees may terminate their employment at any time, subject to certain notice requirements. Our ability to attract and retain highly skilled personnel is critical to our future success. Similarly, recently a growing number of Israeli technology companies went public, or elected to initiate the process of going public, which in turn triggered a significant uptick in recruitment efforts, which threatens our ability to maintain our employees and recruit new talent.

In addition, there is intense competition for individuals with sales training and experience. The training and integration of a large number of sales and marketing personnel in a short time requires the allocation of significant internal resources. We invest significant time and resources in training new sales force personnel to understand our solutions and growth strategy. However, there is no guarantee that our recent hires and planned new hires will become as productive as we expect or require, and we may be unable to hire or retain sufficient numbers of qualified individuals in the future in the markets in which we currently operate or where we seek to conduct business. Our failure to hire a sufficient number of qualified sales force members and train them to operate at target performance levels may materially and adversely impact our projected growth rate.

Our ability to enhance our products may be harmed if we are unable to attract and retain sufficient research and development personnel, and if we are unable to generate an adequate return on our investment in research and development.

Our ability to enhance our products may be harmed if we are unable to attract and retain sufficient engineers and research and development personnel. Our principal research and development activities are conducted from our headquarters in Israel, and we face significant competition for suitably skilled engineers and research and development personnel in this region, where the availability of such personnel is limited. We also have a number of employees that work as developers in Bucharest, Romania in order to benefit from the significant pool of talent that is more readily available in this market. Larger companies with whom we compete may expend more resources than we do on employee recruitment and may be able to offer more favorable compensation and incentive packages than us. If we cannot attract or retain a sufficient number of skilled research and development employees, our business, prospects and results of operations could be adversely affected.

21


In order to remain competitive, we expect to continue to dedicate significant financial and other resources to expand upon our research and development teams to assist in developing new solutions, applications and enhancements to our existing products and platforms.

We are dependent on the continued services and performance of our two founders, the loss of either of whom could adversely affect our business.

Our business depends on the continued services and performance of our two founders, Reuven Kitov, our Chief Executive Officer and Chairman of the Board of Directors, and Reuven Harrison, our Chief Technology Officer and a director, due to their relevant experience and skills, to execute on our business plan, and to identify and pursue new opportunities and product innovations. We do not carry key man life insurance on either of Mr. Kitov or Mr. Harrison and, even if we did, such coverage would likely be insufficient to compensate us for the loss of their services due to their industry experience and understanding of our business model. The loss of services of either of Mr. Kitov or Mr. Harrison could significantly delay or prevent the achievement of our development and strategic objectives.

Our corporate culture has contributed to our success, and if we cannot maintain this culture moving forward, including as a result of COVID-19 and related response measures, we could lose the innovation, creativity and teamwork fostered by our culture, which could adversely affect our business.

We believe that our corporate culture has been and will continue to be a key contributor to our future success. As a result of COVID-19 and related response measures, we have transitioned our employees to remote working arrangements and temporarily closed and/or otherwise implemented hybrid remote-work with limited onsite presence in our offices worldwide, which could negatively affect our culture. We continue to plan for the eventual return of employees to our offices, but the working arrangements when we return to the office may differ from the arrangements before COVID-19; we expect that some of our employees may continue to work from home full-time or part-time. The full or partial return to in-office work and the potential transition to permanent remote working arrangements for some employees may result in a deterioration of our corporate culture and other unforeseen challenges. Any failure to preserve our culture could negatively affect our ability to innovate and operate effectively.

In addition, we plan to continue to expand our international operations, which may affect our culture as we seek to find, hire and integrate additional international employees while maintaining our corporate culture. From December 31, 2016 to December 31, 2020, we increased the size of our workforce by 118 employees in Israel and by 157 employees in other countries, representing a 107% increase, and we expect to continue to hire new employees in order to support our growth plans. If we do not continue to maintain our corporate culture as we grow, we may be unable to continue to foster the innovation, integrity and collaboration we believe we need to support our growth. Our anticipated headcount growth, international expansion and our transition from a private company to a public company may result in a change to our corporate culture, which could adversely affect our business.

Risk Related to Our Internal Controls

If we fail to implement and maintain effective internal control over financial reporting, we may be unable to report our financial results accurately or meet our reporting obligations.

We are required to maintain internal control over financial reporting and to report any material weakness in those controls. In connection with the issuance of our consolidated financial statements for each of the years ended December 31, 2017, 2018 and 2019, we identified a material weakness in our internal control over financial reporting that we subsequently remedied. If we identify future material weakness in our internal control over financial reporting or are unable to certify that our internal control over financial reporting is effective pursuant to Section 404 of the Sarbanes-Oxley Act of 2002, we could lose investor confidence in the accuracy and completeness of our financial reports, which could harm our business, the price of our ordinary shares and our ability to access the capital markets.

Risks Related to Our Ordinary Shares

Our share price has been and will likely continue to be volatile, and you may lose all or part of your investment.

Since our initial public offering on April 11, 2019, our ordinary shares have traded as high as $31.04 per share and as low as $5.79 per share through December 31, 2020. On February 19, 2021, the last reported sale price of our ordinary shares was $12.09 per share.

In addition, the market price of our ordinary shares could be highly volatile and may fluctuate substantially as a result of many factors, including:

actual or anticipated fluctuations in our results of operations;

22


variance in our financial performance from the expectations of market analysts;

announcements by us or our competitors of significant business developments, changes in service provider relationships, acquisitions or expansion plans;

changes in the prices of our products and services;

our involvement in litigation;

our sale of ordinary shares or other securities in the future;

market conditions in our industry;

changes in key personnel;

the trading volume of our ordinary shares;

changes in the estimation of the future size and growth rate of our markets; and

general economic and market conditions, including with respect to COVID-19.

In addition, the stock markets have experienced extreme price and volume fluctuations. Broad market and industry factors may materially harm the market price of our ordinary shares, regardless of our operating performance. In the past, following periods of volatility in the market price of a company’s securities, securities class action litigation has often been instituted against that company. For example, we are subject to class action lawsuits in the Supreme Court of the State of New York and the Southern District of New York, alleging federal securities law violations in connection with our initial public offering and additionally, for the federal court claim, our secondary public offering. Based on information currently available and the current stage of the litigation, we are unable to reasonably estimate a possible loss or range of possible losses, if any, with regard to these claims. See “Item 8 A. Financial Information—Consolidated Financial Statements and Other Financial Information—Legal Proceedings.” Low trading volume may also increase the price volatility of our ordinary shares. A thin trading market could cause the price of our ordinary shares to fluctuate significantly more than the stock market as a whole.

An active trading market for our ordinary shares may not continue to develop or be sustained.

In April 2019, we completed our initial public offering. Prior to our initial public offering, there was no public market for our ordinary shares. Although we have completed our initial public offering and our ordinary shares are listed and trading on the NYSE, an active trading market for our ordinary shares may not continue to develop or be sustained, which may impair your ability to sell your ordinary shares at the time you wish to do so or at a price that you consider reasonable. The lack of an active market may also reduce the fair market value of your ordinary shares. An inactive market may also impair our ability to raise capital by selling our ordinary shares and may impair our ability to acquire other companies by using our ordinary shares as consideration.

A small number of significant beneficial owners of our shares have a significant influence over matters requiring shareholder approval, which could delay or prevent a change of control.

As of February 19, 2021, the largest beneficial owners of our shares, entities and individuals affiliated with Marker LLC (“Marker”) and Catalyst Private Equity Partners (Israel) II, Limited Partnership (“Catalyst”) owned 12.2% and 8.7% of our ordinary shares, respectively. As a result, these shareholders individually or collectively could exert significant influence over our operations and business strategy and would have sufficient voting power to influence the outcome of matters requiring shareholder approval. These matters may include:

the composition of our board of directors, which has the authority to direct our business and to appoint and remove our officers;

approving or rejecting a merger, consolidation or other business combination;

raising future capital; and

amending our articles of association, which govern the rights attached to our ordinary shares.

For example, on December 14, 2020, each of Marker and Catalyst separately filed a Schedule 13D with the SEC where they indicated that they intend to engage the Company in order to discuss opportunities to maximize shareholder value, including, but not limited to, the potential sale of all or a portion of their respective investments in the Company or strategic transactions involving the Company.

23


This concentration of ownership of our ordinary shares could delay or prevent proxy contests, mergers, tender offers, open-market purchase programs or other purchases of our ordinary shares that might otherwise give investors the opportunity to realize a premium over the then-prevailing market price of our ordinary shares. This concentration of ownership may also adversely affect our share price. Further, our amended and restated articles of association contain provisions that could make it difficult or expensive for a third party to pursue a tender offer, change in control or takeover attempt that is opposed by our management and board of directors even if such a transaction would be beneficial to our shareholders. We also have a staggered board of directors that could make it more difficult for shareholders to change the composition of our board of directors in any one year. These anti-takeover provisions could substantially impede the ability of public shareholders to change our management or board of directors.

As a foreign private issuer whose shares are listed on the NYSE, we may follow certain home country corporate governance practices instead of otherwise applicable NYSE requirements, which may, in the future, result in less protection than is accorded to investors under rules applicable to domestic U.S. issuers.

As a foreign private issuer whose shares are listed on the NYSE, we may follow certain home country corporate governance practices instead of otherwise applicable NYSE requirements for U.S. domestic issuers. For example, foreign private issuers are permitted to follow home country practices with regard to director nomination procedures and the approval of compensation of officers. Additionally, foreign private issuers are not required to maintain a board comprised of a majority of independent directors. Foreign private issuers are also exempt from NYSE rules that require shareholder approval prior to (i) the adoption or amendment of an equity compensation plan or (ii) the issuance of ordinary shares, or securities convertible into or exercisable for ordinary shares, in private offerings in excess of 20% of a company’s outstanding ordinary shares or voting power, as well as other private offerings to related parties. However, notwithstanding our ability to follow the corporate governance practices of our home country, Israel, we have elected to comply with NYSE corporate governance requirements that are applicable to U.S. domestic issuers. Nevertheless, we may, in the future, decide to rely on foreign private issuer exemptions and follow Israeli home country governance practices in lieu of complying with some or all NYSE corporate governance requirements, which may provide less protection to our investors than is accorded to investors of domestic issuers. See “Item 6.C. Board Practices—Corporate Governance Practices.”

As a foreign private issuer, we are not subject to the provisions of Regulation FD or U.S. proxy rules and are exempt from filing certain reports required pursuant to the Exchange Act

As a foreign private issuer, we are exempt from a number of requirements under U.S. securities laws that apply to public companies that are not foreign private issuers. In particular, we are exempt from the rules and regulations under the Exchange Act, related to the furnishing and content of proxy statements, and our officers, directors and principal shareholders are exempt from the reporting and short-swing profit recovery provisions contained in Section 16 of the Exchange Act. In addition, we are not required under the Exchange Act to file annual and current reports and financial statements with the SEC as frequently or as promptly as U.S. domestic companies whose securities are registered under the Exchange Act and we are generally exempt from filing quarterly reports on Form 10-Q containing unaudited financial and other specified information with the SEC under the Exchange Act. We are also exempt from the provisions of Regulation FD, which prohibits issuers from making selective disclosure of material nonpublic information to, among others, broker-dealers and holders of a company’s securities under circumstances in which it is reasonably foreseeable that the holder will trade in such company’s securities on the basis of the information. Even though we intend to comply voluntarily with Regulation FD, these exemptions and leniencies will reduce the frequency and scope of information and protections to which you are entitled as an investor.

For so long as we qualify as a foreign private issuer, we are not required to comply with the proxy rules applicable to U.S. domestic filers, including the requirement applicable to emerging growth companies to disclose the compensation of our chief executive officer and other two most highly compensated executive officers on an individual, rather than an aggregate, basis. Nevertheless, regulations promulgated under the Israeli Companies Law 5759-1999, or the Companies Law, require us to disclose in the proxy statement for the annual general meeting of our shareholders (or to include a reference therein to other previously furnished public disclosure) the annual compensation of our five most highly compensated executive officers on an individual, rather than an aggregate, basis. This disclosure will not be as extensive as that required of a U.S. domestic issuer. See “Item 6.B. Compensation—Compensation of Directors and Executive Officers.”

In order to maintain our current status as a foreign private issuer, either (i) more than 50% of our outstanding voting securities must be directly or indirectly owned of record by non-residents of the United States or (ii)(a) a majority of our executive officers or directors may not be U.S. citizens or residents, (b) more than 50% of our assets cannot be located in the United States and (c) our business must be administered principally outside the United States. In the event U.S. residents directly or indirectly own more than 50% of our outstanding voting securities, we will cease to qualify as a foreign private issuer if we do not meet the requirements set forth in (ii) above.

Although we have elected to comply with certain U.S. regulatory provisions, our loss of foreign private issuer status would make such provisions mandatory. The regulatory and compliance costs to us under U.S. securities laws as a U.S. domestic issuer would be significantly higher. If we are not a foreign private issuer, we will be required to file periodic reports and registration statements on U.S. domestic issuer forms with the SEC, which are more detailed and extensive than the forms available to a foreign private issuer. We would also be required to follow U.S. proxy disclosure requirements, including the requirement to disclose more detailed information about the compensation of our senior executive officers on an individual basis. We may also be required to modify certain of our policies to comply with good governance practices associated with U.S. domestic issuers. Such conversion and modifications will involve additional costs. In addition, we would lose our ability to rely upon exemptions from certain corporate governance requirements on U.S. stock exchanges that are available to foreign private issuers.

24


The market price of our ordinary shares could be negatively affected by future sales of our ordinary shares.

We have made offerings of our ordinary shares in the past and may do so again in the future. In addition, if our existing shareholders, particularly our largest shareholders, our directors, their affiliates or our executive officers, sell a substantial number of our ordinary shares in the public market, the market price of our ordinary shares could decrease significantly. For instance, if Marker and/or Catalyst determined to sell a portion or all of their holdings in the Company, as disclosed in their respective Schedule 13D filings with the SEC on December 14, 2020, the market price of our ordinary shares could react negatively. The perception in the public market that these shareholders might sell our ordinary shares could also depress the market price of our ordinary shares and could impair our future ability to obtain capital, especially through an offering of equity securities.

As of February 19, 2021, 2,148,289 ordinary shares were reserved for issuance under our equity incentive plans. In addition, our board of directors approved the grant of 1,233,100 RSUs to certain of our employees, which grant became effective on March 1, 2021. Shares issuable under our equity incentive plans have been registered on a Form S-8 registration statement and may be freely sold in the public market upon issuance, except for shares held by affiliates who have certain restrictions on their ability to sell.

We may have exposure to greater tax liabilities than anticipated.

We have endeavored to structure our activities in a manner so as to minimize our and our subsidiaries’ aggregate tax liabilities. However, we have operations in various taxing jurisdictions, and our tax liabilities in one or more jurisdictions could be more than reported in respect of prior taxable periods and more than anticipated in respect of future taxable periods. In this regard, the amount of income taxes that we pay in future taxable periods could be higher if earnings are lower than anticipated in jurisdictions where lower statutory tax rates apply and higher than anticipated in jurisdictions where higher statutory tax rates apply.

In addition, we have entered into transfer pricing arrangements that establish transfer prices for our intercompany operations. However, our transfer pricing procedures are not binding on the applicable taxing authorities. No official authority in any country has made a binding determination as to whether or not we are operating in compliance with its transfer pricing laws. Accordingly, taxing authorities in any of the countries in which we operate could challenge our transfer prices and require us to adjust them to reallocate our income and potentially to pay additional taxes for prior tax periods. For example, the tax authorities in the United States have increased their focus on transfer pricing procedures, which could result in a greater likelihood of a challenge to our transfer pricing arrangements and the risk that we will be required to adjust them and reallocate our income. Such an adjustment could result in a higher effective tax rate than that to which we are currently subject. We expect that the issue of the validity of our transfer pricing procedures will become of greater importance as we continue our expansion in markets in which we currently have a limited presence and attempt to penetrate new markets. Any change to the allocation of our income as a result of reviews by taxing authorities could have a negative effect on our financial condition and results of operations.

Moreover, the determination of our worldwide provision for income taxes and other tax liabilities requires significant judgment and the ultimate tax determination is uncertain for many transactions and calculations. Although we believe our estimates are reasonable, our ultimate tax liability may differ from the amounts recorded in our financial statements and may materially adversely affect our financial condition and results of operations in the period or periods for which such determination is made. We have created reserves with respect to tax liabilities where we believe it to be appropriate. However, there can be no assurance that our ultimate tax liability will not exceed the reserves we have created.

The Base Erosion and Profit Shifting, or BEPS, project undertaken by the Organization for Economic Cooperation and Development, or the OECD, may also have adverse consequences on our tax liabilities. The BEPS project contemplates changes to numerous international tax principles, as well as national tax incentives, and these changes, which are being adopted in different manners by individual countries, could adversely affect our income tax liability. Even as countries translate the BEPS recommendations into specific national tax laws, it remains difficult to predict with accuracy the magnitude of any impact that such new rules may have on our financial results.

In addition, the 2017 Tax Cuts and Jobs Act, or the TCJA, made significant changes to the U.S. Internal Revenue Code, including a reduction in the U.S. federal corporate income tax rate from the previous top marginal rate of 35% to a flat rate of 21% and limitations on certain corporate deductions and credits. Also, the TCJA requires complex computations to be performed that were not previously required in U.S. tax law, significant judgments to be made in interpretation of the provisions of the TCJA and significant estimates in calculations and the preparation and analysis of information not previously relevant or regularly produced. The U.S. Treasury Department and the U.S. Internal Revenue Service, or IRS, continue to interpret and issue guidance on how provisions of the TCJA will be applied and administered. Finally, foreign governments may enact tax laws in response to the TCJA that could result in further changes to global taxation and materially adversely affect our financial position and results of operations.

25


U.S. holders that own 10% or more of the vote or value of our ordinary shares may suffer adverse tax consequences if we and/or any of our non-U.S. subsidiaries are characterized as a “controlled foreign corporation,” or a CFC, under Section 957(a) of the U.S. Internal Revenue Code of 1986, as amended, or the Code.

A non-U.S. corporation is considered a CFC if more than 50% of (i) the total combined voting power of all classes of shares of such corporation entitled to vote or (ii) the total value of the shares of such corporation, is owned, or is considered as owned by applying certain constructive ownership rules, including certain downward attribution rules, by U.S. shareholders (within the meaning of the Code) on any day during the taxable year of such non-U.S. corporation. Certain U.S. shareholders of a CFC generally are required to include currently in gross income such shareholders’ share of the CFC’s “Subpart F income,” a portion of the CFC’s earnings to the extent the CFC holds certain U.S. property and a portion of the CFC’s “global intangible low-taxed income” (as defined under Section 951A of the Code). Such U.S. shareholders are subject to current U.S. federal income tax with respect to such items, even if the CFC has not made an actual distribution to such shareholders. “Subpart F income” includes, among other things, certain passive income (such as income from dividends, interests, royalties, rents and annuities or gain from the sale of property that produces such types of income) and certain sales and services income arising in connection with transactions between the CFC and a person related to the CFC. “Global intangible low-taxed income” may include most of the remainder of a CFC’s income over a deemed return on its tangible assets.

As a result of the ownership of our shares, certain voting arrangements with respect to our shares, and certain changes in the U.S. tax law introduced by the TCJA, we and our non-U.S. subsidiaries may be classified as CFCs in the taxable year ended December 31, 2020 as well as in prior taxable years. These determinations cannot be made with certainty. In the event that we or any of our subsidiaries are a CFC, U.S. holders who hold 10% or more of the vote or value of our ordinary shares may realize adverse U.S. federal income tax consequences, such as current U.S. taxation of Subpart F income and of any such shareholder’s share of our or our subsidiaries’ accumulated non-U.S. earnings and profits (regardless of whether we make any distributions), taxation of amounts treated as global intangible low-taxed income under Section 951A of the Code with respect to such shareholder and being subject to certain reporting requirements with the IRS. Any such U.S. holder who is an individual generally would not be allowed certain tax deductions or foreign tax credits that would be allowed to a U.S. corporation. Investors who are U.S. holders and who hold 10% or more of the vote or value of our ordinary shares should consult their own tax advisors regarding the U.S. tax consequences of acquiring, owning or disposing our ordinary shares and the impact of the TCJA, especially the changes to the rules relating to CFCs.

U.S. holders of our ordinary shares may suffer adverse tax consequences if we are characterized as a passive foreign investment company, or a PFIC, under Section 1297(a) of the Code.

Generally, if, for any taxable year, at least 75% of our gross income is passive income, or at least 50% of the average quarterly value of our total gross assets (which generally may be measured in part by the market value of our ordinary shares, which is subject to change) is attributable to assets that produce passive income or that are held for the production of passive income, including cash, we would be characterized as a PFIC for U.S. federal income tax purposes. For purposes of these tests, passive income includes dividends, interest, gains from the sale or exchange of investment property and rents and royalties other than rents and royalties which are received from unrelated parties in connection with the active conduct of a trade or business. Additionally, a look-through rule generally applies with respect to 25% or more owned subsidiaries. If we are characterized as a PFIC, U.S. holders of our ordinary shares may suffer adverse tax consequences, including having gains realized on the sale of our ordinary shares treated as ordinary income, rather than capital gain, the loss of the preferential tax rate applicable to dividends received on our ordinary shares by individuals who are U.S. holders and having interest charges apply to distributions by us and to the proceeds of sales of our ordinary shares. In addition, special information reporting may be required. See “Item 10.E. Certain U.S. Federal Income Tax Consequences—Passive Foreign Investment Company Considerations.”

The determination of whether we are a PFIC will depend on the nature and composition of our income and the nature, composition and value of our assets from time to time. The 50% passive asset test described above is generally based on the fair market value of each asset, with the value of goodwill and going concern value determined in large part by reference to the market value of our ordinary shares, which may be volatile. If we are a CFC (determined by disregarding certain downward attribution rules) and not publicly traded for the relevant taxable year, however, the test shall be applied based on the adjusted basis of our assets.

26


Recently adopted Treasury Regulations, or the New Regulations, modify certain of the rules described above. Such modifications include, for example, permitting asset value to be determined more frequently than on a quarterly basis and treating a non-U.S. corporation as publicly traded for a taxable year if the stock of such corporation is publicly traded, other than in de minimis quantities, for at least twenty trading days during such taxable year.

The New Regulations generally apply to taxable years of shareholders beginning on or after January 14, 2021. A shareholder, however, may choose to apply such rules for any open taxable year beginning before January 14, 2021, provided that, with respect to a non-U.S. corporation being tested for PFIC status, the shareholder consistently applies certain of the provisions of the New Regulations and certain other Treasury Regulations for such year and all subsequent years. Investors who are U.S. holders should consult their own tax advisors regarding the impact and applicability of the New Regulations.

Based on our determination that our shares are properly treated as being publicly traded for the taxable year ended December 31, 2020 and our estimates of the fair market values of our assets, we believe that we should not be classified as a PFIC with respect to the taxable year ended December 31, 2020. However, this determination is subject to uncertainty.

In particular, the determination of whether we are, or will be, a PFIC for a taxable year depends, in part, on the application of complex U.S. federal income tax rules, which are subject to differing interpretations. It is possible that the IRS will disagree with the interpretation on which our belief about our PFIC status is based, and no ruling from the IRS concerning our PFIC status has been obtained or is currently planned to be requested. Moreover, because PFIC status is based on our income, assets and activities for the entire taxable year, it is not possible to determine whether we will be characterized as a PFIC for any subsequent year until after the close of the relevant year. We can therefore make no assurances regarding our PFIC status for any taxable year. Our U.S. counsel expresses no opinion with respect to our PFIC status for the taxable year ended December 31, 2020 or for any other taxable year. We will continue to determine whether we were a PFIC or not for each taxable year and make such determination available to U.S. holders.

The tax consequences that would apply if we were a PFIC in any taxable year would be different from those described above if a U.S. holder were able to make a valid “qualified electing fund,” or QEF, election. We will use commercially reasonable efforts to make available to U.S. holders such information with respect to the company as is necessary for U.S. holders to make QEF elections with respect to the company for any taxable year in which we determine that we are classified as a PFIC. See “Item 10.E. Certain U.S. Federal Income Tax Consequences—Passive Foreign Investment Company Considerations.”

We are an “emerging growth company,” and the reduced disclosure requirements applicable to emerging growth companies may make our ordinary shares less attractive to investors.

We are an “emerging growth company,” as defined in the Jumpstart Our Business Startups Act, or the JOBS Act, and may remain an emerging growth company for up to five fiscal years after April 10, 2019, the date of our initial public offering. For so long as we remain an emerging growth company, we are permitted and intend to rely on exemptions from certain disclosure requirements that are applicable to other public companies that are not emerging growth companies. These exemptions include not being required to comply with the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act not being required to comply with any requirement that may be adopted by the Public Company Accounting Oversight Board regarding mandatory audit firm rotation or a supplement to the auditor’s report providing additional information about the audit and the financial statements, reduced disclosure obligations regarding executive compensation and exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and shareholder approval of any golden parachute payments not previously approved. We cannot predict whether investors will find our ordinary shares less attractive if we rely on these exemptions. If some investors find our ordinary shares less attractive as a result, there may be a less active trading market for our ordinary shares and our share price may be more volatile.

We do not intend to pay dividends for the foreseeable future and, as a result, your ability to achieve a return on your investment will depend on appreciation in the price of our ordinary shares.

We have never declared or paid any cash dividends on our ordinary shares and do not intend to pay any cash dividends in the foreseeable future. We anticipate that we will retain all of our future earnings for use in the development of our business and for general corporate purposes. In addition, our ability to pay cash dividends is currently limited by the terms of our credit agreements, and any future credit agreements may contain terms prohibiting or limiting the amount of dividends that may be declared or paid on our ordinary shares. Accordingly, investors must rely on sales of their ordinary shares after price appreciation, which may never occur, as the only way to realize any future gains on their investments.

Our amended and restated articles of association provide that unless we consent to an alternate forum, the federal district courts of the United States shall be the exclusive forum of resolution of any claims arising under the Securities Act which may impose additional litigation costs on our shareholders.

Our amended and restated articles of association provide that other than with respect to plaintiffs or a class of plaintiffs which may be entitled to assert in the courts of the State of Israel, the federal district courts of the United States shall be the exclusive forum for the resolution of any claims arising under the Securities Act or the Federal Forum Provision. While the Federal Forum Provision does not restrict the ability of our shareholders to bring claims under the Securities Act, nor does it affect the remedies available thereunder if such claims are successful, we recognize that it may limit shareholders ability to bring a claim in the judicial forum that they find favorable and may increase certain litigation costs which may discourage the filing of claims under the Securities Act against the Company, its directors and officers.

27


Risks Related to Our Incorporation and Location in Israel

Our corporate headquarters and principal research and development facilities are located in Israel and, therefore, our business and operations may be adversely affected by political, economic and military conditions in Israel.

We are incorporated under Israeli law, and our corporate headquarters and principal research and development facilities are located in Israel. In addition, certain of our directors, executive officers and key employees are residents of Israel. Accordingly, political, economic and military conditions in the Middle East in general, and in Israel in particular, directly affect our business, product development and results of operations. In recent years, Israel has been engaged in sporadic armed conflicts with Hamas, an Islamist terrorist group that controls the Gaza Strip, with Hezbollah, an Islamist terrorist group that controls large portions of southern Lebanon, and with Iranian-backed military forces in Syria. In addition, Iran has threatened to attack Israel and may be developing nuclear weapons. Some of these hostilities were accompanied by missiles being fired from the Gaza Strip against civilian targets in various parts of Israel, including areas in which our employees and some of our consultants are located, and negatively affected business conditions in Israel. Any hostilities involving Israel or the interruption or curtailment of trade between Israel and its trading partners could adversely affect our operations and results of operations. Our corporate headquarters and principal research and development activities are located in the range of missiles that could be fired from Lebanon, Syria or the Gaza Strip into Israel.

As of December 31, 2020, we had 280 employees based in Israel. In addition, many Israeli citizens are obligated to perform several days, and in some cases more, of annual military reserve duty each year until they reach the age of 40 (or older, for reservists who are military officers or who have certain occupations) and, in the event of a military conflict, may be called to active duty. In response to increases in terrorist activity, there have been periods of significant call-ups of military reservists. It is possible that there will be military reserve duty call-ups in the future. Our operations could be disrupted by such call-ups, which may include the call-up of members of our management. Such disruption could materially adversely affect our business, prospects, financial condition and results of operations.

Our commercial insurance does not cover losses that may occur as a result of events associated with war and terrorism. Although the Israeli government currently covers the reinstatement value of direct damages that are caused by terrorist attacks or acts of war, we cannot assure you that this government coverage will be maintained or that it will sufficiently cover our potential damages. Any losses or damages incurred by us could have a material adverse effect on our business. Any armed conflicts or political instability in the region would likely negatively affect business conditions and could harm our results of operations.

Further, in the past, the State of Israel and Israeli companies have been subjected to economic boycotts. Several countries still restrict business with the State of Israel and with Israeli companies. These restrictive laws and policies may have an adverse impact on our operating results, financial condition or the expansion of our business. A campaign of boycotts, divestment and sanctions has been undertaken against Israel, which could also adversely impact our business.

On Israel’s domestic front there is currently a level of unprecedented political instability. The Israeli government has been in a transitionary phase since December 2018, when the Israeli Parliament, or the Knesset, first resolved to dissolve itself and call for new general elections. In 2019, Israel held general elections twice – in April and September – and a third general election was held in March 2020. The Knesset, for reasons related to this extended political transition, has failed to pass a budget for the year 2020, and certain government ministries, which may be critical to the operation of our business, are without necessary resources and may not receive sufficient funding moving forward. During December 2020, the government was unable to pass a budget by the applicable deadline, triggering a snap election expected to take place during March 2021, lurching the country back into a protracted political uncertainty. Given the likelihood that the current political stalemate may not be resolved during the next calendar year, our ability to conduct our business effectively may be adversely affected.

Exchange rate fluctuations between the U.S. dollar, the New Israeli Shekel, the Euro and other foreign currencies, may negatively affect our future revenues.

We generate substantially all of our revenues in U.S. dollars. The majority of our operating expenses are incurred in foreign currencies, and are subject to fluctuations due to changes in foreign currency exchange rates, particularly changes between the U.S. dollar and the New Israeli Shekel, or the NIS, the Euro and, to a lesser extent, the British Pound. As a result, our financial results may be affected by fluctuations in the exchange rates of currencies in the countries in which our products may be sold. For example, during 2020, we witnessed a strengthening of the average exchange rate of the NIS against the dollar, which increased the dollar value of Israeli expenses. If the NIS strengthens against the dollar, as it did in 2020, the dollar value of our Israeli expenses, mainly personnel and facility-related, will increase. We have entered into forward contracts with major banks to provide partial protection against foreign currency exchange risks resulting from expenses paid in NIS during the year. Although exposure to currency fluctuations to date has not had a material adverse effect on our business, there can be no assurance that our limited hedging transactions will provide sufficient protection and that such fluctuations in the future will not have a material adverse effect on our operating results and financial condition.

28


Our operations may be affected by negative labor conditions in Israel.

With respect to our Israeli employees, Israeli labor laws govern the length of the workday, minimum wages for employees, procedures for hiring and dismissing employees, determination of severance pay, annual leave, sick days, advance notice of termination of employment, equal opportunity and anti-discrimination laws and other conditions of employment. Subject to certain exceptions, Israeli law generally requires severance pay upon the retirement, death or dismissal of an employee, and requires us and our employees to make payments to the National Insurance Institute, which is similar to the U.S. Social Security Administration. Our employees have pension plans that comply with the applicable Israeli legal requirements and we make monthly contributions to severance pay funds for all employees, which cover potential severance pay obligations.

In Israel, we are subject to certain labor statutes and national labor court precedent rulings, as well as to certain provisions of the collective bargaining agreements between the Histadrut (General Federation of Labor in Israel) and the Coordination Bureau of Economic Organizations including the Industrialists’ Associations. These provisions of collective bargaining agreements are applicable to our Israeli employees by virtue of extension orders issued in accordance with relevant labor laws by the Israeli Ministry of Economy and Industry, and apply our employees even though they are not directly part of a union that has signed a collective bargaining agreement.

The laws and labor court rulings that apply to our employees principally concern minimum wage laws, length of the work day and workweek, overtime payment, procedures for dismissing employees, determination of severance pay, leaves of absence (such as annual vacation or maternity leave), sick pay and other conditions for employment. The extension orders which apply to our employees principally concern mandatory contributions to a pension fund or managers’ insurance, annual recreation allowance, travel expenses payment and other conditions of employment. We generally provide our employees with benefits and working conditions beyond the required minimums.

The termination or reduction of tax and other incentives that the Israeli government provides to domestic companies may increase the costs involved in operating a company in Israel.

The Israeli government currently provides tax and capital investment incentives to domestic companies, as well as grant and loan programs relating to research and development and marketing and export activities. In recent years, the Israeli government has reduced the benefits available under these programs and the Israeli governmental authorities have indicated that the government may in the future further reduce or eliminate the benefits of those programs. We have taken in the past and may take advantage of these benefits and programs again in the future, however, there is no assurance that such benefits and programs will continue to be available to us in the future. If such benefits and programs were terminated or further reduced, it could have an adverse effect on our business, operating results and financial condition.

Enforcing a U.S. judgment against us and our current directors and executive officers, or asserting U.S. securities law claims in Israel, may be difficult.

We are incorporated under the laws of the State of Israel. Service of process upon us and upon our directors and executive officers, most of whom reside outside of the United States, and on our auditors, may be difficult to obtain within the United States. Furthermore, because a majority of our assets and most of our directors and executive officers are located outside of the United States, any judgment obtained in the United States against us or any of them may be difficult to collect within the United States.

It may be difficult to assert U.S. securities law claims in original actions instituted in Israel. Israeli courts may refuse to hear a claim based on an alleged violation of U.S. securities laws on the basis that Israel is not the most appropriate forum in which to bring such a claim. In addition, even if an Israeli court agrees to hear a claim, it may determine that Israeli law and not U.S. law is applicable to the claim. There is little binding case law in Israel addressing these matters. If U.S. law is found to be applicable, the content of applicable U.S. law must be proven as a fact which can be a time-consuming and costly process. Certain matters of procedure will also be governed by Israeli law.

Provisions of our amended and restated articles of association and Israeli law and tax considerations may delay, prevent or make difficult an acquisition of us, which could prevent a change of control and negatively affect the price of our ordinary shares.

Israeli corporate law regulates mergers, requires tender offers for acquisitions of shares above specified thresholds, requires special approvals for certain transactions involving directors, officers or significant shareholders and regulates other matters that may be relevant to these types of transactions. These provisions of Israeli law may delay, prevent or make difficult an acquisition of us, which could prevent a change of control and therefore negatively affect the price of our ordinary shares. For example, under the Companies Law, upon the request of a creditor of either party to a proposed merger, the court may delay or prevent the merger if it concludes that there exists a reasonable concern that as a result of the merger the surviving company will be unable to satisfy the obligations of any of the parties to the merger. In addition, our executive officers and certain other key employees are entitled to certain benefits in connection with a change of control of our company.

29


Our amended and restated articles of association provide that our directors (other than external directors, if applicable) are elected on a staggered basis, such that a potential acquirer cannot readily replace our entire board of directors at a single annual general shareholder meeting.

Furthermore, Israeli tax considerations may make potential transactions unappealing to us or to our shareholders, especially for those shareholders whose country of residence does not have a tax treaty with Israel, which exempts such shareholders from Israeli tax. For example, Israeli tax law does not recognize tax-free share exchanges to the same extent as U.S. tax law. With respect to mergers, Israeli tax law allows for tax deferral in certain circumstances but makes the deferral contingent on the fulfillment of a number of conditions, including, in some cases, a holding period of two years from the date of the transaction during which sales and dispositions of shares of the participating companies are subject to certain restrictions. Moreover, with respect to certain share swap transactions, the tax deferral is limited in time, and when such time expires, the tax becomes payable even if no disposition of the shares has occurred. In order to benefit from the tax deferral, a pre-ruling from the Israel Tax Authority might be required.

We may become subject to claims for remuneration or royalties for assigned service invention rights by our employees, which could result in litigation and adversely affect our business.

We have entered into assignment-of-invention agreements with our research and development employees pursuant to which such individuals agreed to assign to us all rights to any inventions created during or as a result of their employment or engagement with us or in our field of business. A significant portion of our intellectual property has been developed by our employees during the course of their employment by us. Under the Israeli Patent Law, 5727-1967, or the Patent Law, inventions conceived by an employee during the scope of his or her employment with a company and as a result thereof are regarded as “service inventions,” which belong to the employer, absent a specific agreement between the employee and employer giving the employee service invention rights. The Patent Law also provides that if there is no agreement between an employer and an employee with respect to the employee’s right to receive compensation for such “service inventions,” the Israeli Compensation and Royalties Committee, or the Committee, a body constituted under the Patent Law, shall determine whether the employee is entitled to remuneration for his or her service inventions and the scope and conditions for such remuneration. A recent decision by the Committee clarifies that the right to receive consideration for “service inventions” can be waived by the employee and that in certain circumstances, such waiver does not necessarily have to be explicit. In order to determine the scope and validity of such wavier, the Committee will examine, on a case-by-case basis, the general contractual framework between the parties, using interpretation rules of the general Israeli contract laws. Further, the Committee has not yet determined one specific formula for calculating this remuneration (but rather uses the criteria specified in the Patent Law). Although our employees have agreed to assign to us service invention rights and have specifically waived their right to receive any special remuneration for such assignment beyond their regular salary and benefits, we may face claims that the assignment is not enforceable or demanding remuneration in consideration for assigned inventions. As a consequence of such claims, we could be required to pay additional remuneration or royalties to our current and former employees, or be forced to litigate such claims, which could negatively affect our business.

The Israeli government tax benefits that we currently are entitled to receive require us to meet several conditions and may be terminated or reduced in the future.

Some of our operations in Israel may entitle us to certain tax benefits under the Israeli Law for the Encouragement of Capital Investments, 5719-1959, or the Investment Law, once we are profitable. If we do not meet the requirements for maintaining these benefits, they may be reduced or canceled and the relevant operations would be subject to Israeli corporate tax at the standard rate, which is set at 23% in 2020 and thereafter. In addition to being subject to the standard corporate tax rate, we could be required to refund any tax benefits that we have already received, plus interest and penalties thereon. Even if we continue to meet the relevant requirements, the tax benefits that our current “Beneficiary Enterprise” is entitled to may not be continued in the future at their current levels or at all. If these tax benefits were reduced or eliminated, the amount of taxes that we pay would likely increase, as all of our operations would consequently be subject to corporate tax at the standard rate, which could adversely affect our results of operations. Additionally, if we increase our activities outside of Israel, for example, by way of acquisitions, our increased activities may not be eligible for inclusion in Israeli tax benefits programs.

Our investors’ rights and responsibilities as shareholders are, and will continue to be, governed by Israeli law, which differs in some material respects from the rights and responsibilities of shareholders of U.S. companies.

The rights and responsibilities of the holders of our ordinary shares are governed by our amended and restated articles of association and by Israeli law. These rights and responsibilities differ in some material respects from the rights and responsibilities of shareholders in U.S. corporations. For example, a shareholder of an Israeli company has a duty to act in good faith and in a customary manner in exercising its rights and performing its obligations towards such company and its shareholders, and to refrain from abusing its power in such company, including voting at a general meeting of shareholders on matters such as amendments to a company’s articles of association, increases in a company’s authorized share capital, mergers and acquisitions and related party transactions requiring shareholder approval. In addition, a shareholder who is aware that it possesses the power to determine the outcome of a shareholder vote or to appoint or prevent the appointment of a director or executive officer in the company has a duty of fairness toward the company. There is limited case law available to assist us in understanding the nature of these duties or the implications of these provisions. These provisions may be interpreted to impose additional obligations and liabilities on holders of our ordinary shares that are not typically imposed on shareholders of U.S. corporations.

30


Our amended and restated articles of association provide that unless the Company consents otherwise, the Tel Aviv District Court (Economic Division), Israel shall be the sole and exclusive forum for substantially all disputes between the Company and its shareholders under the Companies Law and the Israeli Securities Law, which could limit its shareholders ability to brings claims and proceedings against, as well as obtain favorable judicial forum for disputes with the Company, its directors, officers and other employees.

The Tel Aviv District Court (Economic Division), Israel shall be the exclusive forum for (i) any derivative action or proceeding brought on behalf of the Company, (ii) any action asserting a claim of breach of fiduciary duty owed by any director, officer or other employee of the Company to the Company or the Company’s shareholders or (iii) any action asserting a claim arising pursuant to any provision of the Companies Law or the Israeli Securities Law. This exclusive forum provisions is intended to apply to claims arising under Israeli Law and would not apply to claims brought pursuant to the Securities Act or the Exchange Act or any other claim for which federal courts would have exclusive jurisdiction. Such exclusive forum provision in our amended and restated articles of association will not relive the Company of its duties to comply with federal securities laws and the rules and regulations thereunder, and shareholders of the Company will not be deemed to have waived the Company’s compliance with these laws, rules and regulations. This exclusive forum provision may limit a shareholders ability to bring a claim in a judicial forum of its choosing for disputes with the Company or its directors or other employees which may discourage lawsuits against the Company, its directors, officers and employees.

General Risk Factors

If securities or industry analysts cease to publish research or publish inaccurate or unfavorable research reports about our business, our share price and trading volume could decline.

The trading price for our ordinary shares is affected by any research or reports that securities or industry analysts publish about us or our business. If one or more of the analysts who cover us or our business publish inaccurate or unfavorable research about us or our business, and in particular, if they downgrade their evaluations of our ordinary shares, the price of our ordinary shares would likely decline. If one or more of these analysts cease coverage of our business, we could lose visibility in the market for our ordinary shares, which in turn could cause our share price to decline.

We may acquire other businesses, which could require significant management attention, disrupt our business, dilute shareholder value and adversely affect our results of operations.

As part of our business strategy and in order to remain competitive, we may acquire or make investments in complementary companies, products or technologies. However, we have not made any acquisitions to date, and as a result, our ability as an organization to acquire and integrate other companies, products or technologies in a successful manner is unproven. We may not be able to find suitable acquisition candidates, and we may not be able to complete such acquisitions on favorable terms, if at all. If we do complete acquisitions, we may not ultimately strengthen our competitive position or achieve our goals, and any acquisitions we complete could be viewed negatively by our customers, analysts and investors. In addition, if we are unsuccessful at integrating such acquisitions or the technologies associated with such acquisitions, our revenues and results of operations could be adversely affected. Any integration process may require significant time and resources, and we may not be able to manage the process successfully. We may not successfully evaluate or utilize the acquired technology or personnel or accurately forecast the financial impact of an acquisition transaction, including accounting charges. We may have to pay cash, incur debt or issue equity securities to pay for any such acquisition, each of which could adversely affect our financial condition or the value of our ordinary shares. The sale of equity or issuance of debt to finance any such acquisitions could result in dilution to our shareholders. The incurrence of indebtedness would result in increased fixed obligations and could also include covenants or other restrictions that would impede our ability to manage our operations.

31


ITEM 4.INFORMATION ON THE COMPANY

A.History and Development of the Company

Our History

The legal name of our company is Tufin Software Technologies Ltd. and we are organized under the laws of the State of Israel. We were founded in 2005 with the goal of introducing a centralized security management layer that analyzes, defines and implements enterprise-specific security policies. In April 2019, we completed an initial public offering on the NYSE. We believe we were the first company to introduce security policy automation solutions with SecureChange and SecureApp, and we believe our position as a market leader reinforces our brand and supports our position as one of the most prominent players in the increasingly important security policy management market. Our Tufin Orchestration Suite, a comprehensive policy management platform, is currently comprised of four products: SecureTrack, SecureChange, SecureApp and, most recently, SecureCloud. Additionally, we provide a set of extensions and applications for the suite through the Tufin Marketplace.

We are a company limited by shares organized under the laws of the State of Israel. We are registered with the Israeli Registrar of Companies. Our registration number is 51-362739-8. Our principal executive offices are located at 5 HaShalom Road, ToHa Tower, Tel Aviv 6789205, Israel, and our telephone number is +972 (3) 612-8118. Our website address is www.tufin.com. Information contained on, or that can be accessed through, our website does not constitute a part of this annual report and is not incorporated by reference herein. We have included our website address in this annual report solely for informational purposes. Our SEC filings are available to you on the SEC’s website at http://www.sec.gov. This site contains reports, proxy and information statements, and other information regarding issuers that file electronically with the SEC. The information on that website is not part of this annual report and is not incorporated by reference herein. Our agent for service of process in the United States is Tufin Software North America, Inc., located at 10 Summer Street, Suite 605, Boston, Massachusetts 02110-1292, and its telephone number is +1 (877) 270-7711.

For a discussion of our capital expenditures, see “Item 5. Operating and Financial Review and Prospectus—Liquidity and Capital Resources.”

B.Business Overview

We are pioneering a policy-centric approach to security and information technology (“IT”) operations. We transform enterprises’ security operations by helping them visualize, define and enforce a unified security policy across complex, heterogeneous IT and cloud environments. Our products govern how individuals, systems and applications are permitted to communicate and provide policy-based security automation, enabling customers to reduce the time to securely implement complex network changes from days to minutes. Our solutions increase business agility, eliminate errors from manual processes and ensure continuous compliance through a single console. Since our inception, our solutions have been purchased by over 2,000 customers in over 70 countries, including approximately 16% of the Global 2000.

Cybersecurity is critical for enterprises of all sizes. As enterprises embrace digital transformation and adopt new technologies such as cloud-based services, software-defined networks, microservices and containers, the IT and cloud environments become increasingly complex and vulnerable to attack. In response to the heightened threat environment, lack of a defined network perimeter and a constantly changing attack surface, enterprises continue to implement additional firewalls, endpoint security, identity and access management and other security solutions. However, we believe most enterprises lack effective and comprehensive security policy management, which results in a trade-off between the necessary security posture and business requirements for speed, agility and innovation.

We believe a new approach to enterprise security is necessary — a data-driven framework centered on policy management and operationalized through policy-based automation, enhancing compliance and security while improving operational efficiency. To address this need, we have developed highly differentiated technology with four main pillars, as described below.

Policy-centric approach. We enable enterprises to visualize, define and enforce a unified security policy that acts as the foundation of governance and control, replacing ad-hoc configurations across fragmented networks.

Automated network changes. We automate the network change process across complex, heterogeneous environments, increasing business agility, enabling faster application deployment and reducing human error.

Data-driven insights. Our approach draws data from across a customer’s IT and cloud environments, providing insights on connectivity and end-to-end visibility across the network.

Open and extensible framework. Our open solutions serve as a centralized control layer for our customers’ networks and cloud environments, and can connect to a wide range of third-party technologies through application program interfaces, or APIs.

32


We offer four products that comprise the Tufin Orchestration Suite: SecureTrack, SecureChange, SecureApp and SecureCloud. We also offer a digital platform of applications and extensions through the Tufin Marketplace. SecureTrack, SecureChange and SecureApp enable enterprises to visualize, define and enforce their security policy across heterogeneous networks, both on premise and in the cloud. SecureTrack serves as the foundation of SecureChange and SecureApp. SecureTrack provides visibility across the network and public cloud, and helps organizations define a unified security policy and maintain compliance. SecureChange provides customers with the ability to automate changes across the network and public cloud while maintaining compliance with policy and security standards. SecureApp provides application connectivity management and streamlines communication between application developers and network engineers. SecureCloud provides cloud security policy management for container, microservices and hybrid cloud environments. The Tufin Marketplace provides apps and extensions from Tufin and our community of cybersecurity partners that maximize return-on-investment by enhancing the overall value of security policy management implementations.

We sell our products and services through our sales force, including our field sales team and our inside sales team, which works closely with our global network of over 150 active channel partners as of December 31, 2020. Our channel partners include distributors and resellers, as well as service delivery partners that help customers successfully deploy, configure, customize and maintain our products and services.

For the years ended December 31, 2019 and 2020, our revenues were $103.3 million and $100.8 million, respectively, representing year-over-year decrease of 2%. For the years ended December 31, 2019 and 2020, our net loss was $28.1 million and $35.4 million, respectively.

Impacts from COVID-19

The global spread of COVID-19 began to accelerate late in March of 2020, and has since continued to spread and adversely affect workforces, economies, and financial markets globally, leading to an economic downturn and continued economic uncertainty. The extensive impact of the pandemic caused by COVID-19 has resulted and will likely continue to result in significant disruptions to the global economy, as well as businesses and capital markets around the world. In an effort to halt the outbreak of COVID-19, a number of countries, states, counties and other jurisdictions have imposed various measures, including but not limited to, voluntary and mandatory quarantines, border closures and travel restrictions, stay-at-home orders, limitations on gatherings, reduced operations and non-essential business closures.

As part of our response to COVID-19, we remained focused on supporting our customers and partners. In addition, we transitioned our employees to remote working arrangements and temporarily closed and/or otherwise implemented hybrid remote-work with limited onsite presence in our offices worldwide. In the early stages of COVID-19, we experienced a slow-down in our business in comparison to 2019. Although we experienced signs of recovery during the second half of 2020, our revenues for the year ended December 31, 2020 decreased compared to the year ended December 31, 2019. In order to mitigate the impact of the uncertainties associated with COVID-19, we initiated certain cost reduction measures, including the reduction of our workforce and compensation costs. In addition, we realized savings as a result of travel restrictions and virtual (rather than in-person) events. Despite such costs savings, our operating loss for the year ended December 31, 2020 increased compared to 2019.

We believe that the impact of COVID-19 on the way organizations operate and its long-lasting effects has increased our long-term opportunity to help our customers protect their data and detect threats, as well as achieve regulatory compliance. Companies around the world now have employees working remotely from potentially vulnerable home networks, accessing critical on-premises data stores and infrastructure through VPNs and sharing information on cloud environments. We believe this practice will likely continue for the foreseeable future or until efforts to contain COVID-19 are successful. As these remote working conditions create vulnerable conditions for cyberattacks, we believe that our products and solutions can help protect data and infrastructure against attackers. Further, we believe that enterprises understand that a data-centric approach to security is critical and that these elevated risks are expected to remain in the long-term.

The extent to which COVID-19 impacts our business going forward will depend on numerous evolving factors that we cannot reliably predict, including the duration and scope of the pandemic, efficiency of available vaccines and the availability of such vaccines to the worldwide population; governmental, business, and individuals' actions in response to the pandemic, and the impact on economic activity including the possibility of a recession or financial market instability. The uncertainty surrounding the containment of COVID-19 could affect management’s accounting estimates and assumptions. For a discussion of certain risks associated with COVID-19, please refer to Risk Factors.

33


Industry Background

Enterprises that lack a comprehensive security policy are facing challenges in balancing the necessary security and risk posture with their business requirements, leaving security, network and compliance professionals overwhelmed. Several industry trends contribute to operational challenges in managing risk, as set forth below:

Increasing frequency and sophistication of cyberattacks. Enterprises worldwide are under constant security threat from both external cyberattackers and malicious insiders in search of sensitive information and vital systems. Cyberattackers are increasingly able to breach networks and cloud infrastructures, and locate and steal sensitive enterprise data. As a result, numerous enterprise boards are prioritizing and reshaping their cybersecurity approaches.

Growing complexity of software-defined networks. Enterprises have been undergoing a digital transformation. They are rapidly shifting on-premise workloads to cloud environments to meet the changing demands of their markets and customers. To keep pace with this transformation, enterprises design scalable and flexible workloads and connections, which increase network complexity and the velocity of changes. The rise of technologies such as microservices and containers introduces additional complexity. The growing use of these dynamic technologies has raised business expectations on agility and increased the need for a unified security approach across networks, applications and the cloud.

Accelerating pace of application development and deployment. The accelerating pace of business and technological developments requires numerous and continuous application and infrastructure changes. The rise of the DevOps model, which is a set of software development practices that allows applications and features to be rapidly developed and deployed, has led to increased release velocity. Enterprises that use manual change processes struggle to keep pace and lack policy consistency, resulting in an ever-growing backlog of changes, delayed software releases and heightened security exposure.

Evolving regulatory and compliance requirements. Global enterprises need to maintain compliance with a new wave of government regulations, corporate security policies and industry standards related to privacy and cybersecurity. Manual changes to network policy are difficult to track and are more likely to be non-compliant. As a result, enterprises seek cost-efficient security solutions to meet compliance requirements.

Legacy security approaches can no longer address cybersecurity threats in the ever-changing IT and cloud environments. Traditional security policy management approaches address governance and control, but lack critical characteristics such as a unified security policy, automation, scalability, end-to-end visibility and extensibility. We believe a new approach to enterprise security is necessary: a data-driven framework centered on policy management and operationalized through automation.

Our Products

Security and IT operations management has become an increasingly resource-intensive and high-risk task for enterprises. The accelerating pace of business and technological developments require numerous application and infrastructure changes, and enterprise networks are becoming increasingly complex. Enterprises often rely on their in-house network and security teams to manually process change requests, which increases the risk of human error and cybersecurity vulnerabilities and delays the pace of application releases.

Enterprises use our security policy management products to create a unified security policy and give them the ability to implement accurate network changes in minutes instead of days while improving their security posture and business agility. We offer four products that comprise the Tufin Orchestration Suite: SecureTrack, SecureChange, SecureApp and SecureCloud. SecureTrack, SecureChange and SecureApp enable enterprises to unify, visualize and control their security policy across heterogeneous networks, both on premise and in the cloud. SecureCloud provides visibility and control into the security posture of cloud-native and hybrid cloud environments.

In 2020 we launched the Tufin Marketplace, a digital platform where customers can find and deploy apps and extensions that enhance the overall value of their security policy management implementations. Powered by Tufin and our community of cybersecurity partners, the Marketplace provides apps that maximize return-on-investment by integrating security policy data with other security technologies and practices.

To date, the most popular apps developed by Tufin and offered through the Marketplace are the SecureTrack Reports Pack, SecureChange Reports Pack and the Vulnerability Mitigation App.

34


 

IMAGE PROVIDED BY CLIENT

Security Policy Automation for the Extended Enterprise

The Tufin Orchestration Suite provides a policy-centric solution for automatically designing, provisioning, analyzing and auditing enterprise security changes. From applications to firewalls, our products provide advanced automation capabilities to increase business agility, eliminate errors stemming from manual processes and ensure continuous compliance through a single interface. Our unified security policy empowers network and IT security teams to effectively safeguard complex, heterogeneous environments through a central security policy, which can be applied over all of their IT and cloud environments and across different platforms.

The majority of our customers initially purchase SecureTrack to monitor a portion of their networks. Initial product deployments frequently expand across networks, departments, divisions and geographies in response to a need for an enterprise-wide approach for security policy management, as well as the need to automate the network change process. Our “land and expand” sales strategy capitalizes on this potential. As we expanded our portfolio of solutions within the Tufin Orchestration Suite, customers have increasingly purchased SecureChange and SecureApp on top of their initial transactions. With the accelerated adoption of cloud infrastructure for application workloads, customers are purchasing SecureCloud to expand their visibility and control through security policy management into cloud-native and hybrid cloud environments.

SecureTrack. Enterprises use SecureTrack to understand their enterprise security infrastructure and manage a wide range of devices from a central console. SecureTrack enables security administrators to define and manage a centralized security policy, minimize the attack surface and ensure continuous compliance across the network. SecureTrack also provides a foundation for our customers to use SecureChange and SecureApp, and delivers the following key benefits:

Policy definition. SecureTrack includes our unified security policy, which visualizes, defines and enforces a zone-to-zone segmentation policy that dictates how users, systems and applications can communicate across the entire enterprise. Our unified security policy serves as the security policy framework for the Tufin Orchestration Suite.

Security and compliance. SecureTrack provides monitoring, assessment and alerts on security and compliance risk, ensuring real-time accountability, transparency and consistency with the unified security policy. It also generates a variety of configurable audit reports that support regulatory compliance standards.

Visibility. SecureTrack builds a dynamic topology map of network connectivity across the enterprise and the cloud. It also provides real-time visibility into all security policy configurations and changes. This visibility enables security teams to efficiently manage configuration changes, troubleshoot problems and prepare for audits.

35


SecureChange. SecureChange is the change management and automation component of the Tufin Orchestration Suite. Enterprises use SecureChange to quickly and accurately assess, provision and verify security configuration changes across physical networks and cloud platforms, while maintaining security and compliance. SecureChange delivers the following key benefits:

Business agility. SecureChange increases business agility through security change automation. It automates manual change processes, giving them the ability to implement changes in minutes instead of days.

Security and compliance. SecureChange proactively checks every change request for risk and compliance against the unified security policy before and after changes are implemented. It also maintains comprehensive ticket and process documentation, which reduces the need for painstaking information gathering and analysis before internal and external audits.

Control and accuracy. SecureChange reduces inaccuracies due to human error through automated change design and provisioning for multi-vendor environments.

SecureApp. SecureApp is the application management and secure connectivity automation component of the Tufin Orchestration Suite. Enterprises use SecureApp to define, manage and monitor network connectivity for their applications. SecureApp delivers the following key benefits:

Visibility and control. SecureApp provides an intuitive interface to define application-critical connectivity needs. It serves as a central repository of application connectivity requirements and indicates current connectivity status.

Business continuity and agility. SecureApp monitors network device configurations and alerts security administrators to changes that could affect application availability. SecureApp also provides graphical diagnostic tools that help our customers identify, troubleshoot and automatically repair connectivity issues. By providing detailed insight into an application’s connectivity needs and status, SecureApp accelerates service deployment, provides business continuity and simplifies network operations.

Security and compliance. SecureApp proactively creates clean, reliable network configurations. It automatically recommends policy rule changes and decommissions unnecessary network access paths that can lead to a security breach.

SecureCloud. SecureCloud is a security policy management service for cloud-native, multi-cloud, and hybrid-cloud applications and workloads. Enterprises use SecureCloud to gain visibility into their cloud security posture, establish security policy guardrails, and ensure compliance with these security policies by integrating with DevOps processes and tools to reduce risk and maintain security without compromising speed and agility. SecureCloud delivers the following key benefits:

Visibility. SecureCloud provides visibility into the security of application connectivity in the cloud through the assessment of cloud access controls. SecureCloud displays vulnerabilities and overly permissive access paths. ensuring adherence to industry standards and best practices.

Security Guardrails. SecureCloud defines policies to secure application connectivity across multiple cloud and/or Kubernetes platforms. SecureCloud automatically generates the cloud-native control code required to enforce these policies, saving enterprises the cost and overhead of using third-party products that introduce proprietary control points across their cloud environment.

Continuous Compliance. SecureCloud integrates directly into cloud-native application development processes and DevOps CI/CD automation pipelines, ensuring continuous compliance checks of enterprise security policy throughout the entire life-cycle of cloud application development and deployment efforts.

Enterprise-wide Security Policy Management. With SecureCloud, Tufin Orchestration Suite provides a comprehensive platform that enterprises can use to manage security policies across their entire estate, from on-premise to hybrid cloud environments.

Vulnerability Mitigation App (VMA). The Tufin Vulnerability Mitigation App (VMA), offered as part of the Tufin Marketplace, enables organizations to prioritize remediation and mitigation efforts by enhancing vulnerability scanner output with network insights. By combining vulnerability measures (e.g. CVSS and severity) with insights into how these vulnerabilities may be accessed and exploited via the network, customers have the context to identify and address vulnerabilities that pose the greatest threat to their critical business assets.

Out-of-the-Box Integration. VMA provides out-of-the-box integration with the most widely used vulnerability management solutions, including Rapid7 Nexpose, Rapid7 InsightVM, Qualys VMDR, Tenable.io, and Tenable.sc.

Risk Mitigation. Tufin VMA automates risk mitigation by implementing network changes that block access to the critical asset until vulnerability remediation efforts can be fully implemented.

Comprehensive Dashboard. VMA also includes a comprehensive dashboard, monitors and measures risk exposure over time, and highlights overall vulnerability exposure and the impact of mitigation and remediation efforts networkwide.

36


Our Technology

Our comprehensive security policy management solutions rely on a set of proprietary technologies that provide a high level of security, scalability and performance. Our core technologies, which serve as the foundation of both our network and cloud-based products, include analysis engines, a provisioning engine, Application Programming Interface (“API”) integrations and infrastructure technology.

IMAGE PROVIDED BY CLIENT

Analysis Engines

Topology intelligence. Our topology intelligence engine uses network routing algorithms to calculate the paths between different points on the network and provides our customers with a graphic display of devices and data flows. Network administrators use our topology intelligence to quickly determine which devices and cloud platforms a network connection can traverse, which enables them to automate network path analysis and troubleshoot issues.

Network usage analysis engine. Our network usage analysis engine detects unused elements of a security policy by analyzing network flows and traffic hits over a specified time period. Our technology leverages an automated workflow process to decommission unnecessary access and reduce the attack surface.

Policy analysis engine. Our policy analysis engine calculates the expected connectivity and access behavior of network devices and cloud platforms. Security administrators can use different parameters and logic to determine in real time if supported network devices and cloud security groups will allow or block specific connections.

Risk and compliance analysis engines. Our risk engine proactively analyzes risk by identifying potential security violations, checking the existing configuration or the proposed access changes against the unified security policy. Our compliance analysis engine creates an audit trail in real time by automatically documenting any remedial changes.

 

Our technology also provides cloud-based security automation for applications developed in CI/CD mode. Our CI/CD vulnerability scanning and compliance validation embeds security at the development and testing stage, and enables our customers’ DevOps teams to quickly identify security issues, reducing the probability of vulnerabilities in production environments.

Change designer engine. Our change designer engine automates enterprise security access requests. It first identifies the connection-relevant network devices and cloud platforms based on topology intelligence, and then recommends the optimal policy change based on information from the policy analysis engine. Our technology provides vendor-specific suggestions that maximize security and performance, while offering accurate configuration changes designed to be intuitive and user friendly.

37


Provisioning Engine

Change provisioning engine. Our technology automatically implements policy changes approved by security administrators. Our automated change provisioning engine supports all major network, security and cloud vendors. In zero-touch automation mode, our technology automatically applies recommended policy changes without the need for human intervention.

API Integrations

Extensible APIs. Our technology features a RESTful API framework to enable extensibility and interoperability with third-party systems, including ticketing and service management systems such as ServiceNow and BMC Remedy. Our professional services team, as well as our customers and partners, use the API framework to supplement the Tufin Orchestration Suite with additional functionality by integrating with the third-party security ecosystem. We integrate with leading network and cloud platforms, such as Check Point, Cisco, Fortinet, Palo Alto Networks, F5 Networks, Forcepoint, Juniper Networks, VMware, AWS, Google Cloud, Microsoft Azure and Kubernetes, to provide vendor agnostic solutions, which is key to our value proposition. In addition, we believe our technology alliance partner program, which is an ecosystem of technology partners who build certified integrations to our platform, helps to expand our common use cases.

Infrastructure Technology

Distributed architecture. Customers can deploy our products across multiple distributed servers. Rather than monitoring all devices and platforms from a single server, remote collectors monitor local network devices (e.g., firewalls and routers), process the raw data and upload compressed data to a central server over a secure connection. Using a fully distributed architecture, our products can easily scale to meet the demands of large organizations.

SaaS architecture. SecureCloud, is offered as Software-as-a-Service, and is able to scale up and scale out to meet the demands of various customer deployment scenarios and architectures, with built in multi-tenancy and high availability.

Tufin Orchestration Suite Aurora. Aurora is the next generation of the Tufin Orchestration Suite, which runs in microservices on Kubernetes. This architecture will enable us to offer SecureTrack, SecureChange, and SecureApp to our customers as SaaS products in the future. Aurora allows for more agile research and development and gives us the ability to scale out to the largest networks on earth, advancing our leadership in scalability. Also, Aurora provides a refresh and more modern user interface that customers will find easy and intuitive to use.

Our Services

Professional Services

Our professional services team helps customers with product deployment, integration, customization, optimization, operation and training. We support initial product setup, implementation and configuration, and help customers integrate our products with existing third-party applications and internally developed tools. Our professional services team also helps customers define their unified security policy, model their network topology, configure workflows, discover application connectivity and deliver customized reporting according to their requirements. In addition, we provide technical training so that our customers can use our products with confidence. We also enable our authorized service delivery partners to provide similar professional services.

Maintenance and Support

We offer several levels of technical support for our products by providing customers with access to our user and partner portal, our knowledge center and our regional support centers. We provide customers with software bug repairs, system enhancements and updates, as well as access to our technical support experts. Our support engineers liaise with our product experts to diagnose and solve our customers’ technical challenges. In addition to post-sales support activities, we emphasize service readiness by coordinating with our product management team to define prerequisite product and service quality levels prior to their release. Additionally, our designated support engineers serve as ongoing, accessible customer resources.

38


Sales and Marketing

Sales

We sell our products and services through our sales force, including our field sales team and our inside sales team, which works closely with our global network of over 150 active channel partners as of December 31, 2020.

Our highly trained sales force is responsible for overall market development. Our sales force consists of our field sales team, which accounts for most of our sales, and our inside sales team. Our field sales team targets large organizations, which we define as those comprising the Global 2000, while our inside sales team targets mid-market companies that do not belong to the Global 2000. Within our field sales team, our regional field sales representatives develop new business relationships with our key customers, and our channel account managers support and expand existing relationships with our channel partners. Our sales engineers provide technical expertise and support, and architect our solutions to address the business needs of our customers. Our sales cycle usually lasts several months from proof of concept to purchase order, and is often longer for larger transactions. As of December 31, 2020, we had sales personnel in 19 countries. we expect to continue to hire sales personnel in order to support our growth plans.

Our channel partners include distributors and resellers, as well as service delivery partners that help customers successfully deploy, configure, customize and maintain our products and services. In addition, on October 2, 2018, we launched our “Tufin as a Service” program – a consumption-based, pay-per-use services model that enables Managed Security Service Providers, or MSSPs, to offer our security policy management solutions to their customers.

Marketing

Our marketing strategy is focused on promoting brand awareness through differentiated positioning, messaging and thought leadership. We achieve this by educating the market on effective security policy change management, communicating our product advantages and business benefits, generating leads for our sales force and channel partners, and promoting our brand. We market our products and services as enterprise security policy management solutions for complex networks and cloud-based environments.

We execute our marketing strategy by leveraging a combination of internal marketing professionals, external marketing partners and a network of platform and technology partners. Our internal marketing enterprise is responsible for branding, digital content generation and targeted advertising through active digital channels. We actively drive thought leadership by providing community education through our online technical webinars in multiple regions. We host and sponsor demand-generation events, including our channel and technical partners’ events and our annual worldwide customer conferences, Tufinnovate, as well as local events for specific customers and prospect accounts in multiple regions. In 2020, we hosted the Tufinnovate conferences virtually, and plan to do the same in 2021. Although some of the face-to-face interaction was not possible in a virtual event, we had double the number of attendees in the virtual Tufinnovate conference, compared to the in person Tufinnovate conferences in 2019. Our conferences and events demonstrate our strong commitment to enabling our partners and customers to succeed, and provide an opportunity to create a pipeline for new sales to prospective customers and additional sales to existing customers.

Research and Development

Continued investment in research and development is critical to our business. Our research and development efforts focus primarily on improving our existing products and services with additional innovative features and functionality, as well as developing new products and services. For example, we regularly release enhanced capabilities of the Tufin Orchestration Suite. We believe the timely development of new products, including both on-premise and cloud solutions, is essential to maintaining our competitive position.

In the years ended December 31, 2019 and 2020, our research and development expenses were $31.6 million and $35.0 million, respectively. We plan to continue investing significantly in research and development initiatives across our global innovation centers in Tel Aviv, Israel, Karmiel, Israel and Bucharest, Romania. By spreading our research and development team across multiple locations, we increase our access to highly skilled engineering talent, which provides us opportunities for evolution and growth.

Intellectual Property

Our commercial success depends, in part, on our ability to protect our core technologies and other intellectual property assets. We rely on a combination of trade secrets, copyright and trademark laws, confidentiality procedures, technical know-how and continuing innovation to protect our intellectual property and maintain our competitive advantage. Our technical personnel use their skills, knowledge and experience to develop, strengthen and maintain our proprietary position in the security policy automation market. In addition, we seek to protect our intellectual property by filing Israeli, U.S. and other foreign patent applications related to our proprietary technology.

Our software and other proprietary information are protected by copyright on creation. Copyright registrations, which have so far not been necessary, may be sought on an as-needed basis. We also control access to and use of our proprietary software, proprietary technology and other confidential information through the use of internal and external controls, including contractual agreements containing confidentiality obligations with our employees, independent consultants, independent contractors, professional services team, partners and customers. Our confidentiality agreements are designed to protect our proprietary information, and the clauses requiring assignment of inventions are designed to grant us ownership of technologies that are developed through our relationship with the respective counterparty. We also license software from third parties for use in developing our products and for integration into our products, including open source software. Despite our efforts to protect our trade secrets and proprietary rights through intellectual property rights, confidentiality agreements and licenses (including non-disclosure and invention assignment agreements), unauthorized parties may still copy or otherwise obtain and use our intellectual property and technology.

39


As of December 31, 2020, we had registered three trademarks in the United States, four trademarks in Israel and two trademarks in the European Union, as well as, one published trademark in Israel. As of December 31, 2020, we had 14 issued patents in the United States and five issued patents in Israel.

Competition

The security policy management market in which we operate is relatively new and evolving. We are a leading provider of enterprise security automation and management products. In many cases, our primary competition is in-house, manual, spreadsheet driven processes and home-grown approaches to security management. Our direct competitors include vendors such as AlgoSec, Inc., FireMon, LLC and Skybox Security LLC that offer solutions that compete with all or some of our products or product features. We also indirectly compete with large IT companies that offer a broad array of traditional security management solutions, such as Symantec Corporation and Cisco Systems, Inc., for a share of enterprises’ IT security budgets. In the cloud, direct competition to SecureCloud has not fully emerged, although our traditional competitors have added some capabilities in this area. The cloud security vendor landscape is crowded and many company offerings overlap. In particular, we may compete with tools from firewall vendors that provide visibility into cloud access policies for their proprietary platforms. SecureCloud is differentiated from such tools by enabling enterprise buyers to avoid vendor lock-in associated with proprietary enforcement solutions, ultimately having the ability to optimize how they enforce policy and manage costs using a security policy management system across multi-vendor environments.

As our market further develops, we anticipate that competition will increase based on customer demand for security automation and management solutions. Furthermore, we believe enterprises will allocate an increasing portion of their IT security budgets, and specifically security management spending, to operational security and automation solutions.

The principal competitive factors in our market include:

security change automation;

multi-vendor integration and heterogeneous network topology;

application connectivity in modern IT and cloud environments;

efficacy in provisioned and cloud-native environments;

suitability for DevOps processes and microservice architectures;

scalability and overall performance; and

strong relationships with existing IT vendors.

Our Customers

Since our inception, our solutions have been purchased by over 2,000 customers in over 70 countries, including approximately 16% of the Global 2000. We sell substantially all of our products and services through our global network of channel partners, including distributors and resellers, who then sell to end-user customers. For the years ended December 31, 2019 and 2020, our two largest channel partners accounted for 15% and 9% of our revenues and 15% and 10% of our revenues, respectively. Our agreements with these channel partners provide that each partner agrees to sell and distribute our products within certain territories for one year. These agreements are nonexclusive and non-transferable, and automatically renew unless terminated by either party after providing prior written notice.

When analyzing our business, we refer to end-user customers as our customers throughout this annual report, even if our direct commercial relationship is with a channel partner. Our customers include leading enterprises across a broad range of geographies in a diverse set of industries, including financial services, telecommunications, automotive, manufacturing, energy, healthcare and pharmaceuticals, technology, government, retail and business services.

Our diverse global footprint is evidenced by the fact that, for the year ended December 31, 2020, we generated 54%, 40% and 6% our revenues from customers in the Americas, EMEA and APAC, respectively.

40


Properties

Our corporate headquarters are located in Tel Aviv, Israel in an office consisting of approximately 62,859 square feet, where we employ our primary research and development team and a portion of our support and general administrative teams. The lease for this office expires January 31, 2029 (with an option to extend until January 31, 2034). Our U.S. headquarters are located in Boston, Massachusetts in an office consisting of approximately 3,214 rentable square feet, where we employ a portion of our marketing and general administrative teams. The lease for this office expires in December 31, 2023. On August 28, 2019, we signed a lease for an office in Boston, Massachusetts consisting of approximately 8,982 rentable square feet. We relocated to our new office in Boston during the first quarter of 2020. We also lease an office in Karmiel, Israel (which serves as a research and development site), Akron, Ohio (which hosts the Americas technology support, professional services and inside sales teams) and Reading, England (which hosts the European inside sales team). We believe our facilities are sufficient to meet our current needs and anticipate that suitable additional space will be readily available to accommodate any foreseeable expansion of our operations.

Seasonality

We generally expect an increase in business activity as we approach our fiscal year end in December, driven by our customers’ buying patterns. We believe that these seasonal trends will continue to affect our quarterly results. Large individual sales have, in some cases, occurred in quarters subsequent to those we anticipated or have not occurred at all. The loss or delay of one or more large transactions in a quarter could impact our anticipated results of operations for that quarter and future quarters for which revenues from that transaction is delayed.

Legal Proceedings

See “Item 8.A. Financial Information—Consolidated Financial Statements and Other Financial Information—Legal Proceedings.”

41


C.Organizational Structure

The legal name of our company is Tufin Software Technologies Ltd. and we are organized under the laws of the State of Israel. We have six wholly-owned subsidiaries:

Name of Subsidiary

Place of Incorporation

Tufin Software North America Inc.

Delaware, United States

Tufin Software Europe Limited

United Kingdom

Tufin Software France SARL

France

Tufin Software Germany GmbH

Germany

Tufin Software Australia Pty Ltd

Australia

Tufin Software SRL

Romania

D.Property, Plants and Equipment

See “Item 4.B. Business Overview—Properties” for a discussion of property, plants and equipment.

ITEM 4A.UNRESOLVED STAFF COMMENTS

Not applicable.

42


ITEM 5.OPERATING AND FINANCIAL REVIEW AND PROSPECTS

Company Overview

We are pioneering a policy-centric approach to security and IT operations. We transform enterprises’ security operations by helping them visualize, define and enforce a unified security policy across complex, heterogeneous IT and cloud environments. Our products govern how individuals, systems and applications are permitted to communicate and provide policy-based security automation, enabling customers to reduce the time to implement complex network changes from days to minutes. Our solutions increase business agility, eliminate errors from manual processes and ensure continuous compliance through a single console. Since our inception, our solutions have been purchased by over 2,000 customers in over 70 countries, including approximately 16% of the Global 2000.

We generate revenues from sales of our products and associated maintenance and professional services. We primarily sell our software through perpetual license agreements and, to a lesser extent, term-based license agreements. Our products offer the same functionality whether our customers receive them through a perpetual or term-based license. Our agreements with customers for software licenses include maintenance contracts and may also include professional services contracts. Maintenance revenues consist of fees for providing software updates and technical support for our products for a specified term, which is typically one or three years. We offer a portfolio of professional services and extended support contract options to assist our customers with integration, customization, optimization, training and ongoing advanced technical support.

Our goal is to provide significant benefits to customers seeking to enforce enterprise-wide security policies and automate network change process, which we believe will enable us to maximize the lifetime value of our customers. We believe our existing customers serve as a strong source of incremental revenues given our multiple product offerings and the growing complexity of IT and cloud environments and networks. Our products provide customers the flexibility to initially deploy one or more of our products in all or parts of their IT and cloud environments, and further expand deployment as they purchase additional products or cover additional parts of their IT and cloud environments. We believe our “land and expand” sales strategy capitalizes on this potential. We make significant investments in acquiring new customers and expect to achieve a favorable return on investments by maintaining a high level of customer retention, which we define as our maintenance renewal rate. We calculate our maintenance renewal rate by taking the total prior period maintenance revenues from customers that have renewed in the trailing 12-month period and dividing that figure by our total prior period maintenance revenues for all customers with contracts that were up for renewal in the trailing 12-month period. For each of the years ended December 31, 2019 and 2020, our maintenance renewal rate was over 90%. Our new business from existing customers, including new licenses for our products and attached maintenance and professional services contracts, constitutes a significant part of our revenues, accounting for 66% and 71%, of our total revenues from new business in the years ended December 31, 2019 and 2020, respectively.

We believe our diverse global footprint provides a significant growth opportunity. We aim to continue to expand our business globally, particularly in the Americas and EMEA. In the year ended December 31, 2020, we generated 54% of our revenues from customers in the Americas and 40% of our revenues from customers in EMEA.

We expect sales in the Americas to continue to account for a majority of our revenues. Our customers include leading enterprises across a broad range of geographies in a diverse set of industries, including financial services, telecommunications, automotive, manufacturing, energy, healthcare and pharmaceuticals, technology, government, retail and business services. We believe our expansion within the Global 2000 is a key indicator of our market penetration and the value that our products provide to large customers.

We sell our products and services through our sales force, including our field sales team and our inside sales team, which works closely with our global network of over 150 active channel partners as of December 31, 2020. Our highly trained sales force is responsible for overall market development. Our sales force consists of our field sales team, which accounts for most of our sales, and our inside sales team. Our field sales team targets large organizations, which we define as those comprising the Global 2000, while our inside sales team targets mid-market companies that do not belong to the Global 2000. Within our field sales team, our regional field sales representatives develop new business relationships with our key customers, and our channel account managers support and expand existing relationships with our channel partners. Our sales engineers provide technical expertise and support, and architect our solutions to address the business needs of our customers. Our sales cycle usually lasts several months from proof of concept to purchase order, and is often longer for larger transactions. As of December 31, 2020, we had sales personnel in 19 countries.

Our channel partners include distributors and resellers, as well as service delivery partners that help customers successfully deploy, configure and maintain our products and services. We sell substantially all of our products and services through our global network of channel partners, who then sell to end-user customers. When analyzing our business, we refer to end-user customers as our customers throughout this annual report even if our direct commercial relationship is with a channel partner. We consider our channel partners active if they have sold our products or services in the trailing 12-month period.

43


We integrate with leading network and cloud platforms, such as Check Point, Cisco, Fortinet, Palo Alto Networks, F5 Networks, Forcepoint, Juniper Networks, VMware, AWS, Google Cloud, Microsoft Azure and Kubernetes, to provide vendor agnostic solutions, which is key to our value proposition. In addition, we believe our technology alliance partner program, which is an ecosystem of technology partners who build certified integrations to our platform, helps to expand our common use cases.

For the years ended December 31, 2019 and 2020, our revenues were $103.3 million and $100.8 million, respectively, representing year-over-year decrease of 2%.

COVID-19 Impacts

The global spread of COVID-19 began to accelerate late in March of 2020, and has since continued to spread and adversely affect workforces, economies, and financial markets globally, leading to an economic downturn and continued economic uncertainty. The extensive impact of the pandemic caused by COVID-19 has resulted and will likely continue to result in significant disruptions to the global economy, as well as businesses and capital markets around the world. In an effort to halt the outbreak of COVID-19, a number of countries, states, counties and other jurisdictions have imposed various measures, including but not limited to, voluntary and mandatory quarantines, border closures and travel restrictions, stay-at-home orders, limitations on gatherings, reduced operations and non-essential business closures.

As part of our response to COVID-19, as part of our focus on the on the safety and well-being of our employees, we initiated a global work-from-home policy beginning in March 2020 which includes transitioned our employees to remote working arrangements and temporarily closed and/or otherwise implemented hybrid remote-work with limited onsite presence in our offices worldwide. To date, we have not experienced significant disruptions in our operations resulting from our remote working arrangements.

In addition, we adjusted our operations, including transitioning from in-person marketing events to virtual formats, utilizing a virtual sales strategy and minimizing employee travel.

In the early stages of COVID-19, we experienced a slow-down in our business in comparison to 2019. Although we experienced signs of recovery during the second half of 2020, our revenues for the year ended December 31, 2020 decreased compared to the year ended December 31, 2019. In order to mitigate the impact of the uncertainties associated with COVID-19, we initiated certain cost reduction measures, including the reduction of our workforce and compensation costs. In addition, we realized savings as a result of travel restrictions and virtual (rather than in-person) events. Despite such costs savings, our operating loss for the year ended December 31, 2020 increased compared to 2019.

We continue to monitor, assess and respond to the implications of the COVID-19 pandemic on our operations and our customers, partners and suppliers. In addition, we continue to actively evaluate and respond to new developments relating to the evolving COVID-19 pandemic, which has and is expected to result in continued significant global, social and business disruptions.

The extent to which COVID-19 impacts our business going forward will depend on numerous evolving factors that we cannot reliably predict, including the duration and scope of the pandemic, efficiency of available vaccines and the availability of such vaccines to the worldwide population; governmental, business, and individuals' actions in response to the pandemic, and the impact on economic activity including the possibility of a recession or financial market instability. The uncertainty surrounding the containment of COVID-19 could affect management’s accounting estimates and assumptions. For a discussion of certain risks associated with COVID-19, please refer to Risk Factors.

Key Performance Indicators

We monitor the following key performance indicators to help us evaluate our business, measure our performance, identify trends affecting our business, formulate business plans and make strategic decisions. Our key performance indicators may be calculated in a manner different than similar key performance indicators used by other companies.

Number of Customers. We believe the size of our customer base is an indicator of our market penetration and our net customer additions are an indicator of the growth of our business and future revenue opportunity. We believe we have a significant opportunity to expand our footprint through new installations and displacement of our competitors’ solutions. To do so, we plan to continue to grow our sales team, leverage our channel partner relationships and enhance our marketing efforts.

We believe organizations choose us for our customer-first approach, continuing innovation and seamless integration with third-party technologies.

We define a customer as a distinct entity, division or business unit of a company that has purchased our products or services and is eligible to receive maintenance and support. Since our inception, our solutions have been purchased by over 2,000 customers in over 70 countries, including approximately 16% of the Global 2000. As of December 31, 2019 and 2020, we had 1,679 and 1,728 active customers, respectively.

Sales to Existing Customers. We believe our existing customers provide a significant source of revenue growth. We derive an increasing portion of our revenues from existing customers. For example, during the years ended December 31, 2019 and 2020, we generated approximately 66% and 71% of our revenues, respectively, excluding maintenance renewals, from sales to existing customers.

44


Maintenance Renewal Rates. We believe our maintenance renewal rates are an important metric to measure our ability to provide significant value to our existing customers. We generate incremental maintenance revenues when our customers renew their maintenance contracts. We measure the maintenance renewal rate of our customers over a trailing 12-month period, based on a dollar renewal rate of contracts expiring during that time period. For each of the years ended December 31, 2019 and 2020, our maintenance renewal rate was over 90%. Our key strategies to maintain our renewal rate include continuing to provide more valuable features and network device coverage in our product updates, focusing on the quality and reliability of our customer service and support and ensuring our customers receive value from our products.

Sales to Large Organizations. In the year ended December 31, 2020, large organizations, which we define as those comprising the Global 2000, accounted for 63% of our revenues, compared to 68% of our revenues in the year ended December 31, 2019, in each case excluding maintenance renewals. Sales to large organizations involve a distinct set of opportunities and challenges. Large organizations sales are characterized by longer sales cycles and additional time and resources spent on a potential customer.

For the years ended December 31, 2019 and 2020, the average spend for all customers, excluding maintenance renewals, was $122,000 and $102,000, respectively. During those years, the average spend for Global 2000 customers, excluding maintenance renewals, was $187,000 and $155,000, respectively; and the average spend for non-Global 2000 customers, excluding maintenance renewals, was $70,000 and $67,000, respectively. We define average spend as total sales, excluding maintenance renewals, for the relevant customer group (i.e., all customers, Global 2000 customers or non-Global 2000 customers) divided by the number of customers belonging to such customer group.

Seasonality. We generally expect an increase in business activity in the fourth quarter, driven by our customers’ buying patterns. We believe that these seasonal trends will continue to affect our quarterly results. The loss or delay of one or more large transactions in a quarter could impact our anticipated results of operations for that quarter and future quarters for which revenues from that transaction is delayed.

Non-GAAP Gross Profit, non-GAAP Operating Income (Loss) and Non-GAAP Net Loss. We believe that providing non-GAAP financial measures that exclude, as applicable, share-based compensation expense and certain non-recurring costs, as well as, the tax effect of these Non-GAAP adjustments, allows for more meaningful comparisons between our operating results from period to period. These non-GAAP financial measures are an important tool for financial and operational decision-making and for evaluating our operating results over different periods.

 

We define Non-GAAP gross profit, Non-GAAP operating income (loss) and Non-GAAP net loss as follows:

Non-GAAP gross profit as gross profit excluding share-based compensation expense.

Non-GAAP operating income (loss) as operating income (loss) excluding share-based compensation expense, shelf registration costs, one-time expenses associated with the reorganization of one of our subsidiaries and secondary offering costs.

Non-GAAP net loss as net loss excluding share-based compensation expense, shelf registration costs, one-time expenses associated with the reorganization of one of our subsidiaries, secondary offering costs and the tax effect of these non-GAAP adjustments.

Year ended December 31,

2019

2020

(in thousands)

Gross profit

$

83,413

$

80,587

Non-GAAP gross profit (1)

84,927

82,611

 

Operating loss

$

(27,023

)

$

(33,925

)

Non-GAAP operating loss (1)

(15,234

)

(18,452

)

 

Net loss

$

(28,119

)

$

(35,406

)

Non-GAAP net loss (1)

(17,054

)

(20,634

)

 

(1)

For a reconciliation of non-GAAP gross profit, non-GAAP operating loss and non-GAAP net loss to their most directly comparable GAAP measures, respectively, see “Item 3.A. Selected Financial Data.”

45


Because of varying available valuation methodologies, subjective assumptions and the variety of equity instruments that can impact a company’s non-cash expense, we believe that providing non-GAAP financial measures that exclude non-cash share-based compensation expense allow for more meaningful comparisons between our operating results from period to period. In addition, we believe that providing non-GAAP financial measures that exclude shelf registration costs, one-time expenses associated with the reorganization of one of our subsidiaries and secondary offering costs allows for more meaningful comparisons between our operating results from period to period since these non-recurring costs are not representative or indicative of our ongoing operations. We also believe that the tax effects related to the non-GAAP adjustments set forth above do not reflect the performance of our core business and would impact period-to-period comparability.

Transition to Subscription-Based Business Model

In February 2021, we announced our transition to a subscription-based business model. We believe that this strategic initiative will have a positive impact on our business in the long-term and will support our future growth plans. The transition to a subscription-based business model is expected to drive an increase in our recurring revenues, but may result in a decrease in our total potential reported revenues, during the transition period, as the average customer spend on a subscription-based software deal is expected to be lower than a perpetual software deal for the same size infrastructure.

Our subscription license renewal rate is an important parameter that will help us to achieve our long-term goals. Our key strategies to ensure high renewals rates, both for subscription licenses and maintenance agreements, include focusing on the quality and reliability of our product and customer service and support, ensuring our customers receive value from our products, as well as providing valuable software upgrades and enhancements when and if they are available.

Annualized recurring revenues. We consider annualized recurring revenues (“ARR”) as a performance indicator which is defined as the annualized value of active term-based subscription license contracts, SaaS contracts and maintenance contracts related to perpetual licenses in effect at the end of a period. Such contracts are annualized by dividing the total contract value by the number of months of its term and multiplying by twelve (12). As of December 31, 2019 and 2020, ARR was approximately $53 million and $60 million, respectively. The annualized value of contracts is a legal and contractual determination made by assessing the contractual terms with our customers. ARR is not determined by reference to historical revenues, deferred revenues or any other GAAP financial measure over any period. ARR is not a forecast of future revenues, which can be impacted by contract start and end dates and renewal rates and does not include revenue associated with the sales of perpetual software licenses, hardware or professional services.

Components of Statements of Operations

Revenues

We derive our revenues from the following:

Product Revenues. We generate product revenues from sales of our software licenses and third-party hardware to new customers and sales of additional licenses and third-party hardware to existing customers. We generate the vast majority of our revenues through sales of software with less than 5% of our revenues generated through sales of third-party hardware. In each of the years ended December 31, 2018, 2019 and 2020, we primarily sold our software through perpetual license agreements and, to a lesser extent, term-based license agreements. As a percentage of total revenues, we expect our product revenues to vary from quarter to quarter based on seasonal and cyclical factors. We are focused on acquiring new customers as well as increasing product revenues from our existing customers.

Maintenance and Professional Services Revenues. We generate maintenance and professional services revenues by selling maintenance contracts and, to a lesser extent, by providing professional services to our customers. Maintenance includes software updates and technical support. Our contracts with customers for software licenses include maintenance for a specified term. We recognize revenues associated with maintenance on a straight-line basis over the specified maintenance period. Professional services consist of deployment services for our products, and implementation of our solutions and their integration in the customer’s environment.

46


We recognize revenues associated with professional services as we perform the services. As a percentage of total revenues, we expect our maintenance and professional services revenues to vary from quarter to quarter based on fluctuations in license sales, maintenance renewal rates, professional services attach rates and cyclical factors. The increase in maintenance is attributable to the growth in our software license sales to new and existing customers.

See Note 2 to our consolidated financial statements “Significant Accounting Policies—Revenue recognition” for more information.

Cost of Revenues and Gross Profit

Our total cost of revenues is comprised of the following:

Cost of Product Revenues. Cost of product revenues consist primarily of personnel costs (including share-based compensation) associated with the processing and delivery of our software licenses to customers and, to a lesser extent, the purchase and delivery of third-party hardware, as well as other overhead costs. There is no direct cost of revenues associated with our software products because we deliver our software products electronically. Electronic delivery occurs when we provide the customer with access to the software and license key via a secure portal. Our cost of product revenues is primarily impacted by the number of personnel involved in the delivery of our products, as well as our third-party hardware revenues.

Cost of Maintenance and Professional Services Revenues. Cost of maintenance and professional services revenues consist primarily of personnel costs for those responsible for providing maintenance and support and professional services to our global customer base. Such personnel costs consist of salaries, benefits, bonuses and share-based compensation.

Gross profit is total revenues less total cost of revenues. Gross margin is gross profit expressed as a percentage of total revenues. Our gross margin fluctuates from quarter-to-quarter based on the mix of product revenues and maintenance and professional services revenues. We expect our gross margins to continue to fluctuate.

Operating Expenses

Our operating expenses consist of research and development expenses, sales and marketing expenses and general and administrative expenses. For each category, personnel costs are the most significant component of our operating expenses. Personnel costs consist of salaries and employee benefits (including vacation expenses, bonuses and share-based compensation). Sales commissions account for a significant portion of our sales and marketing compensation costs.

Research and Development. Research and development expenses consist primarily of personnel costs attributable to our research and development personnel, subcontractors and consultants, as well as allocated overhead costs. We expense research and development expenses as incurred. We expect to continue to invest in our research and development and other long-term strategic initiatives, as we plan to further strengthen our technology platform and applications and enhance our current and future product and service offerings.

Sales and Marketing. Sales and marketing expenses are the largest component of our operating expenses and consist primarily of personnel costs, including variable compensation, as well as travel expenses, marketing and business development costs (including marketing campaigns, tradeshows and recruitment) and allocated overhead costs. We expect sales and marketing expenses will continue to increase in absolute dollars and account for the majority of our operating costs as we expand our international sales and marketing efforts.

General and Administrative. General and administrative expenses consist primarily of personnel-related costs, including share-based compensation expense, for our executive, finance, IT, human resources, legal and administrative personnel. General and administrative expenses also include external legal, accounting, directors and officer’s insurance expenses, other professional service fees and allocated overhead. We expect that general and administrative expenses will increase in absolute dollars in the near term as we continue to support the company needs and our operations as a public company, including maintaining compliance with the Sarbanes-Oxley Act and related regulations.

Financial Income (Loss), Net

Financial income (loss), net, consists primarily of bank charges, interest earned on our cash, cash equivalents restricted bank deposits and marketable securities, amortization of premium or accretion of discount on our marketable securities and foreign currency exchange fluctuations. Foreign currency exchange fluctuations reflect gains or losses related to transactions denominated in currencies other than the U.S. dollar, particularly the NIS, the Euro and the GBP. As a result of our global presence, we expect to continue to incur expenses in currencies other than the U.S. dollar. As such, we expect our exposure to fluctuations in foreign currencies to continue.

47


Taxes on Income

The standard corporate tax rate in Israel for 2020 and thereafter was 23%. We have net operating loss carry forwards. As of December 31, 2020, our net operating loss carry forwards for Israeli tax purposes amounted to approximately $76 million. Under Israeli law, net operating losses can be carried forward indefinitely and offset against certain future taxable income. We expect that if or when we become profitable, we will generate the substantial majority of our taxable income in Israel. However, no tax benefit was recorded for the years ended 2018, 2019 and 2020 for the deferred tax assets of the Israeli entity, since we have recorded a full valuation allowance against these deferred tax assets which are less likely than not to be realized.

In addition, we are entitled to tax benefits under the Investment Law in Israel in respect of our status as a Benefited Enterprise. Under the Investment Law, our effective tax rate to be paid with respect to our Israeli taxable income as a Benefited Enterprise may be lower than the standard corporate tax rate. The tax benefit period for the Benefited Enterprise program under the Investment Law is expected to end in 2022. The availability of these tax benefits is subject to certain requirements, including making specified investments in property and equipment, and financing a percentage of investments with share capital. If we do not meet these requirements in the future, the tax benefits may be canceled and we could be required to refund any tax benefits that we have already received.

Our U.S. and European subsidiaries currently generate taxable income in the United States and Europe. To the extent that we generate taxable income in Israel, our effective tax rate will be a weighted average rate based on the applicable U.S., European and Israeli tax rates.

A.Operating Results

We are providing within this section a supplemental discussion that compares our historical statement of operations data in accordance with accounting principles generally accepted in the United States, or GAAP. The below tables provide data for each of the years ended December 31, 2020 and 2019. The following discussion and analysis is based on our consolidated financial statements including the related notes, and should be read in conjunction with them. Our consolidated financial statements are provided in “Item 18 – Financial Statements”.

For discussion related to our financial condition, changes in financial condition, and the results of operations for the year ended December 31, 2019 compared to the year ended December 31, 2018, refer to Part I, Item 5. “Operating and Financial Review and Prospects” in our Annual Report on Form 20-F for the fiscal year ended December 31, 2019, which was filed with the SEC on March 18, 2020.

48


Comparison of Period to Period Results of Operations

Results of Operations

The following tables summarize our results of operations in dollars and as a percentage of our total revenues for the periods indicated. The period-to-period comparison of results is not necessarily indicative of results for future periods.

Year ended December 31,

2019

2020

Amount

%

Amount

%

(Dollars in thousands)

Revenues:

Product

$

47,365

45.9

%

$

38,690

38.4

%

Maintenance and professional services

55,905

54.1

62,144

61.6

Total revenues

103,270

100.0

100,834

100.0

Cost of revenues:

Product

2,716

2.6

2,940

2.9

Maintenance and professional services

17,141

16.6

17,307

17.2

Total cost of revenues(1)

19,857

19.2

20,247

20.1

Gross profit

83,413

80.8

80,587

79.9

Operating expenses:

Research and development(1)

31,571

30.6

34,978

34.7

Sales and marketing(1)

63,981

62.0

59,484

59.0

General and administrative(1)

14,884

14.4

20,050

19.9

Total operating expenses

110,436

106.9

114,512

113.6

Operating loss

$

(27,023

)

(26.1

)

$

(33,925

)

(33.6

)

Financial income (loss), net

(85

)

(0.1

)

114

0.1

Loss before taxes on income

$

(27,108

)

(26.2

)

$

(33,811

)

(33.5

)

Taxes on income

(1,011

)

(1.0

)

(1,595

)

(1.6

)

Net loss

$

(28,119

)

(27.2

)%

$

(35,406

)

35.1

%

 

(1)

Includes share-based compensation expense as follows:

Year ended December 31,

2019

2020

(in thousands)

Share-based Compensation Expense:

Cost of revenues

$

1,514

$

2,024

Research and development

2,370

4,437

Sales and marketing

4,849

4,635

General and administrative

2,194

3,929

Total share-based compensation expenses

$

10,927

$

15,025

49


Comparison of the Years Ended December 31, 2019 and 2020

Revenues

Year ended December 31,

2019

2020

Change

Amount

Amount

Amount

%

(Dollars in thousands)

Revenues:

Product

$

47,365

$

38,690

$

(8,675

)

(18.3

)

Maintenance and support

46,019

50,794

4,755

10.4

Professional services

9,886

11,350

1,464

14.8

Total revenues

$

103,270

$

100,834

$

(2,436

)

(2.4

)

Revenues decreased by $2.4 million, or 2.4%, from $103.3 million in 2019 to $100.8 million in 2020. The decrease in total revenues was driven by a decrease in product revenues across all regions and was partially offset by increase in maintenance and support revenues. The decrease in total revenues was also reflected by $5.4 million decrease in revenues from new customers, which was partially offset by $3.0 increase in revenues from existing customers.

Product revenues decreased by $8.7 million, or 18.3%, from $47.4 million in 2019 to $38.7 million in 2020. This decrease was driven by decrease sales volumes to new and existing customers, which decreased by $4.6 million and $4.1 million, respectively. The substantial majority of our product revenues was attributable to sales of perpetual licenses.

Maintenance and support revenues grew by $4.8 million, or 10.4%, from $46.0 million in 2019 to $50.8 million in 2020. This increase was driven by revenues from maintenance and support contracts renewals, which accounted for $3.8 million of this increase and from initial maintenance and support contracts which accounted for $1.0 million of this increase.

Professional services revenues increased by $1.5 million, or 14.8%, from $9.9 million in 2019 to $11.4 million in 2020. This increase was attributable to the timing of projects deployment by our professional services teams in order to achieve faster delivery times and improved services to our expanding customer base.

Geographic Breakdown of Revenues

The following table sets forth the geographic breakdown of our revenues by region for the periods indicated:

Year ended December 31,

2019

2020

Amount

%

Amount

%

(in thousands)

Americas

$

56,848

55.1

%

$

54,645

54.2

%

EMEA

40,903

39.6

40,114

39.8

APAC

5,519

5.3

6,075

6.0

Total

$

103,270

100.0

%

$

100,834

100.0

%

The Americas accounted for the majority of our revenues in each of the years ended December 31, 2019 and 2020. EMEA also accounted for a significant portion of our revenues in each of the years ended December 31, 2019 and 2020, with revenues generated in Germany representing 30% and 29%, respectively, of EMEA revenues.

50


Cost of Revenues

Year ended December 31,

2019

2020

Change

Amount

Amount

Amount

%

(Dollars in thousands)

Cost of revenues:

Product

$

2,716

2,940

$

224

8.2

%

Maintenance and professional services

17,141

17,307

166

1.0

Total cost of revenues

$

19,857

20,247

$

390

2.0

%

Cost of revenues increased by $0.4 million, or 2%, from $19.9 million in 2019 to $20.2 million in 2020. This increase was primarily driven by the increase in compensation costs resulted from an increase of the number of employees of our services, support and fulfillment teams on an annual-average basis which includes an increase of $0.5 million in share-based compensation expense, as well as an increase in related overhead costs.

Cost of product revenues increased by $0.2 million, or 8.2%, from $2.7 million in 2019 to $2.9 million in 2020.

Cost of maintenance and professional services revenues increased by $0.2 million, or 1%, from $17.1 million in 2019 to $17.3 million in 2020. The increase in cost of maintenance and professional services revenues was driven primarily by an increase in personnel costs and related overhead expenses as we remain committed to support our increased sales of our services offerings.

Gross Profit

Year ended December 31,

2019

2020

Gross Profit Change

Gross Profit

Gross Margin

Gross Profit

Gross Margin

Amount

%

Gross profit

$

83,413

80.8

%

$

80,587

79.9

%

$

2,826

(3.4

)%

Gross profit decreased by $2.8 million, or 3.4%, from $83.4 million in 2019 to $80.6 million in 2020. Gross margins decreased from 80.8% to 79.9% during the same period. This decrease was driven by lower revenues and revenues mix, as well as higher costs of revenues in 2020 compared to 2019, as discussed above.

Operating Expenses

Year ended December 31,

2019

2020

Change

Amount

Amount

Amount

%

(Dollars in thousands)

Operating expenses:

Research and development

$

31,571

$

34,978

$

3,407

10.8

%

Sales and marketing

63,981

59,484

(4,497

)

(7.0

)

General and administrative

14,884

20,050

5,166

34.7

Total operating expenses

$

110,436

$

114,512

$

4,076

3.7

%

51


Total operating expenses increased by $4.1 million, or 3.7%, from $110.4 million in 2019 to $114.5 million in 2020.

Research and Development. Research and development expenses increased by $3.4 million, or 10.8%, from $31.6 million in 2019 to $35.0 million in 2020. This increase was primarily attributable to an increase of $3.6 million in compensation expenses, which includes a $2.1 million increase in share-based compensation expense. The increase in compensation expenses was driven by an increase of our research and development teams on an annual-average basis, as well as unfavorable impact of foreign exchange rate fluctuations (mainly the NIS in relation to the U.S. dollar). The increase in research and development expenses reflects our plans to invest in strategic initiatives that further strengthen our technology platform and enhance our current and future product and service offerings. The increase was partially offset by $0.2 million decrease in travel and allocated overhead costs.

Sales and Marketing. Sales and marketing expenses decreased by $4.5 million, or 7.0%, from $64.0 million in 2019 to $59.5 million in 2020. This decrease was attributable to a $3.5 million decrease in travel expenses due to COVID-19 travel restrictions and additional costs savings associated with marketing-related activities of approximately $2.2 million resulting from fewer in-person events and cancellations or postponements of certain marketing events for future periods due to COVID-19. The decrease in sales and marketing expenses was partially offset by higher compensation costs of $1.6 million. Despite our workforce reduction from 223 as of December 31, 2019 to 194 as of December 31, 2020, our sales and marketing organization grew on an annual-average basis. In addition, we also incurred certain termination costs.

General and Administrative. General and administrative expenses increased by $5.2 million, or 34.7%, from $14.9 million in 2019 to $20.1 million in 2020. This increase was primarily attributable to an increase of $3.0 million in compensation costs, which includes a $1.7 million increase in share-based compensation expense as we grew our general and administrative teams in order to scale and support the business needs as a public company. Our general and administrative headcount has increased from 48 in 2019 to 63 in 2020, on an annual-average basis. The remaining increase in general and administrative expense of $2.2 million was primarily due to increase in corporate insurance, as well as accounting and legal costs.

Financial Income (loss), Net

Year ended December 31,

2019

2020

Change

Amount

Amount

Amount

%

(Dollars in thousands)

Financial Income (loss), net

$

(85

)

$

114

$

199

234

%

Financial income, net increased from financial loss, net of $0.1 million in 2019 to a financial income, net of $0.1 million in 2020. Our financial income, net was impacted by exchange rate fluctuations in the foreign currencies against the U.S. dollar and our derivatives and hedging activities, which was minimal in 2020 compared to $0.8 million unfavorable impact in 2019. The increase of the financial income, net was partially offset by decrease of $0.5 million in our interest income, net in 2020 compared to 2019.

Taxes on Income

Year ended December 31,

2019

2020

Change

Amount

Amount

Amount

%

(Dollars in thousands)

Taxes on income

$

(1,011

)

$

(1,595

)

$

(584

)

(58

)%

Taxes on income increased from a tax expense of $1.0 million in 2019 to a tax expense of $1.6 million in 2020. Our effective tax rate was primarily impacted by our diverse geographic mix of earnings and losses, as well as our full valuation allowance against potential future benefits for deferred tax assets of our Israeli entity, including loss carryforwards generated in Israel, therefore, the majority of our taxes on income are derived from our operations in the United States. In addition, our effective tax rate is based on recurring factors, including the geographic mix of foreign taxable income and loss, as well as nonrecurring items that may not be predictable. See Note 11 to our consolidated financial statements included elsewhere in this annual report for a full reconciliation of our effective tax rate to the Israeli statutory rate of 23% and for further explanation of our provision for income taxes.

52


Application of Critical Accounting Policies and Estimates

Our consolidated financial statements have been prepared in accordance with GAAP. The preparation of these consolidated financial statements requires us to make estimates and assumptions that affect the reported amounts of assets, liabilities, revenue, expenses, and related disclosures. We base our estimates on historical experience and on various other assumptions that we believe are reasonable under the circumstances. We evaluate our estimates and assumptions on an ongoing basis. Actual results may differ from these estimates. To the extent that there are material differences between these estimates and our actual results, our future financial statements will be affected.

The critical accounting policies requiring estimates, assumptions, and judgments that we believe have the most significant impact on our consolidated financial statements are described below.

Revenue Recognition

We determine the appropriate revenue recognition for our contracts with customers by analyzing the type, terms and conditions of each contract. We classify the revenue components as products according to the attributes of the underlying components.

We sell our on-premises software licenses through both perpetual and, to a lesser extent, term-based license agreements. Our products offer the same functionality whether our customers receive them through a perpetual or term-based license. We deliver our software licenses electronically. Electronic delivery occurs when we provide the channel partner or customer with access to our software and license key via a secure portal. We generally recognize revenues from on-premises software licenses upfront when we make the software available to the channel partner or, if we are selling directly, customer. We recognize hardware sales upon delivery.

We generally recognize revenues from software sold through term-based license agreements upfront, upon delivery to the channel partner or, if we are selling directly, customer. We defer the associated maintenance revenues and recognize them over the contract period. Assuming we expect to recover the costs, we capitalize all incremental costs we incur to obtain a contract with a customer that we would not have incurred if we had not obtained the contract. We include amortization expense in sales and marketing expenses in our consolidated statements of operations. We amortize costs incurred in obtaining a contract as a sales and marketing expense on a straight-line basis over the expected period of benefit. We periodically review these costs for impairment.

Our contract payment terms typically range between 30 and 120 days. We assess collectability based on several factors, including collection history.

Our contracts with customers for software licenses include maintenance and may also include training and/or professional services. Maintenance consists of fees for providing software updates and technical support for our products for a specified term. We recognize maintenance revenues ratably over the contractual service period. We bill for professional services on a fixed fee basis and recognize revenues as we perform the services. We defer payments received in advance of services performed and recognize such payments when we perform the related services.

In contracts with multiple performance obligations, we account for individual performance obligations separately if they are distinct. We allocate the transaction price to each performance obligation based on its relative standalone selling price out of the total consideration of the contract. For maintenance and support contracts, we determine the standalone selling price based on the price at which we separately sell a renewal contract. We determine the standalone selling price for sales of licenses using the residual approach. For professional services, we determine the standalone selling prices based on the price at which we separately sell those services.

Share-Based Compensation

We measure and recognize share-based compensation expense in our consolidated financial statements based on the grant date fair value of the award. We recognize the grant date fair value of the award as an expense based on the graded vesting attribution method over the requisite service period (primarily a four-year period).

We estimated the grant date fair value of share options for the years ended December 31, 2019 and 2020 using the Black-Scholes option-pricing model. Our use of the Black-Scholes option-pricing model requires the input of highly subjective assumptions, including estimated fair value of our ordinary share price, expected share price volatility and expected term. The fair value of restricted stock units ("RSU") is based on the closing market value of the underlying shares at the date of grant.

Following our initial public offering on April 11, 2019, our ordinary shares are publicly traded, and therefore we currently base the value of our ordinary shares on their market price.

Risk-Free Interest Rate. We base the risk-free interest rate on the implied yield on currently available U.S. treasury zero-coupon securities with a remaining term equal to the expected life of our options.

Dividend Yield. We base dividend yield on our historical experience and expectation of no future dividend payouts. We have historically not paid cash dividends and have no foreseeable plans to pay cash dividends in the future.

53


Expected Volatility. We base expected share price volatility on the historical volatility of the ordinary shares of comparable companies that are publicly traded, as well as the historical volatility of the Company’s ordinary shares.

Expected Term. The expected term of options granted represents the period of time that options granted are expected to be outstanding. The expected option term is calculated using the simplified method, as we concluded that currently our historical share option exercise experience does not provide an adequate basis to estimate our expected option term.

Any changes in these highly subjective assumptions would significantly impact our share-based compensation expense.

Research and Development Costs

ASC 985 requires capitalization of certain software development costs subsequent to the establishment of technological feasibility.

Based on our product development process, technological feasibility is established upon completion of a working model. We do not incur material costs between the completion of the working model and the point at which the products are ready for general release. Therefore, research and development costs are charged to the statement of operations as incurred.

Income Taxes

We account for income taxes using the asset and liability approach, which requires the recognition of taxes payable or refundable for the current year and the deferred tax liabilities and assets for the future tax consequences of events that we have recognized in our financial statements or tax returns.

We measure current and deferred tax liabilities and assets based on provisions of the relevant tax law. We reduce the measurement of deferred tax assets, if necessary, by the amount of any tax benefits that we do not expect to realize. We classify interest and penalties relating to uncertain tax positions within taxes on income.

Accounts Receivable

We present accounts receivable in our consolidated balance sheets net of allowance for credit losses for potential uncollectible amounts. We estimate the collectability of accounts receivable balances and adjust the allowance for credit losses based on our assessment of collectability by reviewing accounts receivable on an aggregated basis where similar characteristics exist and on an individual basis when it identifies specific customers with known disputes or collectability issues. We also consider a number of factors to assess collectability, including the past due status, creditworthiness of the specific customer, payment history and reasonable and supportable forecasts of future economic conditions.

When revenue recognition criteria are not met for a sale transaction that has been billed, we do not recognize deferred revenues on our balance sheet or the related account receivable.

Derivative Instruments

We carry out transactions involving foreign currency exchange derivative financial instruments. These transactions are designed to hedge our exposure in currencies other than the U.S. dollar, and are not designated as an accounting hedge. We are primarily exposed to foreign exchange risk with respect to recognized assets and liabilities and anticipated transactions denominated in the NIS, Euro and British Pound, including payroll expenses. Going forward we may consider to designate transactions involving foreign currency exchange derivative financial instruments as an accounting hedge.

B.Liquidity and Capital Resources

As of December 31, 2020, we had $104.0 million of cash and cash equivalents, restricted bank deposits, short-term marketable securities and long-term marketable securities, compared to $121.7 million as of December 31, 2019. The majority of our cash and cash equivalents, restricted bank deposits and marketable securities are held in banks in Israel and the United States. Our marketable securities primarily consist of highly-rated corporate debt securities and U.S. government agency securities. We believe that our existing cash and cash equivalents will be sufficient to fund our operations, as well as our working capital and capital expenditures needs for at least the next 12 months. Our future capital requirements will depend on many factors, including our rate of revenue growth, which may be impacted, among other factors, by our transition to subscription-based business model, the expansion of our sales and marketing activities, the timing and extent of spending to support product development efforts and expansion into new geographic locations, the timing of introductions of new products and enhancements to existing products and the continuing market acceptance of our products and services.

Net Cash Used in Operating Activities

Cash used by operating activities was $17.4 million for the year ended December 31, 2020. This was primarily due to an increased net loss of $35.4 million adjusted by non-cash charges of $15.6 million, primarily relating to share-based compensation of $15.0 million and depreciation expense, as well as a favorable impact of $2.4 million resulting from the net changes in our operating assets and liabilities. Changes in operating assets and liabilities included (i) a $2.2 million increase in deferred revenues representing unearned amounts resulting primarily from increased maintenance and support sales and (ii) a $4.3 million increase in employee and payroll accrued expenses and operating lease liabilities, net, partially offset by (a) a $2.6 million increase in prepaid expenses and other current assets, (b) a $0.5 million increase in accounts receivables and (c) a $0.7 million increase in deferred costs.

Cash used by operating activities was $9.6 million for the year ended December 31, 2019. This was primarily due to an increased net loss of $28.1 million adjusted by non-cash charges of $11.5 million, primarily relating to share-based compensation of $10.9 million and depreciation expense, as well as a favorable impact of $7.0 million resulting from the net changes in our operating assets and liabilities. Changes in operating assets and liabilities included (i) a $4.1 million increase in deferred revenues representing unearned amounts resulting primarily from increased maintenance and support sales and (ii) a $7.1 million increase in employee and payroll accrued expenses and operating lease liabilities, net, partially offset by (a) a $2.0 million increase in deferred taxes and other non-current assets, (b) a $1.5 million increase in accounts receivables and (c) a $0.9 million decrease in trade payables and other accounts payables.

54


Net Cash Used in Investing Activities

Investing activities for the year ended December 31, 2020 have consisted primarily of investment in, and proceeds from marketable securities, as well as capital expenditures to purchase property and equipment.

During the year ended December 31, 2020, net cash used in investing activities was $44.4 million was attributable to net purchases of marketable securities of $42.3 million and $2.1 million purchase of capital expenditures to purchase property and equipment for our leased offices.

During the year ended December 31, 2019, net cash used in investing activities was $2.7 million consisting primarily of purchases of property and equipment for our leased offices.

Net Cash Provided by Financing Activities

Net cash provided by financing activities was $0.7 million in the year ended December 31, 2020, consisting of $1.4 million in proceeds from the exercise of employee share options, partially offset by the changes in its related withholding amounts.

Net cash provided by financing activities was $115.8 million in the year ended December 31, 2019, consisting of $115.3 million in proceeds from our initial public offering, which were partially offset by $2.6 million in offering-related expenses. In addition, cash provided by financing activities consisted of $3.3 million in proceeds from the exercise of employee share options and the related withholding amounts.

C.Research and Development, Patents and Licenses, etc.

We conduct our research and development activities primarily in Israel. As of December 31, 2020 our research and development personnel included 178 employees and contractors.

For a description of our research and development policies, see “Item 4.B. Business Overview—Research and development.”

D.Trend Information

Other than as disclosed elsewhere in this annual report, we are not aware of any trends, uncertainties, demands, commitments or events for the period from January 1, 2020 to December 31, 2020 that are reasonably likely to have a material adverse effect on our net revenue, income, profitability, liquidity or capital resources, or that caused the disclosed financial information to be not necessarily indicative of future operating results or financial condition.

E.Off-Balance Sheet Arrangements

We do not currently engage in off-balance sheet financing arrangements. In addition, we do not have any interest in entities referred to as variable interest entities, which includes special purposes entities and other structured finance entities.

55


F.Contractual Obligations

Contractual Obligations

The following table summarizes our contractual obligations as of December 31, 2020:

Total

Less Than

1 Year

1 – 3 Years

4 – 5 Years

More Than

5 Years

(in thousands)

Operating lease obligations

$

30,234

$

4,378

$

8,521

$

7,137

$

10,198

Total

$

30,234

$

4,378

$

8,521

$

7,137

$

10,198

Quantitative and Qualitative Disclosures about Market Risk

We are exposed to market risk in the ordinary course of our business. Market risk represents the risk of loss that may impact our financial position due to adverse changes in financial market prices and rates. Our market risk is primarily a result of fluctuations in foreign currency exchange rates.

ITEM 6.DIRECTORS, SENIOR MANAGEMENT AND EMPLOYEES

A.Directors and Senior Management

Executive Officers and Directors

The following table sets forth the name, age and position of each of our executive officers and directors

Name

Age

Position

Executive Officers

Reuven Kitov

47

Chief Executive Officer, Co-Founder and Chairman of the Board

Reuven Harrison

51

Chief Technology Officer, Co-Founder and Director

Jack Wakileh

49

Chief Financial Officer

Yoram Gronich

52

Vice President of Research & Development

Ofer Or

44

Vice President of Products

Raymond Brancato (1)

56

Chief Revenue Officer

Kevin Maloney (2)

66

Senior Vice President of Global Sales

Directors

Tom Schodorf (3)(6)

62

Lead Independent Director

Ohad Finkelstein (6)

60

Director

Yuval Shachar (5)(6)

58

Director

Yair Shamir (5)(6)

75

Director

Edouard Cukierman (5)(6)

56

Director

Peter Campbell (3)(4)(6)

56

Director

Dafna Gruber (3)(4)(5)(6)

56

Director

Brian Gumbel (3)(5)

45

Director

(1)

Serves as our Chief Revenue Officer since January 2021.

(2)

Left Tufin in February 2021.

(3)

Member of our audit committee.

(4)

Member of our compensation committee.

(5)

Member of our nominating and corporate governance committee.

(6)

Independent director under NYSE rules.

56


Reuven Kitov is our Chief Executive Officer, Co-Founder and Chairman of the board of directors, which positions he has held since co-founding Tufin in January 2005. Prior to co-founding Tufin, Mr. Kitov held key project management and development roles at Check Point Software Technologies, Inc. from 1998 to 2003. Mr. Kitov holds a Bachelor of Science degree in Computer Science from the University of Maryland in College Park, Maryland.

Reuven Harrison is our Chief Technology Officer, Co-Founder and a director, which positions he has held since co-founding Tufin in January 2005. Prior to co-founding Tufin, Mr. Harrison held key software developer positions at Check Point Software Technologies, Inc. from 1999 to 2003, as well as other key positions at Capsule Tech, Inc. from 1997 to 1999 and ECS Inc. from 1991 to 1996. Mr. Harrison holds a Bachelor of Arts degree in Mathematics and Philosophy from Tel Aviv University in Israel.

Jack Wakileh is our Chief Financial Officer, which position he has held since July 2013. Prior to joining Tufin, Mr. Wakileh worked as a financial and business consultant for various technology companies from 2010 to 2013. He was a Co-Founder of iSpade Technologies Ltd. and was Chief Financial Officer from 2008 to 2010, Co-Chief Executive Officer of LEADIP Systems Ltd. from 2006 to 2007 and Chief Financial Officer of VCON Telecommunications Ltd. from 1999 to 2005 prior to which he held the Corporate Controller position. Mr. Wakileh holds a Bachelor of Arts degree in Accounting and Economics from Tel Aviv University in Israel and is a Certified Public Accountant.

Kevin Maloney served as our Senior Vice President of Global Sales from July 2015 until he resigned in February 2021. Prior to joining Tufin, Mr. Maloney held senior management positions at Easylink Services International Corporation from December 2007 to July 2012, Network General Corporation from June 2006 to November 2007 and Check Point Software Technologies, Inc. from June 2005 to June 2006. Mr. Maloney holds a Master of Business Administration degree from the Stetson School of Business and Economics at Mercer University in Macon, Georgia and a degree from Wheeling Jesuit University in Wheeling, West Virginia.

Raymond Brancato joined Tufin in January 2021 as our Chief Revenue Officer. He joined Tufin from AnyVision, an artificial intelligence company, where he was Chief Revenue Officer from March 2019 to January 2021. Prior to AnyVision, he held senior sales leadership positions over the course of 10 years with CA Technologies, including Vice President, Senior Vice President and General Manager of Business Unit Sales. Prior to that, he was Vice President of Sales, Americas at Kabira Technologies from April 2007 to March 2009, Director of Sales at BMC Software from November 2002 to April 2007, and Vice President of Sales at Remedy from December 2000 to November 2002. He holds a Bachelor of Science degree in Finance and Management Science from the University of South Carolina.

Yoram Gronich is our Vice President of Research & Development, which position he has held since September 2008. Prior to joining Tufin, Mr. Gronich held software management and engineering positions at Symantec Corporation from 2005 to 2008. He previously held project management and team leader roles at Check Point Software Technologies, Inc. from 2002 to 2005. Mr. Gronich holds a Master of Science degree in Electrical Engineering and a Bachelor of Science degree in Physics and Computer Science each from Tel Aviv University in Israel.

Ofer Or has served as our Vice President of Products since July 2014. Prior to assuming this role, Mr. Or served as our Director of Research & Strategy. Prior to joining Tufin, he held senior product management positions at Check Point Software Technologies, Inc. from 2009 to 2013. Mr. Or also held product marketing and business development positions at Microsoft from 2007 to 2009 and Amdocs Ltd. from 2006 to 2007. Before that, he held several R&D Leadership positions at Check Point Software Technologies, Inc. from 2000 to 2005, and in an elite computer unit of the Israel Defense Forces from 1994 to 2000. Mr. Or holds a Master of Business Administration degree from INSEAD University in Fontainebleau, France, and holds a Master of Arts degree in Law and a Bachelor of Arts degree in Political Science and Sociology, each from Bar Ilan University in Ramat-Gan, Israel.

Ohad Finkelstein has served as a director since January 2011. Mr. Finkelstein serves as Managing Partner of Danli Capital, an investment advisory firm that he founded in 2017. Mr. Finkelstein is the Co-Founding Partner of Marker LLC, which he founded in 2011. Prior to that, from 2005 to 2011, he led international investment for Venrock, an Israeli venture capital firm. He served as the Chairman, Chief Executive Officer and President at Interoute Communications Limited from 1999 to 2003. Mr. Finkelstein holds a Bachelor of Arts degree in Political Science and International Marketing from the University of California, Los Angeles.

57


Yuval Shachar has served as a director since October 2009. Mr. Shachar is the Executive Chairman and Co-Founder of Team8, a venture capital firm specializing in incubation of security companies. Mr. Shachar serves as Founding Venture Partner of Innovation Endeavors, which he joined at its inception, previously serving as an investment partner of its predecessor fund from 2013. Mr. Shachar served as Co-Founding Partner of Marker LLC and its predecessors from 2011. From 2004 to 2009, he served as General Manager of a Cisco business unit in its Service Provider group. Prior to that, Mr. Shachar served as Co-Founder, President and CEO of P-Cube (which was acquired by Cisco), and co-founded each of Pentacom and Infogear (which were each acquired by Cisco). From 1995 to 1998, Mr. Shachar served as Vice President of Research and Development at VocalTec Ltd. (which completed an IPO on The Nasdaq Stock Market, or Nasdaq, in 1996), and previously held key engineering and management positions at National Semiconductors. Mr. Shachar holds a Bachelor of Science degree in Mathematics and Computer Science from Tel Aviv University in Israel.

Yair Shamir has served as a director from 2007 to 2013 and again from October 2018 to present. Mr. Shamir has been a Founding and Managing Partner of Catalyst Investments since its establishment from 1999 to 2013 and again from 2015 to present. Mr. Shamir was elected as a member of the Israeli Parliament (Knesset) and served as Minister of Agriculture of the State of Israel from 2013 to 2015. Mr. Shamir served as the Chairman of the Israeli Road Safety Authorities from September 2018 until November 2020. Prior to that, he served as the Chairman of Board of N.T.A. – Metropolitan Mass Transit System until August 2018. Mr. Shamir served as the Chairman of Israel’s National Roads Company from 2011 to 2012. Mr. Shamir served as the Chairman of Israel Aerospace Industries Ltd. from 2005 until 2011. From 2004 to 2007, Mr. Shamir was the Chairman of Shamir Optical Industry Ltd. From 2004 to 2005, Mr. Shamir served as the Chairman of EL AL. From 1997 to 2004, Mr. Shamir served as the Chief Executive Officer and Chairman of VCON Telecommunications Ltd. Mr. Shamir was a board member of DSP Group Corporation from 2005 to 2013. Mr. Shamir holds a Bachelor of Science degree in Electronics Engineering from the Technion, Israel Institute of Technology in Haifa, Israel.

Edouard Cukierman has served as a director since 2014. Mr. Cukierman has been a Founding and Managing Partner of Catalyst Investments since its establishment in 1999, and has served as the Chairman of Cukierman & Co. Investment House since its establishment. Prior to establishing and managing Catalyst Investments, Mr. Cukierman was the President and Chief Executive Officer of Astra Technological Investments, a Venture Capital Fund established in 1993. Mr. Cukierman serves as a board member of Dori Media Group. He is also is the Founder of the GoforIsrael annual conference. Mr. Cukierman served as a Reserve Officer of the Crisis & Hostage Negotiation Team and IDF Spokesman Unit. Mr. Cukierman holds a Master of Business Administration degree from INSEAD University in Fontainebleau, France and a Bachelor of Science degree from the Technion, Israel Institute of Technology in Haifa, Israel.

Peter Campbell has served as a director since 2019 and served as an external director under the Israeli Companies Law between July 2019 and May 2020. Mr. Campbell served as Chief Financial Officer of Mimecast Ltd. (traded on Nasdaq) from 2006 to 2019, where he also served as a director from 2007 to 2015. He previously served as Chief Financial Officer of SR Telecom Inc., where he was employed from 2002 to 2006. Prior to that, Mr. Campbell was an auditor at Ernst & Young LLP in Canada. Mr. Campbell holds a Bachelor of Commerce degree and a Graduate Diploma in accounting from the John Molson School of Business at Concordia University in Canada, where he also served as a lecturer.

Dafna Gruber has served as a member of our board of directors since 2019 and served as an external director under the Israeli Companies Law between July 2019 and May 2020. Ms. Gruber served as Chief Financial Officer of Aqua Security Ltd. from 2019 to 2021. She previously served as Chief Financial Officer of each of Landa Corporation from 2017 to 2018, Clal Industries Ltd. from 2015 to 2017, NICE Ltd. (traded on Nasdaq and the Tel Aviv Stock Exchange, or TASE) from 2007 to 2015 and Alvarion Ltd. (traded on Nasdaq and TASE) from 1995 to 2007. Ms. Gruber has also been a director, chairman of the audit committee and member of the compensation committee of TAT Technologies Ltd. (traded on Nasdaq and TASE) since 2013 and of Nova Measuring Instruments Ltd. (traded on Nasdaq and TASE) since 2015, and a director, audit and governance Committees member of Cognyte Ltd (traded on Nasdaq) since 2021 Ms. Gruber holds a Bachelor of Arts degree in Accounting and Economics from Tel Aviv University in Israel and is a Certified Public Accountant.

Tom Schodorf has served as a director since 2019 and as lead independent director since May 2020. Mr. Schodorf founded View Consulting LLC, specializing in advisory services for the technology industry, in 2014. He previously served as Senior Vice President of Sales and Field Operations of Splunk Inc. (traded on Nasdaq) from October 2009 to March 2014, and prior to that, he held various sales and executive management positions at BMC Software and IBM. Mr. Schodorf has also been a director of Egnyte since 2018, of OutSystems since 2017, of Rapid7 since 2016 and of Kaseya since 2014. Mr. Schodorf holds a Masters of Business Administration degree from the University of Dayton in Dayton, Ohio and a Bachelor of Science in Business Administration from the Ohio State University in Columbus, Ohio.

Brian Gumbel has served as a director since 2019. Mr. Gumbel currently serves as the Chief Revenue Officer of Armis Inc. Prior to joining Armis, he served as the Chief Revenue Officer for Sisense from October 2019 to April 2020. He previously served as the Senior Vice President of Worldwide Sales at Forescout Technologies Inc., where he held senior management positions from October 2015 to October 2019. Previously, he led sales and operations at Tanium as the Vice President for Americas East and Canada from February 2014 to October 2015. Prior to that, he worked at McAfee from 2007 to 2014 ultimately serving as the Vice President for Americas East and Canada, and at Cisco from 2000 to 2007 in various sales and leadership positions. Mr. Gumbel holds a Bachelor of Science degree in Biology from Marist College in Poughkeepsie, New York.

58


B.Compensation

Compensation of Directors and Executive Officers

The aggregate compensation expensed, including share-based compensation and other compensation expensed by us and our subsidiaries, to our directors and executive officers with respect to the year ended December 31, 2020 was $7.9 million. This amount includes approximately $0.5 million set aside or accrued to provide pension, severance, retirement, or similar benefits.

The table below sets forth the compensation paid to our five most highly compensated office holders (as defined in the Companies Law and described under “Board Practices—Disclosure of Compensation of Executive Officers” below) during or with respect to the year ended December 31, 2020. We refer to the five individuals for whom disclosure is provided herein as our “Covered Executives.”

For purposes of the table and the summary below, “compensation” includes base salary, bonuses, equity-based compensation, retirement or termination payments, benefits and perquisites such as car, phone and social benefits and any undertaking to provide such compensation.

Summary Compensation Table

Information Regarding the Covered Executive(1)

Name and Principal Position(2)

Base Salary

Benefits and Perquisites(3)

Variable Compensation(4)

Equity-Based Compensation(5)

Total

Kevin Maloney, Former Senior Vice President of Global Sales

342,500

68,468

240,000

17,052

668,020

Jack Wakileh, Chief Financial Officer

255,495

86,315

33,689

240,960

616,459

Reuven Kitov, Chief Executive Officer

281,557

53,538

55,008

192,726

582,829

Larry Alston, General Manager of Cloud

245,651

34,227

70,750

228,471

579,099

Raj Motwane, Vice President, Global Services & Support

260,692

54,762

58,965

173,331

547,750

 

(1)

In accordance with Israeli law, all amounts reported in the table are in terms of cost to our company, as recorded in our financial statements.

 

(2)

All current executive officers listed in the table are full-time employees. Cash compensation amounts denominated in currencies other than the U.S. dollar were converted into U.S. dollars at the average conversion rate for the year ended December 31, 2020.

 

(3)

Amounts reported in this column include benefits and perquisites, including those mandated by applicable law. Such benefits and perquisites may include, to the extent applicable to each executive, payments, contributions and/or allocations for savings funds, pension, severance, vacation, car or car allowance, medical insurances and benefits, risk insurances (such as life, disability and accident insurances), convalescence pay, payments for social security, tax gross-up payments and other benefits and perquisites consistent with our guidelines.

 

(4)

Amounts reported in this column refer to Variable Compensation such as earned commission, incentive and bonus payments as recorded in our financial statements for the year ended December 31, 2020.

 

(5)

Amounts reported in this column represent the expense recorded in our financial statements for the year ended December 31, 2020 with respect to equity-based compensation. Assumptions and key variables used in the calculation of such amounts are described in Note 10 to our audited consolidated financial statements, which are included in this annual report.

Employment Agreements with Executive Officers

We have entered into written employment agreements with each of our executive officers. These agreements provide for notice periods of varying duration for termination of the agreement by us or by the relevant executive officer, during which time the executive officer will continue to receive base salary and benefits. These agreements also contain customary provisions regarding noncompetition, confidentiality of information and assignment-of-inventions. However, the enforceability of the noncompetition provisions may be limited under applicable law.

59


Directors’ Service Contracts

There are no arrangements or understandings between us, on the one hand, and any of our directors, on the other hand, providing for benefits upon termination of their employment or service as directors of our company.

Equity Incentive Plans

2007 Israeli Share Option Plan

Effective Date and Shares Reserved.

On October 21, 2007, our board of directors adopted the 2007 Israeli Share Option Plan, or the 2007 Plan. The 2007 Plan generally allowed us to grant options to our employees, directors, officers, consultants, advisors and any other person providing services to us or any of our affiliates. In May 2017, we extended the terms of options held by certain holders under the 2007 Plan by an additional 10 years. Unless earlier terminated pursuant to the original terms of the 2007 Plan, all granted but unexercised options will expire and cease to be exercisable at 5:00 p.m. Israel time on the 10th anniversary of the vesting commencement date of such options. We no longer make awards under the 2007 Plan. As of February 19, 2021, options to purchase a total of 2,495,639 shares were outstanding under the 2007 Plan.

Plan Administration. The 2007 Plan may be administered by our board of directors or a committee thereof. Subject to Israeli law and our amended and restated articles of association or any resolution to the contrary by our board of directors, the administrator is authorized, in its sole and absolute discretion, to exercise all powers and authorities specifically granted to it under the 2007 Plan or necessary or advisable in the administration of the 2007 Plan.

Vesting Terms and Conditions of the Options. Unless otherwise determined by the administrator, options under the 2007 Plan vest and become exercisable as follows: 25% of the shares covered by the options vested on the first anniversary of the vesting commencement date, 1/3 of the remaining shares vest on each subsequent anniversary of the vesting commencement date and all options become fully vested by the fourth anniversary of the vesting commencement date.

Israeli Tax Law. Unless otherwise determined by the administrator, any underlying shares issued upon exercise of options (granted through the “capital gains track through a trustee” in accordance with Section 102(b)(2) of the Israeli Income Tax Ordinance (New Version), 1961, or the Israeli Tax Ordinance), will be held by a trustee until the lapse of the holding period (as defined in the 2007 Plan), or, subject to a tax ruling, until the earlier of a merger (as defined in the 2007 Plan) or an initial public offering. We appointed a trustee to hold the allocated options and underlying shares issued upon the exercise off such options in a trust on behalf of each applicable Israeli grantee. No underlying shares or additional rights we issue to the trustee will be held for a period longer than 20 years after the end of the term of the options.

Termination of Employment or Service. In the event that the employment or service of a grantee terminates (other than by reason of death, disability retirement or for cause), all options of such grantee that are vested but unexercised on the date of the termination may be exercised unless earlier terminated in accordance with their terms and if not previously expired, no later than the earlier of (i) 90 days after such termination and (ii) the term of the option. All other granted options will expire upon such termination. In the event of a grantee’s death during employment or service, or in the event of a grantee’s termination due to retirement or disability, all of the grantee’s vested but unexercised options will be exercisable until the earlier of (i) 180 days after the date of termination of employment and (ii) the term of the option. In the event of a grantee’s termination for cause, all options, whether vested or unvested, will expire.

Merger. In the event of a merger transaction (as defined in the 2007 Plan), the administrator in its sole discretion, will decide (i) if and how the unvested options will be canceled, replaced or accelerated, (ii) if and how vested options will be exercised, replaced and/or sold by us or the trustee on the behalf of Israeli participants and (iii) how underlying shares issued upon exercise of the options and held by the trustee on behalf of Israeli participants will be replaced and/or sold by the trustee on behalf of the Israeli participant.

2008 U.S. Stock Plan

Effective Date and Shares Reserved. On May 25, 2008, our board of directors adopted the 2008 U.S. Stock Plan, or the 2008 Plan. The 2008 Plan generally allowed us to grant nonstatutory share options, incentive share options that satisfied the requirements of Section 422 of the Code, and the sale or award of shares to our employees, outside directors and consultants and those of Tufin Software North America, Inc., as well as any of our other subsidiaries. We no longer make awards under the 2008 Plan. As of February 19, 2021, options to purchase a total of 993,396 shares were outstanding under the 2008 Plan.

Plan Administration. The 2008 Plan may be administered by one or more committees of the board of directors. The entire board of directors may administer the 2008 Plan if no committee is otherwise appointed. Subject to the provisions of the 2008 Plan, the board of directors will have full authority and discretion to take any actions it deems necessary or advisable for the administration of the 2008 Plan. All decisions, interpretations and other actions of the board of directors will be final and binding on all participants.

60


Terms and Conditions of Awards. Any shares issued upon exercise of an option or awarded or sold under the 2008 Plan may be subject to the special forfeiture conditions, rights of repurchase, rights of first refusal and other transfer restrictions as the board of directors may determine.

Options. The 2008 Plan requires that options have an exercise price that is not less than 100% of the fair market value of a share on the grant date. Incentive share options granted to an employee owning more than 10% of our or any of our subsidiaries’ combined voting power will have an exercise price of at least 110% of the fair market value of the share on the grant date. The expiration date of an option may be no later than the 10th anniversary of the date of grant (or the fifth anniversary in the case of incentive share options granted to employees who, at the time of grant, own more than 10% of our or any of our subsidiaries’ combined voting power).

Change in Control. In the event that we are a party to a merger, consolidation, exchange of shares, sale of all or substantially all of its assets or like event, all outstanding options will be subject to the applicable transaction agreement, which will provide for one or more of the following: (i) the continuation of our outstanding options (if we are the surviving corporation); (ii) the assumption of the outstanding option by the surviving corporation or its parent in a manner that complies with Section 424(a) of the Code; (iii) the substitution by the surviving corporation or its parent of new options for the outstanding options in a manner that complies with Section 424(a) of the Code; or (iv) the cancelation of the outstanding options without the payment of any consideration.

2018 U.S. Equity-Based Incentive Plan

Effective Date and Shares Reserved. On April 9, 2018, our board of directors adopted the 2018 U.S. Equity-Based Incentive Plan, or the 2018 Plan. The 2018 Plan generally allowed us to grant options to our employees, directors, executive officers, consultants, advisors and any other person providing services to us or any of our affiliates who are U.S. citizens or who are resident aliens of the United States for U.S. federal income tax purposes. We no longer make awards under the 2018 Plan. As of February 19, 2021 options to purchase a total of 112,279 shares were outstanding under the 2018 Plan.

Plan Administration. The 2018 Plan may be administered by a committee of the board of directors. The entire board of directors may administer the 2018 Plan if no committee is otherwise appointed. Subject to the provisions of the 2018 Plan, the administrator of the 2018 Plan has full authority and discretion to take any actions it deems necessary or advisable for the administration of the 2018 Plan. All decisions, interpretations and other actions of the administrator of the 2018 Plan will be final and binding on all participants, unless otherwise determined by the board of directors.

Options. The 2018 Plan allows for the grant of nonqualified share options and incentive share options that satisfy the requirements of Section 422 of the Code. Each award will be evidenced by an option agreement that will govern such award’s terms and conditions. Only our employees or employees of our parent or subsidiaries are eligible to receive incentive share options. The 2018 Plan requires that incentive share options have an exercise price that is not less than 100% of the fair market value of a share on the grant date and that nonqualified share options have an exercise price equal to the fair market value of a share on the grant date unless the committee administering the 2018 Plan specifies otherwise and the option complies with Section 409A of the Code. Incentive share options granted to an employee owning more than 10% of our or our and our subsidiaries’ combined voting power will have an exercise price of at least 110% of the fair market value of the shares on the grant date. The expiration date of an option may be no later than the 10th anniversary of the date of grant, unless otherwise determined by the committee administering the 2018 Plan (or the fifth anniversary in the case of incentive share options granted to employees who, at the time of grant, own more than 10% of our or our parent’s or subsidiaries’ combined voting power).

Termination of Employment or Service. In the event that the employment or service of a grantee terminates (other than by reason of death, disability or retirement), all awards of such grantee that are unvested at the time of such termination will terminate on the date of such termination, and all awards of such grantee that are vested and exercisable at the time of such termination may, unless earlier terminated in accordance with their terms, be exercised within 12 months after the date of such termination (or such different period as the committee administering the 2018 Plan will prescribe). In the event of a grantee’s death during employment or service or within three months following such grantee’s termination, or in the event of a grantee’s termination due to disability, all of the grantee’s vested awards may be exercised at any time within one year after such death or disability. In the event of a grantee’s retirement, all of the grantee’s vested awards, unless earlier terminated in accordance with their terms, may be exercised at any time within the three month period following such retirement. If we (or our affiliate, when applicable) terminate the grantee’s employment or service for cause, or if at any time during the exercise period, facts or circumstances arise or are discovered with respect to the grantee that would have constituted cause, all awards theretofore granted to such grantee will, to the extent not theretofore exercised, terminate on the date of such termination (or on such subsequent date on which such facts or circumstances arise or are discovered, as the case may be) unless otherwise determined by the committee administering the 2018 Plan.

Merger or Sale. In the event of a merger or sale, unless otherwise determined by the committee administering the 2018 Plan in its sole and absolute discretion, any award then outstanding will be assumed or will be substituted by us or by the successor corporation in the merger or sale or by any affiliate thereof under substantially the same terms as the award. In the event that awards are not assumed or substituted for equivalent awards, the committee administering the 2018 Plan may (i) provide for a grantee to have the right to exercise an award, or otherwise accelerate vesting of an award, as to all or part of the shares covered thereby, including shares covered by the award which would not otherwise be exercisable or vested, and/or (ii) provide for the cancelation of each outstanding award at the closing of the merger or sale, and payment to the grantee. In the event of a merger or sale, the committee administering the 2018 Plan may, without the consent of the grantee, amend, modify or terminate awards as the committee will deem in good faith to be appropriate.

61


2019 Equity-Based Incentive Plan

Effective Date and Shares Reserved. On February 28, 2019, our board of directors approved our 2019 Equity-Based Incentive Plan, or the 2019 Plan, which became effective upon shareholder approval on March 21, 2019. Our 2019 Plan replaced our 2007 Plan and our 2018 Plan, or the Prior Plans, under which further grants will not be made. The 2019 Plan generally allows for the grant of options, restricted shares, restricted share units and other share-based awards to our and our affiliates’ employees, directors, officers, consultants and advisors. The 2019 Plan enables us to issue awards under varying tax regimes, including Section 102 and Section 3(i) awards pursuant to the Israeli Tax Ordinance and incentive stock options within the meaning of Section 422 of the Code. The maximum aggregate number of shares that may be issued pursuant to awards under the 2019 Plan is the sum of (a) 1,833,333 shares plus (b) on January 1 of each calendar year during the term of the 2019 Plan commencing in 2020, a number of shares equal to the lesser of: (i) an amount determined by our board of directors, if so determined prior to the January 1 of the calendar year in which the increase will occur, (ii) 5% of the total number of shares outstanding on December 31 of the immediately preceding calendar year and (iii) 5,000,000 shares.

Additionally, any share (i) underlying an award under the 2019 Plan or the Prior Plans (in an amount not to exceed 813,515 shares under the Prior Plans) that has expired, or was canceled, terminated, forfeited, repurchased or settled in cash in lieu of issuance of shares, for any reason, without having been exercised, (ii) tendered to pay the exercise price of an award (or the exercise price or other purchase price of any option or other award under the Prior Plans), or withholding tax obligations with respect to an award (or any awards under the Prior Plans), or (iii) subject to an award (or any award under the Prior Plans) that is not delivered to a grantee because such shares are withheld to pay the exercise price (or of any award under the Prior Plans), or withholding tax obligations with respect to such award (or such other award) will automatically be available for grant under the 2019 Plan. As of February 19, 2021, options to purchase a total of 2,765,867 shares and 1,286,578 unvested RSUs were outstanding under the 2019 Plan. In addition, our board of directors approved the grant of 1,233,100 RSUs to certain of our employees, which grant became effective on March 1, 2021.

Plan Administration. Either our board of directors or a committee established by our board of directors administers the 2019 Plan, and such administrator will have full authority in its discretion to determine (i) eligible grantees, (ii) grants of awards and setting the terms and provisions of award agreements (which need not be identical) and any other agreements or instruments under which awards are made, including the number of shares underlying each award and the class of shares underlying each award (if more than one class was designated by our board of directors), (iii) the time or times at which awards will be granted, (iv) the terms, conditions and restrictions applicable to each award (which need not be identical) and any shares acquired upon the exercise or (if applicable) vesting thereof, (v) to accelerate, continue, extend or defer the exercisability of any award or the vesting thereof, including with respect to the period following a grantee’s termination of employment or other service, (vi) the interpretation of the 2019 Plan and any award agreement and the meaning, interpretation and applicability of terms referred to in applicable laws, (vii) policies, guidelines, rules and regulations relating to and for carrying out the 2019 Plan, and any amendment, supplement or rescission thereof, as it may deem appropriate, (viii) to adopt supplements to, or alternative versions of, the 2019 Plan, including, without limitation, as it deems necessary or desirable to comply with the laws of, or to accommodate the tax regime or custom of, foreign jurisdictions whose citizens or residents may be granted awards, (ix) the fair market value of the shares or other property, (x) the tax track (capital gains, ordinary income track or any other track available under the Section 102 of the Israeli Tax Ordinance) for the purpose of Section 102 to the Israeli Tax Ordinance, (xi) the authorization and approval of conversion, substitution, cancelation or suspension under and in accordance with the 2019 Plan of any or all awards or shares, (xii) the amendment, modification, waiver or supplement of the terms of each outstanding award (with the consent of the applicable grantee, if such amendments refers to the increase of the exercise price of awards or reduction of the number of shared underlying an award (but, in each case, other than as a result of an adjustment or exercise of rights in accordance with the provisions of the 2019 Plan) unless otherwise provided under the terms of the 2019 Plan, (xiii) without limiting the generality of the foregoing, and subject to the provisions of applicable law, to grant to a grantee who is the holder of an outstanding award, in exchange for the cancelation of such award, a new award having an exercise price lower than that provided in the award so canceled and containing such other terms and conditions as the committee may prescribe in accordance with the provisions of the 2019 Plan or to set a new exercise price for the same award lower than that previously provided in the award, (xiv) to correct any defect, supply any omission or reconcile any inconsistency in the 2019 Plan or any award agreement and all other determinations and take such other actions with respect to the 2019 Plan or any award as it may deem advisable to the extent not inconsistent with the provisions of the 2019 Plan or applicable law, (xv) to designate any of our officers or other persons to manage the day to day administration of the awards granted under the 2019 Plan or authorize any of them to act on behalf of the committee with respect to any matter, right, obligation, determination or election which is the responsibility of or which is allocated to the committee herein, (xvi) to determine that awards, shares issuable upon the exercise or (if applicable) vesting of awards and/or any securities issued or distributed with respect thereto, shall be allocated or issued to, or held by, the representative in trust for the benefit of the grantees and (xvii) any other matter which is necessary or desirable for, or incidental to, the administration of the 2019 Plan and any award thereunder. The board of directors and the committee need not take the same action or determination with respect to all awards, with respect to certain types of awards, with respect to all service providers or any certain type of service providers and actions and determinations may differ as among the grantees, and as between the grantees and any other holders of our securities. The board of directors may, at any time, suspend, terminate, modify, or amend the 2019 Plan, whether retroactively or prospectively.

62


Types and Terms and Conditions of Awards. The committee may grant awards intended to qualify as an incentive stock option, non-qualified stock option, Section 102 award, Section 3(i) award, or other designations under other regimes. The 2019 Plan generally requires that incentive stock options have an exercise price that is not less than 100% of the fair market value of a share underlying such options or 110% in case of an employee who at the time of the grant owns shares possessing more than 10% of the total combined voting power of all classes of our shares or of any of our subsidiaries on the date of grant of such options or such other price as may be determined pursuant to the Code. The exercise price of any other awards granted will be determined by the committee.

The exercise period of an option award will be 10 years from the date of grant of the award unless otherwise determined by the committee, but subject to the vesting and the early termination provisions, provided that the period of an incentive stock option granted to an employee who at the time of the grant owns shares possessing more than 10% of the total combined voting power of all classes of our shares or of any of our subsidiaries, shall not exceed five years from the date of grant. Except as described below, an award generally may not be exercised unless the grantee is then in our employ or service and unless the grantee has remained continuously so employed since the date of grant of the award and throughout the vesting dates. In the event that the employment or service of a grantee terminates (other than by reason of death, disability or retirement), unless otherwise determined by the committee, all awards of such grantee that are unvested at the time of such termination shall terminate on the date of such termination, and all awards of such grantee that are vested and exercisable at the time of such termination may, unless earlier terminated in accordance with their terms, be exercised within up to three months after the date of such termination (or such different period as the committee will prescribe), but in any event no later than the date of expiration of the award’s term as set forth in the award agreement or pursuant to this 2019 Plan. In the event of a grantee’s death during employment or service or within three months following such grantee’s termination, (or such longer period as determined by the committee), or in the event of a grantee’s termination due to disability, all of the grantee’s vested awards may be exercised at any time within one year after such death or disability (or such longer period as determined by the committee). In the event of a grantee’s retirement, all of the grantee’s vested awards, unless earlier terminated in accordance with their terms, may be exercised at any time within the three month period following such retirement (or such different period as the committee shall prescribe). If we (or our affiliate, when applicable) terminate the grantee’s employment or service for cause (as defined in the 2019 Plan), or if at any time during the exercise period (whether prior to and after termination of employment or service, and whether or not the grantee’s employment or service is terminated by either party as a result thereof), facts or circumstances arise or are discovered with respect to the grantee that would have constituted cause, all awards theretofore granted to such grantee (whether vested or not) shall, to the extent not theretofore exercised, terminate on the date of such termination (or on such subsequent date on which such facts or circumstances arise or are discovered, as the case may be) unless otherwise determined by the committee.

Section 102 of the Israeli Tax Ordinance allows our employees, directors and executive officers who are not controlling shareholders and are Israeli residents for tax purposes to receive favorable tax treatment for share-based awards. Section 102 includes two alternatives for tax treatment involving the issuance of awards to a trustee for the benefit of the grantees and also includes an additional alternative for the issuance of awards directly to the grantee. We elected the “capital gain track” pursuant to Section 102(b)(2) of the Israeli Tax Ordinance for grants to eligible Israeli grantees as provided above, which may allow favorable tax treatment for such grantees. In order to comply with the terms of the capital gain track, all awards granted under the 2019 Plan and subject to the provisions of Section 102 of the Israeli Tax Ordinance, as well as the shares issued upon exercise of such awards and any rights granted thereunder, including bonus shares, must be registered in the name of a trustee selected by the board and held in trust for the benefit of the relevant grantee for the requisite period prescribed by the Israeli Tax Ordinance or such longer period as set by the committee. The trustee may release these awards or shares to the holders thereof after the expiration of the required statutory holding period, provided that the trustee has received an acknowledgment from the Israeli Tax Authority that the grantee paid all applicable taxes, or the trustee and/or us and/or our affiliate withholds all applicable taxes and compulsory payments due. Our non-employee service providers and controlling shareholders may only be granted options or RSUs under Section 3(i) of the Israeli Tax Ordinance, which will be taxed as ordinary income upon the exercise of such awards into shares.

The administrator may grant restricted share units, or RSUs, under the 2019 Plan, which are awards covering a number of shares that are settled, if vested, by issuance of those shares. The award agreement for any restricted shares granted will provide the vesting schedule and purchase price, if any, for the restricted shares. If a grantee’s employment or services to us or any of our affiliates terminates for any reason prior to the vesting of such grantee’s restricted shares, any shares that remain subject to vesting will be forfeited by such grantee. No payment of exercise price (subject to applicable law and the terms of the award agreement) will be required as consideration for RSUs.

63


The administrator may grant other awards under the 2019 Plan, including shares (which may, but need not, be restricted shares), cash, a combination of cash and shares, awards denominated in share units, and share appreciation rights. However, to qualify as Section 102 or Section 3(i) awards pursuant to the Israeli Tax Ordinance, the award must be share-based compensation only and not cash compensation or any award that is settled in cash.

Adjustment Provisions. In the event of a division or subdivision of our outstanding share capital, any distribution of bonus shares (share split), consolidation or combination of our share capital (reverse stock split), reclassification with respect to our shares or any similar recapitalization events, a merger (including, a reverse merger and a reverse triangular merger), consolidation, amalgamation or like transaction of us with or into another corporation, reorganization (which may include a combination or exchange of shares, spin-off or other corporate divestiture or division, or other similar occurrences), the committee shall have the authority to make, without the need for a consent of any holder of an award, such adjustments as determined by the committee to be appropriate, in its discretion, in order to adjust (i) the number and class of shares reserved and available for grants of awards, (ii) the number and class of shares covered by outstanding awards, (iii) the exercise price per share covered by any award, (iv) the terms and conditions concerning vesting and exercisability and the term and duration of the outstanding awards and (v) any other terms of the award that in the opinion of the committee should be adjusted.

In the event of (i) a sale of all or substantially all of our assets, or a sale (including an exchange) of all or substantially all of our shares, to any person, or a purchase by any of our shareholders or by an affiliate of such shareholder, of all or substantially all of our shares held by all or substantially all other shareholders or by other shareholders who are not affiliated with such acquiring party; (ii) a merger (including, a reverse merger and a reverse triangular merger), consolidation, amalgamation or like transaction of us with or into another corporation; (iii) a scheme of arrangement for the purpose of effecting such sale, merger, consolidation, amalgamation or other transaction; (iv) change in board event, which means any time at which individuals who, as of the effective date of the 2019 Plan, constitute the incumbent board cease for any reason to constitute at least a majority of the board; provided, however, that any individual becoming a director subsequent to the effective date of the 2019 Plan whose election, or nomination for election by our shareholders, was approved by a vote of at least a majority of the directors then comprising the incumbent board shall be considered as though such individual were a member of the incumbent board, but excluding, for this purpose, any such individual whose initial assumption of office occurs as a result of an actual or threatened election contest with respect to the election or removal of directors or other actual or threatened solicitation of proxies or consents by or on behalf of a person other than the board; (v) approval by our shareholders of a complete liquidation or dissolution of the company; or (vi) such other transaction or set of circumstances that is determined by the board (being the incumbent board in case of a change in board event), in its discretion, to be a transaction subject to these provisions of the 2019 Plan; excluding any of the above transactions in clauses (i) through (v) if the board (being the incumbent board in case of a change in board event) determines that such transaction should be excluded from the definition hereof and the applicability of this provision of the 2019 Plan, any award then outstanding will be assumed or will be substituted by us or by the successor corporation in such change in control or by any affiliate thereof, as determined by the committee in its discretion, under terms as determined by the committee or the terms of the 2019 Plan applied by the successor corporation to such assumed or substituted award, unless otherwise determined by the sole and absolute discretion of the committee. Regardless of whether awards are assumed or substituted the committee may (but will not be obligated to), in its sole discretion: (a) provide for grantees to have the right to exercise their awards or otherwise for the acceleration of vesting of award in respect of all or part of the shares covered by the awards which would not otherwise be exercisable or vested, under such terms and conditions as the committee will determine, including the cancelation of all unexercised awards (whether vested or unvested) upon or immediately prior to the closing of the change in control; and/or (b) provide for the cancelation of each outstanding and unexercised award at or immediately prior to the closing of the change in control, and payment to the grantees of an amount in cash, our shares, the acquirer or of a corporation or other business entity which is a party to the change in control or other property, as determined by the committee to be fair in the circumstances, and subject to such terms and conditions as determined by the committee. Notwithstanding the foregoing, in the event of change in control, the committee may determine, in its sole discretion, that upon completion of such change in control, the terms of any award be otherwise amended, modified or terminated, as the committee deems in good faith to be appropriate.

Miscellaneous Provisions. Awards under the 2019 Plan are not transferable other than by will or by the laws of descent and distribution or to a grantee’s designated beneficiary, unless, in the case of awards other than incentive stock options, otherwise determined by our committee or under the 2019 Plan, and generally expire 10 years following the grant date. The board of directors may at any time amend, suspend, terminate or modify the 2019 Plan and the administrator may at any time modify or amend any award under the 2019 Plan.

C.Board Practices

Corporate Governance Practices

Under the Israeli Companies Law, companies incorporated under the laws of the State of Israel whose shares are publicly traded, including companies with shares listed on the NYSE, are considered public companies under Israeli law and are required to comply with various corporate governance requirements under Israeli law relating to matters such as external directors, the audit committee, the compensation committee and an internal auditor. This is the case even though our shares are not listed on a stock exchange in Israel. Subject to certain exceptions, these requirements are in addition to the corporate governance requirements imposed by NYSE rules and other applicable provisions of U.S. securities laws to which we are subject (as a foreign private issuer). Under NYSE rules, a foreign private issuer, such as us, may generally follow its home country rules of cor