UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

WASHINGTON, D.C. 20549

 

 

 

FORM 10-K

 

 

 

x ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

 

For the fiscal year ended December 31, 2018

 

OR

 

¨ TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

 

For the transition period from                       to                     

 

Commission file number: 000–26495

 

 

 

CYREN LTD.

(Exact name of Registrant as specified in its charter)

 

 

 

Israel   Not applicable
(State or other jurisdiction of   (I.R.S. Employer
incorporation or organization)   Identification No.)

 

10 Ha-Menofim St., 5th Floor    
Herzliya, Israel   4672561
(Address of principal executive offices)   (Zip Code)

 

Registrant’s telephone number, including area code 011–972–9–863–6888

 

 

 

Securities registered pursuant to Section 12(b) of the Act:

 

Title of Each Class   Name of Each Exchange on Which Registered
Ordinary Shares, par value ILS 0.15 per share   Nasdaq Capital Market

 

Securities registered pursuant to Section 12(g) of the Act:

None

 

 

 

Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act.    Yes ☐    No ☒

 

Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Exchange Act.    Yes ☐    No ☒

 

Indicate by check mark whether the Registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the Registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days.    Yes ☒    No ☐

 

Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T during the preceding 12 months (or for such shorter period that the registrant was required to submit such files).    Yes ☒    No ☐

 

Indicate by check mark if disclosure of delinquent filers pursuant to Item 405 of Regulation S-K is not contained herein, and will not be contained, to the best of Registrant’s knowledge, in definitive proxy or information statements incorporated by reference in Part III of this Form 10-K or any amendment to this Form 10-K.  ☒

 

Indicate by check mark whether the Registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.

 

Large accelerated filer Accelerated filer
Non-Accelerated filer Smaller reporting company
    Emerging growth company

 

If an emerging growth company, indicate by checkmark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act.  ☐

 

Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act)    Yes ☐    No ☒

 

The aggregate market value of the voting stock held by non-affiliates of the Registrant was approximately $73.7 million as of June 29, 2018.

 

The number of shares outstanding of the Registrant’s ordinary shares (as of February 28, 2019): Ordinary Shares — 54,217,357.

 

Documents Incorporated By Reference

 

None

 

 

 

 

 

Table of Contents

 

    Page
PART I  
     
ITEM 1. BUSINESS 1
ITEM 1A. RISK FACTORS 14
ITEM 1B. UNRESOLVED STAFF COMMENTS 33
ITEM 2. PROPERTIES 33
ITEM 3. LEGAL PROCEEDINGS 34
ITEM 4. MINE SAFETY DISCLOSURE 34
 
PART II  
     
ITEM 5. MARKET FOR REGISTRANT’S COMMON EQUITY, RELATED STOCKHOLDER MATTERS AND ISSUER PURCHASES OF EQUITY SECURITIES 35
ITEM 6. SELECTED FINANCIAL DATA 35
ITEM 7. MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS 36
ITEM 7A. QUANTITATIVE AND QUALITATIVE DISCLOSURES ABOUT MARKET RISK 48
ITEM 8. FINANCIAL STATEMENTS AND SUPPLEMENTARY DATA 50
ITEM 9. CHANGES IN AND DISAGREEMENTS WITH ACCOUNTANTS ON ACCOUNTING AND FINANCIAL DISCLOSURE 50
ITEM 9A. CONTROLS AND PROCEDURES 50
 
PART III  
     
ITEM 10. DIRECTORS, EXECUTIVE OFFICERS AND CORPORATE GOVERNANCE 52
ITEM 11. EXECUTIVE COMPENSATION 58
ITEM 12. SECURITY OWNERSHIP OF CERTAIN BENEFICIAL OWNERS AND MANAGEMENT AND RELATED STOCKHOLDER MATTERS 67
ITEM 13. CERTAIN RELATIONSHIPS AND RELATED TRANSACTIONS, AND DIRECTOR INDEPENDENCE 69
ITEM 14. PRINCIPAL ACCOUNTING FEES AND SERVICES 72
 
PART IV  
     
ITEM 15. EXHIBITS, FINANCIAL STATEMENT SCHEDULES 73
ITEM 16. FORM 10-K SUMMARY 73
   
SIGNATURES 74

 

i

 

 

ITEM 1. BUSINESS

 

Unless otherwise indicated, all references in this document to “Cyren”, “the Company,” “we,” “us” or “our” are to Cyren Ltd., and its consolidated subsidiaries, namely Cyren Inc., Cyren Iceland hf, Cyren UK Ltd., and Cyren Gesellschaft mbH.

 

General

 

Purpose built for the cloud, Cyren is an early pioneer and leading innovator of SaaS security solutions that protect businesses, their employees and customers from threats on the web, in email and on mobile devices. Our mission is to protect people and organizations from cyber threats when they use the internet.

 

Cyren’s cloud-first approach to security sets us apart from other vendors in the market. Cyren is an internet security company that is delivering security results that are disrupting legacy vendors and appliance-based solutions. Our security solutions are architected around the fundamental belief that internet security is a race against time – and the cloud best enables the speed, sophistication and advanced automation needed to detect and block threats as they emerge on the internet. As more and more businesses move their data and applications to the cloud, they need a security provider that is able to keep pace.

  

Today’s internet threats are faster and stealthier than ever. As cybercrime has become more sophisticated, every malware, phishing and ransomware variant is unique, making it more difficult to detect and block attacks. While organizations have traditionally protected their users with gateway security appliances at their network perimeter, more frequent and evasive attacks combined with a more distributed workforce are reducing the effectiveness of this approach. Traditional appliances lack the real-time threat intelligence and processing power to detect emerging threats, and the growth of mobile devices and an increasingly distributed workforce mean that more and more business is conducted outside of the traditional network perimeter. As a result, when new attacks appear in a matter of seconds, legacy appliances can leave companies vulnerable for hours, days or even weeks.

 

Cyren’s security cloud delivers faster detection and protection, with SaaS security solutions that inspect web and email traffic before it reaches a user’s browser or inbox – often identifying and blocking threats in just seconds. Our SaaS solutions are easy to deploy and manage, delivering critical security and faster innovation, for a low total cost of ownership. In May 2018, Cyren launched its most recent version Cyren Cloud Security (CCS 4.5) which added GDPR features to its single globally operated security as a service platform which consisted of Cyren Web Security (CWS), Cyren Email Security (CES), Cyren DNS security and Cloud Sandboxing. In April 2018, Cyren also announced that its Threat Intelligence Services and GlobalView™, security intelligence cloud would be integrated into the Microsoft Office 365 network in order to help combat malicious email, and complement Microsoft’s real-time detection of the latest email threats and potentially harmful URLs. In September 2018, Cyren launched its GoCloud Partner Program, a new global channel program that provides resellers, managed service providers, and distributors with the opportunity to partner with Cyren and add Cyren’s cloud security solutions to their portfolios.

 

Our Offerings

 

Cyren’s cloud security services are delivered via two security platforms:

 

Cyren Cloud Security (CCS) – this SaaS security platform is designed for enterprise customers, and is sold either directly or through channel partners. Cyren Cloud Security (CCS) services currently include Web Security (CWS), Email Security (CES), DNS Security, and Cloud Sandboxing. Cyren expects to release two additional enterprise products on the CCS platform in 2019, which are further detailed below.

 

Cyren Threat Intelligence Services (TIS) – this platform offers cloud-based cyber threat detection APIs, and SDKs to many of the world’s leading technology and security vendors. Cyren Threat Intelligence Services include Email Security, Web Security, Endpoint Security, and Advanced Threat Protection.

 

1

 

 

These platforms are powered by Cyren GlobalView, Cyren’s global security cloud (see Figure 1 below) that identifies emerging threats in real time. GlobalView analyzes over 25 billion security transactions each day, using big data analytics, artificial intelligence, machine learning and advanced heuristics to rapidly detect and prevent sophisticated attacks. By inspecting internet traffic in the cloud, Cyren identifies and automatically blocks threats as they emerge on the internet, stopping threats in seconds before they reach users. Google, Microsoft and Check Point are just a few of the organizations that depend on Cyren to power their security infrastructure.

 

 

Figure 1: The Cyren GlobalView security cloud applies advanced detection engines against massive volumes of security transactions in real time to identify emerging cyber threats in seconds.

 

Cyren GlobalView

 

With massive volumes of enterprise and consumer traffic from more than 180 countries, GlobalView is able to see and analyze emerging threats on the internet within seconds. The key to GlobalView’s detections capabilities include:

 

(i) Massive Security Data – Everyday, Cyren processes more than 25 billion security transactions generated by over 1.3 billion users worldwide to detect cyber threats as they emerge – including thousands of new, never-been-seen malicious IP addresses, phishing sites and URLs. As a result, Cyren is able to identify new and emerging threats in seconds.

 

(ii) Comprehensive Detection Technologies – Cyren’s proprietary detection engines leverage big data analytics, advanced heuristics, patented Recurrent Pattern Detection (RPD), behavioral sandboxing, and machine learning, all tied together in a single-pass streaming architecture that applies these detection techniques in parallel. Distributed, massively scalable, and fault tolerant, this approach delivers fully automated real-time threat identification with zero human intervention across web, DNS, email, and files.

 

(iii) Advanced Cyber Intelligence – Real-time, actionable cyber intelligence services are used by over 100 technology and security providers including Google, Microsoft and Check Point. The breadth and accuracy of our security cloud identifies and blocks more than 300 million threats each day, and enables protection from malicious messages, hosts and websites, and instantly automates protection for all users.

 

2

 

 

 

Figure 2: Cyren Cloud Security is a 100% cloud-delivered SaaS security platform.

   

Cyren Cloud Security:

 

Cyren Cloud Security (CCS) offers enterprise customers a broad set of internet security services from a common integrated platform (see Figure 2 above), referred to by some in the industry as a “secure internet gateway”. The services include Cyren Web Security (a SaaS secure web gateway), Cyren Email Security (a SaaS secure email gateway), Cyren DNS Security (a SaaS DNS web filtering solution), and Cyren Cloud Sandboxing (an advanced threat protection service integrated into Cyren Web Security and Cyren Email Security, and also available as a standalone service). These products are all available on the CCS platform, leveraging shared threat detection services, a common policy framework, integrated reporting, customer onboarding and license management. Each of these service offerings may be purchased separately, or as part of a bundled suite. All products are sold on a per-user SaaS subscription model, providing customers with a quick-to-deploy, easy-to-manage solution and a low total cost of ownership.

 

Cyren has also announced its intention to release two new enterprise-focused product offerings on the CCS platform in 2019:

 

Cyren Web Security (CWS) – provides enforcement of web policy and state-of-the-art threat protection for business users, with intrinsic SaaS simplicity: quick to deploy, easy to manage, comprehensive in coverage, and requiring just a subscription to start. Cyren Web Security offers multilayered proxy-based defense-in-depth, protecting organizations from a broad range of threats including ransomware, malicious URLs, phishing attacks, viruses, zero-day malware, botnets, and much more. 

 

3

 

 

Cyren Email Security (CES) a comprehensive cloud-based secure email gateway that works well with both on premise and cloud-based business email, Cyren Email Security filters an organization’s inbound and outbound email to protect users from cyber threats and spam, and offers email archiving for easier eDiscovery and regulatory compliance. Inbound email security protects against malware, phishing, business email compromise, and more, with advanced threat protection from cloud sandboxing, malware outbreak protection and time-of-click analysis. Support for SPF (Sender Policy Framework) provides sender validation to prevent email spoofing, while policy-based encryption protects sensitive email communications. Outbound protections block botnet-infected devices from sending malware or spam from a customer’s domain.

 

Cyren DNS Security – keeps users safe from web-borne threats and blocks inappropriate content with a cloud service which is easy to deploy and simple to manage. Cyren DNS Security allows businesses to quickly and easily protect employees at headquarters, visitors in remote offices, customers at retail stores, or students on a campus. Featuring a simple policy-based set-up, businesses can block malicious phishing and botnet sites, stop people from accessing specific types of websites, enforce “safe search,” and ensure a positive web experience for users.

 

Cyren Sandboxing an advanced layer of security that augments Cyren’s web and email security services, Cyren Sandboxing protects businesses against breaches and data loss from today’s most sophisticated and evasive threats. Cyren Sandboxing “detonates” suspicious files and URLs to determine if they are malicious, even threats that have never been seen before, including zero-day exploits, targeted attacks, and advanced persistent threats. Because these kinds of threats are increasingly “sandbox aware” as hackers use diverse strategies to evade detection by traditional sandboxing appliances, Cyren’s unique cloud sandbox array technology (see Figure 3 below) automatically detonates these malicious files and embedded URLs across multiple different sandboxes until they express their full set of behaviors.

 

 

Figure 3: Cyren’s patent-pending cloud sandbox array technology continues to detonate suspicious files until their full malicious behavior has been expressed.

 

Cyren Inbox Security (CIS) – This new enterprise anti-phishing service leverages the technology Cyren developed for Microsoft Office 365. Expected to be available during mid-2019, we anticipate it will offer a huge leap forward for enterprises who are struggling to deal with the ongoing problem of phishing attacks. Unlike existing email security solutions on the market, we expect Cyren Inbox Security will be able to proactively remediate and remove phishing emails after they have been delivered to a user’s mailbox, regardless of who the company is using as an email gateway for their primary level of protection.

 

4

 

 

Cyren Web Security for Windows Defender ATP – In January 2019, Cyren announced a partnership with Microsoft to integrate Cyren’s web security technology directly into the Windows Defender Advanced Threat Protection (ATP) platform. Microsoft currently bundles its Windows Defender endpoint security solution within Windows 10, as a free alternative to other antimalware solutions. However, the Windows Defender ATP platform is a premium paid service that is targeted at large enterprise customers, and Microsoft is developing an ecosystem of security vendors to deliver enhanced security solutions. Cyren was selected as Microsoft’s premiere partner to add web security technology into the Windows Defender ATP platform, and is working jointly with Microsoft to integrate Cyren’s web security technology directly into Windows Defender ATP. The new integrated offering will initially be made available as a private preview with a select set of enterprise customers during the first half of 2019, with the goal of reaching general availability for all Windows Defender ATP customers later in the year. This solution will complement Cyren’s existing web security offerings which include either a full proxy or DNS-only solution delivered through Cyren Cloud Security.

 

Threat Intelligence Services

 

Used and trusted by many of the world’s leading technology, network and security vendors, Cyren Threat Intelligence Services empower technology companies with the real-time detection capabilities of our GlobalView threat intelligence network, backed by a dedicated technical and commercial support model. Our globally comprehensive and unique insights into current and emerging threats are provided as individual cyber intelligence services in four service categories:

 

Email Security – Our embedded email security includes a complete set of protection that can be deployed in a wide range of configurations. Suitable as a core security offering or as a complementary layer, the flexible engine easily integrates into existing platforms, minimizing costs, without affecting performance. Available services include:

 

Anti-Spam Inbound Service

 

Anti-Spam Outbound Service

 

URL Filtering

 

IP Reputation Service for Email

 

Virus Outbreak Detection

 

Antimalware

 

Web Security – Our comprehensive web security delivers real-time threat intelligence in various configurations for robust, integrated and automated threat detection that delivers a superior view of threats as they emerge. Our intelligence platform automatically investigates IPs, domains, hosts and files associated with suspect behaviors and maintains risk scores that enable rapid reclassification of entities based on associated activity. Available services include:

 

Cyren Antimalware

 

URL Filtering

 

DNS Security

 

Endpoint Security – Cyren’s Endpoint Security detects malware on a variety of endpoints, including mobile devices and embedded operating system devices though a variety of capabilities, including:

 

Antimalware for Mobile

 

5

 

 

URL Filtering for Mobile

 

Antimalware for Next-Gen Endpoint solutions

 

Inbound and Outbound IoT Gateway protection

 

Advanced Threat Protection – As cybercrime becomes faster and more sophisticated, Cyren’s embedded Advanced Threat Protection (ATP) delivers superb intelligence and detection of the most advanced cyber threats. Ideal for a range of partners, including mobile device management (MDM) platforms, business app developers, security vendors, app stores, device manufacturers and mobile operators, ATP includes reliable and proven tools for combating mobile malware, ransomware and other web-borne threats, including:

 

Real-Time Phishing Intelligence

 

Real-Time Malware Intelligence

 

Real-Time IP Intelligence

 

Cloud Threat Lookup

 

Cloud Sandbox Array

 

Real Time Phishing and Fraud Intelligence

 

Sales and Marketing

 

Cyren’s cloud security solutions are sold into two markets:

 

Enterprise SaaS.

 

o In this market segment, enterprise customers purchase our CCS web and email security solutions to protect their employees, data and IP.

 

OEM/embedded security partners.

 

o In this market segment, our partners integrate Cyren Threat Intelligence Services and cloud detection services into their infrastructure or security products to protect their customers and users.

 

Enterprise SaaS Market

 

Sales

 

Our sales and marketing programs are organized by geographic regions, including EMEA, North America, and Asia Pacific. We organize our sales force into teams that focus on large enterprises (3,000 employees and above), and mid-sized organizations (200 - 3,000 employees).

 

We sell through both direct and indirect channels, including value added resellers and managed service providers:

 

Direct sales . We market and sell our solutions to enterprise customers directly through our field and inside sales teams, as well as indirectly through a co-selling model where our sales organization actively assists our network of distributors and resellers. Our sales personnel are primarily located in North America and EMEA.

 

6

 

 

Reseller channel . We engage our value added resellers via a two-tier distribution model, where resellers purchase Cyren services through their distribution partner, as opposed to directly from us, and distributors provide sales support services such as technical support, education, training and financial services. Our reseller partners maintain relationships with their customers throughout the territories in which they operate, providing them with services and third-party solutions to help meet their evolving security requirements. As such, these partners act as a direct conduit through which we can connect with these prospective customers to offer our solutions. Our channel distribution partners include security and cloud-centric distributors such as Arrow Electronics, One Distribution, ALSO and Synnex.

 

Managed service providers . Unlike many other security products on the market today, Cyren’s CCS platform is architected as an integrated platform offering multi-tenant cloud services and delegated administration. This enables our MSP partners to operate our services on behalf of multiple customers, allowing them to deliver turnkey internet security services to their customer bases. Our MSP distribution partners include security and cloud-centric distributors such as Daisy and Arrow Electronics.

 

Marketing

 

We have a number of marketing initiatives to build awareness about our solutions and encourage customer adoption of our solutions. Our marketing programs include a variety of digital marketing, advertising, conferences, events, white-papers, public relations activities and web-based seminar campaigns targeted at key decision makers within our prospective customers. We offer free online diagnostic tools to identify security gaps, free trials, and competitive evaluations to allow prospective customers to experience the quality of our solutions, to learn in detail about the features and functionality of our suite, and to quantify the potential benefits of our solutions.

 

In addition, we create integrated sales and marketing programs targeting specific market segments, including vertical markets and competitive/disruption campaigns. This target-market approach enables us to provide a higher level of service and understanding of our customers’ unique needs, including the industry-specific business and regulatory requirements in their industries, as well as specific pain points and limitations of their incumbent legacy appliance solutions.

 

OEM/Embedded Security Partner Market

 

Sales

 

We target two segments to primarily sell our Threat Intelligence Services within this embedded solutions market:

 

Service providers . Organizations offering internet access or email services that need to protect their customers from internet threats. For these partners, we offer carrier-class email security, web security, and advanced threat protection services that can be integrated into their large-scale, high performance infrastructures. Cyren customers in this segment include Microsoft, Google and Deutsche Telekom.

 

Security vendors . Network equipment and security vendors offering endpoint, gateway, and cloud-based solutions that need to augment their security capabilities, or integrate third party best-of-breed internet security capabilities into their products. For these partners, we offer cloud-based APIs and SDKs for email security, web security, endpoint protection, and advanced threat protection that can be integrated into their on premise appliances or cloud solutions. Cyren customers in this segment include Check Point, Forcepoint, and Dell SonicWALL.

 

Our sales team for these segments are organized by geographic regions, including EMEA, North America, and Asia Pacific. The sales process for these segments entails consultative, technical business development engagements working with partner product management and engineering teams to architect and integrate our solutions into their products. Our install base of partners is comprised of roughly 100 OEM partners, many of whom consume multiple services and have been customers of Cyren for over 10 years.

 

7

 

 

Intellectual Property

 

We regard our patented and patent pending anti-spam and antivirus technology, copyrights, service marks, trademarks, trade secrets and similar intellectual property as critical to our success, and rely on patent, trademark and copyright law, trade secret protection and confidentiality and/or license agreements with our employees, customers, partners and others to protect our proprietary rights.

 

In 2004, we purchased a United States patent, U.S. Patent No. 6,330,590 that relates to the Recurrent Pattern Detection (RPD) technology used in many of our security solutions. During 2006, we filed a provisional patent application in the United States relating to the prevention of spam in streaming systems or, in other words, unwanted conversational media sessions (i.e., voice and video related). This provisional application was converted to a formal patent application and that application was then divided into three applications. The United States Patent and Trademark Office granted the original application as United States Patent No. 7,849,186. The three divisional patents were also subsequently granted as United States Patent No. 7,991,919, United States Patent No. 8,190,737 and United States Patent No. 8,195,795, all of which have a term concurrent with US Patent No. 7,849,186.  In 2016, we filed a provisional patent application in the United States relating to a multi-sandbox array that utilizes unique intellectual property we developed in support of our cyber threat protection capabilities. In February 2017, we converted this provisional application into patent applications for the multi-sandbox array in the United States, Europe and Israel which are currently in various stages of prosecution.  In July 2018 we filed a provisional patent application in the United States relating to phishing detection systems and methods we developed in support of our anti-phishing capabilities.  We may seek to patent certain additional software or other technology in the future.

 

We have trademarks for our company name “Cyren” and we are also maintaining our registered trademark for “Commtouch”, which is registered in the U.S., Canada, Israel, European Union and China. Through acquisition, we also acquired registered trademarks such as “FRISK”, “F-PROT”, “eleven”, “Expurgate” and “Command Antimalware”. We may allow certain of these trademarks to lapse over time. Since at least September 2003, we have claimed common law trademark rights in “RPD” and “Recurrent Pattern Detection”, as applicable to our messaging security solutions. We have also been claiming common law trademark rights in “Zero-Hour” in relation to our virus outbreak detection product (and more recently one of our web security products) and “GlobalView” in relation to our Internet Protocol, or IP, reputation and web security products, as well as our “cloud computing” network infrastructure.  

 

It may be possible for unauthorized third parties to copy or reverse engineer certain portions of our products or obtain and use information that we regard as proprietary. In addition, the laws of some foreign countries do not protect proprietary rights to the same extent as do the laws of the United States. There can be no assurance that our means of protecting our proprietary rights in the United States, Europe or elsewhere will be adequate or that competing companies will not independently develop similar technology.

 

Other parties may assert infringement claims against us. We may also be subject to legal proceedings and claims from time to time in the ordinary course of our business, including claims of alleged infringement by us and/or our customers of the trademarks and other intellectual property rights of third parties. Our customer agreements typically include indemnity provisions so we may be obligated to defend against third party intellectual property rights infringement claims on behalf of our customers. Such claims, even if not meritorious, could result in the expenditure of significant financial and managerial resources.

 

Government Programs

 

Under the R&D Law, research and development programs approved by the Research Committee of the Israel Innovation Authority (respectively, the “Research Committee” and the “IIA”) are eligible for “Benefits” which include grants, loans, exemptions, discounts, guarantees and additional means of assistance, but with the exclusion of purchase of shares, provided under various tracks promulgated by the Council body (the “Tracks”). Most Tracks require the repayment of the Benefits in the form of the payment of royalties from the sale of the product developed in accordance with the published Track guidelines and subject to other restrictions. Once a project is approved, the IIA awards grants of up to 50% of the project’s expenditures in return for royalties, usually at the rate of 3% to 5% of sales of products developed with such grants. For projects approved after January 1, 1999, the amount of royalties payable was up to a dollar-linked amount equal to 100% of such grants plus interest at LIBOR. The Company’s total commitment for royalties payable with respect to future sales, based on IIA participations received, net of royalties paid or accrued, totaled $2,921 thousand as of December 31, 2018.

 

8

 

 

The terms of these grants prohibit the manufacturing outside of Israel of the product developed in accordance with the program without the prior consent of the Research Committee. Such approval is generally subject to an increase in the total amount to be repaid to the IIA to between 120% and 300% of the amount granted, depending on the extent of the manufacturing that is conducted outside of Israel.

 

The R&D Law, also provides that know-how from the research and development and any derivatives thereof, cannot be transferred or licensed to Israeli third parties without the approval of the Research Committee. The R&D Law stresses that it is not just transfer of know-how that was prohibited, but also transfer of any rights in such know-how. Approval of the transfer and/or license could be granted only if the Israeli transferee undertook to abide by all of the provisions of the R&D Law and regulations promulgated thereunder, including the restrictions on the transfer of know-how and the obligation to pay royalties, if applicable.

 

Assignment of the know-how from the research and development and any derivatives thereof, cannot be transferred or licensed to non-Israeli third parties without the approval of the Research Committee, which approval is generally contingent on payment of a significant penalty of up to six times the grant amount plus LIBOR and minus any royalties paid. Such restriction does not apply to exports from Israel of final products developed with such technologies. On May 7, 2017, the IIA published the Rules for Granting Authorization for Use of Know-How Outside of Israel (the “Licensing Rules”). The Licensing Rules enable the approval of out-licensing arrangements and other arrangements for granting of an authorization to an entity outside of Israel to use know-how developed under research and development programs funded by the IIA and any derivatives thereof. Subject to payment of a “License Fee” to the IIA, at a rate that will be determined by the IIA in accordance with the Licensing Rules, the IIA may now approve arrangements for the license of know-how outside of Israel. This allows companies that have received IIA support to commercialize know-how in a manner which was not previously available.

  

Government Regulation

 

Laws aimed at curtailing the spread of spam have been adopted by the United States federal government, i.e., the CAN-SPAM Act, and certain individual U.S. states, with the CAN-SPAM Act superseding some state laws or certain elements thereof. The Israel government has also adopted an amendment to the Communications Law, 1982, aimed at curtailing the spread of spam transmittal of commercial advertisements by email, fax, SMS or automated dialing systems without the consent of the recipient. The law sets punitive fines for advertisers of spam, who may also be subject to civil lawsuits and class actions. In addition, on June 21, 2017, the Israeli Privacy Protection Authority released a Directive that addresses direct mail and direct mail services, according to which the nature of the consent required for direct mail and direct mail services varies under the circumstances.

 

The propagation of email viruses, whether through email or websites, which are aimed at destroying or stealing third party data, is illegal under standard state and federal law outlawing theft, misappropriation, conversion, etc., without the need for special legislation prohibiting such activities on the internet. Despite the existence of these laws, sources for internet viruses continue to spread multi-variant viruses seemingly without much fear of recrimination. New laws providing for more stringent penalties could be adopted in various jurisdictions, but it is unclear what, if any, affect these would have on the antivirus industry in general and our solutions in particular.

 

On October 6, 2015, the European Court of Justice invalidated the U.S. - EU Safe Harbor framework and the Swiss data protection authorities later invalidated the U.S.-Swiss Safe Harbor framework. Subsequently, the U.S. and E.U. announced agreement on a new framework for transatlantic data flows entitled the EU-US Privacy Shield. We are currently certified under the EU-U.S. Privacy Shield framework with the U.S. Department of Commerce. However, it is possible that Privacy Shield may be challenged in EU courts, so there is some uncertainty regarding its future validity and our ability to rely on it for EU to US data transfers. Additionally, the EU enacted the General Data Protection Regulation (GDPR), which took effect on May 25, 2018 and carries with it significantly increased responsibilities and potential penalties for companies that process EU personal data. In connection with GDPR, we expect increased regulatory and customer attention surrounding data privacy in the EU. Furthermore, outside of the EU, we continue to see increased regulation of data privacy and security, including the adoption of more stringent subject matter specific state laws, national laws regulating the collection and use of data, and security and data breach obligations. We have invested heavily in data sovereignty features to ensure that Cyren customer data is handled in accordance with applicable law.  If one or more of the legal bases for transferring data from Europe to the United States is invalidated, if we are unable to transfer data between and among countries and regions in which we operate, or if we are restricted from sharing data among our products and services, it could affect the manner in which we provide our services. 

 

9

 

 

We will continue to monitor legal requirements and will follow additional legal requirements for customer data privacy as they evolve.

 

Segments

 

The Company conducts its business on the basis of one reportable segment. 

 

Research and Development

 

We invest substantial resources in research and development to enhance our products and services, build add-on functionality and improve our core technology. We believe that both hardware and software are critical to expanding our leadership in the security industry. Therefore, we invest heavily in our cloud infrastructure and our newer offerings such as CCS and CIS. Our engineering team has deep security expertise and works closely with customers to identify their current and future needs. In addition to our focus on hardware and software, our research and development team is focused on research into next-generation threats, which is required to respond to the rapidly changing threat landscape. We plan to continue to significantly invest in resources to conduct our research and development effort.

 

Customers

 

As of December 31, 2018, we had customers of all sizes across a wide variety of industries. During the year ended December 31, 2018, one customer accounted for approximately 17% of total revenue. No other individual customer accounted for more than 10% of total revenue. During the year ended December 31, 2017, no customer accounted for more than 10% of total revenue

 

Competitive Landscape

 

The markets in which Cyren competes are intensely competitive and rapidly changing. However, we believe there are few competitors that offer the complete package of anti-spam, antivirus, threat intelligence, email security and web security protections that Cyren provides.

 

The principal competitive factors in our industry include price, product functionality, product integration, platform coverage and ability to scale, worldwide sales infrastructure and global technical support. Some of our competitors have greater financial, technical, sales, marketing and other resources than we do, as well as greater name recognition and a larger installed customer base. Additionally, some of these competitors have research and development capabilities that may allow them to develop new or improved products that may compete with product lines and services we market and distribute, possibly at a lower cost. Our success will depend on our ability to adapt to these competing forces, to develop more advanced products more rapidly and less expensively than our competitors and/or to purchase new products by way of strategic acquisitions, and to educate potential OEM customers as to the benefits of using our products rather than developing their own products.

 

In the market for messaging security solutions, there are sophisticated offerings that compete with our solutions. Email defense security providers offering forms of Software-as-a-Service email gateways, multi-functional appliances and managed service solutions and which may be viewed as both competitors and potential customers to Cyren include Google, Symantec, McAfee, Cisco, Proofpoint, and Mimecast. Messaging security providers offering solutions on an OEM basis similar to Cyren’s business model, and which may be viewed as direct competitors, include Proofpoint (via the Cloudmark acquisition), Sophos, Mailshell and Vade Secure.

 

The market for real-time virus protection products is also constantly evolving, as those designing and proliferating viruses and other malware seek new vulnerabilities and distribution techniques, and also continue to leverage email distribution as a cost-effective medium for accurately targeting broad, numerous potential victims. Cyren’s real-time offering differs from traditional antivirus solutions by leveraging our global footprint and patented RPD technology to rapidly detect outbreaks, often hours or days before traditional antimalware solutions; it thereby offers a complementary solution to signature and heuristic-based antivirus engines. For this reason, our virus outbreak detection engine has been deployed by many security companies and service providers.

 

10

 

 

In the market for antimalware solutions, there are vendors offering fairly effective solutions using various technologies based on signatures, emulation and heuristics. Cyren has a targeted OEM/service provider focus, plus an increasing focus on heuristics and zero day effectiveness. Most companies in this space provide endpoint products and in some cases make software development kits available on an OEM basis. Competitors to Cyren include Sophos, Bitdefender, Kaspersky, McAfee, Symantec and open source software such as ClamAV (now part of Cisco Talos Intelligence Group).  

 

In the market for web security solutions, there are advanced offerings that compete with our GlobalView URL filtering solution and CWS. Web security providers offering forms of software (secure web gateway), multi-functional appliances and managed service solutions and which may be viewed as both competitors and potential customers to Cyren include McAfee, ForcePoint, Symantec, Zscaler, Barracuda, and Cisco. Web security providers offering solutions on an OEM basis similar to Cyren’s business model, and which may be viewed as direct competitors, include Webroot (Carbonite), Netstar and zvelo.

 

We expect that the markets for internet security solutions will continue to become more consolidated, with companies increasing their presence in this market or entering ancillary markets by acquiring or forming strategic alliances with our competitors or business partners. 2018 saw a number of notable M&A transactions in the security sector, and industry analysts such as Momentum Cyber reported over 180 M&A deals totaling over $15 billion in transaction volume. See also disclosure under “Risk Factors—Business Risks— we face intense competition and could lose market share to our competitors, which could adversely affect our business, financial condition and results of operations.”

 

Threat Landscape

 

The last 12 months period has possibly experienced the greatest amount of dramatic global incidents directly related to malware and cyber threats since the advent of the internet. From election hacks to global ransomware attacks, malware threats are at an all-time high. As long as these activities prove lucrative, we expect these incidents to get worse.

 

In this “cyber-war”, with respect specifically to malware, three battlefronts stand out: ransomware, hyper-evasive malware, and malware distribution via HTTPS.

 

Ransomware has become especially lucrative for cybercriminals. Massive scale ransomware attacks have spread extremely quickly around the globe targeting governments, corporations, and private citizens. With hyper-evasive malware, cybercriminals are using codes designed to specifically detect and evade conventional sandbox detection and analysis. With respect to encrypted HTTPS traffic from “secure” web sites, a 2017 Cyren study of traffic passing through the Cyren security cloud found that almost 40% of all malware being disseminated is utilizing HTTPS connections for distribution or communications, yet surveys show that many companies around the globe are not inspecting that traffic. 

 

It has become clear that cybercriminals know the weak points in standard corporate defenses, and are optimizing their attacks to leverage these security gaps in every possible way.

 

Today, no item or user connected to the internet is immune to attack. While many businesses are still studying what security measures might be necessary, cybercriminals are “all in”, creating dangerous new tools to target companies, governments, and private citizens. We need to be mindful that the world has changed, hyper-evasive malware and threat distribution via HTTPS are growing rapidly; mobile devices — both Android and Apple — are increasingly targets; and Internet of Things (IoT) devices, from refrigerators to televisions, are an inviting new vector for criminal purposes.

 

11

 

 

Cloud and Mobility

 

Businesses are going through a massive change in their IT strategies as they look to drive more business value, agility, and better customer experiences.

 

Business internet traffic continues to increase every year – executives, employees, partners, contractors and customers are accustomed to transacting online. As a result, individuals are far more comfortable opening emails, clicking on links and providing sensitive data and information without questioning the authenticity of the applicable request. The simple organic growth in this usage of the internet is taxing existing legacy appliance solutions that have built-in capacity restrictions limiting their ability to scale.

 

Data and applications are increasingly moving to the cloud – where we used to protect the servers, data and applications we ran in our data centers behind an appliance-based security perimeter, today these apps and data have moved outside of this security perimeter and into the cloud.

 

More and more users are working remotely -- users have left the perimeter, and are working from home offices, airports, hotels, and coffee shops, accessing the internet without protection from our perimeter security appliances.

 

As organizations go through this transition, many are finding it increasingly difficult to protect their users, data and networks with traditional on-premise security solutions.

 

Buyers continue to move away from traditional on-premise solutions -- preference for service-based security solutions are growing, driven by innovations, increasing need for security beyond the perimeter, and lower total cost of ownership.

 

Mature and legacy on premise deployments are reaching end of life -- and these are increasingly being replaced by SaaS alternatives.

 

IT security staffing shortages – driving products with lower management overhead, as well as some outsourcing to key technology partners.

 

Increasingly fast, sophisticated, expensive and high-profile attacks target organizations of all sizes – attacks are increasingly focused on small companies, less-regulated and less-security aware industries, dictating increased security investment.

 

Compliance and regulatory mandates are creating increased concern among buyers, especially as the cost of failure becomes more painful. Continued, large-scale breaches — themselves a driver for security purchases — will bring about even more stringent levels of regulation.

 

Heightened cybercrime activity among commercial enterprises and nation states – political and economic motivations are driving cyberattacks of both private enterprises and government entities.

 

Automation is increasingly considered critical to accelerating detection and protection, and to countering IT talent shortages.

 

These reasons explain why Cyren’s vision for 100% cloud security is compelling to IT security teams looking to protect their businesses in today’s cloud-centric mobile-first world.  

 

12

 

 

Employees

 

As of December 31, 2018, we had 278 total employees and 248 full-time employees.

 

While employment-related issues occasionally arise in the normal course, we believe that, on the whole, relations with our employees are good.

 

None of our U.S. employees are covered by a collective bargaining agreement, rather they sign individual offer letters of employment that, along with relevant Company policies and an employee handbook, formalize employees’ relationship with our U.S. subsidiary. In Israel, certain provisions of the collective bargaining agreements between the Histadrut (General Federation of Labor in Israel) and the Coordination Bureau of Economic Organizations (including the Industrialists’ Associations) are applicable to our employees in Israel by order of the Israeli Ministry of Economy and Industry, which extends such collective bargaining agreements to Israeli employers. These provisions primarily concern the length of the workweek, travel expended, and pension fund benefits for all employees. We generally provide our employees with benefits and working conditions above the required minimums.

 

  Corporate Information

 

We were incorporated as a private company under the laws of the State of Israel on February 10, 1991 and our legal form is a company limited by shares. We became a public company on July 15, 1999 under the name Commtouch Software Ltd. In January 2014, we changed our legal name to Cyren Ltd. Our website is https://www.cyren.com.

 

 Effective January 1, 2019, we ceased to be a “foreign private issuer” as defined in Rule 3b-4 of the Exchange Act, and became subject to the rules and regulations under the Exchange Act applicable to U.S. domestic issuers. As a result, we are filing an Annual Report on Form 10-K beginning with the fiscal year ended December 31, 2018. Our annual reports for prior years were filed on Form 20-F.

 

On December 25, 2017, Warburg Pincus completed a special tender offer in which it purchased 16,991,212 ordinary shares of the Company and, therefore, became the owner of a total of 27,586,733 ordinary shares, which represents 51% of our ordinary shares outstanding as of February 28, 2019.

 

Our principal executive offices are located at 10 Ha -Menofim St., 5 th Floor, Herzliya, Israel 4672561, where our telephone number is +972–9–863–6888.

 

13

 

 

ITEM 1A. RISK FACTORS

 

Business Risks

 

We have a history of losses and may not be able to achieve or maintain profitability.

 

We have a history of incurring net losses, including net losses of $19.4 million and $15.6 million in 2018 and 2017, respectively. As a result, we had an accumulated deficit of $213.1 million as of December 31, 2018. Achieving profitability will require us to increase revenue, manage our cost structure, and avoid unanticipated liabilities. We have made and expect to continue to make significant expenditures to develop and expand our business and we do not expect to be profitable in the near term. Revenue growth may slow or revenue may decline for a number of possible reasons, including slowing demand for our solutions, increasing competition, a decrease in the growth of our overall market, or if we fail for any reason to continue to capitalize on growth opportunities. Any failure by us to obtain and sustain profitability, or to continue our revenue growth, could cause the price of our ordinary shares to decline significantly.

 

If the internet security market does not accept our cloud-based product offerings, our sales will not grow as quickly as anticipated, or at all, and our business, results of operations and financial condition would be harmed.

 

We are seeking to exploit our cloud-based security platform, Cyren Cloud Security (“CCS”) to disrupt the internet security and the email security markets and our historic business model. Our success will depend to a substantial extent on the willingness of enterprises, large and small, to increase their use of cloud computing services. The market for messaging security and compliance solutions delivered as a service in particular is at an early stage relative to on-premise solutions, and these applications may not achieve and sustain high levels of demand and market acceptance.

 

Historically, companies have used appliance-based security products, such as firewalls, intrusion prevention systems, or IPS, anti-virus, or AV, and web and messaging gateways, for their IT security. These enterprises may be hesitant to purchase our cloud-based security offering if they believe that signature-based products, or our competitors’ products, are more cost-effective, provide substantially the same functionality or otherwise provide a sufficient level of IT security. Many enterprises have invested substantial personnel and financial resources to integrate traditional enterprise software or hardware appliances for these applications into their businesses, and currently, most enterprises have not allocated a fixed portion of their budgets to protect against next-generation advanced cyber attacks. As a result, to expand our customer base, we need to convince potential customers to allocate a portion of their discretionary budgets to purchase our products and services. If we do not succeed in convincing customers that our offerings should be an integral part of their overall approach to IT security, our sales will not grow as quickly as anticipated, or at all, which would have an adverse impact on our business, results of operations and financial condition.

 

In addition, many enterprises may be reluctant or unwilling to use cloud computing services because they have concerns regarding the risks associated with its reliability and security, among other things, of this delivery model, or its ability to help them comply with applicable laws and regulations. If enterprises do not perceive the benefits of this delivery model, then the market for our services and our sales would not grow as quickly as we anticipate or at all and our business, results of operations and financial condition would be harmed. 

 

If the market does not continue to respond favorably to our traditional Threat Intelligence Service security solutions, including our Cyren embedded antispam services, embedded antivirus, embedded Uniform Resource Locator (URL) filtering services or our future services do not gain acceptance, we will fail to generate sufficient revenues.

 

Our success depends on the continued acceptance and use of our Threat Intelligence Service security solutions by current and new businesses, Original Equipment Manufacturers (“OEMs”), and service provider customers, plus the interest of such customers in our newest offerings. As the markets for messaging, antivirus and web security products continue to mature and consolidate, we are seeing increasing competitive pressures and demands for even higher quality products at lower prices. This increasing demand comes at a time when internet security threats are more varied and intensive, challenging top end solutions to keep their performance at an industry-acceptable level of accuracy. If our solutions do not continue to evolve to meet market demand, or newer products on the market prove more effective, our business could fail. Also, if growth in the markets for these solutions begins to slow, our business, results of operations and financial condition will suffer dramatically. 

 

14

 

 

If we are unable to effectively integrate future investments and acquisitions, our business operations and financial results will suffer.

 

Our success will depend, in part, on our ability to expand our service and product offerings and grow our business in response to changing technologies, customer demands and competitive pressures. In some circumstances, we may decide to do so through the acquisition of complementary businesses and technologies rather than through internal development, including, for example, our 2012 acquisitions of the antivirus business of the Icelandic company, Frisk Software International (“Frisk”) and the German internet security company eleven GmbH (“eleven”).

 

If we encounter further difficulties or unforeseen expenditures in integrating the business, technologies, products, personnel or operations of any company that we acquire, the revenue and operating results of the combined company could be adversely affected. The risks we face in connection with acquisitions include:

 

disruption of our ongoing business, diversion of resources, increased expenses and distraction of our management from operating our business to addressing acquisition integration challenges;

 

additional legal and regulatory compliance;

 

cultural challenges associated with integrating employees from the acquired companies into our organization;

 

inability to retain key employees from the acquired companies;

 

inability to strengthen our competitive position, achieve our strategic goals, generate sufficient financial return to offset acquisition costs or realize the expected benefits of the acquisition;

 

failure to identify significant problems or liabilities, including liabilities resulting from the acquired companies’ pre-acquisition failure to comply with applicable laws, during our pre-acquisition due diligence;

 

difficulties related to our entry into geographic or business markets in which we have little or no prior experience or where competitors have stronger market positions;

 

difficulties in, or inability to, successfully sell any acquired products or services;

 

difficulties with the coordination of research and development, sales and marketing, accounting, human resources and other general and administrative systems;

 

changes in relationships with strategic partners as a result of product acquisitions or strategic positioning resulting from the acquisitions;

 

liability for activities of the acquired companies before the acquisition, including intellectual property infringement claims, violations of laws, commercial disputes, tax liabilities and litigation; and

 

unanticipated write-offs or charges.

 

The occurrence of any of these risks could have a material adverse effect on our business operations and financial results.

 

15

 

 

We face intense competition and could lose market share to our competitors, which could adversely affect our business, financial condition and results of operations.

 

The market for security products and services is intensely competitive and characterized by rapid changes in technology, customer requirements, industry standards and frequent new product introductions and improvements. We anticipate continued challenges from current competitors as well as by new entrants into the industry. If we are unable to anticipate or effectively react to these competitive challenges, our competitive position could weaken, and we could experience a decline in our revenue that could adversely affect our business and results of operations.

 

Many of our existing competitors have, and some of our potential competitors could have, substantial competitive advantages such as:

 

greater name recognition and larger customer bases;

 

larger sales and marketing budgets and resources;

 

broader distribution and established relationships with channel and distribution partners and customers;

 

greater customer support resources;

 

lower labor and research and development costs; and

 

substantially greater financial, technical and other resources.

 

In addition, some of our larger competitors have substantially broader product offerings and may be able to leverage their relationships with distribution partners and customers based on other products or incorporate functionality into existing products to gain business in a manner that may discourage users from purchasing our products, subscriptions and services, including by selling at zero or negative margins, product bundling or offering closed technology platforms.

 

Potential customers may also prefer to purchase from their existing suppliers rather than a new supplier regardless of product performance or features. As a result, even if the features of our offerings are superior, customers may not purchase our services or products. In addition, innovative start-up companies, and larger companies that are making significant investments in research and development, may invent similar or superior products and technologies that compete with our product and services. Our current and potential competitors may also establish cooperative relationships among themselves or with third parties that may further enhance their resources. If we are unable to compete successfully, or if competing successfully requires us to take costly actions in response to the actions of our competitors, our business, financial condition and results of operations could be adversely affected.

 

Some of our competitors have acquired businesses that may allow them to offer more directly competitive and comprehensive solutions than they had previously offered. As a result of such acquisitions, our current or potential competitors might be able to adapt more quickly to new technologies and end user needs, devote greater resources to the promotion or sale of their products and services, initiate or withstand substantial price competition, take advantage of acquisitions or other opportunities more readily, or develop and expand their product and service offerings more quickly than we can. Due to various reasons, organizations may be more willing to incrementally add solutions to their existing security infrastructure from competitors than to replace it with our solutions. These competitive pressures in our market or our failure to compete effectively may result in price reductions, fewer orders, reduced revenue and gross margins, and loss of market share. Any failure to meet and address these factors could seriously harm our business and operating results.

 

Also, many of our smaller competitors that specialize in providing protection from a single type of business security threat may deliver these specialized business security products to the market more quickly than we can or may introduce innovative new products or enhancements before we do. Conditions in our markets could change rapidly and significantly as a result of technological advancements. 

 

16

 

 

If we are unable to enhance our existing solutions and develop new solutions, our growth will be impeded.  

 

Our ability to attract new customers and increase revenue from existing customers will depend in large part on our ability to enhance and improve our existing solutions and to introduce new solutions. The success of any enhancement or new solution depends on several factors, including the timely completion, introduction and market acceptance of the enhancement or solution. Any enhancement or solution we develop or acquire may not be introduced in a timely or cost-effective manner and may not achieve the broad market acceptance necessary to generate significant revenue. If we are unable to successfully develop or acquire new solutions or enhance our existing solutions to meet customer requirements, we may not grow as expected.

 

We cannot be certain that our development activities will be successful or that we will not incur delays or cost overruns. Furthermore, we may not have sufficient financial resources to identify and develop new technologies and bring enhancements or new solutions to market in a timely and cost-effective manner. New technologies and enhancements could be delayed or cost more than we expect, and we cannot ensure that any of these solutions will be commercially successful if and when they are introduced. 

 

A loss of any of our large customers could have a material adverse effect on our financial condition and results of operations.

 

In the year ended December 31, 2018, our three largest customers accounted for approximately 25% of our annual revenues. A significant reduction in revenue in the future from these major customers could have a material adverse effect on our financial condition, results of operations and cash flow. In addition, if one or more of our major customers were to develop its own competing technology or to experience economic difficulties, changes in purchasing policies or difficulties in fulfilling their obligations to us, our financial condition could be materially and adversely affected.

 

Adverse conditions in the national and global financial markets could have a material adverse effect on our business, operating results and financial condition.  

 

Our financial performance depends, in part, on the state of the economy, which may deteriorate in the future. Challenging economic conditions worldwide have from time to time contributed, and may continue to contribute, to slowdowns in the information technology industry, resulting in reduced demand for our solutions as a result of continued constraints on IT-related capital spending by our customers and increased price competition for our solutions. 

 

If the economies of countries in which our customers and potential customers are located weaken, our customers may reduce or postpone their spending significantly. This could result in reductions in sales of our services and longer sales cycles, slower adoption of new technologies and increased price competition. In addition, weakness in the end user market could negatively affect the cash flow of our OEM and service provider partners, distributors and resellers who could, in turn, delay paying their obligations to us. This would increase our credit risk exposure and cause delays in our recognition of revenues on future sales to these customers. Specific economic trends, such as declines in the demand for PCs, servers, and other computing devices, or weakness in corporate information technology spending, could have a more direct impact on our business. Any of these events would likely harm our business, operating results and financial condition. 

 

If the perceived general level of advanced cyber attacks declines, demand for our solutions may decrease, our cost of doing business may increase and our business could be harmed.  

 

Our business is substantially dependent on enterprises recognizing that advanced cyber attacks are pervasive and are not effectively prevented by legacy security solutions. High visibility attacks on prominent enterprises and governments have increased market awareness of the problem of advanced cyber attacks and help to provide an impetus for enterprises to devote resources to protecting against advanced cyber attacks, such as purchasing our services and products and broadly deploying our services and products within their organizations. If advanced cyber attacks were to decline, or enterprises perceived that the general level of advanced cyber attacks have declined, our ability to attract new customers and expand our offerings within existing customers could be materially and adversely affected and harm our business, results of operations and financial condition. 

 

In addition, various state legislatures have enacted laws aimed at regulating the distribution of unsolicited email. These and similar legal measures, both in the United States and worldwide, may have the effect of reducing the amount of unsolicited email and malicious software that is distributed and hence diminish the need for our internet security solutions. Any such developments would have an adverse impact on our revenues. 

 

17

 

 

We depend upon OEM partners, service providers and resellers to sell the majority of our products, and if our partners fail to perform, our ability to sell and distribute our products and services will be limited, and our operating results will be harmed.  

 

We expect to continue to be dependent upon OEM partners and service providers for a significant portion of our revenues, which will be derived from sales of our messaging, antivirus and web security solutions. We also expect resellers to become important in the distribution of our newer cloud-based internet security solutions. 

 

We anticipate that in the future we will derive a substantial portion of the sales of CCS through channel partners. In order to scale our channel program to support growth in our business, it is important that we help our partners enhance their ability to independently sell and deploy our solutions. We may be unable to successfully expand and improve the effectiveness of our channel sales program.

 

Our operating results and financial condition may be materially adversely affected if:

 

anticipated orders or payments from these partners fail to materialize;

 

our partners cease the promotion of our business or begin to promote additional solutions;

 

our partners are acquired by larger companies who may have other relationships or technologies that lead to the displacement or termination of Cyren contracts;

 

our partners do not live up to their contractual agreements or fail to pay for services rendered; or

 

our partners’ businesses fail.

 

If we are unable to maintain our relationships with these channel partners, or otherwise develop and expand our indirect distribution channel, our business, results of operations, financial condition or cash flows could be adversely affected.

 

Our quarterly operating results may fluctuate, which could adversely affect our share price.

 

Our revenues and operating results could vary significantly from period to period as a result of a variety of factors, many of which are outside of our control. As a result, comparing our revenues and operating results on a period-to-period basis may not be meaningful, and shareholders should not rely on our past results as an indication of our future performance. We may not be able to accurately predict our future revenues or results of operations. We base our current and future expense levels on our operating plans and sales forecasts, and our operating costs are relatively fixed in the short-term. As a result, we may not be able to reduce our costs sufficiently to compensate for an unexpected shortfall in revenues, and even a small shortfall in revenues could disproportionately and adversely affect financial results for that quarter. If our revenues or operating results fall below the expectations of investors or any securities analysts that cover our stock, our share price could decline substantially.

 

A number of factors, many of which are enumerated in this “Risk Factors” section, are likely to cause fluctuations in our operating results or cause our share price to decline. These factors include:

 

our ability to successfully market both our traditional messaging, antivirus and web security solutions and our newer cloud-based internet security solutions in new markets, both domestic and international;

 

our ability to successfully develop and market new, modified or upgraded solutions, as may be needed;

 

the continued acceptance of our solutions by our current partners and customer base;

 

our ability to expand our workforce with qualified personnel, as may be needed;

 

unanticipated bugs or other problems affecting the delivery of our solutions to customers;

 

18

 

 

the success of our partners’ sales efforts to their customer base;

  

the solvency of our partners and their ability to allocate sufficient resources towards the marketing of our solutions;

 

our partners’ ability to effectively integrate our solutions into their product offerings;

 

the substantial decrease in information technology spending;

 

the pricing of our solutions;

 

our ability to timely collect fees owed by our customers and partners;

 

a global slowdown;

 

sudden, dramatic fluctuations in exchange rates of currencies covering the fees we collect from our foreign customers versus the currencies utilized in our business (namely, the Israeli Shekel (“ILS”), the U.S. Dollar (“USD”), the Euro (“EUR”) and the British Pound (“GBP”));

 

our ability to add cost-effective space and equipment to our current data centers in a timely and effective manner to match the rate of growth in our business, plus our ability to build new, cost-effective data centers as worldwide demand for our products may require; and

 

the effectiveness of our end user support, whether provided by our customers or directly by Cyren.

 

Our ability to continue to increase our revenues will depend on our ability to successfully execute our sales and business development plan.

 

The complexity of the underlying technological base of messaging, antivirus and web security solutions, and the current landscape of the markets, require highly trained sales and business development personnel to educate prospective distributors, resellers, OEM and service provider partners and customers regarding the use and benefits of our solutions. We continue to be substantially dependent on our sales force to obtain new customers and to drive additional use cases and adoption among our existing customers. We believe that there is significant competition for sales personnel with the skills and technical knowledge that we require. Our ability to achieve significant revenue growth will depend, in large part, on our success in recruiting, training and retaining sufficient numbers of sales personnel to support our growth. New hires require significant training and may take significant time before they achieve full productivity. Our recent hires and planned hires may not become productive as quickly as we expect, and we may be unable to hire or retain sufficient numbers of qualified individuals in the markets where we do business or plan to do business.

 

Our future success depends on our ability to sell additional solutions to our customers. This may require increasingly sophisticated and costly sales efforts and may not result in additional sales. In addition, the rate at which our customers purchase additional solutions depends on a number of factors, including the perceived need for additional solutions, growth in the number of end users, and general economic conditions. If our efforts to sell additional solutions to our customers are not successful, our business, financial condition and/or results of operations may suffer.

 

We rely on our management team and other key employees and will need additional personnel to grow our business, and the loss of one or more key employees or our inability to attract and retain qualified personnel could harm our business.

 

Our success is substantially dependent on our ability to attract, retain and motivate the members of our management team and other key employees throughout our organization. Competition for highly skilled personnel is intense in Israel, Germany, Iceland, the United Kingdom, Sunnyvale, Austin, and the Washington D.C. metro area, where we have offices and a need for highly skilled personnel. We may not be successful in attracting qualified personnel to fulfill our current or future needs. Our competitors may be successful in recruiting and hiring members of our management team or other key employees, and it may be difficult for us to find suitable replacements on a timely basis, on competitive terms, or at all. Also, to the extent we hire employees from mature public companies with significant financial resources, we may be subject to allegations that such employees have been improperly solicited, that they have divulged proprietary or other confidential information or that their former employers own such employees’ inventions or other work product.

 

19

 

 

In addition, we believe that it is important to establish and maintain a corporate culture that facilitates the maintenance and transfer of institutional knowledge within our organization and also fosters innovation, teamwork, a passion for customers and a focus on execution.

 

The loss of our software developers or senior operations personnel may also adversely affect the continued development and support of both our current messaging, antivirus and web security solutions and future solutions presently included in our roadmap for development, thereby causing our operating results to suffer and the value of your investment to decline.

 

We do not have employment agreements inclusive of set periods of employment with any of our key personnel. We cannot prevent them from leaving at any time. We do not maintain key-person life insurance policies, listing us as a beneficiary, on any of our employees. If one or more of our key employees resigns or otherwise ceases to provide us with their service, our business, financial condition and/or results of operations could be harmed.

 

We are currently undergoing a CEO transition, which could be disruptive to our business.

 

In February 2019, we announced that Mr. Lior Samuelson, our Chairman and CEO, would be stepping down as CEO. Because Mr. Samuelson is expected to remain CEO until his successor is found and to retain the Chairman role after a new CEO is found, we believe we are well positioned to achieve a smooth transition. However, a planned CEO change nevertheless has the potential to disrupt our operations for a number of reasons, including: diversion of efforts of our remaining executive management team towards managing the transition; deterioration of morale and potential departures among employees; and difficulty attracting new employees due to the impression of instability that the transition may create.

 

This transition also increases our dependency on the members of the senior executive team who are remaining with us. While such members have equity incentives to remain with the Company, as noted above, these individuals are not contractually obligated to remain employed by us and may leave at any time. Such a departure could be particularly disruptive in light of the CEO transition we are currently undergoing.

 

We also expect to incur costs related to the CEO transition, such as recruitment costs, equity awards and potential relocation payments, related to the hiring of the new CEO.

 

Our business and operating results could suffer if we do not successfully address potential risks inherent in doing business overseas.

 

We market and sell our products worldwide and have personnel in many parts of the world. In addition, we have sales offices and research and development facilities outside the United States and we conduct, and expect to continue to conduct, a significant amount of our business with companies that are located outside the United States, particularly in Europe, Israel and Asia. We also enter into strategic distributor and reseller relationships with companies in certain international markets where we do not have a local presence. If we are not able to maintain successful strategic distributor relationships internationally or recruit additional companies to enter into strategic distributor relationships, our future success in these international markets could be limited. Business practices and regulations in the international markets that we serve differ from those in the United States and Israel and periodically require us to include terms other than our standard terms in customer contracts. To the extent that we enter into customer contracts that include non-standard terms related to payment, warranties, or performance obligations, our operating results may be adversely impacted.

 

Additionally, our international sales and operations are subject to a number of risks, including the following:

 

greater difficulty in enforcing contracts and accounts receivable collection and longer collection periods;

 

20

 

 

the uncertainty of protection for intellectual property rights in some countries;

 

greater risk of changes in regulatory practices, tariffs, and tax laws and treaties;

 

risks associated with trade restrictions and foreign legal requirements, including the importation, certification, and localization of our products required in foreign countries;

 

the potential that our operations in Israel and the U.S. may limit the acceptability of our products to some foreign governments, and vice versa;

 

greater risk of a failure of foreign employees, partners, distributors, and resellers to comply with both U.S. and foreign laws, including antitrust regulations, and any trade regulations ensuring fair trade practices;

 

heightened risk of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of, or irregularities in, financial statements;

 

the potential for acts of terrorism, hostilities or war;

 

increased expenses incurred in establishing and maintaining office space and equipment for our multinational operations;

 

greater difficulty in recruiting local experienced personnel, and the costs and expenses associated with such activities;

 

management communication and integration problems resulting from cultural and geographic dispersion;

 

fluctuations in exchange rates between the U.S. Dollar, Shekel, Euro, Pound and other foreign currencies in markets where we do business; and

 

general economic and political conditions and uncertainties in these foreign markets.

 

These factors and other factors could harm our ability to gain future international revenues and, consequently, materially impact our business, operating results, and financial condition. The expansion of our existing international operations and entry into additional international markets will require significant management attention and financial resources.

 

Changes in the tax treatment of companies engaged in internet commerce may adversely affect the commercial use of our services and our financial results.

 

Due to the global nature of the internet and the global reach of our network, it is possible that various states or countries might attempt to regulate our transmissions or levy sales, income, consumption, use or other taxes relating to our services or activities, or impose obligations on us to collect such taxes. Tax authorities in many jurisdictions are currently reviewing the appropriate treatment of companies engaged in internet commerce such as the provision of cloud computing services and other online services. The imposition of new or revised tax laws or regulations may subject us to additional sales, income, consumption, use or other taxes. We cannot predict the effect of current attempts to impose such taxes on commerce over the internet. New or revised taxes and, in particular, sales, use or consumption taxes, the Value Added Tax and similar taxes would likely increase the cost of doing business online. New taxes could also create significant increases in internal costs necessary to capture data, and collect and remit taxes. Any of these events could have an adverse effect on our business and results of operations.

 

21

 

 

The application of tax laws is subject to interpretation and if tax authorities challenge our methodologies or our analysis of our tax rates it could result in an increase to our worldwide effective tax rate and cause us to change the way we operate our business.

 

The application of the tax laws of various jurisdictions to our international business activities is subject to interpretation and also depends on our ability to operate our business in a manner consistent with our corporate structure and intercompany arrangements. The tax authorities of the jurisdictions in which we operate may challenge our methodologies for valuing developed technology or intercompany arrangements, including our transfer pricing, or determine that the manner in which we operate our business does not achieve the expected tax consequences, which could increase our worldwide effective tax rate and adversely affect our financial position and results of operations.

 

A certain degree of judgment is required in evaluating our tax positions and determining our provision for income taxes. In the ordinary course of business, there are many transactions and calculations for which the ultimate tax determination is uncertain. For example, our effective tax rates could be adversely affected by earnings being lower than anticipated in countries where we have lower statutory rates and higher than anticipated in countries where we have higher statutory rates, by changes in foreign currency exchange rates or by changes in the relevant tax, accounting and other laws, regulations, principles and interpretations. As we operate in numerous taxing jurisdictions, the application of tax laws can be subject to diverging and sometimes conflicting interpretations by tax authorities of these jurisdictions. It is not uncommon for tax authorities in different countries to have conflicting views, for instance, with respect to, among other things, the manner in which the arm’s length standard is applied for transfer pricing purposes, or with respect to the valuation of intellectual property. In addition, tax laws are dynamic and subject to change as new laws are passed and new regulations or interpretations of the law are issued or applied. For example, the work being carried out by the OECD on base erosion and profit shifting as a response to increasing globalization of trade could result in changes in tax treaties or the introduction of new legislation that could impose an additional tax on businesses. As a result of changes to laws or interpretations, our tax positions could be challenged and our income tax expenses could increase in the future. 

 

For instance, if tax authorities in any of the countries in which we operate were to successfully challenge our transfer prices, they could require us to reallocate our income (or part of our income) to reflect transfer pricing adjustments, which could result in an increased tax liability to us. In addition, if the country from which the income was reallocated did not agree with the reallocation asserted by the first country, we could become subject to tax on the same income in both countries, resulting in double taxation. If tax authorities were to allocate income to a higher tax jurisdiction, subject our income to double taxation or assess interest and penalties, it could increase our tax liability, which could adversely affect our financial position and results of operations. 

 

We are subject to privacy and data protection laws and regulations in various jurisdictions, including the EU General Data Protection Regulation, as well as contractual privacy and data protection obligations, which may limit the use and adoption of, or require modification of, our products and services and could affect our marketing activities.  Our failure to comply with such laws, regulations or obligations could subject us to liability and could harm our reputation and business.

 

Our industry is highly regulated, and many federal, state and foreign government bodies and agencies have adopted, or are adopting, laws and regulations regarding the collection, use, and disclosure of personal information. Some of our solutions process customer data which may contain the personal information of end users, and any failure to adequately address privacy concerns, or to otherwise comply with applicable privacy laws and regulations could result in liability, damage to our reputation, loss of sales, or further harm our business. Privacy concerns, whether or not valid, may inhibit market adoption of our solutions. The costs of compliance with such laws and regulations that apply to our customers’ business may in turn limit their use and adoption of our products and services and therefore reduce overall demand for them.

 

We are subject to the privacy and data protection laws and regulations adopted by Israel, Europe and the United States and potentially other jurisdictions. Where the local data protection and privacy laws of a jurisdiction apply, we may be required to register our operations in that jurisdiction or make changes to our business so that registered users’ data is only collected and processed in accordance with applicable local law. The proliferation of such laws within the jurisdictions in which we operate may result in conflicting and contradictory requirements, particularly in relation to evolving technologies such as cloud computing. Any failure to successfully navigate the changing regulatory landscape could result in legal liability or impairment to our reputation in the marketplace, which could have a material adverse effect on our business, results of operations and financial condition.

 

22

 

 

In particular, the European Union has imposed greater obligations under their privacy and data protection laws.  For example, the European Union adopted the General Data Protection Regulation (GDPR) which took effect on May 25, 2018 and is wide ranging in scope. GDPR replaced, to a large extent, the data protection laws of each European Union member state and impose stringent requirements for data processors and controllers.  Such requirements include more fulsome disclosures about the processing of personal information, data retention limits and deletion requirements, mandatory notification in the case of a data breach and heightened standards regarding valid consent in some specific cases of data processing.  The GDPR also includes substantially higher penalties for failure to comply (a fine up to 20 million Euro or up to 4% of the annual worldwide turnover, whichever is greater, can be imposed). Given the breadth of the GDPR, compliance with its requirements is likely to continue to require significant expenditure of resources on an ongoing basis, and there can be no assurance that the measures we have taken for the purposes of compliance will be successful in preventing a breach of the GDPR. Given the potential fines, liabilities and damage to our reputation in the event of an actual or perceived breach of the GDPR, such a breach may have an adverse effect on our business and operations.

 

If any of our customers or prospective customers decide not to purchase our products or services because of regulatory uncertainty, our revenues could decline and our business could suffer. Any inability by us, or a third-party contractor, to adequately address privacy concerns, whether valid or not, or to comply with applicable privacy or data protection laws, regulations and privacy standards, could result in additional cost and liability to us, damage our reputation, inhibit sales of our solutions and harm our business.

 

We face uncertainty in the global geopolitical landscape that may impede the implementation of our strategy outside the United States.

 

In June 2016, the United Kingdom (the “U.K.”) held a referendum in which voters approved the country’s exit from the E.U., commonly referred to as Brexit. The U.K. government has so far been unable to secure a parliamentary majority for the withdrawal agreement. Continued uncertainty, or a U.K. exit without any agreement on terms, would risk significant disruption to U.K./E.U. trade. The prospect of Brexit has already caused global stock market volatility and currency exchange rate fluctuations that resulted in strengthening of the U.S. dollar relative to other foreign currencies in which we conduct business. The U.K.’s final withdrawal, especially without any deal on terms, may bring global economic and legal uncertainty, including significant volatility in global stock markets and currency exchange rates, which could negatively affect our revenues in the U.K. and Europe, and increasingly divergent laws, regulations and licensing requirements applicable to us as the United Kingdom determines which EU laws to replace or replicate. Any of these effects of Brexit, among others, could adversely affect our operations and financial results. Our EMEA sales team is largely based in Bracknell, U.K. and the ongoing uncertainty of Brexit could hamper our ability to sell our products to U.K. and E.U. customers.

 

Technology Risks

 

We may not have the resources or skills required to adapt to the changing technological requirements and shifting preferences of our customers and their users.  

 

The messaging, antimalware and web security industries are characterized by difficult technological challenges, sophisticated distributors of internet security threats, multiple-variant viruses, advanced persistent threats, unique phishing scams and constantly evolving malevolent software distribution practices and targets that could render our solutions and proprietary technology ineffective. Our success depends, in part, on our ability to continually enhance our existing messaging, antimalware and web security solutions and to develop new solutions, functions and technology that address the potential needs of prospective and current customers and their users.

 

Many of our end users operate in markets characterized by rapidly changing technologies and business plans, which require them to adapt to increasingly complex IT networks, incorporating a variety of hardware, software applications, operating systems and networking protocols. As their technologies and business plans grow more complex, we expect these customers to face new and increasingly sophisticated methods of attack. We face significant challenges in ensuring that our solutions effectively identify and respond to these advanced and evolving attacks without disrupting our customers’ network performance. As a result of the continued rapid innovations in the technology industry, including the rapid growth of smart phones, tablets and other devices and the trend of “bring your own device” in enterprises, we expect the networks of our end users to continue to change rapidly and become more complex. 

 

23

 

 

We have identified and implemented a number of new products and enhancements to our platform that we believe are important to our continued success in the IT security market. Going forward, we may not be successful in developing and marketing, on a timely basis, such new products or enhancements or that our new products or enhancements will adequately address the changing needs of the marketplace. In addition, some of our new products and enhancements may require us to develop new architectures that involve complex, expensive and time-consuming research and development processes. Although the market expects rapid introduction of new products and enhancements to respond to new threats, the development of these products and enhancements is difficult and the timetable for commercial release and availability is uncertain, as there can be significant time lags between initial beta releases and the commercial availability of new products and enhancements. We may experience unanticipated delays in the availability of new products and enhancements to our platform and fail to meet customer expectations with respect to the timing of such availability. If we do not quickly respond to the rapidly changing and rigorous needs of our customers by developing, releasing and making available on a timely basis new products and enhancements to our services and products that can adequately respond to advanced threats and our customers’ needs, our competitive position and business prospects will be harmed. Furthermore, from time to time, we, or our competitors, may announce new products with capabilities or technologies that could have the potential to replace or shorten the life cycles of our existing services products. Announcements of new products could cause customers to defer purchasing our existing services or products.

 

Additionally, the process of developing new technology is expensive, complex and uncertain. The success of new products and enhancements depends on several factors, including appropriate component costs, timely completion and introduction, differentiation of new products and services from those of our competitors, and market acceptance. To maintain our competitive position, we must continue to commit significant resources to developing new products or services before knowing whether these investments will be cost-effective or achieve the intended results. We may not be able to successfully identify new product opportunities, develop and bring new products or services to market in a timely manner, or achieve market acceptance of our platform. Products and technologies developed by others may render our offerings obsolete or noncompetitive. If we expend significant resources on researching and developing products or services and such products and services are not successful, our business, financial position and results of operations may be adversely affected. We may not be able to use new technologies effectively or adapt to OEM, service provider, customer or end user requirements or emerging industry standards.  

 

Our solutions may be adversely affected by defects or denial of service attacks, which could cause our OEM and service provider partners, customers or end users to stop using our solutions.

 

Our messaging, antimalware and web security solutions are based in part upon new and complex software and highly advanced computer systems. Complex software and computer systems can contain defects, particularly when first introduced or when new versions are released, and are possible targets for denial of service attacks instigated by “hackers”. Although we conduct extensive testing and implement internet security processes, we may not discover defects or vulnerabilities in our software or systems that affect our new or current solutions or enhancements until after they are delivered. Although we have not experienced any material defects or vulnerabilities to date in our messaging, antimalware and web security offerings, it is possible that, despite testing by us, defects or vulnerabilities may exist in the solutions we provide. These defects or vulnerabilities could cause or lead to interruptions for customers of our solutions, resulting in damage to our reputation, legal risks, loss of revenue, delays in market acceptance and diversion of our development resources, any of which could cause our business, financial condition and/or results of operations to suffer.

 

Real or perceived defects, errors or vulnerabilities in our services or the failure of our services to block malware or prevent a cyber-attack or security breach could harm our reputation and adversely impact our business, financial condition and results of operations.

 

Because our products and services are complex, they have contained and may contain design or manufacturing defects or errors that are not detected until after their commercial release and deployment by our end users. For example, from time to time, certain of our end users have reported defects in our products related to performance, scalability and compatibility that were not detected before offering the service. Additionally, defects may cause our products or services to be vulnerable to security attacks, cause them to fail to help secure networks or temporarily interrupt end users’ networking traffic. Because the techniques used by computer hackers to access or sabotage networks change frequently and may not be recognized until launched against a target, we may be unable to anticipate these techniques and provide a solution in time to protect our end users’ networks.

 

24

 

 

Furthermore, as a well-known provider of internet security solutions, our networks, products, and services could be targeted by attacks specifically designed to disrupt our business and harm our reputation. In addition, our data centers, which are located in various locations worldwide, and networks may experience technical failures and downtime, may fail to distribute appropriate updates, or may fail to meet the increased requirements of a growing end user base, any of which could temporarily or permanently expose our end users’ networks, leaving their networks unprotected against the latest security threats.

 

Any real or perceived defects, errors or vulnerabilities in our services, or any other failure of our services to detect an advanced threat, could result in certain events, including:

 

a loss of existing or potential customers or channel partners;

 

delayed or lost revenue;

 

a delay in attaining, or the failure to attain, market acceptance;

 

the expenditure of significant financial and product development resources in efforts to analyze, correct, eliminate, or work around errors or defects, to address and eliminate vulnerabilities, or to identify and ramp up production with alternative third-party manufacturers;

 

an increase in service level availability or warranty claims, or an increase in the cost of servicing such claims, either of which would adversely affect our gross margins;

 

harm to our reputation or brand; and

 

litigation, regulatory inquiries or investigations that may be costly to address and further harm our reputation.

  

Data thieves are sophisticated, often affiliated with organized crime and operate large scale and complex automated attacks. In addition, their techniques change frequently and generally are not recognized until launched against a target. If we fail to identify and respond to new and complex methods of attack and to update our services to detect or prevent such threats in time to protect our end users’ systems, our business and reputation will suffer.

 

An actual or perceived security breach or theft of the sensitive data of one of our end users, regardless of whether the breach is attributable to the failure of our products or services, could adversely affect the market’s perception of our security offerings. Despite our best efforts, there is no guarantee that our products and services will be free of flaws or vulnerabilities, and even if we discover these weaknesses we may not be able to correct them promptly, if at all. A breach of our systems could also result in the disclosure of sensitive and confidential information as well as information regarding our customers, end users and partners. Our end user customers may also misuse our products and services, which could result in a breach or theft of business data.

 

Our messaging, antimalware and web security solutions may be adversely affected if we are not able to receive a sufficient sampling of internet traffic or our data centers were to become unavailable.

 

Our messaging, antimalware and web security solutions are dependent, in part, on the ability of our data centers to analyze, in an automated fashion, live feeds of internet and web related traffic received through our services to customers and other contractual arrangements. If we were to suffer an unanticipated, substantial decrease in such traffic or our multiple data centers become unavailable for any significant period, the effectiveness of our technologies would drop, our product offerings would become less attractive to customers/potential customers and revenues could decline.

 

25

 

 

False detection of applications, viruses, malware, spyware, vulnerability exploits, data patterns or URL categories could adversely affect our business.

 

Our classifications of application type, virus, malware, spyware, vulnerability exploits, data, or URL categories may falsely detect applications, content or threats that do not actually exist. This risk is heightened by the inclusion of a “heuristics” feature in our products, which attempts to identify applications and other threats not based on any known signatures but based on characteristics or anomalies which indicate that a particular item may be a threat. These “false positives”, while typical in our industry, may impair the perceived reliability of our products and may therefore adversely impact market acceptance of our services and products. If our services and products restrict important files or applications based on falsely identifying them as malware or some other item that should be restricted, this could adversely affect end users’ systems and cause material system failures. Any such false identification of important files or applications could result in damage to our reputation, negative publicity, loss of end users and sales, increased costs to remedy any problem, and costly litigation.

 

Our cloud-based SecaaS offerings are newer service offerings, so we may not see the customer traction in these offerings that we anticipate.

 

Security-as-a-Service (“SecaaS”) is a model of cloud-based services offerings. In 2014, we released CWS, our cloud-based security service that provides end users with secure browsing from any device, anywhere. In March 2017, we launched CCS 4.0 which unified four fully cloud based internet security services on one platform including – CWS, CES, DNS security and cloud sandboxing. Subsequent releases have added new features such as our email archiving and GPDR capabilities, with two new CCS offerings planned for release during 2019. The solutions we are promoting and will promote to this market enable us to offer internet security solutions directly to our Enterprise customers or through our channel partners. Among other things, this cloud-based approach is intended to speed up the process of moving our solutions to market, and ease the integration burden for our customers.

 

In recent years, companies have begun to expect that key security software services, such as URL filtering, be provided through a SecaaS model. In order to provide CCS via a SecaaS deployment, we have made and will continue to make capital investments to implement this alternative business model, which could negatively affect our financial results. Even with these investments, the SecaaS business model for CCS may not be successful. Because of the newness of the technologies involved and the resulting learning curve required of all employees in the sale and support of the new offerings, we cannot be certain that we will convince potential customers of the benefits of these new offerings and sell them at the rate we anticipate. If we fall short of our expectations, and especially given the significant resources invested by us in bringing these new offerings to market, our financial results will suffer and the value of shareholder investments will decline. 

 

If we fail to develop or protect our Cyren brand name, our business may be harmed.

 

In January 2014, we announced the Company would change its name from Commtouch Software to Cyren. We adopted our new name as we completed our transformation into a leading provider of cloud-based information security solutions that are specially designed to be deployed or private labeled by customers and partners alike. Developing and maintaining awareness and integrity of our company and our new brand are important to achieving widespread acceptance of our existing and future offerings and are important elements in attracting new customers. The importance of brand recognition will increase as competition in our market further intensifies. Successful promotion of our brand will depend on the effectiveness of our marketing efforts and on our ability to provide reliable and useful solutions at competitive prices. We plan to continue investing substantial resources to promote our brand, both domestically and internationally, but there is no guarantee that our brand development strategies will enhance the recognition of our brand. Some of our existing and potential competitors have well-established brands with greater recognition than we have. If our efforts to promote and maintain our brand are not successful, our operating results and our ability to attract and retain customers may be adversely affected. In addition, even if our brand recognition and loyalty increases, this may not result in increased use of our solutions or higher revenue.

 

26

 

 

Our use of open source technology could impose limitations on our ability to commercialize our solutions.

 

We use open source software in certain of our solutions, and although we monitor our use of open source software to avoid subjecting our solutions to conditions we do not intend, the terms of many open source licenses have not been interpreted by U.S. or foreign courts. As a result, there is a risk that these licenses could be construed in a way that could impose unanticipated conditions or restrictions on our ability to commercialize our solutions. From time to time, we may face claims from third parties claiming ownership of, or demanding release of, the open source software or derivative works that we have developed using such software or otherwise seeking to enforce the terms of the applicable open source license. In such an event, we could be required to seek licenses from third parties to continue offering our solutions, to make our proprietary code generally available in source code form, to re-engineer our solutions or to discontinue the sale of our solutions if re-engineering could not be accomplished on a timely basis, any of which could adversely affect our business, operating results and financial condition.

 

Investment Risks

 

The issuance of additional shares in connection with financings, acquisitions, investments, our stock incentive plans, conversion of our convertible notes or otherwise will dilute other shareholders. In addition, our failure in the future to raise additional capital or generate the significant capital necessary to expand our operations and invest in new services and products could reduce our ability to compete and could harm our business.

 

We intend to continue to make investments to support our business growth and may require additional funds to respond to business challenges, including the need to develop new features to enhance our services and products, improve our operating infrastructure or acquire complementary businesses and technologies. Accordingly, we may need to engage in equity or debt financings to secure additional funds. For example, in August 2015, we completed an underwritten public offering of 7,666,665 ordinary shares at a price to the public of $1.65 per share. In March 2017, we issued $6.3 million aggregate principal amount of convertible notes. In November 2017 we issued approximately 10.6 million ordinary shares for $1.85 per share to WP XII Investments B.V., an entity controlled by funds affiliated with Warburg Pincus LLC (together “Warburg Pincus”). The subsequent tender offer by Warburg Pincus completed on December 24, 2017 resulted in the conversion of the convertible notes into shares and the accelerated vesting of employee options. On December 5, 2018, we issued $10 million aggregate principal amount of convertible notes to an existing minority investor in a private placement.

 

We evaluate financing opportunities from time to time, and our ability to obtain financing will depend, among other things, on our development efforts, business plans and operating performance and the condition of the capital markets at the time we seek financing. If we raise additional equity or convertible debt financing, our stockholders may experience significant dilution of their ownership interests and the per share value of our ordinary shares could decline. Furthermore, if we engage in debt financing, the holders of debt would have priority over the holders of our ordinary shares, and we may be required to accept terms that restrict our ability to incur additional indebtedness or that otherwise restrict our ability to operate our business. We may also be required to take other actions that would otherwise be in the interests of the debt holders and force us to maintain specified liquidity or other ratios, any of which could harm our business, operating results, and financial condition. We may not be able to obtain additional financing on terms favorable to us, if at all. If we are unable to obtain adequate financing or financing on terms satisfactory to us when we require it, our ability to continue to support our business growth and to respond to business challenges could be significantly impaired, and our business may be adversely affected.

 

We are controlled by Warburg Pincus whose interest in our business may be different from yours.

 

Our controlling shareholder, Warburg Pincus, holds approximately 51% of our outstanding ordinary shares as of February 28, 2019, and has the right to nominate the number of directors proportional to its holdings of our outstanding shares. Currently, four directors nominated by Warburg Pincus serve on our Board. Warburg Pincus is able to exercise significant influence over many matters requiring the approval of our Board and/or shareholders, including the election of directors and approval of significant corporate transactions. In addition, our other directors and our executive officers that are not related to Warburg Pincus (together known as “affiliated entities”), beneficially own, in the aggregate, approximately 7% of our outstanding ordinary shares as of February 28, 2019. If they vote together (especially if they were to exercise all vested options into shares entitled to voting rights in the Company), these shareholders will be able to exercise influence over matters requiring a special majority vote of our shareholders, including the compensation of directors and approval of certain significant corporate transactions. In this regard, we know of no shareholders or voting agreement between major shareholders or between such shareholders and directors or officers.

 

27

 

 

In addition, conflicts of interest may arise as a consequence of the control by Warburg Pincus, including:

 

conflicts between Warburg Pincus and our other shareholders whose interests may differ with respect to, among other things, our strategic direction or significant corporate transactions;

 

conflicts related to corporate opportunities that could be pursued by us, on the one hand, or by Warburg Pincus, on the other hand; or

 

conflicts related to existing or new contractual relationships between us, on the one hand, and Warburg Pincus, on the other hand.

 

Our ordinary shares often trade at different prices on Nasdaq and TASE.

 

Our ordinary shares are traded primarily on the Nasdaq Capital Market and also on the Tel Aviv Stock Exchange (“TASE”). Trading in our ordinary shares on these markets is made in different currencies (U.S. dollars on the Nasdaq Capital Market, and Israeli Shekels on the TASE), and at different times (resulting from different time zones, different trading days and different public holidays in the United States and Israel). Consequently, the trading prices of our ordinary shares on these two markets often differ. Any decrease in the trading price of our ordinary shares on one of these markets could cause a decrease in the trading price of our ordinary shares on the other market. On January 10, 2019, we announced that we are voluntarily delisting the company’s ordinary shares from trading on the TASE and we applied to the TASE to request that TASE initiate the delisting process. The delisting in Israel will not affect our continued listing on the Nasdaq in the United States and all ordinary shares now traded on the TASE may be transferred to the Nasdaq. The delisting of our ordinary shares from trading on the TASE is expected to be on or about April 10, 2019. During the interim period, there could be increased volatility in share trading.

 

U.S. holders of our shares could be subject to material adverse tax consequences if we are considered a “passive foreign investment company” for U.S. federal income tax purposes.

 

We do not believe that we are a passive foreign investment company, and we do not expect to become a passive foreign investment company. However, our status in any taxable year will depend on our assets, income and activities in each year, and because this is a factual determination made annually after the end of each taxable year, there can be no assurance that we will not be considered a passive foreign investment company for the current taxable year or any future taxable years. If we were a passive foreign investment company for any taxable year while a taxable U.S. holder held our shares, such U.S. holder could face adverse U.S. federal income tax consequences, including having gains realized on the sale of our ordinary shares classified as ordinary income, rather than as capital gain, the loss of the preferential rate applicable to dividends received on our ordinary shares by individuals who are U.S. holders, and having interest charges apply to distributions by us and the proceeds of share sales. 

 

U.S. persons who own 10% or more of our ordinary shares may be subject to adverse U.S. tax consequences under the U.S. controlled foreign corporation rules

 

If we or one of our non-U.S. subsidiaries are or become a controlled foreign corporation, or “CFCs,” “10% U.S. Shareholders” (as defined below) may be taxed on their pro rata share of certain of our earnings, even if those earnings are not distributed by us. A non-U.S. corporation is a “CFC” if more than 50% of its shares (by vote or value) are owned by “10% U.S. Shareholders.” A U.S. person is a “10% U.S. Shareholder” if such person owns (directly, indirectly and/or constructively) 10% or more of the total combined voting power of all classes of shares entitled to vote of such corporation or 10% more of the total value of shares of all classes of stock of such corporation.

 

In general, if a U.S. person sells or exchanges stock in a foreign corporation and such person is a “10% U.S. Shareholder” at any time during the 5-year period ending on the date of the sale or exchange when such foreign corporation was a CFC, any gain from such sale or exchange may be treated as a dividend to the extent of the corporation’s earnings and profits attributable to such shares that were accumulated during the period that the shareholder held the shares while the corporation was a CFC (with certain adjustments).

 

The CFC rules are complex. The foregoing is merely a summary of certain potential application of these rules. No assurances can be given that we or one of our non-U.S. subsidiaries are not or will not become a CFC, and certain changes to the CFC constructive ownership rules introduced by recent U.S. tax legislation could, under certain circumstances, cause us to be classified as a CFC. Each holder is urged to consult its tax advisor with respect to the possible application of the CFC rules.

 

28

 

 

We do not intend to pay dividends for the foreseeable future.

 

We have never declared or paid any dividends on our ordinary shares. We intend to retain any earnings to finance the operation and expansion of our business, and we do not anticipate paying any cash dividends in the future. As a result, you may only receive a return on your investment in our ordinary shares if the market price of our ordinary shares increases.

 

Intellectual Property Risks

 

If we fail to adequately protect our intellectual property rights or face a claim of intellectual property infringement by a third party, we could lose our intellectual property rights or be liable for significant damages.

 

We regard our patented and patent pending technology, copyrights, service marks, trademarks, trade secrets and similar intellectual property as critical to our success, and rely on patent, trademark and copyright law, trade secret protection and confidentiality or license agreements with our employees and customers to protect our proprietary rights. See Item 1. Business, Intellectual Property for information pertaining to our patent activities. We may seek to patent certain additional software or other technology in the future. Any such patent applications might not result in patents issued within the scope of the claims we seek, or at all.

 

Despite our precautions, unauthorized third parties may copy certain portions of our technology, reverse engineer or obtain and use information that we regard as proprietary or otherwise infringe or misappropriate our patent or our patent pending technology, trade secrets, copyrights, trademarks and similar proprietary rights. In addition, the laws of some foreign countries do not protect proprietary rights to the same extent as do the laws of the United States. Thus, our means of protecting our proprietary rights in the United States or abroad, as well as our financial resources, may not be adequate, and competitors may independently develop similar technology. Given the cost, effort, risks and downside of obtaining patent protection, including the requirement to ultimately disclose the invention to the public, we may not choose to seek patent protection for certain innovations. However, such patent protection could later prove to be important to our business. Even if issued, there can be no assurance that any patents will have the coverage originally sought or adequately protect our intellectual property, as the legal standards relating to the validity, enforceability and scope of protection of patent and other intellectual property rights are uncertain. Any patents that are issued may be invalidated or otherwise limited, or may lapse or may be abandoned, enabling other companies to better develop products that compete with our solutions, which could adversely affect our competitive business position, business prospects and financial condition.

 

We cannot be certain that our security solutions do not infringe issued patents in certain parts of the world. Therefore, other parties, whether in the United States or elsewhere, may assert infringement claims against us. We may also be subject to legal proceedings and claims from time to time in the ordinary course of our business, including claims of alleged infringement of copyrights, trademarks and other intellectual property rights of third parties by ourselves and our customers. Our customer agreements typically include indemnity provisions, so we may be obligated to defend against third party intellectual property rights infringement claims on behalf of our customers. Such claims, even if not meritorious, could result in the expenditure of significant financial and managerial resources. We may not have the proper resources in order to adequately defend against such claims.

 

Risks Relating to Operations in Israel

 

Conditions in Israel may limit our ability to develop and sell our products, resulting in a decline in revenues.

 

We are incorporated under the laws of the State of Israel. Our principal research and development facilities are located in Israel. Since the establishment of the State of Israel in 1948, a number of armed conflicts have taken place between Israel and its neighboring countries, as well as incidents of civil unrest, and a number of state and non-state actors have publicly committed to its destruction. Political, economic and military conditions in Israel could directly affect our operations. We could be adversely affected by any major hostilities involving Israel, including acts of terrorism or any other hostilities involving or threatening Israel, the interruption or curtailment of trade between Israel and its trading partners, a significant increase in inflation or a significant downturn in the economic or financial condition of Israel. Any on-going or future violence between Israel and the Palestinians, armed conflicts, terrorist activities, tension along the Israeli borders or with other countries in the region, including Iran, or political instability in the region could disrupt international trading activities in Israel and may materially and negatively affect our business and could harm our results of operations. 

 

29

 

 

Certain countries, as well as certain companies and organizations, continue to participate in a boycott of Israeli firms, firms with large Israeli operations and others doing business with Israel and Israeli companies. In addition, such boycott, restrictive laws, policies or practices may change over time in unpredictable ways, and could, individually or in the aggregate, have a material adverse effect on our business in the future. Should the BDS Movement, the movement for boycotting, divesting and sanctioning Israel and Israeli institutions (including universities) and products become increasingly influential in the United States, Europe and around the world, this may also adversely affect our business and financial condition.

 

Some of our employees in Israel, including some of our executive officers, are obligated to perform annual military reserve duty in the Israel Defense Forces, depending on their age and position in the armed forces. Furthermore, they may be called to active reserve duty at any time under emergency circumstances for extended periods of time. Our operations could be disrupted by the absence, for a significant period, of one or more of our executive officers or key employees due to military service, and any significant disruption in our operations could harm our business.

 

Because a substantial portion of our revenues historically have been generated in U.S. dollars (USD) and the Euro (EUR), and a significant portion of our expenses have been incurred in Israeli Shekel (ILS), British Pound (GBP) and Icelandic Krona (ISK), our results of operations may be adversely affected by currency fluctuations.

 

We have generated a substantial portion of our revenues in USD and EUR, and incurred a substantial portion of our expenses, principally salaries and related personnel expenses, office rent and other outside services, in currencies other than USD. Those expenses incurred in Israel are denominated in Shekels, those incurred in the United Kingdom are denominated in GBP and those incurred in Iceland are denominated in ISK. We anticipate that a significant portion of our expenses will continue to be denominated in these currencies. As a result, we are exposed to risk to the extent that the value of the USD depreciates against the ILS, GBP and ISK or to the extent that the value of the USD appreciates against the EUR. In those events, the USD cost of Cyren’s operations will increase and the USD value of Cyren’s revenues will decrease, respectively, and the Company’s USD measured results of operations will be adversely affected. During 2018, the USD value of operating costs denominated in ILS, GBP and ISK decreased due to the appreciation of the USD vs. all such currencies, and the USD value of revenues denominated in EUR decreased due to the appreciation of the USD vs the EUR. During 2017, the USD value of operating costs denominated in ILS, GBP and ISK increased due to the depreciation of the USD vs. all such currencies, and the USD value of revenues denominated in EUR increased due to the depreciation of the USD vs the EUR.

 

We cannot predict the trend for future years. Our operations also could be adversely affected if we are unable to guard against currency fluctuations in the future. To date, we have not engaged in any significant hedging transactions. In the future, we may enter into currency hedging transactions to decrease the risk of financial exposure from fluctuations in the exchange rate of the dollar against the ILS. Foreign currency fluctuations, and our attempts to mitigate the risks caused by such fluctuations, could have a material and adverse effect on our results of operations and financial condition.  

 

The government programs and benefits which we previously received require us to meet several conditions and may be terminated or reduced in the future.

 

We received grants from the Government of Israel through a program with the Israel Innovation Authority, or the IIA (formerly known as the Office of the Chief Scientist of the Israeli Ministry of Economy and Industry, or OCS), pursuant to the Israeli Law for the Encouragement of Industrial Research and Development, 1984, and related regulations (the “R&D Law”), to finance a significant portion of our research and development expenditures in Israel. In 2018 and 2017, we received $228 thousand and $718 thousand, respectively.

 

30

 

 

In order to meet specified conditions in connection with grants and programs of the IIA, we have made representations to the Israel government about our Israeli operations. One of the grants requires a minimum commitment of three years and we are required to share information with other companies and academics. From time to time, the conduct of our Israeli operations has deviated from our forecasts. If we fail to meet the conditions of the grants, including the maintenance of a material presence in Israel, or if there is any material deviation from the representations made by us to the Israeli government, we could be required to refund the grants previously received (together with an adjustment based on the Israeli consumer price index and an interest factor) and would likely be ineligible to receive IIA grants in the future.

 

In addition, the terms of our IIA grants and programs prohibit the manufacture outside of Israel of the product developed in accordance with the program without the prior consent of the Research Committee. Such approval is generally subject to an increase in the total amount to be repaid to the IIA to between 120% and 300% of the amount granted, depending on the extent of the manufacturing that is conducted outside of Israel. In addition, the R&D Law provides that know-how from the research and development and any derivatives thereof, cannot be transferred or licensed to Israeli third parties without the approval of the Research Committee. The R&D Law stresses that it is not just transfer of know-how that is prohibited, but also transfer of any rights in such know-how. Approval of the transfer and/or license may be granted only if the Israeli transferee undertakes to abide by all of the provisions of the R&D Law and regulations promulgated thereunder, including the restrictions on the transfer of know-how and the obligation to pay royalties, if applicable.

 

You may have difficulties enforcing a U.S. judgment against us and our executive officers and directors or asserting U.S. securities laws claims in Israel.

 

Cyren Ltd. is organized under the laws of Israel, and we maintain significant operations in Israel. In addition, a significant portion of our assets are located outside the United States. Service of process upon our non-U.S. resident directors and enforcement of judgments obtained in the United States against them and Cyren Ltd. may be difficult to obtain within the United States. It may be difficult to enforce civil causes of actions under U.S. securities law in original actions instituted in Israel. Israeli courts may refuse to hear a claim based on a violation of U.S. securities laws because Israel is not the most appropriate forum in which to bring such a claim. In addition, even if an Israeli court agrees to hear a claim, it may determine that Israeli law and not U.S. law is applicable to the claim. If U.S. law is found to be applicable, the substance of the applicable U.S. law must be proved as a fact, which can be a time-consuming and costly process. Certain matters of procedure will also be governed by Israeli law. Furthermore, there is little binding case law in Israel addressing these matters.

 

Israeli courts might not enforce judgments rendered outside Israel which may make it difficult to collect on judgments rendered against us. Subject to certain time limitations, an Israeli court may declare a foreign civil judgment enforceable only if it finds that (a) the judgment was rendered by a court which was, according to the laws of the state of the court, competent to render the judgment; (b) the judgment may no longer be appealed; (c) the obligation imposed by the judgment is enforceable according to the rules relating to the enforceability of judgments in Israel and the substance of the judgment is not contrary to public policy; and (d) the judgment is executory in the state in which it was given.

 

Even if these conditions are satisfied, an Israeli court will not enforce a foreign judgment if it was given in a state whose laws do not provide for the enforcement of judgments of Israeli courts (subject to exceptional cases) or if its enforcement is likely to prejudice the sovereignty or security of the State of Israel. An Israeli court also will not declare a foreign judgment enforceable if (i) the judgment was obtained by fraud; (ii) there is a finding of lack of due process; (iii) the judgment was rendered by a court not competent to render it according to the laws of private international law in Israel; (iv) the judgment is at variance with another judgment that was given in the same matter between the same parties and that is still valid; or (v) at the time the action was brought in the foreign court, a suit in the same matter and between the same parties was pending before a court or tribunal in Israel.  

 

In addition, if a foreign judgment is enforced by an Israeli court, it generally will be payable in ILS, which can then be converted into foreign currency at the rate of exchange of such foreign currency on the date of payment. Pending collection, the amount of the judgment of an Israeli court stated in ILS (without any linkage to a foreign currency) ordinarily will be linked to the Israeli consumer price index plus interest at the annual statutory rate prevailing at such time. Judgment creditors bear the risk of unfavorable exchange rates.

 

31

 

 

Provisions of Israeli law may delay, prevent or make difficult an acquisition of Cyren Ltd., which could prevent a change of control and therefore depress the price of our shares.

 

Israeli corporate law regulates mergers and acquisitions of shares through tender offers, requires special approvals for transactions involving officers, directors or significant shareholders and regulates other matters that may be relevant to these types of transactions. Furthermore, Israeli tax considerations may make potential transactions unappealing to us or to our shareholders whose country of residence does not have a tax treaty with Israel exempting such shareholders from Israeli tax. For example, Israeli tax law does not recognize tax-free share exchanges to the same extent as U.S. tax law. With respect to mergers, Israeli tax law allows for tax deferral in certain circumstances but makes the deferral contingent on the fulfillment of a number of conditions, including a holding period of two years from the date of the transaction during which sales and dispositions of shares of the participating companies are subject to certain restrictions. Moreover, with respect to certain share swap transactions, the tax deferral is limited in time, and when such time expires, the tax becomes payable even if no disposition of the shares has occurred. These and other similar provisions could delay, prevent or impede an acquisition of our company or our merger with another company, even if such an acquisition or merger would be beneficial to us or to our shareholders.

 

Your rights and responsibilities as a shareholder will be governed by Israeli law which differs in some respects from the rights and responsibilities of shareholders of U.S. companies.

 

We are incorporated under Israeli law. The rights and responsibilities of the holders of our ordinary shares are governed by our Articles of Association and Israeli law. These rights and responsibilities differ in some respects from the rights and responsibilities of shareholders in typical U.S.-based corporations. In particular, a shareholder of an Israeli company has a duty to act in good faith toward the company and other shareholders and to refrain from abusing its power in the company, including, among other things, in voting at the general meeting of shareholders on matters such as amendments to a company’s articles of association, increases in a company’s authorized share capital, mergers and acquisitions and interested party transactions requiring shareholder approval. In addition, a controlling shareholder, a shareholder who knows that it possesses the power to determine the outcome of a shareholder vote or to appoint or prevent the appointment of a director or executive officer in the company has a duty of fairness toward the company. There is limited case law available to assist us in understanding the implications of these provisions that govern shareholders’ actions. These provisions may be interpreted to impose additional obligations and liabilities on holders of our ordinary shares that are not typically imposed on shareholders of U.S. corporations.

 

We have lost our foreign private issuer status, which will result in significant additional costs and expenses.

 

We have lost our foreign private issuer status, which will result in significant additional costs and expenses. Until January 1, 2019, we were a “foreign private issuer,” as such term is defined in Rule 405 under the U.S. Securities Act of 1933, as amended (the “Securities Act”). As such, we were exempt from certain provisions applicable to U.S. domestic public companies including:

 

the rules under the Securities Exchange Act of 1934, as amended, or Exchange Act, requiring the filing with the SEC of quarterly reports on Form 10-Q and current reports on Form 8-K;

 

the sections of the Exchange Act regulating the solicitation of proxies, consents or authorizations in respect of a security registered under the Exchange Act;

 

the provisions of Regulation FD aimed at preventing issuers from making selective disclosures of material information; and

 

the sections of the Exchange Act requiring insiders to file public reports of their stock ownership and trading activities and establishing insider liability for profits realized from any “short-swing” trading transaction (a purchase and sale, or sale and purchase, of the issuer’s equity securities within less than six months).

 

32

 

 

On January 1, 2019, as a result of losing our foreign private issuer status, we became a “U.S. domestic issuer”. The regulatory and compliance costs to us under U.S. securities laws as a U.S. domestic issuer are significantly higher than the costs we previously incurred as a foreign private issuer. In addition to having to make the above described filings with the U.S. Securities and Exchange Commission, which are more detailed than forms typically filed by a foreign private issuer, we lost our ability to rely upon exemptions from certain corporate governance. We were also required to make certain changes to our corporate governance practices and update certain of our policies to comply with requirements applicable to U.S. domestic issuers. We expect that compliance with these additional requirements will result in significant legal and financial compliance costs and will make some activities more time consuming and costly. In addition, we expect that our management and other personnel will need to divert attention from operational and other business matters to devote substantial time to these requirements.

 

We are a “controlled company” within the meaning of the Nasdaq Listing Rules and may rely on exemptions from certain corporate governance requirements.

 

Warburg Pincus controls a majority of our ordinary shares. As a result, we are a “controlled company” within the meaning of the Nasdaq Listing Rules. Under these rules, a company of which more than 50% of the voting power for the election of directors is held by an individual, a group or another company is a “controlled company” and may elect not to comply with certain Nasdaq corporate governance requirements, including, without limitation (i) the requirement that a majority of the board of directors consist of independent directors, (ii) the requirement that the compensation of our officers be determined or recommended to our board of directors by a compensation committee that is comprised solely of independent directors, and (iii) the requirement that director nominees be selected or recommended to the board of directors by a majority of independent directors or a nominating committee comprised solely of independent directors. At present, five out of ten directors on our board are independent. In the future, we could potentially seek to rely on additional exemptions afforded to a “controlled company,” and in such case, you would not have the same protections afforded to stockholders of companies that are subject to all of the Nasdaq corporate governance requirements.

 

ITEM 1B. UNRESOLVED STAFF COMMENTS

 

Not applicable.

 

ITEM 2. PROPERTIES

 

Our principal executive office in Herzliya, Israel, is approximately 18,342 square feet and houses research and development, sales, marketing, support and administrative personnel. The lease for our Herzliya office expires in April 30, 2023, with a five year extension option.

 

We lease additional offices in the United States and Europe. Our U.S. subsidiary Cyren Inc. is headquartered in McLean, Virginia in an office of approximately 4,707 square feet and it houses executive management, finance, HR and administrative personnel; its office in Sunnyvale, California (approximately 2,497 square feet), is staffed by operations, sales and marketing personnel; and its office in Austin, TX (approximately 9,128 square feet) which houses sales, marketing and support personnel. A portion of our leased office space in the United States has been sub-leased. Our subsidiary Cyren Iceland hf is located in Hafnarfjordur, Iceland in an office of approximately 7,136 square feet, which houses antivirus research and development and operations and some administrative personnel. Our subsidiary Cyren GmbH is based in Berlin, Germany, in an office of approximately 10,333 square feet, which houses research and development, operations, sales, marketing and administrative personnel. Our subsidiary Cyren UK Ltd. is based in Bracknell, UK in an office of approximately 3,180 square feet, which houses sales and marketing personnel.

 

33

 

 

ITEM 3. LEGAL PROCEEDINGS

 

In conjunction with the 2012 acquisition of eleven, the Company entered into an earn-out agreement with the former shareholders that would pay additional consideration based on the revenue performance for the years ending 2012-2015. Subsequently in 2014 the Company had a legal dispute regarding the amount and timing of the earn-out payments and had entered into arbitral proceedings with the former shareholders of eleven. On March 9, 2017, the Company received the arbitral judgement. Pursuant to the judgement, the earn-out consideration balance was increased to reflect additional legal expenses and interest expenses covering the period up to December 31, 2016. During 2017 and 2018, the Company continued to accrue interest on the unpaid earn-out consideration balance. Such interest is reflected in the consolidated statements of operations under financial expenses, net. In May 2018, the Company made a partial payment of the earn-out consideration to five of the six former shareholders, in an amount of $604 thousand. The earn-out consideration balance presented on the Company’s balance sheet as of December 31, 2018 reflects the complete remaining liability relating to the earn-out, including accrued interest. Subsequent to the reporting period, in February 2019, the parties agreed to resolve all pending claims, and on February 28, 2019 the Company paid approximately $2.7 million to settle the earn-out consideration in full. For additional information, please refer to Note 7c(i) of the consolidated financial statements included elsewhere in this Annual Report.

 

In June 2017, zvelo, Inc. (“zvelo”) filed a Statement of Claim in the Tel Aviv District Court. The Company and zvelo had been parties to an agreement for the receipt of certain URL categorization and filtering services. In September 2015, the Company terminated the agreement, effective as of December 31, 2015. zvelo claims that the Company continues to make use of zvelo’s data post termination in breach of the agreement, infringing on zvelo’s rights and commercial secrets, and being unjustly enriched. zvelo is claiming damages of ILS 11,000,000 and an order for the Company to cease from utilizing such data. The Company filed a statement of defense in November 2017, and, in accordance with the court’s recommendation, the parties have engaged in a mediation process. In September 2018 and January 2019, zvelo filed lawsuits against two of the Company’s customers in the District Court for the District of Colorado in the United States alleging trade secret misappropriation and is seeking injunctive relief and monetary damages in an amount to be determined and the Company has agreed to indemnify both clients against these claims. As such, the Company has taken over the representation in these lawsuits. At this early stage, the Company is unable to make any estimations as to the outcome of these litigations.

 

We may, from time to time, be party to litigation and subject to claims that arise in the ordinary course of business. In addition, third parties may, from time to time, assert claims against us in the form of letters and other communications. We currently believe that these ordinary course matters will not have a material adverse effect on our business, consolidated financial position, results of operations or cash flows; however, the results of litigation and claims are inherently unpredictable. Regardless of the outcome, litigation can have an adverse impact on us because of defense and settlement costs, diversion of management resources and other factors.

 

ITEM 4. MINE SAFETY DISCLOSURE

 

Not Applicable.

 

34

 

 

PART II

 

ITEM 5. MARKET FOR REGISTRANT’S COMMON EQUITY, RELATED STOCKHOLDER MATTERS AND ISSUER PURCHASES OF EQUITY SECURITIES

 

Market for our Ordinary Shares

 

Our ordinary shares trade on the Nasdaq Capital Market and the Tel Aviv Stock Market (“TASE”) under the symbol “CYRN”. We announced that we are voluntarily delisting the company’s ordinary shares from trading on the TASE and the delisting of our ordinary shares from trading on the TASE will take place at least 90 days after the date of this announcement and the publication thereof in Israeli newspapers which is expected to be on or about April 10, 2019. As of March 15, 2019, there were 33 record holders of our ordinary shares.

 

Dividends

 

If the Company decides to distribute a cash dividend, Israeli residents who are individuals are generally subject to Israeli income tax at a rate of either 25% or 30%, if the recipient of such dividend is a “substantial shareholder” at the time of distribution or at any time during the preceding 12-month period, unless the cash dividend is paid out of income that has been tax exempt due to an “approved enterprise” status under the Law for the Encouragement of Capital Investments, 5719-1959, in which case the amount of cash dividend will be subject to corporate tax at the rate then in effect under Israeli law. In addition, Israeli resident corporations are generally exempt from Israeli corporate tax for dividends paid on our ordinary shares. Pursuant to the Convention Between the Government of the United States of America and the Government of Israel with Respect to Taxes on Income, as amended (the “U.S.-Israel Tax Treaty”), the maximum tax on dividends paid to a holder of our ordinary shares who qualifies as a resident of the United States within the meaning of the U.S.-Israel Tax Treaty is 25% or 15% in case of dividends paid out of the profits of an “approved enterprise”, subject to certain conditions. Furthermore, dividends not generated by an “approved enterprise” paid to a U.S. corporation holding at least 10% of our issued voting power during the part of the tax year which precedes the date of payment of the dividend and during the whole of its prior tax year (if any), are generally taxed at a rate of 12.5%, subject to certain conditions. The Company has never declared or paid cash dividends on its ordinary shares. However, the Company has not adopted a policy not to pay cash dividends and therefore may declare a dividend in the future. The Company’s current plans are to retain future earnings primarily to finance the development of its business and for other corporate purposes.

 

Equity Compensation Plan Information

 

See “Item 12. Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters” for disclosure regarding our equity compensation plans.

 

Unregistered Sales of Equity Securities

 

On December 5, 2018, the Company issued an aggregate $10.0 million principal amount of convertible notes in a private placement (the “2018 Notes”) to affiliates of an existing minority institutional shareholder. The issuance of the 2018 Notes was made to one purchaser who is an accredited investor in reliance upon the exemption from registration under Section 4(a)(2) of the Securities Act and Rule 506 of Regulation D promulgated thereunder. The issuance of the 2018 Notes to the other purchaser was made in reliance upon the exemption from registration under Regulation S of the Securities Act because the notes were sold to a non-U.S. person, pursuant to an offshore transaction and did not involve any directed selling efforts in the United States. The 2018 Notes are unsecured, unsubordinated obligations of Cyren and carry a 5.75% interest rate, payable semi-annually in (i) 50% cash and (ii) 50% cash or ordinary shares at Cyren’s election. The notes have a 3-year term and mature in December 2021, unless converted in accordance with their terms prior to maturity. The notes have a conversion price of $3.90 per share, which may be subject to adjustment using a weighted average ratchet mechanism based on the size and price of future capital raises and the total shares outstanding. In addition, the notes would be subject to immediate conversion upon any change in control in the Company.

 

Repurchases of our Equity Securities

 

Not applicable.

 

ITEM 6. SELECTED FINANCIAL DATA

 

Not applicable.

 

35

 

 

ITEM 7. MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS

 

The following discussion and analysis of our financial condition and results of operations should be read in conjunction with the information contained in our consolidated financial statements and the notes thereto. The following discussion and analysis includes forward-looking statements that involve certain risks and uncertainties, including, but not limited to, those described in Item 1A. Risk Factors. Our actual results may differ materially from those discussed below. See “Special Note Regarding Forward-Looking Statements” and Item 1A. Risk Factors.

 

Overview

 

Purpose built for the cloud, Cyren is an early pioneer and leading innovator of SaaS security solutions that protect businesses and their employees and customers from threats on the web, in email and on mobile devices. Our mission is to protect people and organizations from cyber threats when they use the internet.

 

Cyren’s cloud-first approach to security sets us apart from other vendors in the market. Cyren is an internet security company that is delivering security results that are disrupting legacy vendors and appliance-based solutions. Our security solutions are architected around the fundamental belief that internet security is a race against time – and the cloud best enables the speed, sophistication and advanced automation needed to detect and block threats as they emerge on the internet.

 

Cyren’s security cloud delivers faster detection and protection, with SaaS security solutions that inspect web and email traffic before it reaches a user’s browser or inbox – often identifying and blocking threats in just seconds. Our SaaS solutions are easy to deploy and manage, delivering critical security and faster innovation, for a low total cost of ownership.

 

Cyren’s cloud security services are sold into two markets:

 

Cyren Cloud Security (CCS) – this SaaS security platform is designed for enterprise customers, and is sold either directly or through channel partners. Cyren Cloud Security (CCS) services currently include Web Security (CWS), Email Security (CES), DNS Security, and Cloud Sandboxing. Each of these service offerings may be purchased separately, or as part of a bundled suite. All products are sold on a per-user SaaS subscription model, providing customers with a quick-to-deploy, easy-to-manage solution and a low total cost of ownership. We market and sell our solutions worldwide both directly through our sales teams and indirectly through our Partner Program where our sales organization actively assists our network of distributors and resellers.

 

Cyren Threat Intelligence Services (TIS) – this platform offers cloud-based cyber threat detection APIs, and SDKs to many of the world’s leading technology and security vendors. Cyren Threat Intelligence Services include Email Security, Web Security, Endpoint Security, and Advanced Threat Protection. These solutions are sold directly to OEMs, embedded security vendors, and service providers that integrate Cyren Threat Intelligence Services and cloud detection services into their infrastructure or security products to protect their customers and users.

 

Key Opportunities and Challenges

 

Threat Landscape

 

Over the last twelve months, possibly the greatest magnitude of significant incidents directly related to malware and cyber threats have occurred since the advent of the internet. From election hacks to global ransomware attacks and cyber breaches, malware threats are at an all-time high. Today, no item or user connected to the internet is immune to attack. While many businesses are still exploring effective security measures, cybercriminals are “all in”, creating dangerous new tools to target companies, governments, and private citizens. We need to be mindful that the world has changed; hyper-evasive malware and threat distribution via HTTPS are growing rapidly, mobile devices are increasingly targets, and Internet of Things (IoT) devices, from refrigerators to televisions, are an inviting new vector for criminal attacks.

 

36

 

 

Cloud and Mobility

 

Businesses are going through a massive change in their IT strategies as they look to drive more business value, agility, and better customer experiences, while cloud and mobility are becoming increasingly important, as evidenced by the following trends:

 

Business internet traffic continues to increase every year;

 

Data and applications are increasingly moving to the cloud;

 

More and more users are working remotely;

 

Buyers continue to move away from traditional on-premise solutions;

 

Mature and legacy on premise deployments are reaching end of life and are increasingly being replaced by cloud and SaaS alternatives;

 

IT security staffing shortages;

 

Increasingly fast, sophisticated, expensive and high-profile attacks target organizations of all sizes;

 

Compliance and regulatory mandates;

 

Heightened cybercrime activity among commercial enterprises and nation states;

 

Automation is increasingly considered critical to accelerating detection and protection;

 

The need to simplify operations through vendor consolidation.

 

These are some of the reasons why we believe Cyren’s vision for 100% cloud security is compelling to IT security teams looking to protect their businesses in today’s cloud-centric mobile-first world.  

 

Investments in Operations, Research and Development and Sales and Marketing

 

Our cost of revenues, research and development expenses, and sales and marketing expenses are all significant contributing factors to our operating losses. Nonetheless, we expect to increase our investments in all three areas in order to grow our revenues. Over time, we expect that our utilization of our cloud infrastructure will increase and provide the opportunity for improved gross margins. Our investments in research and development are required in order to enhance and improve our solutions. In the future, we expect to lower the rate of R&D investment as a percentage of revenue, and we will be able to drive more revenue from existing solutions rather than by adding new solutions. The return on our sales and marketing investment is tied to attracting new customers and enhancing our business with existing customers, thereby lowering the overall sales and marketing costs as a percent of revenues. Finally, we continue to increase our headcount to support the growth of the business, but we expect reducing the historical rate of headcount growth will be key in improving our gross and operating margins over time.

 

Growing Our Enterprise SaaS Business

 

Although all of our services are subscription services, our Enterprise Security-as-a-Service offerings on the CCS platform are typically invoiced up front for an annual contract amount, or the full multi-year contract amount, at the start of the term. As a result, this business is expected to provide a larger immediate contribution to cash flow and better return on investment. As this enterprise business grows as a portion of our overall revenues, we expect to increase deferred revenue and our operating results and cash flow to improve, which will make us less reliant on other sources of capital in the future.

 

Components of our Operating Results

 

Revenue

 

We derive revenues from the sale of real-time cloud-based services for each of Cyren’s email security, web security, antimalware and advanced threat protection offerings.

 

We sell all of our solutions as subscription services, either through OEMs and service providers, which are considered Cyren customers, or as complete security services directly, or indirectly via our partners, to enterprises.

 

37

 

Cost of Revenue

 

Personnel costs, which consist of salaries, benefits, bonuses and stock-based compensation for employees that operate our network and provide support services to our customers, as well as data center costs, are the most significant components of our cost of revenues. Other costs include third party contractors, royalties for use of third party technologies, amortization of intangibles and depreciation of data center equipment. We expect these costs to continue to increase in absolute dollars as we continue to invest in enhancing our cloud infrastructure and our support services.

 

Operating Expenses

 

Our operating expenses consist of research and development, sales and marketing, and general and administrative expenses. Personnel costs, which consist of salaries, benefits, bonuses, and stock-based compensation, are the most significant component of our operating expenses. Operating expenses also include allocated overhead costs for facilities, IT and depreciation. We expect operating expenses to increase in absolute dollars as we continue to grow.

 

Research and Development . Research and development expense consists primarily of personnel costs, outsourced engineering and threat analysis services. We believe these investments are crucial for our ability to continue to enhance the functionality of our services, as well as to develop and introduce new services to the market. We expect research and development expenses to continue increasing in absolute dollars as we continue to invest in our service offerings. Development costs related to internal use technology that supports our security services are capitalized on the balance sheet, while other development costs are expensed as they are incurred.

 

Sales and Marketing . Sales and marketing expenses primarily include personnel costs, sales commissions, marketing activities, and travel associated with sales and marketing. We market and sell our services worldwide through our sales organization and distribution channels. We capitalize sales commissions paid to internal sales personnel and amortize these expenses over an estimated period of benefit that reflects the expected future revenue streams. We expect our sales and marketing expenses to continue to increase in absolute dollars as we continue to enhance our sales and marketing teams to support our further growth. Our sales personnel are typically not immediately productive, and therefore the increase in expenses we incur when adding personnel is not immediately accompanied by increased revenue and in some cases may not result in increased revenue if these new sales personnel are unsuccessful in becoming productive.

 

General and Administrative . General and administrative expenses consist primarily of personnel costs, audit fees, legal expenses, recruiting expenses and other general operating costs. We expect our general and administrative expenses to continue to grow in absolute dollars as we continue our operational growth.

 

Other Income (Expense), net

 

Other income (expense), net consists primarily of capital gain or loss from the sale of assets.

 

Financial Expenses, net

 

Financial expenses, net consist mainly of foreign exchange gains and losses, interest expense on our outstanding debt and interest income earned on our cash and cash equivalents. In 2017 these expenses also included the accretion of discount and the change in fair value associated with convertible notes and their embedded conversion feature.

 

Tax Benefit

 

Our tax benefit is derived primarily from income taxes in foreign jurisdictions in which we conduct business. We estimate income taxes in each of the jurisdictions in which we operate. This process involves determining income tax expense together with calculating the deferred income tax expense related to temporary differences resulting from the differing treatment of items for tax and accounting purposes. Deferred tax assets and liabilities are measured using enacted tax rates in effect for the year in which those temporary differences are expected to be recovered or settled. These temporary differences result in deferred tax assets and liabilities, which are included net as applicable within our balance sheets. For most of our recent years, we have incurred operating losses in Israel and the U.S., where we have recorded a full valuation allowance against our deferred tax assets in those jurisdictions.

 

38

 

 

Results of Operations

 

The following table sets forth financial data for the years ended December 31, 2018 and 2017 (in thousands):

 

    Year ended December 31,  
    2018     2017  
Revenues   $ 35,900     $ 30,799  
Cost of revenues     14,540       11,899  
Gross profit     21,360       18,900  
Operating expenses:                
Research and development, net     16,116       9,825  
Sales and marketing     16,202       15,551  
General and administrative     8,343       7,286  
Total operating expenses     40,661       32,662  
Operating loss     (19,301 )     (13,762 )
Other income (expense), net     (11 )     452  
Financial expense, net     (255 )     (2,380 )
                 
Loss before taxes on income     (19,567 )     (15,690 )
Tax benefit     153       42  
                 
Loss   $ (19,414 )   $ (15,648 )

 

Comparison of Years Ended December 31, 2018 and 2017

 

Revenues . 2018 revenues of $35.9 million increased by $5.1 million from $30.8 million in 2017, which represents a 17% year-over-year increase. The increase was mainly driven by a contract expansion with our largest customer which accounted for an additional $4.3 million in revenues during 2018 compared to 2017 as well as the addition of approximately 230 new customers in the Enterprise business, ranging in size from a few hundred seats to our largest enterprise account which now stands at over 100,000 seats. This increase was offset by several terminations of partner contracts in the Threat Intelligence business, mostly due to customers who were unwilling or unable to absorb price increases upon renewal, or which were ending the life of their product offerings which utilized our services. The overall trend in both our Enterprise and Threat Intelligence business lines is positive as we continue to offer additional products and services to our partners while disengaging from partners that have a different product focus or that are principally driven by price.

 

Cost of Revenues. Cost of revenues for 2018 totaling $14.5 million increased by $2.6 million from $11.9 million in 2017, which represents a 22% increase year-over-year. The increase is mainly due to our continued investment in enhancing our network and customer support capabilities through increased outside services expenses and increased payroll and related expenses. Headcount associated with cost of revenues increased from 34 to 42 employees during 2018. Payroll and related expenses increased by $1.2 million, and outside services and datacenter costs increased by $0.8 million during 2018 compared to 2017. These increases are required as a foundation for the continued growth in the Enterprise line of business. In addition, we also incurred an increase in amortization of capitalized development expenses of $0.5 million compared to 2017, as a result of capitalized projects which were released to customers. This increase had an accounting impact of reducing the gross margin in accordance with U.S. GAAP.

 

Research and Development, Net. Research and development expenses for 2018 in the amount of $16.1 million increased by $6.3 million compared to $9.8 million in 2017, which represents a 64% annual increase. The increase is mainly due to an approximate $3.1 million increase in payroll and related expenses and $1.2 million increase in outside services and outsourced engineering expenses associated with our increased investment in R&D, as well as an increase of $1.6 million due to a reduction in the capitalization of development expenses during 2018 in comparison to 2017. R&D headcount during 2018 increased from 110 to 140 employees.

  

39

 

 

Sales and Marketing . Sales and marketing expenses for 2018 totaling $16.2 million increased by $0.6 million, compared to $15.6 million in 2017. The increase is mainly due to a $0.3 million increase in payroll and related expenses and a $0.3 million increase in expenses related to marketing activities as we continue to invest in sales and marketing to increase brand awareness and expand our enterprise customer base. Sales and Marketing headcount during 2018 decreased from 66 to 62 employees, although headcount levels had remained at higher levels throughout most of the year.

 

General and Administrative . General and administrative expenses for 2018 of $8.3 million increased by $1.0 million, compared to $7.3 million in 2017, which represents a 14% annual increase. The increase is mainly due to an increase of $0.4 million in recruiting expenses, an increase of $0.3 million due to expenses associated with expanding the board of directors, an increase of $0.2 million in legal and audit expenses and an increase of $0.1 million in payroll and related expenses. G&A headcount during 2018 increased from 29 to 34 employees.

 

Other Income (Expense), Net . We did not have any significant other income (expense), net, in 2018, compared to $0.5 million other income in 2017. The income in 2017 was generated upon the sale of the Company’s shares in imatrix in Japan. Please refer to Note 12b in the consolidated financial statements included elsewhere in this Annual Report for further details.

 

Financial Expense, Net . Financial expenses, net, for 2018 of $0.3 million decreased by $2.1 million, compared to $2.4 million in 2017. The decrease is mainly due to a $0.6 million decrease in interest expenses associated with the convertible notes issued in March 2017, which were held through December 24, 2017, while the convertible notes issued in December 2018 only generated interest for a short period during the year. In 2017 we also recorded $1.3 million expenses resulting from the change in fair value of the embedded conversion feature associated with the convertible notes, when the note were converted to equity as a result of the change of control. Please see Note 2l in the consolidated financial statements included elsewhere in this Annual Report for further details on the accounting policy for derivatives. In addition, during 2018 we also recorded a decrease of $0.1 million in the expenses resulting from the effect of foreign currency exchange rate fluctuation.

 

Effective Corporate Tax Rates

 

Corporate tax rates and real capital gains tax in Israel were 23% in 2018 and 24% in 2017.

  

The Company’s German subsidiary is subject to German tax at a consolidated rate of approximately 30%.

 

Other non-Israeli subsidiaries are taxed according to the tax laws in their respective countries of residence.

 

We do not provide deferred tax liabilities when we intend to reinvest earnings of foreign subsidiaries indefinitely. As of December 31, 2018 there are no undistributed earnings of foreign subsidiaries. 

 

We may currently qualify as an “industrial company” within the definition of the Law for the Encouragement of Industry (Taxation), as such, we may be eligible for certain tax benefits, including, inter alia, special depreciation rates for machinery, equipment and buildings, amortization of patents, certain other intangible property rights and deduction of share issuance expenses.

 

U.S. Tax Reform

 

On December 22, 2017, the United States enacted the Tax Cuts and Jobs Act (the “U.S. Tax Reform”); a comprehensive tax legislation that includes significant changes to the taxation of business entities. These changes include several key tax provisions that might impact us, among others: (i) a permanent reduction to the statutory federal corporate income tax rate from 35% to 21% effective for tax years beginning after December 31, 2017; (ii) a partial limitation on the tax deductibility of business interest expense; (iii) a shift of the U.S. taxation of multinational corporations from a tax on worldwide income to a territorial system (along with certain rules designed to prevent erosion of the U.S. income tax base) and (iv) a one-time deemed repatriation tax on accumulated offshore earnings held in cash and illiquid assets, with the latter taxed at a lower rate.

 

40

 

 

Net Operating Loss Carry-Forwards

 

As of December 31, 2018, Cyren’s net operating loss carryforwards for tax purposes amounted to $80.1 million and capital loss carryforwards of $17.8 million which may be carried forward and offset against taxable income in the future, for an indefinite period.

 

As of December 31, 2018 the U.S. subsidiary had net operating loss carryforwards of $40.3 million for federal tax purposes and $8.8 million for state tax purposes. These losses may offset any future U.S. taxable income of the U.S. subsidiary and will expire in the years 2019 through 2038.

 

On December 24, 2017, a “change in the respective ownership” event occurred upon the completion of the Warburg Pincus tender offer as described in Note 8b, and in accordance with the relevant provisions of the Internal Revenue Code 382 of 1986 and similar state provisions. Therefore, utilization of U.S. net operating losses are subject to substantial annual limitation. Management believes that the annual limitations will result in the partial expiration of net operating losses before utilization.

 

Management currently believes that based upon its estimations for future taxable income, it is more likely than not that the deferred tax assets regarding the loss carryforwards will not be utilized in the foreseeable future. Thus, a valuation allowance was provided to reduce deferred tax assets to their realizable value.

 

Liquidity and Capital Resources

 

We finance our operations primarily from our cash and cash equivalents and cash from operations. As of December 31, 2018 and December 31, 2017, we had approximately $17.6 million and $24.0 million of cash and cash equivalents, respectively.

 

In March 2017 we issued $6.3 million aggregate principal amount of convertible notes (subsequently converted in full) and in November 2017 we received gross proceeds of $19.6 million when we issued approximately 10.6 million ordinary shares for $1.85 per share to Warburg Pincus upon the completion of the Private Placement (described in more detail below). In December 2018 we issued the 2018 Notes for $10.0 million aggregate principal amount of convertible notes, which have a three year term and carry a 5.75% interest rate.

 

Our future capital requirements will depend on many factors, including, but not limited to our growth, market acceptance of our offerings, the timing and extent of spending to support our efforts to develop our platform and the expansion of sales and marketing activities. We may be required to seek additional equity or debt financing. In the event that additional financing is required from outside sources, we may not be able to raise it on terms acceptable to us or at all. If we are unable to raise additional capital when desired, our business, financial condition and results of operations could be adversely affected.

 

Outlook

 

During 2019, we expect to continue to incur capital expenditures associated with R&D and data center infrastructure.  Over the past several years, the Company has devoted substantially most of its effort to research and development, product development and increasing revenues through additional investments in sales & marketing. The Company generated a loss of $19.4 million and negative cash flow of $11.4 million from operating activities in the twelve month period ended December 31, 2018, and has an accumulated deficit of $213.1 million as of December 31, 2018. The Company is planning to finance its operations from its existing and future working capital resources and to continue to evaluate additional sources of capital and financing. However, there is no assurance that additional capital and/or financing will be available to the Company, and even if available, whether it will be on terms acceptable to the Company or in amounts required. Accordingly, the Company’s Board approved a contingency plan, to be effected if needed, in whole or in part, at its discretion, to allow the Company to continue its operations and meet its cash obligations. The contingency plan consists of cost reduction, which include mainly the following steps: reduction in consultants’ expenses, headcount, compensation paid to key management personnel and capital expenditures. The Company and the Board believes that its existing capital resources and other future measures that may be implemented, if so required, will be adequate to satisfy its expected liquidity requirements for at least twelve months from the filing date.

 

41

 

 

Cash Flows from Operating Activities

 

In 2018, net cash used in operating activities was $11.5 million and was primarily due to a net loss of $19.4 million adjusted for non-cash activity of $4.2 million amortization of intangible assets, $1.9 million depreciation of property and equipment, $1.4 million stock-based compensation expenses, $1.4 million amortization of deferred commissions, $0.7 million increase in deferred revenues, $0.5 million increase in employee and payroll accruals, accrued expenses and other liabilities, and offset by an increase in deferred commissions of $2.3 million.

 

In 2017, net cash used in operating activities was $7.2 million and was primarily due to a net loss of $15.6 million adjusted for non-cash activity of $3.7 million amortization of intangible assets, $1.3 million depreciation of property and equipment, $2.1 million stock-based compensation expenses, $1.3 million change in fair value of the embedded conversion feature on the convertible notes, a $0.8 million increase in employees and payroll accruals, accrued expenses and other liabilities, and offset by a decrease in deferred revenues of $0.8 million.

 

Cash Flows from Investing Activities

 

  In 2018, net cash used in investing activities consisted of $2.0 million for capitalization of technology and $3.3 million used to purchase property and equipment.

 

In 2017, net cash used in investing activities consisted of $3.6 million for capitalization of technology and $1.8 million used to purchase property and equipment, offset by $0.5 million proceeds from sale of investment in affiliate.

   

Our capital expenditures over the last three years consisted primarily of continued investment in R&D and also purchases of property and equipment to modernize and expand our data centers and to invest in our infrastructure in order to support new business and the growth of the Company.

 

Cash Flows from Financing Activities

 

In 2018, net cash generated by financing activities was $10.8 million and was due to net proceeds of $10.0 million from the issuance of convertible notes, $1.4 million proceeds from exercise of options, and offset by $0.6 million payment of earn-out consideration.

 

In 2017, net cash generated by financing activities was $25.4 million and was due to net proceeds of $19.0 million from the Private Placement, $6.3 million proceeds from the issuance of convertible notes and $0.1 million proceeds from the exercise of options.

   

Working Capital

 

As of December 31, 2018 and 2017 we had positive working capital of $7.7 million and $14.3 million, respectively. The decrease in working capital during 2018 is primarily due to our negative cash flow from operating and investing activities, and the lower amount of capital raised compared to 2017.

 

Convertible Notes

 

2017 Notes

 

On March 27, 2017, we issued $6.3 million aggregate principal amount of convertible notes (the “2017 Notes”) in a private placement. The 2017 Notes were unsecured, unsubordinated obligations of Cyren and carried a 5.0% interest rate, payable semi-annually in (i) 50% cash and (ii) 50% cash or ordinary shares at Cyren’s election. The 2017 Notes had a 2.5-year term and were expected to mature in September 2019, unless converted in accordance with their terms prior to maturity. The 2017 Notes had a conversion price of $2.50 per share subject to adjustment in the event of a future equity issuance priced at less than $2.10 per share. In addition, the 2017 Notes were subject to immediate conversion upon a change in control in the Company. On September 27, 2017, we issued 11,595 shares on account of accrued interest based on a conversion price of $2.50 per share.

 

42

 

 

On November 6, 2017, we completed a private offering to Warburg Pincus at a price per share of $1.85 as described under ’ Private Placement’ below. According to the terms of the 2017 Notes, the conversion price was adjusted to $1.85. 

 

On November 30, 2017, $925,000 of the 2017 Notes balance was converted into 500,000 shares at a price per share of $1.85.

 

On December 24, 2017, Warburg Pincus completed a public tender offer for Cyren shares which resulted in Warburg Pincus holding approximately 52% of the Company’s shares. In accordance with the terms of the 2017 Notes, this constituted a change of control event, and the 2017 Notes including all accrued interest as of December 24, 2017 were converted into 2,944,813 shares at a price per share of $1.85.

 

2018 Notes

 

On December 5, 2018, the Company issued an aggregate $10.0 million principal amount of convertible notes in a private placement (the “2018 Notes”) to affiliates of an existing minority institutional shareholder. The 2018 Notes are unsecured, unsubordinated obligations of Cyren and carry a 5.75% interest rate, payable semi-annually in (i) 50% cash and (ii) 50% cash or ordinary shares at Cyren’s election. The notes have a 3-year term and mature in December 2021, unless converted in accordance with their terms prior to maturity. The notes have a conversion price of $3.90 per share, which may be subject to adjustment using a weighted average ratchet mechanism based on the size and price of future capital raises and the total shares outstanding. In addition, the notes would be subject to immediate conversion upon any change in control in the Company.

 

Earn-Out Consideration

 

In conjunction with the 2012 acquisition of eleven, the Company entered into an earn-out agreement with the former shareholders that would pay additional consideration based on the revenue performance for the years ending 2012-2015. Subsequently in 2014 the Company had a legal dispute regarding the amount and timing of the earn-out payments and had entered into arbitral proceedings with the former shareholders of eleven. On March 9, 2017, the Company received the arbitral judgement. Pursuant to the judgement, the earn-out consideration balance was increased to reflect additional legal expenses and interest expenses covering the period up to December 31, 2016. During 2017 and 2018, the Company continued to accrue interest on the unpaid earn-out consideration balance. Such interest is reflected in the consolidated statements of operations under financial expenses, net. In May 2018, the Company made a partial payment of the earn-out consideration to five of the six former shareholders, in an amount of $604 thousand. The earn-out consideration balance presented on the Company’s balance sheet as of December 31, 2018 reflects the complete remaining liability relating to the earn-out, including accrued interest. Subsequent to the reporting period, in February 2019, the parties agreed to resolve all pending claims, and on February 28, 2019 the Company paid approximately $2.7 million to settle the earn-out consideration in full. For additional information, please refer to Note 7c(i) of the consolidated financial statements included elsewhere in this Annual Report.

 

Private Placement

 

On November 6, 2017, we completed a private placement in which we issued approximately 10.6 million ordinary shares (the “Private Placement”) to WP XII BV, an entity controlled by funds affiliated with Warburg Pincus, for $1.85 per share, representing gross proceeds of approximately $19.6 million to us. As a result of the Private Placement, Warburg Pincus became the owner of approximately 21.3% of our outstanding share capital.

 

Registration Statements

 

In connection with the Private Placement described above, we and Warburg Pincus entered into a registration rights agreement, which, among other things, provides Warburg Pincus with three demand registration rights, piggyback and shelf registration rights. The demand registration rights may be exercised starting August 6, 2018, subject to certain customary blackout periods. In addition, as of November 6, 2019, at the request of Warburg Pincus, we will be required to file a shelf registration statement covering the sale of Warburg Pincus’s shares.

 

43

 

 

On September 21, 2018, we filed a shelf registration statement on Form F-3 with the SEC, which we intend to convert to a Form S-3 after the filing of this Annual Report. This registration statement enables us to issue debt securities, ordinary shares, warrants or subscription rights up to an aggregate amount of $50 million. Under the rules governing shelf registration statements, we will file a prospectus supplement with the SEC which describes the amount and type of securities being offered each time we issue securities under this registration statement. No securities have been issued under this registration statement from September 21, 2018 through the date of the filing of this Form 10-K.

 

Off-Balance Sheet Arrangements

 

Not applicable.

 

Critical Accounting Policies and Estimates

 

This section is based upon our consolidated financial statements, which have been prepared in accordance with accounting principles generally accepted in the United States (“U.S. GAAP”). The preparation of these financial statements requires management to make estimates, judgements and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes. Actual results could differ from those estimates. On an ongoing basis, the Company’s management evaluates estimates, including those related to fair value and useful lives of intangible assets, fair value of earn-out liabilities, valuation allowance on deferred tax assets, income tax uncertainties, fair values of stock-based awards, other contingent liabilities and estimates used in applying the revenue recognition policy. Such estimates are based on historical experience and on various other assumptions that are believed to be reasonable, the results of which form the basis for making judgments about the carrying values of assets and liabilities.

 

The critical accounting policies requiring estimates, assumptions, and judgements that we believe have the most significant impact on our consolidated financial statements are described below.

 

Intangible Assets

 

Intangible assets that are not considered to have an indefinite useful life are amortized over their estimated useful lives, which range from 1 to 15 years. Acquired customer contracts and relationships are amortized over their estimated useful lives in proportion to the economic benefits realized. This accounting policy results in accelerated amortization of such customer contracts and relationships arrangements as compared to the straight-line method. Technology, Intellectual Property and Trademark are amortized over their estimated useful lives on a straight-line basis.

 

Impairment of Long-Lived Assets

 

The Company’s long-lived assets and identifiable intangibles are reviewed for impairment in accordance with ASC 360 “Property, Plant and Equipment”, whenever events or changes in circumstances indicate that the carrying amount of an asset may not be recoverable.

 

Recoverability of these assets is measured by comparison of the carrying amount of each asset group to the future undiscounted cash flows the asset group is expected to generate. If the asset is considered to be impaired, the amount of any impairment is measured as the difference between the carrying value and the fair value of the impaired asset.

 

For each of the two years in the period ended December 31, 2018, no impairment losses have been identified.

 

44

 

 

Goodwill

 

Goodwill represents the excess of the purchase price in a business combination over the fair value of net tangible and intangible assets acquired. Goodwill is not amortized, but rather is subject to an impairment test.

 

The Company performs an annual impairment test at December 31, of each fiscal year, or more frequently if impairment indicators are present. The Company operates in one operating segment, and this segment comprises its only reporting unit.

 

ASC 350 prescribes a two-phase process for impairment testing of goodwill. The first phase screens for impairment, while the second phase (if necessary) measures impairment. Goodwill impairment is deemed to exist if the net book value of a reporting unit exceeds its estimated fair value determined using market capitalization. In such case, the second phase is then performed, and the Company measures impairment by comparing the carrying amount of the reporting unit’s goodwill to the implied fair value of that goodwill. An impairment loss is recognized in an amount equal to the excess. ASC 350 allows an entity to first assess qualitative factors to determine whether it is necessary to perform the two-step quantitative goodwill impairment test. An entity is not required to calculate the fair value of a reporting unit unless the entity determines, based on a qualitative assessment, that it is more likely than not that its fair value is less than its carrying amount. Alternatively, ASC 350 permits an entity to bypass the qualitative assessment for any reporting unit and proceed directly to performing the first step of the goodwill impairment test. Accordingly, the Company elected to proceed directly to the first step of the quantitative goodwill impairment test and compares the fair value of the reporting unit with its carrying value.

 

For each of the two years in the period ended December 31, 2018, no impairment losses have been identified.

 

Fair Value Measurements

 

The carrying amounts of cash and cash equivalents, trade receivables, prepaid expenses, other receivables and trade payables, approximate their fair values due to the short-term maturities of such financial instruments.

 

Fair value is an exit price, representing the amount that would be received to sell an asset or paid to transfer a liability in an orderly transaction between market participants. As such, fair value is a market-based measurement that should be determined based on assumptions that market participants would use in pricing an asset or a liability. A three-tiered fair value hierarchy is established as a basis for considering such assumptions and for inputs used in the valuation methodologies in measuring fair value:

 

Level 1 - Quoted prices (unadjusted) in active markets for identical assets or liabilities that the Company can access at the measurement date.

 

Level 2 - Inputs other than quoted prices included within Level 1 that are observable for the asset or liability, either directly or indirectly.

 

Level 3 - Unobservable inputs for the asset or liability.

 

The availability of observable inputs can vary from instrument to instrument and is affected by a wide variety of factors, including, for example, the type of instrument, the liquidity of markets and other characteristics particular to the transaction. To the extent that valuation is based on models or inputs that are less observable or unobservable in the market, the determination of fair value requires more judgment and the instruments are categorized as Level 3.

 

The fair value hierarchy also requires an entity to maximize the use of observable inputs and minimize the use of unobservable inputs when measuring fair value.

 

Revenue Recognition

 

Effective January 1, 2018, the Company adopted the requirements of ASC 606 under the modified retrospective method of transition which was applied to all customer contracts that were not completed on the effective date of ASC 606. The Company implemented internal controls and key system functionality to enable the preparation of financial information on adoption. The adoption of ASC 606 resulted in changes to the Company’s accounting policies for revenue recognition previously recognized under ASC 605 as detailed below.

 

45

 

 

Revenue Recognition Policy

 

The Company derives its revenues from the sale of real-time cloud-based services for each of Cyren’s email security, web security, antimalware and advanced threat protection offerings.

 

The Company sells all of its solutions as subscription services, either through OEMs, which are considered end-users, or as complete security services directly, or via our partners, to enterprises.

 

The Company recognizes revenue under the core principle that transfer of control to the Company’s customers should be depicted in an amount reflecting the consideration the Company expects to receive in revenue.

 

Subscription Service Revenue - Subscription service revenue is derived from a subscription-based licensing model with contract terms typically ranging from one to three years, and consists of (1) subscription fees from the licensing of the Company’s security-as-a-service platform or Threat Intelligence Services and (2) subscription fees for real-time threat updates and software with support and related future updates where the software updates are critical to the customers’ ability to derive benefit from the software due to the fast changing nature of the technology. These function together as one performance obligation. The hosted on-demand service arrangements do not provide customers with the right to take possession of the software supporting the hosted services. Support revenue is derived from ongoing security updates, upgrades, bug fixes, and maintenance. A time-elapsed method is used to measure progress because the Company transfers control evenly over the contractual period. Accordingly, the fixed consideration related to subscription service revenue is generally recognized on a straight-line basis over the contract term beginning on the date access is provided, as long as other revenue recognition criteria have been met. Most of the company’s contracts are non-cancelable over the contract term. Customers typically have the right to terminate their contract for cause if the Company fails to perform in accordance with the contractual terms. Some of the Company’s customers have the option to purchase additional subscription services at a stated price. These options are evaluated on a case-by-case basis but generally do not provide a material right as they are priced at or above the Company’s standalone selling price and, as such, would not result in a separate performance obligation.

 

Variable Consideration - Revenue from sales is recorded at the net sales price, which is the transaction price, and includes estimates of variable consideration. The amount of variable consideration that is included in the transaction price is constrained, and is included in the net sales price only to the extent that it is probable that a significant reversal in the amount of the cumulative revenue will not occur when the uncertainty is resolved. If the Company’s services or products do not meet certain service level commitments, the Company’s customers are entitled to receive service credits representing a form of variable consideration. The Company has not historically experienced any significant incidents affecting the defined levels of reliability and performance as required by the Company’s subscription contracts. Accordingly, there are no estimated refunds related to these contracts in the consolidated financial statements during the periods presented.

 

Deferred Commissions

 

The Company capitalizes sales commissions paid to internal sales personnel that are generally incremental to the acquisition of customer contracts. These costs are recorded as deferred commissions on the consolidated balance sheets. The Company determines whether costs should be deferred based on its sales compensation plans, if the commissions are incremental and would not have occurred absent the customer contract. Sales commissions for renewal of a subscription contract are not considered commensurate with the commissions paid for the acquisition of the initial subscription contract given the substantive difference in commission rate between new and renewal contracts. Commissions paid upon the initial acquisition of a contract are amortized over an estimated period of benefit while commissions paid related to renewal contracts are amortized over a contractual renewal period. Amortization is recognized based on the expected future revenue streams under the customer contracts. Amortization of deferred sales commissions is included in sales and marketing expense in the accompanying consolidated statements of operations. The Company determines the period of benefit for commissions paid for the acquisition of the initial subscription contract by taking into consideration factors such as peer estimates of technology lives and customer lives as well as the Company’s own historical data. The Company classifies deferred commissions as current or long-term based on the timing of when the Company expects to recognize the expense. The Company periodically reviews these deferred commission costs to determine whether events or changes in circumstances have occurred that could impact the period of benefit of these deferred contract acquisition costs. There were no material impairment losses recorded during the periods presented.

 

46

 

 

Capitalized Technology

 

The Company capitalizes development costs incurred during the application development stage which are related to internal-use technology that supports its security services. Costs related to preliminary project activities and post implementation activities are expensed as incurred as research and development costs on the statements of operations. Capitalized internal-use technology is included in intangible assets on the balance sheet and is amortized on a straight-line basis over its estimated useful life, which is generally one to three years. Amortization expenses are recognized under cost of goods sold. Management evaluates the useful lives of these assets on an annual basis and tests for impairment whenever events or changes in circumstances occur that could impact the recoverability of these assets.

 

Accounting for Stock–Based Compensation

 

ASC 718 - “Compensation-stock Compensation”- (“ASC 718”) requires companies to estimate the fair value of equity-based payment awards on the date of grant using an option-pricing model. The value of the portion of the award that is ultimately expected to vest is recognized as an expense over the requisite service periods in the Company’s consolidated statements of operations.

 

The Company recognizes compensation expense for the value of its awards on a straight-line basis over the requisite service period of each of the awards, net of estimated forfeitures. Estimated forfeitures are based on actual historical pre-vesting forfeitures. ASC 718 requires forfeitures to be estimated at the time of grant and revised, if necessary, in subsequent periods if actual forfeitures differ from those estimates. Estimated forfeitures are based on actual historical pre-vesting forfeitures (pursuant to the adoption of ASU 2016-09, the Company made a policy election to estimate the number of awards that are expected to vest).

 

The Company estimates the fair value of stock options granted using the Black-Scholes option-pricing model. The option-pricing model requires a number of assumptions, of which the most significant are the expected stock price volatility and the expected option term. Expected volatility was calculated based upon actual historical stock price movements over the most recent periods ending on the grant date, equal to the expected term of the options. The expected term of options granted represents the period of time that options granted are expected to be outstanding, based upon historical experience. The risk-free interest rate is based on the yield from U.S. treasury bonds with an equivalent term. The Company has historically not paid dividends and has no foreseeable plans to pay dividends.

 

The Company applies ASC 718, and ASC 505-50, “Equity Based Payments to Non-Employees” (“ASC 505-50”), with respect to options issued to non-employees.

 

The fair value for options granted in 2018 and 2017 is estimated at the date of grant using a Black-Scholes options pricing model with the following assumptions:

 

    Year ended December 31,  
Stock options   2018     2017  
             
Volatility     49%-51 %     44%-51 %
Risk-free interest rate     2.3%-3.1 %     1.2%-2.1 %
Dividend yield     0 %     0 %
Expected life (years)     3.6-5.0       3.5-5.1  

 

Accounting for Income Tax

 

The Company accounts for income taxes in accordance with ASC 740, “Income Taxes” (“ASC 740”). ASC 740 prescribes the use of the liability method whereby deferred tax asset and liability account balances are determined based on differences between financial reporting and tax bases of assets and liabilities and are measured using the enacted tax rates and laws that will be in effect when the differences are expected to reverse. The Company provides a valuation allowance to reduce deferred tax assets to amounts more likely than not to be realized.

 

ASC 740 contains a two-step approach to recognizing and measuring a liability for uncertain tax positions. The first step is to evaluate the tax position taken or expected to be taken in a tax return by determining if the weight of available evidence indicates that it is more likely than not that, on an evaluation of the technical merits, the tax position will be sustained on audit, including resolution of any related appeals or litigation processes. The second step is to measure the tax benefit as the largest amount that is more than 50% (cumulative basis) likely to be realized upon ultimate settlement.

 

Loss Contingencies

 

We are subject to the possibility of various loss contingencies arising in the ordinary course of business. We consider the likelihood of loss or impairment of an asset, or the incurrence of a liability, as well as our ability to reasonably estimate the amount of loss, in determining loss contingencies. An estimated loss contingency is accrued when it is probable that an asset has been impaired or a liability has been incurred and the amount of loss can be reasonably estimated. If we determine that a loss is possible and the range of the loss can be reasonably determined, then we disclose the range of the possible loss. We regularly evaluate current information available to us to determine whether an accrual is required, an accrual should be adjusted or a range of possible loss should be disclosed.

 

47

 

   

Recent Accounting Pronouncements

 

Refer to Note 2 of the notes to our consolidated financial statements included in Part II, Item 8 of this Annual Report on form 10-K for a full description of recent accounting pronouncements.

 

  Off-Balance Sheet Arrangements

 

Not applicable.

 

ITEM 7A. QUANTITATIVE AND QUALITATIVE DISCLOSURES ABOUT MARKET RISK

 

Not required for smaller reporting companies.

 

Special Note Regarding Forward-Looking Statements

 

This Annual Report contains “forward-looking statements” within the meaning of Section 27A of the Securities Act and Section 21E of the Exchange Act. These statements concern expectations, beliefs, projections, plans and strategies, anticipated events or trends and similar expressions concerning matters that are not historical facts. We urge you to consider that statements which use the terms “anticipate,” “believe,” “expect,” “plan,” “intend,” “estimate”, “will” and similar expressions are intended to identify forward-looking statements. Specifically, this Annual Report contains forward-looking statements regarding:

 

our intention to release two new enterprise-focused product offerings on the CCS platform in 2019 and the anticipated solutions such offerings will provide to our customers;

 

our expectations regarding our integrated offering and our partnership with Microsoft;

 

our expectations regarding our future profitability and revenue growth;

 

our expectations regarding increases in cost of revenue and operating expenses, including as a result of our anticipated investments in R&D;

 

our beliefs regarding the importance of R&D;

 

our expectation to drive more revenue from existing solutions rather than by adding new solutions in the future;

 

our expectations regarding reducing the historical rate of headcount growth and its resulting impact on our gross and operating margins over time;

 

our expectations regarding our business strategies, including our contingency plan;

 

our expectations regarding growth of our enterprise business and its expected impact on our business, including its contribution to our cash flow and return on investment;

 

our expectations regarding our capital expenditures for 2019;

 

our belief regarding the adequacy of our existing financial resources to satisfy our expected liquidity requirements;

 

our beliefs regarding our competitive position in the market in which we operate;

 

our expectations regarding the regulatory environment of data privacy in the EU;

 

our anticipated significant investments in R&D and promotion of our brand;

 

our expectations regarding trends in the market for internet security and technology industry;

 

our expectations regarding existing and new threats, key challenges and opportunities in our industry and their impact on our business, including the impact of innovations in the technology industry;

 

48

 

 

our expectations regarding our CEO transition;

 

our expectations regarding the increase in utilization of our cloud infrastructure and the resulting impact on our gross margins;

 

our expectations regarding continued and future customers that will contribute to our revenue, and the solutions we provide to such customers;

 

our beliefs regarding factors that make our vision compelling to the IT security market;

 

our expectations regarding the locations where we conduct our business;

 

our expectation to delist from the TASE and the timing of such delisting;

 

our belief regarding passive foreign investment company status;

 

our expectations regarding the significant costs associated with loss of our foreign private issuer status;

  

our expectations regarding the impact of litigation;

 

our beliefs regarding our net operating loss carry-forwards; and

 

our expectations and estimates regarding certain tax and accounting matters, including the impact on our financial statements.

 

These forward-looking statements reflect our current views about future events and are subject to risks, uncertainties and assumptions. We wish to caution readers that certain important factors may have affected and could in the future affect our actual results and could cause actual results to differ significantly from those expressed in any forward-looking statement. The most important factors that could prevent us from achieving our goals, and cause the assumptions underlying forward-looking statements and the actual results to differ materially from those expressed in or implied by those forward-looking statements include, but are not limited to, the following:

 

our ability to execute our business strategies, including our sales and business development plan;

 

our ability to timely and successfully enhance and improve our existing solutions and introduce our new solutions;

 

the commercial success of such enhancements and new solutions;

 

lack of demand for our solutions, including as a result of actual or perceived decreases in levels of advanced cyber attacks;

 

our ability to manage our cost structure, avoid unanticipated liabilities and achieve profitability;

 

our ability to grow our revenues, including the ability of existing solutions to drive sufficient revenue;

 

our ability to attract new customers and increase revenue from existing customers;

 

market acceptance of our existing and new product offerings;

 

the success of our partnership with Microsoft, including our ability to successfully integrate our web security technology into its platform;

 

our ability to adapt to changing technological requirements and shifting preferences of our customers and their users;

 

loss of any of our large customers;

 

adverse conditions in the national and global financial markets;

 

the impact of currency fluctuations;

 

political and other conditions in Israel that may limit our R&D activities;

 

49

 

 

increased competition or our ability to anticipate or effectively react to competitive challenges;

 

the ability of our brand development strategies to enhance our brand recognition;

 

our ability to achieve a smooth and cost effective CEO transition;

 

our ability to retain key personnel;

 

performance of our OEM partners, service providers and resellers;

 

our ability to successfully implement our contingency plan, if needed, and its ability to allow us to continue our operations and meet our cash obligations;

 

our ability to successfully estimate the impact of regulatory and litigation matters;

 

our ability to comply with applicable laws and regulations and the impact of changes in applicable laws and regulations, including tax legislation or policies;

 

economic, regulatory and political risks associated with our international operations;

 

the impact of cyber attacks or a security breach of our systems;

 

our ability to protect our brand name and intellectual property rights;

 

the impact of our controlling shareholder’s decisions, which may differ with respect to our strategic direction;

 

risks associated with our anticipated delisting from the TASE; and

 

our ability to successfully estimate the impact of certain accounting and tax matters, including the effect on our company of adopting certain accounting pronouncements.

 

The foregoing list of important factors does not include all such factors, nor necessarily present them in order of importance. In addition, you should consult other disclosures made by the Company (such as in our other filings with the SEC or in company press releases) for other factors that may cause actual results to differ materially from those projected by the Company. Please refer to Part I. Item 1A. Risk Factors, of this Annual Report for additional information regarding factors that could affect our results of operations, financial condition and liquidity.  Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of the date hereof. Except as required by applicable law, including the securities laws of the United States, we undertake no obligation to update or revise any forward-looking statements to reflect new information, future events or circumstances, or otherwise after the date hereof.

 

ITEM 8. FINANCIAL STATEMENTS AND SUPPLEMENTARY DATA

 

Financial statements and supplementary data are on pages F-1 through F-42.

 

ITEM 9. CHANGES IN AND DISAGREEMENTS WITH ACCOUNTANTS ON ACCOUNTING AND FINANCIAL DISCLOSURE

 

None.

 

ITEM 9A. CONTROLS AND PROCEDURES

 

Disclosure Controls and Procedures

 

As of December 31, 2018, we performed an evaluation under the supervision and with the participation of our management, including our Chief Executive Officer and Chief Financial Officer, of the effectiveness of the design and operation of our disclosure controls and procedures (as defined in Rules 13a-15(e) and 15d-15(e) of the Exchange Act). Our management recognizes that any controls and procedures, no matter how well designed and operated, can provide only reasonable assurance of achieving their objectives and our management necessarily applies its judgment in evaluating the cost-benefit relationship of possible controls and procedures. Based on this evaluation, our Chief Executive Officer and Chief Financial Officer concluded that our disclosure controls and procedures are effective as of December 31, 2018, to provide reasonable assurance that the information required to be disclosed in filings and submissions under the Exchange Act, is recorded, processed, summarized, and reported within the time periods specified by the SEC’s rules and forms, and that such information related to us and our consolidated subsidiary is accumulated and communicated to management, including the Chief Executive Officer and Chief Financial Officer, as appropriate to allow timely decisions about required disclosure.

 

50

 

 

Management’s Annual Report on Internal Control over Financial Reporting

 

Our management is responsible for establishing and maintaining adequate internal control over our financial reporting, as such term is defined in Rule 13a-15(f) under the Exchange Act. Our internal control over financial reporting system was designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles.

 

A company’s internal control over financial reporting includes those policies and procedures that (i) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (ii) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (iii) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements.

 

Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements and even when determined to be effective can only provide reasonable assurance with respect to financial statements. Also projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.

 

Our management assessed our internal control over financial reporting as of December 31, 2018. Our management based its assessment on criteria established in Internal Control- Integrated Framework (2013) issued by the Committee of Sponsoring Organization of the Treadway Commission. Based on this assessment, our management has concluded that, as of December 31, 2018, our internal control over financial reporting is effective.

 

This Annual Report does not include an attestation report of our independent registered public accounting firm regarding internal control over financial reporting. Management’s report was not subject to attestation by our independent registered public accounting firm pursuant to a provision under the Dodd-Frank Wall Street Reform and Consumer Protection Act which grants a permanent exemption for non-accelerated filers from complying with Section 404(b) of the Sarbanes-Oxley Act of 2002.

 

During the period covered by this Annual Report, there were no changes to our internal control over financial reporting that occurred during the year ended December 31, 2018 that have materially affected, or are reasonably likely to materially affect, our internal control over financial reporting.

 

51

 

 

PART III

 

ITEM 10. DIRECTORS, EXECUTIVE OFFICERS AND CORPORATE GOVERNANCE

 

Directors

 

The following table identifies our current directors, their ages and their respective positions.

 

Name   Age   Position with CYREN
         
Hila Karah (1)(2)(4)   50   Director
Lior Samuelson   70   CEO and Chairman of the Board
Todd Thomson (3)(4)   58   Lead Director
James Hamilton (1)(2)(3)(4)   55   Director
David  Earhart (1)(2)(3)(4)   57   Director
John Becker (1)(3)(4)   61   Director
Cary Davis   52   Director
Brian Chang (2)   37   Director
Lauren Zletz   32   Director
Rajveer Kushwaha   51   Director

 

Cary Davis, Brian Chang, Lauren Zletz and Rajveer Kushwaha are employees of an affiliate of Warburg Pincus.

 

(1) Member of the compensation committee.

 

(2) Member of nominating and governance committee.

 

(3) Member of the audit committee.

 

(4) Determined by the audit committee and the Board to be an independent director pursuant to Nasdaq Corporate Governance Listing Rule 5605(a)(2) and the Israeli Companies Law, 1999 (the “Companies Law”).

 

Lior Samuelson  joined the Board in August 2010 and has held the position of Chairman of the Board since December 2010. Mr. Samuelson became Chief Executive Officer at Cyren in December 2013. In February 2019, Mr. Samuelson announced that he intends to step down as CEO after transitioning his responsibilities to a successor to be identified in the future by the Board. During his extensive career, Mr. Samuelson has served as chairman, CEO and board member of companies in technology, telecommunications, financial services and management consulting, such as Deltathree (Nasdaq: DDDC), PricewaterhouseCoopers Securities and The Barents Group. Mr. Samuelson was previously a managing partner with KPMG and a senior manager at Booz Allen Hamilton. Mr. Samuelson holds both a B.A. and a M.A. in economics from Virginia Tech. We believe Mr. Samuelson is qualified to serve on our board of directors because of his longstanding service with us and his extensive experience serving on company boards and in senior leadership positions.

 

Hila Karah joined the Board in March 2008. Ms. Karah is an experienced board director and, since 2013, serves as an independent business consultant to private and public companies on strategy, operations, financing, regulatory and corporate governance. From November 2017 to September 2018, Ms. Karah was the executive chairperson of FloraFotonica Ltd., an Israeli Agro Tech startup. From 2006 until 2013, Ms. Karah was the chief investment officer of Eurotrust Ltd., a family office, where she focused primarily on investments in life science, internet and high-tech companies. Prior to joining Eurotrust, Ms. Karah served as a senior analyst at Perceptive Life Sciences Ltd., a New York-based hedge fund. Prior to her position at Perceptive, Ms. Karah was a research analyst at Oracle Partners Ltd., a healthcare-focused hedge fund based in Connecticut. Ms. Karah has served on the board of Intec Pharma Ltd. a specialty pharma company (Nasdaq: NTEC) since 2009 and the board of Dario Health Corp. (Nasdaq: DRIO) since 2014. She also serves on the board of several private companies. Ms. Karah has a BA in molecular and cell biology from the University of California, Berkeley, and has studied at the UCSB – UCSF Joint Medical Program. We believe Ms. Karah is qualified to serve on our board of directors because of her longstanding service with us, her investment career in high-tech companies and experience serving on public company boards.

 

52

 

 

Todd Thomson  joined the Board in November 2011 and has held the position of Lead Director since December 2015. Mr. Thomson has been the chairman of Dynasty Financial Partners since November 2016 and is also the founder and CEO of Headwaters Capital since April 2007. He served in top management positions at Citigroup, including CFO of the Company and CEO of the Global Wealth Management division. Prior to joining Citigroup, Todd Thomson held senior executive positions at GE Capital, Barents Group and Bain & Co. He was also a board member of Cordia Bancorp (Nasdaq: BVA) from 2010 to 2016 and of Bank of Virginia as well as chairman of the Wharton Leadership Advisory Board. Todd Thomson received his M.B.A, with Distinction, from the Wharton School of Business and his bachelor’s degree in economics from Davidson College. We believe Mr. Thomson is qualified to serve on our board of directors because of his longstanding service with us, his extensive experience serving on company boards and his extensive finance background.

 

James Hamilton  joined the Board in February 2012.  Mr. Hamilton has been Chief Executive Officer of Vitaltech Holdings since August 2018 and Chairman of Wedge Networks, a security solution company, since August 2015.  Mr. Hamilton is also the president of Valletta Capital, LLC since 2014. Mr. Hamilton has more than 25 years of leadership experience in senior executive roles across many highly successful high-tech companies. He brings proven success at building and leading high-potential, high growth companies from startup to IPO and often through acquisition. Mr. Hamilton was the CEO of Tipping Point, the renowned market leader in Intrusion Prevention Systems (IPS). Mr. Hamilton was also president of Click Security, and president of Efficient Networks, which also achieved a highly successful IPO and was later acquired by Siemens. He has also held various senior sales roles with multiple companies; most recently as SVP of worldwide sales and field operations at Cyan, Inc from March 2013 through August 2015. Mr. Hamilton is active in multiple venture capital, corporate, and charitable boards. We believe Mr. Hamilton is qualified to serve on our board of directors because of his longstanding service with us and his extensive leadership experience in senior executive roles across many highly successful high-tech companies.

 

David Earhart joined the Board as an External Director in July 2013. David Earhart is the President of One Identity, a Quest Software business, which was spun out of Dell Software and is backed by Francisco Partners and Elliott Management since December 2017. Previously, David was CEO of Core Security from July 2015 and served as SVP of Worldwide Field Operations for Damballa, a leading provider of advanced threat protection, from January 2013. In this role, he was responsible for record, triple-digit growth. Beginning in December 2006, David was SVP of Security (IAM) Field Operations at CA Technologies, where his team delivered 300% growth in the security business. Prior to that, David held leadership and executive positions at BMC Software and venture-backed companies within the sales, support and services functions. He holds a B.B.A. in Finance from Texas Tech University. We believe Mr. Earhart is qualified to serve on our board of directors because of his longstanding service with us and his extensive leadership experience in senior executive roles across many highly successful high-tech companies, including more than 20 years of security and systems management experience.

 

John Becker joined the Board as an External Director in April 2017. Mr. Becker has been a consultant since October 2013 and brings more than 30 years of security industry and technology experience and offers a lengthy record of growing highly successful companies. In addition to serving on numerous boards, he previously served as the Chief Executive Officer of Sourcefire, ScienceLogic, Approva, Cybertrust, Trusecure, and AXENT Technologies. Mr. Becker is a CPA and graduated from the Robins School of Business at the University of Richmond. We believe Mr. Becker is qualified to serve on our board of directors because of his extensive leadership experience in senior executive roles across many highly successful high-tech companies and his accounting background.

 

Cary Davis joined the Board in November 2017.  Mr. Davis is a Managing Director at Warburg Pincus, which he joined in 1994, and focuses on investments in the software and financial technology sectors. He also serves on the boards of several private companies. Prior to joining Warburg Pincus, he was Executive Assistant to Michael Dell at Dell Computer and a consultant at McKinsey & Company. Mr. Davis received a B.A. in economics from Yale University and an M.B.A. from Harvard Business School. We believe Mr. Davis is qualified to serve on our board of directors because of his investment career in high-tech companies and experience serving on company boards.

 

53

 

 

Brian Chang joined the Board in November 2017. Mr. Chang is a Managing Director at Warburg Pincus, which he joined in 2005 and returned in 2009.  Mr. Chang focuses on investments in the technology, software and financial technology sectors. He currently serves on the board of several private companies. Prior to joining Warburg Pincus, Mr. Chang worked at Merrill Lynch focusing on corporate finance and mergers and acquisitions transactions. Mr. Chang received a B.S. with Distinction in electrical engineering from Stanford University and an M.B.A. from the Stanford University Graduate School of Business. We believe Mr. Chang is qualified to serve on our board of directors because of his investment career in high-tech companies and experience serving on company boards.

 

Lauren Zletz joined the Board in May 2018. Ms. Zletz is a Vice President at Warburg Pincus, which she joined in 2015. Prior to joining Warburg Pincus, Lauren worked in private equity at Thomas H. Lee Partners from July 2011 to July 2013, and investment banking at Greenhill & Company from June 2009 to June 2011. Lauren focuses on investments in the technology, software, and internet sectors, and has served on the boards of several companies. Lauren received an A.B. in Social Studies from Harvard College and an M.B.A. from the Stanford Graduate School of Business. We believe Ms. Zletz is qualified to serve on our board of directors because of her investment career in high-tech companies and experience serving on company boards.

 

  Rajveer Kushwaha joined the Board in August 2018. Mr. Kushwaha is the Chief Technology Officer and a Managing Director at Warburg Pincus, which he joined in 2012. Mr. Kushwaha has over 25 years of experience in leading commercial software product development, strategic planning, technology operations, business transformation, ERP implementations, and process outsourcing initiatives at Fortune 500 companies in a variety of industries. Prior to joining Warburg Pincus, Mr. Kushwaha held senior management positions at Zimmer Holdings Inc., Dell Computer Corporation, First Data Corporation, Cummins Engine Company and Safway, Inc. He has been recognized as one of the top 100 IT innovators in the automotive/manufacturing industry, is the recipient of a CIO 100 innovation award and has filed numerous patents in the field of disruptive services technologies.  Mr. Kushwaha holds an M.S. in management of technology from MIT, an M.B.A. from the University of Wisconsin at Madison and Idaho State University; a B.S. in electrical engineering from India and completed the Advanced Management Program (AMP) from Harvard University. We believe that Mr. Kushwaha is qualified to serve on our board of directors because of his significant software and technical experience and his experience holding senior management positions in the high-tech industry.

 

Executive Officers

 

The following table identifies our current executive officers, their ages and their respective positions.

 

Name   Age   Position
         
Lior Samuelson   70   Chief Executive Officer
         
Atif Ahmed   45   Vice President Sales, EMEA
         
Boris Bogod   44   Vice President, Global Cloud Operations
         
Mickey DiPietro   54   Vice President Sales, Americas
         
Einat Glik   39   Vice President, Engineering
         
Lior Kohavi   48   Chief Technology Officer
         
Dan Maier   55   Vice President, Marketing
         
Eva Markowitz   44   Vice President, Human Resources
         
J. Michael Myshrall   49   Chief Financial Officer
         
Eric Spindel   42   Vice President, General Counsel and Corporate Secretary
         
Sigurdur Stefnisson   43   Vice President, Detection
         
Michael Tamir   45   Vice President, Global Support Services

 

54

 

 

Atif Ahmed joined Cyren in July 2016 and is responsible for overseeing sales, services, strategic channels and alliances in the Europe, Middle East and Africa (EMEA) region for Cyren, as well as driving additional business in new EMEA territories. With more than 20 years of experience in the security space, Ahmed most recently served in senior sales leadership positions at AppSense from January 2015 to July 2016, Websense from April 2011 to January 2015 and Check Point Software from June 2004 to June 2010. He also previously held sales management roles in the security business unit at Azlan and at Acer UK. Mr. Ahmed holds a holds a B.Sc. in Computing from the University West of England.

 

Boris Bogod joined Cyren in August 2017 and is responsible for the infrastructure and operation of Cyren’s global security cloud. He brings to the task over 20 years of experience deploying, managing and optimizing IT networks and the delivery of cloud services. Mr. Bogod joined Cyren from Sears Israel (subsidiary of SHC) where he served as Director of Operations and then Vice President of Operations from August 2010 to August 2017, and previously held senior operations and infrastructure management positions for several Web based companies including ICAP, Playtech and others. Mr. Bogod holds a B.Sc. in Industrial Engineering and Management (specialization in Information Systems) from Ben-Gurion University in the Negev.

 

Mickey DiPietro joined Cyren in March 2016 and manages Cyren’s global sales team, including Threat Intelligence Services and Enterprise Sales. A seasoned sales executive with a track record of success at global security leaders, Mr. DiPietro was originally hired to grow Cyren’s sales and channel organization and accelerate growth in North America, launching the company’s Austin, Texas office in the summer of 2016. Before joining Cyren, Mr. DiPietro was responsible for establishing and growing Zscaler’s mid-market sales organization from November 2014 to March 2016. Prior to that, he ran the mid-market sales organizations for Authentic8, Google, and Postini.

 

Einat Glik joined Cyren in April 2012 and is responsible for running Cyren’s global engineering team. Since joining Cyren in 2012, she has managed the product development of our WebSecurity and EmailSecurity services. Prior to joining Cyren, she oversaw product management and authentication with SafeNet and research and development activities with SanDisk. Ms. Glik holds a degree in Computer Science from the Academic College of Tel-Aviv-Yafo.

 

Lior Kohavi joined Cyren in June 2013 as Chief Technology Officer. Mr. Kohavi brings over 25 years of vast experience as an engineer, product and technology executive. Previously, Mr. Kohavi held multiple leadership roles, including business strategy architect and partner group manager at Microsoft, VP and GM at Websense, VP Engineering and EVP product management and strategy at Whale Communications (Microsoft acquired). Mr. Kohavi also served as a GM at Cylink VPN Labs and led the development of cryptographic network security products at Algorithmic Research (Cylink acquired) and served as head of the Israel Air Force’s Network and Operations Systems Department. Mr. Kohavi holds a B.A. degree in computer science from Bar-Ilan University and an Executive MBA from Tel Aviv University.

 

Dan Maier joined Cyren in November 2015 and is responsible for Cyren’s global marketing activities, including corporate marketing, product marketing, demand generation and public relations. He has more than two decades of experience in senior marketing roles in the technology sector, most recently serving as senior director of product marketing at Zscaler from September 2014 to November 2015. He previously held vice president of marketing positions at Tumbleweed, Convirture and DecisionView, among others. Mr. Maier holds a bachelor’s degree in economics from Stanford University and an MBA from UCLA.

 

Eva Markowitz , SPHR, SWP, SHRM-SCP, joined Cyren as Vice President Human Resources in October 2013. With more than 15 years of Human Resource leadership, Ms. Markowitz orchestrates the management and development of Cyren’s most valuable asset: its employees. She previously worked as Human Resources Director for the Analysis Research Planning Corporation (ARPC). She has also held positions with Thomas & Herbert Consulting, LLC, and SteelCloud. Ms. Markowitz received her B.A. from the University of Maryland.

 

55

 

 

J. Michael Myshrall joined Cyren in January 2011 serving as Vice President of Corporate Development and subsequently served as Vice President of Financial Planning & Analysis. Since March 2014, Mr. Myshrall has been the company’s Chief Financial Officer. Mr. Myshrall brings two decades of investment banking, business development and technology experience. Prior to joining Cyren, he focused on technology strategy, financial advisory and mergers and acquisitions, first with Mercator Capital and more recently with Trilos Ventures. Mr. Myshrall previously held various roles with Nortel, Newbridge Networks, Corvis, and Civcom. He holds a degree in electrical engineering from the University of New Brunswick and an MBA from Harvard Business School.

 

Eric Spindel joined Cyren in May 2016 as General Counsel and Corporate Secretary. Mr. Spindel is responsible for all legal, regulatory, compliance, and corporate governance functions for Cyren. Before joining Cyren, he was a partner at Yigal Arnon & Co., one of Israel’s leading law firms from September 2011 to April 2016. Mr. Spindel previously practiced corporate and securities law for a number of years at Skadden, Arps, Slate, Meagher & Flom LLP and Davies Ward Phillips & Vineberg LLP, and also served as internal counsel for a private equity firm. He received a joint JD/MBA degree from Osgoode Hall Law School/Schulich School of Business in Toronto, Canada.

 

Sigurdur Stefnisson joined Cyren in October 2012 through the acquisition of FRISK, and serves as Cyren’s Vice President of Detection. Mr. Stefnisson joined FRISK in 1996 and contributed to the development of numerous state-of-the-art cybersecurity innovations and has become an authority in the field of advanced threat protection. Mr. Stefnisson oversees all the Advanced Threat Lab and malware research, which is integral in our development of next-generation cybersecurity solutions. He is active in the global security community as a reporter for the Wildlist Organization and as a member of CARO (Computer Antivirus Research Organization) whose mission is to research and study malware.

 

Michael Tamir first joined Cyren in 2000 and is responsible for Cyren’s global support, deployment and customer success teams. He has previously served as director of security solutions, director of technical services, and director of professional services at Cyren over the past 13 years. Prior to joining the company, Michael spent six years in various system administrator and IT manager roles. Michael is based in Cyren’s Toronto office.

 

To the best of our knowledge, there are no arrangements or understandings with major shareholders, customers, suppliers or others pursuant to which any person referred to above was selected as a director or executive officer (other than Cary Davis, Brian Chang, Lauren Zletz and Rajveer Kushwaha, who were appointed in connection with the Private Placement to Warburg Pincus as described below). There are no family relationships among any of the directors or executive officers of Cyren.

 

CEO Transition

 

In February 2019, we announced that Mr. Samuelson intends to step down as CEO after transitioning his responsibilities to a successor to be identified in the future by the Board. For now, Mr. Samuelson is continuing in his roles as CEO and Chairman of the Board and is involved in the selection and on-boarding of his successor. The Board has engaged a leading executive search firm to assist with this search. Upon transitioning his responsibilities to the new CEO, Mr. Samuelson will continue to serve as Chairman of our Board. 

 

Corporate Governance

 

Code of Ethics

 

The Company, by way of Board resolution, has adopted a Code of Ethics applicable to our senior financial officers, including its principal executive, financial and accounting officers. The Code of Ethics is posted on the Company’s website at www.cyren.com, under the tab for “Corporate Governance”. We intend to provide disclosure of any amendments or waivers of our Code of Ethics on our website within four business days following the date of the amendment or waiver.

 

56

 

 

Audit Committee and Audit Committee Financial Expert

 

We currently have a standing audit committee. The audit committee’s duties include providing assistance to the Board in fulfilling its legal and fiduciary obligations in matters involving our accounting, auditing, financial reporting, internal control and legal compliance functions. In this respect the audit committee approves the services performed by our independent registered public accounting firm and reviews their reports regarding our accounting practices and systems of internal accounting controls. The audit committee also oversees the audits conducted by our independent registered public accounting firm and takes those actions as it deems necessary to confirm that the accountants are independent of management. Under the Companies Law, the responsibilities of the audit committee include identifying irregularities in the management of our business and approving related party transactions as required by law, classifying company transactions as extraordinary transactions or non-extraordinary transactions and as material or non-material transactions in which an officer has an interest (which will have the effect of determining the kind of corporate approvals required for such transaction), assessing the proper function of the company’s internal audit regime and determining whether its internal auditor has the requisite tools and resources required to perform his role and to regulate the company’s rules on employee complaints, reviewing the scope of work of the company’s independent accountants and their fees, and implementing a whistleblower protection plan with respect to employee complaints of business irregularities. The responsibilities of the audit committee under the Companies Law also include the following matters: (i) to establish procedures to be followed in respect of related party transactions with a controlling shareholder (where such are not extraordinary transactions), which may include, where applicable, the establishment of a competitive process for such transaction, under the supervision of the audit committee, or individual, or other committee or body selected by the audit committee, in accordance with criteria determined by the audit committee; and (ii) to determine procedures for approving certain related party transactions with a controlling shareholder, which were determined by the audit committee not to be extraordinary transactions, but which were also determined by the audit committee not to be negligible transactions.

 

Under the Nasdaq Listing Rules, an audit committee must consist of at least three directors meeting the independence standards under Nasdaq Listing Rules. The audit committee consists of David Earhart (chair), Todd Thomson, John Becker and James Hamilton. The Board has determined that each member of the audit committee meets the independence requirements under the Nasdaq Listing Rules and the enhanced independence standards for audit committee members required by the SEC. In addition, the Board has determined that Todd Thomson meets the requirements of an audit committee financial expert under SEC rules.

 

Compensation Committee

 

The compensation committee is responsible for (i) proposing executive officer compensation policy, including compensation for our NEOs, to the Board, (ii) proposing necessary revisions to the compensation policy and examining its implementation, (iii) determining whether to approve transactions with respect to compensation of officers, and (iv) determining, in accordance with our compensation policy, whether to exempt the compensation terms with an unaffiliated nominee for the position of chief executive officer from requiring shareholders’ approval, provided such terms meet with the Company’s compensation policy. The compensation committee is also responsible for administering the Company’s various stock option plans, including the issuance of option grants to employees of the Company and its subsidiaries.

 

The compensation committee consists of John Becker (chair), Hila Karah, James Hamilton and David Earhart. The Board has determined that each member of the compensation committee meets the independence requirements under Rule 5605(a)(2) of the Nasdaq Listing Rules.

 

Nominating and Governance Committee

 

The nominating and governance committee’s responsibilities include identifying individuals qualified to become board members and recommending director nominees to the board.

 

The nominating and governance committee consists of Hila Karah (chair), David Earhart, James Hamilton and Brian Chang.

 

Process for Shareholder Nominations

 

Pursuant to the provisions of the Companies Law and our Articles of Association, as amended, directors (other than External Directors (as defined in the Companies Law)) are elected by shareholders at the annual general meeting of the shareholders and hold office until the next annual general meeting following the annual general meeting at which such director is elected and until a successor is elected, or until the director is removed. An annual general meeting must be held at least once in every calendar year, but not more than 15 months after the preceding annual general meeting. Directors may be removed and other directors may be elected in their place or to fill vacancies in the Board at any time by the holders of a majority of the voting power at a general meeting of the shareholders. Until a vacancy is filled by the shareholders, the Board may appoint new directors temporarily to fill vacancies on the Board. Our Articles of Association authorize the shareholders to determine, from time to time, the number of directors.

 

57

 

 

Section 16(a) Beneficial Ownership Reporting Compliance

 

Effective January 1, 2019, we ceased to be a “foreign private issuer,” as defined in Rule 3b-4 under the Exchange Act, and our officers, directors, and persons who own 10% or more of our ordinary shares became subject to the requirements under Section 16(a) of the Exchange Act to file reports of ownership and changes in ownership on Forms 3, 4, and 5 with the SEC. Such persons were not subject to the reporting requirements of Section 16(a) prior to January 1, 2019. Therefore, there was no failure by any of our executive officers, directors and greater than 10% holders to timely file any report required to be filed under Section 16(a) with respect to the year ended December 31, 2018 or any preceding fiscal years. 

 

ITEM 11. EXECUTIVE COMPENSATION

 

Summary Compensation Table

 

The following table summarizes all compensation paid by us in the past two fiscal years to: (i) our Chief Executive Officer; (ii) our Chief Technology Officer; and (iii) our Vice President Sales, EMEA. We refer to the persons listed in (i) through (iii) collectively as our named executive officers or NEOs.

 

Name and Principal Position   Year   Salary     Bonus     Stock
Awards (1)
    Option
Awards (1)
    Non-Equity
Incentive Plan
Compensation
    All Other
Compensation (5)
    Total  
Lior Samuelson   2018     312,000       84,600 (2)     115,000       322,366 (3)     -       30,142       864,107  
Chief Executive Officer   2017     300,000       70,380       -       114,526       -       26,046       510,952  
Lior Kohavi   2018     248,562 (6)     341,052 (2)(6)     338,900       -       -       37,409 (6)     965,923  
Chief Technology Officer   2017     238,111       75,011     -       38,175       -       39,348       390,645  
Atif Ahmed   2018     191,835 (6)     -       46,000       -       303,164 (4)(6)     46,403 (6)     587,402  
Vice President Sales, EMEA   2017     193,394       -       -       -       193,868     48,179       435,441  

 

 

(1) The amounts shown represent the estimated aggregate grant date fair value of the awards made in each fiscal year relating to restricted stock units (“RSUs”) and options granted to the NEOs. The aggregate grant date fair value of these awards is computed in accordance with FASB ASC Topic 718. Assumptions used in determining the aggregate grant date fair value of RSU and option awards are set forth in Note 2 in our financial statements in our Annual Report on Form 20-F (for fiscal year 2017) and in Note 2 in our financial statements, which are included elsewhere in this Annual Report on Form 10-K (for fiscal year 2018). The stock awards represent the grant date fair value of awards to (i) Mr. Samuelson of 50,000 RSUs, (ii) Mr. Kohavi of 118,000 RSUs and (iii) Mr. Ahmed of 20,000 RSUs.   Each of the RSU grants vests in four equal annual installments beginning on January 25, 2019, except for 90,000 of the RSUs granted to Mr. Kohavi which vest in four equal annual installments beginning on September 20, 2019.

(2) These amounts represent bonuses earned by Mr. Samuelson and Mr. Kohavi during 2018 in accordance with their employment agreements and pursuant to the Company’s Executive Compensation Policy.
(3) This amount represents the grant date fair value of an award of 275,000 options to Mr. Samuelson, one quarter of which will vest and become exercisable on August 28, 2019. The remaining options will vest and become exercisable in equal monthly installments for the next 36 months thereafter.
(4) This amount represents commission earned in 2018 based on the achievement of pre-established sales targets.
(5) Includes Social Security & Medicare paid by the Company, pension fund, 401(k) match, severance pay fund, health insurance premiums, in the case of Mr. Kohavi, study fund, and in the case of Mr. Ahmed, car allowance.
(6) In the case of Mr. Ahmed, converted from British Pound to U.S. Dollars using currency ratio of 1.00 British Pound Sterling = 1.2789 U.S. Dollars as of December 31, 2018. In the case of Mr. Kohavi, converted from Israeli Shekel to U.S. Dollars using currency ratio of 1.00 Israeli Shekel = 0.2668 U.S. Dollars as of December 31, 2018

 

58  

 

 

The following table summarizes the compensation paid by us in the past two fiscal years to our next two most highly compensated officers. This information is included solely to comply with Israeli law which requires us to provide the compensation granted to our five most highly compensated officers during the past fiscal year.

 

Name and Principal Position   Year   Salary     Bonus     Stock
Awards (1)
    Option
Awards (1)
    Non-Equity
Incentive Plan
Compensation
    All Other
Compensation (5)
    Total  
J. Michael Myshrall   2018     260,125       99,888 (2)     69,000 (3)     -       -       45,586       474,600  
Chief Financial Officer   2017     247,234       79,038       -       38,175       -       40,294       404,741  
Mickey DiPietro   2018     200,000       -       46,000 (3)     -       141,905 (4)     31,811       419,716  
Vice President Sales, Americas   2017     181,987       -       -       38,175       135,790       30,728       386,681  

 

 

(1) The amounts shown represent the estimated aggregate grant date fair value of the awards made in each fiscal year relating to RSUs and options granted to the NEOs. The aggregate grant date fair value of these awards is computed in accordance with FASB ASC Topic 718. Assumptions used in determining the aggregate grant date fair value of RSU and option awards are set forth in Note 2 in our financial statements in our Annual Report on Form 20-F (for fiscal year 2017) and in Note 2 in our financial statements, which are included elsewhere in this Annual Report on Form 10-K (for fiscal year 2018).
(2) This amount represent a bonus earned by Mr. Myshrall during 2018 in accordance with his employment agreements and pursuant to the Company’s Executive Compensation Policy.
(3) This amount represents the grant date fair value of awards to (i) Mr. Myshrall of 30,000 RSUs and (ii) Mr. DiPietro of 20,000 RSUs, each of which vests in four equal annual installments.
(4) This amount represents commission earned in 2018 based on the achievement of pre-established sales targets.
(5) Includes Social Security & Medicare paid by the Company, pension fund, 401(k) match and health insurance premiums.

 

Executive Compensation Policy

 

On August 28, 2018, our shareholders approved the Cyren Executive Compensation Policy (the “Policy”), which had been recommended by the compensation committee and approved by the Board, for the Company’s directors and officers, in accordance with the requirements of the Companies Law. The Policy includes, among other matters prescribed by the Companies Law, a framework for establishing the terms of office and employment of the directors and officers and guidelines with respect to the structure of the variable pay of officers.

 

The Policy provides that the compensation package for officers shall generally consist of some or all of the following items:

 

  Fixed base salary;

 

  Performance-based rewards (Annual, Special and Signing Bonuses)

 

  Equity-based compensation;

 

  Social benefits; and

 

  Retirement and termination payment.

 

In particular, the Policy, (i) sets an annual cap of US$450,000 for the annual base salary for officers (including the CEO); (ii) sets an annual cap of 600% of the annual base salary on equity based compensation to current officers or a one-time grant of up to 5% of outstanding shares of the Company at the date of grant for new executive hires; and (iii) sets an annual cap of 200% of the annual base salary for performance based cash awards (which may include any combination of annual bonus, special bonus in recognition of outstanding contributions and/or signing bonus for new hires).

 

With respect to bonuses, the calculation for each officer is a product of the Company’s performance and individual performance and the Policy further provides that the majority of any cash bonus must be based on measurable criteria (i.e. financial measures or individual performance criteria while a smaller portion may be discretionary. Equity based compensation may be granted in any form permitted under our equity incentive plans, as in effect from time to time (collectively, the “Equity Incentive Plans”), including stock options and restricted stock units. Equity grants to officers shall be made in accordance with the terms of the Equity Incentive Plans.

 

59  

 

  

The Policy also includes a claw back provision which provides that officers will be required to refund any part of the annual performance-based bonuses paid based on financial results that are proven to be inaccurate and which are restated in the financial statements during the three years following the actual payment of the annual bonus, provided the officer is still employed by the Company upon publication of the restated financial statements.

 

The Company may indemnify, insure and exculpate the officers to the full extent permitted by applicable law from time to time, including by entering into indemnification, insurance and exculpation agreements, subject to the requisite approvals under applicable law.

 

Finally, the Policy provides that non-employee directors may be compensated up to the maximum pay allowable under Israeli law unless the Company’s shareholders approve higher compensation from time to time.

 

Our compensation committee will periodically review the Policy and monitor its implementation, and recommend to our Board and shareholders to amend the Policy as it deems necessary from time to time. The term of the Policy is three years as of the date of its adoption, during which, the Board is required to examine the Policy and revise it from time to time, if the circumstances under which it had been adopted have materially changed. Following such three year term, the Policy, including any revisions recommended by our compensation committee and approved by our Board, as applicable, will be brought once again to the shareholders for approval.

   

Employment Agreements; Termination and Change in Control Provisions

 

We have entered into employment agreements with each of our named executive officers. A summary of the material terms of our current employment arrangements with each of these officers is set forth below. The summaries below are qualified in their entirety by reference to the text of their employment agreements, which are filed with this Annual Report on Form 10-K.

 

Mr. Samuelson Letter Agreement

 

Pursuant to the terms of a letter agreement dated November 19, 2013 between the Company and Mr. Samuelson, he became our chief executive officer effective upon shareholder approval on December 23, 2013. In addition, Mr. Samuelson has served as Chairman of our Board since August 2010.

 

Under this letter agreement, Mr. Samuelson’s employment is on an at-will basis and can be terminated by either party upon 30 days’ advance written notice, except in the case of termination for “Good Cause”. Mr. Samuelson was entitled to the following compensation:

 

An initial annual base salary of $252,000, with any subsequent base salaries to be set in advance of the subsequent anniversaries of his start date;

 

Annual Management by Objectives (MBO) bonus of $90,000; and

 

A grant of 360,000 stock options under the Company’s stock option plan.

 

60  

 

 

In connection with his employment with our Company, Mr. Samuelson also signed a non-disclosure agreement and inventions assignment.

 

Mr. Samuelson’s letter agreement grants him certain rights upon termination of his employment. In connection with any termination other than for “Good Cause” or disability:

 

Mr. Samuelson’s severance payment will be a multiple of six times (6x) his monthly base salary at the time notice of termination was given, plus one half of the annual allotment of vacation days, payable within 45 days;

 

Mr. Samuelson will receive payment for the costs securing continued medical, dental and vision coverage through COBRA (or the relevant state equivalent, if applicable) for a period of up to six months following termination, subject to certain conditions, payable within 45 days;

 

Mr. Samuelson’s options that would have vested in the six months following termination will be accelerated and deemed vested;

 

Mr. Samuelson will be entitled to receive a pro rata payment of any bonuses earned, including the annual MBO bonus, for the part of the year he worked; and

 

The option exercise period for all of Mr. Samuelson’s stock options that are vested at the termination date will be extended to end on the 180 th calendar day following the termination date (but no later than the expiration date of the term of such options as set forth in the option agreement(s)).

 

Under Mr. Samuelson’s letter agreement, “Good Cause” means (i) an action by Mr. Samuelson involving a willful and wholly wrongful act; (ii) his being convicted of, or pleading guilty to, a felony; (iii) an intentional, material and substantial violation by Mr. Samuelson of a Company rule, regulation, policy or procedure; or (iv) a substantial and material neglect by Mr. Samuelson of his duties.

 

Mr. Kohavi Letter Agreement

 

Pursuant to the terms of a letter agreement dated May 16, 2013 between the Company and Mr. Kohavi, he became our Chief Technical Officer on June 1, 2013.

 

Under this agreement, Mr. Kohavi’s employment is on an at-will basis and can be terminated by either party upon 90 days’ advance written notice, except in the case of termination for “Good Cause”. Mr. Kohavi was entitled to the following compensation:

 

An annual base salary of 744,000 ILS;

 

Annual Management by Objectives (MBO) bonus in the amount of 30% of base salary;

 

A grant of 270,000 stock options under the Company’s stock option plan; and

 

Benefits including a study fund stipend in the amount of 7.5% of base salary.

 

In connection with his employment with our Company, Mr. Kohavi also signed a non-disclosure agreement and inventions assignment.

 

In connection with any termination of Mr. Kohavi’s employment other than for “Good Cause” or disability, he will receive his salary and the standard contractual social benefits he is entitled to receive during the notice period.

 

61  

 

 

Under Mr. Kohavi’s employment agreement, “Good Cause” means (i) a breach of the employment agreement committed by Mr. Kohavi; (ii) him acting in a dishonest and/or disloyal manner towards the Company; or (iii) him being convicted of an offense involving moral turpitude and/or any other offense whose circumstances, ethically, are such that the Company will be of the opinion that his continued employment will cause the Company damages.

 

Mr. Ahmed Letter Agreement

 

Pursuant to the terms of an employment contract dated June 29, 2016 between the Company and Mr. Ahmed, he became our Vice President, Sales - EMEA on July 11, 2016.

 

Under this agreement, Mr. Ahmed’s employment is on an at-will basis and can be terminated by either party upon 90 days’ advance written notice, except in the case of termination for “Good Cause”. Mr. Ahmed was entitled to the following compensation:

 

An annual base salary of £150,000, with any subsequent base salaries to be reviewed at the beginning of each calendar year;

 

Annual variable commission targets of £150,000 per year, based on the achievement of sales targets to be set annually;

 

A grant of 140,000 stock options under the Company’s stock option plan; and

 

Benefits including private medical insurance coverage of up to £19,200 per year, car allowance of £10,000 per year, and pension contribution of £5,000 per year.

 

In connection with his employment with our Company, Mr. Ahmed’s agreement also includes non-disclosure and inventions assignment undertakings.

 

Mr. Ahmed’s agreement grants him certain rights upon termination of his employment. In connection with any termination other than for “Good Cause” or disability:

 

Mr. Ahmed will receive his salary and the standard contractual social benefits he is entitled to receive during the notice period, whether he continues to perform his duties during the notice period or whether placed on ‘garden leave’ by the Company;

 

Under Mr. Ahmed’s employment agreement, “Good Cause” means (i) an action by Mr. Ahmed involving gross misconduct which affects the business of the Company; (ii) a serious or repeated breach by him of any provision of his employment agreement or a violation by him of a reasonable and lawful Company rule; (iii) him being negligent and incompetent in the performance of his duties, as reasonably determined by the Board; (iv) him being declared bankrupt or if he makes any arrangement with or for the benefit of his creditors or has a county court administration order made against him under the County Court Act 1984; (v) him being convicted of any criminal offence (other than an offence under any road traffic legislation in the United Kingdom or elsewhere for which a fine or non-custodial penalty is imposed); (vi) him becoming of unsound mind (which includes lacking capacity under the Mental Capacity Act 2005), or a patient under any statute relating to mental health; (vii) him no longer being able to work in the United Kingdom; (viii) him committing any fraudulent or dishonest acts or him acting in any manner which in the opinion of the Company brings or is likely to bring him or the Company into disrepute or is materially adverse to the interests of the Company; (ix) him committing a serious breach of any rules issued by the Company from time to time regarding its electronic communications systems.

 

62  

 

 

Equity Grant Agreements

 

In addition to the severance payments that would be payable under our existing employment agreements, our awards of options and RSUs to executive officers (and other employees) are subject to double trigger accelerated vesting upon a Change in Control. This means these awards are subject to accelerated vesting immediately upon a Change in Control if an officer’s employment is Involuntarily Terminated as a result of the Change in Control and not otherwise for Cause, or on the termination date if such Involuntary Termination occurs within twelve months following such Change in Control.

 

If the acquiring company assumes or substitutes the options in connection with the Change in Control, and the officer remains employed, 50% of the officer’s options will immediately vest and the remaining 50% will vest upon the earlier of (i) the one year anniversary of the Change in Control, provided the officer remains employed with the acquiring company; (ii) the original vesting date of the option; or (iii) an Involuntary Termination of the officer’s employment prior to such one year anniversary.

 

“Involuntary Termination” means termination by reason of the officer’s (i) involuntary dismissal or discharge by us other than for Cause or (ii) voluntary resignation following (a) a change in the officer’s position with us which materially reduces the officer’s duties and responsibility; (b) a reduction in the officer’s level of compensation by more than 10%; or (c) a relocation of the officer’s place of employment by more than 50 kilometers, provided and only if such change, reduction or relocation is effected without the officer’s consent.  

 

“Cause” means the officer’s (i) theft, dishonesty, willful misconduct, breach of fiduciary duty for personal profit, or falsification of any Participating Company (as defined in the 2016 Equity Incentive Plan) documents or records; (ii) material failure to abide by a Participating Company’s code of conduct or other policies; (iii) unauthorized use, misappropriation, destruction or diversion of any tangible or intangible asset or corporate opportunity of a Participating Company; (iv) intentional act which has a material detrimental effect on the Participating Company’s reputation or business; (v) repeated failure to perform any reasonable assigned duties after written notice from a Participating Company of, and a reasonable opportunity to cure, such failure; (vi) material breach of any employment, service, non-disclosure, non-competition, non-solicitation or other similar agreement between the officer and a Participating Company, which is not cured; or (vii) conviction (including any plea of guilty or nolo contendere ) of any criminal act involving fraud, dishonesty, misappropriation or moral turpitude, or which impairs the officer’s ability to perform his or her duties with a Participating Company.

 

“Change in Control” means the occurrence of any one or a combination of the following: (i) any person becomes the beneficial owner of 50% or more of the total fair market value or total combined voting power of our then-outstanding securities; provided, however, that a Change in Control shall not be deemed to have occurred if such beneficial ownership results from any of the following: (A) an acquisition by any person who on December 22, 2016 was the beneficial owner of more than fifty percent (50%) of such voting power, (B) any acquisition directly from us, including pursuant to or in connection with a public offering of securities, (C) any acquisition by us, (D) any acquisition by a trustee or other fiduciary under an employee benefit plan of a participating company or (E) any acquisition by an entity owned directly or indirectly by our stockholders in substantially the same proportions as their ownership of our voting securities; or (ii) (A) the direct or indirect sale or exchange by our stockholders of more than fifty percent (50%) of the total combined voting power of our then outstanding securities in a single or series of related transactions; (B) a merger or consolidation in which we are a party; or (C) the sale, exchange, or transfer of all or substantially all of our assets (other than a sale, exchange or transfer to one or more of our subsidiaries) (collectively, a “Transaction”) in which our stockholders immediately before the Transaction do not retain immediately after the Transaction direct or indirect beneficial ownership of more than fifty percent (50%) of the total combined voting power of our outstanding securities or the entity to which the assets of the Company were transferred, as the case may be; or (iii) a date specified by the compensation committee following approval by the stockholders of a plan of complete liquidation or dissolution of the Company; provided, however, that a Change in Control shall not include a transaction in which a majority of the members of the Board of the continuing, surviving or successor entity, or parent thereof, immediately after such transaction is comprised of incumbent directors. An incumbent director means a director who either (A) was a member of the Board on December 22, 2016, or (B) is elected, or nominated for election, to the Board with the affirmative votes of at least a majority of the incumbent directors at the time of such election or nomination.

 

63  

 

 

Retirement or Similar Benefit Plans

 

Israeli law generally requires employers to make contributions to employees’ pensions and the payment of severance pay upon the retirement or death of an employee or upon termination of employment by the employer or, in certain circumstances, by the employee. Additionally, a general practice in Israel followed by Cyren, although not legally required, is the contribution of funds on behalf of certain employees to an individual insurance policy known as “Managers’ Insurance.” This policy provides a combination of savings plan, insurance and severance pay benefits to the insured employee. It provides for payments to the employee upon retirement or death and secures a substantial portion of the severance pay, if any, to which the employee is legally entitled upon termination of employment. Each participating employee contributes an amount equal to 6% of such employee’s base salary, and we contribute between 12.5% and 14.83% of the employee’s base salary.

 

In the United States, Cyren offers employees the option to participate in the Company’s 401(k) program, which provides partial Company matching up to certain annual contribution limits. Employees can contribute up to the maximum IRS annual contribution limit, and the Company will provide a 50% matching contribution up to a maximum of 3% of an employee’s annual salary. The Company match portion is subject to a 4-year vesting period.

 

Employee Equity Incentive Plan

 

Employees, including executive officers and other management employees, participate in the Company’s employee option plans. On December 22, 2016, our shareholders approved a new stock option plan - the 2016 Equity Incentive Plan (the “Employee Plan”). This plan replaced all prior employee stock option plans which terminated.

 

The Employee Plan allows for the issuance of RSUs, as well as options. The options and RSUs generally vest over a period of four years but may have shorter vesting periods under certain circumstances. Options granted under the Employee Plan generally expire after six years from the date of grant. Options and RSUs cease vesting upon termination of the optionee’s employment or other relationship with the Company. The per share exercise price for options shall be no less than 100% of the fair market value per ordinary share on the date of grant. Any options and RSUs that are canceled or not exercised within the option term become available for future grant. 

 

All employee stock option plans are administered by the compensation committee. Subject to the provisions of the equity plans and applicable law, the compensation committee has the authority to determine, among other things, to whom options may be granted; the number of ordinary shares to which an option may relate; the exercise price for each share; the vesting period of the option and the terms, conditions and restrictions thereof, including accelerated vesting on change in control provisions; to amend provisions relating to such plans; and to make all other determinations deemed necessary or advisable for the administration of such plans.

 

Non-Employee Director Equity Incentive Plan

 

On December 22, 2016, our shareholders approved the 2016 Non-Employee Director Equity Incentive Plan (the “Non-Employee Plan”). This plan replaced all previous non-employee stock option plans which terminated. The Non-Employee Plan allows for the issuance of RSUs, as well as options. Each option and RSU granted under the Non-Employee Plan generally vests over a period of four years. Each option has an exercise price equal to the fair market value of the ordinary shares on the grant date of such option. Options granted under the Non-Employee Plan generally expire after six years from the date of grant. Options and RSUs cease vesting upon termination of the relationship with the Company, unless the terminated relationship is with a director who has served the Company for at least three years, and he has not resigned voluntarily or was not removed from the Board due to a failure to perform any of his/her duties to the Company, in which case all unvested options or RSUs would be subject to full accelerated vesting.

 

64  

 

 

Outstanding Equity Awards at Fiscal Year-End

 

The following table sets forth the outstanding equity awards at fiscal year-end, or December 31, 2018, for our named executive officers.

 

    Option Awards   Stock Awards  
    Number of Securities Underlying Unexercised Options     Option
Exercise
    Option
Expiration
  Number of
Shares or
Units of
Stock That
Have Not
    Market
Value of
Shares or
Units of
Stock That
Have Not
 
Name   Exercisable     Unexercisable     Price     Date   Vested    

Vested (1)

 
Lior Samuelson     360,000             $ 2.7177     12/24/2019     50,000 (2)   $ 150,000  
Chief Executive Officer     150,000               3.00     02/18/2021                
      28,797               1.44     02/10/2022                
      150,000               2.00     01/24/2023                
              275,000 (3)     2.90     08/28/2024                
Lior Kohavi     270,000               3.08     08/01/2019     28,000 (2)     84,000  
Chief Technology Officer     90,000               3.32     05/14/2020     90,000 (4)     270,000  
    80,000               3.00     02/18/2021                
      35,000               1.44     02/10/2022                
      50,000               2.00     01/24/2023                
Atif Ahmed     140,000               2.13     08/04/2022     20,000 (2)     60,000  
Vice President Sales,                                            
EMEA                                            

 

 

(1) The amounts in this column are based on the closing price of our ordinary shares on December 31, 2018 of $3.00.
(2) This amount reflects RSUs which vest in four equal annual installments beginning on January 25, 2019, subject to earlier vesting upon a change of control.
(3) This amount represents options, one quarter of which vest on August 28, 2019 and the remainder of which vest in equal monthly installments for the next 36 months thereafter, subject to earlier vesting upon a change of control.
(4) This amount reflects RSUs which vest in four equal annual installments beginning on September 20, 2019, subject to earlier vesting upon a change of control.

 

Director Compensation

 

Under the Companies Law, as amended, pursuant to Amendment 20 of the Companies Law, our directors can be paid for their services as directors to the extent such payments are in accordance with the compensation policy adopted by the Company after approval by the compensation committee, our Board and our shareholders by ordinary majority, or, if their compensation deviates from the compensation policy, after approval by the compensation committee, our Board and our shareholders by a special majority, provided that (i) the majority of the votes includes at least a majority of all the votes of shareholders who are not controlling shareholders of the Company or who do not have a personal interest in the compensation paid to the directors and participating in the vote or (ii) the total of opposing votes from among the shareholders described in subsection (i) above does not exceed 2% of all the voting rights in the company.

 

In 2018, the cash compensation paid to non-employee directors (other than Mr. Samuelson, our CEO and Chairman) was $7,500 per quarter and $15,000 for the Lead Director. Directors also are reimbursed for their expenses for each Board meeting attended. New non-employee directors are currently entitled to an initial grant of 50,000 options. Non-employee directors who are re-elected at the annual meeting of shareholders are entitled to additional grants of 10,000 RSUs, except for Mr. Samuelson, who was not entitled to additional compensation other than the compensation paid to him in his capacity as the Company’s CEO, and Mr. Thomson who is entitled to an annual grant of 20,000 RSUs in his capacity as Lead Director.

 

65  

 

 

The table below summarizes the compensation paid by us to our non-employee directors for services rendered in 2018.

 

Name   Fees
Earned or
Paid in
Cash
    Stock
Awards (1)(2)(5)
    Option Awards (1)     Total  
Hila Karah   $ 30,000     $ 25,000           $ 55,000  
Todd Thomson     60,000       50,000             110,000  
James Hamilton     30,000       25,000             55,000  
John Becker     30,000       25,000             55,000  
David Earhart     30,000       25,000             55,000  
Aviv Raiz (3)     15,000       25,000             40,000  
Cary Davis     30,000             43,138       73,138  
Brian Chang     30,000             43,138       73,138  
Lauren Zletz (4)     15,000             65,245       80,245  
Rajveer Kushwaha (4)     10,000             65,245       75,245  

 

 

(1) The amounts shown in these columns represent the estimated aggregate grant date fair value of the RSU and option awards granted to the non-employee directors in 2018. The aggregate grant date fair value of these awards is computed in accordance with FASB ASC Topic 718. Assumptions used in determining the aggregate grant date fair value of RSU and option awards are set forth in Note 2.r in our financial statements, which is included elsewhere in this Annual Report on Form 10-K.
(2) Each director, with the exception of Mr. Davis and Mr. Chang who joined our Board in November 2017 and Ms. Zletz and Mr. Kushwaha who joined our Board during 2018, received a grant on January 1, 2018 of 10,000 RSUs under our 2016 Non-Employee Director Equity Incentive Plan. Mr. Thompson, our Lead Director, received a grant of 20,000 RSUs. Mr. Davis and Mr. Chang each received a grant of 50,000 options on January 1, 2018, and Ms. Zletz and Mr. Kushwaha each received a grant of 50,000 options on August 28, 2018, upon joining our Board.
(3) Mr. Raiz’s term as a director ended on August 28, 2018, therefore, his cash compensation reflects his partial year of service on the Board.
(4) Ms. Zletz and Mr. Kushwaha joined our Board during 2018, therefore, they each received prorated annual cash compensation.
(5) The table below sets forth the aggregate number of RSUs and unexercised stock options outstanding at December 31, 2018 for each of our non-employee directors.

 

Name   Aggregate Number of RSUs Outstanding at
December 31,
2018
    Aggregate Number of Unexercised Stock Options Outstanding at
December 31,
2018
 
Hila Karah     10,000       50,001  
Todd Thomson     20,000       33,334  
James Hamilton     10,000       33,334  
John Becker     10,000       50,000  
David Earhart     10,000       83,334  
Cary Davis           50,000  
Brian Chang           50,000  
Lauren Zletz           50,000  
Rajveer Kushwaha           50,000  

 

66  

 

 

ITEM 12. SECURITY OWNERSHIP OF CERTAIN BENEFICIAL OWNERS AND MANAGEMENT AND RELATED STOCKHOLDER MATTERS

 

The following table sets forth certain information with respect to the beneficial ownership of our ordinary shares, as of February 28, 2019 (the “Reporting Date”), by (i) each person known to us to beneficially own more than 5% of our ordinary shares; (ii) our named executive officers for the fiscal year ended December 31, 2018; (iii) each director; and (iv) all of the executive officers and directors as a group. Except as shown in the table, no other person is known by us to beneficially own more than 5% of our outstanding ordinary shares. The percentage of shares beneficially owned is based on 54,217,357 ordinary shares outstanding as of February 28, 2019.

 

Name of Beneficial Owner (1)   Number of Ordinary Shares Beneficially Owned (2)     Percent (2)  
Holding more than 5%:            
WP XII Investments B.V. (3)     27,586,733       50.88 %
Yelin Lapidot Holdings Management Ltd. (4)     5,891,020       10.87 %
                 
Named Executive Officers and Directors:                
Lior Samuelson (5)     849,617       1.55 %
Lior Kohavi (6)     709,185       1.30 %
Atif Ahmed (7)     142,638       *  
Hila Karah (8)     121,432       *  
James Hamilton (9)     55,834       *  
Todd Thomson (10)     68,334       *  
David Earhart (11)     105,834       *  
John Becker (12)     52,500       *  
Cary Davis (13)(14)     27,602,358       50.90 %
Brian Chang (13)(15)     27,602,358       50.90 %
Lauren Zletz (16)     6,250       *  
Rajveer Kushwaha (13)(17)     27,592,983       50.89 %
Total of all Executive Officers and Directors as a Group (21 persons) (18)     31,309,113       54.57 %

 

 

* Less than one percent.
(1) Unless otherwise indicated, the address of each of the beneficial owners identified is c/o Cyren Inc., 1430 Spring Hill Road, Suite 330, McLean, VA 22102.
(2) The number and percentage of shares beneficially owned by each person has been determined in accordance with Rule 13d-3 of the Exchange Act. Pursuant to the rules of the SEC, the number of ordinary shares deemed outstanding includes ordinary shares issuable upon settlement of RSUs held by the respective person or group that will vest within 60 days of the Reporting Date and pursuant to options held by the respective person or group that are currently exercisable or may be exercised within 60 days of the Reporting Date. Unless otherwise indicated in the footnotes or table, each person or entity has sole voting and investment power with respect to the shares shown as beneficially owned.
(3) Based on a Form 3 as filed with the SEC on January 2, 2019. The stockholder is WP XII Investments B.V., a company incorporated in the Netherlands (“WP XII Investments”). WP XII Investments is wholly owned by WP XII Investments Cooperatief U.A., a company incorporated in the Netherlands (“WP XII Investments Cooperatief”), which is wholly owned by the “WP XII Funds”, which consists of (i) Warburg Pincus (Callisto) Private Equity XII (Cayman), L.P., a Cayman Islands exempted limited partnership; (ii) Warburg Pincus (Europa) Private Equity XII (Cayman), L.P., a Cayman Islands exempted limited partnership; (iii) Warburg Pincus (Ganymede) Private Equity XII (Cayman), L.P., a Cayman Islands exempted limited partnership; (iv) Warburg Pincus Private Equity XII-B (Cayman), L.P., a Cayman Islands exempted limited partnership; (v) Warburg Pincus Private Equity XII-D (Cayman), L.P., a Cayman Islands exempted limited partnership; (vi) Warburg Pincus Private Equity XII-E (Cayman), L.P., a Cayman Islands exempted limited partnership; (vii) Warburg Pincus XII Partners (Cayman), L.P., a Cayman Islands exempted limited partnership and (viii) WP XII Partners (Cayman), L.P., a Cayman Islands exempted limited partnership. Warburg Pincus LLC, a New York limited liability company (“WP LLC”) is the manager of the WP XII Funds and Warburg Pincus (Cayman) XII, L.P., a Cayman Islands exempted limited partnership (“WP XII Cayman GP”) is the general partner of each of the WP XII Funds. Warburg Pincus (Cayman) XII GP LLC, a Delaware limited liability company (“WP XII Cayman GP LLC”) is the general partner of WP XII Cayman GP. Warburg Pincus Partners II (Cayman), L.P., a Cayman Islands exempted limited partnership (“WPP II Cayman”) is the sole member of WP XII Cayman GP LLC. Warburg Pincus (Bermuda) Private Equity GP Ltd., a Bermuda exempted company, (“WP Bermuda GP”) is the general partner of WPP II Cayman. Charles R. Kaye and Joseph P. Landy are the Co-Chairmen and sole Directors of WP Bermuda GP, and the Managing Members and Co-Chief Executive Officers of WP LLC, and may be deemed to control the “Warburg Entities,” which consists of (i) WP Bermuda GP; (ii) WP XII Investments; (iii) WP XII Investments Cooperatief; (iv) the WP XII Funds; (v) WP LLC; (vi) WP XII Cayman GP; (vii) WP XII Cayman GP LLC and (viii) WPP II Cayman. Each of Messrs. Kaye and Landy and each Warburg Entity disclaims beneficial ownership with respect to any ordinary shares of the Company, except to the extent of its indirect pecuniary interest in such ordinary shares. WP XII Investments B.V. has shared power to vote or direct the vote with respect to all of the shares and shared power to dispose or direct the disposition of all of the shares. The address of the Warburg Entities, the WP XII Funds, Mr. Kaye and Mr. Landy is c/o Warburg Pincus & Co., 450 Lexington Avenue, New York, NY 10017.

 

67  

 

 

(4) Based on a Schedule 13G/A as filed with the SEC on January 14, 2019. As of December 31, 2018, these securities were beneficially owned as follows: (i) 5,880,365 Ordinary Shares beneficially owned by mutual funds managed by Yelin Lapidot Mutual Funds Management Ltd. and (ii) 10,655 Ordinary Shares beneficially owned by provident funds managed by Yelin Lapidot Provident Funds Management Ltd. The securities are beneficially owned by provident funds managed by Yelin Lapidot Provident Funds Management Ltd. and/or mutual funds managed by Yelin Lapidot Mutual Funds Management Ltd. (the “Subsidiaries”), each a wholly-owned subsidiary of Yelin Lapidot Holdings Management Ltd. (“Yelin Lapidot Holdings”). Dov Yelin and Yair Lapidot each own 24.38% of the share capital and 25.004% of the voting rights of Yelin Lapidot Holdings. Any economic interest or beneficial ownership in any of these securities is held for the benefit of the members of the provident funds or mutual funds, as the case may be. Each of Messrs. Yelin and Lapidot, Yelin Lapidot Holdings, and the Subsidiaries disclaims beneficial ownership of any these securities. Yelin Lapidot Holdings has shared power to vote or direct the vote with respect to all of the shares and shared power to dispose or direct the disposition of all of the shares. The address of Messrs. Yelin and Lapidot, Yelin Lapidot Holdings, and the Subsidiaries is 50 Dizengoff St., Dizengoff Center, Gate 3, Top Tower, 13th floor, Tel Aviv 64332, Israel.
(5) This amount includes 688,797 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date. This amount excludes (i) 37,500 RSUs that have not yet vested and (ii) 275,000 shares issuable upon exercise of options that have not yet vested.
(6) This amount includes 525,000 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date. This amount excludes 169,366 RSUs that have not yet vested. Of the ordinary shares beneficially owned by Mr. Kohavi, (i) 24,524 ordinary shares are held by his wife and (ii) 150,000 ordinary shares are held by three trusts for the benefit of Mr. Kohavi’s children, for which Mr. Kohavi serves as trustee.
(7) This amount includes 140,000 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date. This amount excludes 73,366 RSUs that have not yet vested.
(8) This amount includes 50,001 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date. This amount excludes 17,500 RSUs that have not yet vested.
(9) This amount includes 33,334 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date. This amount excludes 17,500 RSUs that have not yet vested.
(10) This amount includes 33,334 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date. This amount excludes 35,000 RSUs that have not yet vested.
(11) This amount includes 83,334 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date. This amount excludes 17,500 RSUs that have not yet vested.
(12) This amount includes 50,000 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date. This amount excludes 17,500 RSUs that have not yet vested.
(13) Each of Messrs. Davis, Chang and Kushwaha (each, a “Warburg Director”) is an indirect beneficial owner of WP Bermuda GP, and a Member and Managing Director of WP LLC. 27,586,733 of the shares indicated as held by each of the Warburg Directors are included because of his affiliation with the Warburg Entities and the WP XII Funds. See footnote (3) above for additional information. Each Warburg Director disclaims beneficial ownership of all shares owned by the Warburg Entities and the WP XII Funds except to the extent of any indirect pecuniary interest therein. Each of the Warburg Directors has shared power to vote or direct the vote with respect to all of the shares and shared power to dispose or direct the disposition of all of the shares. The address of each Warburg Director is c/o Warburg Pincus & Co., 450 Lexington Avenue, New York, NY 10017.
(14) This amount includes 15,625 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date. This amount excludes (i) 34,375 options and (ii) 10,000 RSUs that have not yet vested.
(15) This amount includes 15,625 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date. This amount excludes (i) 34,375 options and (ii) 10,000 RSUs that have not yet vested.
(16) This amount includes 6,250 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date. This amount excludes (i) 43,750 options and (ii) 10,000 RSUs that have not yet vested. The address of Ms. Zletz (also a Warburg Director) is c/o Warburg Pincus & Co., 450 Lexington Avenue, New York, NY 10017.
(17) This amount includes 6,250 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date. This amount excludes (i) 43,750 options and (ii) 10,000 RSUs that have not yet vested.
(18) This amount includes an aggregate of 3,588,106 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date exercisable. There are no RSUs that will vest within 60 days after the Reporting Date.

 

68  

 

 

Equity Compensation Plans

 

The following table gives information about Cyren’s ordinary shares that may be issued under Cyren’s existing equity compensation plans as of December 31, 2018:

 

Plan Category   Number of
securities to be
issued upon
exercise of
outstanding
options and RSUs
   

Weighted-
average exercise
price of
outstanding
options (1)

    Number of
securities
remaining
available for future
issuance
under equity
compensation
plans (excluding
securities
reflected in
the first column)
 
2016 Equity Incentive Plan     6,636,645     $ 2.19       1,755,919  
2016 Non-Employee Director Equity Incentive Plan     543,337     $ 2.11       270,214  
Total     7,179,982     $ 2.19       2,026,133  

 

 

(1) Reflects the weighted-average exercise price of outstanding options only, because there is no exercise price associated with the vesting of RSUs.

 

ITEM 13. CERTAIN RELATIONSHIPS AND RELATED TRANSACTIONS, AND DIRECTOR INDEPENDENCE

 

Certain Relationships and Related Transactions

 

Under applicable Nasdaq Listing Rules, all related person transactions must be approved by our audit committee or another independent body of the Board. Current SEC rules define transactions with related persons to include any transaction, arrangement or relationship (i) in which the company is a participant, (ii) in which the amount involved exceeds $120,000 (or, in the case of a smaller reporting company, the lesser of $120,000 or one percent of the average of the company’s total assets at year-end for the last two completed fiscal years), and (iii) in which any executive officer, director, director nominee, beneficial owner of more than 5% of the company’s common stock, or any immediate family member of such persons has or will have a direct or indirect material interest. All directors must recuse themselves from any discussion or decision in which they may have a conflict (i.e. matters affecting their personal, business or professional interests). In addition, pursuant to the Companies Law, certain related party transactions, including (i) engagements with our officers, (ii) engagements with our controlling shareholder, and (iii) substantial private placements, require the approval of our audit or compensation committee, board of directors and shareholders.

 

Except as set forth below, since January 1, 2017, we have not had any relationships or transactions with any of our executive officers, directors, beneficial owners of more than 5% of our ordinary shares or any immediate family member of such persons that were required to be reported pursuant to Item 404(a) of Regulation S-K.

 

Private Placement and Registration Rights Agreement

 

On November 6, 2017, Warburg Pincus acquired approximately 10.6 million ordinary shares from us for $1.85 per share, representing gross proceeds of approximately $19.6 million to us. As a result of the Private Placement, Warburg Pincus became the owner of approximately 21.3% of our outstanding share capital. In connection with this offering, we also agreed to grant certain registration rights to Warburg Pincus. On December 25, 2017, Warburg Pincus completed a special tender offer in which it purchased 16,991,212 ordinary shares of the Company and, therefore, became the owner of a total of 27,586,733 ordinary shares.

 

69  

 

 

Director Independence

 

Each year, the Board undertakes a review of director independence, which includes a review of each director’s responses to questionnaires asking about any relationships with us. This review is designed to identify and evaluate any transactions or relationships between a director or any member of his or her immediate family and us, or members of our senior management or other members of our Board, and all relevant facts and circumstances regarding any such transactions or relationships. Consistent with these considerations, our Board has affirmatively determined that all of our non-employee directors, who are listed below, are “independent directors” pursuant to Nasdaq Listing Rule 5605(a)(2):

 

Hila Karah
     
Todd Thomson
     
James Hamilton
     
David Earhart
     
John Becker

 

The Companies Law requires Israeli companies with shares that have been offered to the public in or outside of Israel to appoint at least two External Directors, unless certain conditions are met by the company pursuant to the Israeli Companies Regulations (Relief for Companies Whose Shares are Registered for Trading Outside of Israel) – 2000 (the “Relief Regulations”), as further detailed below. According to the Companies Law, no person may be appointed as an External Director if the person or the person’s relative, partner, employer or any entity under the person’s control has or had, on or within the two years preceding the date of the person’s appointment to serve as External Director, any affiliation with the company or any entity controlling, controlled by or under common control with the company. The External Directors are John Becker and David Earhart. The term affiliation includes:

 

an employment relationship;
     
a business or professional relationship maintained on a regular basis;
     
control; and
     
service as an officer or director.

 

The Israeli Minister of Justice, in consultation with the Israeli Securities Authority, may determine that certain matters will not constitute an affiliation, and has issued certain regulations with respect thereof. In addition, pursuant to provisions of the Companies Law, a business or professional relationship maintained on a regular basis will not constitute affiliation if the relationship commenced after the appointment of the External Director for office, the company and the External Director consider the relationship to be negligible and the audit committee approved, based on information presented to it, that the relationship is negligible, and the External Director declared that he did not know and could not have reasonably known about the formation of the relationship and has no control over their existence or termination.

 

If the company does not have a controlling shareholder or a shareholder who holds company shares entitling him to vote at least 25% of the votes in a shareholders meeting, then the company may not appoint as an External Director any person or such person’s relative, partner, employer or any entity under the person’s control, who has or had, on or within the two years preceding the date of the person’s appointment to serve as External Director, any affiliation with the Chairman of the Board, Chief Executive Officer, a substantial shareholder who holds at least 5% of the issued and outstanding shares of the company or voting rights which entitle him to vote at least 5% of the votes in a shareholders meeting, or the Chief Financial Officer.

 

No person may serve as an External Director if the person’s position or other business activities create, or may create, a conflict of interest with the person’s responsibilities as an External Director or may otherwise interfere with the person’s ability to serve as an External Director. Additionally, no person may serve as an External Director if the person, the person’s relative, spouse, employer or any entity controlling or controlled by the person, has a business or professional relationship with someone with whom affiliation is prohibited, even if such relationship is not maintained on a regular basis, excepting negligible relationships, or if such person received from the company any compensation as an External Director in excess of what is permitted by the Companies Law. If, at the time External Directors are to be appointed, all current members of the Board who are not controlling shareholders or relatives of such shareholders are of the same gender, then at least one External Director must be of the other gender. Under the Companies law, at least one of the External Directors is required to have “financial and accounting expertise,”, and the other External Director or Directors are required to have either “professional expertise,” or “financial and accounting expertise”, all as defined under the Companies Law. However, if at least one of our other directors (i) meets the independence requirements under the Securities Exchange Act of 1934, as amended, or (ii) meets the standards of the Nasdaq Listing Rules for membership on the audit committee, and (iii) has accounting and financial expertise as defined under Israeli law, then neither of our External Directors is required to possess accounting and financial expertise as long as both possess other requisite “professional expertise”.

 

70  

 

 

A director can satisfy the requirements of having “financial and accounting expertise” if due to his or her education, experience and qualifications he or she has acquired expertise and understanding in business and accounting matters and financial statements, in a manner that allows him or her to understand, in depth, the company’s financial statements and to spur a discussion regarding the manner in which the financial data is presented.

 

A public company’s board of directors must evaluate the proposed External Director’s expertise in finance and accounting, by considering, among other things, such candidate’s education, experience and knowledge in the following: (i) accounting and auditing issues typical to the field in which the company operates and to companies of a size and complexity similar to such company; (ii) the company’s independent public accountant’s duties and obligations; (iii) preparation of the company’s consolidated financial statements and their approval in accordance with the Companies Law and the Israeli Securities Law - 1968.

 

A director is deemed to have “professional expertise” if he or she meets any of the following criteria: (i) has an academic degree in any of the following professions: economics, business administration, accounting, law or public administration; (ii) has a different academic degree or has completed higher education in a field that is the company’s main field of operations, or a field relevant to his or her position; or (iii) has at least five years’ experience in any of the following, or has at least a cumulative total of at least five years’ experience in any two of the following: (A) a senior position in the business management of a corporation with a significant extent of business, (B) a senior public position or a senior position in public service, or (C) a senior position in the company’s main field of operations. As with a candidate’s expertise in finance and accounting, the board of directors here too must evaluate the proposed External Director’s “professional qualification” in accordance with the criteria set forth above.

 

The declaration required by law to be signed by a candidate to serve as External Director must include a statement by such candidate concerning his or her education and experience, if relevant, in order that the Board may properly evaluate whether such candidate meets the requirements of having “financial and accounting expertise” or having “professional expertise” as set forth in the regulations. Additionally, the candidate should submit documents and certificates that support the statements set forth in the declaration.

 

External Directors are to be elected by a majority vote at a shareholders’ meeting, provided that either:

 

such majority includes a majority of the shares held by non–controlling shareholders and shareholders who have no personal interest in the election of the External Directors (excluding a personal interest that is not related to a relationship with the controlling shareholders) who are present and voting at the meeting; or
     
the total number of shares held by non–controlling shareholders and disinterested shareholders voting against the election of the director at the meeting does not exceed two percent of the aggregate voting rights in the company.

 

The initial term of an External Director is three years and may be extended for up to two additional periods of three years each. However, under regulations promulgated pursuant to the Companies law, companies whose shares are listed for trading on specified exchanges outside of Israel, including the Nasdaq Global Select, Global and Capital markets, may propose that an External Director be reelected by the shareholders for such additional periods, beyond the initial three terms, of up to three years each only if (1) the audit committee and the Board, in nominating the External Director, confirms that, in light of the External Director’s expertise and special contribution to the work of the board of directors and its committees, the reelection for such additional period(s) is beneficial to the company, (2) the election was approved by the majority of shareholders required to appoint External Directors for their initial term and (3) the term during which the nominee has served as an external director and the reasons given by the audit committee and board of directors for extending his or her term of office having been presented to the shareholders prior to their approval.

 

External Directors may be re-elected for additional terms of three years each as set forth above, provided that with respect to the appointment for each such additional three-year term, one of the following has occurred: (i) the reappointment of the External Director has been proposed by one or more shareholders holding together 1% or more of the aggregate voting rights in the company and the appointment was approved at the general meeting of the shareholders by a simple majority, provided that: (1)(x) in calculating the majority, votes of controlling shareholders or shareholders having a personal interest in the appointment as a result of an affiliation with a controlling shareholder and abstentions are disregarded and (y) the total number of shares of shareholders who do not have a personal interest in the appointment as a result of an affiliation with a controlling shareholder and/or who are not controlling shareholders, present and voting in favor of the appointment exceed 2% of the aggregate voting rights in the company, and (2) the External Director who has been nominated in such fashion is not a linked or competing shareholder, and does not have or has not had, on or within the two years preceding the date of such person’s appointment to serve as another term as External Director, any affiliation with a linked or competing shareholder. The term “linked or competing shareholder” means either the shareholder(s) who nominated the external director for reappointment or a material shareholder of the company holding more than 5% of the shares in the company, provided that at the time of the reappointment, such shareholder(s) of the company, the controlling shareholder of such shareholder(s) of the company, or a company under such shareholder(s) of the company’s control, has a business relationship with the company or are competitors of the company; the Israeli Minister of Justice, in consultation with the Israeli Securities Authority, may determine that certain matters will not constitute a business relationship or competition with the company; (ii) the reappointment of the External Director has been proposed by the board of directors and the appointment was approved by the majority of shareholders required for the initial appointment of an External Director or (iii) the External Director has proposed himself for reappointment and the appointment was approved by the majority of shareholders required under Section (i) above.

 

71  

 

 

External Directors may be removed only by the same percentage of shareholders as is required for their election, or by a court, and then only if the External Director ceases to meet the statutory qualifications for their appointment or if they violate their fiduciary duty to the company. Each committee of a company’s board of directors which has been granted any authority normally reserved for the board of directors must include at least one External Director provided, however that each of the audit committee and the compensation committee, which are statutorily required under the Companies Law, must include all External Directors.

 

An External Director is entitled to compensation as provided in the regulations adopted under the Companies Law and is otherwise prohibited from receiving any other compensation, directly or indirectly, in connection with service provided as an External Director.

 

ITEM 14. PRINCIPAL ACCOUNTING FEES AND SERVICES

 

Kost, Forer, Gabbay & Kasierer, a member of Ernst & Young Global (“EY Global”), has served as our independent registered public accounting firm for each of the fiscal years in the two-year period ended December 31, 2018, for which audited financial statements appear in this Annual Report. The following table presents the aggregate fees for audit and other services provided by Kost, Forer, Gabbay & Kasierer, a member of EY Global, and other members of EY Global during the years ended December 31, 2018 and 2017:

 

    Year ended
December 31,
 
(in thousands)   2018
Fees
    2017
Fees
 
             
Audit Fees (1)   $ 215     $ 192  
Audit-Related Fees     -       -  
Tax Fees (2)     8       8  
All Other Fees     -       -  
Total   $ 223     $ 200  

 

 

(1) Audit fees consist of fees billed for the annual audit services engagement and other audit services, which are those services that only the independent registered public accounting firm can reasonably provide, and include the group audit including statutory audits; consents; and assistance in connection with documents filed with the SEC.
(2) Tax fees are for professional services rendered by our auditors for tax compliance, tax advice on actual or contemplated transactions, tax consulting associated with international transfer prices and global mobility of employees.

 

Audit Committee Pre-approval Policies and Procedures

 

Below is a summary of our current policies and procedures:

 

The main role of the Company’s audit committee is to assist the Board in fulfilling its responsibility for oversight of the quality and integrity of the accounting, auditing and reporting practices of the Company. The audit committee oversees the appointment, compensation, and oversight of the Company’s independent registered public accounting firm engaged to prepare or issue an audit report on the financial statements of the Company. The audit committee’s specific responsibilities in carrying out its oversight role include the approval of all audit and non-audit services to be provided by the external auditor, the quarterly review of the firm’s non-audit services and related fees and the potential impact of such services on auditor independence. These services may include audit services, audit-related services, tax services and other services, as described above. It is the policy of the audit committee to approve in advance the particular services or categories of services to be provided to the Company periodically. Additional services may be pre-approved by the audit committee on an individual basis during the year. The audit committee did not avail itself of section (c)(7)(i)(C) of Rule 2-01 of Regulation S-X during 2018, which allows for an exemption from the pre-approval process under certain limited circumstances. Consistent with these policies and procedures, the audit committee approved all of the services rendered by Kost, Forer, Gabbay & Kasierer, a member of EY Global, and other members of EY Global during fiscal year 2018, as described above.

 

72  

 

 

PART IV

 

ITEM 15. EXHIBITS, FINANCIAL STATEMENT SCHEDULES

 

(a) Documents filed as part of this report:

 

(1) Financial Statements

 

See Item 8 for Financial Statements included with this Annual Report.

 

(2) Financial Statement Schedules

 

None

 

(3) Exhibits

 

       

Incorporated by Reference

Exhibit No.   Exhibit Description   Form   Period Covered or Date of Filing
3.1   Memorandum of Association of the Company.   F-1
(333–78531)
  06/03/99
3.2   Amended and Restated Articles of Association of the Company, as amended on August 28, 2018.   F-3   09/21/2018
10.1   2016 Non-Employee Director Equity Incentive Plan.†   6-K   11/17/2016
10.2   2016 Equity Incentive Plan.†   6-K   11/17/2016
10.3  

Form of Notice of Grant under the 2016 Equity Incentive Plan†*

       
10.4   Form of Notice of Grant under the Non-Employee Director 2016 Equity Incentive Plan†*        
10.5   Summary of Director Compensation.   20-F   Year ended December 31, 2012
10.6   The Executive Compensation Policy of the Company, as approved in August 2018.   6-K   07/02/2018
10.7   Form of Convertible Note.*        
10.8   Securities Purchase Agreement dated November 6, 2017 between Cyren Ltd. and WP XII Investments BV.   20-F   Year ended December 31, 2017
10.9   Registration Rights Agreement dated November 6, 2017 between Cyren Ltd. and WP XII Investments BV.   20-F   Year ended December 31, 2017
10.10   Form of Indemnification Agreement†   6-K   07/02/2018
10.11   Offer Letter dated November 19, 2013 between Commtouch Inc. and Lior Samuelson. †*        
10.12   Translation of Employment Contract dated May 16, 2013 between Commtouch Ltd. and Lior Kohavi. †*        
10.13   Employment Contract dated June 29, 2016 between Cyren GmbH and Atif Ahmed. †*        
21   List of Subsidiaries of the Company.*        
23.1   Consent of Kost, Forer, Gabbay & Kasierer, independent registered public accounting firm.*        
31.1   Certification of Company’s Principal Executive Officer Pursuant to Exchange Act Rule 13a-14(a) or 15d-14(a).*        
31.2   Certification of Company’s Principal Financial Officer Pursuant to Exchange Act Rule 13a-14(a) or 15d-14(a).*        
32.1   Certification of Company’s Principal Executive Officer and Principal Financial Officer Pursuant to 18 U.S.C. 1350. **        
101   The following materials from our Annual Report on Form 10-K for the year ended December 31, 2018 formatted in XBRL (eXtensible Business Reporting Language): (i) the Consolidated Balance Sheets, (ii) the Consolidated Statements of Operations, (iii) the Consolidated Statements of Comprehensive Loss, (iv) the Statements of Changes in Shareholders’ Equity, (v) the Consolidated Statements of Cash Flows and (vi) the Notes to Consolidated Financial Statements, tagged as blocks of text and in detail.*        

 

 

Management contract or compensatory plan or arrangement.
* Filed herewith.
** Furnished herewith.

 

ITEM 16. FORM 10-K SUMMARY

 

None.

 

73  

 

 

SIGNATURES

 

Pursuant to the requirements of Section 13 or 15(d) of the Securities Exchange Act of 1934, the Registrant has duly caused this report to be signed on its behalf by the undersigned, thereunto duly authorized.

 

  Cyren Ltd.
     
  By: /s/ Lior Samuelson
    Lior Samuelson
    Chairman of the Board and
Chief Executive Officer
     
  Date: March 28, 2019

 

Pursuant to the requirements of the Securities Exchange Act of 1934, this report has been signed below by the following persons on behalf of the Registrant and in the capacities and on the dates indicated.

 

Signature   Title   Date
         
/s/ Lior Samuelson   Chairman of the Board and Chief Executive Officer   March 28, 2019
Lior Samuelson   (Principal Executive Officer)    
         
/s/ J. Michael Myshrall   Chief Financial Officer   March 28, 2019
J. Michael Myshrall   (Principal Financial and Accounting Officer)    
         
/s/ Hila Karah   Director   March 28, 2019
Hila Karah        
         
/s/ Todd Thomson   Director   March 28, 2019
Todd Thomson        
         
/s/ James Hamilton   Director   March 28, 2019
James Hamilton        
         
/s/ David Earhart   Director   March 28, 2019
David Earhart        
         
/s/ John Becker   Director   March 28, 2019
John Becker        
         
/s/ Cary Davis   Director   March 28, 2019
Cary Davis        
         
/s/ Brian Chang   Director   March 28, 2019
Brian Chang        
         
/s/ Rajveer Kushwaha   Director   March 28, 2019
Rajveer Kushwaha        
         
/s/ Lauren Zletz   Director   March 28, 2019
Lauren Zletz        

 

74  

 

 

CYREN LTD. AND ITS SUBSIDIARIES

 

CONSOLIDATED FINANCIAL STATEMENTS

 

AS OF DECEMBER 31, 2018

 

U.S. DOLLARS IN THOUSANDS

 

INDEX

 

    Page
     
Report of Independent Registered Public Accounting Firm   F-2
     
Consolidated Balance Sheets   F-3 - F-4
     
Consolidated Statements of Operations   F-5
     
Consolidated Statements of Comprehensive Loss   F-6
     
Statements of Changes in Shareholders’ Equity   F-7
     
Consolidated Statements of Cash Flows   F-8 - F-9
     
Notes to Consolidated Financial Statements   F-10 - F-42

 

 

- - - - - - - - - - - - - - - - - - - -

 

F- 1

 

 

CYREN LTD. AND ITS SUBSIDIARIES

 

Kost Forer Gabbay & Kasierer
144 Menachem Begin Road, Building A
Tel-Aviv 6492102, Israel
  Tel: +972-3-6232525
Fax: +972-3-5622555
ey.com

 

REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM

 

To the Shareholders and Board of Directors of

 

CYREN LTD.

 

Opinion on the Financial Statements

 

We have audited the accompanying consolidated balance sheets of Cyren Ltd. and its subsidiaries (the “Company”) as of December 31, 2018 and 2017, the related consolidated statements of operations, comprehensive loss, shareholders’ equity and cash flows for each of the two years in the period ended December 31, 2018, and the related notes (collectively referred to as the “Consolidated Financial Statements”). In our opinion, the consolidated financial statements present fairly, in all material respects, the financial position of the Company at December 31, 2018 and 2017, and the results of its operations and its cash flows for each of the two years in the period ended December 31, 2018, in conformity with U.S. generally accepted accounting principles.

 

Basis for Opinion

 

These financial statements are the responsibility of the Company’s management. Our responsibility is to express an opinion on the Company’s financial statements based on our audits. We are a public accounting firm registered with the Public Company Accounting Oversight Board (United States) (PCAOB) and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.

 

We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether due to error or fraud. The Company is not required to have, nor were we engaged to perform, an audit of its internal control over financial reporting. As part of our audits we are required to obtain an understanding of internal control over financial reporting but not for the purpose of expressing an opinion on the effectiveness of the Company’s internal control over financial reporting. Accordingly, we express no such opinion.

 

Our audits included performing procedures to assess the risks of material misstatement of the financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the financial statements. Our audits also included evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe that our audits provide a reasonable basis for our opinion.

 

/s/ Kost Forer Gabbay & Kasierer

a Member of Ernst & Young Global

We have served as the Company’s auditor since at least 1997, but we are unable to determine this specific year.

 

Tel-Aviv, Israel

March 28, 2019

 

F- 2

 

 

CYREN LTD. AND ITS SUBSIDIARIES

 

CONSOLIDATED BALANCE SHEETS

(in thousands of U.S. dollars)

 

    December 31  
    2018     2017  
             
ASSETS            
             
CURRENT ASSETS:            
Cash and cash equivalents   $ 17,571     $ 23,981  
Trade receivables (net of allowances for doubtful accounts of $20 and $445 as of December 31, 2018 and 2017, respectively)     3,658       2,890  
Deferred commissions     887       -  
Prepaid expenses and other receivables     778       1,339  
                 
Total current assets     22,894       28,210  
                 
LONG-TERM ASSETS:                
Long-term deferred commissions     1,880       -  
Long-term lease deposits     821       379  
Severance pay fund     503       714  
Property and equipment, net     4,608       2,787  
Intangible assets, net     8,802       11,018  
Goodwill     20,519       21,128  
                 
Total long-term assets     37,133       36,026  
                 
Total assets   $ 60,027     $ 64,236  

 

The accompanying notes are an integral part of the consolidated financial statements.

 

F- 3

 

 

CYREN LTD. AND ITS SUBSIDIARIES

 

CONSOLIDATED BALANCE SHEETS

(in thousands of U.S. dollars, except share and per share data)

 

    December 31  
    2018     2017  
             
LIABILITIES AND SHAREHOLDERS’ EQUITY            
             
CURRENT LIABILITIES:            
Trade payables   $ 1,668     $ 1,017  
Employees and payroll accruals     3,959       3,239  
Accrued expenses and other liabilities     910       1,012  
Earn-out consideration and related costs     2,926       3,588  
Deferred revenues     5,773       5,032  
                 
Total current liabilities     15,236       13,888  
                 
LONG-TERM LIABILITIES:                
Deferred revenues     503       524  
Convertible notes     10,000       -  
Deferred tax liability, net     1,130       1,355  
Accrued severance pay     598       930  
Other liabilities     700       438  
                 
Total long-term liabilities     12,931       3,247  
                 
COMMITMENTS AND CONTINGENCIES                
                 
SHAREHOLDERS’ EQUITY:                
Ordinary shares nominal value ILS 0.15 par value -                
Authorized: 75,353,340 shares as of December 31, 2018 and 2017; Issued: 54,405,881 shares as of December 31, 2018 and 2017; Outstanding: 54,057,208 and 53,375,854 shares as of December 31, 2018 and 2017, respectively     2,097       2,097  
Additional paid-in capital     245,570       244,609  
Treasury shares at cost: 348,673 and 1,030,027 Ordinary shares as of December 31, 2018 and 2017, respectively     (998 )     (3,312 )
Accumulated other comprehensive loss     (1,666 )     (1,195 )
Accumulated deficit     (213,143 )     (195,098 )
                 
Total shareholders’ equity     31,860       47,101  
                 
Total liabilities and shareholders’ equity   $ 60,027     $ 64,236  

 

The accompanying notes are an integral part of the consolidated financial statements.

 

F- 4

 

 

CYREN LTD. AND ITS SUBSIDIARIES

 

CONSOLIDATED STATEMENTS OF OPERATIONS

(in thousands of U.S. dollars, except share and per share data)

 

    Year ended
December 31,
 
    2018     2017  
             
Revenues   $ 35,900     $ 30,799  
Cost of revenues     14,540       11,899  
                 
Gross profit     21,360       18,900  
                 
Operating expenses:                
                 
Research and development, net     16,116       9,825  
Sales and marketing     16,202       15,551  
General and administrative     8,343       7,286  
                 
Total operating expenses     40,661       32,662  
                 
Operating loss     (19,301 )     (13,762 )
                 
Other income (expense), net     (11 )     452  
Financial expenses, net     (255 )     (2,380 )
                 
Loss before taxes on income     (19,567 )     (15,690 )
Tax benefit     153       42  
                 
Loss   $ (19,414 )   $ (15,648 )
                 
Basic and diluted loss per share   $ (0.36 )   $ (0.38 )
                 
Weighted average number of shares used in computing basic and diluted loss per share     53,634,199       40,922,453  

 

The accompanying notes are an integral part of these consolidated financial statements.

 

F- 5

 

 

CYREN LTD. AND ITS SUBSIDIARIES

 

CONSOLIDATED STATEMENTS OF COMPREHENSIVE LOSS

(in thousands of U.S. dollars)

 

    Year ended
December 31,
 
    2018     2017  
             
Loss   $ (19,414 )   $ (15,648 )
                 
Other comprehensive loss:                
Foreign currency translation adjustments     (471 )     1,656  
                 
Comprehensive loss   $ (19,885 )   $ (13,992 )

 

The accompanying notes are an integral part of these consolidated financial statements.

 

F- 6

 

 

CYREN LTD. AND ITS SUBSIDIARIES

 

STATEMENTS OF CHANGES IN SHAREHOLDERS’ EQUITY

(in thousands of U.S. dollars, except share data)

 

    Number of outstanding ordinary shares     Share capital     Additional paid-in capital     Treasury shares     Accumulated other comprehensive income (loss) (*)     Accumulated deficit     Total  
                                           
Balance as of January 1, 2017     39,174,272     $ 1,497     $ 216,147     $ (3,867 )   $ (2,851 )   $ (179,188 )   $ 31,738  
                                                         
Issuance of shares upon private offering ($1.85 per share), net of $631 issuance expenses     10,595,521       452       18,519       -       -       -       18,971  
Issuance of shares upon conversion of convertible notes and accrued interest on account of the convertible notes     3,456,407       148       8,083       -       -       -       8,231  
Issuance of treasury shares upon exercise of options and vesting of restricted share units     149,654       -       (200 )     555       -       (262 )     93  
Stock-based compensation related to employees, directors and consultants     -       -       2,060       -       -       -       2,060  
Other comprehensive income     -       -       -       -       1,656       -       1,656  
Loss     -       -       -       -       -       (15,648 )     (15,648 )
                                                         
Balance as of December 31, 2017     53,375,854       2,097       244,609       (3,312 )     (1,195 )     (195,098 )     47,101  
                                                         
Issuance of treasury shares upon exercise of options and vesting of restricted share units     681,354       -       (479 )     2,314       -       (442 )     1,393  
Stock-based compensation related to employees, directors and consultants     -       -       1,440       -       -       -       1,440  
Other comprehensive loss     -       -       -       -       (471 )     -       (471 )
Cumulative effect of adopting ASC 606     -       -       -       -       -       1,811       1,811  
Loss     -       -       -       -       -       (19,414 )     (19,414 )
                                                         
Balance as of December 31, 2018     54,057,208     $ 2,097     $ 245,570     $ (998 )   $ (1,666 )   $ (213,143 )   $ 31,860  

 

(*) Relates to foreign currency translation adjustments.

 

The accompanying notes are an integral part of the consolidated financial statements.

 

F- 7

 

 

CYREN LTD. AND ITS SUBSIDIARIES

 

CONSOLIDATED STATEMENTS OF CASH FLOWS

(in thousands of U.S. dollars)

 

    Year ended
December 31,
 
    2018     2017  
             
Cash flows from operating activities:            
             
Loss   $ (19,414 )   $ (15,648 )
                 
Adjustments to reconcile loss to net cash used in operating activities:                
Loss on disposal of property and equipment     15       2  
Depreciation     1,856       1,303  
Stock-based compensation     1,440       2,060  
Amortization of intangible assets     4,165       3,746  
Amortization of deferred commissions     1,351       -  
Interest and accretion of discount on convertible notes     40       480  
Change in fair value of embedded conversion feature on convertible notes     -       1,349  
Other income related to investment in affiliate     -       (450 )
Other expenses related to the earn-out consideration     97       117  
Deferred taxes, net     (182 )     (175 )
                 
Changes in assets and liabilities:                
Trade receivables, net     (596 )     77  
Prepaid expenses and other receivables     530       (362 )
Deferred commissions     (2,307 )     -  
Change in long-term lease deposits     (105 )     28  
Trade payables     264       36  
Employees and payroll accruals, accrued expenses and other liabilities     516       780  
Deferred revenues     720       (841 )
Accrued severance pay, net     (121 )     4  
Other long-term liabilities     274       302  
                 
Net cash used in operating activities     (11,457 )     (7,192 )
                 
Cash flows from investing activities:                
                 
Capitalization of technology, net of grants received     (1,984 )     (3,567 )
Proceeds from sale of investment in affiliate     -       450  
Proceeds from sale of property and equipment     1       -  
Purchase of property and equipment     (3,320 )     (1,771 )
                 
Net cash used in investing activities     (5,303 )     (4,888 )

 

The accompanying notes are an integral part of the consolidated financial statements.

 

F- 8

 

 

CYREN LTD. AND ITS SUBSIDIARIES

 

CONSOLIDATED STATEMENTS OF CASH FLOWS

(in thousands of U.S. dollars)

 

    Year ended
December 31,
 
    2018     2017  
             
Cash flows from financing activities:            
             
Proceeds from private offerings, net     -       18,971  
Proceeds from convertible notes     10,000       6,300  
Payment of earn-out consideration     (604 )     -  
Proceeds from options exercised     1,393       93  
                 
Net cash provided by financing activities     10,789       25,364  
                 
Effect of exchange rate changes on cash, cash equivalents and restricted cash     (101 )     98  
                 
Increase (decrease) in cash, cash equivalents and restricted cash     (6,072 )     13,382  
Cash, cash equivalents and restricted cash at the beginning of the period     24,228       10,846  
                 
Cash, cash equivalents and restricted cash at the end of the period   $ 18,156     $ 24,228  
                 
Supplemental disclosure of cash flows activities:                
                 
Cash paid (received) during the year for:                
                 
Taxes, net   $ (161 )   $ (50 )
                 
Interest   $ 92     $ 130  
                 
Non-cash transactions:                
                 
Unpaid purchases of property and equipment   $ (383 )   $ (217 )
                 
Net change in accrued payroll expenses related to capitalization of technology   $ (110 )   $ (255 )
                 
Conversion of convertible notes and accrued interest on account of convertible notes into equity   $ -     $ (8,231 )
                 
Reconciliation of cash, cash equivalents and restricted cash as shown in the consolidated statements of cash flow:                
                 
Cash and cash equivalents   $ 17,571     $ 23,981  
Restricted cash included in long-term restricted lease deposits     585       247  
                 
Total cash, cash equivalents and restricted cash   $ 18,156     $ 24,228  

 

The accompanying notes are an integral part of the consolidated financial statements.

 

F- 9

 

 

CYREN LTD. AND ITS SUBSIDIARIES

 

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

(in thousands of U.S. dollars, except share and per share data)

 

NOTE 1: GENERAL