ITEM 1A. RISK FACTORS

Business Risks

We may not be able to continue as a going concern.

As of December 31, 2020, we had an accumulated deficit of $248.7 million, cash and cash equivalents of $9.3 million, current liabilities of $24.9 million and generated a net loss of $17.3 million. We have incurred losses since inception and expect to continue to incur losses for the foreseeable future. As of December 31, 2020, our cash and cash equivalents balance is not sufficient to fund our planned operations for at least a year beyond the date of the financial statements included in this report. These factors raise doubt about our ability to continue as a going concern and therefore it may be more difficult for us to attract investors. The ability to continue as a going concern is dependent upon our ability to obtain the necessary financing to meet our obligations and repay our liabilities arising from normal business operations when they become due. Despite our ability to secure capital in the past, we cannot assure you that we will be able to obtain additional debt or equity financing on favorable terms, if at all. Furthermore, if we raise additional equity financing, our shareholders may experience significant dilution of their ownership interests. If we engage in debt financing, we may be required to accept terms that restrict our ability to incur additional indebtedness, force us to maintain specified liquidity or other ratios or restrict our ability to pay dividends or make acquisitions.

We have a history of losses and may not be able to achieve or maintain profitability.

We have a history of incurring net losses, including net losses of $17.3 million and $18.0 million in 2020 and 2019, respectively. As a result, we had an accumulated deficit of $248.7 million as of December 31, 2020. Achieving profitability will require us to increase revenue, manage our cost structure, and avoid unanticipated liabilities. We have made and expect to continue to make significant expenditures to develop and expand our business and we do not expect to be profitable in the near term. Revenue growth may slow or revenue may decline for a number of possible reasons, including slowing demand for our solutions, increasing competition, expense reductions, a decrease in the growth of our overall market, the impact of the COVID-19 pandemic, or if we fail for any reason to continue to capitalize on growth opportunities. Any failure by us to obtain and sustain profitability, or to continue our revenue growth, could cause the price of our ordinary shares to decline significantly.

Our indebtedness may have an adverse effect on our business or limit our ability to take advantage of business, strategic or financing opportunities; our debt instruments contain certain events of default which, if triggered, may result in acceleration of our debt.

On March 19, 2020, we issued $10.25 million aggregate principal amount of our 5.75% convertible debentures due March 19, 2024 (the “Convertible Debentures”). On December 5, 2018, we issued $10.0 million aggregate principal amount of 5.75% convertible notes due December 5, 2021 (the “Convertible Notes”). Our Convertible Debentures and Convertible Notes contain certain covenants with which we must comply and events of default which, if triggered, may result in the Convertible Debentures and/or Convertible Notes becoming immediately due and payable. These events of default include, but are not limited to, failure to pay interest and principal when due, failure to perform any term, covenant or agreement contained in the Convertible Debentures or Convertible Notes, certain events of bankruptcy, insolvency or reorganization, and certain defaults on our obligations under other debt instruments. In addition, as long as the Convertible Debentures and Convertible Notes are outstanding, we must obtain consent of the holders in order to take the following actions as required by the respective debt instruments:

These consent requirements could restrict us from taking any of the above actions that we believe to be in our best interests and could adversely affect our ability to obtain additional financing, engage in certain business activities, take advantage of business opportunities, or otherwise execute our business strategies. In addition, our ability to comply with the terms of the Convertible Debentures and the Convertible Notes may be affected by general economic conditions, industry conditions, and other events beyond our control. As a result, we cannot assure you that we will be able to comply with these terms. Failure to comply with the terms of the Convertible Debentures or the Convertible Notes could result in a default under these debt instruments, upon which the outstanding debt would become immediately due and payable. This could have serious consequences to our financial condition and results of operations. We cannot assure you that our assets or cash flow would be sufficient to repay our obligations under the Convertible Debentures or the Convertible Notes if accelerated upon an event of default, or that we would be able to borrow sufficient funds to refinance these debt instruments.

We do not anticipate that we will have sufficient funds to pay the principal of the Convertible Notes on their maturity date in December 2021, and the inability to restructure or refinance the Convertible Notes on commercially reasonable terms, or at all, would have a material adverse effect on our financial condition.

The Convertible Notes ($10.0 million aggregate principal amount) mature in December 2021. We do not anticipate that we will have sufficient funds to pay the principal of the Convertible Notes on their maturity date. The inability to restructure or borrow sufficient funds to refinance the Convertible Notes on commercially reasonable terms, or at all, would have serious consequences to our financial condition and results of operations.

If the internet security market does not accept our cloud-based product offerings, our sales will not grow as quickly as anticipated, or at all, and our business, results of operations and financial condition would be harmed.

Our success will depend to a substantial extent on the willingness of enterprises to increase their acceptance and use of cloud computing services. The market for email security solutions delivered as a service is still at an early stage relative to on-premise solutions, and these applications may not achieve and sustain high levels of demand and market acceptance. In particular, there is no assurance that our recently released Cyren Inbox Security will generate a high level of demand or achieve market acceptance.

Historically, companies have used appliance-based security products, such as firewalls, intrusion prevention systems, or IPS, anti-virus, or AV, and web and messaging gateways, for their IT security. These enterprises may be hesitant to purchase our cloud-based security offering if they believe that signature-based products, or our competitors’ products, are more cost-effective, provide substantially the same functionality or otherwise provide a sufficient level of IT security. Many enterprises have invested substantial personnel and financial resources to integrate traditional enterprise software or hardware appliances for these applications into their businesses, and currently, most enterprises have not allocated a fixed portion of their budgets to protect against next-generation advanced cyber attacks. As a result, to expand our customer base, we need to convince potential customers to allocate a portion of their discretionary budgets to purchase our products and services. If we do not succeed in convincing customers that our offerings should be an integral part of their overall approach to IT security, our sales will not grow as quickly as anticipated, or at all, which would have an adverse impact on our business, results of operations and financial condition.

In addition, many enterprises may be reluctant or unwilling to use cloud computing services because they have concerns regarding the risks associated with its reliability and security, among other things, of this delivery model, or its ability to help them comply with applicable laws and regulations. If enterprises do not perceive the benefits of this delivery model, then the market for our services and our sales would not grow as quickly as we anticipate or at all and our business, results of operations and financial condition would be harmed.

If the market does not continue to respond favorably to our traditional Threat Intelligence Service security solutions, including our Threat Detection Services and Threat Intelligence Feeds, or future services do not gain acceptance, we will fail to generate sufficient revenues.

Our success depends on the continued acceptance and use of our Threat Intelligence Service security solutions by current and new businesses, Original Equipment Manufacturers (“OEMs”), and service provider customers, plus the interest of such customers in our newest offerings. As the markets for email, antivirus and web security products continue to mature and consolidate, we are seeing increasing competitive pressures and demands for even higher quality products at lower prices. This increasing demand comes at a time when internet security threats are more varied and intensive, challenging top end solutions to keep their performance at an industry-acceptable level of accuracy. If our solutions do not continue to evolve to meet market demand, or newer products on the market prove more effective, our business could fail. Also, if growth in the markets for these solutions begins to slow, our business, results of operations and financial condition will suffer dramatically.

If we are unable to effectively integrate future investments and acquisitions, our business operations and financial results will suffer.

Our success will depend, in part, on our ability to expand our service and product offerings and grow our business in response to changing technologies, customer demands and competitive pressures. In some circumstances, we may decide to do so through the acquisition of complementary businesses and technologies rather than through internal development, including, for example, our 2012 acquisition of the antivirus business of the Icelandic company, Frisk Software International (“Frisk”) and the German internet security company eleven GmbH (“eleven”).

If we encounter further difficulties or unforeseen expenditures in integrating the business, technologies, products, personnel, or operations of any company that we acquire, the revenue and operating results of the combined company could be adversely affected. The risks we face in connection with acquisitions include:

The occurrence of any of these risks could have a material adverse effect on our business operations and financial results.

We face intense competition and could lose market share to our competitors, which could adversely affect our business, financial condition, and results of operations.

The market for security products and services is intensely competitive and characterized by rapid changes in technology, customer requirements, industry standards and frequent new product introductions and improvements. We anticipate continued challenges from current competitors as well as by new entrants into the industry. If we are unable to anticipate or effectively react to these competitive challenges, our competitive position could weaken, and we could experience a decline in our revenue that could adversely affect our business and results of operations.

Many of our existing competitors have, and some of our potential competitors could have, substantial competitive advantages such as:

In addition, some of our larger competitors have substantially broader product offerings and may be able to leverage their relationships with distribution partners and customers based on other products or incorporate functionality into existing products to gain business in a manner that may discourage users from purchasing our products, subscriptions and services, including by selling at zero or negative margins, product bundling or offering closed technology platforms.

Potential customers may also prefer to purchase from their existing suppliers rather than a new supplier regardless of product performance or features. As a result, even if the features of our offerings are superior, customers may not purchase our services or products. In addition, innovative start-up companies, and larger companies that are making significant investments in research and development, may invent similar or superior products and technologies that compete with our product and services. Our current and potential competitors may also establish cooperative relationships among themselves or with third parties that may further enhance their resources. If we are unable to compete successfully, or if competing successfully requires us to take costly actions in response to the actions of our competitors, our business, financial condition, and results of operations could be adversely affected.

Some of our competitors have acquired businesses that may allow them to offer more directly competitive and comprehensive solutions than they had previously offered. As a result of such acquisitions, our current or potential competitors might be able to adapt more quickly to new technologies and end user needs, devote greater resources to the promotion or sale of their products and services, initiate or withstand substantial price competition, take advantage of acquisitions or other opportunities more readily, or develop and expand their product and service offerings more quickly than we can. Due to various reasons, organizations may be more willing to incrementally add solutions to their existing security infrastructure from competitors than to replace it with our solutions. These competitive pressures in our market or our failure to compete effectively may result in price reductions, fewer orders, reduced revenue and gross margins, and loss of market share. Any failure to meet and address these factors could seriously harm our business and operating results.

Also, many of our smaller competitors that specialize in providing protection from a single type of business security threat may deliver these specialized business security products to the market more quickly than we can or may introduce innovative new products or enhancements before we do. Conditions in our markets could change rapidly and significantly as a result of technological advancements.

If we are unable to enhance our existing solutions and develop new solutions, our growth will be impeded.

Our ability to attract new customers and increase revenue from existing customers will depend in large part on our ability to enhance and improve our existing solutions and to introduce new solutions. The success of any enhancement or new solution depends on several factors, including the timely completion, introduction and market acceptance of the enhancement or solution. Any enhancement or solution we develop or acquire may not be introduced in a timely or cost-effective manner and may not achieve the broad market acceptance necessary to generate significant revenue. If we are unable to successfully develop or acquire new solutions or enhance our existing solutions to meet customer requirements, we may not grow as expected.

We cannot be certain that our development activities will be successful or that we will not incur delays or cost overruns. Furthermore, we may not have sufficient financial resources to identify and develop new technologies and bring enhancements or new solutions to market in a timely and cost-effective manner. New technologies and enhancements could be delayed or cost more than we expect, and we cannot ensure that any of these solutions will be commercially successful if and when they are introduced.

A loss of any of our large customers could have a material adverse effect on our financial condition and results of operations.

In the year ended December 31, 2020, our three largest customers accounted for approximately 34% of our annual revenues (including our largest customer that accounted for approximately 23% of total revenue). A significant reduction in revenue in the future from these major customers could have a material adverse effect on our financial condition, results of operations and cash flow. In the fourth quarter of 2020, we received notification that our largest customer will renew one of their contracts for another three years through the first quarter of 2024, but that it does not intend to renew its largest contract with the Company beginning April 2021. As a result, we anticipate that quarterly revenues from this customer will drop from over 20% currently to approximately 14% of quarterly revenue beginning in the second quarter of 2021. In addition, if one or more of our major customers were to develop its own competing technology or to experience economic difficulties, changes in purchasing policies or difficulties in fulfilling their obligations to us, our financial condition could be materially and adversely affected.

Adverse conditions in the national and global financial markets could have a material adverse effect on our business, operating results, and financial condition.

Our financial performance depends, in part, on the state of the economy, which may deteriorate in the future including, as a result of the spread or fear of spread of contagious diseases (such as the COVID-19 pandemic). Challenging economic conditions worldwide have from time to time contributed, and may continue to contribute, to slowdowns in the information technology industry, resulting in reduced demand for our solutions as a result of continued constraints on IT-related capital spending by our customers and increased price competition for our solutions. Additionally, concerns regarding the effects of the “Brexit” decision, uncertainties related to changes in public policies such as domestic and international regulations, taxes or international trade agreements as well as geopolitical turmoil and other disruptions to global and regional economies and markets in many parts of the world, have and may continue to put pressure on global economic conditions and overall spending on IT security.

If the economies of countries in which our customers and potential customers are located weaken, our customers may reduce or postpone their spending significantly. This could result in reductions in sales of our services and longer sales cycles, slower adoption of new technologies and increased price competition. In addition, weakness in the end user market could negatively affect the cash flow of our OEM and service provider partners, distributors and resellers who could, in turn, delay paying their obligations to us. This would increase our credit risk exposure and cause delays in our recognition of revenues on future sales to these customers. Specific economic trends, such as declines in the demand for PCs, servers, and other computing devices, or weakness in corporate information technology spending, could have a more direct impact on our business. Any of these events would likely harm our business, operating results, and financial condition.

The outbreak of COVID-19 and its international spread has affected how we operate our business, and the duration and the extent to which it will impact future results of operations and overall financial performance is unknown.

Pandemics and epidemics such as the current COVID-19 outbreak or other widespread public health problems could negatively impact our business. The current outbreak of COVID-19 has had widespread impacts on the overall economy, buying patterns of partners and potential customers, and business operations and continues to present concerns that may dramatically affect our ability to conduct our business effectively, including, but not limited to, our inability to travel to various destinations due to travel restrictions and quarantine requirements, attend certain industry-related conferences and effectively maintain ongoing sales operations. For employees continuing critical on-site work, we have implemented additional safety measures such as limiting the number of people present each day on-site, social distancing, use of face masks, and frequent disinfection of shared spaces. Any additional precautionary measures may negatively impact our sales, operating results and business.

A significant reduction in global economic activity may result in reduced IT budgets, including for cyber security software. While the ultimate impact of the COVID-19 outbreak is highly uncertain and subject to change, a significant duration of the COVID-19 outbreak and related government actions will impact many aspects of our business. Additionally, if the COVID-19 pandemic has had or continues to have a substantial impact on our partners and customers, our overall financial performance and operations may be negatively impacted. If a significant percentage of our workforce is unable to work, either because of illness or travel or government restrictions in connection with the COVID-19 outbreak, our operations may be negatively impacted.

If the perceived general level of advanced cyber attacks declines, demand for our solutions may decrease, our cost of doing business may increase and our business could be harmed.

Our business is substantially dependent on enterprises recognizing that advanced cyber attacks are pervasive and are not effectively prevented by legacy security solutions. High visibility attacks on prominent enterprises and governments have increased market awareness of the problem of advanced cyber attacks and help to provide an impetus for enterprises to devote resources to protecting against advanced cyber attacks, such as purchasing our services and products and broadly deploying our services and products within their organizations. If advanced cyber attacks were to decline, or enterprises perceived that the general level of advanced cyber attacks have declined, our ability to attract new customers and expand our offerings within existing customers could be materially and adversely affected and harm our business, results of operations and financial condition.

In addition, various state legislatures have enacted laws aimed at regulating the distribution of unsolicited email. These and similar legal measures, both in the United States and worldwide, may have the effect of reducing the amount of unsolicited email and malicious software that is distributed and hence diminish the need for our internet security solutions. Any such developments would have an adverse impact on our revenues.

We depend upon our OEM customers for the majority of our revenue and if our OEM customers do not renew existing subscriptions or buy additional services, our operating results will be harmed.

We expect to continue to be dependent upon OEM partners and service providers for a significant portion of our revenues.

Our operating results and financial condition may be materially adversely affected if:

We regularly have discussions with our customers regarding the renewal of their contracts and the renegotiation of the terms of such contracts at the time of renewal. In the fourth quarter of 2020, we received notification that our largest customer will renew one of their contracts for another three years through the first quarter of 2024, but that it does not intend to renew its largest contract with the Company beginning April 2021. As a result, we anticipate that quarterly revenues from this customer will drop from over 20% currently to approximately 14% of quarterly revenue beginning in the second quarter of 2021. For additional information, please refer to Note 11b of the consolidated financial statements included elsewhere in this Annual Report.

Our quarterly operating results may fluctuate, which could adversely affect our share price.

Our revenues and operating results could vary significantly from period to period as a result of a variety of factors, many of which are outside of our control. As a result, comparing our revenues and operating results on a period-to-period basis may not be meaningful, and shareholders should not rely on our past results as an indication of our future performance. We may not be able to accurately predict our future revenues or results of operations. We base our current and future expense levels on our operating plans and sales forecasts, and our operating costs are relatively fixed in the short-term. As a result, we may not be able to reduce our costs sufficiently to compensate for an unexpected shortfall in revenues, and even a small shortfall in revenues could disproportionately and adversely affect financial results for that quarter. If our revenues or operating results fall below the expectations of investors or any securities analysts that cover our stock, our share price could decline substantially.

A number of factors, many of which are enumerated in this “Risk Factors” section, are likely to cause fluctuations in our operating results or cause our share price to decline. These factors include:

Our ability to continue to increase our revenues will depend on our ability to successfully execute our sales and business development plan.

The complexity of the underlying technological base of email, antivirus and web security solutions, and the current landscape of the markets, require highly trained sales and business development personnel to educate prospective distributors, resellers, OEM and service provider partners and customers regarding the use and benefits of our solutions. We continue to be substantially dependent on our sales force to obtain new customers and to drive additional use cases and adoption among our existing customers. We believe that there is significant competition for sales personnel with the skills and technical knowledge that we require. Our ability to achieve significant revenue growth will depend, in large part, on our success in recruiting, training, and retaining sufficient numbers of sales personnel to support our growth. New hires require significant training and may take significant time before they achieve full productivity. Our recent hires and planned hires may not become productive as quickly as we expect, and we may be unable to hire or retain sufficient numbers of qualified individuals in the markets where we do business or plan to do business.

Our future success depends on our ability to sell additional solutions to our customers, such as our CIS solution which was made generally available for purchase in the second quarter of 2020. This may require increasingly sophisticated and costly sales efforts and may not result in additional sales. In addition, the rate at which our customers purchase additional solutions depends on a number of factors, including the perceived need for additional solutions, growth in the number of end users, and general economic conditions. If our efforts to sell additional solutions to our customers are not successful, our business, financial condition and/or results of operations may suffer.

We rely on our management team and other key employees and will need additional personnel to grow our business, and the loss of one or more key employees or our inability to attract and retain qualified personnel could harm our business.

Our success is substantially dependent on our ability to attract, retain and motivate the members of our management team and other key employees throughout our organization. Competition for highly skilled personnel is intense in Israel, Germany, Iceland, the United Kingdom, Sunnyvale, Austin, and the Washington D.C. metro area, where we have offices and a need for highly skilled personnel. We may not be successful in attracting qualified personnel to fulfill our current or future needs. Our competitors may be successful in recruiting and hiring members of our management team or other key employees, and it may be difficult for us to find suitable replacements on a timely basis, on competitive terms, or at all. Also, to the extent we hire employees from mature public companies with significant financial resources, we may be subject to allegations that such employees have been improperly solicited, that they have divulged proprietary or other confidential information or that their former employers own such employees’ inventions or other work product.

In addition, we believe that it is important to establish and maintain a corporate culture that facilitates the maintenance and transfer of institutional knowledge within our organization and also fosters innovation, teamwork, a passion for customers and a focus on execution.

The loss of our software developers or senior operations personnel may also adversely affect the continued development and support of both our current messaging, antivirus and web security solutions and future solutions presently included in our roadmap for development, thereby causing our operating results to suffer and the value of your investment to decline.

We do not have employment agreements inclusive of set periods of employment with any of our key personnel. We cannot prevent them from leaving at any time. We do not maintain key-person life insurance policies, listing us as a beneficiary, on any of our employees. If one or more of our key employees resigns or otherwise ceases to provide us with their service, our business, financial condition and/or results of operations could be harmed.

Our business and operating results could suffer if we do not successfully address potential risks inherent in doing business overseas.

We market and sell our products worldwide and have personnel in many parts of the world. In addition, we have sales offices and research and development facilities outside the United States, and we conduct, and expect to continue to conduct, a significant amount of our business with companies that are located outside the United States, particularly in Europe, Israel, and Asia. We also enter into strategic distributor and reseller relationships with companies in certain international markets where we do not have a local presence. If we are not able to maintain successful strategic distributor relationships internationally or recruit additional companies to enter into strategic distributor relationships, our future success in these international markets could be limited. Business practices and regulations in the international markets that we serve differ from those in the United States and Israel and periodically require us to include terms other than our standard terms in customer contracts. To the extent that we enter into customer contracts that include non-standard terms related to payment, warranties, or performance obligations, our operating results may be adversely impacted.

Additionally, our international sales and operations are subject to a number of risks, including the following:

These factors and other factors could harm our ability to gain future international revenues and, consequently, materially impact our business, operating results, and financial condition. The expansion of our existing international operations and entry into additional international markets will require significant management attention and financial resources.

Changes in the tax treatment of companies engaged in internet commerce may adversely affect the commercial use of our services and our financial results.

Due to the global nature of the internet and the global reach of our network, it is possible that various states or countries might attempt to regulate our transmissions or levy sales, income, consumption, use or other taxes relating to our services or activities, or impose obligations on us to collect such taxes. Tax authorities in many jurisdictions are currently reviewing the appropriate treatment of companies engaged in internet commerce such as the provision of cloud computing services and other online services. The imposition of new or revised tax laws or regulations may subject us to additional sales, income, consumption, use or other taxes. We cannot predict the effect of current attempts to impose such taxes on commerce over the internet. New or revised taxes and, in particular, sales, use or consumption taxes, the Value Added Tax and similar taxes would likely increase the cost of doing business online. New taxes could also create significant increases in internal costs necessary to capture data, and collect and remit taxes. Any of these events could have an adverse effect on our business and results of operations.

The application of tax laws is subject to interpretation and if tax authorities challenge our methodologies or our analysis of our tax rates it could result in an increase to our worldwide effective tax rate and cause us to change the way we operate our business.

The application of the tax laws of various jurisdictions to our international business activities is subject to interpretation and also depends on our ability to operate our business in a manner consistent with our corporate structure and intercompany arrangements. The tax authorities of the jurisdictions in which we operate may challenge our methodologies for valuing developed technology or intercompany arrangements, including our transfer pricing, or determine that the manner in which we operate our business does not achieve the expected tax consequences, which could increase our worldwide effective tax rate and adversely affect our financial position and results of operations.

A certain degree of judgment is required in evaluating our tax positions and determining our provision for income taxes. In the ordinary course of business, there are many transactions and calculations for which the ultimate tax determination is uncertain. For example, our effective tax rates could be adversely affected by earnings being lower than anticipated in countries where we have lower statutory rates and higher than anticipated in countries where we have higher statutory rates, by changes in foreign currency exchange rates or by changes in the relevant tax, accounting and other laws, regulations, principles and interpretations. As we operate in numerous taxing jurisdictions, the application of tax laws can be subject to diverging and sometimes conflicting interpretations by tax authorities of these jurisdictions. It is not uncommon for tax authorities in different countries to have conflicting views, for instance, with respect to, among other things, the manner in which the arm’s length standard is applied for transfer pricing purposes, or with respect to the valuation of intellectual property. In addition, tax laws are dynamic and subject to change as new laws are passed and new regulations or interpretations of the law are issued or applied. For example, the work being carried out by the OECD on base erosion and profit shifting as a response to increasing globalization of trade could result in changes in tax treaties or the introduction of new legislation that could impose an additional tax on businesses. As a result of changes to laws or interpretations, our tax positions could be challenged, and our income tax expenses could increase in the future.

For instance, if tax authorities in any of the countries in which we operate were to successfully challenge our transfer prices, they could require us to reallocate our income (or part of our income) to reflect transfer pricing adjustments, which could result in an increased tax liability to us. In addition, if the country from which the income was reallocated did not agree with the reallocation asserted by the first country, we could become subject to tax on the same income in both countries, resulting in double taxation. If tax authorities were to allocate income to a higher tax jurisdiction, subject our income to double taxation or assess interest and penalties, it could increase our tax liability, which could adversely affect our financial position and results of operations.

We are subject to privacy and data protection laws and regulations in various jurisdictions, including the EU General Data Protection Regulation, as well as contractual privacy and data protection obligations, which may limit the use and adoption of, or require modification of, our products and services and could affect our marketing activities. Our failure to comply with such laws, regulations or obligations could subject us to liability and could harm our reputation and business. In addition, the invalidation of the EU-US Privacy Shield by the European Court of Justice (“CJEU”), which we had previously relied on in part as a mechanisms to transfer personal data from the EU to the U.S and the uncertainty regarding reliance on the EU Standard Contractual Clauses (“SCCs”) may have an adverse effect on the manner in which we provide our services which could harm our financial results.

Many federal, state, and foreign government bodies and agencies have adopted, or are adopting, laws and regulations regarding the collection, use, and disclosure of personal information. Some of our solutions process customer data which may contain the personal information of end users, and any failure to adequately address privacy concerns, or to otherwise comply with applicable privacy laws and regulations could result in liability, damage to our reputation, loss of sales, or further harm our business. Privacy concerns, whether or not valid, may inhibit market adoption of our solutions. The costs of compliance with such laws and regulations that apply to our customers’ business may in turn limit their use and adoption of our products and services and therefore reduce overall demand for them.

We are subject to the privacy and data protection laws and regulations adopted by Israel, Europe and the United States and potentially other jurisdictions. Where the local data protection and privacy laws of a jurisdiction apply, we may be required to register our operations in that jurisdiction or make changes to our business so that registered users’ data is only collected and processed in accordance with applicable local law. The proliferation of such laws within the jurisdictions in which we operate may result in conflicting and contradictory requirements, particularly in relation to evolving technologies such as cloud computing. Any failure to successfully navigate the changing regulatory landscape could result in legal liability or impairment to our reputation in the marketplace, which could have a material adverse effect on our business, results of operations and financial condition.

In particular, the European Union has imposed greater obligations under their privacy and data protection laws. For example, the European Union adopted the General Data Protection Regulation (GDPR) which took effect on May 25, 2018 and is wide ranging in scope. GDPR replaced, to a large extent, the data protection laws of each European Union member state and imposed stringent requirements for data processors and controllers. Such requirements include more fulsome disclosures about the processing of personal information, data retention limits and deletion requirements, mandatory notification in the case of a data breach and heightened standards regarding valid consent in some specific cases of data processing. The GDPR also includes substantially higher penalties for failure to comply (a fine up to 20 million Euro or up to 4% of the annual worldwide turnover, whichever is greater, can be imposed). Given the breadth of the GDPR, compliance with its requirements is likely to continue to require significant expenditure of resources on an ongoing basis, and there can be no assurance that the measures we have taken for the purposes of compliance will be successful in preventing a violation of the GDPR. Given the potential fines, liabilities, and damage to our reputation in the event of an actual or perceived violation of the GDPR, such a violation may have an adverse effect on our business and operations.

Similarly, California recently enacted the California Consumer Privacy Act (“CCPA”), which, among other things, requires covered companies to provide new disclosures to California consumers and afford such consumers new rights to opt-out of the sale of their personal information. In addition, other states (e.g., Virginia) have enacted or proposed legislation that regulates the collection, use, and sale of personal information, and such regimes might not be compatible with either the GDPR or the CCPA or may require us to undertake additional practices. We cannot yet predict the impact of the CCPA or impending legislation on our business or operations, but it may require us to further modify our data processing practices and policies and incur substantial costs and expenses in an effort to comply; non-compliance could potentially subject us to regulatory fines and/or civil lawsuits.

Further, “Brexit” (described below) could lead to further legislative and regulatory changes. The United Kingdom Data Protection Act that substantially implements the GDPR became law in May 2018 and was subject to statutory amendments in 2019 that further align it with the GDPR. Post-Brexit, the United Kingdom has enacted its own version of the GDPR. On December 24, 2020, the European Commission announced a bridge period permitting data transfers from the EEA to the United Kingdom while the European Commission determines whether it will recognize the United Kingdom as an adequate country for the purposes of permitting international data transfers of EU personal data. The development of United Kingdom data protection laws or regulations and regulation of data transfers to and from the United Kingdom in the medium to longer term, however, remains unclear.

Even the perception of privacy, data protection or information security concerns, whether or not valid, may harm our reputation, inhibit adoption of our products by current and future customers, or adversely impact our ability to hire and retain workforce talent. If our security measures are or are believed to be inadequate or breached as a result of third-party action, employee negligence, error or malfeasance, product defects, social engineering techniques or otherwise, and this results in, or is believed to result in, the disruption of the confidentiality, integrity or availability of our systems or networks or any data we process or maintain, or the loss, destruction or corruption of such data, or our privacy practices are or are perceived to be inadequate, we could incur significant liability, we could face a loss of revenues, and our business may suffer and our reputation and competitive position may be damaged.

If any of our customers or prospective customers decide not to purchase our products or services because of regulatory uncertainty, our revenues could decline and our business could suffer. Any inability by us, or a third-party contractor, to adequately address privacy concerns, whether valid or not, or to comply with applicable privacy or data protection laws, regulations and privacy standards, could result in additional cost and liability to us, damage our reputation, inhibit sales of our solutions and harm our business.

Uncertainty regarding the effects of Brexit could adversely affect our future results.

The United Kingdom (“UK”) left the European Union (“EU”) on January 31, 2020 (“Brexit”). There was a transitional period, during which EU laws, including pharmaceutical laws, continued to apply in the UK, however this ended on December 31, 2020. The UK and EU have signed an EU-UK Trade and Cooperation Agreement, which became provisionally applicable on January 1, 2021 and will become formally applicable once ratified by both the UK and the EU. This agreement provides details on how some aspects of the UK and EU’s relationship will operate, however there are still many uncertainties. The unavoidable uncertainties related to Brexit and the new relationship between the UK and EU, which continues to be defined, could cause volatility in currency exchange rates, in interest rates, and in EU, UK or worldwide political, regulatory, economic or market conditions; and could contribute to instability in political institutions, regulatory agencies, and financial markets. Any of these effects of Brexit, and others that cannot be anticipated, could adversely affect our future results.

Technology Risks

We may not have the resources or skills required to adapt to the changing technological requirements and shifting preferences of our customers and their users.

The email, antimalware and web security industries are characterized by difficult technological challenges, sophisticated distributors of internet security threats, multiple-variant viruses, advanced persistent threats, unique phishing scams and constantly evolving malevolent software distribution practices and targets that could render our solutions and proprietary technology ineffective. Our success depends, in part, on our ability to continually enhance our existing messaging, antimalware and web security solutions and to develop new solutions, functions and technology that address the potential needs of prospective and current customers and their users.

Many of our end users operate in markets characterized by rapidly changing technologies and business plans, which require them to adapt to increasingly complex IT networks, incorporating a variety of hardware, software applications, operating systems, and networking protocols. As their technologies and business plans grow more complex, we expect these customers to face new and increasingly sophisticated methods of attack. We face significant challenges in ensuring that our solutions effectively identify and respond to these advanced and evolving attacks without disrupting our customers’ network performance. As a result of the continued rapid innovations in the technology industry, including the rapid growth of smart phones, tablets and other devices and the trend of “bring your own device” in enterprises, we expect the networks of our end users to continue to change rapidly and become more complex.

We have identified and implemented a number of new products and enhancements to our platform that we believe are important to our continued success in the IT security market. Going forward, we may not be successful in developing and marketing, on a timely basis, such new products or enhancements or our new products or enhancements may not adequately address the changing needs of the marketplace. In addition, some of our new products and enhancements may require us to develop new architectures that involve complex, expensive, and time-consuming research and development processes. Although the market expects rapid introduction of new products and enhancements to respond to new threats, the development of these products and enhancements is difficult and the timetable for commercial release and availability is uncertain, as there can be significant time lags between initial beta releases and the commercial availability of new products and enhancements. We may experience unanticipated delays in the availability of new products and enhancements to our platform and fail to meet customer expectations with respect to the timing of such availability. If we do not quickly respond to the rapidly changing and rigorous needs of our customers by developing, releasing and making available on a timely basis new products and enhancements to our services and products that can adequately respond to advanced threats and our customers’ needs, our competitive position and business prospects will be harmed. Furthermore, from time to time, we, or our competitors, may announce new products with capabilities or technologies that could have the potential to replace or shorten the life cycles of our existing services products. Announcements of new products could cause customers to defer purchasing our existing services or products.

Additionally, the process of developing new technology is expensive, complex, and uncertain. The success of new products and enhancements depends on several factors, including appropriate component costs, timely completion and introduction, differentiation of new products and services from those of our competitors, and market acceptance. To maintain our competitive position, we must continue to commit significant resources to developing new products or services before knowing whether these investments will be cost-effective or achieve the intended results. We may not be able to successfully identify new product opportunities, develop and bring new products or services to market in a timely manner, or achieve market acceptance of our platform. Products and technologies developed by others may render our offerings obsolete or noncompetitive. If we expend significant resources on researching and developing products or services and such products and services are not successful, our business, financial position and results of operations may be adversely affected. We may not be able to use new technologies effectively or adapt to OEM, service provider, customer or end user requirements or emerging industry standards.

Our solutions may be adversely affected by defects or denial of service attacks, which could cause our OEM and service provider partners, customers, or end users to stop using our solutions.

Our email, antimalware and web security products are based in part upon new and complex software and highly advanced computer systems. Complex software and computer systems can contain defects, particularly when first introduced or when new versions are released, and are possible targets for denial of service attacks instigated by “hackers”. Although we conduct extensive testing and implement internet security processes, we may not discover defects or vulnerabilities in our software or systems that affect our new or current solutions or enhancements until after they are delivered. Although we have not experienced any material defects or vulnerabilities to date in our messaging, antimalware, and web security offerings, it is possible that, despite testing by us, defects or vulnerabilities may exist in the solutions we provide. These defects or vulnerabilities could cause or lead to interruptions for customers of our solutions, resulting in damage to our reputation, legal risks, loss of revenue, delays in market acceptance and diversion of our development resources, any of which could cause our business, financial condition and/or results of operations to suffer.

Real or perceived defects, errors or vulnerabilities in our services or the failure of our services to block malware or prevent a cyber-attack or security breach could harm our reputation and adversely impact our business, financial condition, and results of operations.

Because our products and services are complex, they have contained and may contain design or manufacturing defects or errors that are not detected until after their commercial release and deployment by our end users. For example, from time to time, certain of our end users have reported defects in our products related to performance, scalability and compatibility that were not detected before offering the service. Additionally, defects may cause our products or services to be vulnerable to security attacks, cause them to fail to help secure networks or temporarily interrupt end users’ networking traffic. Because the techniques used by computer hackers to access or sabotage networks change frequently and may not be recognized until launched against a target, we may be unable to anticipate these techniques and provide a solution in time to protect our end users’ networks.

Furthermore, as a well-known provider of internet security solutions, our networks, products, and services could be targeted by attacks specifically designed to disrupt our business and harm our reputation. In addition, our data centers, which are located in various locations worldwide, and networks may experience technical failures and downtime, may fail to distribute appropriate updates, or may fail to meet the increased requirements of a growing end user base, any of which could temporarily or permanently expose our end users’ networks, leaving their networks unprotected against the latest security threats.

Any real or perceived defects, errors or vulnerabilities in our services, or any other failure of our services to detect an advanced threat, could result in certain events, including:

Data thieves are sophisticated, often affiliated with organized crime and operate large scale and complex automated attacks. In addition, their techniques change frequently and generally are not recognized until launched against a target. If we fail to identify and respond to new and complex methods of attack and to update our services to detect or prevent such threats in time to protect our end users’ systems, our business and reputation will suffer.

An actual or perceived security breach or theft of the sensitive data of one of our end users, regardless of whether the breach is attributable to the failure of our products or services, could adversely affect the market’s perception of our security offerings. Despite our best efforts, there is no guarantee that our products and services will be free of flaws or vulnerabilities, and even if we discover these weaknesses, we may not be able to correct them promptly, if at all. A breach of our systems could also result in the disclosure of sensitive and confidential information as well as information regarding our customers, end users and partners. Our end user customers may also misuse our products and services, which could result in a breach or theft of business data.

If the delivery of our services to our customers is interrupted or delayed for any reason, our business could suffer.

Any interruption or delay in the delivery of our services will negatively impact our customers. Our solutions are deployed via the internet, and our customers’ internet traffic is routed through our cloud platform. Our customers depend on the continuous availability of our services, and our services are designed to operate in accordance with applicable service level commitments. The adverse effects of any service interruptions on our reputation and financial condition may be disproportionately heightened due to the nature of our business and the fact that our customers expect continuous and uninterrupted service and have a low tolerance for interruptions of any duration.

The following factors, many of which are beyond our control, can affect the delivery and availability of our services and the performance of our cloud:

The occurrence of any of these factors, or if we are unable to efficiently and cost-effectively fix such errors or other problems that may be identified, could damage our reputation, negatively impact our relationship with our customers or otherwise materially harm our business, results of operations and financial condition.

Our email, antimalware and web security products may be adversely affected if we are not able to receive a sufficient sampling of internet traffic or our data centers were to become unavailable.

Our messaging, antimalware and web security solutions are dependent, in part, on the ability of our data centers to analyze, in an automated fashion, live feeds of internet and web related traffic received through our services to customers and other contractual arrangements. If we were to suffer an unanticipated, substantial decrease in such traffic or our multiple data centers become unavailable for any significant period, the effectiveness of our technologies would drop, our product offerings would become less attractive to customers/potential customers and revenues could decline.

False detection of applications, viruses, malware, spyware, vulnerability exploits, data patterns or URL categories could adversely affect our business.

Our classifications of application type, virus, malware, spyware, vulnerability exploits, data, or URL categories may falsely detect applications, content or threats that do not actually exist. This risk is heightened by the inclusion of a “heuristics” feature in our products, which attempts to identify applications and other threats not based on any known signatures but based on characteristics or anomalies which indicate that a particular item may be a threat. These “false positives”, while typical in our industry, may impair the perceived reliability of our products and may therefore adversely impact market acceptance of our services and products. If our services and products restrict important files or applications based on falsely identifying them as malware or some other item that should be restricted, this could adversely affect end users’ systems and cause material system failures. Any such false identification of important files or applications could result in damage to our reputation, negative publicity, loss of end users and sales, increased costs to remedy any problem, and costly litigation.

Our cloud-based enterprise SaaS security offerings include newer service offerings, so we may not see the customer traction in these offerings that we anticipate.

During 2019, Cyren revised its enterprise product strategy to focus primarily on email security and began to de-emphasize legacy solutions due to lack of significant customer traction. We made Cyren Inbox Security generally available for purchase in the second quarter of 2020. The solutions we are promoting and will promote to this market enable us to offer internet security solutions directly to our Enterprise customers or through our channel partners. If we fall short of our expectations, and especially given the significant resources invested by us in bringing new offerings to market, our financial results will suffer and the value of shareholder investments will decline.

If we fail to promote, develop, or protect our Cyren brand name, our business may be harmed.

Developing and maintaining awareness and integrity of our company and our new brand are important to achieving widespread acceptance of our existing and future offerings and are important elements in attracting new customers. The importance of brand recognition will increase as competition in our market further intensifies. Successful promotion of our brand will depend on the effectiveness of our marketing efforts and on our ability to provide reliable and useful solutions at competitive prices. We plan to continue investing substantial resources to promote our brand, both domestically and internationally, but there is no guarantee that our brand development strategies will enhance the recognition of our brand. Some of our existing and potential competitors have well-established brands with greater recognition than we have. If our efforts to promote and maintain our brand are not successful, our operating results and our ability to attract and retain customers may be adversely affected. In addition, even if our brand recognition and loyalty increases, this may not result in increased use of our solutions or higher revenue.

Our use of open source technology could impose limitations on our ability to commercialize our solutions.

We use open source software in certain of our solutions, and although we monitor our use of open source software to avoid subjecting our solutions to conditions we do not intend, the terms of many open source licenses have not been interpreted by U.S. or foreign courts. As a result, there is a risk that these licenses could be construed in a way that could impose unanticipated conditions or restrictions on our ability to commercialize our solutions. From time to time, we may face claims from third parties claiming ownership of, or demanding release of, the open source software or derivative works that we have developed using such software or otherwise seeking to enforce the terms of the applicable open source license. In such an event, we could be required to seek licenses from third parties to continue offering our solutions, to make our proprietary code generally available in source code form, to re-engineer our solutions or to discontinue the sale of our solutions if re-engineering could not be accomplished on a timely basis, any of which could adversely affect our business, operating results and financial condition.

Risks Related to our Ordinary Shares

We may not be able to comply with all applicable listing requirements or standards of the Nasdaq Capital Market and Nasdaq could delist our ordinary shares.

Our ordinary shares are currently listed on the Nasdaq Capital Market. To maintain that listing, we must satisfy minimum financial and other continued listing requirements and standards. One such requirement is that we maintain a minimum bid price of at least $1.00 per ordinary share. On April 24, 2020, we received written notice from the Listing Qualifications Department of the Nasdaq Stock Market informing us that because the closing bid price for our ordinary shares listed on the Nasdaq Capital Market was below $1.00 per share for 30 consecutive business days prior to the date of the Notice, we did not meet the minimum closing bid requirement for continued listing on the Nasdaq Capital Market set forth in Rule 5550(a)(2) of the Nasdaq Listing Rules.

Although we regained compliance with the Nasdaq Listing Rules in 2020, our ordinary share price is currently below $1.00 and has been below $1.00 for 22 consecutive business days. There can be no assurance that we will regain compliance with the $1.00 minimum bid price requirement or comply with Nasdaq’s other continued listing standards in the future. In the event that our ordinary shares are not eligible for continued listing on Nasdaq or another national securities exchange, trading of our ordinary shares could be conducted in the over-the-counter market or on an electronic bulletin board established for unlisted securities such as the Pink Sheets or the OTC Bulletin Board. In such event, it could become more difficult to dispose of, or obtain accurate price quotations for, our ordinary shares, and there would likely also be a reduction in our coverage by security analysts and the news media, which could cause the price of our ordinary shares to decline further. Also, it may be difficult for us to raise additional capital if we are not listed on a major exchange.

The issuance of additional shares in connection with financings, acquisitions, investments, our equity incentive plans, conversion of our convertible notes and debentures or otherwise will dilute other shareholders. In addition, our failure in the future to raise additional capital or generate the significant capital necessary to expand our operations and invest in new services and products could reduce our ability to compete and could harm our business. The ability to increase the authorized share count could limit our options for continuing to support the business.

We have made, and intend to continue to make, investments to support our business growth and may require additional funds to respond to business challenges, including the need to develop new features to enhance our services and products, improve our operating infrastructure or acquire complementary businesses and technologies. Accordingly, we may need to engage in equity or debt financings to secure additional funds. For example, in December 2018, we issued $10 million aggregate principal amount of Convertible Notes to an existing minority investor in a private placement which have a maturity of December 2021. In November 2019, we closed our rights offering, pursuant to which we issued 4,635,584 ordinary shares at $1.73 per share, including 4,624,277 shares issued to Warburg Pincus. In addition, in March 2020, we issued $10.25 million aggregate principal amount of our Convertible Debentures to accredited investors in a private placement and in February 2021, we issued 12 million shares at a price of $1.15 per share in a registered direct offering and warrants to purchase 720,000 shares.

Our shareholders have experienced dilution of their equity interests as a result of these issuances and prior issuances. Furthermore, we do not anticipate that we will have sufficient funds to pay the principal of the Convertible Notes when they mature in December 2021 and as a result, we will seek to refinance or restructure the Convertible Notes, including by issuing additional shares. We may also elect to satisfy interest payments on the Convertible Notes and Convertible Debentures by the issuance of ordinary shares based on the market price at the time of the interest payment.

We evaluate financing opportunities from time to time, and our ability to obtain financing will depend, among other things, on our development efforts, business plans and operating performance and the condition of the capital markets, and available authorized shares at the time we seek financing. If we raise additional equity or convertible debt financing, our shareholders may experience further significant dilution of their ownership interests and the per share value of our ordinary shares could decline. Furthermore, if we engage in debt financing, the holders of debt would have priority over the holders of our ordinary shares, and we may be required to accept terms that restrict our ability to incur additional indebtedness or that otherwise restrict our ability to operate our business. We may also be required to take other actions that would otherwise be in the interests of the debt holders and force us to maintain specified liquidity or other ratios, any of which could harm our business, operating results, and financial condition. We may not be able to obtain additional financing on terms favorable to us, if at all. If we are unable to obtain adequate financing or financing on terms satisfactory to us when we require it, our ability to continue to support our business growth and to respond to business challenges could be significantly impaired, and our business may be adversely affected.

Warburg Pincus holds 43% of our outstanding shares and is able to exercise significant influence over many matters requiring the approval of our Board and/or shareholders; Warburg Pincus’ interest in our business may be different from yours.

Warburg Pincus holds approximately 43% of our outstanding ordinary shares as of February 28, 2021, and has the right to nominate the number of directors proportional to its holdings of our outstanding shares. Currently, four directors nominated by Warburg Pincus serve on our Board. Warburg Pincus is able to exercise significant influence over many matters requiring the approval of our Board and/or shareholders, including the election of directors and approval of significant corporate transactions. In addition, our other directors and our executive officers that are not related to Warburg Pincus (together known as “affiliated entities”), beneficially own, in the aggregate, approximately 5% of our outstanding ordinary shares as of February 28, 2021. If they vote together (especially if they were to exercise all vested options into shares entitled to voting rights in the Company), these shareholders will be able to exercise influence over matters requiring a special majority vote of our shareholders, including the compensation of directors and approval of certain significant corporate transactions. In this regard, we know of no shareholders or voting agreement between major shareholders or between such shareholders and directors or officers.

In addition, conflicts of interest may arise as a consequence of the control by Warburg Pincus, including:

U.S. holders of our shares could be subject to material adverse tax consequences if we are considered a “passive foreign investment company” for U.S. federal income tax purposes.

We do not believe that we are a passive foreign investment company, and we do not expect to become a passive foreign investment company. However, our status in any taxable year will depend on our assets, income and activities in each year, and because this is a factual determination made annually after the end of each taxable year, there can be no assurance that we will not be considered a passive foreign investment company for the current taxable year or any future taxable years. If we were a passive foreign investment company for any taxable year while a taxable U.S. holder held our shares, such U.S. holder could face adverse U.S. federal income tax consequences, including having gains realized on the sale of our ordinary shares classified as ordinary income, rather than as capital gain, the loss of the preferential rate applicable to dividends received on our ordinary shares by individuals who are U.S. holders, and having interest charges apply to distributions by us and the proceeds of share sales.

U.S. holders that own 10% or more of the vote or value of our ordinary shares may suffer adverse tax consequences because we and/or any of our non-U.S. subsidiaries are expected to be characterized as a “controlled foreign corporation,” or a CFC, under Section 957(a) of the U.S. Internal Revenue Code of 1986, as amended, or the Code.

A non-U.S. corporation is considered a CFC if more than 50% of (1) the total combined voting power of all classes of stock of such corporation entitled to vote, or (2) the total value of the stock of such corporation, is owned, or is considered as owned by applying certain constructive ownership rules, by United States shareholders (U.S. persons who own stock representing 10% or more of the vote or 10% or more of the value) on any day during the taxable year of such non-U.S. corporation. Certain United States shareholders of a CFC generally are required to include currently in gross income such shareholders’ share of the CFC’s “Subpart F income,” a portion of the CFC’s earnings to the extent the CFC holds certain U.S. property, and a portion of the CFC’s “global intangible low-taxed income” (as defined under Section 951A of the Code). Such United States shareholders are subject to current U.S. federal income tax with respect to such items, even if the CFC has not made an actual distribution to such shareholders. “Subpart F income” includes, among other things, certain passive income (such as income from dividends, interests, royalties, rents and annuities or gain from the sale of property that produces such types of income) and certain sales and services income arising in connection with transactions between the CFC and a person related to the CFC. “Global intangible low-taxed income” may include most of the remainder of a CFC’s income over a deemed return on its tangible assets.

As a result of certain changes in the U.S. tax law introduced by the Tax Cuts and Jobs Act, we believe that we and our non-U.S. subsidiaries would be classified as CFCs in the current taxable year. For U.S. holders who hold 10% or more of the vote or value of our ordinary shares, this may result in adverse U.S. federal income tax consequences, such as current U.S. taxation of Subpart F income and of any such shareholder’s share of our accumulated non-U.S. earnings and profits (regardless of whether we make any distributions), taxation of amounts treated as global intangible low-taxed income under Section 951A of the Code with respect to such shareholder, and being subject to certain reporting requirements with the U.S. Internal Revenue Service, or the IRS. Any such U.S. holder who is an individual generally would not be allowed certain tax deductions or foreign tax credits that would be allowed to a U.S. corporation. If you are a U.S. holder who holds 10% or more of the vote or value of our ordinary shares, you should consult your own tax advisors regarding the U.S. tax consequences of acquiring, owning, or disposing our ordinary shares and the impact of the Tax Cuts and Jobs Act, especially the changes to the rules relating to CFCs.

We do not intend to pay dividends for the foreseeable future.

We have never declared or paid any dividends on our ordinary shares. We intend to retain any earnings to finance the operation and expansion of our business, and we do not anticipate paying any cash dividends in the future. As a result, you may only receive a return on your investment in our ordinary shares if the market price of our ordinary shares increases.

Intellectual Property Risks

If we fail to adequately protect our intellectual property rights or face a claim of intellectual property infringement by a third party, we could lose our intellectual property rights or be liable for significant damages.

We regard our patented and patent pending technology, copyrights, service marks, trademarks, trade secrets and similar intellectual property as critical to our success, and rely on patent, trademark and copyright law, trade secret protection and confidentiality or license agreements with our employees and customers to protect our proprietary rights. See Item 1. Business, Intellectual Property for information pertaining to our patent activities. We may seek to patent certain additional software or other technology in the future. Any such patent applications might not result in patents issued within the scope of the claims we seek, or at all.

Despite our precautions, unauthorized third parties may copy certain portions of our technology, reverse engineer or obtain and use information that we regard as proprietary or otherwise infringe or misappropriate our patent or our patent pending technology, trade secrets, copyrights, trademarks, and similar proprietary rights. In addition, the laws of some foreign countries do not protect proprietary rights to the same extent as do the laws of the United States. Thus, our means of protecting our proprietary rights in the United States or abroad, as well as our financial resources, may not be adequate, and competitors may independently develop similar technology. Given the cost, effort, risks, and downside of obtaining patent protection, including the requirement to ultimately disclose the invention to the public, we may not choose to seek patent protection for certain innovations. However, such patent protection could later prove to be important to our business. Even if issued, there can be no assurance that any patents will have the coverage originally sought or adequately protect our intellectual property, as the legal standards relating to the validity, enforceability, and scope of protection of patent and other intellectual property rights are uncertain. Any patents that are issued may be invalidated or otherwise limited, or may lapse or may be abandoned, enabling other companies to better develop products that compete with our solutions, which could adversely affect our competitive business position, business prospects and financial condition.

We cannot be certain that our security solutions do not infringe issued patents in certain parts of the world. Therefore, other parties, whether in the United States or elsewhere, may assert infringement claims against us. We may also be subject to legal proceedings and claims from time to time in the ordinary course of our business, including claims of alleged infringement of copyrights, trademarks, and other intellectual property rights of third parties by ourselves and our customers. Our customer agreements typically include indemnity provisions, so we may be obligated to defend against third party intellectual property rights infringement claims on behalf of our customers. Such claims, even if not meritorious, could result in the expenditure of significant financial and managerial resources. We may not have the proper resources in order to adequately defend against such claims.

Risks Relating to Operations in Israel

Conditions in Israel may limit our ability to develop and sell our products, resulting in a decline in revenues.

We are incorporated under the laws of the State of Israel. Our principal research and development facilities are located in Israel. Since the establishment of the State of Israel in 1948, a number of armed conflicts have taken place between Israel and its neighboring countries, as well as incidents of civil unrest, and a number of state and non-state actors have publicly committed to its destruction. Political, economic, and military conditions in Israel could directly affect our operations. We could be adversely affected by any major hostilities involving Israel, including acts of terrorism or any other hostilities involving or threatening Israel, the interruption or curtailment of trade between Israel and its trading partners, a significant increase in inflation or a significant downturn in the economic or financial condition of Israel. Any on-going or future violence between Israel and the Palestinians, armed conflicts, terrorist activities, tension along the Israeli borders or with other countries in the region, including Iran, or political instability in the region could disrupt international trading activities in Israel and may materially and negatively affect our business and could harm our results of operations.

Certain countries, as well as certain companies and organizations, continue to participate in a boycott of Israeli firms, firms with large Israeli operations and others doing business with Israel and Israeli companies. In addition, such boycott, restrictive laws, policies, or practices may change over time in unpredictable ways, and could, individually or in the aggregate, have a material adverse effect on our business in the future. Should the BDS Movement, the movement for boycotting, divesting and sanctioning Israel and Israeli institutions (including universities) and products become increasingly influential in the United States, Europe and around the world, this may also adversely affect our business and financial condition.

Some of our employees in Israel, including some of our executive officers, are obligated to perform annual military reserve duty in the Israel Defense Forces, depending on their age and position in the armed forces. Furthermore, they may be called to active reserve duty at any time under emergency circumstances for extended periods of time. Our operations could be disrupted by the absence, for a significant period, of one or more of our executive officers or key employees due to military service, and any significant disruption in our operations could harm our business.

Because a substantial portion of our revenues historically have been generated in U.S. dollars (USD) and the Euro (EUR), and a significant portion of our expenses have been incurred in Israeli Shekel (ILS), British Pound (GBP) and Icelandic Krona (ISK), our results of operations may be adversely affected by currency fluctuations.

We have generated a substantial portion of our revenues in USD and EUR, and incurred a substantial portion of our expenses, principally salaries and related personnel expenses, office rent and other outside services, in currencies other than USD. Those expenses incurred in Israel are denominated in Shekels, those incurred in the United Kingdom are denominated in GBP and those incurred in Iceland are denominated in ISK. We anticipate that a significant portion of our expenses will continue to be denominated in these currencies. As a result, we are exposed to risk to the extent that the value of the USD depreciates against the ILS, GBP, and ISK or to the extent that the value of the USD appreciates against the EUR. In those events, the USD cost of Cyren’s operations will increase and the USD value of Cyren’s revenues will decrease, respectively, and the Company’s USD measured results of operations will be adversely affected. During 2020, the USD value of operating costs denominated in ILS and GBP increased due to the depreciation of the USD vs. all such currencies, while the USD value of operating costs denominated in ISK decreased due to the appreciation of the USD, and the USD value of revenues denominated in EUR increased due to the depreciation of the USD vs the EUR. During 2019, the USD value of operating costs denominated in ILS and GBP increased due to the depreciation of the USD vs. all such currencies, while the USD value of operating costs denominated in ISK decreased due to the appreciation of the USD, and the USD value of revenues denominated in EUR decreased due to the appreciation of the USD vs the EUR.

We cannot predict the trend for future years. Our operations also could be adversely affected if we are unable to guard against currency fluctuations in the future. To date, we have not engaged in any significant hedging transactions. In the future, we may enter into currency hedging transactions to decrease the risk of financial exposure from fluctuations in the exchange rate of the dollar against the ILS. Foreign currency fluctuations, and our attempts to mitigate the risks caused by such fluctuations, could have a material and adverse effect on our results of operations and financial condition.

The government programs and benefits which we previously received require us to meet several conditions and may be terminated or reduced in the future.

We received grants from the Government of Israel through a program with the Israel Innovation Authority, or the IIA (formerly known as the Office of the Chief Scientist of the Israeli Ministry of Economy and Industry), pursuant to the Israeli Law for the Encouragement of Industrial Research Development and Technological Innovation, 1984, and related regulations (the “R&D Law”), to finance a significant portion of our research and development expenditures in Israel.

In order to meet specified conditions in connection with grants and programs of the IIA, we have made representations to the Israel government about our Israeli operations. One of the grants requires a minimum commitment of three years and we are required to share information with other companies and academics. From time to time, the conduct of our Israeli operations has deviated from our forecasts. If we fail to meet the conditions of the grants, including the maintenance of a material presence in Israel, or if there is any material deviation from the representations made by us to the Israeli government, we could be required to refund the grants previously received (together with an adjustment based on the Israeli consumer price index and an interest factor) and would likely be ineligible to receive IIA grants in the future.

In addition, the terms of our IIA grants and programs prohibit the manufacture outside of Israel of the product developed in accordance with the program without the prior consent of the Research Committee. Such approval is generally subject to an increase in the total amount to be repaid to the IIA to between 120% and 300% of the amount granted, depending on the extent of the manufacturing that is conducted outside of Israel. In addition, the R&D Law provides that know-how from the research and development and any derivatives thereof, cannot be transferred or licensed to Israeli third parties without the approval of the Research Committee. The R&D Law stresses that it is not just transfer of know-how that is prohibited, but also transfer of any rights in such know-how. Approval of the transfer and/or license may be granted only if the Israeli transferee undertakes to abide by all of the provisions of the R&D Law and regulations promulgated thereunder, including the restrictions on the transfer of know-how and the obligation to pay royalties, if applicable.

The know-how from the research and development and any derivatives thereof, cannot be transferred or licensed to non-Israeli third parties without the approval of the Research Committee, which approval is generally contingent on payment of a significant penalty of up to six times the grant amount plus LIBOR and minus any royalties paid.

You may have difficulties enforcing a U.S. judgment against us and our executive officers and directors or asserting U.S. securities laws claims in Israel.

Cyren Ltd. is organized under the laws of Israel, and we maintain significant operations in Israel. In addition, a significant portion of our assets are located outside the United States. Service of process upon our non-U.S. resident directors and enforcement of judgments obtained in the United States against them and Cyren Ltd. may be difficult to obtain within the United States. It may be difficult to enforce civil causes of actions under U.S. securities law in original actions instituted in Israel. Israeli courts may refuse to hear a claim based on a violation of U.S. securities laws because Israel is not the most appropriate forum in which to bring such a claim. In addition, even if an Israeli court agrees to hear a claim, it may determine that Israeli law and not U.S. law is applicable to the claim. If U.S. law is found to be applicable, the substance of the applicable U.S. law must be proved as a fact, which can be a time-consuming and costly process. Certain matters of procedure will also be governed by Israeli law. Furthermore, there is little binding case law in Israel addressing these matters.

Israeli courts might not enforce judgments rendered outside Israel which may make it difficult to collect on judgments rendered against us. Subject to certain time limitations, an Israeli court may declare a foreign civil judgment enforceable only if it finds that (a) the judgment was rendered by a court which was, according to the laws of the state of the court, competent to render the judgment; (b) the judgment may no longer be appealed; (c) the obligation imposed by the judgment is enforceable according to the rules relating to the enforceability of judgments in Israel and the substance of the judgment is not contrary to public policy; and (d) the judgment is executory in the state in which it was given.

Even if these conditions are satisfied, an Israeli court will not enforce a foreign judgment if it was given in a state whose laws do not provide for the enforcement of judgments of Israeli courts (subject to exceptional cases) or if its enforcement is likely to prejudice the sovereignty or security of the State of Israel. An Israeli court also will not declare a foreign judgment enforceable if (i) the judgment was obtained by fraud; (ii) there is a finding of lack of due process; (iii) the judgment was rendered by a court not competent to render it according to the laws of private international law in Israel; (iv) the judgment is at variance with another judgment that was given in the same matter between the same parties and that is still valid; or (v) at the time the action was brought in the foreign court, a suit in the same matter and between the same parties was pending before a court or tribunal in Israel.

In addition, if a foreign judgment is enforced by an Israeli court, it generally will be payable in ILS, which can then be converted into foreign currency at the rate of exchange of such foreign currency on the date of payment. Pending collection, the amount of the judgment of an Israeli court stated in ILS (without any linkage to a foreign currency) ordinarily will be linked to the Israeli consumer price index plus interest at the annual statutory rate prevailing at such time. Judgment creditors bear the risk of unfavorable exchange rates.

Provisions of Israeli law may delay, prevent, or make difficult an acquisition of Cyren Ltd., which could prevent a change of control and therefore depress the price of our shares.

Israeli corporate law regulates mergers and acquisitions of shares through tender offers, requires special approvals for transactions involving officers, directors or significant shareholders and regulates other matters that may be relevant to these types of transactions. Furthermore, Israeli tax considerations may make potential transactions unappealing to us or to our shareholders whose country of residence does not have a tax treaty with Israel exempting such shareholders from Israeli tax. For example, Israeli tax law does not recognize tax-free share exchanges to the same extent as U.S. tax law. With respect to mergers, Israeli tax law allows for tax deferral in certain circumstances but makes the deferral contingent on the fulfillment of a number of conditions, including a holding period of two years from the date of the transaction during which sales and dispositions of shares of the participating companies are subject to certain restrictions. Moreover, with respect to certain share swap transactions, the tax deferral is limited in time, and when such time expires, the tax becomes payable even if no disposition of the shares has occurred. These and other similar provisions could delay, prevent, or impede an acquisition of our company or our merger with another company, even if such an acquisition or merger would be beneficial to us or to our shareholders.

Your rights and responsibilities as a shareholder will be governed by Israeli law which differs in some respects from the rights and responsibilities of shareholders of U.S. companies.

We are incorporated under Israeli law. The rights and responsibilities of the holders of our ordinary shares are governed by our Articles of Association and Israeli law. These rights and responsibilities differ in some respects from the rights and responsibilities of shareholders in typical U.S.-based corporations. In particular, a shareholder of an Israeli company has a duty to act in good faith toward the company and other shareholders and to refrain from abusing its power in the company, including, among other things, in voting at the general meeting of shareholders on matters such as amendments to a company’s articles of association, increases in a company’s authorized share capital, mergers and acquisitions and interested party transactions requiring shareholder approval. In addition, a controlling shareholder, a shareholder who knows that it possesses the power to determine the outcome of a shareholder vote or to appoint or prevent the appointment of a director or executive officer in the company, has a duty of fairness toward the company. There is limited case law available to assist us in understanding the implications of these provisions that govern shareholders’ actions. These provisions may be interpreted to impose additional obligations and liabilities on holders of our ordinary shares that are not typically imposed on shareholders of U.S. corporations.

We are no longer a “controlled company” within the meaning of the Nasdaq Listing Rules. However, we will continue to qualify for, and may rely on during a one-year transition period, exemptions from certain corporate governance requirements that would otherwise provide protection to our shareholders.

As a result of the sale of our ordinary shares in the registered direct offering in February 2021, Warburg Pincus no longer controls a majority of our ordinary shares. As a result, we are no longer a “controlled company” within the meaning of the Nasdaq Listing Rules. Under these rules, a company of which more than 50% of the voting power for the election of directors is held by an individual, a group or another company is a “controlled company” and may elect not to comply with certain Nasdaq corporate governance requirements, including, without limitation (i) the requirement that a majority of the board of directors consist of independent directors, (ii) the requirement that the compensation of our officers be determined or recommended to our board of directors by a compensation committee that is comprised solely of independent directors, and (iii) the requirement that director nominees be selected or recommended to the board of directors by a majority of independent directors or a nominating committee comprised solely of independent directors. We nevertheless have a Compensation Committee comprised of all independent directors. However, at present, only five out of ten directors on our board are independent. In addition, our Nominating and Governance Committee, is not comprised solely of independent directors, although a majority of the directors on the Nominating and Governance Committee are independent directors. Even though we are not a “controlled company,” we will continue to qualify for, and may rely on, exemptions from certain corporate governance requirements that would otherwise provide protection to shareholders of other companies during a one-year transition period. The Nasdaq rules require that our board be composed of a majority of “independent directors,” and that our Nominating and Governance Committee consist entirely of independent directors by February 2021. In addition, we may have difficulty complying with the requirements listed above and while we intend to do so, we cannot assure you that we will be able to comply with such requirements before the end of the phase-in period for compliance.