SECURITIES AND EXCHANGE COMMISSION
WASHINGTON, D.C. 20549
☒ ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
For the fiscal year ended December 31, 2021
☐ TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
For the transition period from to
Commission file number: 000-26495
(Exact name of Registrant as specified in its charter)
|(State or other jurisdiction of |
incorporation or organization)
|10 Ha-Menofim St., 5th Floor|
|(Address of principal executive offices)||(Zip Code)|
Registrant’s telephone number, including area code 011–972–9–863–6888
Securities registered pursuant to Section 12(b) of the Act:
|Title of Each Class||Trading Symbol(s)||Name of Each Exchange on Which Registered|
|Ordinary Shares, par value ILS 3.00 per share||CYRN||Nasdaq Capital Market|
Securities registered pursuant to Section 12(g) of the Act:
Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes ☐ No ☒
Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Exchange Act. Yes ☐ No ☒
Indicate by check mark whether the Registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the Registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes ☒ No ☐
Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). Yes ☒ No ☐
Indicate by check mark whether the Registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.
|Large accelerated filer||☐||Accelerated filer||☐|
|Non-Accelerated filer||☒||Smaller reporting company||☒|
|Emerging growth company||☐|
If an emerging growth company, indicate by checkmark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐
Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report Yes ☐ No ☒
Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act) Yes ☐ No ☒
The aggregate market value of the voting shares held by non-affiliates of the Registrant was approximately $ million as of June 30, 2021.
The number of shares outstanding of the Registrant’s ordinary shares (as of February 28, 2022): Ordinary Shares — 5,333,564.
Documents Incorporated By Reference
Table of Contents
|Special Note Regarding Forward-Looking Statements||ii|
|ITEM 1A.||RISK FACTORS||13|
|ITEM 1B.||UNRESOLVED STAFF COMMENTS||36|
|ITEM 3.||LEGAL PROCEEDINGS||36|
|ITEM 4.||MINE SAFETY DISCLOSURE||36|
|ITEM 5.||MARKET FOR REGISTRANT’S COMMON EQUITY, RELATED STOCKHOLDER MATTERS AND ISSUER PURCHASES OF EQUITY SECURITIES||37|
|ITEM 7.||MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS||38|
|ITEM 7A.||QUANTITATIVE AND QUALITATIVE DISCLOSURES ABOUT MARKET RISK||54|
|ITEM 8.||FINANCIAL STATEMENTS AND SUPPLEMENTARY DATA||54|
|ITEM 9.||CHANGES IN AND DISAGREEMENTS WITH ACCOUNTANTS ON ACCOUNTING AND FINANCIAL DISCLOSURE||54|
|ITEM 9A.||CONTROLS AND PROCEDURES||54|
|ITEM 9C.||DISCLOSURE REGARDING FOREIGN JURISDICTION THAT PREVENTS INSPECTIONS||55|
|ITEM 10.||DIRECTORS, EXECUTIVE OFFICERS AND CORPORATE GOVERNANCE||56|
|ITEM 11.||EXECUTIVE COMPENSATION||61|
|ITEM 12.||SECURITY OWNERSHIP OF CERTAIN BENEFICIAL OWNERS AND MANAGEMENT AND RELATED SHAREHOLDER MATTERS||69|
|ITEM 13.||CERTAIN RELATIONSHIPS AND RELATED TRANSACTIONS, AND DIRECTOR INDEPENDENCE||71|
|ITEM 14.||PRINCIPAL ACCOUNTING FEES AND SERVICES||75|
|ITEM 15.||EXHIBITS, FINANCIAL STATEMENT SCHEDULES||76|
|ITEM 16.||FORM 10-K SUMMARY||77|
Special Note Regarding Forward-Looking Statements
This Annual Report on Form 10-K (the “Annual Report”) contains “forward-looking statements” within the meaning of Section 27A of the Securities Act of 1933, as amended (the “Securities Act”) and Section 21E of the Exchange Act of 1934 (the “Exchange Act”). These forward-looking statements reflect our current views about future events and are subject to risks, uncertainties, and assumptions. These statements concern expectations, beliefs, projections, plans and strategies, anticipated events or trends and similar expressions concerning matters that are not historical facts. We urge you to consider that statements which use the terms “anticipate,” “believe,” “expect,” “plan,” “intend,” “estimate”, “will” and similar expressions are intended to identify forward-looking statements. Specifically, this Annual Report contains forward-looking statements regarding:
|●||our expectations regarding our future profitability and revenue growth;|
|●||our expectations regarding increases in cost of revenue and operating expenses, including as a result of our anticipated investments in R&D;|
|●||our expectation to lower the rate of R&D investment as a percentage of revenue in the future and to drive more revenue from existing solutions rather than by adding new solutions;|
|●||our expectations regarding reducing the historical rate of headcount growth and its resulting impact on our gross and operating margins over time;|
|●||our expectations regarding growth of our enterprise business and its expected impact on our business, including its contribution to our cash flow and return on investment;|
|●||our expectations regarding our ability to raise additional capital or issue more debt;|
|●||our expectations regarding our capital expenditures for 2022;|
|●||our belief regarding the adequacy of our existing capital resources and other future measures to satisfy our expected liquidity requirements;|
|●||our beliefs regarding our competitive position in the market in which we operate;|
|●||our expectations regarding the regulatory environment of data privacy in the EU;|
|●||our anticipated significant investments in R&D and promotion of our brand;|
|●||our expectations regarding trends in the market for internet security and technology industry;|
|●||our expectations regarding existing and new threats, key challenges and opportunities in our industry and their impact on our business, including the impact of innovations in the technology industry;|
|●||our expectations regarding the increase in utilization of our cloud infrastructure and the resulting impact on our gross margins;|
|●||our expectations regarding continued and future customers that will contribute to our revenue, and the solutions we provide to such customers;|
|●||our beliefs regarding factors that make our vision compelling to the IT security market;|
|●||our expectations regarding the locations where we conduct our business;|
|●||our belief regarding passive foreign investment company status;|
|●||our expectations regarding the impact of litigation;|
|●||our beliefs regarding our net operating loss carry-forwards; and|
|●||our expectations and estimates regarding certain tax and accounting matters, including the impact on our financial statements.|
Risk Factor Summary
We are subject to various risks that could have a material adverse impact on our financial position, results of operations or cash flows. We wish to caution readers that certain important factors may have affected and could affect our future results and could cause actual results to differ significantly from those expressed in any forward-looking statement. The following is a summary of our principal risks, as set forth in the section entitled “Item 1A. Risk Factors,” that could prevent us from achieving our goals, and cause the assumptions underlying forward-looking statements and the actual results to differ materially from those expressed in or implied by those forward-looking statements to include, but not limited to, the following:
|●||our ability to continue as a going concern;|
|●||our ability to execute our business strategy;|
|●||our ability to successfully enhance our existing products and introduce new products;|
|●||the commercial success of our products;|
|●||lack of demand for our products, including actual or perceived decreases in levels of cyber attacks;|
|●||our ability to manage our costs, indebtedness and avoid unanticipated liabilities and achieve profitability;|
|●||our ability to grow our revenues, including the ability of existing products to drive sufficient revenue;|
|●||our ability to raise additional capital or debt;|
|●||our ability to attract new customers and increase revenue from existing customers;|
|●||market acceptance of our existing and new products;|
|●||our ability to adapt to changing technological requirements and shifting preferences of our customers;|
|●||the impact of COVID-19;|
|●||our ability to remain listed on The Nasdaq Stock Market (“Nasdaq”);|
|●||loss of any of our large customers or contracts;|
|●||adverse conditions in the national and global financial markets;|
|●||the impact of currency fluctuations;|
|●||political and other conditions that may limit our R&D activities;|
|●||increased competition or our ability to anticipate or effectively react to competitive challenges;|
|●||the ability of our brand awareness strategies to enhance our brand recognition;|
|●||our ability to retain key personnel;|
|●||performance of our OEM partners, service providers and resellers;|
|●||our ability to successfully estimate the impact of regulatory matters;|
|●||our ability to comply with applicable laws and regulations and the impact of changes in applicable laws and regulations, including tax legislation or policies;|
|●||economic, regulatory, and political risks associated with our international operations;|
|●||the impact of cyber attacks or a security breach of our systems;|
|●||our ability to protect our brand name and intellectual property rights; and|
|●||our ability to successfully estimate the impact of certain accounting and tax matters, including the effect on our company of adopting certain accounting pronouncements.|
The foregoing list of important factors does not include all such factors, nor necessarily present them in order of importance. In addition, you should consult other disclosures made by the Company (such as in our other filings with the SEC or in company press releases) for other factors that may cause actual results to differ materially from those projected by the Company. Please refer to Part I. Item 1A. Risk Factors, of this Annual Report for additional information regarding factors that could affect our results of operations, financial condition, and liquidity. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of the date hereof. Except as required by applicable law, including the securities laws of the United States, we undertake no obligation to update or revise any forward-looking statements to reflect new information, future events, or circumstances, or otherwise after the date hereof.
ITEM 1. BUSINESS
Unless otherwise indicated, all references in this document to “Cyren”, “the Company,” “we,” “us” or “our” are to Cyren Ltd., and its consolidated subsidiaries, namely Cyren Inc., Cyren Iceland hf, Cyren UK Ltd., and Cyren Gesellschaft GmbH.
We were incorporated as a private company under the laws of the State of Israel on February 10, 1991 and our legal form is a company limited by shares. We became a public company on July 15, 1999 under the name Commtouch Software Ltd. In January 2014, we changed our legal name to Cyren Ltd.
Cyren was an early pioneer and is a provider of cloud delivered Software-as-a-Service (SaaS) cybersecurity solutions that protect businesses, their employees, and customers against threats from email, files, and the web.
Our security solutions are architected around the fundamental belief that cybersecurity is a race against time – and the cloud best enables the speed, sophistication and advanced automation needed to detect and block threats as they emerge on the internet around the globe. As more and more businesses move their data and applications to the cloud, they need a security provider that is able to keep pace.
Security threats are more prevalent and stealthier than ever. As cybercrime has become more sophisticated, every malware, phishing and ransomware variant is unique, making it more difficult to detect. While organizations have traditionally protected their users with security at their network perimeter, more frequent and evasive attacks combined with a more distributed and virtual workforce are reducing the effectiveness of this approach. Traditional approaches may lack the real-time threat intelligence and processing power to detect emerging threats, and the growth of mobile devices and an increasingly distributed workforce mean that more and more business is conducted outside of the traditional network perimeter. As a result, when new attacks appear in a matter of seconds, legacy cybersecurity products can leave companies vulnerable for hours, days or even weeks.
Cyren’s cloud security products and services fall into three categories:
|●||Cyren Threat Detection Services – these services detect a variety of threats in email, files and from the web, and are embedded into products from the world’s leading email, cybersecurity vendors and managed service providers (MSPs). Cyren Threat Detection Services include our Email Security Detection Engine, Malware Detection Engine, Web Security Engine, and Threat Analysis Service.|
|●||Cyren Threat Intelligence Data – Cyren’s Threat Intelligence Data products provide valuable threat intelligence that can be used by enterprise or OEM customers to support threat detection, threat hunting and incident response. Cyren’s Threat Intelligence Data offerings include IP Reputation Intelligence, Phishing Intelligence, Malware Intelligence and Zombie Intelligence.|
|●||Cyren Enterprise Email Security Products – these include cloud-based solutions designed for enterprise customers, and are sold either directly or through channel partners. Cyren Enterprise Email Security products include Cyren Email Security, a cloud-based secure email gateway and Cyren Inbox Security, an anti-phishing and remediation product for Microsoft 365.|
All of Cyren’s cybersecurity products are powered by Cyren GlobalView, Cyren’s global security cloud that identifies emerging threats on a global basis, in real-time. GlobalView analyzes billions of security transactions each day and rapidly detects a variety of threats in email, files and from the web. By inspecting internet traffic in the cloud, Cyren identifies threats as they emerge, stopping them before they reach users.
With a massive volume of customer traffic flowing through it every day, GlobalView is able to identify emerging threats on the internet within seconds. The key to GlobalView’s detection capabilities include:
|(i)||Massive Security Data Flow – Every day, Cyren’s GlobalView processes billions of security transactions generated by over 1.3 billion users worldwide to detect cyber threats as they emerge – including thousands of new IP addresses, phishing sites, and URLs. As a result, Cyren is able to identify new and emerging threats in seconds.|
|(ii)||Comprehensive Detection Technologies – Cyren’s family of proprietary detection engines leverage big data analytics, advanced heuristics, Recurrent Pattern Detection (RPD), and behavioral sandboxing, all tied together in a single-pass streaming architecture that applies these detection techniques in parallel. Distributed, massively scalable, and fault tolerant, this approach delivers fully automated real-time threat identification across email, files, and web.|
|(iii)||Advanced Cyber Intelligence – Real-time, actionable cyber intelligence services are used by major email providers and cybersecurity vendors including Google, Microsoft, and Check Point. The breadth and accuracy of our GlobalView security cloud identifies millions of threats each day, and enables protection from malicious messages, hosts, and websites.|
Figure 1: Cyren Threat Detection and Intelligence Services include threat detection engines, threat intelligence data, and our threat analysis services which are connected through the GlobalView security cloud.
Threat Detection Services
Used and trusted by many of the world’s leading email providers, cybersecurity vendors and MSPs, Cyren Threat Detection Services empower technology companies with the real-time threat detection capabilities enabled by our threat detection engines and our GlobalView threat intelligence network, backed by a dedicated technical and commercial support model. Our globally comprehensive and unique insights into current and emerging threats are provided as individual cyber intelligence services:
Email Security Engine – Our embedded email security includes a complete set of protection that can be deployed in a wide range of configurations. Suitable as a core security offering or as a complementary layer, the flexible engine easily integrates into existing platforms, minimizing costs without affecting performance. Available services include:
|●||Anti-Spam Inbound Service|
|●||Anti-Spam Outbound Service|
|●||IP Reputation Service for Email|
|●||Virus Outbreak Detection for Email|
Malware Detection Engine – Our malware detection capabilities are used to detect the latest viruses, malware, ransomware, and advanced threats that are used by hackers to infiltrate an enterprise’s network. Our SDK can scan and classify objects including files, scripts, emails, and web-based threats, and use cases include email scanning, UTM and firewall appliances, and anti-malware software applications. Cyren’s Malware Detection Engine is used primarily to protect email applications.
Web Security Engine – Our Web Security Engine is used by customers to provide URL classification for web browser filtering and safe search capabilities. Cyren provides dozens of URL categories and classifications, with a unique capability for security-based URL classifications. Use cases for Cyren web security engine include UTM and firewall appliances, endpoint filtering software applications, and cloud-based web filtering.
Threat Analysis Service – Cyren’s Threat Analysis Service delivers outstanding detection of the most advanced cyber threats. Cyren’s technology uses a patented, cloud-based, multi-sandbox array which includes multi-stage hash threat lookup, file analysis, and full sandbox detonation. Threat Analysis Services include file analysis and threat reporting on an individual file or aggregate basis and can be used by OEMs as well as enterprise customers.
Cyren Threat Intelligence Data Products
Cyren’s Threat Detection Services generate billions of security transactions each day within the GlobalView network. OEM partners and enterprise customers can benefit from the millions of unique threats that are detected each day by subscribing to Cyren’s real-time Threat Intelligence Data feeds to supplement their security solutions and improve their overall threat posture. Cyren’s Threat Intelligence Data feeds include the following discrete offerings:
|●||Real-Time Phishing Intelligence|
|●||Real-Time Malware File Intelligence|
|●||Real-Time IP Reputation Intelligence|
|●||Real-Time Malware URL Intelligence|
|●||Real Time Zombie Host Intelligence|
Cyren Enterprise Security Products
Cyren historically provided SMB and enterprise customers a set of internet security services from a common integrated platform called Cyren Cloud Security (CCS). CCS applications included Cyren Web Security (a SaaS secure web gateway), Cyren Email Security (a SaaS secure email gateway), Cyren DNS Security (a SaaS DNS web filtering solution), and Cyren Cloud Sandboxing (an advanced threat protection service integrated into Cyren Web Security and Cyren Email Security, and also available as a standalone service).
During 2019, Cyren revised its enterprise product strategy to focus on email security solutions, threat detection services and threat intelligence data products.
Cyren’s current Enterprise Security products include:
Cyren Email Security (CES) – a cloud-based secure email gateway that works well with both on premise and cloud-based business email, Cyren Email Security filters an organization’s inbound and outbound email to protect users from security threats and spam. Inbound email security protects against malware, phishing, business email compromise, and more, with advanced threat protection from cloud sandboxing, malware outbreak protection and time-of-click analysis. Support for SPF (Sender Policy Framework) provides sender validation to prevent email spoofing, while policy-based encryption protects sensitive email communications. Outbound protections block botnet-infected devices from sending malware or spam from a customer’s domain.
Cyren Inbox Security (CIS) – Cyren developed an anti-phishing solution targeted at enterprise customers using the Microsoft 365 email platform that was launched in the second quarter of 2020.
By utilizing the native API integration offered by Microsoft 365, Cyren Inbox Security is able to detect email-based phishing threats on a continuous basis, as well as provide powerful remediation capabilities to identify and mitigate the types of phishing attacks that legacy perimeter defenses find challenging to stop, including:
|●||Phishing emails utilizing evasive techniques, like delayed URL activation, URLs hidden in attachments, use of strong encryption, use of real and valid SSL certificates, etc.;|
|●||Spoofed spear phishing messages impersonating employees or trusted partners;|
|●||BEC and CEO fraud and other targeted social engineering attacks; and|
|●||New zero-day phishing campaigns and account takeovers.|
Figure 2: Cyren Inbox Security offers advanced phishing security for Microsoft 365 – continuously monitors, detects, and remediates user inboxes for today’s evasive phishing attacks.
Sales and Marketing
Cyren’s cloud security solutions are sold into two markets:
|●||OEM/Embedded Security (Security product vendors, email providers, MSPs/MMSPs)|
|◌||In this market segment, our customers embed Cyren Threat Detection Services and Threat Intelligence Data into their infrastructure and/or products to protect their customers.|
|◌||In this market segment, Cyren provides enterprise customers Email Security products, including secure email gateway and anti-phishing solutions, to protect their employees, data, and IP.|
OEM/Embedded Security Market
We target two primary segments to sell our Threat Detection Services and Threat Intelligence Data:
|●||Service providers. Organizations offering internet access or email services that need to protect their customers from internet threats. For these partners, we offer carrier-class email security, web security, and advanced threat protection services that can be integrated into their large-scale, high performance infrastructures.|
|●||Cyber Security vendors. Network equipment and security vendors offering endpoint, gateway, and cloud-based solutions that need to augment their security capabilities or integrate third party best-of-breed internet security capabilities into their products. For these partners, we offer cloud-based APIs and SDKs for email security, web security, endpoint protection, and advanced threat protection that can be integrated into their on-premise appliances or cloud solutions.|
Our sales team for these segments are organized by geographic regions, including Europe, the Middle East and Africa (EMEA), North America, and Asia Pacific. The sales process for these segments entails consultative, technical business development engagements working with partner product management and engineering teams to architect and integrate our solutions into their products.
Our sales and marketing programs are organized by geographic regions, including EMEA and North America.
We sell through both direct and indirect channels, including distributors, value added resellers and managed service providers:
|●||Direct sales. We market and sell our solutions to enterprise customers directly through our direct sales teams, as well as indirectly through channels where our sales organization actively works with our network of distributors and resellers. Our sales personnel are located in North America and EMEA.|
|●||Indirect channel. We engage value-added resellers directly or via a two-tier distribution model, where resellers purchase Cyren services through a distribution partner, as opposed to directly from us, and distributors provide sales support services such as technical support, education, training, and financial services. Our reseller partners maintain relationships with their customers throughout the territories in which they operate, providing them with services and third-party solutions to help meet their evolving security requirements. As such, these partners act as a direct conduit through which we can connect with these prospective customers to offer our solutions.|
|●||Managed service providers. Unlike many other security products on the market today, Cyren’s platform is architected as an integrated platform offering multi-tenant cloud services and delegated administration. This enables MSPs to operate our services on behalf of multiple customers, allowing them to deliver turnkey internet security services to their customer bases.|
We execute marketing programs to build awareness, generate demand and encourage customer adoption of our solutions. Our marketing programs include a variety of digital marketing, advertising, conferences, events, public relations activities, and web-based seminar campaigns targeted at key users and decision makers within our prospective customers. We offer free product trials to allow prospective customers to experience the capabilities of our products, to learn in detail about the features of our products and to quantify the potential benefits.
We regard our patented and patent pending anti-spam and antivirus technology, copyrights, service marks, trademarks, trade secrets and similar intellectual property as critical to our success, and rely on patent, trademark and copyright law, trade secret protection and confidentiality and/or license agreements with our employees, customers, partners and others to protect our proprietary rights.
In 2004, we purchased a United States patent, U.S. Patent No. 6,330,590 that relates to the Recurrent Pattern Detection (RPD) technology used in many of our security solutions. During 2006, we filed a provisional patent application in the United States relating to the prevention of spam in streaming systems or, in other words, unwanted conversational media sessions (i.e., voice and video related). This provisional application was converted to a full patent application and that application was then divided into three applications. The United States Patent and Trademark Office granted the original application as United States Patent No. 7,849,186. The three divisional patents were also subsequently granted as United States Patent No. 7,991,919, United States Patent No. 8,190,737, and United States Patent No. 8,195,795, all of which have a term concurrent with US Patent No. 7,849,186. In 2016, we filed a provisional patent application in the United States relating to a multi-sandbox array that utilizes unique intellectual property we developed in support of our cyber threat protection capabilities. In February 2017, we converted this provisional application into full patent applications for the multi-sandbox array in the United States, Europe, and Israel. The resulting US patent No. 10,482,243 was granted in November 2019, Israel patent 250797 was granted in July 2020, and European patent EP3211558 was granted in September 2021. In July 2018 we filed a provisional patent application in the United States relating to phishing detection systems and methods we developed in support of our anti-phishing capabilities. In July 2019, we converted this provisional application into full patent applications for phishing detection in the United States, Europe, and Israel. In September 2021, we filed a continuation patent application in the United States covering our phishing protection solutions for mobile devices. In 2019 U.S. Patent No. 6,330,590 expired after completion of its full 20-year term. We may seek to patent certain additional software or other technology in the future.
We have registered trademarks for our company name “Cyren” in the US and Europe and we are also maintaining our registered trademark for “Commtouch” in the U.S. Through acquisition, we also acquired registered trademarks such as “FRISK”, “F-PROT”, “eleven”, “Expurgate” and “Command Anti-malware”. We may allow certain of these trademarks to lapse over time. Since at least September 2003, we have claimed common law trademark rights in “RPD” and “Recurrent Pattern Detection”, as applicable to our messaging security solutions. We have also been claiming common law trademark rights in “Zero-Hour” in relation to our virus outbreak detection product (and more recently one of our web security products) and “GlobalView” in relation to our Internet Protocol, or IP, reputation and web security products, as well as our “cloud computing” network infrastructure.
It may be possible for unauthorized third parties to copy or reverse engineer certain portions of our products or obtain and use information that we regard as proprietary. In addition, the laws of some foreign countries do not protect proprietary rights to the same extent as do the laws of the United States. There can be no assurance that our means of protecting our proprietary rights in the United States, Europe or elsewhere will be adequate or that competing companies will not independently develop similar technology.
Other parties may assert infringement claims against us. We may also be subject to legal proceedings and claims from time to time in the ordinary course of our business, including claims of alleged infringement by us and/or our customers of the trademarks and other intellectual property rights of third parties. Our customer agreements typically include indemnity provisions so we may be obligated to defend against third party intellectual property rights infringement claims on behalf of our customers. Such claims, even if not meritorious, could result in the expenditure of significant financial and managerial resources.
Under the R&D Law, research and development programs approved by the Research Committee (the “Research Committee”) of the Israeli Innovation Authority (the “IIA”) are eligible for “Benefits” which include grants, loans, exemptions, discounts, guarantees and additional means of assistance, but with the exclusion of purchase of shares, provided under various tracks promulgated by the Council Body (the “Tracks”). Most Tracks require the repayment of the Benefits in the form of the payment of royalties from the sale of the product developed in accordance with the published Track guidelines and subject to other restrictions. Once a project is approved, the IIA awards grants of up to 50% of the project’s expenditures in return for royalties, usually at the rate of 3% of sales of products developed with such grants. For projects approved after January 1, 1999, the amount of royalties payable was up to a dollar-linked amount equal to 100% of such grants plus interest at LIBOR. The total amount of grants received as of December 31, 2021 (none received since 2018) is approximately $6.4. Our total commitment for royalties payable with respect to future sales, based on IIA participations received, net of royalties paid or accrued, is approximately $2.6 million as of December 31, 2021.
The terms of these grants prohibit the manufacturing outside of Israel of the product developed in accordance with the program without the prior consent of the Research Committee. Such approval is generally subject to an increase in the total amount to be repaid to the IIA to between 120% and 300% of the amount granted, depending on the extent of the manufacturing that is conducted outside of Israel.
The R&D Law, also provides that know-how from the research and development and any derivatives thereof, cannot be transferred or licensed to Israeli third parties without the approval of the Research Committee. The R&D Law stresses that it is not just transfer of know-how that was prohibited, but also transfer of any rights in such know-how. Approval of the transfer and/or license could be granted only if the Israeli transferee undertook to abide by all of the provisions of the R&D Law and regulations promulgated thereunder, including the restrictions on the transfer of know-how and the obligation to pay royalties, if applicable.
The know-how from the research and development and any derivatives thereof, cannot be transferred or licensed to non-Israeli third parties without the approval of the Research Committee, which approval is generally contingent on payment of a significant penalty of up to six times the grant amount plus LIBOR and minus any royalties paid. Such restriction does not apply to exports from Israel of final products developed with such technologies. On May 7, 2017, the IIA published the Rules for Granting Authorization for Use of Know-How Outside of Israel (the “Licensing Rules”). The Licensing Rules enable the approval of out-licensing arrangements and other arrangements for granting of an authorization to an entity outside of Israel to use know-how developed under research and development programs funded by the IIA and any derivatives thereof. Subject to payment of a “License Fee” to the IIA, at a rate that will be determined by the IIA in accordance with the Licensing Rules, the IIA may now approve arrangements for the license of know-how outside of Israel. This allows companies that have received IIA support to commercialize know-how in a manner which was not previously available.
Laws aimed at curtailing the spread of spam have been adopted by the United States federal government, i.e., the CAN-SPAM Act, and certain individual U.S. states, with the CAN-SPAM Act superseding some state laws or certain elements thereof. The Israel government has also adopted an amendment to the Communications Law, 1982, aimed at curtailing the spread of spam transmittal of commercial advertisements by email, fax, SMS, or automated dialing systems without the consent of the recipient. Such laws may impact our marketing activities. The law sets punitive fines for advertisers of spam, who may also be subject to civil lawsuits and class actions.
The propagation of email viruses, whether through email or websites, which are aimed at destroying or stealing third party data, is illegal under standard state and federal law outlawing theft, misappropriation, conversion, etc., without the need for special legislation prohibiting such activities on the internet. Despite the existence of these laws, sources for internet viruses continue to spread multi-variant viruses seemingly without much fear of recrimination. New laws providing for more stringent penalties could be adopted in various jurisdictions, but it is unclear what, if any, affect these would have on the antivirus industry in general and our solutions in particular.
The EU enacted the General Data Protection Regulation (GDPR), which took effect on May 25, 2018 and carries with it significantly increased responsibilities and potential penalties for companies that process EU personal data. In connection with GDPR, we expect increased regulatory and customer attention surrounding data privacy in the EU. In connection with GDPR, we experience increased customer attention surrounding data privacy in the EU. In February 2016, the U.S. and E.U. announced an agreement on framework for transatlantic data flows entitled the EU-US Privacy Shield (“Privacy Shield”) which we had previously relied in part as a mechanism to transfer personal data from the EU to the U.S. However, on July 16, 2020, the European Court of Justice (the “CJEU”) invalidated the Privacy Shield (which took effect immediately). In addition, the CJEU made clear that while it upheld the adequacy of the EU Standard Contractual Clauses (“SCCs”) issued by the European Commission for the transfer of personal data to data processors established outside of the EU, reliance on SCCs alone may not necessarily be sufficient in all circumstances and that their use must be assessed on a case-by-case basis. The Company is currently evaluating what additional mechanisms may be required to establish adequate safeguards for the further transfer of personal data, in addition to the SCC. If we are unable to transfer personal data between and among countries and regions in which we operate, or if we are restricted from sharing personal data among our products and services, it could affect the manner in which we provide our services. Furthermore, outside of the EU, we continue to see increased regulation of data privacy and security, including the adoption of more stringent state privacy laws, national laws regulating the collection and use of data, and security and data breach obligations. We have invested heavily in data sovereignty features to ensure that Cyren customer data is handled in accordance with applicable law.
We will continue to monitor legal requirements and will follow additional legal requirements for customer data privacy as they evolve.
We conduct our business on the basis of one reportable segment.
Research and Development
We invest substantial resources in research and development to enhance our products and services, build new products and improve our core technology. We invest heavily in our cloud infrastructure and new product offerings such as Cyren Inbox Security. Our engineering team has deep security expertise and works closely with customers to identify their current and future needs. In addition to our focus on hardware and software, our research and development team is focused on research into next-generation threats, which is required to respond to the rapidly changing threat landscape. We plan to continue to invest in resources to conduct our research and development effort.
As of December 31, 2021, we had customers of all sizes across a wide variety of industries. During the year ended December 31, 2021, one customer accounted for approximately 19% of total revenue. No other individual customer accounted for more than 10% of total revenue. During the year ended December 31, 2020, the same customer accounted for approximately 23% of total revenue.
The markets in which Cyren competes are intensely competitive and rapidly changing.
The principal competitive factors in our industry include price, product functionality, product integration, platform coverage and ability to scale, worldwide sales infrastructure and global technical support. Some of our competitors have greater financial, technical, sales, marketing, and other resources than we do, as well as greater name recognition and a larger installed customer base. Additionally, some of these competitors have more significant research and development capabilities that may allow them to develop new or improved products that may compete with product lines and services we market and distribute, possibly at a lower cost. Our success will depend on our ability to adapt to these competing forces, to develop more advanced products more rapidly and less expensively than our competitors and/or to purchase new products by way of strategic acquisitions, and to educate potential OEM customers as to the benefits of using our products rather than developing their own products.
In the market for email security solutions, there are sophisticated offerings that compete with our solutions. Email security providers offering forms of Software-as-a-Service email gateways, multi-functional appliances, and managed service solutions and which may be viewed as both competitors and potential customers to Cyren include Google, Symantec, McAfee, Cisco, Proofpoint, and Mimecast. Email security providers offering solutions on an OEM basis similar to Cyren’s business model, and which may be viewed as direct competitors, include Proofpoint (via the Cloudmark acquisition), Sophos, Mailshell and Vade Secure.
The market for real-time virus protection products is also constantly evolving, as those designing and proliferating viruses and other malware seek new vulnerabilities and distribution techniques, and also continue to leverage email distribution as a cost-effective medium for accurately targeting broad, numerous potential victims. Cyren’s real-time offering differs from traditional antivirus solutions by leveraging our global footprint and detection technology to rapidly detect outbreaks, often hours or days before traditional anti-malware solutions; it thereby offers a complementary solution to signature and heuristic-based antivirus engines. For this reason, our virus outbreak detection engine has been deployed by many security companies and service providers.
In the market for anti-malware solutions, there are vendors offering reasonably effective solutions using various technologies based on signatures, emulation, and heuristics. Cyren has a targeted OEM/service provider focus, plus an increasing focus on heuristics and zero-day effectiveness. Most companies in this space provide endpoint products and, in some cases, make software development kits available on an OEM basis. Competitors to Cyren include Sophos, Bitdefender, Kaspersky, McAfee, Symantec, and open source software such as Clam-AV (now part of Cisco).
In the market for anti-phishing solutions targeted at enterprise customers, Gartner has defined a category for providers of cloud delivered supplementary email security solutions such as Cyren Inbox Security(1). Although this is an early stage market, Gartner has identified several competitors to Cyren such as, Avanan, GreatHorn, Inky, Ironscales and Vade Secure.
We expect that the markets for internet security solutions will continue to become more consolidated, with companies increasing their presence in this market or entering ancillary markets by acquiring or forming strategic alliances with our competitors or business partners. See also disclosure under “Risk Factors—Business Risks— we face intense competition and could lose market share to our competitors, which could adversely affect our business, financial condition and results of operations.”
The last several years have possibly experienced the greatest amount of dramatic global incidents directly related to malware and cyber threats since the advent of the internet. From election hacks to global ransomware attacks, malware threats are at an all-time high. As long as these activities prove lucrative, we expect these incidents to get worse.
In this “cyber-war”, with respect specifically to malware, three battlefronts stand out: ransomware, hyper-evasive malware, and malware distribution via HTTPS.
Ransomware has become especially lucrative for cybercriminals. Massive scale ransomware attacks have spread extremely quickly around the globe targeting governments, corporations, and private citizens. With hyper-evasive malware, cybercriminals are using codes designed to specifically detect and evade conventional sandbox detection and analysis.
It has become clear that cybercriminals know the weak points in standard corporate defenses and are optimizing their attacks to leverage these security gaps in every possible way.
Today, no item or user connected to the internet is immune to attack. While many businesses are still studying what security measures might be necessary, cybercriminals are “all in”, creating dangerous new tools to target companies, governments, and private citizens. We need to be mindful that the world has changed, hyper-evasive malware and threat distribution via HTTPS are growing rapidly; mobile devices— both Android and Apple—are increasingly targets.
|(1)||Gartner Market Guide for Email Security (Neil Wynne, Peter Firstbrook, Published 6 June 2019).|
Cloud and Mobility
Businesses are going through a massive change in their IT strategies as they look to drive more business value, agility, and better customer experiences.
|●||Business internet traffic continues to increase every year – executives, employees, partners, contractors, and customers are accustomed to transacting online. As a result, individuals are far more comfortable opening emails, clicking on links and providing sensitive data and information without questioning the authenticity of the applicable request. The simple organic growth in this usage of the internet is taxing existing legacy appliance solutions that have built-in capacity restrictions limiting their ability to scale.|
|●||Data and applications are increasingly moving to the cloud – where we used to protect the servers, data and applications we ran in our data centers behind an appliance-based security perimeter, today these apps and data have moved outside of this security perimeter and into the cloud.|
|●||More and more users are working remotely — users have left the perimeter, and are working from home offices, airports, hotels, and coffee shops, accessing the internet without protection from our perimeter security appliances.|
As organizations go through this transition, many are finding it increasingly difficult to protect their users, data, and networks with traditional on-premise security solutions.
|●||Buyers continue to move away from traditional on-premise solutions — preference for service-based security solutions are growing, driven by innovations, increasing need for security beyond the perimeter, and lower total cost of ownership.|
|●||Mature and legacy on premise deployments are reaching end of life — and these are increasingly being replaced by SaaS alternatives.|
|●||IT security staffing shortages – driving products with lower management overhead, as well as some outsourcing to key technology partners.|
|●||Increasingly fast, sophisticated, expensive, and high-profile attacks target organizations of all sizes – attacks are increasingly focused on small companies, less-regulated and less-security aware industries, dictating increased security investment.|
|●||Compliance and regulatory mandates are creating increased concern among buyers, especially as the cost of failure becomes more painful. Continued, large-scale breaches — themselves a driver for security purchases — will bring about even more stringent levels of regulation.|
|●||Heightened cybercrime activity among commercial enterprises and nation states – political and economic motivations are driving cyberattacks of both private enterprises and government entities.|
|●||Automation is increasingly considered critical to accelerating detection and protection, and to countering IT talent shortages.|
These reasons explain why Cyren’s vision for 100% cloud security is compelling to IT security teams looking to protect their businesses in today’s cloud-centric mobile-first world.
Human Capital Resources
Effective management of our human capital is essential to the success of our Company. It is vital that we recruit, train, develop, motivate, and retain employees with the skills to execute our strategy and tactical plans across the Company.
As of December 31, 2021, the Company employed 200 employees. As of December 31, 2021, our employee population is dispersed across the globe with 35% in Israel, 21% in Germany, 19% in the United States, 18% in Iceland, and 7% in the United Kingdom. During 2021, our cost of revenue headcount decreased from 36 to 32 employees, R&D headcount decreased from 117 to 108 employees, sales and marketing headcount decrease from 37 to 33 and general and administrative headcount decreased from 32 to 28 employees.
Except for our employees in Iceland, which in accordance with standard local practices are represented by labor unions, none of our employees are represented by a labor union and are not subject to a collective bargaining agreement. We believe our employee relations are good and we have not experienced any work stoppages.
Approximately 54% of our employees were part of our research and development teams, with the remainder of our employees comprising our sales and marketing, operations and customer support, and administrative teams.
In addition to our employees, we engage independent contractors who primarily provide services to the R&D team in order to meet staffing needs, as it is more cost-effective. As of December 31, 2021, we engaged approximately 40 contractors on a full-time equivalency.
We are committed to a safe work environment for our employees, whether in person or virtually. We adhere and expect all of our employees to adhere to our Code of Business Conduct, which, among other things, sets forth numerous policies designed to provide a safe, ethical, respectful, and compliant work environment. In response to the COVID-19 pandemic, we made significant decisions that we determined were in the best interest of the Company and are vital to protect our employees, including restricting travel and directing most of our employees to work from home. For employees continuing critical on-site work, we have implemented additional safety measures such as limiting the number of people present each day on-site, social distancing, use of face masks, and frequent disinfection of shared spaces. We continue to monitor the impact of the pandemic on our employees and contractors and to track national and local conditions and governmental guidance where our employees are located, thus ensuring that we make decisions that are aimed at promoting their health and safety based upon each specific locality. We have been very encouraged by the way our employees have responded to the challenges caused by the COVID-19 pandemic. Our employees and contractors have generally maintained their productivity under virtual working conditions.
We believe that we offer a competitive and varied selection of compensation and benefits programs to support our employees. We are committed to their overall well-being and to providing programs that are competitive in our industry. Our compensation programs consist primarily of base salary, and dependent upon level, may include a corporate bonus, and equity awards. We periodically conduct pay equity surveys to ensure our compensation programs are applied equitably for all our employees. Consistent with local practices, we generally offer benefits programs that consist of comprehensive health, dental, and welfare benefits, and where applicable, retirement savings and life insurance options.
Communication and Engagement
We believe that our success depends upon our employees’ understanding of how their work results contribute to our overall strategy and plans. To this end, we communicate with our workforce through a variety of channels and encourage open and direct communication, including periodic Company-wide CEO update meetings which include a variety of topics of interest and frequent email corporate communications.
Diversity and Inclusion
We strive to promote and advance diversity and inclusion across the Company. We value diverse perspectives and life experiences. We believe that everyone deserves respect and equal treatment, regardless of gender, race, ethnicity, age, disability, sexual orientation, gender identity, cultural background, or religious belief. As of December 31, 2021, approximately 30% of our employees were female and across all management roles, approximately 26% of leadership is female.
We were incorporated as a private company under the laws of the State of Israel on February 10, 1991 and our legal form is a company limited by shares. We became a public company on July 15, 1999 under the name Commtouch Software Ltd. In January 2014, we changed our legal name to Cyren Ltd. Our website is https://www.cyren.com. The SEC maintains an internet site that contains reports, proxy and information statements and other information regarding issuers that file electronically with the SEC. Our filings under the Exchange Act are available on our website and are also available electronically from the website maintained by the SEC at www.sec.gov.
Our principal executive offices are located at 10 Ha-Menofim St., 5th Floor, Herzliya, Israel 4672561, where our telephone number is +972–9–863–6888.
ITEM 1A. RISK FACTORS
Business and Financial Condition Risks
We may not be able to continue as a going concern.
As of December 31, 2021, we had an accumulated deficit of $271.6 million, cash and cash equivalents of $4.3 million, current liabilities of $12.7 million and generated a net loss of $23.0 million. We have incurred losses since inception and expect to continue to incur losses for the foreseeable future. As of December 31, 2021, our cash and cash equivalents balance is not sufficient to fund our planned operations for at least a year beyond the date of the financial statements included in this report. These factors raise doubt about our ability to continue as a going concern and therefore it may be more difficult for us to attract investors. The ability to continue as a going concern is dependent upon our ability to obtain the necessary financing to meet our obligations and repay our liabilities arising from normal business operations when they become due. Despite our ability to secure capital in the past, we cannot assure you that we will be able to obtain additional debt or equity financing on favorable terms, if at all. Furthermore, if we raise additional equity financing, our shareholders may experience significant dilution of their ownership interests. If we engage in debt financing, we may be required to accept terms that restrict our ability to incur additional indebtedness, force us to maintain specified liquidity or other ratios or restrict our ability to pay dividends or make acquisitions.
We have a history of losses and may not be able to achieve or maintain profitability.
We have a history of incurring net losses, including net losses of $23.0 million and $17.3 million in 2021 and 2020, respectively. As a result, we had an accumulated deficit of $271.6 million as of December 31, 2021. Achieving profitability will require us to increase revenue, manage our cost structure, and avoid unanticipated liabilities. We have made and expect to continue to make significant expenditures to develop and expand our business and we do not expect to be profitable in the near term. Revenue growth may slow or revenue may decline for a number of possible reasons, including slowing demand for our solutions, increasing competition, expense reductions, a decrease in the growth of our overall market, the impact of the COVID-19 pandemic, or if we fail for any reason to continue to capitalize on growth opportunities. Any failure by us to obtain and sustain profitability, or to continue our revenue growth, could cause the price of our ordinary shares to decline significantly.
We may be adversely affected by the effects of inflation.
Inflation has the potential to adversely affect our business, results of operations, financial position and liquidity by increasing our overall cost structure, particularly if we are unable to achieve commensurate increases in the prices we charge our customers. The existence of inflation in the economy has the potential to result in higher interest rates and capital costs, supply shortages, increased costs of labor and other similar effects. As a result of inflation, we have experienced and may continue to experience, increases in our costs associated with operating our business including labor, equipment and other inputs. Although we may take measures to mitigate the impact of this inflation through pricing actions and efficiency gains, if these measures are not effective our business, results of operations, financial position and liquidity could be materially adversely affected. Even if such measures are effective, there could be a difference between the timing of when these beneficial actions impact our results of operations and when the cost inflation is incurred. Additionally, the pricing actions we take could result in a decrease in market share.
Our indebtedness may have an adverse effect on our business or limit our ability to take advantage of business, strategic or financing opportunities; our debt instruments contain certain events of default which, if triggered, may result in acceleration of our debt.
On March 19, 2020, we issued $10.25 million aggregate principal amount of our 5.75% convertible debentures due March 19, 2024 (the “Convertible Debentures”). Our Convertible Debentures contain certain covenants with which we must comply and events of default which, if triggered, may result in the Convertible Debentures becoming immediately due and payable. These events of default include, but are not limited to, failure to pay interest and principal when due, failure to perform any term, covenant or agreement contained in the Convertible Debentures, certain events of bankruptcy, insolvency or reorganization, and certain defaults on our obligations under other debt instruments. In addition, as long as the Convertible Debentures are outstanding, we must obtain consent of the holders in order to take the following actions as required by the respective debt instruments:
|●||incur certain additional indebtedness or guarantee indebtedness;|
|●||create certain liens;|
|●||sell certain assets;|
|●||make certain amendments to our charter documents;|
|●||repay, repurchase, or acquire ordinary shares or indebtedness except under certain circumstances;|
|●||pay cash dividends or distributions on any equity securities; or|
|●||enter into transactions with affiliates, with certain exceptions.|
These consent requirements could restrict us from taking any of the above actions that we believe to be in our best interests and could adversely affect our ability to obtain additional financing, engage in certain business activities, take advantage of business opportunities, or otherwise execute our business strategies. In addition, our ability to comply with the terms of the Convertible Debentures may be affected by general economic conditions, industry conditions, and other events beyond our control. As a result, we cannot assure you that we will be able to comply with these terms. Failure to comply with the terms of the Convertible Debentures could result in a default under these debt instruments, upon which the outstanding debt would become immediately due and payable. This could have serious consequences to our financial condition and results of operations. We cannot assure you that our assets or cash flow would be sufficient to repay our obligations under the Convertible Debentures if accelerated upon an event of default, or that we would be able to borrow sufficient funds to refinance these debt instruments.
If the internet security market does not accept our cloud-based product offerings, our sales will not grow as quickly as anticipated, or at all, and our business, results of operations and financial condition would be harmed.
Our success will depend to a substantial extent on the willingness of enterprises to increase their acceptance and use of cloud computing services. The market for email security solutions delivered as a service is still at an early stage relative to on-premise solutions, and these applications may not achieve and sustain high levels of demand and market acceptance. In particular, there is no assurance that our recently released Cyren Inbox Security will generate a high level of demand or achieve market acceptance.
Historically, companies have used appliance-based security products, such as firewalls, intrusion prevention systems, or IPS, anti-virus, or AV, and web and messaging gateways, for their IT security. These enterprises may be hesitant to purchase our cloud-based security offering if they believe that signature-based products, or our competitors’ products, are more cost-effective, provide substantially the same functionality or otherwise provide a sufficient level of IT security. Many enterprises have invested substantial personnel and financial resources to integrate traditional enterprise software or hardware appliances for these applications into their businesses, and currently, most enterprises have not allocated a fixed portion of their budgets to protect against next-generation advanced cyber attacks. As a result, to expand our customer base, we need to convince potential customers to allocate a portion of their discretionary budgets to purchase our products and services. If we do not succeed in convincing customers that our offerings should be an integral part of their overall approach to IT security, our sales will not grow as quickly as anticipated, or at all, which would have an adverse impact on our business, results of operations and financial condition.
In addition, many enterprises may be reluctant or unwilling to use cloud computing services because they have concerns regarding the risks associated with its reliability and security, among other things, of this delivery model, or its ability to help them comply with applicable laws and regulations. If enterprises do not perceive the benefits of this delivery model, then the market for our services and our sales would not grow as quickly as we anticipate or at all and our business, results of operations and financial condition would be harmed.
If the market does not continue to respond favorably to our traditional Threat Intelligence Service security solutions, including our Threat Detection Services and Threat Intelligence Feeds, or future services do not gain acceptance, we will fail to generate sufficient revenues.
Our success depends on the continued acceptance and use of our Threat Intelligence Service security solutions by current and new businesses, Original Equipment Manufacturers (“OEMs”), and service provider customers, plus the interest of such customers in our newest offerings. As the markets for email, antivirus and web security products continue to mature and consolidate, we are seeing increasing competitive pressures and demands for even higher quality products at lower prices. This increasing demand comes at a time when internet security threats are more varied and intensive, challenging top end solutions to keep their performance at an industry-acceptable level of accuracy. If our solutions do not continue to evolve to meet market demand, or newer products on the market prove more effective, our business could fail. Also, if growth in the markets for these solutions begins to slow, our business, results of operations and financial condition will suffer dramatically.
If we are unable to effectively integrate future investments and acquisitions, our business operations and financial results will suffer.
Our success will depend, in part, on our ability to expand our service and product offerings and grow our business in response to changing technologies, customer demands and competitive pressures. In some circumstances, we may decide to do so through the acquisition of complementary businesses and technologies rather than through internal development.
If we encounter further difficulties or unforeseen expenditures in integrating the business, technologies, products, personnel, or operations of any company that we acquire, the revenue and operating results of the combined company could be adversely affected. The risks we face in connection with acquisitions include:
|●||disruption of our ongoing business, diversion of resources, increased expenses, and distraction of our management from operating our business to addressing acquisition integration challenges;|
|●||additional legal and regulatory compliance;|
|●||cultural challenges associated with integrating employees from the acquired companies into our organization;|
|●||inability to retain key employees from the acquired companies;|
|●||inability to strengthen our competitive position, achieve our strategic goals, generate sufficient financial return to offset acquisition costs or realize the expected benefits of the acquisition;|
|●||failure to identify significant problems or liabilities, including liabilities resulting from the acquired companies’ pre-acquisition failure to comply with applicable laws, during our pre-acquisition due diligence;|
|●||difficulties related to our entry into geographic or business markets in which we have little or no prior experience or where competitors have stronger market positions;|
|●||difficulties in, or inability to, successfully sell any acquired products or services;|
|●||difficulties with the coordination of research and development, sales and marketing, accounting, human resources, and other general and administrative systems;|
|●||changes in relationships with strategic partners as a result of product acquisitions or strategic positioning resulting from the acquisitions;|
|●||liability for activities of the acquired companies before the acquisition, including intellectual property infringement claims, violations of laws, commercial disputes, tax liabilities and litigation; and|
|●||unanticipated write-offs or charges.|
The occurrence of any of these risks could have a material adverse effect on our business operations and financial results.
We face intense competition and could lose market share to our competitors, which could adversely affect our business, financial condition, and results of operations.
The market for security products and services is intensely competitive and characterized by rapid changes in technology, customer requirements, industry standards and frequent new product introductions and improvements. We anticipate continued challenges from current competitors as well as by new entrants into the industry. If we are unable to anticipate or effectively react to these competitive challenges, our competitive position could weaken, and we could experience a decline in our revenue that could adversely affect our business and results of operations.
Many of our existing competitors have, and some of our potential competitors could have, substantial competitive advantages such as:
|●||greater name recognition and larger customer bases;|
|●||larger sales and marketing budgets and resources;|
|●||broader distribution and established relationships with channel and distribution partners and customers;|
|●||greater customer support resources;|
|●||lower labor and research and development costs; and|
|●||substantially greater financial, technical, and other resources.|
In addition, some of our larger competitors have substantially broader product offerings and may be able to leverage their relationships with distribution partners and customers based on other products or incorporate functionality into existing products to gain business in a manner that may discourage users from purchasing our products, subscriptions and services, including by selling at zero or negative margins, product bundling or offering closed technology platforms.
Potential customers may also prefer to purchase from their existing suppliers rather than a new supplier regardless of product performance or features. As a result, even if the features of our offerings are superior, customers may not purchase our services or products. In addition, innovative start-up companies, and larger companies that are making significant investments in research and development, may invent similar or superior products and technologies that compete with our product and services. Our current and potential competitors may also establish cooperative relationships among themselves or with third parties that may further enhance their resources. If we are unable to compete successfully, or if competing successfully requires us to take costly actions in response to the actions of our competitors, our business, financial condition, and results of operations could be adversely affected.
Some of our competitors have acquired businesses that may allow them to offer more directly competitive and comprehensive solutions than they had previously offered. As a result of such acquisitions, our current or potential competitors might be able to adapt more quickly to new technologies and end user needs, devote greater resources to the promotion or sale of their products and services, initiate or withstand substantial price competition, take advantage of acquisitions or other opportunities more readily, or develop and expand their product and service offerings more quickly than we can. Due to various reasons, organizations may be more willing to incrementally add solutions to their existing security infrastructure from competitors than to replace it with our solutions. These competitive pressures in our market or our failure to compete effectively may result in price reductions, fewer orders, reduced revenue and gross margins, and loss of market share. Any failure to meet and address these factors could seriously harm our business and operating results.
Also, many of our smaller competitors that specialize in providing protection from a single type of business security threat may deliver these specialized business security products to the market more quickly than we can or may introduce innovative new products or enhancements before we do. Conditions in our markets could change rapidly and significantly as a result of technological advancements.
If we are unable to enhance our existing products and develop new products, our growth will be impeded.
Our ability to attract new customers and increase revenue from existing customers will depend in large part on our ability to enhance and improve our existing products and to introduce new products. The success of any enhancement or new product depends on several factors, including the timely completion, introduction and market acceptance of the enhancement or new product. Any enhancement or new product we develop or acquire may not be introduced in a timely or cost-effective manner and may not achieve the broad market acceptance necessary to generate significant revenue. If we are unable to successfully develop or acquire new products or enhance our existing products to meet customer requirements, we may not grow as expected.
We cannot be certain that our development activities will be successful or that we will not incur delays or cost overruns. Furthermore, we may not have sufficient financial resources to identify and develop new technologies and bring enhancements or new products to market in a timely and cost-effective manner. New technologies and enhancements could be delayed or cost more than we expect, and we cannot ensure that any of these products will be commercially successful if and when they are introduced.
A loss of any of our large customers could have a material adverse effect on our financial condition and results of operations.
In the year ended December 31, 2021, our three largest customers accounted for approximately 29% of our annual revenues (including our largest customer that accounted for approximately 19% of total revenue). A significant reduction in revenue in the future from these major customers could have a material adverse effect on our financial condition, results of operations and cash flow. In addition, if one or more of our major customers were to develop competing technology or to experience economic difficulties, changes in purchasing policies or difficulties in fulfilling their obligations to us, our financial condition could be materially and adversely affected.
Adverse conditions in the national and global financial markets could have a material adverse effect on our business, operating results, and financial condition.
Our financial performance depends, in part, on the state of the economy, which may deteriorate in the future including, as a result of the spread or fear of spread of contagious diseases (such as the COVID-19 pandemic). Challenging economic conditions worldwide have from time to time contributed, and may continue to contribute, to slowdowns in the information technology industry, resulting in reduced demand for our solutions as a result of continued constraints on IT-related capital spending by our customers and increased price competition for our solutions. Additionally, concerns regarding uncertainties related to changes in public policies such as domestic and international regulations, taxes or international trade agreements as well as geopolitical turmoil and other disruptions to global and regional economies and markets in many parts of the world, have and may continue to put pressure on global economic conditions and overall spending on IT security.
If the economies of countries in which our customers and potential customers are located weaken, our customers may reduce or postpone their spending significantly. This could result in reductions in sales of our services and longer sales cycles, slower adoption of new technologies and increased price competition. In addition, weakness in the end user market could negatively affect the cash flow of our OEM and service provider partners, distributors and resellers who could, in turn, delay paying their obligations to us. This would increase our credit risk exposure and cause delays in our recognition of revenues on future sales to these customers. Specific economic trends, such as declines in the demand for PCs, servers, and other computing devices, or weakness in corporate information technology spending, could have a more direct impact on our business. Any of these events would likely harm our business, operating results, and financial condition.
The outbreak of COVID-19 and its international spread has affected how we operate our business, and the duration and the extent to which it will impact future results of operations and overall financial performance is unknown.
Pandemics and epidemics, such as the current COVID-19 outbreak, or other widespread public health problems could negatively impact our business. The current outbreak of COVID-19 has had widespread impacts on the overall economy, buying patterns of partners and potential customers, and business operations and continues to present concerns that may dramatically affect our ability to conduct our business effectively, including, but not limited to, our inability to travel to various destinations due to travel restrictions and quarantine requirements, attend certain industry-related conferences and effectively maintain ongoing sales operations. For employees continuing critical on-site work, we have implemented additional safety measures such as limiting the number of people present each day on-site, social distancing, and the use of personal protective equipment or PPE. Any additional precautionary measures may negatively impact our sales, operating results and business.
A significant reduction in global economic activity may result in reduced IT budgets, including for cyber security software. The global impact of the COVID-19 pandemic may continue to endure for an unknown period of time. While the ultimate impact of the COVID-19 outbreak is uncertain and subject to change, a significant duration of the COVID-19 outbreak and related government actions will impact many aspects of our business. Additionally, if the COVID-19 pandemic has had or continues to have a substantial impact on our partners and customers, our overall financial performance and operations may be negatively impacted. If a significant percentage of our workforce is unable to work, either because of illness or travel or government restrictions in connection with the COVID-19 outbreak, our operations may be negatively impacted.
If the perceived general level of advanced cyber attacks declines, demand for our solutions may decrease, our cost of doing business may increase and our business could be harmed.
Our business is substantially dependent on enterprises recognizing that advanced cyber attacks are pervasive and are not effectively prevented by legacy security solutions. High visibility attacks on prominent enterprises and governments have increased market awareness of the problem of advanced cyber attacks and help to provide an impetus for enterprises to devote resources to protecting against advanced cyber attacks, such as purchasing our services and products and broadly deploying our services and products within their organizations. If advanced cyber attacks were to decline, or enterprises perceived that the general level of advanced cyber attacks have declined, our ability to attract new customers and expand our offerings within existing customers could be materially and adversely affected and harm our business, results of operations and financial condition.
In addition, various state legislatures have enacted laws aimed at regulating the distribution of unsolicited email. These and similar legal measures, both in the United States and worldwide, may have the effect of reducing the amount of unsolicited email and malicious software that is distributed and hence diminish the need for our internet security solutions. Any such developments would have an adverse impact on our revenues.
We depend upon our OEM customers for the majority of our revenue and if our OEM customers do not renew existing subscriptions or buy additional services, our operating results will be harmed.
We expect to continue to be dependent upon OEM partners and service providers for a significant portion of our revenues.
Our operating results and financial condition may be materially adversely affected if:
|●||anticipated orders or payments from these partners fail to materialize;|
|●||our partners cease the promotion of our business or begin to promote solutions other than ours;|
|●||our partners are acquired by larger companies who may have other relationships or technologies that lead to the displacement or termination of Cyren contracts;|
|●||our partners do not live up to their contractual agreements or fail to pay for services rendered; or|
|●||our partners’ businesses fail.|
We regularly have discussions with our customers regarding the renewal of their contracts and the renegotiation of the terms of such contracts at the time of renewal. In the fourth quarter of 2020, we received notification that our largest customer will renew one of their contracts for another three years through the first quarter of 2024, but that it does not intend to renew its largest contract with the Company beginning April 2021. For additional information, please refer to Note 10(b) of the consolidated financial statements included elsewhere in this Annual Report.
Our quarterly operating results may fluctuate, which could adversely affect our share price.
Our revenues and operating results could vary significantly from period to period as a result of a variety of factors, many of which are outside of our control. As a result, comparing our revenues and operating results on a period-to-period basis may not be meaningful, and shareholders should not rely on our past results as an indication of our future performance. We may not be able to accurately predict our future revenues or results of operations. We base our current and future expense levels on our operating plans and sales forecasts, and our operating costs are relatively fixed in the short-term. As a result, we may not be able to reduce our costs sufficiently to compensate for an unexpected shortfall in revenues, and even a small shortfall in revenues could disproportionately and adversely affect financial results for that quarter. If our revenues or operating results fall below the expectations of investors or any securities analysts that cover our stock, our share price could decline substantially.
A number of factors, many of which are enumerated in this “Risk Factors” section, are likely to cause fluctuations in our operating results or cause our share price to decline. These factors include:
|●||our ability to successfully market both our traditional email, antivirus and web security solutions and our newer anti-phishing solutions in new markets, both domestic and international;|
|●||our ability to successfully develop and market new, modified or upgraded products, as may be needed;|
|●||demand for, and the continued acceptance of our products by our current partners and customer base and the level of perceived urgency regarding security threats and compliance requirements;|
|●||our ability to expand our workforce with qualified personnel, as may be needed;|
|●||unanticipated bugs or other problems affecting the delivery of our solutions to customers;|
|●||the success of our partners’ sales efforts to their customer base;|
|●||the solvency of our partners and their ability to allocate sufficient resources towards the marketing of our products;|
|●||our partners’ ability to effectively integrate our solutions into their product offerings;|
|●||the substantial decrease in information technology spending;|
|●||the pricing of our products;|
|●||our ability to timely collect fees owed by our customers and partners;|
|●||general economic conditions, including a global slowdown (for example, as a result of the COVID-19 outbreak);|
|●||sudden, dramatic fluctuations in exchange rates of currencies covering the fees we collect from our foreign customers versus the currencies utilized in our business (namely, the Israeli Shekel (“ILS”), the U.S. Dollar (“USD”), the Euro (“EUR”) and the British Pound (“GBP”);|
|●||the effectiveness of our end user support, whether provided by our customers or directly by Cyren;|
|●||customer budgeting cycles and seasonal buying patterns;|
|●||the extent to which customers subscribe for additional solutions or increase the number of users;|
|●||any disruption in our sales channels or termination of our relationship with strategic channel partners;|
|●||insolvency or credit difficulties confronting our customers, affecting their ability to purchase or pay for our solutions; and|
|●||price competition or any changes in the competitive landscape of our industry, including consolidation among our competitors, customers, partners, or resellers.|
Our ability to increase our revenues will depend on our ability to successfully execute our sales and marketing plans.
The complexity of the underlying technological base of email, antivirus and web security solutions, and the current landscape of the markets, require highly trained sales and marketing personnel to educate prospective distributors, resellers, OEM and service provider partners and customers regarding the use and benefits of our solutions. We continue to be substantially dependent on our sales force to obtain new customers and to drive additional use cases and adoption among our existing customers. We believe that there is significant competition for sales personnel with the skills and technical knowledge that we require. Our ability to achieve significant revenue growth will depend, in large part, on our success in recruiting, training, and retaining sufficient numbers of sales personnel to support our growth. New hires require significant training and may take significant time before they achieve full productivity. Our recent hires and planned hires may not become productive as quickly as we expect, and we may be unable to hire or retain sufficient numbers of qualified individuals in the markets where we do business or plan to do business.
Our future success depends on our ability to sell additional products to our customers, such as Cyren Inbox Security, which was made generally available for purchase in the second quarter of 2020. This may require increasingly sophisticated and costly sales efforts and may not result in additional sales. In addition, the rate at which our customers purchase additional solutions depends on a number of factors, including the perceived need for additional solutions, growth in the number of end users, and general economic conditions. If our efforts to sell additional solutions to our customers are not successful, our business, financial condition and/or results of operations may suffer.
We rely on our management team and other key employees and will need additional personnel to grow our business, and the loss of one or more key employees or our inability to attract and retain qualified personnel could harm our business.
Our success is substantially dependent on our ability to attract, retain and motivate the members of our management team and other key employees throughout our organization. Competition for highly skilled personnel is intense in Israel, Germany, Iceland, the United Kingdom, and the United States, where we have offices and a need for highly skilled personnel. We may not be successful in attracting qualified personnel to fulfill our current or future needs. Our competitors may be successful in recruiting and hiring members of our management team or other key employees, and it may be difficult for us to find suitable replacements on a timely basis, on competitive terms, or at all. Also, to the extent we hire employees from mature public companies with significant financial resources, we may be subject to allegations that such employees have been improperly solicited, that they have divulged proprietary or other confidential information or that their former employers own such employees’ inventions or other work product.
In addition, we believe that it is important to establish and maintain a corporate culture that facilitates the maintenance and transfer of institutional knowledge within our organization and also fosters innovation, teamwork, a passion for customers and a focus on execution.
The loss of our software developers or senior operations personnel may also adversely affect the continued development and support of both our current messaging, antivirus and web security solutions and future solutions presently included in our roadmap for development, thereby causing our operating results to suffer and the value of your investment to decline.
We do not have employment agreements inclusive of set periods of employment with any of our key personnel. We cannot prevent them from leaving at any time. We do not maintain key-person life insurance policies, listing us as a beneficiary, on any of our employees. If one or more of our key employees resigns or otherwise ceases to provide us with their service, our business, financial condition and/or results of operations could be harmed.
Our business and operating results could suffer if we do not successfully address potential risks inherent in doing business overseas.
We market and sell our products worldwide and have personnel in many parts of the world. In addition, we have sales offices and research and development facilities outside the United States, and we conduct, and expect to continue to conduct, a significant amount of our business with companies that are located outside the United States, particularly in Europe, Israel, and Asia. We also enter into strategic distributor and reseller relationships with companies in certain international markets where we do not have a local presence. If we are not able to maintain successful strategic distributor relationships internationally or recruit additional companies to enter into strategic distributor relationships, our future success in these international markets could be limited. Business practices and regulations in the international markets that we serve differ from those in the United States and Israel and periodically require us to include terms other than our standard terms in customer contracts. To the extent that we enter into customer contracts that include non-standard terms related to payment, warranties, or performance obligations, our operating results may be adversely impacted.
Additionally, our international sales and operations are subject to a number of risks, including the following:
|●||greater difficulty in enforcing contracts and accounts receivable collection and longer collection periods;|
|●||the uncertainty of protection for intellectual property rights in some countries;|
|●||greater risk of changes in regulatory practices, tariffs, and tax laws and treaties;|
|●||risks associated with trade restrictions and foreign legal requirements, including the importation, certification, and localization of our products required in foreign countries;|
|●||the potential that our operations in Israel and the U.S. may limit the acceptability of our products to some foreign governments, and vice versa;|
|●||greater risk of a failure of foreign employees, partners, distributors, and resellers to comply with both U.S. and foreign laws, including antitrust regulations, and any trade regulations ensuring fair trade practices;|
|●||heightened risk of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of, or irregularities in, financial statements;|
|●||the potential for acts of terrorism, hostilities, or war;|
|●||the impact of COVID-19 on the economic conditions in these foreign markets and the travel restrictions in and between various geographic regions;|
|●||increased expenses incurred in establishing and maintaining office space and equipment for our multinational operations;|
|●||greater difficulty in recruiting local experienced personnel, and the costs and expenses associated with such activities;|
|●||management communication and integration problems resulting from cultural and geographic dispersion;|
|●||fluctuations in exchange rates between the U.S. Dollar, Shekel, Euro, Pound, and other foreign currencies in markets where we do business; and|
|●||general economic and political conditions and uncertainties in these foreign markets.|
In addition, following Russia’s military invasion of Ukraine in February 2022, NATO deployed additional military forces to Eastern Europe, and the United States, European Union, and other nations announced various sanctions against Russia. The invasion of Ukraine and the retaliatory measures and sanctions that have been taken, and could be taken in future, by the U.S., NATO, and other countries have created global security concerns that could result in a regional conflict and otherwise have a lasting impact on regional and global economies, any or all of which could adversely affect our business.
These factors and other factors could harm our ability to gain future international revenues and, consequently, materially impact our business, operating results, and financial condition. The expansion of our existing international operations and entry into additional international markets will require significant management attention and financial resources.
The ongoing military conflict between Ukraine and Russia or any further escalation or expansion may have a material adverse effect on our business, financial condition and results of operations.
The ongoing military conflict between Russia and Ukraine has provoked strong reactions from the United States, the UK, the European Union (the “EU”) and various other countries around the world.
We have sales operations, employees, and customers located in multiple countries. We have contractors in Ukraine that assist in our operations group which support our products. The ongoing military conflict between Ukraine and Russia has resulted in minimal interruption of our operations in Ukraine and we are developing alternative plans should our contractors not be available for a period of time. While the precise effect of the ongoing military conflict and the sanctions on the Russian and global economies remains uncertain, should tensions continue to increase, financial markets may continue to experience significant volatility as well as economic and security consequences.
While as of the date of this Annual Report there have not been any material impacts from the above mentioned matter in our consolidated financial statements, we are continuously monitoring the developments to assess any potential future impacts that may arise as a result of the ongoing crisis.
Other potential consequences include, but are not limited to, growth in the number of popular uprisings in the region, increased political discontent, especially in the regions most affected by the conflict or economic sanctions, increase in cyberterrorism activities and attacks, displacement of persons to regions close to the areas of conflict and an increase in the number of refugees fleeing across Europe, among other unforeseen social and humanitarian effects.
A protracted conflict between Ukraine and Russia, any escalation or expansion of that conflict, and the financial and economic sanctions and the above-mentioned adverse effect on the wider global economy and market conditions could, in turn, have a material adverse effect on our business, financial condition and results of operations.
Changes in the tax treatment of companies engaged in internet commerce may adversely affect the commercial use of our services and our financial results.
Due to the global nature of the internet and the global reach of our network, it is possible that various states or countries might attempt to regulate our transmissions or levy sales, income, consumption, use or other taxes relating to our services or activities, or impose obligations on us to collect such taxes. Tax authorities in many jurisdictions are currently reviewing the appropriate treatment of companies engaged in internet commerce such as the provision of cloud computing services and other online services. The imposition of new or revised tax laws or regulations may subject us to additional sales, income, consumption, use or other taxes. We cannot predict the effect of current attempts to impose such taxes on commerce over the internet. New or revised taxes and, in particular, sales, use or consumption taxes, the Value Added Tax and similar taxes would likely increase the cost of doing business online. New taxes could also create significant increases in internal costs necessary to capture data, and collect and remit taxes. Any of these events could have an adverse effect on our business and results of operations.
The application of tax laws is subject to interpretation and if tax authorities challenge our methodologies or our analysis of our tax rates it could result in an increase to our worldwide effective tax rate and cause us to change the way we operate our business.
The application of the tax laws of various jurisdictions to our international business activities is subject to interpretation and also depends on our ability to operate our business in a manner consistent with our corporate structure and intercompany arrangements. The tax authorities of the jurisdictions in which we operate may challenge our methodologies for valuing developed technology or intercompany arrangements, including our transfer pricing, or determine that the manner in which we operate our business does not achieve the expected tax consequences, which could increase our worldwide effective tax rate and adversely affect our financial position and results of operations.
A certain degree of judgment is required in evaluating our tax positions and determining our provision for income taxes. In the ordinary course of business, there are many transactions and calculations for which the ultimate tax determination is uncertain. For example, our effective tax rates could be adversely affected by earnings being lower than anticipated in countries where we have lower statutory rates and higher than anticipated in countries where we have higher statutory rates, by changes in foreign currency exchange rates or by changes in the relevant tax, accounting and other laws, regulations, principles and interpretations. As we operate in numerous taxing jurisdictions, the application of tax laws can be subject to diverging and sometimes conflicting interpretations by tax authorities of these jurisdictions. It is not uncommon for tax authorities in different countries to have conflicting views, for instance, with respect to, among other things, the manner in which the arm’s length standard is applied for transfer pricing purposes, or with respect to the valuation of intellectual property. In addition, tax laws are dynamic and subject to change as new laws are passed and new regulations or interpretations of the law are issued or applied. For example, the work being carried out by the OECD on base erosion and profit shifting as a response to increasing globalization of trade could result in changes in tax treaties or the introduction of new legislation that could impose an additional tax on businesses. As a result of changes to laws or interpretations, our tax positions could be challenged, and our income tax expenses could increase in the future.
For instance, if tax authorities in any of the countries in which we operate were to successfully challenge our transfer prices, they could require us to reallocate our income (or part of our income) to reflect transfer pricing adjustments, which could result in an increased tax liability to us. In addition, if the country from which the income was reallocated did not agree with the reallocation asserted by the first country, we could become subject to tax on the same income in both countries, resulting in double taxation. If tax authorities were to allocate income to a higher tax jurisdiction, subject our income to double taxation or assess interest and penalties, it could increase our tax liability, which could adversely affect our financial position and results of operations.
We are subject to privacy and data protection laws and regulations in various jurisdictions, including the EU General Data Protection Regulation, as well as contractual privacy and data protection obligations, which may limit the use and adoption of, or require modification of, our products and services and could affect our marketing activities. Our failure to comply with such laws, regulations or obligations could subject us to liability and could harm our reputation and business. In addition, the invalidation of the EU-US Privacy Shield by the European Court of Justice (“CJEU”), which we had previously relied on in part as a mechanisms to transfer personal data from the EU to the U.S and the uncertainty regarding reliance on the EU Standard Contractual Clauses (“SCCs”) may have an adverse effect on the manner in which we provide our services which could harm our financial results.
Many federal, state, and foreign government bodies and agencies have adopted, or are adopting, laws and regulations regarding the collection, use, and disclosure of personal information. Some of our solutions process customer data which may contain the personal information of end users, and any failure to adequately address privacy concerns, or to otherwise comply with applicable privacy laws and regulations could result in liability, damage to our reputation, loss of sales, or further harm our business. Privacy concerns, whether or not valid, may inhibit market adoption of our solutions. The costs of compliance with such laws and regulations that apply to our customers’ business may in turn limit their use and adoption of our products and services and therefore reduce overall demand for them.
We are subject to the privacy and data protection laws and regulations adopted by Israel, Europe and the United States and potentially other jurisdictions. Where the local data protection and privacy laws of a jurisdiction apply, we may be required to register our operations in that jurisdiction or make changes to our business so that registered users’ data is only collected and processed in accordance with applicable local law. The proliferation of such laws within the jurisdictions in which we operate may result in conflicting and contradictory requirements, particularly in relation to evolving technologies such as cloud computing. Any failure to successfully navigate the changing regulatory landscape could result in legal liability or impairment to our reputation in the marketplace, which could have a material adverse effect on our business, results of operations and financial condition.
In particular, the European Union has imposed greater obligations under their privacy and data protection laws. For example, the European Union adopted the General Data Protection Regulation (GDPR) which took effect on May 25, 2018 and is wide ranging in scope. GDPR replaced, to a large extent, the data protection laws of each European Union member state and imposed stringent requirements for data processors and controllers. Such requirements include more fulsome disclosures about the processing of personal information, data retention limits and deletion requirements, mandatory notification in the case of a data breach and heightened standards regarding valid consent in some specific cases of data processing. The GDPR also includes substantially higher penalties for failure to comply (a fine up to 20 million Euro or up to 4% of the annual worldwide turnover, whichever is greater, can be imposed). Given the breadth of the GDPR, compliance with its requirements is likely to continue to require significant expenditure of resources on an ongoing basis, and there can be no assurance that the measures we have taken for the purposes of compliance will be successful in preventing a violation of the GDPR. Given the potential fines, liabilities, and damage to our reputation in the event of an actual or perceived violation of the GDPR, such a violation may have an adverse effect on our business and operations.
Similarly, California recently enacted the California Consumer Privacy Act (“CCPA”) and the California Privacy Rights Act (“CPRA”), which, among other things, requires covered companies to provide new disclosures to California consumers and afford such consumers new rights to opt-out of the sale of their personal information and provides a private right of action for consumers to bring litigation in the event of certain data breaches. The CCPA provides that any consumer whose nonenecrypted and nonredacted personal information is subject to an unauthorized access and exfiltration, theft, or disclosure due to a business violating its duty to implement and maintain reasonable security procedures and practices can bring a cause of action and is entitled to statutory damages between $100 and $750 per consumer per incident.
In addition, other states (e.g., Virginia, Colorado and Utah) have enacted legislation that regulates the collection, use, and sale of personal information. These laws go into effect in 2023, and many other states have similar proposed legislation pending. Such regimes might not be compatible with either the GDPR or the CCPA or may require us to undertake additional practices. In connection with the CCPA/CPRA, we experienced increased customer attention to data privacy. As state regulators continue to issue guidance on these state laws, we cannot yet fully predict the impact of these privacy laws on our business or operations, but we expect they will require us to further modify our data processing practices and policies and incur substantial costs and expenses in an effort to comply; non-compliance could potentially subject us to regulatory fines and/or civil lawsuits.
Further, the United Kingdom Data Protection Act that substantially implements the GDPR became law in May 2018 and was subject to statutory amendments in 2019 that further align it with the GDPR. Post-Brexit, the United Kingdom has enacted its own version of the GDPR. On June 28, 2021, the European Commission announced that the UK was an adequate country for the purpose of permitting international data transfers of EU data. Accordingly, there remains little operational risk of transfers of data between the UK and EU. On February 2, 2022, the UK Secretary of State proposed the UK International Data Transfer Agreement (ITDA) addendum to the European Commission’s Standard Contractual Clauses, and a document setting out transitional provisions. The ITDA addendum has not yet been approved by UK lawmakers, and the development of United Kingdom data protection laws or regulations and regulation of data transfers to and from the United Kingdom in the medium to longer term remains unclear.
Even the perception of privacy, data protection or information security concerns, whether or not valid, may harm our reputation, inhibit adoption of our products by current and future customers, or adversely impact our ability to hire and retain workforce talent. If our security measures are or are believed to be inadequate or breached as a result of third-party action, employee negligence, error or malfeasance, product defects, social engineering techniques or otherwise, and this results in, or is believed to result in, the disruption of the confidentiality, integrity or availability of our systems or networks or any data we process or maintain, or the loss, destruction or corruption of such data, or our privacy practices are or are perceived to be inadequate, we could incur significant liability, we could face a loss of revenues, and our business may suffer and our reputation and competitive position may be damaged.
If any of our customers or prospective customers decide not to purchase our products or services because of regulatory uncertainty, our revenues could decline and our business could suffer. Any inability by us, or a third-party contractor, to adequately address privacy concerns, whether valid or not, or to comply with applicable privacy or data protection laws, regulations and privacy standards, could result in additional cost and liability to us, damage our reputation, inhibit sales of our solutions and harm our business.
We may not have the resources or skills required to adapt to the changing technological requirements and shifting preferences of our customers and their users.
The email, anti-malware and web security industries are characterized by technological challenges, sophisticated distributors of internet security threats, multiple-variant viruses, advanced persistent threats, unique phishing scams and constantly evolving malevolent software distribution practices and targets that could render our solutions and proprietary technology ineffective. Our success depends, in part, on our ability to continually enhance our existing messaging, anti-malware and web security solutions and to develop new solutions, functions and technology that address the potential needs of prospective and current customers and their users.
Many of our end users operate in markets characterized by rapidly changing technologies and business plans, which require them to adapt to increasingly complex IT networks, incorporating a variety of hardware, software applications, operating systems, and networking protocols. As their technologies and business plans grow more complex, we expect these customers to face new and increasingly sophisticated methods of attack. We face significant challenges in ensuring that our solutions effectively identify and respond to these advanced and evolving attacks without disrupting our customers’ network performance. As a result of the continued rapid innovations in the technology industry, including the rapid growth of smart phones, tablets and other devices and the trend of “bring your own device” in enterprises, we expect the networks of our end users to continue to change rapidly and become more complex.
We have identified and implemented enhancements to our products, as well as new products that we believe are important to our continued success in the cyber security market. Going forward, we may not be successful in developing and marketing, on a timely basis, such new products or enhancements or our new products or enhancements may not adequately address the changing needs of the marketplace. In addition, some of our new products and enhancements may require us to develop new architectures that involve complex, expensive, and time-consuming research and development processes. Although the market expects rapid introduction of new products and enhancements to respond to new threats, the development of these products and enhancements is difficult and the timetable for commercial release and availability is uncertain, as there can be significant time lags between initial beta releases and the commercial availability of new products and enhancements. We may experience unanticipated delays in the availability of new products and enhancements to our platform and fail to meet customer expectations with respect to the timing of such availability. If we do not quickly respond to the rapidly changing and rigorous needs of our customers by developing, releasing and making available on a timely basis new products and enhancements to our services and products that can adequately respond to advanced threats and our customers’ needs, our competitive position and business prospects will be harmed. Furthermore, from time to time, we, or our competitors, may announce new products with capabilities or technologies that could have the potential to replace or shorten the life cycles of our existing services products. Announcements of new products could cause customers to defer purchasing our existing services or products.
Additionally, the process of developing new technology is expensive, complex, and uncertain. The success of new products and enhancements depends on several factors, including appropriate component costs, timely completion and introduction, differentiation of new products and services from those of our competitors, and market acceptance. To maintain our competitive position, we must continue to commit significant resources to developing new products or services before knowing whether these investments will be cost-effective or achieve the intended results. We may not be able to successfully identify new product opportunities, develop and bring new products or services to market in a timely manner, or achieve market acceptance of our platform. Products and technologies developed by others may render our offerings obsolete or noncompetitive. If we expend significant resources on researching and developing products or services and such products and services are not successful, our business, financial position and results of operations may be adversely affected. We may not be able to use new technologies effectively or adapt to OEM, service provider, customer or end user requirements or emerging industry standards.
Our solutions may be adversely affected by defects or denial of service attacks, which could cause our OEM and service provider partners, customers, or end users to stop using our solutions.
Our email, anti-malware and web security products are based in part upon new and complex software and highly advanced computer systems. Complex software and computer systems can contain defects, particularly when first introduced or when new versions are released, and are possible targets for denial of service attacks instigated by “hackers”. Although we conduct extensive testing and implement internet security processes, we may not discover defects or vulnerabilities in our software or systems that affect our new or current solutions or enhancements until after they are delivered. Although we have not experienced any material defects or vulnerabilities to date in our messaging, anti-malware, and web security offerings, it is possible that, despite testing by us, defects or vulnerabilities may exist in the solutions we provide. These defects or vulnerabilities could cause or lead to interruptions for customers of our solutions, resulting in damage to our reputation, legal risks, loss of revenue, delays in market acceptance and diversion of our development resources, any of which could cause our business, financial condition and/or results of operations to suffer.
Real or perceived defects, errors or vulnerabilities in our services or the failure of our services to block malware or prevent a cyber-attack or security breach could harm our reputation and adversely impact our business, financial condition, and results of operations.
Because our products and services are complex, they have contained and may contain design or manufacturing defects or errors that are not detected until after their commercial release and deployment by our end users. For example, from time to time, certain of our end users have reported defects in our products related to performance, scalability and compatibility that were not detected before offering the service. Additionally, defects may cause our products or services to be vulnerable to security attacks, cause them to fail to help secure networks or temporarily interrupt end users’ networking traffic. Because the techniques used by computer hackers to access or sabotage networks change frequently and may not be recognized until launched against a target, we may be unable to anticipate these techniques and provide a solution in time to protect our end users’ networks.
Furthermore, as a well-known provider of internet security solutions, our networks, products, and services could be targeted by attacks specifically designed to disrupt our business and harm our reputation. In addition, our data centers, which are located in various locations worldwide, and networks may experience technical failures and downtime, may fail to distribute appropriate updates, or may fail to meet the increased requirements of a growing end user base, any of which could temporarily or permanently expose our end users’ networks, leaving their networks unprotected against the latest security threats.
Any real or perceived defects, errors or vulnerabilities in our services, or any other failure of our services to detect an advanced threat, could result in certain events, including:
|●||a loss of existing or potential customers or channel partners;|
|●||delayed or lost revenue;|
|●||a delay in attaining, or the failure to attain, market acceptance;|
|●||the expenditure of significant financial and product development resources in efforts to analyze, correct, eliminate, or work around errors or defects, to address and eliminate vulnerabilities, or to identify and ramp up production with alternative third-party manufacturers;|
|●||an increase in service level availability or warranty claims, or an increase in the cost of servicing such claims, either of which would adversely affect our revenue and gross margins;|
|●||negative publicity, which could harm to our reputation or brand;|
|●||lost market share;|
|●||loss of our proprietary technology;|
|●||our solutions being susceptible to hacking or electronic break-ins or otherwise failing to secure data;|
|●||loss or disclosure of our customers’ confidential information, or the inability to access such information; and|
|●||litigation, regulatory inquiries, or investigations that may be costly to address and further harm our reputation.|
Data thieves are sophisticated, often affiliated with organized crime and operate large scale and complex automated attacks. In addition, their techniques change frequently and generally are not recognized until launched against a target. If we fail to identify and respond to new and complex methods of attack and to update our services to detect or prevent such threats in time to protect our end users’ systems, our business and reputation will suffer.
An actual or perceived security breach or theft of the sensitive data of one of our end users, regardless of whether the breach is attributable to the failure of our products or services, could adversely affect the market’s perception of our security offerings. Despite our best efforts, there is no guarantee that our products and services will be free of flaws or vulnerabilities, and even if we discover these weaknesses, we may not be able to correct them promptly, if at all. A breach of our systems could also result in the disclosure of sensitive and confidential information as well as information regarding our customers, end users and partners. Our end user customers may also misuse our products and services, which could result in a breach or theft of business data.
If the delivery of our services to our customers is interrupted or delayed for any reason, our business could suffer.
Any interruption or delay in the delivery of our services will negatively impact our customers. Our solutions are deployed via the internet, and our customers’ internet traffic is routed through our cloud platform. Our customers depend on the continuous availability of our services, and our services are designed to operate in accordance with applicable service level commitments. The adverse effects of any service interruptions on our reputation and financial condition may be disproportionately heightened due to the nature of our business and the fact that our customers expect continuous and uninterrupted service and have a low tolerance for interruptions of any duration.
The following factors, many of which are beyond our control, can affect the delivery and availability of our services and the performance of our cloud:
|●||the development and maintenance of the infrastructure of the internet;|
|●||the performance and availability of third-party telecommunications services with the necessary speed, data capacity and security for providing reliable internet access and services;|
|●||decisions by the owners and operators of the data centers where our cloud infrastructure is deployed or by global telecommunications service provider partners who provide us with network bandwidth to terminate our contracts, discontinue services to us, shut down operations or facilities, increase prices, change service levels, limit bandwidth, declare bankruptcy or prioritize the traffic of other parties;|
|●||the occurrence of earthquakes, floods, fires, power loss, system failures, physical or electronic break-ins, acts of war or terrorism, human error, or interference (including by disgruntled employees, former employees, or contractors) and other catastrophic events;|
|●||failure by us to maintain and update our cloud infrastructure to meet our traffic capacity requirements;|
|●||errors, defects, or performance problems in our software, including third-party software incorporated in our software;|
|●||improper deployment or configuration of our services; and|
|●||the failure of our redundancy systems, in the event of a service disruption at one of our data centers, to provide failover to other data centers in our data center network.|
The occurrence of any of these factors, or if we are unable to efficiently and cost-effectively fix such errors or other problems that may be identified, could damage our reputation, negatively impact our relationship with our customers or otherwise materially harm our business, results of operations and financial condition.
Our email, anti-malware and web security products may be adversely affected if we are not able to receive a sufficient sampling of internet traffic or our data centers were to become unavailable.
Our messaging, anti-malware and web security solutions are dependent, in part, on the ability of our data centers to analyze, in an automated fashion, live feeds of internet and web related traffic received through our services to customers and other contractual arrangements. If we were to suffer an unanticipated, substantial decrease in such traffic or our multiple data centers become unavailable for any significant period, the effectiveness of our technologies would drop, our product offerings would become less attractive to customers/potential customers and revenues could decline.
False detection of viruses, malware, spyware, vulnerability exploits, data patterns or URL categories could adversely affect our business.
Our classifications of application type, virus, malware, spyware, vulnerability exploits, data, or URL categories may falsely detect applications, content or threats that do not actually exist. This risk is heightened by the inclusion of a “heuristics” feature in our products, which attempts to identify applications and other threats not based on any known signatures but based on characteristics or anomalies which indicate that a particular item may be a threat. These “false positives”, while typical in our industry, may impair the perceived reliability of our products and may therefore adversely impact market acceptance of our services and products. If our services and products restrict important files or applications based on falsely identifying them as malware or some other item that should be restricted, this could adversely affect end users’ systems and cause material system failures. Any such false identification of important files or applications could result in damage to our reputation, negative publicity, loss of end users and sales, increased costs to remedy any problem, and costly litigation.
Our cloud-based enterprise SaaS security offerings include newer service offerings, so we may not see the customer traction in these offerings that we anticipate.
During 2019, Cyren revised its enterprise product strategy to focus primarily on email security and began to de-emphasize legacy solutions due to lack of significant customer traction. We made Cyren Inbox Security generally available for purchase in the second quarter of 2020. The solutions we are promoting and will promote to this market enable us to offer internet security solutions directly to our Enterprise customers or through our channel partners. If we fall short of our expectations, and especially given the significant resources invested by us in bringing new offerings to market, our financial results will suffer and the value of shareholder investments will decline.
If we fail to promote, develop, or protect our Cyren brand name, our business may be harmed.
Developing and maintaining awareness and integrity of our company and our new brand are important to achieving widespread acceptance of our existing and future offerings and are important elements in attracting new customers. The importance of brand recognition will increase as competition in our market further intensifies. Successful promotion of our brand will depend on the effectiveness of our marketing efforts and on our ability to provide reliable and useful solutions at competitive prices. We plan to continue investing substantial resources to promote our brand, both domestically and internationally, but there is no guarantee that our brand development strategies will enhance the recognition of our brand. Some of our existing and potential competitors have well-established brands with greater recognition than we have. If our efforts to promote and maintain our brand are not successful, our operating results and our ability to attract and retain customers may be adversely affected. In addition, even if our brand recognition and loyalty increases, this may not result in increased use of our solutions or higher revenue.
Our use of open source technology could impose limitations on our ability to commercialize our solutions.
We use open source software in certain of our solutions, and although we monitor our use of open source software to avoid subjecting our solutions to conditions we do not intend, the terms of many open source licenses have not been interpreted by U.S. or foreign courts. As a result, there is a risk that these licenses could be construed in a way that could impose unanticipated conditions or restrictions on our ability to commercialize our solutions. From time to time, we may face claims from third parties claiming ownership of, or demanding release of, the open source software or derivative works that we have developed using such software or otherwise seeking to enforce the terms of the applicable open source license. In such an event, we could be required to seek licenses from third parties to continue offering our solutions, to make our proprietary code generally available in source code form, to re-engineer our solutions or to discontinue the sale of our solutions if re-engineering could not be accomplished on a timely basis, any of which could adversely affect our business, operating results and financial condition.
Risks Related to our Ordinary Shares
The market price of our ordinary shares historically has been highly volatile and is likely to continue to be volatile, and you could lose all or part of your investment.
The market price of our ordinary shares has been volatile and could be subject to wide fluctuations in response to various factors, some of which are beyond our control. In addition to the factors discussed in this “Risk Factors” section and elsewhere in this Annual Report, these factors include:
|●||effects of the COVID-19 pandemic on our business operations or financial condition;|
|●||introduction of new products, services or technologies by our competitors;|
|●||inability to obtain additional capital;|
|●||failure to meet or exceed financial or operational projections we may provide to the public;|
|●||failure to meet or exceed the financial or operational projections of the investment community;|
|●||the willingness of enterprises to increase acceptance and use of cloud computing services;|
|●||significant acquisitions, strategic partnerships, joint ventures or capital commitments by us or our competitors;|
|●||additions or departures of key management personnel;|
|●||significant lawsuits, including shareholder litigation;|
|●||if securities or industry analysts issue an adverse or misleading opinion regarding our ordinary shares;|
|●||changes in the market valuations of similar companies;|
|●||general market or macroeconomic conditions;|
|●||sales of our ordinary shares by us or our shareholders in the future;|
|●||a potential additional reverse share split if we are unable to maintain a share price above $1.00 per ordinary share; and|
|●||trading volume of our ordinary shares.|
In addition, companies trading in the stock market in general, and on the Nasdaq Capital Market , have experienced extreme price and volume fluctuations, and we have in the past experienced volatility that has been unrelated or disproportionate to our operating performance. From January 1, 2021 through December 31, 2021 the closing price of our ordinary shares has ranged, after accounting for our 1-for-20 reverse share split, between $29.60 and $5.60 per share. This volatility in our ordinary share price has continued in 2022. From February 23, 2022 to March 8, 2022, the closing price of our ordinary shares has ranged between $2.17 and $10.41 per ordinary share. Broad market and industry factors may negatively affect the market price of our ordinary shares, regardless of our actual operating performance.
Further, on some occasions, our share price may be, or may be purported to be, subject to “short squeeze” activity. A “short squeeze” is a technical market condition that occurs when the price of a stock increases substantially, forcing market participants who had taken a position that its price would fall (i.e., who had sold the stock “short”), to buy it, which in turn may create a significant, short-term demand for the stock not for fundamental reasons, but rather due to the need for such market participants to acquire the stock in order to forestall the risk of even greater losses. A “short squeeze” condition in the market for a stock can lead to short-term conditions involving very high volatility and trading that may or may not track fundamental valuation models.
In addition, in the past, class action litigation has often been instituted against companies whose securities experienced periods of volatility in market price. Securities litigation brought against us following volatility in the price of our ordinary shares, regardless of the merit or ultimate results of such litigation, could result in substantial costs, which would hurt our financial condition and operating results and divert management’s attention and resources from our business.
We may not be able to comply with all applicable listing requirements or standards of the Nasdaq Capital Market and Nasdaq could delist our ordinary shares.
Our ordinary shares are currently listed on the Nasdaq Capital Market. To maintain that listing, we must satisfy minimum financial and other continued listing requirements and standards. One such requirement is that we maintain a minimum bid price of at least $1.00 per ordinary share. On April 8, 2021, we received notice from Nasdaq that because the closing bid price for the ordinary shares listed on the Nasdaq Capital Market was below $1.00 per share for 30 consecutive business days prior to the date of the notice, our ordinary shares did not meet the minimum closing bid requirement for continued listing on the Nasdaq Capital Market set forth in Rule 5550(a)(2) of the Nasdaq Listing Rules.
To enable our ordinary shares to meet the minimum closing bid requirements, on February 8, 2022, we announced a 1-for-20 Reverse Share Split and on February 9, 2022, our ordinary shares began trading on a split-adjusted basis under the existing trading symbol “CYRN”. The bid price of our ordinary shares closed above $1.00 per share for a minimum of 10 consecutive business days which allowed us to achieve compliance with the rule ahead of the April 4, 2022 deadline. There can be no assurance that we will maintain compliance with the $1.00 minimum bid price requirement or comply with Nasdaq’s other continued listing standards in the future. If we fail to satisfy the continued listing requirements of Nasdaq in the future, including the Rule, Nasdaq may take steps to delist our ordinary shares. A delisting of our ordinary shares from the Nasdaq Capital Market would likely have a negative effect on the price of our ordinary shares and would have an adverse effect on our business, financial condition and results of operations. In the event that our ordinary shares are not eligible for continued listing on Nasdaq or another national securities exchange, trading of our ordinary shares could be conducted in the over-the-counter market or on an electronic bulletin board established for unlisted securities such as the Pink Sheets or the OTC Bulletin Board. In such event, it could become more difficult to dispose of, or obtain accurate price quotations for, our ordinary shares, and there would likely also be a reduction in our coverage by security analysts and the news media, which could cause the price of our ordinary shares to decline further. Also, it may be difficult for us to raise additional capital if we are not listed on a major exchange.
The issuance of additional shares in connection with financings, acquisitions, investments, our equity incentive plans, conversion of our debentures, exercise of outstanding warrants or otherwise will dilute other shareholders. In addition, our failure in the future to raise additional capital or generate the significant capital necessary to expand our operations and invest in new services and products could reduce our ability to compete and could harm our business. The ability to increase the authorized share count could limit our options for continuing to support the business.
We have made, and intend to continue to make, investments to support our business growth and may require additional funds to respond to business challenges, including the need to develop new features to enhance our services and products, improve our operating infrastructure or acquire complementary businesses and technologies. Accordingly, we may need to engage in equity or debt financings to secure additional funds. For example, in March 2020, we issued $10.25 million aggregate principal amount of our Convertible Debentures to accredited investors in a private placement and in February 2021, we issued 600,000 ordinary shares at a price of $23.00 per share in a registered direct offering and warrants to purchase 36,000 shares. In September 2021, we issued 707,639 ordinary shares at a purchase price of $14.40 per share and warrants to purchase up to 707,639 ordinary shares in a private placement. In connection therewith, we also issued warrants to designees of the placement agent is such offering to purchase up to 42,459 ordinary shares. In addition, on February 14, 2022, we issued 760,757 shares, pre-funded warrants to purchase up to 2,368,318 shares and warrants to purchase up to 3,129,075 shares at a purchase price per share and warrant of $3.835 or $3.834 per pre-funded warrant and warrant. In connection therewith, we also issued warrants to designees of the placement agent is such offering to purchase up to 187,745 ordinary shares.
Our shareholders have experienced dilution of their equity interests as a result of these issuances and prior issuances and may experience additional dilution as a result of the exercise of outstanding warrants. We may also elect to satisfy interest payments on the Convertible Debentures by the issuance of ordinary shares based on the market price at the time of the interest payment.
We evaluate financing opportunities from time to time, and our ability to obtain financing will depend, among other things, on our development efforts, business plans and operating performance, our market capitalization, the condition of the capital markets and available authorized shares at the time we seek financing. For example, our market capitalization may limit our ability to raise additional capital in the public markets. Although we are currently eligible to use our Form S-3, we are limited to selling no more than one-third of our unaffiliated market capitalization, or public float, on Form S-3 in a 12-month period as our public float is below $75 million. For more information on our inability to use Form S-3, see “Part II. Item 7, Management’s Discussion and Analysis of Financial Condition and Results of Operations—Liquidity and Capital Resources—Registration Statements” below. In addition, if we raise additional equity or convertible debt financing, our shareholders may experience further significant dilution of their ownership interests and the per share value of our ordinary shares could decline. Furthermore, if we engage in debt financing, the holders of debt would have priority over the holders of our ordinary shares, and we may be required to accept terms that restrict our ability to incur additional indebtedness or that otherwise restrict our ability to operate our business. We may also be required to take other actions that would otherwise be in the interests of the debt holders and force us to maintain specified liquidity or other ratios, any of which could harm our business, operating results, and financial condition. We may not be able to obtain additional financing on terms favorable to us, if at all. If we are unable to obtain adequate financing or financing on terms satisfactory to us when we require it, our ability to continue to support our business growth and to respond to business challenges could be significantly impaired, and our business may be adversely affected.
Warburg Pincus holds 30% of our outstanding shares and is able to exercise significant influence over many matters requiring the approval of our Board and/or shareholders; Warburg Pincus’ interest in our business may be different from yours.
Warburg Pincus holds approximately 30% of our outstanding ordinary shares as of February 28, 2022, and has the right to nominate the number of directors proportional to its holdings of our outstanding shares. Currently, four directors nominated by Warburg Pincus serve on our Board. Warburg Pincus is able to exercise significant influence over many matters requiring the approval of our Board and/or shareholders, including the election of directors and approval of significant corporate transactions. In addition, our other directors and our executive officers that are not related to Warburg Pincus (together known as “affiliated entities”), beneficially own, in the aggregate, approximately 5% of our outstanding ordinary shares as of February 28, 2022. If they vote together (especially if they were to exercise all vested options into shares entitled to voting rights in the Company), these shareholders will be able to exercise influence over matters requiring a special majority vote of our shareholders, including the compensation of directors and approval of certain significant corporate transactions. In this regard, we know of no shareholders or voting agreement between major shareholders or between such shareholders and directors or officers.
In addition, conflicts of interest may arise as a consequence of the control by Warburg Pincus, including:
|●||conflicts between Warburg Pincus and our other shareholders whose interests may differ with respect to, among other things, our strategic direction, or significant corporate transactions;|
|●||conflicts related to corporate opportunities that could be pursued by us, on the one hand, or by Warburg Pincus, on the other hand; or|
|●||conflicts related to existing or new contractual relationships between us, on the one hand, and Warburg Pincus, on the other hand.|
U.S. holders of our shares could be subject to material adverse tax consequences if we are considered a “passive foreign investment company” for U.S. federal income tax purposes.
We do not believe that we are a passive foreign investment company, and we do not expect to become a passive foreign investment company. However, our status in any taxable year will depend on our assets, income and activities in each year, and because this is a factual determination made annually after the end of each taxable year, there can be no assurance that we will not be considered a passive foreign investment company for the current taxable year or any future taxable years. If we were a passive foreign investment company for any taxable year while a taxable U.S. holder held our shares, such U.S. holder could face adverse U.S. federal income tax consequences, including having gains realized on the sale of our ordinary shares classified as ordinary income, rather than as capital gain, the loss of the preferential rate applicable to dividends received on our ordinary shares by individuals who are U.S. holders, and having interest charges apply to distributions by us and the proceeds of share sales.
U.S. holders that own 10% or more of the vote or value of our ordinary shares may suffer adverse tax consequences because we and/or any of our non-U.S. subsidiaries are expected to be characterized as a “controlled foreign corporation,” or a CFC, under Section 957(a) of the U.S. Internal Revenue Code of 1986, as amended, or the Code.
A non-U.S. corporation is considered a CFC if more than 50% of (1) the total combined voting power of all classes of stock of such corporation entitled to vote, or (2) the total value of the stock of such corporation, is owned, or is considered as owned by applying certain constructive ownership rules, by United States shareholders (U.S. persons who own stock representing 10% or more of the vote or 10% or more of the value) on any day during the taxable year of such non-U.S. corporation. Certain United States shareholders of a CFC generally are required to include currently in gross income such shareholders’ share of the CFC’s “Subpart F income,” a portion of the CFC’s earnings to the extent the CFC holds certain U.S. property, and a portion of the CFC’s “global intangible low-taxed income” (as defined under Section 951A of the Code). Such United States shareholders are subject to current U.S. federal income tax with respect to such items, even if the CFC has not made an actual distribution to such shareholders. “Subpart F income” includes, among other things, certain passive income (such as income from dividends, interests, royalties, rents and annuities or gain from the sale of property that produces such types of income) and certain sales and services income arising in connection with transactions between the CFC and a person related to the CFC. “Global intangible low-taxed income” may include most of the remainder of a CFC’s income over a deemed return on its tangible assets.
As a result of certain changes in the U.S. tax law introduced by the Tax Cuts and Jobs Act, we believe that we and our non-U.S. subsidiaries would be classified as CFCs in the current taxable year. For U.S. holders who hold 10% or more of the vote or value of our ordinary shares, this may result in adverse U.S. federal income tax consequences, such as current U.S. taxation of Subpart F income and of any such shareholder’s share of our accumulated non-U.S. earnings and profits (regardless of whether we make any distributions), taxation of amounts treated as global intangible low-taxed income under Section 951A of the Code with respect to such shareholder, and being subject to certain reporting requirements with the U.S. Internal Revenue Service, or the IRS. Any such U.S. holder who is an individual generally would not be allowed certain tax deductions or foreign tax credits that would be allowed to a U.S. corporation. If you are a U.S. holder who holds 10% or more of the vote or value of our ordinary shares, you should consult your own tax advisors regarding the U.S. tax consequences of acquiring, owning, or disposing our ordinary shares and the impact of the Tax Cuts and Jobs Act, especially the changes to the rules relating to CFCs.
We do not intend to pay dividends for the foreseeable future.
We have never declared or paid any dividends on our ordinary shares. We intend to retain any earnings to finance the operation and expansion of our business, and we do not anticipate paying any cash dividends in the future. As a result, you may only receive a return on your investment in our ordinary shares if the market price of our ordinary shares increases.
Intellectual Property Risks
If we fail to adequately protect our intellectual property rights or face a claim of intellectual property infringement by a third party, we could lose our intellectual property rights or be liable for significant damages.
We regard our patented and patent pending technology, copyrights, service marks, trademarks, trade secrets and similar intellectual property as critical to our success, and rely on patent, trademark and copyright law, trade secret protection and confidentiality or license agreements with our employees and customers to protect our proprietary rights. See Item 1. Business, Intellectual Property for information pertaining to our patent activities. We may seek to patent certain additional software or other technology in the future. Any such patent applications might not result in patents issued within the scope of the claims we seek, or at all.
Despite our precautions, unauthorized third parties may copy certain portions of our technology, reverse engineer or obtain and use information that we regard as proprietary or otherwise infringe or misappropriate our patent or our patent pending technology, trade secrets, copyrights, trademarks, and similar proprietary rights. In addition, the laws of some foreign countries do not protect proprietary rights to the same extent as do the laws of the United States. Thus, our means of protecting our proprietary rights in the United States or abroad, as well as our financial resources, may not be adequate, and competitors may independently develop similar technology. Given the cost, effort, risks, and downside of obtaining patent protection, including the requirement to ultimately disclose the invention to the public, we may not choose to seek patent protection for certain innovations. However, such patent protection could later prove to be important to our business. Even if issued, there can be no assurance that any patents will have the coverage originally sought or adequately protect our intellectual property, as the legal standards relating to the validity, enforceability, and scope of protection of patent and other intellectual property rights are uncertain. Any patents that are issued may be invalidated or otherwise limited, or may lapse or may be abandoned, enabling other companies to better develop products that compete with our solutions, which could adversely affect our competitive business position, business prospects and financial condition. Similarly, it may not always be feasible to enforce our trademark rights, should these be infringed.
We cannot be certain that our security solutions do not infringe issued patents in certain parts of the world. Therefore, other parties, whether in the United States or elsewhere, may assert infringement claims against us. We may also be subject to legal proceedings and claims from time to time in the ordinary course of our business, including claims of alleged infringement of copyrights, trademarks, and other intellectual property rights of third parties by ourselves and our customers. Our customer agreements typically include indemnity provisions, so we may be obligated to defend against third party intellectual property rights infringement claims on behalf of our customers. Such claims, even if not meritorious, could result in the expenditure of significant financial and managerial resources. We may not have the proper resources in order to adequately defend against such claims.
Risks Relating to Operations in Israel
Conditions in Israel may limit our ability to develop and sell our products, resulting in a decline in revenues.
We are incorporated under the laws of the State of Israel. Our principal research and development facilities are located in Israel. Since the establishment of the State of Israel in 1948, a number of armed conflicts have taken place between Israel and its neighboring countries, as well as incidents of civil unrest, and a number of state and non-state actors have publicly committed to its destruction. Political, economic, and military conditions in Israel could directly affect our operations. We could be adversely affected by any major hostilities involving Israel, including acts of terrorism or any other hostilities involving or threatening Israel, the interruption or curtailment of trade between Israel and its trading partners, a significant increase in inflation or a significant downturn in the economic or financial condition of Israel. Any on-going or future violence between Israel and the Palestinians, armed conflicts, terrorist activities, tension along the Israeli borders or with other countries in the region, including Iran, or political instability in the region could disrupt international trading activities in Israel and may materially and negatively affect our business and could harm our results of operations.
Certain countries, as well as certain companies and organizations, continue to participate in a boycott of Israeli firms, firms with large Israeli operations and others doing business with Israel and Israeli companies. In addition, such boycott, restrictive laws, policies, or practices may change over time in unpredictable ways, and could, individually or in the aggregate, have a material adverse effect on our business in the future. Should the BDS Movement, the movement for boycotting, divesting and sanctioning Israel and Israeli institutions (including universities) and products become increasingly influential in the United States, Europe and around the world, this may also adversely affect our business and financial condition.
Some of our employees in Israel, including some of our executive officers, are obligated to perform annual military reserve duty in the Israel Defense Forces, depending on their age and position in the armed forces. Furthermore, they may be called to active reserve duty at any time under emergency circumstances for extended periods of time. Our operations could be disrupted by the absence, for a significant period, of one or more of our executive officers or key employees due to military service, and any significant disruption in our operations could harm our business.
Because a substantial portion of our revenues historically have been generated in U.S. dollars (USD) and the Euro (EUR), and a significant portion of our expenses have been incurred in Israeli Shekel (ILS), British Pound (GBP) and Icelandic Krona (ISK), our results of operations may be adversely affected by currency fluctuations.
We have generated a substantial portion of our revenues in USD and EUR, and incurred a substantial portion of our expenses, principally salaries and related personnel expenses, office rent and other outside services, in currencies other than USD. Those expenses incurred in Israel are denominated in Shekels, those incurred in the United Kingdom are denominated in GBP and those incurred in Iceland are denominated in ISK. We anticipate that a significant portion of our expenses will continue to be denominated in these currencies. As a result, we are exposed to risk to the extent that the value of the USD depreciates against the ILS, GBP, and ISK or to the extent that the value of the USD appreciates against the EUR. In those events, the USD cost of Cyren’s operations will increase and the USD value of Cyren’s revenues will decrease, respectively, and the Company’s USD measured results of operations will be adversely affected. During 2021, the USD value of operating costs denominated in ILS increased due to the depreciation of the USD vs. all such currencies, while the USD value of operating costs denominated in ISK and GBP decreased due to the appreciation of the USD, and the USD value of revenues denominated in EUR decreased due to the appreciation of the USD vs the EUR. During 2020, the USD value of operating costs denominated in ILS and GBP increased due to the depreciation of the USD vs. all such currencies, while the USD value of operating costs denominated in ISK decreased due to the appreciation of the USD, and the USD value of revenues denominated in EUR increased due to the depreciation of the USD vs the EUR.
We cannot predict the trend for future years. Our operations also could be adversely affected if we are unable to guard against currency fluctuations in the future. To date, we have not engaged in any significant hedging transactions. In the future, we may enter into currency hedging transactions to decrease the risk of financial exposure from fluctuations in the exchange rate of the dollar against the ILS. Foreign currency fluctuations, and our attempts to mitigate the risks caused by such fluctuations, could have a material and adverse effect on our results of operations and financial condition.
The government programs and benefits which we previously received require us to meet several conditions and may be terminated or reduced in the future.
We received grants from the Government of Israel through a program with the Israel Innovation Authority, or the IIA (formerly known as the Office of the Chief Scientist of the Israeli Ministry of Economy and Industry), pursuant to the Israeli Law for the Encouragement of Industrial Research Development and Technological Innovation, 1984, and related regulations (the “R&D Law”), to finance a significant portion of our research and development expenditures in Israel.
In order to meet specified conditions in connection with grants and programs of the IIA, we have made representations to the Israel government about our Israeli operations. One of the grants requires a minimum commitment of three years and we are required to share information with other companies and academics. From time to time, the conduct of our Israeli operations has deviated from our forecasts. If we fail to meet the conditions of the grants, including the maintenance of a material presence in Israel, or if there is any material deviation from the representations made by us to the Israeli government, we could be required to refund the grants previously received (together with an adjustment based on the Israeli consumer price index and an interest factor) and would likely be ineligible to receive IIA grants in the future.
In addition, the terms of our IIA grants and programs prohibit the manufacture outside of Israel of the product developed in accordance with the program without the prior consent of the Research Committee. Such approval is generally subject to an increase in the total amount to be repaid to the IIA to between 120% and 300% of the amount granted, depending on the extent of the manufacturing that is conducted outside of Israel. In addition, the R&D Law provides that know-how from the research and development and any derivatives thereof, cannot be transferred or licensed to Israeli third parties without the approval of the Research Committee. The R&D Law stresses that it is not just transfer of know-how that is prohibited, but also transfer of any rights in such know-how. Approval of the transfer and/or license may be granted only if the Israeli transferee undertakes to abide by all of the provisions of the R&D Law and regulations promulgated thereunder, including the restrictions on the transfer of know-how and the obligation to pay royalties, if applicable.
The know-how from the research and development and any derivatives thereof, cannot be transferred or licensed to non-Israeli third parties without the approval of the Research Committee, which approval is generally contingent on payment of a significant penalty of up to six times the grant amount plus LIBOR and minus any royalties paid. The total amount of grants received as of December 31, 2021 (none received since 2018) is approximately $6.4 million.
You may have difficulties enforcing a U.S. judgment against us and our executive officers and directors or asserting U.S. securities laws claims in Israel.
Cyren Ltd. is organized under the laws of Israel, and we maintain significant operations in Israel. In addition, a significant portion of our assets are located outside the United States. Service of process upon our non-U.S. resident directors and enforcement of judgments obtained in the United States against them and Cyren Ltd. may be difficult to obtain within the United States. It may be difficult to enforce civil causes of actions under U.S. securities law in original actions instituted in Israel. Israeli courts may refuse to hear a claim based on a violation of U.S. securities laws because Israel is not the most appropriate forum in which to bring such a claim. In addition, even if an Israeli court agrees to hear a claim, it may determine that Israeli law and not U.S. law is applicable to the claim. If U.S. law is found to be applicable, the substance of the applicable U.S. law must be proved as a fact, which can be a time-consuming and costly process. Certain matters of procedure will also be governed by Israeli law. Furthermore, there is little binding case law in Israel addressing these matters.
Israeli courts might not enforce judgments rendered outside Israel which may make it difficult to collect on judgments rendered against us. Subject to certain time limitations, an Israeli court may declare a foreign civil judgment enforceable only if it finds that (a) the judgment was rendered by a court which was, according to the laws of the state of the court, competent to render the judgment; (b) the judgment may no longer be appealed; (c) the obligation imposed by the judgment is enforceable according to the rules relating to the enforceability of judgments in Israel and the substance of the judgment is not contrary to public policy; and (d) the judgment is executory in the state in which it was given.
Even if these conditions are satisfied, an Israeli court will not enforce a foreign judgment if it was given in a state whose laws do not provide for the enforcement of judgments of Israeli courts (subject to exceptional cases) or if its enforcement is likely to prejudice the sovereignty or security of the State of Israel. An Israeli court also will not declare a foreign judgment enforceable if (i) the judgment was obtained by fraud; (ii) there is a finding of lack of due process; (iii) the judgment was rendered by a court not competent to render it according to the laws of private international law in Israel; (iv) the judgment is at variance with another judgment that was given in the same matter between the same parties and that is still valid; or (v) at the time the action was brought in the foreign court, a suit in the same matter and between the same parties was pending before a court or tribunal in Israel.
In addition, if a foreign judgment is enforced by an Israeli court, it generally will be payable in ILS, which can then be converted into foreign currency at the rate of exchange of such foreign currency on the date of payment. Pending collection, the amount of the judgment of an Israeli court stated in ILS (without any linkage to a foreign currency) ordinarily will be linked to the Israeli consumer price index plus interest at the annual statutory rate prevailing at such time. Judgment creditors bear the risk of unfavorable exchange rates.
Provisions of Israeli law may delay, prevent, or make difficult an acquisition of Cyren Ltd., which could prevent a change of control and therefore depress the price of our shares.
Israeli corporate law regulates mergers and acquisitions of shares through tender offers, requires special approvals for transactions involving officers, directors or significant shareholders and regulates other matters that may be relevant to these types of transactions. Furthermore, Israeli tax considerations may make potential transactions unappealing to us or to our shareholders whose country of residence does not have a tax treaty with Israel exempting such shareholders from Israeli tax. For example, Israeli tax law does not recognize tax-free share exchanges to the same extent as U.S. tax law. With respect to mergers, Israeli tax law allows for tax deferral in certain circumstances but makes the deferral contingent on the fulfillment of a number of conditions, including a holding period of two years from the date of the transaction during which sales and dispositions of shares of the participating companies are subject to certain restrictions. Moreover, with respect to certain share swap transactions, the tax deferral is limited in time, and when such time expires, the tax becomes payable even if no disposition of the shares has occurred. These and other similar provisions could delay, prevent, or impede an acquisition of our company or our merger with another company, even if such an acquisition or merger would be beneficial to us or to our shareholders.
Your rights and responsibilities as a shareholder will be governed by Israeli law which differs in some respects from the rights and responsibilities of shareholders of U.S. companies.
We are incorporated under Israeli law. The rights and responsibilities of the holders of our ordinary shares are governed by our Articles of Association and Israeli law. These rights and responsibilities differ in some respects from the rights and responsibilities of shareholders in typical U.S.-based corporations. In particular, a shareholder of an Israeli company has a duty to act in good faith toward the company and other shareholders and to refrain from abusing its power in the company, including, among other things, in voting at the general meeting of shareholders on matters such as amendments to a company’s articles of association, increases in a company’s authorized share capital, mergers and acquisitions and interested party transactions requiring shareholder approval. In addition, a controlling shareholder, a shareholder who knows that it possesses the power to determine the outcome of a shareholder vote or to appoint or prevent the appointment of a director or executive officer in the company, has a duty of fairness toward the company. There is limited case law available to assist us in understanding the implications of these provisions that govern shareholders’ actions. These provisions may be interpreted to impose additional obligations and liabilities on holders of our ordinary shares that are not typically imposed on shareholders of U.S. corporations.
Catastrophic events may disrupt our business.
Natural disasters or other catastrophic events may cause damage or disruption to our operations, international commerce and the global economy, and thus could harm our business. In the event of a major earthquake, hurricane or catastrophic event such as fire, power loss, telecommunications failure, vandalism, cyber-attack, war, terrorist attack or health epidemic (including COVID-19), we may be unable to continue our operations and may endure system interruptions, reputational harm, delays in our application development, lengthy interruptions in our products, breaches of data security and loss of critical data, all of which could harm our business, results of operations and financial condition. In addition, the insurance we maintain may be insufficient to cover our losses resulting from disasters, cyber-attacks or other business interruptions, and any incidents may result in loss of, or increased costs of, such insurance.
If we fail to maintain an effective system of disclosure controls and internal control over financial reporting, our ability to produce timely and accurate financial statements or comply with applicable regulations could be impaired.
We are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act of 2002, and the rules and regulations of the applicable listing standards of Nasdaq. We expect that the requirements of these rules and regulations will continue to increase our legal, accounting, and financial compliance costs, make some activities more difficult, time-consuming, and costly, and place significant strain on our personnel, systems, and resources.
The Sarbanes-Oxley Act of 2002requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting. We are continuing to develop and refine our disclosure controls and other procedures that are designed to ensure that information required to be disclosed by us in the reports that we file with the SEC is recorded, processed, summarized, and reported within the time periods specified in SEC rules and forms and that information required to be disclosed in reports under the Exchange Act is accumulated and communicated to our principal executive and financial officers. We are also continuing to improve our internal control over financial reporting. In order to maintain and improve the effectiveness of our disclosure controls and procedures and internal control over financial reporting, we have expended, and anticipate that we will continue to expend, significant resources, including accounting-related costs, and significant management oversight. If material weaknesses are identified or we are not able to comply with the applicable requirements of the Sarbanes-Oxley Act of 2002 in a timely manner, our reported financial results could be materially misstated, we could be subject to investigations or sanctions by regulatory authorities, and we could incur substantial expenses.
Our current controls and any new controls that we develop may become inadequate because of changes in conditions in our business. Further, weaknesses in our disclosure controls and internal control over financial reporting may be discovered in the future. Any failure to develop or maintain effective controls or any difficulties encountered in their implementation or improvement could harm our results of operations or cause us to fail to meet our reporting obligations and may result in a restatement of our financial statements for prior periods. Any failure to implement and maintain effective internal control over financial reporting also could adversely affect the results of periodic management evaluations and annual independent registered public accounting firm attestation reports regarding the effectiveness of our internal control over financial reporting that we will eventually be required to include in our periodic reports that will be filed with the SEC. Ineffective disclosure controls and procedures and internal control over financial reporting could also cause investors to lose confidence in our reported financial and other information, which would likely have a negative effect on the trading price of our ordinary shares. In addition, if we are unable to continue to meet these requirements, we may not be able to remain listed on Nasdaq.
ITEM 1B. UNRESOLVED STAFF COMMENTS
ITEM 2. PROPERTIES
Our principal executive office in Herzilya, Israel, is approximately 18,342 square feet and houses research and development, sales, marketing, support, and administrative personnel. The lease for our Herzliya office expires in April 30, 2023, with a five-year extension option.
We lease additional offices in the United States and Europe. Our U.S. subsidiary Cyren Inc. is headquartered in McLean, Virginia in an office of approximately 4,707 square feet and it houses executive management, finance, HR and administrative personnel; its office in Sunnyvale, California (approximately 2,497 square feet), which is fully sublet and the lease will expire in July 2022, without renewal. The Sunnyvale employees in operations, sales and marketing personnel are in an office that is approximately 495 square feet; and its office in Austin, TX (approximately 4,177 square feet) is fully sublet and expired in January 2022 without a renewal. The existing employees which are sales, marketing and support personnel work remotely. Our subsidiary Cyren Iceland hf is located in Hafnarfjordur, Iceland in an office of approximately 7,136 square feet, which houses antivirus research and development and operations and some administrative personnel. Our subsidiary Cyren GmbH is based in Berlin, Germany, in an office of approximately 9,496 square feet, which houses research and development, operations, sales, marketing and administrative personnel. Our subsidiary Cyren UK Ltd. is based in Bracknell, UK in an office of approximately 3,180 square feet, which houses sales and marketing personnel.
ITEM 3. LEGAL PROCEEDINGS
We may, from time to time, be party to litigation and subject to claims that arise in the ordinary course of business. In addition, third parties may, from time to time, assert claims against us in the form of letters and other communications. We currently believe that these ordinary course matters will not have a material adverse effect on our business, consolidated financial position, results of operations or cash flows; however, the results of litigation and claims are inherently unpredictable. Regardless of the outcome, litigation can have an adverse impact on us because of defense and settlement costs, diversion of management resources and other factors.
ITEM 4. MINE SAFETY DISCLOSURE
ITEM 5. MARKET FOR REGISTRANT’S COMMON EQUITY, RELATED STOCKHOLDER MATTERS AND ISSUER PURCHASES OF EQUITY SECURITIES
Market for our Ordinary Shares
Our ordinary shares trade on the Nasdaq Capital Market under the symbol “CYRN”. As of March 15, 2022, there were 32 record holders of our ordinary shares. We derived the number of shareholders by reviewing the listing of outstanding ordinary shares by our transfer agent.
If the Company decides to distribute a cash dividend, Israeli residents who are individuals are generally subject to Israeli income tax at a rate of either 25% or 30%, if the recipient of such dividend is a “substantial shareholder” at the time of distribution or at any time during the preceding 12-month period, unless the cash dividend is paid out of income that has been tax exempt due to an “approved enterprise” status under the Law for the Encouragement of Capital Investments, 5719-1959, in which case the Company will be subject to corporate tax at a rate then in effect under Israeli law on the amount of cash dividend and in addition, an Israeli shareholder, corporation or individual, will be subject to a tax rate of 20% on such cash dividend distribution. In addition, Israeli resident corporations are generally exempt from Israeli corporate tax for dividends paid on our ordinary shares. Pursuant to the Convention Between the Government of the United States of America and the Government of Israel with Respect to Taxes on Income, as amended (the “U.S.-Israel Tax Treaty”), the maximum tax on dividends paid to a holder of our ordinary shares who qualifies as a resident of the United States within the meaning of the U.S.-Israel Tax Treaty is 25% or 15% in case of dividends paid out of the profits of an “approved enterprise”, subject to certain conditions. Furthermore, dividends not generated by an “approved enterprise” paid to a U.S. corporation holding at least 10% of our issued voting power during the part of the tax year which precedes the date of payment of the dividend and during the whole of its prior tax year (if any), are generally taxed at a rate of 12.5%, subject to certain conditions. The Company has never declared or paid cash dividends on its ordinary shares. However, the Company has not adopted a policy not to pay cash dividends and therefore may declare a dividend in the future. The actual amount, timing, and frequency of future dividends, if any, will be at the sole discretion of the board of directors and will be declared based upon various factors, many of which are beyond our control. The Company’s current plans are to retain future earnings primarily to finance the development of its business and for other corporate purposes.
Equity Compensation Plan Information
See “Item 12. Security Ownership of Certain Beneficial Owners and Management and Related Shareholder Matters” for disclosure regarding our equity compensation plans.
Unregistered Sales of Equity Securities
Repurchases of our Equity Securities
ITEM 6. [RESERVED]
ITEM 7. MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS
The following discussion and analysis of our financial condition and results of operations should be read in conjunction with the information contained in our consolidated financial statements and the notes thereto included elsewhere in this Annual Report.. The following discussion and analysis includes forward-looking statements that involve certain risks and uncertainties, including, but not limited to, those described in Item 1A. Risk Factors. Our actual results may differ materially from those discussed below. See “Special Note Regarding Forward-Looking Statements” and Item 1A. Risk Factors.
Cyren was an early pioneer and leading innovator of cloud delivered Software-as-a-Service (SaaS) cybersecurity solutions that protect businesses, their employees and customers against threats from email, files, and the web.
We believe our cloud-based approach to security sets us apart from other vendors in the market. Our security solutions are architected around the fundamental belief that cyber security is a race against time – and the cloud best enables the speed, sophistication, and advanced automation needed to detect and block threats as they emerge on the internet. As more and more businesses move their data and applications to the cloud, they need a security provider that is able to keep pace.
Security threats are more prevalent and stealthier than ever. As cybercrime has become more sophisticated, every malware, phishing, and ransomware variant is unique, making it more difficult to detect attacks. While organizations have traditionally protected their users with gateway security appliances at their network perimeter, more frequent and evasive attacks combined with a more distributed workforce are reducing the effectiveness of this approach. Traditional appliances lack the real-time threat intelligence and processing power to detect emerging threats, and the growth of mobile devices and an increasingly distributed workforce means that more and more business is conducted outside of the traditional network perimeter. As a result, when new attacks appear in a matter of seconds, legacy cybersecurity products can leave companies vulnerable for hours, days, or even weeks.
Cyren’s cloud security products and services fall into three categories:
|●||Cyren Threat Detection Services – these services detect a variety of threats in email, files, and from the web, and are embedded into products from the world’s leading email providers, cyber security vendors and managed service providers. Cyren Threat Detection Services include our Email Security Detection Engine, Malware Detection Engine, Web Security Engine, and Threat Analysis Service.|
|●||Cyren Threat Intelligence Data – Cyren’s Threat Intelligence Products provide valuable threat intelligence data that can be used by enterprise or OEM customers to support threat detection, threat hunting, and incident response. Cyren’s Threat Intelligence offerings include IP Reputation Intelligence, Phishing Intelligence, Malware Intelligence, and Zombie Intelligence.|
|●||Cyren Enterprise Email Security Products – these include cloud-based solutions designed for enterprise customers and are sold either directly or through channel partners. Cyren Enterprise Email Security products include Cyren Email Security, a cloud-based secure email gateway, and Cyren Inbox Security, an anti-phishing product for Microsoft 365.|
Key Opportunities and Challenges
The last several years have possibly experienced the greatest amount of dramatic global incidents directly related to malware and cyber threats since the advent of the internet. From election hacks to global ransomware attacks, malware threats are at an all-time high. Phishing attacks have become increasingly common, and no company, large or small seems immune to these threats. Hackers have become more successful at monetizing these attacks, and as long as these activities prove lucrative, we expect these incidents to continue.
Cloud and Mobility
Businesses are going through a massive change in their IT strategies as they look to drive more business value, agility, and better customer experiences, while cloud and mobility are becoming increasingly important, as evidenced by the following trends:
|●||Business internet traffic continues to increase every year;|
|●||Data and applications are increasingly moving to the cloud;|
|●||More and more users are working remotely, particularly since the COVID-19 pandemic;|
|●||Buyers continue to move away from traditional on-premise solutions;|
|●||Mature and legacy on premise deployments are reaching end of life and are increasingly being replaced by cloud and SaaS alternatives;|
|●||IT security staffing shortages;|
|●||Increasingly fast, sophisticated, expensive, and high-profile attacks target organizations of all sizes;|
|●||Compliance and regulatory mandates;|
|●||Heightened cybercrime activity among commercial enterprises and nation states;|
|●||Automation is increasingly considered critical to accelerating detection and protection; and|
|●||The need to simplify operations through vendor consolidation.|
These are some of the reasons why we believe Cyren’s vision for 100% cloud security is compelling to IT security teams looking to protect their businesses in today’s cloud-centric mobile-first world.
Investments in Operations, Research and Development and Sales and Marketing
Our cost of revenues, research and development expenses, and sales and marketing expenses are all significant contributing factors to our operating losses. Over time, we expect we will increase utilization of our cloud infrastructure which we expect will provide the opportunity for improved gross margins. We believe that our investments in research and development are required in order to enhance and improve our solutions. In the future, we expect to lower the rate of R&D investment as a percentage of revenue. The return on our sales and marketing investment is tied to attracting new customers and enhancing our business with existing customers, thereby lowering the overall sales and marketing costs as a percent of revenues. We continue to monitor expenses and where possible, reduce expenses. We believe managing future headcount and expense growth will be key in improving our gross and operating margins over time given the recent decline in revenue.
Growing Our Enterprise Business
Cyren has prioritized growing its enterprise revenues. With the mid-2020 release of our anti-phishing solution, Cyren Inbox Security (CIS), we believe helping enterprises mitigate phishing attacks is our most significant revenue growth opportunity. Given the substantial size of the enterprise anti-phishing market, Cyren believes this new revenue stream has the potential to grow faster than our legacy OEM business. As this CIS business grows, it has the potential to eventually contribute to a larger portion of our overall revenue, and longer term, we expect deferred revenue to increase and our operating results and cash flow to improve.
Non-GAAP Financial Measures and Key Business Metrics
In addition to our results determined in accordance with generally accepted accounting principles in the United States (U.S. GAAP), we review a number of operating and financial metrics, including the following non-GAAP financial measures and key metrics, to evaluate our business, measure our performance, identify trends affecting our business, formulate business plans and make strategic decisions. In addition to our results determined in accordance with U.S. GAAP, we believe the following non-GAAP measures are useful in evaluating our operating performance. We use the following non-GAAP financial information to evaluate our ongoing operations and for internal planning and forecasting purposes. We believe that non-GAAP financial information, when taken collectively, may be helpful to investors because it provides consistency and comparability with past financial performance. However, non-GAAP financial information is presented for supplemental informational purposes only, has limitations as an analytical tool and should not be considered in isolation or as a substitute for financial information presented in accordance with U.S. GAAP. In addition, other companies, including companies in our industry, may calculate similarly-titled non-GAAP measures differently or may use other measures to evaluate their performance, all of which could reduce the usefulness of our non-GAAP financial measures as tools for comparison. A reconciliation is provided below for each non-GAAP financial measure to the most directly comparable financial measure stated in accordance with U.S. GAAP. Investors are encouraged to review the related U.S. GAAP financial measures and the reconciliation of these non-GAAP financial measures to their most directly comparable U.S. GAAP financial measures, and not to rely on any single financial measure to evaluate our business.
Free Cash Flow and Free Cash Flow Margin
Free cash flow is a non-GAAP financial measure that we calculate as net cash used in operating activities less cash used for purchases of property and equipment, capitalized internal-use software and cash proceeds from the sale of property and equipment. Free cash flow margin is calculated as free cash flow divided by revenue. We believe that free cash flow and free cash flow margin are useful indicators of liquidity that provide information to management and investors about the amount of cash generated from our operations that, after the investments in property and equipment, capitalized internal-use software and proceeds from the sale of property and equipment can be used for strategic initiatives, including investing in our business, and strengthening our financial position, but it is not intended to represent the residual cash flow available for discretionary expenditures. We believe that historical and future trends in free cash flow and free cash flow margin, even if negative, provide useful information about the amount of cash consumed by our operating activities that is not available to be used for strategic initiatives. For example, if free cash flow is negative, we may need to reducing operating spend, potentially divesting assets, and seek future issuances of equity and/or debt securities to invest in strategic initiatives or to fund operations. One limitation of free cash flow and free cash flow margin is that it does not reflect our future contractual commitments. Additionally, free cash flow, as a measure of our liquidity, does not represent the total increase or decrease in our cash balance for a given period and is not meant to be considered in isolation ss an alternative to cash flows from operating activities as a measure of liquidity. In particular, free cash flow is not a substitute for net cash used in operating activities. A reconciliation of free cash flow to net cash used in operating activities, its nearest GAAP equivalent, is presented below (in thousands). A reconciliation of free cash flow margin to net cash used in operating activities (as a percentage of revenue), its nearest GAAP equivalent, is also presented below.
|Year ended December 31,|
|Net cash used in operating activities||$||(16,021||)||$||(7,675||)|
|Less: Capitalization of technology||(262||)||(2,217||)|
|Less: Purchase of property and equipment||(516||)||(1,766||)|
|Plus: Proceeds from sale of property and equipment||10||6|
|Free cash flow||$||(16,789||)||$||(11,652||)|
|Net cash used in investing activities||$||(768||)||$||(3,997||)|
|Net cash provided by financing activities||$||11,864||$||9,442|
|Net cash used in operating activities (as a percentage of revenue)||(51||)%||(21||)%|
|Less: Capitalization of technology (as a percentage of revenue)||(1||)%||(6||)%|
|Less: Capitalized internal-use software (as a percentage of revenue)||(2||)%||(5||)%|
|Plus: Proceeds from sale of property and equipment||-||%||-||%|
|Free cash flow margin||(54||)%||(32||)%|
Revenue by Geographic Area
The following table sets forth total revenue by solutions offered by geographic area based on billing address of the customer (in thousands):
|Year ended December 31,|
Components of our Operating Results
We derive revenues from the sale of real-time cloud-based services for each of Cyren’s email security, web security, anti-malware, and advanced threat protection offerings.
We sell all of our solutions as subscription services, either to OEMs and service providers or directly or indirectly to enterprises.
Cost of Revenue
Personnel costs, which consist of salaries, benefits, bonuses, and share-based compensation for employees that operate our network and provide support services to our customers, as well as data center costs, are the most significant components of our cost of revenues. Other costs include third party contractors, royalties for use of third-party technologies, amortization of intangibles and depreciation of data center equipment. We expect these costs may increase in absolute dollars as we continue to optimize our cloud infrastructure and our support services, but should reduce as a percentage of overall revenue.
Our operating expenses consist of research and development, sales and marketing, and general and administrative expenses. Personnel costs, which consist of salaries, benefits, bonuses, and share-based compensation, are the most significant component of our operating expenses. Operating expenses also include allocated overhead costs for facilities, IT, and depreciation. We expect operating expenses to increase in absolute dollars as we continue to grow.
Research and Development. Research and development expenses consist primarily of personnel costs and outsourced engineering services. We believe these investments are crucial for our ability to continue to enhance the functionality of our services, as well as to develop and introduce new services to the market. Development costs related to internal use technology that supports our security services are capitalized on the balance sheet, while other development costs are expensed as they are incurred.
Sales and Marketing. Sales and marketing expenses primarily include personnel costs, sales commissions, marketing activities, and travel associated with sales and marketing. We market and sell our services worldwide through our sales organization and distribution channels. We capitalize sales commissions paid to internal sales personnel and amortize these expenses over an estimated period of benefit that reflects the expected future revenue streams. Sales and marketing expense declined in 2021 but anticipate that we may need to increase investment in these areas related to new products launched in 2020 and enhance our sales and marketing efforts to support our further growth. Our sales personnel are typically not immediately productive, and therefore the increase in expenses we incur when adding personnel is not immediately accompanied by increased revenue and in some cases may not result in increased revenue if these new sales personnel are unsuccessful in becoming productive.
General and Administrative. General and administrative expenses consist primarily of personnel costs, audit fees, legal expenses, recruiting expenses and other general operating costs. We expect our general and administrative expenses to continue to grow in absolute dollars as we continue our operational growth.
Other Income (Expense), net
Other income (expense), net consists generally of capital gain or loss from the sale of assets.
Financial Expenses, net
Financial expenses, net consist mainly of foreign exchange gains and losses, interest expense on our outstanding debt, and interest income earned on our cash and cash equivalents. In 2020 and 2021, these expenses also included income related to the accounting for a multi-year arrangement where a customer paid upfront the full contract value. This has been deemed a significant financing component under ASC 606.
Our tax benefit is derived primarily from income taxes in foreign jurisdictions in which we conduct business. We estimate income taxes in each of the jurisdictions in which we operate. This process involves determining income tax expense together with calculating the deferred income tax expense related to temporary differences resulting from the differing treatment of items for tax and accounting purposes. Deferred tax assets and liabilities are measured using enacted tax rates in effect for the year in which those temporary differences are expected to be recovered or settled. These temporary differences result in deferred tax assets and liabilities, which are included net as applicable within our balance sheets. For most of our recent years, we have incurred operating losses in Israel and the U.S., where we have recorded a full valuation allowance against our deferred tax assets in those jurisdictions.
Results of Operations
The following table sets forth financial data for the years ended December 31, 2021 and 2020 (in thousands):
|Year ended |
|Cost of revenues||15,277||14,786|
|Research and development, net||17,624||16,083|
|Sales and marketing||10,808||11,678|
|General and administrative||9,283||9,583|
|Total operating expenses||37,715||37,344|
|Other income, net||(12||)||5|
|Financial expenses, net ($561 and $590 attributable to related parties, respectively)||(1,360||)||(1,647||)|
|Loss before taxes on income||(23,177||)||(17,384||)|
Comparison of Years Ended December 31, 2021 and 2020
Revenues. 2021 revenues of $31.2 million decreased by $5.2 million from $36.4 million in 2020, which represents a 14% year-over-year decrease. The decrease was mainly driven by a contract reduction from our largest customer (as first disclosed in the Q3 2020 Form 10-Q), which was effective in Q2 2021. The revenue impact of this contract reduction was $2.5 million. Additionally, revenue was adversely impacted by customer contracts at lower values and churn coupled with the end of life of several legacy Enterprise products during 2020. These declines were offset by new customers added in 2021 in our Threat Intelligence business.
During the second quarter of 2020, the Company released two new products, Cyren Inbox Security and Threat InDepth. Since these product launches, the Company has signed numerous new customer contracts representing over $2.8 million in revenue, but due to the timing, duration and ratable nature of the contracts, there was not a material amount of revenue recognized during 2021.
Cost of Revenues. Cost of revenues for 2021 totaling $15.3 million increased by $0.5 million from $14.8 million in 2020, which represents a 3% increase year-over-year. R&D amortization increased in 2021 by $0.3 million due to a full year of CIS amortization as 2020 only included a partial year as it was launched in the second quarter of 2020 along with new projects that went live in 2021 and a result added to amortization expense. Datacenter asset depreciation decreased by $0.1 million due to few purchases in 2021 compared to 2020 along with certain assets becoming fully depreciated. Costs associated with operating the data centers including related software licenses, warranties, and outside services increased by $0.1 million in 2021. Headcount associated with cost of revenues throughout the year decreased from 36 to 32 employees during 2021. Payroll and related expenses increased by $0.2 million composed of higher bonus expense of $0.2 million and new equity grants in 2021 contributing to an increase of $0.2 million, offset by a decrease in payroll and other employee benefits expenses of $0.2 million.
Research and Development, Net. Research and development expenses, net for 2021 totaling $17.6 million increased by $1.5 million from $16.1 million in 2020, which represents an 10% increase year-over-year. Payroll and related expenses decreased by approximately $0.4 million primarily driven by lower headcount. Capitalization of technology development, which reduces expenses, decreased from $2.2 million in 2020 to $0.2 million in 2020, which as a result, increased expense by $2.0 million. This increase in expense was offset by a $0.1 million decrease in expense in 2021 associated in a one-time write-offs of previously capitalized R&D projects that were terminated. Overall, the capitalization of technology development was driven by higher capitalization in 2019 and early 2020 in advance of a new product launch in April 2020.
Sales and Marketing. Sales and marketing expenses for 2021 totaling $10.8 million decreased by $0.9 million, compared to $11.7 million in 2020. The change is mainly due to a $0.6 million decrease in payroll and related expenses due to lower headcount. Sales and Marketing headcount during 2021 decreased from 37 to 33 employees. The use of outside services increased in 2021 by $0.1 million to increase marketing efforts of the new CIS product. An intangible asset impairment was recorded in 2021 for $0.1 million due to a discontinued product is no longer being sold. Intangible asset expense decreased by $0.2 million in 2021as a result of the 2021 impairment previously noted and due to an intangible asset in Q3 2020 that became fully amortized. Allocated costs from the Corp & IT departments due to lower headcount in 2021 decreased by $0.1 million in 2021.
General and Administrative. General and administrative expenses for 2021 totaled $9.3 million decreased by $0.3 million, compared to $9.6 million in 2020, which represents a 3% decrease. Salary and related compensation costs increased by $0.1 million primarily driven by an increase in bonus amounts in 2021 along with an increase in severance costs, offset by lower fringe benefits costs. Employee recruitment increased in 2021 by $0.3 million primarily driven by employee searches in 2021 that did not occur in 2020. Legal expense increased in 2021 by $0.1 million as our general counsel services were outsourced for a portion of 2021. Outside services and consultant expenses decreased by $0.1 million. Audit fees in 2021 decreased by $0.2 million due to a decrease in one-time audit-related services needed in 2020. The allowance for credit loss expense decreased by $0.2 million in 2021 due to improved customer collections. Allocations of Corporate and IT department expenses decrease in 2021 by $0.3 million primarily driven by a decrease in rent and related expenses of $0.2 million in 2021, a decrease in depreciation expense of $0.1 million due to fewer purchases in 2021 and various assets became fully depreciated in 2021 and offset by an increase in insurance costs of $0.3 million. G&A headcount during 2021 decreased from 32 to 28 employees.
Other Income (Expense), Net. Other income (expense), net for 2021 was $0.012 million of expense, compared to $0.005 million of income in 2020. Loss from the disposal of assets was consistent in 2021 and 2020 with expense of $0.017. In 2021, other income was $0.005 compared to $0.022 driven by higher miscellaneous cash receipts.
Financial Expense, Net. Financial expenses, net, for 2021 of $1.4 million decreased by $0.2 million, compared to $1.6 million in 2020.
Financial expense, net is primarily made up of interest associated with the Convertible Debentures issued in March 2020 and the Convertible Notes issued in December 2018. For additional information, please refer to Note 8 of the consolidated financial statements included elsewhere in this Annual Report.
Interest expense associated with the Convertible Notes and Debentures decrease by $0.018 million in 2021 as a result of the maturity of the Convertible Notes paid off in December 2021.
Interest capitalized as a part of R&D capitalization, and is an offset to interest expense, decreased by $0.01 million in 2021 due to fewer projects capitalized in 2021.
The impact of foreign exchange fluctuation decreased expense in 2021 by $0.2 million.
Effective Corporate Tax Rates
Corporate tax rates and real capital gains tax in Israel were 23% in 2021 and 2020. There has been no change to rate in 2021.
The Company’s German subsidiary is subject to German tax at a consolidated rate of approximately 30%.
Other non-Israeli subsidiaries are taxed according to the tax laws in their respective countries of residence.
We do not provide deferred tax liabilities when we intend to reinvest earnings of foreign subsidiaries indefinitely. As of December 31, 2021, there are no undistributed earnings of foreign subsidiaries.
We may currently qualify as an “industrial company” within the definition of the Law for the Encouragement of Industry (Taxation), as such, we may be eligible for certain tax benefits, including, inter alia, special depreciation rates for machinery, equipment and buildings, amortization of patents, certain other intangible property rights and deduction of share issuance expenses.
Net Operating Loss Carry-Forwards
As of December 31, 2021, Cyren Ltd.’s net operating loss carryforwards for tax purposes amounted to $114.2 million and capital loss carryforwards of $17.8 million which may be carried forward and offset against taxable income in the future, for an indefinite period.
As of December 31, 2021, the U.S. subsidiary had net operating loss carryforwards of $42.8 for federal tax purposes and $12.9 for state tax purposes. These losses may offset any future U.S. taxable income of the U.S. subsidiary and will expire in the years 2022 through 2041.
Management currently believes that based upon its estimations for future taxable income, it is more likely than not that the deferred tax assets regarding the loss carryforwards will not be utilized in the foreseeable future. Thus, a valuation allowance was provided to reduce deferred tax assets to their realizable value.
Liquidity and Capital Resources
The Company has incurred losses since inception and expects to continue to incur losses for the foreseeable future and therefore, the Company intends to finance operating costs over the next twelve months through a combination of existing cash on hand, reducing operating spend, potentially divesting assets, and future issuances of equity and/or debt securities. As of December 31, 2021, we had an accumulated deficit of $271.6 million, cash and cash equivalents of $4.3 million, and generated a year-to-date net loss of $23.0 million. We have incurred losses since inception and expect to continue to incur losses for the foreseeable future. Current assets amounted to approximately $7.3 million with current liabilities of approximately $12.7 million, resulting in negative working capital (defined as current assets minus current liabilities) of approximately $5.4 million. The current cash balance and historical trend of cash used in operations along with the lack of certainty regarding a future capital raise, provides substantial doubt about our ability to continue as a going concern for the next twelve months from the date of issuance of this Form Annual Report. The inability to borrow or raise sufficient funds on commercially reasonable terms, would have serious consequences to our financial condition and results of operations.
Our future capital requirements will depend on many factors, including, but not limited to our growth, market acceptance of our offerings, the timing and extent of spending to support our efforts to develop our platform, and the expansion of sales and marketing activities. We may be required to seek additional equity or debt financing. If additional financing is required from outside sources, we may not be able to raise it on terms acceptable to us or at all. If we issue additional equity securities to raise additional funds, further dilution to existing shareholders may occur. However, we cannot predict with certainty the outcome of our actions to generate liquidity, including the availability of additional financing. If we are unable to raise additional capital when desired, our business, financial condition, and results of operations could be adversely affected.
Please see the Financings section below for more details on the Company’s recent efforts to fund operating activities.
The Company intends to finance operating costs over the next twelve months through a combination of existing cash on hand, reducing operating spend, potentially divesting assets and future issuances of equity and/or debt securities. However, the Company has incurred losses since inception and expects to continue to incur losses for the foreseeable future.
The Company’s ability to continue as a going concern is dependent upon the Company growing the business, obtaining the necessary financing to meet its obligations and repay its liabilities arising from normal business operations. The Company’s ability to raise additional equity is limited by the number of authorized shares available. While the Company intends to finance operating costs over the next twelve months through a combination of existing cash on hand, reducing operating spend, potentially divesting assets, and future issuances of equity and/or debt securities the Company cannot predict the availability of additional financing or the outcome of its actions to generate liquidity or maintain compliance with the Nasdaq Capital Market listing standards.
At a Special Meeting of the Company's shareholders held on February 7, 2022, the Company's shareholders approved a Reverse Share Split (including the relevant amendments to the Articles of Association of the Company) within a range of 1:4 to 1:20, and amendments to the Company's Articles of Association authorizing an increase in the Company's authorized share capital (and corresponding authorized ordinary shares) by up to NIS 216 million. The Board of Directors approved the implementation of a one-for-twenty Reverse Share Split and an increase in the Company's authorized share capital by NIS 216 million to NIS 240 million. The Reverse Share Split was effective on February 8, 2022 and the Company’s ordinary shares began trading on a split-adjusted basis on February 9, 2022. Following the Reverse Share Split and increase in authorized share capital, the total number of ordinary shares that the Company is authorized to issue is 80 million shares. While the Company was able to regain compliance with the Nasdaq minimum bid price requirement in February 2022 following the effectiveness of the Reverse Share Split, there can be no assurance that the Company will continue to meet the Nasdaq listing requirements. The inability to remain listed on Nasdaq may make it difficult for us to raise additional capital.
Over the past several years, the Company has devoted most of its effort to research and development and increasing revenues through additional investments in sales and marketing. The Company generated a net loss of $23.0 million for the twelve months ended December 31, 2021 and a negative cash flow of $16.5 million from operating activities for the twelve months ended December 31, 2021. The Company has incurred losses since inception and expects to continue to incur losses for the foreseeable future.
Cash Flows from Operating Activities
Our primary source of cash provided by operating activities is revenues generated from sales of our services. Our primary uses of cash from operating activities include personnel costs, costs associated with maintaining our datacenters and services necessary to support our customers.
Cash used in operating activities is calculated by adjusting our net loss for changes in working capital, as well as by excluding non-cash items such as: depreciation, non-cash operating lease expense, amortization expense of intangible assets, share-based compensation, write-off of technology R&D capitalization, amortization of deferred commissions, deferred taxes, net, non-cash interest expense on the convertible notes and Convertible Debentures.
In 2021, net cash used in operating activities was $16.0 million and was primarily due to a net loss of $23.0 million adjusted for non-cash activity of $2.9 million amortization of intangible assets, $0.6 million for the write-off of previously capitalized R&D, $0.1 million intangible asset impairment, $2.1 million depreciation of property and equipment, $2.5 million share-based compensation expenses, $1.3 million amortization of deferred commissions, $1.8 million in amortization of operating lease right-of-use assets associated with the adoption of ASC 842 effective January 1, 2019, a $0.3 million increase in trade payables and offset by a $2.3 million decrease in deferred revenues, a decrease in deferred commissions of $1.2 million, a decrease in prepaid expenses and other receivables of $0.3 million, a decrease in employees and payroll accruals, accrued expenses and other liabilities of $0.2 million and a decrease in operating lease liabilities of $1.8 million.
In 2020, net cash used in operating activities was $7.7 million and was primarily due to a net loss of $17.3 million adjusted for non-cash activity of $2.8 million amortization of intangible assets, $0.7 million for the write-off of previously capitalized R&D, $2.3 million depreciation of property and equipment, $2.4 million s-based compensation expenses, $1.5 million amortization of deferred commissions, $2.1 million in amortization of operating lease right-of-use assets associated with the adoption of ASC 842 effective January 1, 2019, a $1.3 million increase in trade receivables, net and offset by a $1.9 million decrease in deferred revenues, a decrease in deferred commissions of $1.1 million, a decrease in trade payables of $0.4, and a decrease in operating lease liabilities of $1.6 million.
Cash Flows from Investing Activities
Cash used in investing activities primarily consists of payments related to capitalized technology, purchases of computer and network equipment to support our datacenter infrastructure, and furniture and equipment. The extent of these investments will be affected by our ability to expand relationships with existing customers, grow our customer base, as well as constraints on cash expenditures due to our financial position and the current economic environment.
In 2021, net cash used in investing activities consisted of $0.3 million for capitalization of technology and $0.5 million used to purchase property and equipment primarily associated with datacenter assets.
In 2020, net cash used in investing activities consisted of $2.2 million for capitalization of technology primarily related to the develop of the CIS product which launched in the second quarter of 2020 and $1.8 million used to purchase property and equipment related to upgrades to datacenter equipment and office furnishing for the new Berlin, Germany office.
Our capital expenditures over the last several years consisted primarily of continued investment in R&D and also purchases of property and equipment to modernize and expand our data centers and to invest in our infrastructure in order to support new products and facilitate the growth of the Company. We anticipate that capital expenditures for 2022 will be approximately $0.8 million.
Cash Flows from Financing Activities
The changes in cash flows from financing activities primarily relate to the issuance of the Convertible Debentures, and the issuance of ordinary shares and warrants to fund operations, offset by the repayment of debt upon maturity.
In 2021, net cash generated by financing activities was $11.9 million attributable to the proceeds from the issuance of shares and warrants, net of costs of $9.3 million in September 2021, and the proceeds from the issuance of shares, net of costs of $12.6 million in March 2021, offset by the $10.0 principal repayment of the Convertible Notes at their maturity in December 2021.
In 2020, net cash generated by financing activities was $9.4 million attributable to the issuance of Convertible Debentures in March 2020 with gross proceeds of $10.2 million, offset by the payment of debt issuance costs of $0.8 million.
As of December 31, 2021, and 2020, we had negative working capital of $5.4 and $12.9 million, respectively. The decrease in negative working capital is primarily attributable to the principal repayment of the Convertible Notes in December 2021 offset by lower cash balance due to the aforementioned principal repayment and a decline in deferred revenue due to the timing of contract renewals.
On December 5, 2018, the Company issued $10.0 million aggregate principal amount of convertible notes in a private placement to affiliates of an existing minority institutional shareholder. The convertible notes were unsecured, unsubordinated obligations of Cyren and carried 5.75% interest rate, payable semi-annually in (i) 50% cash and (ii) 50% cash or ordinary shares at Cyren’s election. The notes matured in December 2021. The notes were issued with a conversion price of $78.00 per share which was subject to adjustment using a weighted-average ratchet mechanism based on the size and price of future equity offerings and the total shares outstanding. The convertible notes principal and last interest payment was paid in December 2021 in accordance with the terms of the convertible notes. The Company has no outstanding obligations associated with these convertible notes.
On March 19, 2020, we issued $10.25 million aggregate principal amount of Convertible Debentures in a private placement to certain investors. The Convertible Debentures are secured by a guarantee by two of our subsidiaries and carry a 5.75% interest rate, payable semi-annually in cash or, subject to the satisfaction of certain equity conditions, in ordinary shares. The Convertible Debentures mature in March 2024, unless converted in accordance with their terms prior to maturity. The Convertible Debentures have an initial conversion price of $15.00 per share, subject to adjustments. If the closing bid price of our ordinary shares has been at least $45.00 (subject to adjustment) for at least 20 trading days during any 30 consecutive trading day period, and certain conditions are satisfied, we may force a conversion of all or any part of the outstanding principal amount of the Convertible Debentures, accrued and unpaid interest and any other amounts then owing, subject to certain conditions.
On February 16, 2021, we issued to several institutional investors in a registered direct offering, 600,000 of our ordinary shares at a purchase price of $23.00 per share for net proceeds of approximately $12.6 million. We used the proceeds from this offering for working capital and general corporate purposes.
We also issued to the placement agent or its designees warrants to purchase up to 36,000 ordinary shares, representing 6% of the aggregate number of ordinary shares sold in the offering. The placement agent warrants have an exercise price equal to $28.75, or 125% of the offering price, per Ordinary Share and became exercisable on August 16, 2021 for five years from the effective date of the offering.
On September 17, 2021, we issued to several institutional investors in a private placement, 707,639 of our ordinary shares at a purchase price of $14.40 per share and warrants to purchase up to 707,639 ordinary shares at an exercise price of $12.00 per share for net proceeds of approximately $10.2 million. We used the gross proceeds from this offering for working capital and general corporate purposes. The warrants were exercisable immediately and terminate on March 17, 2025.
We also issued to the placement agent or its designees warrants to purchase up to 42,459 ordinary shares, representing 6.0% of the aggregate number of ordinary shares sold in the offering. The placement agent warrants have an exercise price equal to $18.00 per share, or 125% of the offering price per share and were exercisable immediately and terminate on March 17, 2025.
On February 14, 2022, we issued to several institutional investors in a private placement, 3,129,075 ordinary shares (or ordinary share equivalents) and warrants to purchase up to 3,129,075 ordinary shares at a purchase price of $3.835 per share (or ordinary share equivalent) and associated warrant for net proceeds of approximately $12 million. We used the gross proceeds from this offering for working capital and general corporate purposes. The warrants were exercisable immediately, have an exercise price of $3.71 per ordinary share and terminate on August 16, 2027.
We also issued to the placement agent or its designees warrants to purchase up to 187,745 ordinary shares, representing 6.0% of the aggregate number of ordinary shares sold in the offering. The placement agent warrants have an exercise price equal to $4.79 per share, or 125% of the offering price per share and were exercisable immediately and terminate on February 15, 2027.
In connection with our private placement to Warburg Pincus in November 2017, in which we issued approximately 530,000 thousand ordinary shares for $37.00 per share, we and Warburg Pincus entered into a registration rights agreement, which, among other things, provides Warburg Pincus with three demand registration rights, piggyback and shelf registration rights. The demand registration rights may be exercised starting August 6, 2018, subject to certain customary blackout periods.
In connection with issuance of the Convertible Debentures, we entered into a registration rights agreement with the purchasers. Pursuant to that agreement, we filed a registration statement on Form S-3 with the SEC covering the resale of our ordinary shares that are issuable to the purchasers upon any conversion of the Convertible Debentures or as interest payments.
On September 21, 2018, we filed a shelf registration statement on Form F-3 with the SEC, which we converted to a Form S-3 on August 16, 2019. This registration statement enables us to issue debt securities, ordinary shares, warrants or subscription rights up to an aggregate amount of $50 million. Under the rules governing shelf registration statements, we will file a prospectus supplement with the SEC which describes the amount and type of securities being offered each time we issue securities under this registration statement. In November 2019, we issued shares as part of our rights offerings and in February 2021, we issued shares in the registered direct offering using our Form S-3 as described above. Our market capitalization may limit our ability to raise additional capital in the public markets. Although we are currently eligible to use our Form S-3, we are limited to selling no more than one-third of our unaffiliated market capitalization, or public float, on Form S-3 in a 12-month period as our public float is below $75 million.
Critical Accounting Policies and Estimates
This section is based upon our consolidated financial statements, which have been prepared in accordance with U.S. GAAP. The preparation of these financial statements requires management to make estimates, judgements and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes. Actual results could differ from those estimates. On an ongoing basis, the Company’s management evaluates estimates, including those related to fair value and useful lives of intangible assets, fair value of earn-out liabilities, valuation allowance on deferred tax assets, income tax uncertainties, fair values of share-based awards, other contingent liabilities and estimates used in applying the revenue recognition policy. Such estimates are based on historical experience and on various other assumptions that are believed to be reasonable, the results of which form the basis for making judgments about the carrying values of assets and liabilities.
While our significant accounting policies are described in more detail in the notes to our financial statements included in this Annual Report, the critical accounting policies requiring estimates, assumptions, and judgements that we believe have the most significant impact on our consolidated financial statements are described below. These estimates and assumptions may change in the future, however, as new events occur and additional information is obtained.
Intangible assets that are not considered to have an indefinite useful life are amortized over their estimated useful lives, which range from 1 to 20 years. Acquired customer contracts and relationships are amortized over their estimated useful lives in proportion to the economic benefits realized. This accounting policy results in accelerated amortization of such customer contracts and relationships arrangements as compared to the straight-line method. Technology, intellectual property, and trademarks are amortized over their estimated useful lives on a straight-line basis.
Impairment of Long-Lived Assets
The Company’s long-lived assets and identifiable intangibles are reviewed for impairment in accordance with ASC 360 “Property, Plant and Equipment”, whenever events or changes in circumstances indicate that the carrying amount of an asset may not be recoverable.
Recoverability of these assets is measured by comparison of the carrying amount of each asset group to the future undiscounted cash flows the asset group is expected to generate. If the asset is considered to be impaired, the amount of any impairment is measured as the difference between the carrying value and the fair value of the impaired asset.
In the year-ended December 31, 2021, the Company recognized an impairment loss of $0.1 related to a trademark for a product that was discontinued in 2021. This amount has been recognized in sales and marketing expense. While this was a non-cash charge, it is expected to reduce amortization expense by $0.1 in 2022, when the asset would have been fully amortized.
The Company did not record an impairment related to year-ended December 31, 2020.
Goodwill represents the excess of the purchase price in a business combination over the fair value of net tangible and intangible assets acquired. Goodwill is not amortized, but rather is subject to an impairment test.
The Company performs an annual impairment test at December 31, of each fiscal year, or more frequently if impairment indicators are present. The Company operates in one operating segment, and this segment comprises its only reporting unit.
ASC 350 prescribes a two-phase process for impairment testing of goodwill. The first phase screens for impairment, while the second phase (if necessary) measures impairment. Goodwill impairment is deemed to exist if the net book value of a reporting unit exceeds its estimated fair value determined using market capitalization. In such case, the second phase is then performed, and the Company measures impairment by comparing the carrying amount of the reporting unit’s goodwill to the implied fair value of that goodwill. An impairment loss is recognized in an amount equal to the excess. ASC 350 allows an entity to first assess qualitative factors to determine whether it is necessary to perform the two-step quantitative goodwill impairment test. An entity is not required to calculate the fair value of a reporting unit unless the entity determines, based on a qualitative assessment, that it is more likely than not that its fair value is less than its carrying amount. Alternatively, ASC 350 permits an entity to bypass the qualitative assessment for any reporting unit and proceed directly to performing the first step of the goodwill impairment test. Accordingly, the Company elected to proceed directly to the first step of the quantitative goodwill impairment test and compares the fair value of the reporting unit with its carrying value.
For each of the two years in the period ended December 31, 2021, no impairment losses have been identified.
Fair Value Measurements
The carrying amounts of cash and cash equivalents, trade receivables, prepaid expenses, other receivables, and trade payables, approximate their fair values due to the short-term maturities of such financial instruments.
Fair value is an exit price, representing the amount that would be received to sell an asset or paid to transfer a liability in an orderly transaction between market participants. As such, fair value is a market-based measurement that should be determined based on assumptions that market participants would use in pricing an asset or a liability. A three-tiered fair value hierarchy is established as a basis for considering such assumptions and for inputs used in the valuation methodologies in measuring fair value:
Level 1 - Quoted prices (unadjusted) in active markets for identical assets or liabilities that the Company can access at the measurement date.
Level 2 - Inputs other than quoted prices included within Level 1 that are observable for the asset or liability, either directly or indirectly.
Level 3 - Unobservable inputs for the asset or liability.
The availability of observable inputs can vary from instrument to instrument and is affected by a wide variety of factors, including, for example, the type of instrument, the liquidity of markets and other characteristics particular to the transaction. To the extent that valuation is based on models or inputs that are less observable or unobservable in the market, the determination of fair value requires more judgment and the instruments are categorized as Level 3.
The fair value hierarchy also requires an entity to maximize the use of observable inputs and minimize the use of unobservable inputs when measuring fair value.
Effective January 1, 2018, the Company adopted the requirements of ASC 606 under the modified retrospective method of transition which was applied to all customer contracts that were not completed on the effective date of ASC 606. The Company implemented internal controls and key system functionality to enable the preparation of financial information on adoption. The adoption of ASC 606 resulted in changes to the Company’s accounting policies for revenue recognition previously recognized under ASC 605 as detailed below.
Revenue Recognition Policy
The Company derives its revenues from the sale of real-time cloud-based services for each of Cyren’s email security, web security, anti-malware, and advanced threat protection offerings.
The Company sells all of its solutions as subscription services, either through OEMs, which are considered end-users, or as complete security services directly, or via our partners, to enterprises.
The Company recognizes revenue under the core principle that transfer of control to the Company’s customers should be depicted in an amount reflecting the consideration the Company expects to receive in revenue.
Subscription Service Revenue - Subscription service revenue is derived from a subscription-based licensing model with contract terms typically ranging from one to three years, and consists of (1) subscription fees from the licensing of the Company’s Enterprise or Threat Intelligence Services and (2) subscription fees for real-time threat updates and software with support and related future updates where the software updates are critical to the customers’ ability to derive benefit from the software due to the fast changing nature of the technology. These function together as one performance obligation. The hosted on-demand service arrangements do not provide customers with the right to take possession of the software supporting the hosted services. Support revenue is derived from ongoing security updates, upgrades, bug fixes, and maintenance. A time-elapsed method is used to measure progress because the Company transfers control evenly over the contractual period. Accordingly, the fixed consideration related to subscription service revenue is generally recognized on a straight-line basis over the contract term beginning on the date access is provided, as long as other revenue recognition criteria have been met. Most of the company’s contracts are non-cancelable over the contract term. Customers typically have the right to terminate their contract for cause if the Company fails to perform in accordance with the contractual terms. Some of the Company’s customers have the option to purchase additional subscription services at a stated price. These options are evaluated on a case-by-case basis but generally do not provide a material right as they are priced at or above the Company’s standalone selling price and, as such, would not result in a separate performance obligation.
Variable Consideration - Revenue from sales is recorded at the net sales price, which is the transaction price, and includes estimates of variable consideration. The amount of variable consideration that is included in the transaction price is constrained and is included in the net sales price only to the extent that it is probable that a significant reversal in the amount of the cumulative revenue will not occur when the uncertainty is resolved. If the Company’s services or products do not meet certain service level commitments, the Company’s customers are entitled to receive service credits representing a form of variable consideration. The Company has not historically experienced any significant incidents affecting the defined levels of reliability and performance as required by the Company’s subscription contracts. Accordingly, there are no estimated refunds related to these contracts in the consolidated financial statements during the periods presented.
The Company capitalizes sales commissions paid to internal sales personnel that are generally incremental to the acquisition of customer contracts. These costs are recorded as deferred commissions on the consolidated balance sheets. The Company determines whether costs should be deferred based on its sales compensation plans if the commissions are incremental and would not have occurred absent the customer contract. Sales commissions for renewal of a subscription contract are not considered commensurate with the commissions paid for the acquisition of the initial subscription contract given the substantive difference in commission rate between new and renewal contracts. Commissions paid upon the initial acquisition of a contract are amortized over an estimated period of benefit while commissions paid related to renewal contracts are amortized over a contractual renewal period. Amortization is recognized based on the expected future revenue streams under the customer contracts. Amortization of deferred sales commissions is included in sales and marketing expense in the accompanying consolidated statements of operations. The Company determines the period of benefit for commissions paid for the acquisition of the initial subscription contract by taking into consideration factors such as peer estimates of technology lives and customer lives as well as the Company’s own historical data. The Company classifies deferred commissions as current or long-term based on the timing of when the Company expects to recognize the expense. The Company periodically reviews these deferred commission costs to determine whether events or changes in circumstances have occurred that could impact the period of benefit of these deferred contract acquisition costs. There were no material impairment losses recorded during the periods presented.
The Company capitalizes development costs incurred during the application development stage which are related to internal-use technology that supports its security services. Costs related to preliminary project activities and post implementation activities are expensed as incurred as research and development costs on the statements of operations. Capitalized internal-use technology is included in intangible assets on the balance sheet and is amortized on a straight-line basis over its estimated useful life, which is generally one to three years. Amortization expenses are recognized under cost of goods sold. Management evaluates the useful lives of these assets on an annual basis and tests for impairment whenever events or changes in circumstances occur that could impact the recoverability of these assets.
Accounting for Share–Based Compensation
ASC 718 - “Compensation-stock Compensation”- (“ASC 718”) requires companies to estimate the fair value of equity-based payment awards on the date of grant using an option-pricing model. The value of the portion of the award that is ultimately expected to vest is recognized as an expense over the requisite service periods in the Company’s consolidated statements of operations.
The Company recognizes compensation expense for the value of its awards on a straight-line basis over the requisite service period of each of the awards, net of estimated forfeitures. Estimated forfeitures are based on actual historical pre-vesting forfeitures. ASC 718 requires forfeitures to be estimated at the time of grant and revised, if necessary, in subsequent periods if actual forfeitures differ from those estimates. Estimated forfeitures are based on actual historical pre-vesting forfeitures (pursuant to the adoption of ASU 2016-09, the Company made a policy election to estimate the number of awards that are expected to vest).
The Company estimates the fair value of stock options granted using the Black-Scholes option-pricing model. The option-pricing model requires a number of assumptions, of which the most significant are the expected stock price volatility and the expected option term. Expected volatility was calculated based upon actual historical stock price movements over the most recent periods ending on the grant date, equal to the expected term of the options. The expected term of options granted represents the period of time that options granted are expected to be outstanding, based upon historical experience. The risk-free interest rate is based on the yield from U.S. treasury bonds with an equivalent term. The Company has historically not paid dividends and has no foreseeable plans to pay dividends.
The Company applies ASC 718, and ASC 505-50, “Equity Based Payments to Non-Employees” (“ASC 505-50”), with respect to options issued to non-employees.
The fair value for options granted in 2021 and 2020 is estimated at the date of grant using a Black-Scholes options pricing model with the following assumptions:
|Year ended |
|Volatility||67% - 71||%||47% - 60||%|
|Risk-free interest rate||0.40% - 1.12||%||0.23% - 1.40||%|
|Expected life (years)||4.1|
Accounting for Income Tax
The Company accounts for income taxes in accordance with ASC 740, “Income Taxes” (“ASC 740”). ASC 740 prescribes the use of the liability method whereby deferred tax asset and liability account balances are determined based on differences between financial reporting and tax bases of assets and liabilities and are measured using the enacted tax rates and laws that will be in effect when the differences are expected to reverse. The Company provides a valuation allowance to reduce deferred tax assets to amounts more likely than not to be realized.
ASC 740 contains a two-step approach to recognizing and measuring a liability for uncertain tax positions. The first step is to evaluate the tax position taken or expected to be taken in a tax return by determining if the weight of available evidence indicates that it is more likely than not that, on an evaluation of the technical merits, the tax position will be sustained on audit, including resolution of any related appeals or litigation processes. The second step is to measure the tax benefit as the largest amount that is more than 50% (cumulative basis) likely to be realized upon ultimate settlement.
The Company accounting for leases according to ASC 842, Leases. The Company determines if an arrangement is a lease and the classification of that lease at inception. ROU assets represent the right to use an underlying asset for the lease term and lease liabilities represent the Company’s obligation to make lease payments arising from the lease. For leases with terms greater than 12 months, the Company records the ROU asset and liability at commencement date based on the present value of lease payments according to their term.
The Company uses incremental borrowing rates based on the estimated rate of interest for collateralized borrowing over a similar term of the lease payments at commencement date. The ROU asset also includes any lease payments made and excludes lease incentives. Lease terms may include options to extend or terminate the lease when it is reasonably certain that the Company will exercise that option. Lease expenses are recognized on a straight-line basis over the lease term.
In addition, the carrying amount of the ROU and lease liabilities are remeasured if there is a modification, a change in the lease term, a change in the in-substance fixed lease payments or a change in the assessment to purchase the underlying asset.
The Company elected the practical expedient for lease agreements with a term of twelve months or less and does not recognize ROU assets and lease liabilities in respect of those agreements. The Company also elected the practical expedient to not separate lease and non-lease components for its leases.
Recent Accounting Pronouncements
Refer to Note 2 of the notes to our consolidated financial statements included in Part II, Item 8 of this Annual Report for a more detailed description of recent accounting pronouncements.
ITEM 7A. QUANTITATIVE AND QUALITATIVE DISCLOSURES ABOUT MARKET RISK
Not required for smaller reporting companies.
Impact from the COVID-19 Outbreak
On March 11, 2020, the World Health Organization declared the outbreak of a respiratory disease caused by a new coronavirus as a “pandemic” which is now known as COVID-19. The outbreak has impacted thousands of individuals worldwide. In response, many countries have implemented measures to combat the outbreak which have impacted global business operations.
As of the date of issuance of the financial statements included elsewhere in this Annual Report, the Company’s operations have not been significantly impacted, however, the Company continues to monitor the situation. The ultimate extent of the impact of any epidemic, pandemic or other health crisis on our business, financial condition and results of operations will depend on future developments, which are highly uncertain and cannot be predicted, including new information that may emerge concerning the severity of such epidemic, pandemic or other health crisis and actions taken to contain or prevent their further spread, among others. Although vaccines for COVID-19 have been developed and are being administered in the United States and other countries around the world, the expansion of administering these vaccines to additional people within these countries, the long-term efficacy of these vaccines, and the receptivity of many people to receiving these vaccines, remain uncertain.
No impairments were recorded as of the balance sheet date as no triggering events or changes in circumstances had occurred as of year-end; however, due to significant uncertainty surrounding the situation, management’s judgment regarding this could change in the future.
In addition, while the Company’s results of operations, cash flows and financial condition could be negatively impacted, the extent of any future impact cannot be reasonably estimated at this time.
ITEM 8. FINANCIAL STATEMENTS AND SUPPLEMENTARY DATA
Financial statements and supplementary data are on pages F-1 through F-36.
ITEM 9. CHANGES IN AND DISAGREEMENTS WITH ACCOUNTANTS ON ACCOUNTING AND FINANCIAL DISCLOSURE
ITEM 9A. CONTROLS AND PROCEDURES
Disclosure Controls and Procedures
As of December 31, 2021, we performed an evaluation under the supervision and with the participation of our management, including our Chief Executive Officer and Chief Financial Officer, of the effectiveness of the design and operation of our disclosure controls and procedures (as defined in Rules 13a-15(e) and 15d-15(e) of the Exchange Act). Our management recognizes that any controls and procedures, no matter how well designed and operated, can provide only reasonable assurance of achieving their objectives and our management necessarily applies its judgment in evaluating the cost-benefit relationship of possible controls and procedures. Based on this evaluation, our Chief Executive Officer and Chief Financial Officer concluded that our disclosure controls and procedures are effective as of December 31, 2021, to provide reasonable assurance that the information required to be disclosed in filings and submissions under the Exchange Act, is recorded, processed, summarized, and reported within the time periods specified by the SEC’s rules and forms, and that such information related to us and our consolidated subsidiary is accumulated and communicated to management, including the Chief Executive Officer and Chief Financial Officer, as appropriate to allow timely decisions about required disclosure.
Management’s Annual Report on Internal Control over Financial Reporting
Our management is responsible for establishing and maintaining adequate internal control over our financial reporting, as such term is defined in Rule 13a-15(f) under the Exchange Act. Our internal control over financial reporting system was designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles.
A company’s internal control over financial reporting includes those policies and procedures that (i) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (ii) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (iii) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements.
Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements and even when determined to be effective can only provide reasonable assurance with respect to financial statements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.
Our management assessed our internal control over financial reporting as of December 31, 2021. Our management based its assessment on criteria established in Internal Control- Integrated Framework (2013) issued by the Committee of Sponsoring Organization of the Treadway Commission. Based on this assessment, our management has concluded that, as of December 31, 2021, our internal control over financial reporting is effective.
This Annual Report does not include an attestation report of our independent registered public accounting firm regarding internal control over financial reporting. Management’s report was not subject to attestation by our independent registered public accounting firm pursuant to a provision under the Dodd-Frank Wall Street Reform and Consumer Protection Act which grants a permanent exemption for non-accelerated filers from complying with Section 404(b) of the Sarbanes-Oxley Act of 2002.
During the quarter ended December 31, 2021, there were no changes to our internal control over financial reporting that have materially affected, or are reasonably likely to materially affect, our internal control over financial reporting.
ITEM 9C. DISCLOSURE REGARDING FOREIGN JURISDICTION THAT PREVENTS INSPECTIONS
ITEM 10. DIRECTORS, EXECUTIVE OFFICERS AND CORPORATE GOVERNANCE
The following table identifies our current directors, their ages and their respective positions.
|Name||Age||Position with CYREN|
|Hila Karah (1)(2)(3)(4)||53||Director|
|James Hamilton (4)||58||Chairman of the Board|
|David Earhart (1)(2)(3)(4)||60||Director|
|John Becker (1)(3)(4)||64||Director|
|Cary Davis (4)||55||Director|
|Brian Chang (2) (4)||40||Director|
|Lauren Zletz (4)||35||Director|
|Rajveer Kushwaha (4)||54||Director|
|Brett Jackson||63||Chief Executive Officer and Director|
Cary Davis, Brian Chang, Lauren Zletz and Rajveer Kushwaha are employees of an affiliate of Warburg Pincus.
|(1)||Member of the compensation committee.|
|(2)||Member of nominating and governance committee.|
|(3)||Member of the audit committee.|
|(4)||Determined by the Board to be an independent director pursuant to Nasdaq Corporate Governance Listing Rule 5605(a)(2) and the Israeli Companies Law, 1999 (the “Companies Law”).|
Hila Karah joined the Board in March 2008. Ms. Karah is an experienced board director and, since 2013, serves as an independent business consultant to private and public companies on strategy, operations, financing, regulatory and corporate governance. From November 2017 to September 2018, Ms. Karah was the executive chairperson of FloraFotonica Ltd., an Israeli Agro Tech startup. From 2006 until 2013, Ms. Karah was the chief investment officer of Eurotrust Ltd., a family office, where she focused primarily on investments in life science, internet, and high-tech companies. Prior to joining Eurotrust, Ms. Karah served as a senior analyst at Perceptive Life Sciences Ltd., a New York-based hedge fund. Prior to her position at Perceptive, Ms. Karah was a research analyst at Oracle Partners Ltd., a healthcare-focused hedge fund based in Connecticut. Ms. Karah has served on the board of Intec Pharma Ltd. a specialty pharma company (Nasdaq: NTEC) since 2009 and the board of Dario Health Corp. (Nasdaq: DRIO) since 2014. She also serves on the board of several private companies. Ms. Karah has a BA in molecular and cell biology from the University of California, Berkeley, and has studied at the UCSB – UCSF Joint Medical Program. We believe Ms. Karah is qualified to serve on our board of directors because of her longstanding service with us, her investment career in high-tech companies and experience serving on public company boards.
James Hamilton joined the Board in February 2012. Mr. Hamilton has been Chief Executive Officer of Vitaltech Holdings since August 2018 and Chairman of Wedge Networks, a security solution company since August 2015. Mr. Hamilton is also the president of Valletta Capital, LLC since 2014. Mr. Hamilton has more than 25 years of leadership experience in senior executive roles across many highly successful high-tech companies. He brings proven success at building and leading high-potential, high growth companies from startup to IPO and often through acquisition. Mr. Hamilton was the CEO of Tipping Point, the renowned market leader in Intrusion Prevention Systems (IPS). Mr. Hamilton was also president of Click Security, and president of Efficient Networks, which also achieved a highly successful IPO and was later acquired by Siemens. He has also held various senior sales roles with multiple companies; most recently as SVP of worldwide sales and field operations at Cyan, Inc from March 2013 through August 2015. Mr. Hamilton is active in multiple venture capital, corporate, and charitable boards. We believe Mr. Hamilton is qualified to serve on our board of directors because of his longstanding service with us and his extensive leadership experience in senior executive roles across many highly successful high-tech companies.
David Earhart joined the Board as an External Director in July 2013. David Earhart is the President of One Identity, a Quest Software business, which was spun out of Dell Software and is backed by Francisco Partners and Elliott Management since December 2017. Previously, David was CEO of Core Security from July 2015 and served as SVP of Worldwide Field Operations for Damballa, a leading provider of advanced threat protection, from January 2013. In this role, he was responsible for record, triple-digit growth. Beginning in December 2006, David was SVP of Security (IAM) Field Operations at CA Technologies, where his team delivered 300% growth in the security business. Prior to that, David held leadership and executive positions at BMC Software and venture-backed companies within the sales, support, and services functions. He holds a B.B.A. in Finance from Texas Tech University. We believe Mr. Earhart is qualified to serve on our board of directors because of his longstanding service with us and his extensive leadership experience in senior executive roles across many highly successful high-tech companies, including more than 20 years of security and systems management experience.
John Becker joined the Board as an External Director in April 2017. Mr. Becker has been a consultant since October 2013 and brings more than 30 years of security industry and technology experience and offers a lengthy record of growing highly successful companies. In addition to serving on numerous boards, he previously served as the Chief Executive Officer of Sourcefire, ScienceLogic, Approva, Cybertrust, Trusecure, and AXENT Technologies. Mr. Becker is a CPA and graduated from the Robins School of Business at the University of Richmond. We believe Mr. Becker is qualified to serve on our board of directors because of his extensive leadership experience in senior executive roles across many highly successful high-tech companies and his accounting background.
Cary Davis joined the Board in November 2017. Mr. Davis is a Managing Director at Warburg Pincus, which he joined in 1994, and focuses on investments in the software and financial technology sectors. He also serves on the boards of several private companies. Prior to joining Warburg Pincus, he was Executive Assistant to Michael Dell at Dell Computer and a consultant at McKinsey & Company. Mr. Davis received a B.A. in economics from Yale University and an M.B.A. from Harvard Business School. We believe Mr. Davis is qualified to serve on our board of directors because of his investment career in high-tech companies and experience serving on company boards.
Brian Chang joined the Board in November 2017. Mr. Chang is a Managing Director at Warburg Pincus, which he joined in 2005 and returned in 2009. Mr. Chang focuses on investments in the technology, software, and financial technology sectors. He currently serves on the board of several private companies. Prior to joining Warburg Pincus, Mr. Chang worked at Merrill Lynch focusing on corporate finance and mergers and acquisitions transactions. Mr. Chang received a B.S. with Distinction in electrical engineering from Stanford University and an M.B.A. from the Stanford University Graduate School of Business. We believe Mr. Chang is qualified to serve on our board of directors because of his investment career in high-tech companies and experience serving on company boards.
Lauren Zletz joined the Board in May 2018. Ms. Zletz is a Principal at Warburg Pincus, which she joined in 2015. Prior to joining Warburg Pincus, Lauren worked in private equity at Thomas H. Lee Partners from July 2011 to July 2013, and investment banking at Greenhill & Company from June 2009 to June 2011. Lauren focuses on investments in the technology, software, and internet sectors, and has served on the boards of several companies. Lauren received an A.B. in Social Studies from Harvard College and an M.B.A. from the Stanford Graduate School of Business. We believe Ms. Zletz is qualified to serve on our board of directors because of her investment career in high-tech companies and experience serving on company boards.
Rajveer Kushwaha joined the Board in August 2018. Mr. Kushwaha is the Chief Technology Officer and a Managing Director at Warburg Pincus, which he joined in 2012. Mr. Kushwaha has over 25 years of experience in leading commercial software product development, strategic planning, technology operations, business transformation, ERP implementations, and process outsourcing initiatives at Fortune 500 companies in a variety of industries. Prior to joining Warburg Pincus, Mr. Kushwaha held senior management positions at Zimmer Holdings Inc., Dell Computer Corporation, First Data Corporation (FDC), Cummins Engine Company and Safway, Inc. He has been recognized as one of the top 100 IT innovators in the automotive/manufacturing industry, is the recipient of a CIO 100 innovation award and has filed numerous patents in the field of disruptive services technologies. Mr. Kushwaha holds an M.S. in management of technology from MIT, an M.B.A. from the University of Wisconsin at Madison, and Idaho State University; a B.S. in electrical engineering from India and completed the Advanced Management Program (AMP) from Harvard University. We believe that Mr. Kushwaha is qualified to serve on our board of directors because of his significant software and technical experience and his experience holding senior management positions in the high-tech industry.
The following table identifies our current executive officers, their ages, and their respective positions.
|Brett Jackson||63||Chief Executive Officer and Director|
|Boris Bogod||47||Vice President, Global Cloud Operations|
|Bruce Johnson||65||Vice President, Sales North America|
|Isaac Dvir||44||Senior Vice President, R&D|
|Lior Kohavi||51||Chief Strategy Officer & EVP, Advanced Solutions|
|Eva Markowitz||47||Vice President, Human Resources|
|Michael Tamir||48||Vice President, Global Support Services|
|Brian Dunn||48||General Counsel|
|Mike Fleck||47||Vice President, Marketing|
|Kenneth Tarpey||69||Chief Financial Officer|
Brett Jackson joined Cyren in May 2019 as our Chief Executive Officer. Previously, he served as Chief Executive Officer of Digital Reasoning, an artificial intelligence analytics software company, from April 2017 to February 2019. Prior to Digital Reasoning, Mr. Jackson was Chief Executive Officer of Logi Analytics from December 2008 to April 2016 and Chairman of Logi Analytics from May 2016 to October 2017. Earlier, Mr. Jackson was Chief Executive Officer of Digital Harbor and eSecurity, and previously served as Chief Operating Officer of Cybertrust (acquired by Verizon) and Axent Technologies (acquired by Symantec).
Boris Bogod joined Cyren in August 2017 and is responsible for the infrastructure and operation of Cyren’s global security cloud. He brings to the task over 20 years of experience deploying, managing, and optimizing IT networks and the delivery of cloud services. Mr. Bogod joined Cyren from Sears Israel (subsidiary of SHC) where he served as Director of Operations and then Vice President of Operations from August 2010 to August 2017, and previously held senior operations and infrastructure management positions for several Web based companies including ICAP, Playtech and others. Mr. Bogod holds a B.Sc. in Industrial Engineering and Management (specialization in Information Systems) from Ben-Gurion University in the Negev.
Bruce Johnson joined Cyren in August 2019 and is responsible for leading Cyren’s sales and go-to-market activities in the Americas. He has over 30 years of experience leading sales teams for high-growth cybersecurity companies, including several which have had successful exits. Bruce has held senior sales leadership positions at 4iQ (April 2018 – January 2019), Vaultive (September 2015 – March 2018), Fortscale (July 2014 – June 2015), Thales-Vormetric (May 2003 – January 2014), Entercept Security Technologies, Arcot Systems and Axent. He holds a Bachelor’s degree in Economics and Marketing from California State University in Chico.
Issac Dvir joined Cyren in September 2021 and is responsible for Cyren’s R&D efforts globally. Prior to joining Cyren Mr. Dvir was the R&D Director of Mobile Threat Prevention Products at Check Point. Prior to Check Point he was CTO as well as VP of Cyber R&D at KELA, a cyberthreat intelligence company. He served as an officer with the Israeli military for ten years, in intelligence focusing on cybersecurity. Isaac holds a B.Sc. in communication systems engineering from Ben-Gurion University of the Negev and an Executive MBA from The Hebrew University of Jerusalem.
Lior Kohavi joined Cyren in June 2013 as Chief Technology Officer and was appointed as Chief Strategy Officer & EVP, Advanced Solutions in May 2019. Mr. Kohavi brings over 25 years of vast experience as an engineer, product, and technology executive. Previously, Mr. Kohavi held multiple leadership roles, including business strategy architect and partner group manager at Microsoft, VP and GM at Websense, VP Engineering and EVP product management and strategy at Whale Communications (Microsoft acquired). Mr. Kohavi also served as a GM at Cylink VPN Labs and led the development of cryptographic network security products at Algorithmic Research (Cylink acquired) and served as head of the Israel Air Force’s Network and Operations Systems Department. Mr. Kohavi holds a B.A. degree in computer science from Bar-Ilan University and an Executive MBA from Tel Aviv University.
Eva Markowitz, SPHR, SWP, SHRM-SCP, joined Cyren as Vice President Human Resources in October 2013. With more than 15 years of Human Resource leadership, Ms. Markowitz orchestrates the management and development of Cyren’s most valuable asset: its employees. She previously worked as Human Resources Director for the Analysis Research Planning Corporation (ARPC). She has also held positions with Thomas & Herbert Consulting, LLC, and SteelCloud. Ms. Markowitz received her B.A. from the University of Maryland.
Michael Tamir first joined Cyren in 2000 and is responsible for Cyren’s global support, deployment, and customer success teams. He has previously served as director of security solutions, director of technical services, and director of professional services at Cyren over the past 13 years. Prior to joining the company, Michael spent six years in various system administrator and IT manager roles. Michael is based in Cyren’s Toronto office.
Brian Dunn joined Cyren as General Counsel in November 2021. He is responsible for all legal, regulatory, compliance and corporate governance functions for Cyren. Prior to joining Cyren, he served as General Counsel for Lightbridge Communications Corporation (acquired by Tech Mahindra) and then Pinogy Corporation. He began his career as an attorney at the U.S. Securities and Exchange Commission. He holds a BA from the Virginia Military Institute and a JD from the Catholic University of America.
Kenneth Tarpey joined Cyren as CFO in February 2021. He is a technology focused chief financial officer who has guided several technology companies through a path from the emerging growth phase to initial public offering (“IPO”). He has considerable experience in international markets, finance and tax policy, shareholder governance, and investor management. He was CFO at the following companies when they successfully completed their IPOs: Proxicom, Inc. (March 1997 to July 2001) and SQA, Inc. (March 1995 to July 1996). Ken was also the CFO for comScore, Inc. from April 2009 to August 2014, and Videology, Inc. November 2014 to December 2019. Ken holds a bachelor’s degree from The College of the Holy Cross and an MBA from Babson College.
Mike Fleck joined Cyren in May 2020. He served as the Senior Director, Strategic Accounts until he was appointed in July 2022 as the Vice Presented of Marketing. He is responsible for marketing Cyren’s enterprise and OEM solutions globally. Mike has more than 25 years of cybersecurity industry experience, and has held senior leadership roles at Constella Intelligence, Covata Limited, CipherPoint Software (acq. by Covata), and Vormetric (acq. by Thales). He is the co-inventor on one patent and has been featured in publications like Security Week, Information Security Magazine, Information Management, and NBC News. He holds a B. Sc. from James Madison University.
To the best of our knowledge, there are no arrangements or understandings with major shareholders, customers, suppliers or others pursuant to which any person referred to above was selected as a director or executive officer (other than Cary Davis, Brian Chang, Lauren Zletz and Rajveer Kushwaha, who were appointed in connection with the Private Placement to Warburg Pincus as described below). There are no family relationships among any of the directors or executive officers of Cyren.
Code of Ethics
The Company, by way of Board resolution, has adopted a Code of Ethics applicable to our senior financial officers, including its principal executive, financial and accounting officers. The Code of Ethics is posted on the Company’s website at www.cyren.com, under the tab for “Corporate Governance”. We intend to provide disclosure of any amendments or waivers of our Code of Ethics on our website within four business days following the date of the amendment or waiver.
Audit Committee and Audit Committee Financial Expert
We currently have a standing audit committee. The audit committee’s duties include providing assistance to the Board in fulfilling its legal and fiduciary obligations in matters involving our accounting, auditing, financial reporting, internal control, and legal compliance functions. In this respect the audit committee approves the services performed by our independent registered public accounting firm and reviews their reports regarding our accounting practices and systems of internal accounting controls. The audit committee also oversees the audits conducted by our independent registered public accounting firm and takes those actions as it deems necessary to confirm that the accountants are independent of management. Under the Companies Law, the responsibilities of the audit committee include identifying irregularities in the management of our business and approving related party transactions as required by law, classifying company transactions as extraordinary transactions or non-extraordinary transactions and as material or non-material transactions in which an officer has an interest (which will have the effect of determining the kind of corporate approvals required for such transaction), assessing the proper function of the company’s internal audit regime and determining whether its internal auditor has the requisite tools and resources required to perform his role and to regulate the company’s rules on employee complaints, reviewing the scope of work of the company’s independent accountants and their fees, and implementing a whistleblower protection plan with respect to employee complaints of business irregularities. The responsibilities of the audit committee under the Companies Law also include the following matters: (i) to establish procedures to be followed in respect of related party transactions with a controlling shareholder (where such are not extraordinary transactions), which may include, where applicable, the establishment of a competitive process for such transaction, under the supervision of the audit committee, or individual, or other committee or body selected by the audit committee, in accordance with criteria determined by the audit committee; and (ii) to determine procedures for approving certain related party transactions with a controlling shareholder, which were determined by the audit committee not to be extraordinary transactions, but which were also determined by the audit committee not to be negligible transactions.
Under the Nasdaq Listing Rules, an audit committee must consist of at least three directors meeting the independence standards under Nasdaq Listing Rules. The audit committee consists of David Earhart (chairman), Hila Karah and John Becker. The Board has determined that each member of the audit committee meets the independence requirements under the Nasdaq Listing Rules and the enhanced independence standards for audit committee members required by the SEC. In addition, the Board has determined that John Becker meets the requirements of an audit committee financial expert under SEC rules.
The compensation committee is responsible for (i) proposing executive officer compensation policy, including compensation for our NEOs, to the Board, (ii) proposing necessary revisions to the compensation policy and examining its implementation, (iii) determining whether to approve transactions with respect to compensation of officers, and (iv) determining, in accordance with our compensation policy, whether to exempt the compensation terms with an unaffiliated nominee for the position of chief executive officer from requiring shareholders’ approval, provided such terms meet with the Company’s compensation policy. The compensation committee is also responsible for administering the Company’s various stock option plans, including the issuance of option grants to employees of the Company and its subsidiaries.
The compensation committee consists of John Becker (chair), Hila Karah and David Earhart. The Board has determined that each member of the compensation committee meets the independence requirements under Rule 5605(a)(2) of the Nasdaq Listing Rules.
Nominating and Governance Committee
The nominating and governance committee’s responsibilities include identifying individuals qualified to become board members and recommending director nominees to the board.
The nominating and governance committee consists of Hila Karah (chair), David Earhart, James Hamilton, and Brian Chang. The Board has determined that each member of the nominating and governance meets the independence requirements under Rule 5605(a)(2) of the Nasdaq Listing Rules.
Process for Shareholder Nominations
Pursuant to the provisions of the Companies Law and our Articles of Association, as amended, directors (other than External Directors (as defined in the Companies Law)) are elected by shareholders at the annual general meeting of the shareholders and hold office until the next annual general meeting following the annual general meeting at which such director is elected and until a successor is elected, or until the director is removed. An annual general meeting must be held at least once in every calendar year, but not more than 15 months after the preceding annual general meeting. Directors may be removed and other directors may be elected in their place or to fill vacancies in the Board at any time by the holders of a majority of the voting power at a general meeting of the shareholders. Until a vacancy is filled by the shareholders, the Board may appoint new directors temporarily to fill vacancies on the Board. Our Articles of Association authorize the shareholders to determine, from time to time, the number of directors.
Delinquent Section 16(a) Reports
Section 16(a) of the Exchange Act and the rules thereunder require our directors and executive officers and persons who beneficially own more than 10% of a registered class of our equity securities, to file reports with the SEC relating to their share ownership and changes in such ownership. Based on a review of our records and certain written representations received from our executive officers and directors, we believe that during the year ended December 31, 2021, all Section 16(a) filing requirements applicable to directors, executive officers and greater than 10% shareholders were complied with on a timely basis except that each of Boris Bogod, Bruce Harold Johnson, Lior Kohavi, Eva Lilias Markowitz and Michael Tamir filed a late Form 4 on April 23, 2021 with respect to a restricted stock unit award, Kenneth Tarpey filed a late Form 4 on June 21, 2021 with respect to a restricted stock unit award, Brett Michael Jackson filed a late Form 4 on August 4, 2021 with respect to a sale transaction for taxes payable upon the vesting of restricted stock units, and Isaac Dvir and Michael Fleck filed a late Form 3 on September 24, 2021 and July 22, 2021, respectively.
ITEM 11. EXECUTIVE COMPENSATION
Summary Compensation Table
The following table summarizes all compensation paid by us in the past two fiscal years to: (i) our Chief Executive Officer; (ii) our Chief Financial Officer; and (iii) our Chief Strategy Officer. We refer to the persons listed in (i) through (iii) collectively as our named executive officers or NEOs.
|Name and Principal Position||Year||Salary|
|Chief Executive Officer||2020||365,000||-||1,000,000||-||-||45,358||1,410,358|
|Kenneth Tarpey (3)||2021||265,833||(2)||-||(1)||806,852||-||-||15,703||1,088,369|
|Chief Financial Officer||2020||-||-||-||-||-||-||-|
|Chief Strategy Officer||2020||311,713||(4)||-||-||-||-||61,652||(4)||373,365||(4)|
|(1)||For fiscal year 2021, the bonus amounts are not calculable through the latest practical date prior to filing of this Annual Report and the bonus amounts are currently expected to be determined in fiscal year 2022, and will be disclosed in a later Form 8-K filing.|
|(2)||Share data has been retroactively adjusted to reflect the Company’s 1-for-20 reverse share-split effective February 8, 2022, as described in Note 13(b). The amounts shown represent the estimated aggregate grant date fair value of the awards made in each fiscal year relating to restricted stock units (“RSUs”) and options granted to the NEOs. The aggregate grant date fair value of these awards is computed in accordance with FASB ASC Topic 718. Assumptions used in determining the aggregate grant date fair value of RSU and option awards are set forth in Note 2 in our financial statements, which are included elsewhere in this Annual Report. The stock awards represent the grant date fair value of awards made in 2021 to (i) Mr. Tarpey of 32,500 RSUs awarded in February 2021 and 5,320 RSUs awarded in June 2021 and (ii) Mr. Kohavi of 32,500 RSUs awarded in March 2021. Mr. Tarpey’s February 2021 RSUs grant vest in four equal installments beginning February 18, 2021 and Mr. Tarpey’s June 2021 RSUs grant vest in three equal installments beginning June 16, 2021. Mr. Kohavi’s RSUs grant vest in four equal installments beginning March 24, 2021.|
|(3)||Mr. Tarpey’s employment with the Company started on February 1, 2021 with an annual base salary of $290,000 and annual target bonus of $116,000. The 2021 salary listed above is pro-rated for his partial year of employment.|
|(4)||In the case of Mr. Kohavi, amounts are converted from Israeli shekel to U.S. Dollars using currency ratio of 1.00 Israeli Shekel = 0.3096 U.S. Dollars as of December 31, 2021 and 1.00 Israeli Shekel = 0.2905 U.S. Dollars as of December 31, 2020.|
|(5)||Includes Social Security & Medicare paid by the Company, 401(k) match, and health insurance premiums. In the case of Mr. Kohavi, includes pension fund contributions of $17,065, study fund contribution of $4,378, severance pay fund contribution of $27,501, social security contribution of $11,477, and other social benefits of $5,282.|
The following table summarizes the compensation paid by us in the past two fiscal years to our next two most highly compensated officers. This information is included solely to comply with Israeli law which requires us to provide the compensation granted to our five most highly compensated officers during the past fiscal year.
|Name and Principal Position||Year||Salary|
|VP, Cloud Operations||2020||232,448||(6)||-||-||-||-||49,633||(6)||282,081|
|VP of Sales, Americas||2020||340,489||(3)||-||-||-||-||39,407||379,896|
|(1)||The amounts shown represent the estimated aggregate grant date fair value of the awards made in each fiscal year relating to RSUs and options granted to the NEOs. The aggregate grant date fair value of these awards is computed in accordance with FASB ASC Topic 718. Assumptions used in determining the aggregate grant date fair value of RSU and option awards are set forth in Note 2 in our financial statements in our Annual Report, which are included elsewhere in this Annual Report.|
|(2)||Includes Social Security & Medicare paid by the Company, 401(k) match, and health insurance premiums. In the case of Mr. Bogod, includes pension fund contributions of $14,875, study fund contribution of $4,378, severance pay fund contribution of $20,913, social security contribution of $11,477, and other social benefits of $2,621.|
|(3)||The amounts within Mr. Johnson’s Salary include Base Salary and Commissions.|
|(4)||For fiscal year 2021, the bonus amounts are not calculable through the latest practical date prior to filing of this Annual Report and the bonus amounts are currently expected to be determined in fiscal year 2022, and will be disclosed in a later Form 8-K filing.|
|(5)||This amount represents the grant date fair value of awards to (i) Mr. Bogod of 20,000 RSUs options which vest over three years beginning March 24, 2021 and (ii) Mr. Johnson of 17,500 RSUs which vest over three years beginning March 24, 2021. Shares have been retroactively adjusted to reflect the Company’s 1-for-20 reverse share-split effective February 8, 2022, as described in Note 13(b).|
|(6)||In the case of Mr. Bogod, amounts are converted from Israeli shekel to U.S. Dollars using currency ratio of 1.00 Israeli Shekel = 0.3096 U.S. Dollars as of December 31, 2021 and 1.00 Israeli Shekel = 0.2905 U.S. Dollars as of December 31, 2020.|
Executive Compensation Policy
On June 3, 2021 our shareholders approved the Cyren Executive Compensation Policy (the “Policy”), which had been recommended by the Compensation Committee of the Board and approved by the Board, for the Company’s directors and officers, in accordance with the requirements of the Companies Law. The Policy includes, among other matters prescribed by the Companies Law, a framework for establishing the terms of office and employment of the directors and officers and guidelines with respect to the structure of the variable pay of officers.
The Policy provides that the compensation package for officers shall generally consist of some or all of the following items:
|●||Fixed base salary;|
|●||Performance-based rewards (Annual, Special and Signing Bonuses);|
|●||Social benefits; and|
|●||Retirement and termination payment.|
In particular, the Policy, (i) sets an annual cap of US$450,000 for the annual base salary for officers (including the CEO); (ii) sets an annual cap of 600% of the annual base salary on equity based compensation to current officers or a one-time grant of up to 5% of outstanding shares of the Company at the date of grant for new executive hires; and (iii) sets an annual cap of 200% of the annual base salary for performance based cash awards (which may include any combination of annual bonus, special bonus in recognition of outstanding contributions and/or signing bonus for new hires).
With respect to bonuses, the calculation for each officer is a product of the Company’s performance and individual performance and the Policy further provides that the majority of any cash bonus must be based on measurable criteria (i.e. financial measures or individual performance criteria while a smaller portion may be discretionary. Equity based compensation may be granted in any form permitted under our equity incentive plans, as in effect from time to time (collectively, the “Equity Incentive Plans”), including stock options and restricted stock units. Equity grants to officers shall be made in accordance with the terms of the Equity Incentive Plans.
The Policy also includes a claw back provision which provides that officers will be required to refund any part of the annual performance-based bonuses paid based on financial results that are proven to be inaccurate and which are restated in the financial statements during the three years following the actual payment of the annual bonus, provided the officer is still employed by the Company upon publication of the restated financial statements. Additionally, the Compensation Committee and the Board have the discretion to reduce the amount of the annual cash bonus following the achievement of the bonus criteria.
The Company may indemnify, insure, and exculpate the officers to the full extent permitted by applicable law from time to time, including by entering into indemnification, insurance, and exculpation agreements, subject to the requisite approvals under applicable law.
Finally, the Policy provides that non-employee directors may be compensated up to the maximum pay allowable under Israeli law unless the Company’s shareholders approve higher compensation from time to time. However, the Policy provides that in no case will non-employee directors be awarded equity grants greater than 25,000 RSUs per year, with the exception of the Chairman of the Board, who may be awarded equity grants which are no greater than 35,000 RSUs per year.
Our compensation committee will periodically review the Policy and monitor its implementation, and recommend to our Board and shareholders to amend the Policy as it deems necessary from time to time. The term of the Policy is three years as of the date of its adoption, during which, the Board is required to examine the Policy and revise it from time to time if the circumstances under which it had been adopted have materially changed. Following such three-year term, the Policy, including any revisions recommended by our compensation committee and approved by our Board, as applicable, will be brought once again to the shareholders for approval.
Employment Agreements; Termination and Change in Control Provisions
We have entered into employment agreements with each of our named executive officers. A summary of the material terms of our current employment arrangements with each of these officers is set forth below. The summaries below are qualified in their entirety by reference to the text of their employment agreements, which are filed with this Annual Report on Form 10-K.
Mr. Jackson Executive Employment Agreement
Pursuant to the terms of the executive employment agreement dated April 23, 2019 between the Company and Mr. Jackson, Mr. Jackson has served as our Chief Executive Officer since May 6, 2019.
Under this executive employment agreement, Mr. Jackson’s employment is on an at-will basis and can be terminated by Mr. Jackson upon 30 days’ advance written notice, except in the case of termination for “Cause”. Mr. Jackson is entitled to the following compensation:
|●||An annual base salary of $365,000;|
|●||Annual bonus of up to $225,000 which will be based on pre-determined performance targets approved by the Compensation Committee and Board; and|
|●||A grant of 54,000 stock options and 40,500 RSUs under the Company’s 2016 Equity Incentive Plan.|
In connection with his employment with our Company, Mr. Jackson also signed a confidentiality and inventions assignment agreement.
Mr. Jackson’s executive employment agreement grants him certain rights upon termination of his employment. In connection with any termination by the Company other than for “Cause”, death, or disability and other than during the period one month before and 12 months after a “change in control,” or if Mr. Jackson terminates his employment for “good reason”:
|●||an advance notice period of 3 months followed by a lump sum payment equal to 6 months of his then annual base salary;|
|●||9 months of accelerated vesting for all unvested time-based equity awards; and|
|●||continued Company-paid COBRA coverage for 9 months.|
In connection with any termination by the Company other than for “Cause” death or disability and termination occurs during the period one month before and 12 months after a “change in control,” he will be entitled to receive:
|●||A lump sum payment equal to 6 months of his then annual base salary;|
|●||100% accelerated vesting for all unvested time-based equity awards; and|
|●||continued Company-paid COBRA coverage under Cyren’s health/vision/dental plan for Executive and his eligible dependents for 6 months.|
Under Mr. Jackson’s executive employment agreement, “Cause” means (i) a dishonest act or fraud by Mr. Jackson involving his responsibilities as an employee or his failure to abide by the Company’s code of conduct or other material policies; (ii) Mr. Jackson being convicted of, or “no contest” plea to, a felony or crime involving fraud, embezzlement, dishonesty, misappropriation of funds or other moral turpitude; (iii) Mr. Jackson’s gross negligence or willful misconduct in performance of duties; (iv) Mr. Jackson’s repeated failure to perform any reasonable assigned duties after written notice from the Board; (v) a material breach by Mr. Jackson of his fiduciary duty, or duty of loyalty or breach of duty of confidentiality; or (vi) Mr. Jackson’s action or inaction which, in the reasonable discretion of the Board, causes actual material harm to the Company.
“Good Reason” means any of the following: (i) a material reduction in Mr. Jackson’s annual base salary or target bonus amount without his consent; (ii) a change in the geographic location to greater than fifty (50) miles from Cyren’s current Virginia office location without Mr. Jackson’s consent; (iii) a change in Mr. Jackson’s position with the Company which materially reduces his duties and responsibilities without his’s consent or (iv) any other action or inaction that constitutes a material breach by the Company of this Agreement.
“Change of Control” means the occurrence of either of the following events: (i) any “person” (as such term is used in Sections 13(d) and 14(d) of the Exchange Act), other than Warburg Pincus and/or its affiliates, becomes the “beneficial owner” (as defined in Rule 13d-3 under the Exchange Act), directly or indirectly, of securities of the Company representing more than 50% of the total voting power represented by the Company’s then outstanding voting securities; or (ii) the consummation of the sale or disposition by the Company of all or substantially all of the Company’s assets.
Mr. Tarpey’s Offer Letter
Pursuant to the terms of the Offer Letter dated January 26, 2021 between the Company and Mr. Tarpey, he became our Chief Financial Officer on February 1, 2021.
Mr. Tarpey’s employment is on an at-will basis and can be terminated by Mr. Tarpey upon 30 days’ advance written notice, except in the case of termination for “Cause”. Mr. Tarpey is currently entitled to the following compensation:
|●||An annual base salary of $290,000;|
|●||Annual bonus of up to 40% of his base salary which will be based on pre-determined performance targets approved by the Compensation Committee and Board; and|
|●||An initial grant of 32,500 restricted stock units under the Company’s 2016 equity incentive plan.|
Mr. Tarpey’s employment agreement grants him certain rights upon termination of his employment. In connection with any termination by the Company other than for “Good Cause,” Mr. Tarpey is entitled to severance equal to 6 months of his then annual base salary.
Under Mr. Tarpey’s agreement, “Good Cause” is defined as (i) an action involving a willful and wholly wrongful act; (ii) the conviction of, or pleading guilty to, a felony; (iii) an intentional, material and substantial violation of a Company rule, regulation, policy or procedure; or (iv) a substantial and material neglect of duties.
Mr. Kohavi’s Executive Employment Agreement
Pursuant to the terms of Mr. Kohavi’s employment agreement dated May 16, 2013, between the Company and Mr. Kohavi, he became our Chief Technology Officer on June 1, 2013. Mr. Kohavi’s title has since changed to Chief Strategy Officer & EVP, Advanced Solutions as of May 2019. Mr. Kohavi’s employment is on an at-will basis and can be terminated by Mr. Kohavi upon 90 days’ advance written notice, except in the case of termination for having (i) breached the employment agreement; (ii) acted dishonestly and/or disloyally toward the Company; or (iii) having been convicted of a crime involving moral turpitude and/or another crime.
Mr. Kohavi is entitled to receive an annual salary, monthly overtime and an annual bonus as a percentage of his base salary based on pre-determined performance targets, which amounts have been increased by the Board since the date of his employment agreement.
In connection with his employment with our Company, Mr. Kohavi also signed a confidentiality, non-compete and inventions assignment agreement.
Equity Grant Agreements
In addition to the severance payments that would be payable under our existing employment agreements, our awards of options and RSUs to executive officers (and other employees) are subject to double trigger accelerated vesting upon a Change in Control. This means these awards are subject to accelerated vesting immediately upon a Change in Control if an officer’s employment is Involuntarily Terminated as a result of the Change in Control and not otherwise for Cause, or on the termination date if such Involuntary Termination occurs within twelve months following such Change in Control.
If the acquiring company assumes or substitutes the options in connection with the Change in Control, and the officer remains employed, 50% of the officer’s options will immediately vest and the remaining 50% will vest upon the earlier of (i) the one year anniversary of the Change in Control, provided the officer remains employed with the acquiring company; (ii) the original vesting date of the option; or (iii) an Involuntary Termination of the officer’s employment prior to such one year anniversary.
“Involuntary Termination” means termination by reason of the officer’s (i) involuntary dismissal or discharge by us other than for Cause or (ii) voluntary resignation following (a) a change in the officer’s position with us which materially reduces the officer’s duties and responsibility; (b) a reduction in the officer’s level of compensation by more than 10%; or (c) a relocation of the officer’s place of employment by more than 50 kilometers, provided and only if such change, reduction or relocation is effected without the officer’s consent.
“Cause” means the officer’s (i) theft, dishonesty, willful misconduct, breach of fiduciary duty for personal profit, or falsification of any Participating Company (as defined in the 2016 Equity Incentive Plan) documents or records; (ii) material failure to abide by a Participating Company’s code of conduct or other policies; (iii) unauthorized use, misappropriation, destruction or diversion of any tangible or intangible asset or corporate opportunity of a Participating Company; (iv) intentional act which has a material detrimental effect on the Participating Company’s reputation or business; (v) repeated failure to perform any reasonable assigned duties after written notice from a Participating Company of, and a reasonable opportunity to cure, such failure; (vi) material breach of any employment, service, non-disclosure, non-competition, non-solicitation or other similar agreement between the officer and a Participating Company, which is not cured; or (vii) conviction (including any plea of guilty or nolo contendere) of any criminal act involving fraud, dishonesty, misappropriation or moral turpitude, or which impairs the officer’s ability to perform his or her duties with a Participating Company.
“Change in Control” means the occurrence of any one or a combination of the following: (i) any person becomes the beneficial owner of 50% or more of the total fair market value or total combined voting power of our then-outstanding securities; provided, however, that a Change in Control shall not be deemed to have occurred if such beneficial ownership results from any of the following: (A) an acquisition by any person who on December 22, 2016 was the beneficial owner of more than fifty percent (50%) of such voting power, (B) any acquisition directly from us, including pursuant to or in connection with a public offering of securities, (C) any acquisition by us, (D) any acquisition by a trustee or other fiduciary under an employee benefit plan of a participating company or (E) any acquisition by an entity owned directly or indirectly by our shareholders in substantially the same proportions as their ownership of our voting securities; or (ii) (A) the direct or indirect sale or exchange by our shareholders of more than fifty percent (50%) of the total combined voting power of our then outstanding securities in a single or series of related transactions; (B) a merger or consolidation in which we are a party; or (C) the sale, exchange, or transfer of all or substantially all of our assets (other than a sale, exchange or transfer to one or more of our subsidiaries) (collectively, a “Transaction”) in which our shareholders immediately before the Transaction do not retain immediately after the Transaction direct or indirect beneficial ownership of more than fifty percent (50%) of the total combined voting power of our outstanding securities or the entity to which the assets of the Company were transferred, as the case may be; or (iii) a date specified by the compensation committee following approval by the shareholders of a plan of complete liquidation or dissolution of the Company; provided, however, that a Change in Control shall not include a transaction in which a majority of the members of the Board of the continuing, surviving or successor entity, or parent thereof, immediately after such transaction is comprised of incumbent directors. An incumbent director means a director who either (A) was a member of the Board on December 22, 2016, or (B) is elected, or nominated for election, to the Board with the affirmative votes of at least a majority of the incumbent directors at the time of such election or nomination.
Retirement or Similar Benefit Plans
Israeli law generally requires Cyren to make contributions to employees’ pensions and the payment of severance pay upon the retirement or death of an employee or upon termination of employment by the employer or, in certain circumstances, by the employee. Additionally, a general practice in Israel followed by Cyren, although not legally required, is the contribution of funds on behalf of certain employees to an individual insurance policy known as “Managers’ Insurance.” This policy provides a combination of savings plan, insurance and severance pay benefits to the insured employee. It provides for payments to the employee upon retirement or death and secures a substantial portion of the severance pay, if any, to which the employee is legally entitled upon termination of employment. Each participating employee contributes an amount equal to 6% of such employee’s base salary, and we contribute between 12.5% and 14.83% of the employee’s base salary.
In the United States, Cyren offers employees the option to participate in the Company’s 401(k) program, which provides partial Company matching up to certain annual contribution limits. Employees can contribute up to the maximum IRS annual contribution limit, and the Company will provide a 50% matching contribution up to a maximum of 3% of an employee’s annual salary. The Company match portion is subject to a 4-year vesting period.
Employee Equity Incentive Plan
Employees, including executive officers and other management employees, participate in the Company’s employee equity incentive plans. On December 22, 2016, our shareholders approved a new equity incentive plan - the 2016 Equity Incentive Plan (the “Employee Plan”). This plan replaced all prior employee stock option plans which terminated.
The Employee Plan allows for the issuance of RSUs, as well as options. The options and RSUs generally vest over a period of four years but may have shorter vesting periods under certain circumstances. Options granted under the Employee Plan generally expire after six years from the date of grant. Options and RSUs cease vesting upon termination of the optionee’s employment or other relationship with the Company. The per share exercise price for options shall be no less than 100% of the fair market value per ordinary share on the date of grant. Any options and RSUs that are canceled or not exercised within the option term become available for future grant.
All employee stock option plans are administered by the compensation committee. Subject to the provisions of the equity plans and applicable law, the compensation committee has the authority to determine, among other things, to whom options may be granted; the number of ordinary shares to which an option may relate; the exercise price for each share; the vesting period of the option and the terms, conditions and restrictions thereof, including accelerated vesting on change in control provisions; to amend provisions relating to such plans; and to make all other determinations deemed necessary or advisable for the administration of such plans.
Non-Employee Director Equity Incentive Plan
On December 22, 2016, our shareholders approved the 2016 Non-Employee Director Equity Incentive Plan (the “Non-Employee Plan”). This plan replaced all previous non-employee stock option plans which terminated. The Non-Employee Plan allows for the issuance of RSUs, as well as options. Each option and RSU granted under the Non-Employee Plan generally vests over a period of four years. Each option has an exercise price equal to the fair market value of the ordinary shares on the grant date of such option. Options granted under the Non-Employee Plan generally expire after six years from the date of grant. Options and RSUs cease vesting upon termination of the relationship with the Company, unless the terminated relationship is with a director who has served the Company for at least three years, and he has not resigned voluntarily or was not removed from the Board due to a failure to perform any of his/her duties to the Company, in which case all unvested options or RSUs would be subject to full accelerated vesting.
Outstanding Equity Awards at Fiscal Year-End
The following table sets forth the outstanding equity awards at fiscal year-end, or December 31, 2021, for our named executive officers.
|Option Awards||Stock Awards|
|Number of |
|Chief Executive Officer|
|Chief Financial Officer(4)|
|Chief Strategy Officer(2)||2,500||-||40.00||01/24/2023|
Shares and per share data have been retroactively adjusted to reflect the Company’s 1-for-20 reverse share-split effective February 8, 2022, as described in Note 13(b).
|(1)||The amounts in this column are based on the closing price of our ordinary shares on December 31, 2021 of $5.80.|
|(2)||This amount represents options, one quarter of which vested on May 6, 2020 and the remainder of which vest in equal monthly installments for the next 36 months thereafter, subject to earlier vesting upon a change of control.|
|(3)||This amount reflects 40,500 RSUs which vest in four equal annual installments beginning on July 30, 2020 and 40,000 RSUs which vest in four equal annual installments beginning on February 11, 2021, subject to earlier vesting upon a change of control.|
|(4)||Mr. Tarpey commenced his tenure as Chief Financial Officer on February 1, 2021.|
|(5)||This amount reflects 32,500 RSUs which vest in four equal annual installments beginning on February 18, 2021 and 5,320 RSUs which vest in three equal annual installments beginning on June 16, 2021 subject to earlier vesting upon a change of control.|
|(6)||This amount reflects 1,400 RSUs which vest in four equal annual installments beginning on January 25, 2018, 4,500 RSUs which vest in four annual installments beginning September 20, 2018, and 32,500 RSUs which vest in three equal annual installments beginning on March 24, 2021, subject to earlier vesting upon a change of control.|
Under the Companies Law, as amended, pursuant to Amendment 20 of the Companies Law, our directors can be paid for their services as directors to the extent such payments are in accordance with the compensation policy adopted by the Company after approval by the compensation committee, our Board and our shareholders by ordinary majority, or, if their compensation deviates from the compensation policy, after approval by the compensation committee, our Board and our shareholders by a special majority, provided that (i) the majority of the votes includes at least a majority of all the votes of shareholders who are not controlling shareholders of the Company or who do not have a personal interest in the compensation paid to the directors and participating in the vote or (ii) the total of opposing votes from among the shareholders described in subsection (i) above does not exceed 2% of all the voting rights in the company.
At the Company’s Annual Meeting of Shareholders held on July 8, 2021 (the “2021 Annual Meeting”), the Company’s shareholders approved the grant of RSU awards to (i) Hila Karah, David Earhart, John Becker, Cary Davis, Brian Chang, Lauren Zletz and Rajveer Kushwaha in the amount of 1,250 RSUs each and (ii) Mr. James Hamilton in the amount of 1,750 RSUs . The cash compensation paid to non-employee directors was unchanged and remains at $7,500 per quarter. Directors also are reimbursed for their expenses for each Board meeting attended.
The table below summarizes the compensation paid by us to our non-employee directors for services rendered in 2021.
|(1)||The amounts shown in these columns represent the estimated aggregate grant date fair value of the RSU and option awards granted to the non-employee directors in 2021. The aggregate grant date fair value of these awards is computed in accordance with FASB ASC Topic 718. Assumptions used in determining the aggregate grant date fair value of RSU and option awards are set forth in Note 2(q) in our financial statements, which is included elsewhere in this Annual Report.|
|(2)||Mr. Thomson resigned as a director effective July 8, 2021. The fees above reflect fees for this partial year of service through July 8, 2021. Mr. Thomson was not replaced.|
|(3)||On January 4, 2021, Mr. Thomson received 1,000 RSUs which vested annually over four years. Due to Mr. Thomson’s resignation effective July 8, 2021, these RSUs did not vest and were cancelled in 2021.|
|(4)||Mr. Samuelson resigned from the Cyren Board on January 8, 2021. The fees above are pro-rated for his partial year of service as director.|
|(5)||Mr. Samuelson resigned from the Cyren Board on January 8, 2021. On January 4, 2021, Mr. Samuelson received 1,000 RSUs which vested annually over four years. Due to Mr. Samuelson’s resignation effective January 8, 2021, these RSUs did not vest and were cancelled in 2021.|
The table below sets forth the aggregate number of RSUs and unexercised stock options outstanding at December 31, 2021 for each of our non-employee directors.
ITEM 12. SECURITY OWNERSHIP OF CERTAIN BENEFICIAL OWNERS AND MANAGEMENT AND RELATED STOCKHOLDER MATTERS
The following table sets forth certain information with respect to the beneficial ownership of our ordinary shares, as of February 28, 2022 (the “Reporting Date”), by (i) each person known to us to beneficially own more than 5% of our ordinary shares; (ii) our named executive officers for the fiscal year ended December 31, 2021; (iii) each director; and (iv) all of the executive officers and directors as a group. Except as shown in the table, no other person is known by us to beneficially own more than 5% of our outstanding ordinary shares. The percentage of shares beneficially owned is based on 5,333,564 ordinary shares outstanding as of February 28, 2022.
|Name of Beneficial Owner(1)||Number of|
|Holding more than 5%:|
|WP XII Investments B.V. (3)||1,610,551||30.20||%|
|Named Executive Officers and Directors:|
|Brett Jackson (4)||95,888||1.80||%|
|Kenneth Tarpey (5)||8,125||*|
|Lior Kohavi (6)||35,786||*|
|Hila Karah (7)||5,072||*|
|James Hamilton (8)||2,937||*|
|David Earhart (9)||2,775||*|
|John Becker (10)||4,125||*|
|Cary Davis (11)||3,625||*|
|Brian Chang (12)||3,625||*|
|Lauren Zletz (13)||3,313||*|
|Rajveer Kushwaha (14)||3,313||*|
|Total of all Executive Officers and Directors as a Group (17 persons) (15)||226,449||4.16||%|
|*||Less than one percent.|
|(1)||Unless otherwise indicated, the address of each of the beneficial owners identified is c/o Cyren Inc., 1430 Spring Hill Road, Suite 330, McLean, VA 22102.|
|(2)||The number and percentage of shares beneficially owned by each person has been determined in accordance with Rule 13d-3 of the Exchange Act. Pursuant to the rules of the SEC, the number of ordinary shares deemed outstanding includes ordinary shares issuable upon settlement of RSUs held by the respective person or group that will vest within 60 days of the Reporting Date and pursuant to options held by the respective person or group that are currently exercisable or may be exercised within 60 days of the Reporting Date. Unless otherwise indicated in the footnotes or table, each person or entity has sole voting and investment power with respect to the shares shown as beneficially owned.|
|(3)||Based on a Schedule 13D/A as filed with the SEC on February 10, 2020. The shareholder of the Company is WP XII Investments B.V., a company incorporated in the Netherlands (“WP XII Investments”), which is wholly owned by WP XII Investments Coöperatief U.A., a company incorporated in the Netherlands (“WP XII Investments Coöperatief”), which itself is wholly owned by (i) Warburg Pincus (Callisto) Private Equity XII (Cayman), L.P., a Cayman Islands exempted limited partnership (“WP XII Callisto”), (ii) Warburg Pincus (Europa) Private Equity XII (Cayman), L.P., a Cayman Islands exempted limited partnership (“WP XII Europa”), (iii) Warburg Pincus (Ganymede) Private Equity XII (Cayman), L.P., a Cayman Islands exempted limited partnership (“WP XII Ganymede”), (iv) Warburg Pincus Private Equity XII-B (Cayman), L.P., a Cayman Islands exempted limited partnership (“WP XII-B”), (v) Warburg Pincus Private Equity XII-D (Cayman), L.P., a Cayman Islands exempted limited partnership (“WP XII-D”), (vi) Warburg Pincus Private Equity XII-E (Cayman), L.P., a Cayman Islands exempted limited partnership (“WP XII-E”), (vii) Warburg Pincus XII Partners (Cayman), L.P., a Cayman Islands exempted limited partnership (“Warburg Pincus XII Partners”), and (viii) WP XII Partners (Cayman), L.P., a Cayman Islands exempted limited partnership (“WP XII Partners,” and together with WP XII Callisto, WP XII Europa, WP XII Ganymede, WP XII-B, WP XII-D, WP XII-E and Warburg Pincus XII Partners, the “WP XII Funds”). Warburg Pincus LLC, a New York limited liability company (“WP LLC”), is the manager of the WP XII Funds. Warburg Pincus (Cayman) XII, L.P., a Cayman Islands exempted limited partnership (“WP XII Cayman GP”), is the general partner of each of the WP XII Funds. Warburg Pincus (Cayman) XII GP LLC, a Delaware limited liability company (“WP XII Cayman GP LLC”), is the general partner of WP XII Cayman GP. Warburg Pincus Partners II (Cayman), L.P., a Cayman Islands exempted limited partnership (“WPP II Cayman”), is the sole member of WP XII Cayman GP LLC. Warburg Pincus (Bermuda) Private Equity GP Ltd., a Bermuda exempted company (“WP Bermuda GP”), is the general partner of WPP II Cayman. Investment and voting decisions with respect to the ordinary shares are made by a committee comprised of three or more individuals and all members of such committee disclaim beneficial ownership of the shares. WP XII Investments has shared power to vote or direct the vote with respect to all of the shares and shared power to dispose or direct the disposition of all of the shares. The address of WP XII Investments is c/o Warburg Pincus & Co., 450 Lexington Avenue, New York, NY 10017.|
|(4)||This amount includes 39,375 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date. This amount excludes 40,250 RSUs that have not yet vested.|
|(5)||This amount excludes 29,695 RSUs that have not yet vested.|
|(6)||This amount includes 2,500 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date. This amount excludes 22,792 RSUs that have not yet vested.|
|(7)||This amount includes 301 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date. This amount excludes 2,625 RSUs that have not yet vested. (8) This amount excludes 4,063 RSUs that have not yet vested. (9) This amount excludes 2,875 RSUs that have not yet vested. (10) This amount includes 2,500 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date. This amount excludes 2,625 RSUs that have not yet vested. (11) This amount includes 2,500 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date. This amount excludes 2,625 RSUs that have not yet vested. (12) This amount includes 2,500 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date. This amount excludes 2,625 RSUs that have not yet vested. (13) This amount includes 2,188 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date. This amount excludes (i) 312 options and (ii) 2,625 RSUs that have not yet vested. The address of Ms. Zletz (also a Warburg Director) is c/o Warburg Pincus & Co., 450 Lexington Avenue, New York, NY 10017. (14) This amount includes 2,188 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date. This amount excludes (i) 312 options and (ii) 2,625 RSUs that have not yet vested. (15) This amount includes 78,632 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date exercisable. There are 36,666 RSUs that will vest within 60 days after the Reporting Date.|
Equity Compensation Plans
The following table gives information about Cyren’s ordinary shares that may be issued under Cyren’s existing equity compensation plans as of December 31, 2021:
|Plan Category||Number of|
securities to be
options and RSUs
available for future
the first column)
|2016 Equity Incentive Plan||487,473||$||44.17||301,556|
|2016 Non-Employee Director Equity Incentive Plan||41,371||$||50.02||34,903|
|(1)||Reflects the weighted-average exercise price of outstanding options only, because there is no exercise price associated with the vesting of RSUs.|
ITEM 13. CERTAIN RELATIONSHIPS AND RELATED TRANSACTIONS, AND DIRECTOR INDEPENDENCE
Certain Relationships and Related Transactions
Under applicable Nasdaq Listing Rules, all related person transactions must be approved by our audit committee or another independent body of the Board. Current SEC rules define transactions with related persons to include any transaction, arrangement or relationship (i) in which the company is a participant, (ii) in which the amount involved exceeds $120,000 (or, in the case of a smaller reporting company, the lesser of $120,000 or one percent of the average of the company’s total assets at year-end for the last two completed fiscal years), and (iii) in which any executive officer, director, director nominee, beneficial owner of more than 5% of the company’s ordinary shares, or any immediate family member of such persons has or will have a direct or indirect material interest. All directors must recuse themselves from any discussion or decision in which they may have a conflict (i.e. matters affecting their personal, business, or professional interests). In addition, pursuant to the Companies Law, certain related party transactions, including (i) engagements with our officers, (ii) engagements with our controlling shareholder, and (iii) substantial private placements, require the approval of our audit or compensation committee, board of directors and shareholders.
Except as set forth below, since January 1, 2018, we have not had any relationships or transactions with any of our executive officers, directors, beneficial owners of more than 5% of our ordinary shares or any immediate family member of such persons that were required to be reported pursuant to Item 404(a) of Regulation S-K.
On November 6, 2017, Warburg Pincus, our controlling shareholder, purchased 530,000 ordinary shares from us for $37.00 per share, representing gross proceeds of approximately $19.6 million. In connection with the private placement, we entered into a registration rights agreement with Warburg Pincus with respect to such ordinary shares.
On December 5, 2018, the Company issued $10.0 million aggregate principal amount of Convertible Notes in a private placement to affiliates of Yelin Lapidot Holdings Management Ltd., which held at the time more than 5% of the Company’s securities. The outstanding principal amount of $10.0 million was repaid in full at maturity on December 5, 2021. For more information regarding the Convertible Notes, see “Financings” above.
On November 7, 2019, following the closing of the Rights Offering, we issued 231,214 ordinary shares to Warburg Pincus, our controlling shareholder, upon exercise of its basic and over-subscription rights in the Rights Offering. The ordinary shares were issued at $34.60 per share, for a total of approximately $8 million of gross proceeds to the Company. For more information regarding the Rights Offering, see “Financings” above.
On March 19, 2020, our CEO, Brett Jackson, participated in our offering of Convertible Debentures, in which he purchased from the Company a Convertible Debenture in the principal amount of $250,000 pursuant to a purchase agreement. We also entered into a registration rights agreement with Mr. Jackson and the other purchasers pursuant to which we agreed to, among other things, file one or more registration statements with the SEC within sixty days of the date of the registration rights agreement upon any conversion of the Convertible Debentures or as interest payments.
Each year, the Board undertakes a review of director independence, which includes a review of each director’s responses to questionnaires asking about any relationships with us. This review is designed to identify and evaluate any transactions or relationships between a director or any member of his or her immediate family and us, or members of our senior management or other members of our Board, and all relevant facts and circumstances regarding any such transactions or relationships. Consistent with these considerations, our Board has affirmatively determined that all of our non-employee directors, who are listed below, are “independent directors” pursuant to Nasdaq Listing Rule 5605(a)(2):
The Companies Law requires Israeli companies with shares that have been offered to the public in or outside of Israel to appoint at least two External Directors, unless certain conditions are met by the company pursuant to the Israeli Companies Regulations (Relief for Companies Whose Shares are Registered for Trading Outside of Israel) – 2000 (the “Relief Regulations”), as further detailed below. According to the Companies Law, no person may be appointed as an External Director if the person or the person’s relative, partner, employer or any entity under the person’s control has or had, on or within the two years preceding the date of the person’s appointment to serve as External Director, any affiliation with the company or any entity controlling, controlled by or under common control with the company. The External Directors are John Becker and David Earhart. The term affiliation includes:
|●||an employment relationship;|
|●||a business or professional relationship maintained on a regular basis;|
|●||service as an officer or director.|
The Israeli Minister of Justice, in consultation with the Israeli Securities Authority, may determine that certain matters will not constitute an affiliation, and has issued certain regulations with respect thereof. In addition, pursuant to provisions of the Companies Law, a business or professional relationship maintained on a regular basis will not constitute affiliation if the relationship commenced after the appointment of the External Director for office, the company and the External Director consider the relationship to be negligible and the audit committee approved, based on information presented to it, that the relationship is negligible, and the External Director declared that he did not know and could not have reasonably known about the formation of the relationship and has no control over their existence or termination.
If the company does not have a controlling shareholder or a shareholder who holds company shares entitling him to vote at least 25% of the votes in a shareholders meeting, then the company may not appoint as an External Director any person or such person’s relative, partner, employer or any entity under the person’s control, who has or had, on or within the two years preceding the date of the person’s appointment to serve as External Director, any affiliation with the Chairman of the Board, Chief Executive Officer, a substantial shareholder who holds at least 5% of the issued and outstanding shares of the company or voting rights which entitle him to vote at least 5% of the votes in a shareholders meeting, or the Chief Financial Officer.
No person may serve as an External Director if the person’s position or other business activities create, or may create, a conflict of interest with the person’s responsibilities as an External Director or may otherwise interfere with the person’s ability to serve as an External Director. Additionally, no person may serve as an External Director if the person, the person’s relative, spouse, employer or any entity controlling or controlled by the person, has a business or professional relationship with someone with whom affiliation is prohibited, even if such relationship is not maintained on a regular basis, excepting negligible relationships, or if such person received from the company any compensation as an External Director in excess of what is permitted by the Companies Law. If, at the time External Directors are to be appointed, all current members of the Board who are not controlling shareholders or relatives of such shareholders are of the same gender, then at least one External Director must be of the other gender. Under the Companies law, at least one of the External Directors is required to have “financial and accounting expertise,”, and the other External Director or Directors are required to have either “professional expertise,” or “financial and accounting expertise”, all as defined under the Companies Law. However, if at least one of our other directors (i) meets the independence requirements under the Securities Exchange Act of 1934, as amended, or (ii) meets the standards of the Nasdaq Listing Rules for membership on the audit committee, and (iii) has accounting and financial expertise as defined under Israeli law, then neither of our External Directors is required to possess accounting and financial expertise as long as both possess other requisite “professional expertise”.
A director can satisfy the requirements of having “financial and accounting expertise” if due to his or her education, experience and qualifications he or she has acquired expertise and understanding in business and accounting matters and financial statements, in a manner that allows him or her to understand, in depth, the company’s financial statements and to spur a discussion regarding the manner in which the financial data is presented.
A public company’s board of directors must evaluate the proposed External Director’s expertise in finance and accounting, by considering, among other things, such candidate’s education, experience and knowledge in the following: (i) accounting and auditing issues typical to the field in which the company operates and to companies of a size and complexity similar to such company; (ii) the company’s independent public accountant’s duties and obligations; (iii) preparation of the company’s consolidated financial statements and their approval in accordance with the Companies Law and the Israeli Securities Law - 1968.
A director is deemed to have “professional expertise” if he or she meets any of the following criteria: (i) has an academic degree in any of the following professions: economics, business administration, accounting, law or public administration; (ii) has a different academic degree or has completed higher education in a field that is the company’s main field of operations, or a field relevant to his or her position; or (iii) has at least five years’ experience in any of the following, or has at least a cumulative total of at least five years’ experience in any two of the following: (A) a senior position in the business management of a corporation with a significant extent of business, (B) a senior public position or a senior position in public service, or (C) a senior position in the company’s main field of operations. As with a candidate’s expertise in finance and accounting, the board of directors here too must evaluate the proposed External Director’s “professional qualification” in accordance with the criteria set forth above.
The declaration required by law to be signed by a candidate to serve as External Director must include a statement by such candidate concerning his or her education and experience, if relevant, in order that the Board may properly evaluate whether such candidate meets the requirements of having “financial and accounting expertise” or having “professional expertise” as set forth in the regulations. Additionally, the candidate should submit documents and certificates that support the statements set forth in the declaration.
External Directors are to be elected by a majority vote at a shareholders’ meeting, provided that either:
|●||such majority includes a majority of the shares held by non–controlling shareholders and shareholders who have no personal interest in the election of the External Directors (excluding a personal interest that is not related to a relationship with the controlling shareholders) who are present and voting at the meeting; or|
|●||the total number of shares held by non–controlling shareholders and disinterested shareholders voting against the election of the director at the meeting does not exceed two percent of the aggregate voting rights in the company.|
The initial term of an External Director is three years and may be extended for up to two additional periods of three years each. However, under regulations promulgated pursuant to the Companies law, companies whose shares are listed for trading on specified exchanges outside of Israel, including the Nasdaq Global Select, Global and Capital markets, may propose that an External Director be reelected by the shareholders for such additional periods, beyond the initial three terms, of up to three years each only if (1) the audit committee and the Board, in nominating the External Director, confirms that, in light of the External Director’s expertise and special contribution to the work of the board of directors and its committees, the reelection for such additional period(s) is beneficial to the company, (2) the election was approved by the majority of shareholders required to appoint External Directors for their initial term and (3) the term during which the nominee has served as an external director and the reasons given by the audit committee and board of directors for extending his or her term of office having been presented to the shareholders prior to their approval.
External Directors may be re-elected for additional terms of three years each as set forth above, provided that with respect to the appointment for each such additional three-year term, one of the following has occurred: (i) the reappointment of the External Director has been proposed by one or more shareholders holding together 1% or more of the aggregate voting rights in the company and the appointment was approved at the general meeting of the shareholders by a simple majority, provided that: (1)(x) in calculating the majority, votes of controlling shareholders or shareholders having a personal interest in the appointment as a result of an affiliation with a controlling shareholder and abstentions are disregarded and (y) the total number of shares of shareholders who do not have a personal interest in the appointment as a result of an affiliation with a controlling shareholder and/or who are not controlling shareholders, present and voting in favor of the appointment exceed 2% of the aggregate voting rights in the company, and (2) the External Director who has been nominated in such fashion is not a linked or competing shareholder, and does not have or has not had, on or within the two years preceding the date of such person’s appointment to serve as another term as External Director, any affiliation with a linked or competing shareholder. The term “linked or competing shareholder” means either the shareholder(s) who nominated the external director for reappointment or a material shareholder of the company holding more than 5% of the shares in the company, provided that at the time of the reappointment, such shareholder(s) of the company, the controlling shareholder of such shareholder(s) of the company, or a company under such shareholder(s) of the company’s control, has a business relationship with the company or are competitors of the company; the Israeli Minister of Justice, in consultation with the Israeli Securities Authority, may determine that certain matters will not constitute a business relationship or competition with the company; (ii) the reappointment of the External Director has been proposed by the board of directors and the appointment was approved by the majority of shareholders required for the initial appointment of an External Director or (iii) the External Director has proposed himself for reappointment and the appointment was approved by the majority of shareholders required under Section (i) above.
External Directors may be removed only by the same percentage of shareholders as is required for their election, or by a court, and then only if the External Director ceases to meet the statutory qualifications for their appointment or if they violate their fiduciary duty to the company. Each committee of a company’s board of directors which has been granted any authority normally reserved for the board of directors must include at least one External Director provided, however that each of the audit committee and the compensation committee, which are statutorily required under the Companies Law, must include all External Directors.
An External Director is entitled to compensation as provided in the regulations adopted under the Companies Law and is otherwise prohibited from receiving any other compensation, directly or indirectly, in connection with service provided as an External Director.
ITEM 14. PRINCIPAL ACCOUNTING FEES AND SERVICES
Kost, Forer, Gabbay & Kasierer, a member of Ernst & Young Global (“EY Global”), has served as our independent registered public accounting firm for each of the fiscal years in the two-year period ended December 31, 2021, for which audited financial statements appear in this Annual Report. The following table presents the aggregate fees billed to us for audit and other services provided by Kost, Forer, Gabbay & Kasierer, a member of EY Global, and other members of EY Global during the years ended December 31, 2021 and 2020:
|Year ended December 31,|
|Audit Fees (1)||$||142||$||240|
|Tax Fees (2)||9||13|
|All Other Fees||7||-|
|(1)||Audit fees consist of fees billed for the annual audit services engagement and other audit services, which are those services that only the independent registered public accounting firm can reasonably provide, and include the group audit including statutory audits; consents; and assistance in connection with documents filed with the SEC.|
|(2)||Tax fees are for professional services rendered by our auditors for tax compliance, tax advice on actual or contemplated transactions, tax consulting associated with international transfer prices and global mobility of employees.|
Audit Committee Pre-approval Policies and Procedures
Below is a summary of our current policies and procedures.
The main role of the Company’s audit committee is to assist the Board in fulfilling its responsibility for oversight of the quality and integrity of the accounting, auditing, and reporting practices of the Company. The audit committee oversees the appointment, compensation, and oversight of the Company’s independent registered public accounting firm engaged to prepare or issue an audit report on the financial statements of the Company. The audit committee’s specific responsibilities in carrying out its oversight role include the approval of all audit and non-audit services to be provided by the external auditor, the quarterly review of the firm’s non-audit services and related fees and the potential impact of such services on auditor independence. These services may include audit services, audit-related services, tax services and other services, as described above. It is the policy of the audit committee to approve in advance the particular services or categories of services to be provided to the Company periodically. Additional services may be pre-approved by the audit committee on an individual basis during the year. The audit committee did not avail itself of section (c)(7)(i)(C) of Rule 2-01 of Regulation S-X during 2021, which allows for an exemption from the pre-approval process under certain limited circumstances. Consistent with these policies and procedures, the audit committee approved all of the services rendered by Kost, Forer, Gabbay & Kasierer, a member of EY Global, and other members of EY Global during fiscal year 2021, as described above.
ITEM 15. EXHIBITS, FINANCIAL STATEMENT SCHEDULES
|(a)||Documents filed as part of this report:|
See Item 8 for Financial Statements included with this Annual Report.
|(2)||Financial Statement Schedules|
|Incorporated by Reference|
|Exhibit No.||Exhibit Description||Form||Period Covered or Date of Filing|
|3.1||Memorandum of Association of the Company.||F-1
|3.2||Amended and Restated Articles of Association of the Company, as amended on February 7, 2022.||8-K||02/09/2022|
|4.1||Description of Securities.*|
|4.2||Form of Placement Agent Warrant, dated February 16, 2021.||8-K||02/16/2021|
|4.3||Form of Ordinary Warrant, dated September 17, 2021.||8-K||09/20/2021|
|4.4||Form of Placement Agent Warrant, dated September 17, 2021.||8-K||09/20/2021|
|4.5||Form of Ordinary Warrant, dated February 14, 2022.||8-K||02/14/2022|
|4.6||Form of Pre-Funded Warrant, dated February 14, 2022.||8-K||02/14/2022|
|4.7||Form of Placement Agent Warrant, dated February 14, 2022.||8-K||02/14/2022|
|10.3||Form of Notice of Grant under the 2016 Equity Incentive Plan.†||10-K||
December 31, 2018
|10.4||Form of Notice of Grant under the Non-Employee Director 2016 Equity Incentive Plan.†||10-K||
December 31, 2018
|10.5||Summary of Director Compensation.||10-K||Year ended December 31, 2019|
|10.6||The Executive Compensation Policy of the Company, as approved in February 2022.||Proxy Statement||07/05/2022|
|10.7||Form of Convertible Debenture due 2024.||8-K||03/19/2020|
|10.8||Form of Securities Purchase Agreement, dated March 16, 2020.||8-K||03/19/2020|
|10.9||Form of Registration Rights Agreement, dated March 16, 2020.||8-K||03/19/2020|
|10.10||Form of Subsidiary Guarantee, dated March 16, 2020.||8-K||03/19/2020|
|10.11||Securities Purchase Agreement dated November 6, 2017 between Cyren Ltd. and WP XII Investments BV.||20-F||Year ended
December 31, 2017
|10.12||Registration Rights Agreement dated November 6, 2017 between Cyren Ltd. and WP XII Investments BV.||20-F||Year ended
December 31, 2017
|10.13||Form of Indemnification Agreement†||6-K (Exhibit B to Exhibit 99.1)||07/02/2018|
|10.14||Executive Employment Agreement dated April 23, 2019 between Cyren Inc., Cyren Ltd. and Brett Jackson. †||8-K||04/26/2019|
|10.15||Offer Letter dated January 26, 2021 between Cyren Inc. and Kenneth Tarpey.||8-K||01/27/2021|
|10.16||Supplemental Letter Agreement dated January 26, 2021 between Cyren Ltd. and Kenneth Tarpey.||8-K||01/27/2021|
|10.17||Form of Securities Purchase Agreement, dated September 15, 2021, between Cyren Ltd. and the purchasers named therein.||8-K||09/20/2021|
|10.18||Form of Registration Rights Agreement, dated September 15, 2021, between Cyren Ltd. and the purchasers named therein.||8-K||09/20/2021|
|10.19||Form of Securities Purchase Agreement, dated February 10, 2022, between Cyren Ltd. and the purchasers named therein.||8-K||02/14/2022|
|10.20||Form of Registration Rights Agreement, dated February 10, 2022, between Cyren Ltd. and the purchasers named therein.||8-K||02/14/2022|
|10.21||Executive Employment Agreement dated May 16, 2013, between Cyren Ltd. and Lior Kohavi.|
|21||List of Subsidiaries of the Company.*|
|23.1||Consent of Kost, Forer, Gabbay & Kasierer, independent registered public accounting firm.*|
|31.1||Certification of Company’s Principal Executive Officer Pursuant to Exchange Act Rule 13a-14(a) or 15d-14(a).*|
|31.2||Certification of Company’s Principal Financial Officer Pursuant to Exchange Act Rule 13a-14(a) or 15d-14(a).*|
|32.1||Certification of Company’s Principal Executive Officer and Principal Financial Officer Pursuant to 18 U.S.C. 1350. **|
|101||The following materials from our Annual Report on Form 10-K for the year ended December 31, 2021 formatted in Inline XBRL (eXtensible Business Reporting Language): (i) the Consolidated Balance Sheets, (ii) the Consolidated Statements of Operations, (iii) the Consolidated Statements of Comprehensive Loss, (iv) the Statements of Changes in Shareholders’ Equity, (v) the Consolidated Statements of Cash Flows and (vi) the Notes to Consolidated Financial Statements, tagged as blocks of text and in detail.*|
|101.INS||Inline XBRL Instance Document|
|101.SCH||Inline XBRL Taxonomy Extension Schema Document|
|101.CAL||Inline XBRL Taxonomy Extension Calculation Linkbase Document|
|101.DEF||Inline XBRL Taxonomy Extension Definition Linkbase Document|
|101.LAB||Inline XBRL Taxonomy Extension Label Linkbase Document|
|101.PRE||Inline XBRL Taxonomy Extension Presentation Linkbase Document|
|104||Cover Page Interactive Data File (embedded within the Inline XBRL document)|
|†||Management contract or compensatory plan or arrangement.|
ITEM 16. FORM 10-K SUMMARY
Pursuant to the requirements of Section 13 or 15(d) of the Securities Exchange Act of 1934, the Registrant has duly caused this report to be signed on its behalf by the undersigned, thereunto duly authorized.
|By:||/s/ Brett Jackson|
|Chief Executive Officer|
|Date:||March 24, 2022|
POWER OF ATTORNEY
We, the undersigned officers and directors of Cyren Ltd. hereby severally constitute and appoint Brett Jackson our true and lawful attorney with full power to him, to sign for us and in our names in the capacities indicated below this Annual Report on Form 10-K and to file the same, with exhibits thereto and other documents in connection therewith, with the Securities and Exchange Commission, hereby ratifying and confirming all that said attorney-in-fact or their substitute may do or cause to be done by virtue hereof.
Pursuant to the requirements of the Securities Exchange Act of 1934, this report has been signed below by the following persons on behalf of the Registrant and in the capacities and on the dates indicated.
|/s/ Brett Jackson||Chief Executive Officer||March 24, 2022|
|Brett Jackson||(Principal Executive Officer)|
|/s/ Kenneth Tarpey||Chief Financial Officer||March 24, 2022|
|Kenneth Tarpey||(Principal Financial and Accounting Officer)|
|/s/ James Hamilton||Chairman of the Board||March 24, 2022|
|/s/ Hila Karah||Director||March 24, 2022|
|/s/ David Earhart||Director||March 24, 2022|
|/s/ John Becker||Director||March 24, 2022|
|/s/ Cary Davis||Director||March 24, 2022|
|/s/ Brian Chang||Director||March 24, 2022|
|/s/ Rajveer Kushwaha||Director||March 24, 2022|
|/s/ Lauren Zletz||Director||March 24, 2022|
CYREN LTD. AND ITS SUBSIDIARIES
CONSOLIDATED FINANCIAL STATEMENTS
AS OF DECEMBER 31, 2021
U.S. DOLLARS IN THOUSANDS
|Report of Independent Registered Public Accounting Firm (PCAOB ID No. 1281)||F-2|
|Consolidated Balance Sheets||F-4 – F-5|
|Consolidated Statements of Operations||F-6|
|Consolidated Statements of Comprehensive Loss||F-7|
|Statements of Changes in Shareholders’ Equity||F-8|
|Consolidated Statements of Cash Flows||F-9 – F-10|
|Notes to Consolidated Financial Statements||F-11 – F-37|
- - - - - - - - - - - - - - - - - - - -
CYREN LTD. AND ITS SUBSIDIARIES
|Kost Forer Gabbay & Kasierer
144 Menachem Begin Road, Building A
Tel-Aviv 6492102, Israel
REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM
To the Shareholders and the Board of Directors of
Opinion on the Financial Statements
We have audited the accompanying consolidated balance sheets of Cyren Ltd. and its subsidiaries (the Company) as of December 31, 2021 and 2020, the related consolidated statements of operations, comprehensive loss, changes in shareholders’ equity and cash flows for each of the two years in the period ended December 31, 2021, and the related notes (collectively referred to as the “Consolidated Financial Statements”). In our opinion, the consolidated financial statements present fairly, in all material respects, the financial position of the Company at December 31, 2021 and 2020, and the results of its operations and its cash flows for each of the two years in the period ended December 31, 2021, in conformity with U.S. generally accepted accounting principles.
The Company’s Ability to Continue as a Going Concern
The accompanying consolidated financial statements have been prepared assuming that the Company will continue as a going concern. As discussed in Note 1 to the financial statements, the Company has suffered recurring losses from operations, negative cash flows from operating activities, has a working capital deficiency, and has stated that substantial doubt exists about the Company’s ability to continue as a going concern. Management’s evaluation of the events and conditions and management’s plans regarding these matters are also described in Note 1. The consolidated financial statements do not include any adjustments that might result from the outcome of this uncertainty.
Basis for Opinion
These financial statements are the responsibility of the Company’s management. Our responsibility is to express an opinion on the Company’s financial statements based on our audits. We are a public accounting firm registered with the Public Company Accounting Oversight Board (United States) (PCAOB) and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.
We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether due to error or fraud. The Company is not required to have, nor were we engaged to perform, an audit of its internal control over financial reporting. As part of our audits we are required to obtain an understanding of internal control over financial reporting but not for the purpose of expressing an opinion on the effectiveness of the Company’s internal control over financial reporting. Accordingly, we express no such opinion.
Our audits included performing procedures to assess the risks of material misstatement of the financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the financial statements. Our audits also included evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe that our audits provide a reasonable basis for our opinion.
CYREN LTD. AND ITS SUBSIDIARIES
Critical Audit Matters
The critical audit matter communicated below is a matter arising from the current period audit of the consolidated financial statements that were communicated or required to be communicated to the audit committee and that: (1) relates to accounts or disclosures that are material to the financial statements and (2) involved our especially challenging, subjective, or complex judgments. The communication of a critical audit matter does not alter in any way our opinion on the consolidated financial statements, taken as a whole, and we are not, by communicating the critical audit matter below, providing a separate opinion on the critical audit matter or on the accounts or disclosures to which it relates.
|Liquidity and Capital resources|
|Description of the matter||
As discussed in Note 1 to the consolidated financial statements, the Company has incurred losses since inception, and expects to continue to incur losses for the foreseeable future. At December 31, 2021, the Company’s cash and cash equivalents position is not sufficient to fund the Company’s planned operations for at least a year beyond the date of the issuance of the consolidated financial statements. Those factors raise substantial doubt about the Company’s ability to continue as a going concern
We determined the Company’s ability to continue as a going concern is a critical audit matter due to the estimation and execution uncertainty regarding the Company’s future cash flows and the risk of bias in management’s judgments and assumptions in estimating these cash flows to conclude the Company would have sufficient liquidity to sustain itself for at least a year beyond the date of the issuance of the consolidated financial statements. This in turn led to a high degree of auditor subjectivity and judgment to evaluate the audit evidence supporting the liquidity conclusions.
How we addressed the matter in our audit
Addressing the matter involved performing procedures and evaluating audit evidence in connection with our overall opinion on the consolidated financial statements. Our audit procedures included, among others, testing the reasonableness of the forecasted revenue, operating expenses, and uses and sources of cash used in management’s assessment of whether the Company has sufficient liquidity to fund operations for at least one year from the consolidated financial statement issuance date. This testing included inquiries with management, comparison of prior period forecasts to actual results, consideration of positive and negative evidence impacting management’s forecasts, the Company’s financing arrangements in place as of the report date, market and industry factors, we compared the terms and conditions of the financing arrangements with those of the Company’s existing loans and evaluated management’s analysis of their impact on the forecasted cash flows.
We assessed the adequacy of the Company’s going concern disclosures included in Note 1 to the consolidated financial statements.
/s/ Kost Forer Gabbay & Kasierer
a Member of Ernst & Young Global
We have served as the Company’s auditor since at least 1997, but we are unable to determine this specific year.
March 24, 2022
CYREN LTD. AND ITS SUBSIDIARIES
CONSOLIDATED BALANCE SHEETS
(in thousands of U.S. dollars)
|Cash and cash equivalents||$||4,302||$||9,296|
|Trade receivables (net of allowances for credit losses of $118 and $201 as of December 31, 2021 and 2020, respectively)||799||960|
|Prepaid expenses and other receivables||1,241||779|
|Total current assets||7,324||12,015|
|Long-term deferred commissions||933||1,125|
|Long-term lease deposits and prepaids||809||937|
|Operating lease right-of-use assets||9,280||10,900|
|Severance pay fund||921||745|
|Property and equipment, net||2,183||3,948|
|Intangible assets, net||4,304||7,797|
|Total long-term assets||38,804||46,928|
The accompanying notes are an integral part of the consolidated financial statements.
CYREN LTD. AND ITS SUBSIDIARIES
CONSOLIDATED BALANCE SHEETS
(in thousands of U.S. dollars, except share and per share data)
|LIABILITIES AND SHAREHOLDERS’ EQUITY|
|Convertible notes (related party)||10,000|
|Employees and payroll accruals||4,414||3,813|
|Accrued expenses and other liabilities ($4 and $37 attributable to related parties, respectively)||955||1,420|
|Operating lease liabilities||1,618||1,983|
|Total current liabilities||12,706||24,949|
|Convertible Debentures ($238 and $234 attributable to related parties)||8,578||9,248|
|Long-term operating lease liabilities||8,624||9,866|
|Deferred tax liability, net||407||655|
|Accrued severance pay||983||838|
|Total long-term liabilities||19,594||21,957|
|COMMITMENTS AND CONTINGENCIES (Note 6)|
|Ordinary shares nominal value ILS 3.00 par value; Authorized: 80,000,000 and 5,500,000 shares as of December 31, 2021 and 2020; Issued and Outstanding: 4,532,943 and 3,063,596 shares as of December 31, 2021 and 2020, respectively||3,759||2,392|
|Additional paid-in capital||283,577||258,962|
|Accumulated other comprehensive loss||(1,877||)||(725||)|
|Total shareholders’ equity||13,828||12,037|
|Total liabilities and shareholders’ equity||$||46,128||$||58,943|
All Cyren shares issued and outstanding for all periods reflect Cyren’s 1-for-20 Reverse Share Split, which was effective February 8, 2022.
The accompanying notes are an integral part of the consolidated financial statements.
CYREN LTD. AND ITS SUBSIDIARIES
CONSOLIDATED STATEMENTS OF OPERATIONS
(in thousands of U.S. dollars, except share and per share data)
|Year ended |
|Cost of revenues||15,277||14,786|
|Research and development, net||17,624||16,083|
|Sales and marketing||10,808||11,678|
|General and administrative||9,283||9,583|
|Total operating expenses||37,715||37,344|
|Other (expenses) income, net||(12||)||5|
|Financial expenses, net (1)||(1,360||)||(1,647||)|
|Loss before taxes on income||(23,177||)||(17,384||)|
|Basic and diluted net loss per share (2)||$||(5.90||)||$||(5.72||)|
|Weighted average number of shares used in computing basic and diluted net loss per share||3,908,072||3,016,359|
|(1)||Transaction with related parties are included in the line item above (refer to Footnote 12, Related Parties, of the Notes to the Consolidated Financial Statements for additional information).|
|(2)||Please refer to Note 13(a).|
The accompanying notes are an integral part of these consolidated financial statements.
CYREN LTD. AND ITS SUBSIDIARIES
CONSOLIDATED STATEMENTS OF COMPREHENSIVE LOSS
(in thousands of U.S. dollars)
|Other comprehensive loss:|
|Foreign currency translation adjustments||(1,152||)||1,285|
The accompanying notes are an integral part of these consolidated financial statements.
CYREN LTD. AND ITS SUBSIDIARIES
STATEMENTS OF CHANGES IN SHAREHOLDERS’ EQUITY
(in thousands of U.S. dollars, except share data)
|Number of outstanding ordinary shares||Share capital||Additional paid-in capital||Accumulated other comprehensive loss (*)||Accumulated deficit||Total|
|Balance as of December 31, 2019||2,968,609||2,309||255,741||(2,010||)||(231,329||)||24,711|
|Restricted share units vested||42,807||38||(38||)|
|Payment of interest in shares||28,030||24||551||575|
|Share-based compensation related to employees, directors, and consultants||-||-||2,391||2,391|
|Issuance of shares upon early conversion of a Convertible Debentures||24,150||21||317||338|
|Other comprehensive loss||-||-||1,285||1,285|
|Balance as of December 31, 2020||3,063,596||2,392||258,962||(725||)||(248,592||)||12,037|
|Issuance of ordinary shares, net of issuance costs (**)||600,000||556||12,032||12,588|
|Issuance of ordinary shares and warrants, net of costs (***)||707,639||662||8,614||9,276|
|Restricted share units vested||43,913||41||(41||)|
|Payment of interest in shares||57,723||53||751||804|
|Share-based compensation related to employees, directors, and consultants||-||-||2,455||2,455|
|Issuance of shares upon early conversion of a Convertible Debentures||60,074||55||804||859|
|Other comprehensive loss||-||-||(1,152||)||(1,152||)|
|Balance as of December 31, 2021||4,532,945||$||3,759||$||283,577||$||(1,877||)||$||(271,631||)||$||13,828|
|(*)||Relates to foreign currency translation adjustments.|
|(**)||Net of issuance costs of $1,212|
|(***)||Net of issuance costs of $914|
The accompanying notes are an integral part of the consolidated financial statements.
CYREN LTD. AND ITS SUBSIDIARIES
CONSOLIDATED STATEMENTS OF CASH FLOWS
(in thousands of U.S. dollars)
|Cash flows from operating activities:|
|Adjustments to reconcile net loss to net cash used in operati|