Risk Factor Summary
Our business is subject to numerous risks and uncertainties, including those highlighted in Part II, Item 1A titled “Risk Factors.” These risks include, but are not limited to, the following:
Factors Related to Our Business and Results of Operations
•our business model transition from sales of licenses to the delivery of cloud services;
•fluctuations in our operating results from period to period;
•our organic and inorganic growth and the effectiveness of our controls, systems and procedures as we grow;
•our history of losses and the prospect of profitability;
•costly and continuous infrastructure investments required by our cloud services;
•our ability to attract and retain leadership and key personnel, particularly within our industry;
•expansion and integration related to past and future acquisitions;
•our ability to obtain capital on acceptable terms to support our growth;
•our ability to use our net operating losses and tax credits to offset future taxes; and
•liability related to past or future sales and use, value added, withholding or similar taxes.
Factors Related to the Economy and the Markets in which We Operate
•the impact of the COVID-19 pandemic on our business;
•intense competition from large and small providers and vendors in the markets in which we operate;
•market acceptance of our new and existing offerings and product enhancements;
•economic and political conditions and uncertainty, both domestically and internationally, including those specific to industries in which our customers participate; and
•governmental export and import controls related to operation in international markets.
Factors Related to Customers and Sales
•current and future customer demand, use case expansion and satisfaction;
•our reliance on customer purchases, renewals, upgrades and expansions of term licenses, agreements for cloud services and maintenance and support agreements;
•our evolving pricing models and their impacts on our customers’ purchases, renewals, upgrades and expansions;
•the length of time, expense and unpredictability associated with our sales;
•our international sales and operations;
•dependency on and challenges related to sales to federal, state, local and foreign governments; and
•customer dissatisfaction, data loss or corruption arising from incorrect or improper implementation or use of our products.
Factors Related to IT, Privacy and Data Security
•actual or perceived security breaches or incidents or unauthorized access to our customers’ data, our data or our cloud services;
•interruptions or performance problems associated with our technology and infrastructure, and reliance on SaaS technologies from third parties;
•actual or perceived errors, failures or bugs in our offerings, including when new offerings, versions or updates are released; and
•legal requirements, contractual obligations and industry standards related to security, data protection and privacy.
Factors Related to Intellectual Property and Other Proprietary Rights
•our ability to protect our trade secrets, trademarks, copyrights, patents, know-how, confidential information, proprietary methods and technologies and other intellectual property and proprietary rights;
•intellectual property rights claims by third parties that may be costly to defend, require us to pay significant damages or limit our ability to use certain technologies;
•maintenance, protection and enhancement of our brand; and
•our use of “open source” software and related potential burdens, restrictions and litigation.
Factors Related to Reliance on Third Parties
•our reliance on third party providers of cloud infrastructure services to deliver our offerings to users on our platform;
•our ability to maintain successful relationships with our partners, such as distributors and resellers, to license, provide professional services and support our offerings;
•our use of our community website, expansion of our developer ecosystem and support from third-party software developers; and
•third-party advice and information that may not be accurate that is provided to others utilizing our community website and our products.
Factors Related to Our Securities
•our debt servicing obligations;
•our current and future indebtedness may limit our operating flexibility;
•the dilutive impact of the conversion of the Notes;
•the conditional conversion feature of the Notes;
•the accounting method for convertible debt securities, such as the Notes, including accounting for liability and equity components of convertible debt instruments that may be settled entirely or partially in cash;
•counterparty risk related to the Capped Calls; and
•the volatility of our common stock.
General Factors
•the impact of climate change on our business;
•tax liabilities related to federal, state, local and foreign taxes;
•changes in accounting pronouncements and other financial and nonfinancial reporting standards;
•the strain on resources and diversion of management attention caused by the requirements of being a public company and related complexities; and
•anti-takeover provisions in our charter, bylaws and afforded to us under Delaware law that may have the effect of delaying or preventing a change of control or changes in our management.
Risk Factors
Our operations and financial results are subject to various risks and uncertainties including those described below. The risks and uncertainties described below are not the only ones we face. Additional risks and uncertainties that we are unaware of, or that we currently believe are not material, also may become important factors that affect us. If any of the following risks or others not specified below materialize, our business, financial condition and results of operations could be materially adversely affected. In that case, the trading price of our common stock could decline.
Factors Related to Our Business and Results of Operations
If we fail to successfully manage our business model transition, our operating results could be negatively impacted.
Historically we generated a majority of our revenues from sales of licenses, whereby we generally recognize the license fee portion of the arrangement upfront, assuming all revenue recognition criteria are satisfied. However, our revenue mix has shifted from sales of licenses to the delivery of cloud services and we expect it will continue to shift in favor of cloud services. Our transition to a predominately cloud services delivery model has impacted, and it will continue to impact, the timing of our recognition of revenue as an increasing percentage of our sales becomes recognized ratably, and will also impact
our operating margins as cloud services become a larger percentage of our sales. Our shift to a cloud subscription model has happened faster than we expected, and our ability to predict our revenue and margins in any particular period has been, and may continue to be, limited. For example, the increase in remote work as a result of the COVID-19 pandemic appears to have accelerated our customers’ shift to cloud services, the continued effects of which are uncertain and unpredictable. We have also shifted from generally invoicing our multi-year contracts upfront to invoicing on an annual basis. Accordingly, we have seen the timing of our cash collections extend over a longer period of time with the transition to a subscription model than it has historically, and we expect this to negatively impact operating cash flows through at least fiscal 2022. Whether our business model transition will prove successful and will accomplish our business and financial objectives is subject to numerous uncertainties, including but not limited to: customer demand, renewal and expansion rates, our ability to further develop and scale infrastructure, tax and accounting implications, pricing, and our costs. In addition, we expect the metrics we use to gauge the status of our business model transition, and evaluate and describe our business, may continue to evolve over the course of this transition as significant trends emerge. If we do not successfully execute this transition, our business and future operating results could be adversely affected.
Our future operating results may fluctuate significantly and our operating results may not be a good indication of future performance.
Our revenues, operating margins, cash flows and other operating results could vary significantly from period to period as a result of various factors, many of which are outside of our control. Comparing our revenues and operating results on a period-to-period basis may not be meaningful, and our past results should not be relied upon as an indication of our future performance. For example, we generally recognize license revenues upfront and recognize revenues associated with our cloud services ratably over the term of the agreement. At the beginning of each period, we cannot predict the ratio of orders with revenues that will be recognized upfront and those with revenues that will be recognized ratably that we will enter into during the quarter, due to the fact that our customers have the ability to choose between a term license and cloud subscription agreement. Our customers may choose shorter duration term licenses ahead of migrating to cloud subscriptions and may choose shorter duration cloud subscriptions when transitioning from on-premises to cloud services. In addition, the size of our licenses and orders varies greatly and can result in fluctuations in our revenues and operating results. A portion of revenue recognized in any given quarter is a result of ratably recognized agreements entered into during previous quarters, including agreements for our cloud services and maintenance and support agreements. Consequently, a decline in business from such ratably recognized agreements in any quarter may not be reflected in our revenue results for that quarter. Any such decline, however, will negatively affect our revenues in future quarters. Accordingly, the effect of downturns in sales and market acceptance of our offerings may not be fully reflected in our results of operations until future periods.
We may not be able to accurately predict our future revenues or results of operations. For example, although our shift to a subscription model generates recurring revenue and cash flows that are expected to be more predictable over time, we may not be able to accurately forecast our revenue, cash flows and other financial results in the near term due to a number of variables, including the timing of our collection of cash, increased annual invoicing, revenue mix, our customers’ rate of adoption of our cloud services model as compared to term licenses, contract durations, the extent and continued impact of the COVID-19 pandemic on our business and overall economic environment and the timing of revenue recognition. We base our current and future expense levels on our operating plans and sales forecasts, and our operating costs are expected to be relatively fixed in the short-term. As a result, we may not be able to reduce our costs sufficiently to compensate for an unexpected shortfall in revenues, and even a small shortfall in revenues could disproportionately and adversely affect our financial results for that quarter.
In addition to other risk factors described elsewhere in this “Risk Factors” section, factors that may cause our financial results to fluctuate from quarter to quarter include:
•the impact of our business model transition on our revenue mix, which may impact our revenue, deferred revenue, remaining performance obligations, gross margins and operating income;
•the timing of our sales during the quarter, particularly because a large portion of our sales occur toward the end of the quarter;
•the loss or delay of a few large transactions;
•changes in the mix of our revenues from sales of licenses to the delivery of cloud services as well as the duration;
•the mix of revenues attributable to larger transactions as opposed to smaller transactions and the impact that a few large transactions or a change in mix may have on our overall financial results as well as the overall average selling price of our offerings;
•the renewal and usage rates of our customers;
•changes in the competitive dynamics of our market;
•changes in customers’ budgets and in the timing of their purchasing decisions and in the length of sales cycles;
•changes in our pricing models and practices or those of our competitors;
•changes to our invoicing practices;
•customers delaying purchasing decisions in anticipation of new offerings or software enhancements by us or our competitors or for other reasons;
•customer acceptance of and willingness to pay for new versions of our offerings or new solutions for specific product and end markets;
•our ability to successfully introduce and monetize new offerings and licensing and service models for our new offerings;
•network outages or actual or perceived security breaches or incidents;
•the availability and performance of our cloud services, including Splunk Cloud;
•our ability to control costs, including our operating expenses;
•changes in laws and regulations that impact our business;
•general economic and political conditions and uncertainty, both domestically and internationally, as well as economic and political conditions and uncertainty specifically affecting industries in which our customers participate, including ongoing impacts from the COVID-19 pandemic;
•the amount and timing of our stock-based compensation expenses;
•changes in accounting standards, particularly those related to revenue recognition and sales commissions;
•use of estimates, judgments and assumptions under current accounting standards;
•the timing of satisfying revenue recognition criteria;
•our ability to qualify and successfully compete for government contracts; and
•the collectability of receivables from customers and resellers, which may be hindered or delayed, particularly as the COVID-19 pandemic continues.
Many of these factors are outside our control, and the variability and unpredictability of such factors could result in our failing to meet or exceed our financial expectations for a given period. We believe that quarter-to-quarter comparisons of our revenues, operating results and cash flows may not necessarily be indicative of our future performance.
If we fail to effectively manage our growth, our business and operating results could be adversely affected.
Although our business has experienced significant growth, we cannot provide any assurance that our business will continue to grow at the same rate or at all. We have experienced and expect to continue to experience growth in our headcount and operations, including from acquisitions, which has placed and will continue to place significant demands on our management and our operational and financial systems and infrastructure. As of April 30, 2021, approximately 27% of our workforce had been employed by us for less than one year. As we continue to grow, we must effectively integrate, develop and motivate a large number of new employees, while maintaining the effectiveness of our business execution and the beneficial aspects of our corporate culture and values, the challenges of which may be exacerbated due to remote working conditions associated with the ongoing COVID-19 pandemic. In particular, we intend to continue to make directed and substantial investments to expand our research and development, sales and marketing, and general and administrative organizations, as well as our international operations.
To effectively manage growth, we must continue to improve our operational, financial and management controls, and our reporting systems and procedures by, among other things:
•improving our key business applications, processes and IT infrastructure to support our business needs and appropriately documenting such systems and processes;
•enhancing information and communication systems to ensure that our employees and offices around the world are well-coordinated and can effectively communicate with each other and our growing base of customers and partners; and
•enhancing our internal controls to ensure timely and accurate reporting of all of our operations and financial results.
These systems enhancements and improvements will require significant capital expenditures and allocation of valuable management and employee resources. If we fail to implement these improvements effectively, our ability to manage our expected growth, ensure uninterrupted operation of key business systems and comply with the rules and regulations that are applicable to public reporting companies will be impaired. Additionally, if we do not effectively manage the growth of our business and operations, the quality of our offerings could suffer, which could negatively affect our brand, financial results and overall business.
We have a history of losses, and we may not be profitable in the future.
We have incurred net losses in each year since our inception. As a result, we had an accumulated deficit of $2.94 billion at April 30, 2021. Because our products and offerings, as well as the market for these products and offerings, continue to evolve, it is difficult for us to predict our future operating results. We expect our operating expenses to increase over the next several years as we hire additional personnel, expand and improve the effectiveness of our distribution channels, improve the performance and scalability of our technology architecture, and continue to develop features and functionality for our offerings. In addition, as a public company, we have incurred and will continue to incur significant legal, accounting and other operating expenses. If our revenues do not increase to offset these increases in our operating expenses, we may not be profitable in future periods. Our historical revenue growth has been inconsistent and should not be considered indicative of our future performance, particularly as our business model transitions. Further, in future periods, our revenue growth could slow, or our revenues could decline for a number of reasons, including slowing demand for our offerings, increasing competition, a decrease in the growth of our overall market, changes in our mix of revenues, or our failure, for any reason, to continue to capitalize on growth opportunities. Any failure by us to achieve, sustain or increase profitability on a consistent basis could cause the value of our common stock to decline.
Our cloud services, including Splunk Cloud, require costly and continual infrastructure investments, and if our transition to a cloud-based business model is not successful, our business could be adversely affected.
A cloud-based model of software deployment is one in which a software provider typically licenses an application to customers for use as a service on demand through web browser technologies. Delivering software under a cloud-based model results in higher costs and expenses when compared to sales of licenses for similar functionality. In recent years, companies have begun to expect that key software, such as customer relationship management and enterprise resource planning systems, be provided through a cloud-based model. Many of our offerings are now made available in the cloud as well as on-premises. Customers can sign up for our cloud services and avoid the need to provision, deploy and manage internal infrastructure. In order to deliver our cloud services via a cloud-based deployment, we have made and will continue to make capital investments
and incur substantial costs to implement and maintain this alternative business model. In addition, as we look to deliver new or different cloud services, we are making significant technology investments to deliver new capabilities and advance our software to deliver cloud-native customer experiences. We expect that over time the percentage of our revenue attributable to our cloud services will continue to increase. If our cloud services, in particular Splunk Cloud, do not garner widespread market adoption, or there is a reduction in demand for cloud services caused by a lack of customer acceptance, technological challenges, weakening economic or political conditions, security or privacy concerns, inability to properly manage such services, competing technologies and products, decreases in corporate spending or otherwise, our financial results, business model and competitive position could suffer. If these investments do not yield the expected return, or we are unable to decrease the cost of delivering our cloud services, our gross margins, overall financial results, business model and competitive position could suffer. Transitioning to a fully cloud-based model also impacts the way we recognize revenues, which may affect our operating results and could have an adverse effect on our business operations and financial results.
Even with these investments and costs, the cloud-based business model for our cloud services may not be successful, as some customers may desire on-premises deployment of our offerings. Our cloud services may raise concerns among customers, including concerns regarding changes to pricing models, service availability, scalability, ability to use customer-developed apps, information security of a cloud service and hosted data, and access to data while offline or once a subscription has expired. Market acceptance of our cloud services can be affected by a variety of factors, including but not limited to: security, reliability, performance, terms of service, support terms, customer preference, community engagement, customer concerns with entrusting a third party to store and manage their data, public concerns regarding data privacy or data protection, and the enactment of restrictive laws or regulations in the affected jurisdictions. If we or other providers of cloud services experience security incidents or breaches, loss of customer data, disruptions in delivery of services, network outages, disruptions in availability of the internet, unauthorized access or other problems, the market for cloud services as a whole, including Splunk Cloud, may be negatively affected. Moreover, sales of Splunk Cloud and other cloud services could displace sales of licenses. Alternatively, subscriptions to Splunk Cloud and other cloud services that exceed our expectations may unexpectedly increase our costs, lower our margins, lower our profits or increase our losses and otherwise negatively affect our projected financial results.
If we are unable to attract and retain leadership and key personnel, our business could be adversely affected.
We depend on the continued contributions of our leadership, senior management and other key personnel, the loss of whom could adversely affect our business. All of our executive officers and key employees are at-will employees, which means they may terminate their employment relationship with us at any time. We do not maintain a key-person life insurance policy on any of our officers or other employees.
Our future success also depends on our ability to identify, attract and retain highly skilled technical, managerial, finance and other personnel, particularly in our sales and marketing, research and development, general and administrative, and professional service departments. We face intense competition for qualified individuals from numerous software and other technology companies. We may incur significant costs to attract and retain these qualified individuals, and we may lose new employees to our competitors or other technology companies before we realize the benefit of our investment in recruiting and training them. As we move into new geographies, we will need to attract and recruit skilled personnel in those areas. If we are unable to attract and retain suitably qualified individuals who are capable of meeting our growing technical, operational and managerial requirements, on a timely basis or at all, our business will be adversely affected.
We continue to be substantially dependent on our sales force to effectively execute our sales strategies to obtain new customers and to drive additional use cases and adoption among our existing customers. We believe that there is significant competition for sales personnel with the skills and technical knowledge that we require, and further, continuing or recurring restrictions placed on recruiting, training and retention by the ongoing COVID-19 pandemic may further exacerbate our efforts to expand our sales force. Our ability to achieve significant revenue growth will depend, in large part, on our success in recruiting, training and retaining sufficient numbers of sales personnel to support our growth. In addition, as we continue to grow rapidly, a large percentage of our sales force is new to the company and our offerings. As our sales strategies evolve and offerings expand, additional training for new hires and our existing team may be required for our sales force to successfully execute on those strategies. We periodically adjust our sales organization and our compensation programs as part of our efforts to optimize our sales operations to grow revenue, drive incremental growth and support our business model transition. If we have not structured our sales organization or compensation for our sales personnel in a way that properly supports our company’s objectives, or if we fail to make changes in a timely fashion or do not effectively manage changes, our revenue growth could be adversely affected. Our growth creates additional challenges and risks with respect to attracting, integrating and retaining qualified employees, particularly sales personnel. If we are unable to hire and train sufficient numbers of effective sales personnel, or the sales personnel are not successful in obtaining new customers or increasing sales to our existing customer base, our business will be adversely affected.
In addition, we rely upon equity compensation to help recruit, retain and motivate our employees and executive officers, and to align the interests of our employees, executive officers and directors with our stockholders. Our 2012 Equity Incentive Plan will terminate in March 2022, at which time we will no longer be able to issue any new equity awards pursuant to such plan and we will need to implement a new equity incentive plan, which is subject to approval by our stockholders. Failure to obtain stockholder approval of a new equity incentive plan, or our inability to obtain approval for a sufficient number of shares to be issued under such plan, will place us at a competitive disadvantage and would significantly hinder our ability to grant equity awards, which could impede our ability to attract, motivate and retain employees, key executives or directors, harm our growth and adversely affect our operating results. Volatility or lack of performance in our stock price may also affect our ability to attract and retain our key employees. Many of our senior management personnel and other key employees have become, or will soon become, vested in a substantial amount of stock, restricted stock units or stock options. Employees may be more likely to leave us if the shares they own or the shares underlying their vested restricted stock units or options have significantly appreciated in value relative to the original purchase prices of the shares or the exercise prices of the options, or, conversely, if the exercise prices of the options that they hold are significantly above the market price of our common stock. If we are unable to retain our employees, or if we need to increase our compensation expenses to retain our employees, our business, results of operations, financial condition and cash flows would be adversely affected.
We have in the past made and may in the future make acquisitions that could prove difficult to integrate and/or adversely affect our business operations and financial results.
From time to time, we may choose to expand by making acquisitions that could be material to our business, results of operations, financial condition and cash flows. For example, we recently announced the acquisition of TruSTAR, a cloud-native security company providing a data-centric intelligence platform. Our ability as an organization to successfully acquire and integrate technologies or businesses is unproven. Acquisitions involve many risks, including the following:
•an acquisition may negatively affect our financial results because it may require us to incur charges or assume substantial debt or other liabilities, may cause adverse tax consequences or unfavorable accounting treatment, may expose us to claims and disputes by third parties, including intellectual property claims and disputes, or may not generate sufficient financial return to offset additional costs and expenses related to the acquisition;
•we may incur potential goodwill impairment charges related to acquisitions;
•we may incur costs and experience potential difficulties associated with the requirement to test and assimilate the internal control processes of the acquired business;
•we may encounter difficulties or unforeseen expenditures in integrating the business, technologies, infrastructure, products, personnel or operations of any company that we acquire, particularly if key personnel of the acquired company decide not to work for us or if we are unable to retain key personnel;
•we may not realize the expected benefits of the acquisition;
•an acquisition may disrupt our ongoing business, divert resources, increase our expenses and distract our management;
•an acquisition may result in a delay or reduction of customer purchases for both us and the company acquired due to customer uncertainty about continuity and effectiveness of service from either company;
•relationships with existing customers, vendors and distributors as business partners may be impacted as a result of us acquiring another company or business that competes with or otherwise is incompatible with those existing relationships;
•our due diligence of an acquired company or business may not identify significant problems or liabilities, or we may underestimate the costs and effects of identified liabilities;
•we may be exposed to litigation or other claims in connection with, or inheritance of claims or litigation risk as a result of, an acquisition, including but not limited to claims from former employees, customers or other third parties, which may differ from or be more significant than the risks our business faces;
•we may encounter difficulties in, or may be unable to, successfully sell any acquired products;
•an acquisition may involve the entry into geographic or business markets in which we have little or no prior experience or where competitors have stronger market positions;
•an acquisition may require us to comply with additional laws and regulations, or to engage in substantial remediation efforts to cause the acquired company to comply with applicable laws or regulations, or result in liabilities resulting from the acquired company’s failure to comply with applicable laws or regulations;
•our use of cash to pay for an acquisition would limit other potential uses for our cash;
•if we incur debt to fund such acquisition, such debt may subject us to material restrictions on our ability to conduct our business as well as financial maintenance covenants; and
•to the extent that we issue a significant amount of equity securities in connection with future acquisitions, existing stockholders may be diluted and earnings per share may decrease.
The occurrence of any of these risks could have a material adverse effect on our business operations and financial results.
We may require additional capital to support business growth, and this capital might not be available on acceptable terms, if at all.
We intend to continue to make investments to support our business growth and may require additional funds to respond to business challenges, including the need to develop new features or enhance our offerings, improve our operating infrastructure or acquire complementary businesses and technologies. If the assumptions underlying our cash flow guidance are incorrect, for example, due to unexpected impacts of the ongoing COVID-19 pandemic or a more rapid transition in our business model than we expect, our business may not continue to generate cash flow from operations in the future sufficient to make planned capital expenditures. Accordingly, we have engaged in, and may need to engage in the future, in equity, equity-linked or debt financings to secure additional funds. The significant disruption of global financial markets due to the ongoing COVID-19 pandemic could further reduce our ability to access capital, which could negatively affect our ability to secure these additional funds. If we raise additional funds through future issuances of equity or convertible debt securities, our existing stockholders could suffer significant dilution, and any new equity securities we issue could have rights, preferences and privileges superior to those of holders of our common stock. For example, if we elect to settle our conversion obligation under the Notes (as defined below) in shares of our common stock or a combination of cash and shares of our common stock, the issuance of such common stock may dilute the ownership interests of our stockholders and sales in the public market could adversely affect prevailing market prices. Any debt financing that we may secure in the future could involve restrictive covenants relating to our capital raising activities and other financial and operational matters, which may make it more difficult for us to obtain additional capital and to pursue business opportunities, including potential acquisitions, or otherwise reduce operational flexibility. We may not be able to obtain additional financing on terms favorable to us, if at all. If we are unable to obtain adequate financing or financing on terms satisfactory to us when we require it, our ability to continue to support our business growth and to respond to business challenges could be significantly impaired, and our business may be adversely affected.
Our ability to use our net operating losses and tax credits to offset future taxes may be subject to certain limitations.
Our unused net operating losses (“NOLs”) and tax credits generally carry forward to offset future taxes. We record an asset for these future tax benefits, with our U.S. federal and state tax benefits subject to a full valuation allowance. Federal, state and foreign taxing bodies often place limitations on NOLs and tax credit carryforward benefits. As a result, we may not be able to utilize the NOL and tax credit assets reflected on our balance sheet, even if we attain profitability. Section 382 of the United States Internal Revenue Code of 1986, as amended (the “Code”), is one such example of a limitation. A corporation that undergoes an “ownership change” within the meaning of Section 382 of the Code is subject to limitations on its ability to utilize its pre-change NOLs to offset future taxable income. Future changes in our stock ownership, some of which may be outside of our control, could result in an ownership change under Section 382 of the Code. If our existing NOLs are subject to limitations arising from an ownership change, our ability to utilize NOLs could be limited by Section 382 of the Code, and a certain amount of our prior-year NOLs could expire without benefit. Changes in the law may also impact our ability to use our NOL and tax credit carryforwards. For example, the legislation commonly referred to as the Tax Cuts and Jobs Act of 2017, as
modified by the Coronavirus Aid, Relief, and Economic Security Act, modified certain limitations on the use of our federal NOLs, and California recently enacted legislation limiting the use of our state NOLs for taxable years 2020, 2021, and 2022.
Taxing authorities may successfully assert that we should have collected or in the future should collect sales and use, value added, withholding, or similar taxes, and we could be subject to liability with respect to past or future sales, which could adversely affect our financial results.
We do not collect sales and use, value added, withholding, and similar taxes in all jurisdictions in which we have sales, based on our belief that such taxes are not applicable. Certain jurisdictions in which we do not collect such taxes may successfully assert that such taxes are applicable or that our presence in such jurisdictions is sufficient to require us to collect taxes and that could result in tax assessments, penalties, interest and requirements to collect such taxes in the future. Such tax assessments, penalties, interest or future requirements to charge taxes to our customers may adversely affect our financial results.
Factors Related to the Economy and the Markets in which We Operate
The near and long-term impact of the global COVID-19 pandemic on our business, results of operations and cash flows remain uncertain.
In March 2020, the World Health Organization declared the novel coronavirus (COVID 19) a pandemic. This contagious disease continues to spread across the globe and to materially and adversely impact worldwide economic activity and financial markets.
The ongoing COVID-19 pandemic has affected and continues to affect how we and our customers and partners are operating our businesses, and the duration and extent to which this will impact our business, results of operations and cash flows is uncertain. Related to this uncertainty, certain customers have, and may in the future continue to, decrease or delay their information technology spending, purchase shorter term contracts or request payment concessions, any of which could result in decreased revenue and cash flows for us. We may experience customer losses, including due to bankruptcy or our customers ceasing operations, which may result in an inability to collect receivables from these customers. A decline in revenue or the collectability of our receivables would harm our business. In addition, the ongoing COVID-19 pandemic has disrupted and may continue to disrupt the operations of our customers and partners for an indefinite period of time, including as a result of local, state and federal government public health orders, travel restrictions and/or business shutdowns related to the continuance or resurgence of infection rates, all of which could negatively impact our business and results of operations, including cash flows. More generally, the ongoing COVID-19 pandemic has adversely affected economies and financial markets globally, and continued uncertainty could potentially lead to an economic downturn, which could decrease technology spending and adversely affect demand for our offerings and harm our business and results of operations.
The nature and extent of the continued impact of the ongoing COVID-19 pandemic on our customers and our customers’ response to the ongoing COVID-19 pandemic is difficult to assess or predict, and we may be unable to accurately forecast our revenues or financial results or other performance metrics, especially given that the near and long term impact of the pandemic remains uncertain. Our actual results could be materially above or below our forecasts, which could disappoint analysts and investors and/or cause our stock price to decline.
In light of the uncertain and fluid situation relating to the ongoing COVID-19 pandemic, we continue to take precautionary measures intended to minimize the risk of the disease to our employees, our customers, and the communities in which we operate, which could negatively impact our business. Although we continue to monitor the situation and will adjust our current policies as more information and public health guidance become available, including progress made through vaccinations, precautionary measures that have been adopted could negatively affect our customer success efforts, employee productivity, sales and marketing efforts, delay and lengthen our sales cycles, or create operational or other challenges, including as a result of continuing or recurring travel restrictions, any of which could harm our business and results of operations. Additionally, although we plan to selectively reopen certain of our offices, with many of our employees continuing to work remotely, we are at increased risk of cyber security-related breaches. We continue to take steps to monitor and enhance the security of our systems, IT infrastructure, networks, and data; however, the unprecedented scale of remote work may require additional personnel and resources, which nevertheless cannot be guaranteed to fully safeguard all systems, IT infrastructure networks, and data upon which we rely. The ongoing COVID-19 pandemic may also have long-term effects on the nature of the office environment and remote working, which has and may continue to bring changes to our real estate lease assets.
It is not possible at this time to estimate the impact that the COVID-19 pandemic could have on our business, as the impact will depend on future developments, including the duration, spread, severity, and potential recurrence of a COVID-19 pandemic, which are highly uncertain and cannot be predicted. Furthermore, due to our shift to a subscription model, the effect of the COVID-19 pandemic may not be fully reflected in our results of operations until future periods.
We face intense competition in our markets, and we may be unable to compete effectively against our current and future competitors.
Although our offerings target the new and emerging market for software and cloud services that deliver real-time business insights from data, we compete against a variety of large cloud service providers and software vendors, as well as smaller specialized companies, open source projects and custom development efforts, which provide solutions in the specific markets we address. Our principal competitors include:
•Cloud monitoring and APM/Observability vendors;
•Monitoring, troubleshooting, security and analytics services offered (embedded or add-ons) by major public cloud service providers;
•Companies targeting the data analytics industry;
•Legacy security, systems management and other IT vendors; and
•IT departments that undertake custom software development efforts to analyze and manage their operations data across their public and private cloud landscapes.
The principal competitive factors in our markets include features, performance and support, scalability and flexibility, ease of deployment and use, total cost of ownership and time to value. Some of our current and potential competitors have advantages over us, such as longer operating histories, significantly greater financial, technical, marketing or other resources, stronger brand and business user recognition, larger intellectual property portfolios, broader global distribution networks and presence and more developed ecosystems of partners and skilled users. Further, competitors may be able to offer products or functionality similar to ours at a more attractive price than we can, such as by integrating or bundling their software products with their other product offerings. In addition, our industry is evolving rapidly and is becoming increasingly competitive. Larger and more established companies may focus on delivering real-time business insights from data and could directly compete with us. For example, companies may commercialize open source software in a manner that competes with our offerings or causes potential customers to believe that such products and our offerings perform the same function. If companies move a greater proportion of their data and computational needs to the cloud, new competitors may emerge that offer services comparable to ours or that are better suited for cloud-based data, and the demand for our offerings may decrease. Smaller companies could also launch new products and services that we do not offer and that could gain market acceptance quickly.
In recent years, there have been significant acquisitions and consolidation by and among our competitors. We anticipate this trend of consolidation will continue, which will present heightened competitive challenges to our business. In particular, consolidation in our industry increases the likelihood of our competitors offering bundled or integrated products, and we believe that it may increase the competitive pressures we face with respect to our offerings. If we are unable to differentiate our offerings from the integrated or bundled products of our competitors, such as by offering enhanced functionality, performance or value, we may see decreased demand for those offerings, which would adversely affect our business operations, financial results and growth prospects. Further, it is possible that continued industry consolidation may impact customers’ perceptions of the viability of smaller or even medium-sized software firms and consequently their willingness to use software solutions from such firms. Similarly, if customers seek to concentrate their software license purchases in the product portfolios of a few large providers, we may be at a competitive disadvantage regardless of the performance and features of our offerings. We believe that in order to remain competitive at the large enterprise level, we will need to develop and expand relationships with resellers and large system integrators that provide a broad range of products and services. If we are unable to anticipate competitive challenges or compete effectively, our business operations and financial results could be materially and adversely affected.
If our new and existing offerings and product enhancements do not achieve sufficient market acceptance, our financial results and competitive position will suffer.
Our business substantially depends on, and we expect our business to continue to substantially depend on, sales of licenses, maintenance and services related to Splunk Enterprise and sales of subscriptions related to Splunk Cloud and other cloud-based offerings. As such, the market acceptance of these offerings is critical to our continued success. Demand for these offerings is affected by a number of factors beyond our control, including continued market acceptance of these products by referenceable accounts for existing and new use cases, the timing of development and release of new products by our competitors, technological change, and growth or contraction in our market and the economy in general. If we are unable to continue to meet customer demands or to achieve more widespread market acceptance of these platform products, our business operations, financial results and growth prospects will be materially and adversely affected.
We spend substantial amounts of time and money to research and develop or acquire new offerings and enhanced versions of our existing offerings to incorporate additional features, improve functionality or other enhancements in order to meet our customers’ rapidly evolving demands. In addition, we continue to invest in solutions that can be deployed on top of our platform to target specific use cases and to cultivate our community of application developers and users. When we develop a new or enhanced version of an existing offering, we typically incur expenses and expend resources upfront to market, promote and sell the new offering. Therefore, when we develop or acquire new or enhanced offerings, their introduction must achieve high levels of market acceptance in order to justify the amount of our investment in developing and bringing them to market. For example, if our recent product expansions and offerings, such as in Splunk Observability Cloud, do not garner widespread market adoption and implementation, our financial results and competitive position could suffer.
Further, we may make changes to our offerings that our customers do not like, find useful or agree with. We may also discontinue certain features, begin to charge for certain features that are currently free or increase fees for any of our features or usage of our offerings.
Our new and existing offerings or product enhancements and changes to our existing offerings could fail to attain sufficient market acceptance for many reasons, including:
•our failure to predict market demand accurately in terms of product functionality and to supply offerings that meet this demand in a timely fashion;
•real or perceived defects, errors or failures;
•negative publicity about their performance or effectiveness;
•delays in releasing to the market our new offerings or enhancements to our existing offerings to the market;
•premature release of cloud-based offerings that do not fully meet customers’ security and compliance needs;
•introduction or anticipated introduction of competing products by our competitors;
•inability to scale and perform to meet customer demands;
•poor business conditions for our end-customers, causing them to delay IT purchases; and
•reluctance of customers to purchase products incorporating open source software.
If our new or existing offerings or enhancements and changes do not achieve adequate acceptance in the market, our competitive position will be impaired, and our revenue, business and financial results will be negatively impacted. The adverse effect on our financial results may be particularly acute because of the significant research, development, marketing, sales and other expenses we will have incurred in connection with the new offerings or enhancements.
Prolonged economic uncertainties or downturns could materially adversely affect our business.
Prolonged economic uncertainties or downturns could adversely affect our business operations or financial results. Negative conditions in the general economy in either the United States or abroad, including conditions resulting from financial and credit market fluctuations, changes in economic policy, trade uncertainty, including changes in tariffs, sanctions, international treaties, and other trade restrictions, the occurrence of a natural disaster, outbreaks of pandemic diseases such as COVID-19, political unrest and social strife, armed conflicts and an act of terrorism on the United States, Europe, Asia Pacific or elsewhere, have caused and could continue to cause a decrease in corporate spending on enterprise software in general and negatively affect the rate of growth of our business.
These conditions could make it extremely difficult for our customers and us to forecast and plan future business activities accurately, and they could cause our customers to reevaluate their decision to purchase our offerings, which could delay and lengthen our sales cycles or result in cancellations of planned purchases. Furthermore, during challenging economic times our customers may face issues in gaining timely access to sufficient credit, which could result in an impairment of their ability to make timely payments to us. If that were to occur, we may be required to increase our allowance for doubtful accounts, which would adversely affect our financial results.
We have a significant number of customers in the business services, energy, financial services, healthcare and pharmaceuticals, technology, manufacturing, media and entertainment, online services, retail, telecommunications and travel and transportation industries. A substantial downturn in any of these industries may cause firms to react to worsening conditions by reducing their capital expenditures in general or by specifically reducing their spending on information technology. Customers in these industries may delay or cancel information technology projects or seek to lower their costs by renegotiating vendor contracts. For example, the continued impact of the ongoing COVID-19 pandemic on the current economic environment has caused, and may in the future cause, customers to request concessions including extended payment terms or better pricing. To the extent purchases of our offerings are perceived by customers and potential customers to be discretionary, our revenues may be disproportionately affected by delays or reductions in general information technology spending. Also, customers may choose to develop in-house software as an alternative to using our offerings. Moreover, competitors may respond to market conditions by lowering prices and attempting to lure away our customers. In addition, the increased pace of consolidation in certain industries may result in reduced overall spending on our offerings.
We cannot predict the timing, strength or duration of any economic slowdown, instability or recovery, generally or within any particular industry or geography. If the economic conditions of the general economy or industries in which we operate worsen from present levels, our business operations and financial results could be adversely affected.
We are subject to governmental export and import controls that could impair our ability to compete in international markets or subject us to liability if we violate the controls.
Our offerings are subject to United States export controls, and we incorporate encryption technology into certain of our offerings. These encryption offerings and the underlying technology may be exported outside of the United States only with the required export authorizations, including by license.
Furthermore, our activities are subject to the U.S. economic sanctions laws and regulations that prohibit the shipment of certain products and services without the required export authorizations or export to countries, governments, and persons targeted by U.S. sanctions. While we take precautions to prevent our offerings from being exported in violation of these laws, including obtaining authorizations for our encryption offerings where appropriate, implementing IP address blocking and screenings against U.S. Government and international lists of restricted and prohibited persons, we cannot guarantee that the precautions we take will prevent violations of export control and sanctions laws. For example, downloads of our free software may have in the past been made in potential violation of the export control and economic sanctions laws.
We also note that if our partners fail to obtain appropriate import, export or re-export licenses or permits, we may also be adversely affected, through reputational harm as well as other negative consequences including government investigations and penalties. We presently incorporate export control compliance requirements in our partner and customer agreements. Complying with export control and sanctions regulations for a particular sale may be time-consuming and may result in the delay or loss of sales opportunities.
Violations of U.S. sanctions or export control laws can result in fines or penalties, including civil penalties of up to $300,000 or twice the value of the transaction, whichever is greater, per violation. In the event of criminal knowing and willful violations of these laws, fines of up to $1 million per violation and possible incarceration for responsible employees and managers could be imposed.
From time to time, as part of our acquisition activity, we have discovered a limited number of instances where certain activity raised concerns about potential violations of U.S. sanctions or export control laws. For example, we previously discovered that the SaaS platform or product of an acquired company was accessed (or attempted to be accessed) from IP addresses potentially located in embargoed countries. As a result, we have submitted and may, in the future, submit voluntary disclosures with the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”) to alert the agency to these types of potential violations. If we (including the companies we acquire) are found to be in violation of U.S. economic sanctions or
export control laws, it could result in fines and penalties. We may also be adversely affected through other penalties, reputational harm, loss of access to certain markets or otherwise.
Also, various countries, in addition to the United States, regulate the import and export of certain encryption and other technology, including import and export permitting and licensing requirements, and have enacted laws that could limit our ability to distribute our offerings or could limit our customers’ ability to implement our offerings in those countries. Changes in our offerings or future changes in export and import regulations may create delays in the introduction of our offerings in international markets, prevent our customers with international operations from deploying our offerings globally or, in some cases, prevent the export or import of our offerings to certain countries, governments, or persons altogether. Any change in export or import regulations, economic sanctions or related legislation, or change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our offerings by, or in our decreased ability to export or sell our offerings to, existing or potential customers with international operations. Any decreased use of our offerings or limitation on our ability to export or sell our offerings would likely adversely affect our business operations and financial results.
Factors Related to Customers and Sales
If customers do not expand their use of our offerings beyond the current predominant use cases, our ability to grow our business and operating results may be adversely affected.
Most of our customers currently use our offerings to support application management, IT operations, security and compliance functions. Our ability to grow our business depends in part on our ability to help enable current and future customers to increase their use of our offerings for their existing use cases and expand their use of our offerings to additional use cases, such as facilities management, supply chain management, business analytics, IoT and customer analytics. If we fail to achieve market acceptance of our offerings for these applications, if we fail to predict demand for product functionality or respond to such demand in a timely fashion, if our customers are not satisfied with our offerings, or if a competitor establishes a more widely adopted solution for these applications, our ability to grow our business and financial results will be adversely affected.
Our business and growth depend substantially on customers entering into, renewing, upgrading and expanding their term licenses, agreements for cloud services and maintenance and support agreements with us. Any decline in our customer renewals, upgrades or expansions could adversely affect our future operating results.
We typically enter into agreements for our software offerings, cloud services, and maintenance and support services, which customers have discretion to renew or terminate at the end of the initial term. In order for us to improve our operating results, it is important that new customers enter into renewable agreements, and our existing customers renew, upgrade and expand their agreements when the initial contract term expires. Our customers have no obligation to renew, upgrade or expand their agreements with us after the terms have expired. Our customers’ renewal, upgrade and expansion rates may decline or fluctuate as a result of a number of factors, including their satisfaction or dissatisfaction with our offerings, our pricing, the effects of general economic conditions, competitive offerings or alterations or reductions in our customers’ spending levels. For example, the continued impact of the ongoing COVID-19 pandemic on the current economic environment has caused, and may in the future cause, customers to request concessions such as extended payment terms or better pricing or be unwilling to commit to long-term contracts. If our customers do not renew, upgrade or expand their agreements with us or renew on terms less favorable to us, our revenues may decline.
We employ multiple and evolving pricing models, which subject us to various pricing and licensing challenges that could make it difficult for us to derive value from our customers and may adversely affect our operating results.
We employ multiple and evolving pricing models for our offerings. For example, we generally charge our customers for their use of Splunk Enterprise based on either the estimated daily data indexing capacity or compute resources our customers require. In addition, Splunk Cloud is generally priced based on either the volume of data indexed per day including a fixed amount of data storage, or purchased infrastructure, data storage and bandwidth our customers require, while Splunk Phantom and Splunk On-Call are priced by the number of seats or events used for the products. We offer term licensing options for software offerings and have some remaining perpetual licenses with existing customers, which each have different payment schedules, and depending on the mix of such licenses and cloud subscriptions, our revenues or deferred revenues could be adversely affected. Our pricing models may ultimately result in a higher total cost to our customers generally as data volumes or
compute usage increase over time, or may cause our customers to limit or decrease usage in order to stay within the limits of their existing licenses or cloud subscriptions, or lower their costs, making it more difficult for us to compete in our markets or negatively impacting our financial results. As the amount of data and analytic needs within our customers’ organizations grow, we face downward pressure from our customers regarding our pricing, which could adversely affect our revenues and operating margins. In addition, our pricing models may allow competitors with different pricing models to attract customers unfamiliar or uncomfortable with our pricing models, which would cause us to lose business or modify our pricing models, both of which could adversely affect our revenues and operating margins. We have introduced and expect to continue to introduce variations to our pricing models, including but not limited to, predictive pricing programs, workload-based pricing, entity-based pricing, “rapid adoption” packages and other pricing programs that provide broader usage and cost predictability as well as tiered pricing based on deployment models, data source types, compute and storage units and customer environments. Any change in pricing models bears inherent risks as it may provide customers a choice to go for the lower-cost option, therefore putting renewal and customer lifetime value at risk. Although we believe that these pricing models and variations to these models will drive net new customers and increase customer adoption, it is possible that they will not and may potentially cause customers to decline to purchase or renew licenses or cloud subscriptions, or confuse customers and reduce their lifetime value, which could negatively impact our revenue, business and financial results.
Furthermore, while our offerings can measure and limit customer usage for the most part, we removed metered license enforcement via our software under certain circumstances, and in other circumstances, such limitations may be improperly circumvented or otherwise bypassed by users. For those offerings where we are not fully able to track usage, customers may be consuming over their licensed capacity, which may reduce our revenue opportunities. Similarly, we provide our customers with an encrypted license key for enabling their use of our offerings. There is no guarantee that users of our offerings will abide by the terms of these license limitations or encrypted license keys, and if they do not, we may not be able to capture the full value for the use of our offerings. For example, our enterprise license is generally meant for our customers’ internal use only. If our internal use customers improperly make our offerings available to their customers or other third parties, for example, through a cloud or managed service offering not authorized by us, it may displace our end user sales. Additionally, if an internal use customer that has received a volume discount from us improperly makes available our offerings to its end customers, we may experience price erosion and be unable to capture the appropriate value from those end customers.
Our sales cycle is long and unpredictable, particularly with respect to large customers, and our sales efforts require considerable time and expense.
Our operating results may fluctuate, in part, because of the resource intensive nature of our sales efforts, the length and variability of the sales cycle of our offerings and the short-term difficulty in adjusting our operating expenses. Our operating results depend in part on sales to large customers. The length of our sales cycle, from initial evaluation to delivery of and payment for the software license, varies substantially from customer to customer. This variation is due to numerous factors, including in the expansion of our offerings and new pricing models, as well as the potential for different buying centers for the same offering. In addition, the introduction of Splunk Cloud has generated interest from our customers who are also considering purchasing and deploying Splunk Enterprise on-premises. In some cases, our customers may wish to consider a combination of these offerings, potentially further slowing our sales cycle. Our sales cycle can extend to more than a year for certain customers, particularly large customers. It is difficult to predict exactly when, or even if, an existing customer will convert from a perpetual license to term license or to cloud services, we will make a sale with a potential customer, or a user of a trial version of one of our offerings will upgrade to the paid version of that offering. As a result, large individual sales have, in some cases, occurred in quarters subsequent to those we anticipated, or have not occurred at all. The loss or delay of one or more large transactions in a quarter could impact our operating results for that quarter and any future quarters for which revenues from that transaction are lost or delayed. As a result of these factors, it is difficult for us to forecast our revenues accurately in any quarter. Because a substantial portion of our expenses are relatively fixed in the short-term (subject to rising fixed costs in the longer term as discussed above), our operating results will suffer if revenues fall below our expectations in a particular quarter.
Our international sales and operations subject us to additional risks and challenges that can adversely affect our business operations and financial results.
During the three months ended April 30, 2021, we derived approximately 31% of our total revenues from customers outside the United States, and we are continuing to expand our international operations as part of our growth strategy. This strategy requires us to recruit and retain qualified technical and managerial employees, manage multiple remote locations performing complex software development projects and ensure intellectual property protection outside of the U.S. Additionally, we currently have sales personnel and sales and support operations in the United States and certain countries around the world. To the extent that we experience difficulties in recruiting, training, managing, or retaining non-U.S. staff, and specifically sales management and sales personnel staff, we may experience difficulties in sales productivity in, or market penetration of, non-
U.S. markets. Additionally, our sales organization outside the United States is substantially smaller than our sales organization in the United States, and we rely heavily on our indirect sales channel for non-U.S. sales. Our ability to convince customers to expand their use of our offerings or renew their agreements with us is directly correlated to our direct engagement with the customer. To the extent we are unable to engage with non-U.S. customers effectively with our limited sales force, professional services and support capacity or our indirect sales model, we may be unable to grow sales to new or existing customers to the same degree we have experienced in the United States.
Our international operations subject us to a variety of risks and challenges, including:
•increased management, travel, infrastructure and legal compliance costs associated with having multiple international operations;
•reliance on partners, which may have different incentives or may sell competing products, as well as different approaches with respect to compliance with laws and regulations, business practices and other day-to-day activities;
•longer payment cycles and difficulties in collecting accounts receivable or satisfying revenue recognition criteria, especially in emerging markets;
•increased financial accounting and reporting burdens and complexities;
•general economic conditions in each country or region;
•political uncertainty around the world;
•compliance with multiple and changing foreign laws and regulations, including those governing employment, tax, privacy and data protection, data transfer and the risks and costs of non-compliance with such laws and regulations;
•compliance with laws and regulations for foreign operations, including the United States Foreign Corrupt Practices Act, the United Kingdom Bribery Act, import and export control laws, tariffs, trade barriers, economic sanctions and other regulatory or contractual limitations on our ability to sell our offerings in certain foreign markets, and the risks and costs of non-compliance, including as a result of any changes in trade relations, sanctioned parties or other restrictions;
•heightened risks of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of financial statements and irregularities in financial statements;
•fluctuations in currency exchange rates and the related effect on our financial results;
•difficulties in repatriating or transferring funds from, or converting currencies in, certain countries;
•the need for localized software and licensing programs;
•reduced protection for intellectual property rights in some countries and practical difficulties of enforcing intellectual property and contract rights abroad; and
•natural disasters, diseases and pandemics, such as COVID-19, that may disproportionately affect areas in which we do business.
Recent geopolitical events may impact our operations and financial results. For example in December 2020, following a 2016 referendum in which voters in the United Kingdom approved an exit from the European Union (the “EU”) (often referred to as “Brexit”), the United Kingdom left the EU. The political and economic effects of Brexit are still uncertain and will depend, in part, on the Trade and Cooperation Agreement between the European Union and the European Atomic Energy Community, and the United Kingdom of Great Britain and Northern Ireland, signed on December 30, 2020. The departure of the United Kingdom from the EU may cause disruption to our business, including increased friction in our ability to deliver services across the European Economic Area (“EEA”) and Switzerland, difficulty in recruiting EU nationals in the United Kingdom due to new immigration requirements, and increased complexities in our relationships with existing and future
customers, suppliers, and employees. For example, most of our sales to customers in the EU are transacted through our subsidiary incorporated in the United Kingdom and at this time, we are unable to determine the long-term effects of this arrangement. The economic and legal uncertainty caused by Brexit in the region and globally could also adversely affect the tax, operational, legal and regulatory regimes to which our business is subject in ways we do not yet anticipate.
Any of these risks could adversely affect our international operations, reduce our international revenues or increase our operating costs, adversely affecting our business operations, financial results and growth prospects.
In addition, compliance with laws and regulations applicable to our international operations increases our cost of doing business in foreign jurisdictions. We may be unable to keep current with changes in foreign government requirements and laws as they change from time to time. Failure to comply with these regulations could have adverse effects on our business. In many foreign countries, it is common for others to engage in business practices that are prohibited by our internal policies and procedures or United States regulations applicable to us. In addition, although we have implemented policies and procedures designed to ensure compliance with these laws and policies, there can be no assurance that all of our employees, contractors, partners and agents will comply with these laws and policies. Violations of laws or key control policies by our employees, contractors, partners or agents could result in delays in revenue recognition, financial reporting misstatements, fines, penalties, or the prohibition of the importation or exportation of our offerings and could have a material adverse effect on our business operations and financial results.
Our sales to public sector customers are subject to a number of additional challenges and risks.
We derive a portion of our revenues from contracts with U.S. federal, state and local and foreign governments, and we believe that the success and growth of our business will continue to depend on our successful procurement of government contracts. For our sales to these public sector customers, we must comply with laws and regulations relating to the formation, administration and performance of contracts, which affect how our partners and how we do business with governmental agencies. These laws and regulations provide public sector customers rights, many of which are not typically found in commercial contracts. Such rights may include price protection, the accuracy of information provided to the government, compliance with procurement integrity and government ethics, compliance with specified product certifications restrictions and pre-conditions for access to controlled or classified information, compliance with supply chain requirements, labor regulations and supplier diversity policies, and other terms that are particular to public sector customers. These laws and regulations may impose added costs on our business, and failure to comply with these or other applicable regulations and requirements, including non-compliance in the past, could lead to bid protests, contract cure actions, claims for damages or other relief, penalties, termination of contracts, loss of exclusive rights in our intellectual property, substantial audit or re-procurement costs and temporary suspension or permanent debarment from government contracting. Any such damages, penalties, disruptions or limitations in our ability to do business with the public sector could have a material adverse effect on our business operations and financial results.
In October 2019, we received authorization under the U.S. Federal Risk and Authorization Management Program (“FedRAMP”) that allows U.S. federal government agencies and contractors to have greater integration with our platform if and when they transition to cloud-based computing. At the same time, FedRAMP places an increased compliance burden upon us, which may increase our internal costs to provide services to government agencies. If we cannot adequately comply with FedRAMP compliance requirements, our growth could be adversely impacted, and we could incur significant liability and our reputation and business could be harmed.
Factors that could impede our ability to maintain or increase the amount of revenues derived from government contracts, include:
•changes in fiscal or contracting policies;
•decreases in available government funding;
•restrictions in the award of personal security clearances to our employees;
•ability to adapt to public sector budgetary cycles and funding authorizations, with funding reductions or delays having an adverse impact on public sector demand for our products;
•changes in government programs or applicable requirements;
•changes in government sanctions programs and related policies;
•the adoption of new laws or regulations or changes to existing laws or regulations;
•noncompliance with laws, contract provisions or government procurement or other applicable regulations, or the perception that any such noncompliance has occurred or is likely;
•changes in the political environment and budgeting, including before or after a change of leadership within the government administration, and any resulting uncertainty or changes in policy or priorities and resultant funding;
•ability to maintain the facility clearance required to perform on classified contracts for U.S. federal government agencies, or to maintain security clearances for our employees;
•changes to government certification requirements or approved product lists;
•ability to achieve or maintain one or more government certifications, including our existing FedRAMP certification;
•ability to maintain products on key government acquisition contracts;
•an extended government shutdown or other potential delays or changes in the government appropriations or other funding authorization processes including as a result of events such as war, incidents of terrorism, natural disasters, and public health concerns or epidemics, such as the ongoing COVID-19 pandemic;
•changes in the duration of our contracts with government customers;
•delays in the payment of our invoices by government payment offices; and
•bid protests by competitors
The occurrence of any of the foregoing could cause governments and governmental agencies to delay or refrain from purchasing licenses of our offerings in the future or otherwise have an adverse effect on our business operations and financial results. To the extent that we become more reliant on contracts with government entities, including foreign government entities, in the future, our exposure to such risks and challenges could increase, which in turn could adversely impact our business.
In May 2021, the Biden Administration issued an Executive Order requiring federal agencies to implement additional information technology security measures, including, among other things, requiring agencies to adopt multifactor authentication and encryption for data at rest and in transit to the maximum extent consistent with federal records laws and other applicable laws. The Executive Order will lead to the development of secure software development practices and/or criteria for a consumer software labeling program, the criteria which will reflect a baseline level of secure practices, for software that is developed and sold to the U.S. federal government. Software developers will be required to provide visibility into their software and make security data publicly available. Due to this Executive Order, federal agencies may require us to modify our cybersecurity practices and policies, thereby increasing our compliance costs. If we are unable to meet the requirements of the Executive Order, our ability to work with the U.S. government may be impaired and may result in a loss of revenue.
Incorrect or improper implementation or use of our software could result in customer dissatisfaction, customer data loss or corruption and negatively affect our business, operations, financial results and growth prospects.
Our software is deployed in a wide variety of technology environments. Increasingly, our software has been deployed in large scale, complex technology environments, and we believe our future success will depend on our ability to increase sales of licenses for use in such deployments. We often must assist our customers in achieving successful implementations for large, complex deployments. If we or our customers are unable to implement our software successfully, including related to technologies that we have obtained through acquisitions, are unable to do so in a timely manner or if an improper implementation or change in system configuration results in errors or loss of data, customer perceptions of our company may be impaired, our reputation and brand may suffer, and customers may choose not to increase their use of our offerings. In addition, our software imposes server load and index storage requirements for implementation. If our customers do not have the server load capacity or the storage capacity required, they may not be able to effectively implement and use our software and, therefore, may not choose to increase their use of our offerings.
Our customers and third-party partners may need training in the proper use of and the variety of benefits that can be derived from our software to maximize its potential. If our software is not implemented or used correctly or as intended, inadequate performance, errors, data loss or corruption may result. Because our customers rely on our software and maintenance and support services to manage a wide range of operations, the incorrect or improper implementation or use of our software, our failure to train customers on how to efficiently and effectively use our software, or our failure to provide maintenance services to our customers, may result in negative publicity or legal claims against us. Also, as we continue to expand our customer base, any failure by us to properly provide these services will likely result in lost opportunities for follow-on sales of our offerings.
Factors Related to IT, Privacy and Data Security
If we or our third-party service providers experience a security breach or incident or unauthorized parties otherwise obtain access to our customers’ data, our data, or our cloud services, our offerings may be perceived as not being secure, our reputation may be harmed, demand for our offerings may be reduced, and we may incur significant liabilities.
Our offerings involve the storage and transmission of data, and security breaches and incidents could result in the loss of this information, litigation, indemnity obligations, fines, penalties and other liability. We may become the target of cyber-attacks by third parties seeking unauthorized access to our data or our customer’s data or to disrupt our ability to provide services. There is also a danger of industrial espionage, misuse, theft of information or assets (including source code), or damage to assets by people who have gained unauthorized access to our facilities, systems or information. Because there are many different techniques used to obtain unauthorized access to systems and data, and such techniques continue to evolve, we may be unable to anticipate attempted security breaches and incidents and proactively implement adequate preventative measures. Additionally, with many of our employees continuing to working remotely due to the ongoing COVID-19 pandemic, we may face an increased risk of attempted security breaches and incidents. While we have taken steps to protect the confidential information that we have access to, including confidential information we may obtain through our customer support services or customer usage of our cloud services, our security measures or those of our third-party service providers could be breached or otherwise fail to prevent unauthorized access to or disclosure, modification, misuse, loss or destruction of such information. Computer malware, ransomware, cyber viruses, social engineering (phishing attacks), denial of service or other attacks, employee theft or misuse and increasingly sophisticated network attacks have become more prevalent in our industry, particularly against cloud services. In the first quarter of fiscal 2019, we took corrective action against an attacker who utilized compromised credentials to access and delete compute capacity in the Splunk Cloud environment. In addition, we do not directly control content that customers store in our offerings. If customers use our offerings for the transmission or storage of personal information or other sensitive types of information and our security measures are, or are believed to have been breached as a result of third-party action, employee error, malfeasance or otherwise, our reputation could be damaged, our business may suffer, and we could incur significant liability.
We also process, store and transmit our own data as part of our business and operations. This data may include personal, confidential or proprietary information. We make use of third-party technology and systems for a variety of reasons, including, without limitation, encryption and authentication technology, employee email, content delivery to customers, back-office support, credit card processing, human resources services, customer relationship management, enterprise risk planning and other functions. Although we have developed systems and processes that are designed to protect our business and proprietary information and prevent data loss and other security breaches and incidents, and to reduce the impact of a security breach or incident at a third-party vendor, such measures cannot provide absolute security. There can be no assurance that any security measures that we or our third-party service providers, including third party providers of cloud infrastructure services (“Cloud Service Providers”), have implemented will be effective against current or future security threats, and we cannot guarantee that our systems and networks or those of our third-party service providers, including Cloud Service Providers, have not been breached or that they do not contain exploitable defects or bugs that could result in a breach of or disruption to our systems and networks or the systems and networks of third parties that support us and our services. Our ability to mitigate these risks may also be impacted by the acquisition of new companies, requiring us to incorporate and secure different or more complex IT environments. While we maintain measures designed to protect the integrity, confidentiality and security of our data and other data we maintain or otherwise process, our security measures or those of our third-party service providers could fail and result in unauthorized access to or disclosure, modification, misuse, loss or destruction of such data.
Any security breach or other security incident impacting us or any of our third-party service providers, or the perception that one has occurred, could result in a loss of customer confidence in the security of our offerings and damage to our brand, reputation, and market position, result in unauthorized access to or disclosure, modification, misuse, loss, or
destruction of our data or our customers’ data, reduce the demand for and negatively impact market acceptance of our offerings, disrupt normal business operations, require us to spend material resources to investigate or correct the breach and to prevent future security breaches and incidents, expose us to legal claims and liabilities, including litigation, regulatory investigations and enforcement actions, and indemnity obligations, and adversely affect our revenues and operating results. These risks may increase as we continue to grow the number and scale of our cloud services, and process, store, and transmit increasing amounts of data. Additionally, we may need to expend significant financial and development resources to analyze, correct, eliminate, or work around errors or defects or to eliminate or otherwise address vulnerabilities, and we and our third-party service providers may face difficulties or delays in identifying or otherwise responding to any potential security breach or incident and otherwise providing services.
Third parties may also conduct attacks designed to deny customers access to our cloud services. A significant disruption in access to, or ability to use, our cloud services could damage our reputation with current and potential customers, expose us to claims and liability, cause us to lose customers, negatively impact market acceptance of our cloud services or other offerings, or otherwise negatively affect our business.
Additionally, the recent attack against SolarWinds, in which hackers inserted malware into a SolarWinds software update, highlights the growing risk from the infection of software while it is under assembly, known as a supply chain attack. Further, we could become a vector for a similar style attack or could become the subject of one through a supply chain compromise such as the recent attack on on-premise Microsoft Exchange services.
Further, if a high profile security breach, incident, or disruption occurs with respect to another cloud-based platform or service provider, our customers and potential customers may lose trust in cloud-based offerings generally, which could adversely impact our ability to retain existing customers or attract new ones, potentially causing a negative impact on our business.
We cannot be certain that our insurance coverage will be adequate for data security liabilities incurred and, will cover any indemnification claims against us relating to any incident, that insurance will continue to be available to us on economically reasonable terms, or at all, or that any insurer will not deny coverage as to any future claim. The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could have a material adverse effect on our business, including our financial condition, operating results, and reputation.
Interruptions or performance problems associated with our technology and infrastructure, and our reliance on Software-as-a-Service (“SaaS”) technologies from third parties, may adversely affect our business operations and financial results.
Our continued growth depends in part on the ability of our existing and potential customers to use and access our cloud services or our website in order to download our software or encrypted access keys for our software within an acceptable amount of time. In addition, we rely heavily on hosted SaaS technologies from third parties in order to operate critical functions of our business, including our cloud services, enterprise resource planning services and customer relationship management services. We have experienced and may in the future experience real or perceived website and cloud service disruptions, storage failures, outages and other performance problems due to a variety of factors, including infrastructure changes, human or software errors, capacity constraints due to an overwhelming number of users accessing our website and services simultaneously, unauthorized access, denial of service, security or ransomware attacks. In some instances, we may not be able to identify the cause or causes of these website or service performance problems within an acceptable period of time. It may become increasingly difficult to maintain and improve our website and service performance, especially during peak usage times and as our offerings become more complex and our user traffic increases. If our website or cloud services are unavailable or if our users are unable to download our software or encrypted access keys within a reasonable amount of time or at all, we could suffer damage to our reputation with current and potential customers, be exposed to legal liability, and lose customers, all of which could negatively affect our business. We expect to continue to make significant investments to maintain and improve website and service performance and to enable rapid releases of new features and apps for our offerings. To the extent that we do not effectively address capacity constraints, upgrade our systems as needed and continually develop our technology and network architecture to accommodate actual and anticipated changes in technology, our business and operating results may be adversely affected.
Real or perceived errors, failures or bugs in our offerings could adversely affect our financial results and growth prospects.
Because our offerings are complex, undetected errors, failures or bugs may occur, especially when new offerings, versions or updates are released, including related to technologies that we have obtained through acquisitions. Our software is often installed and used in large-scale computing environments with different operating systems, system management software, and equipment and networking configurations, which may cause errors or failures of our software or other aspects of the computing environment into which it is deployed. In addition, deployment of our software into complicated, large-scale computing environments may expose undetected errors, failures or bugs in our software. Despite testing by us, errors, failures or bugs may not be found in our offerings until they are released to our customers. In the past, we have discovered errors, failures and bugs in some of our offerings after their introduction. Real or perceived errors, failures or bugs in our offerings could result in negative publicity, loss of or delay in market acceptance of our offerings, loss of competitive position or claims by customers for losses sustained by them. In such an event, we may be required, or may choose, for customer relations or other reasons, to expend additional resources in order to help correct the problem.
In addition, if an actual or perceived failure of our software occurs in a customer’s deployment or in our cloud services, regardless of whether the failure is attributable to our software, the market perception of the effectiveness of our offerings could be adversely affected. Alleviating any of these problems could require significant expenditures of our capital and other resources and could cause interruptions, delays or cessation of our licensing, which could cause us to lose existing or potential customers and could adversely affect our financial results and growth prospects.
We are subject to a number of legal requirements, contractual obligations and industry standards regarding security, data protection, and privacy, and any failure to comply with these requirements, obligations or standards could have an adverse effect on our reputation, business, financial condition and operating results.
Data privacy and security have become significant issues in the United States and in many other countries where we have employees and operations and where we offer licenses or cloud subscriptions to our offerings. The regulatory framework for data privacy and security issues worldwide is rapidly evolving and is likely to remain uncertain for the foreseeable future. These obligations may be interpreted and applied inconsistently from one jurisdiction to another and may conflict with one another, other regulatory requirements or our internal practices. The U.S. federal and various state and foreign government bodies and agencies have adopted or are considering adopting laws and regulations limiting, or laws and regulations regarding the collection, distribution, use, disclosure, storage, and security of certain types of information. For example, on January 1, 2020, the California Consumer Privacy Act (“CCPA”) went into effect. CCPA requires covered companies to provide new disclosures to California consumers, and afford such consumers new abilities to opt-out of certain sales of personal information. Additionally, the California Privacy Rights Act (“CPRA”), which modifies the CCPA, was approved by California voters in the November 3, 2020 election, creating obligations relating to consumer data beginning on January 1, 2022, with implementing regulations expected on or before July 1, 2022, and enforcement beginning July 1, 2023. Further, in March 2021, Virginia enacted the Virginia Consumer Data Protection Act (“CDPA”), a comprehensive privacy statute that becomes effective on January 1, 2023 and shares similarities with the CCPA, the CPRA, and legislation proposed in other states. Aspects of the CCPA, CPRA and CDPA, and their interpretation, remain unclear. We cannot yet fully predict the impact of the CCPA, CPRA or CDPA on our business or operations, but they may require us to modify our data processing practices and policies and to incur substantial costs and expenses in an effort to comply.
Internationally, virtually every jurisdiction in which we operate has established its own data security and privacy or data protection legal framework with which we or our customers must comply. Laws and regulations in these jurisdictions apply broadly to the collection, use, storage, disclosure and security of data that identifies or may be used to identify or locate an individual. These laws and regulations often are more restrictive than those in the United States and are rapidly evolving. For example, the EU General Data Protection Regulation (“GDPR”) became effective on May 25, 2018, and, in addition to imposing stringent obligations relating to data protection and security, authorizes fines up to 4% of global annual revenue for some violations. We relied in part upon the EU-U.S. Privacy Shield Framework developed by the U.S. Department of Commerce and the European Commission and the Swiss-U.S. Privacy Shield Framework developed by the U.S. Department of Commerce and the Swiss Administration to provide U.S. companies with a valid data transfer mechanism under EU and Swiss law to permit them to transfer personal data from the European Union and Switzerland to the United States. On July 16, 2020, the Court of Justice of the European Union (“CJEU”) invalidated the EU-U.S. Privacy Shield, concluding it did not provide adequate protection for personal data transferred to the U.S. On September 8, 2020, the Swiss Federal Data Protection and Information Commissioner invalidated the Swiss-US Privacy Shield on similar grounds. In its July 16, 2020 opinion, the CJEU imposed additional obligations on companies when relying on standard contractual clauses approved by the European Commission (“SCCs”) to transfer personal data. The CJEU decision may result in European data protection regulators applying differing standards for, and requiring ad hoc verification of, transfers of personal data from Europe to the U.S. In November 2020, the European Commission released a draft of revised SCCs addressing the CJEU concerns. The European Data Protection Board (“EDPB”) also issued recommendations, and in January 2021, the EDPB and the European Data Protection Supervisor
issued a joint opinion regarding those revised SCCs. The revised SCCs, the foregoing recommendations and opinions of regulators, and other developments relating to cross-border data transfer, may require us to implement additional contractual and technical safeguards for any personal data transferred out of the EEA, which may increase compliance costs, lead to increased regulatory scrutiny or liability, and which may adversely impact our business, financial condition and operating results.
In addition to the GDPR, the European Commission has another draft regulation in the approval process that focuses on a person’s right to conduct a private life. The proposed legislation, known as the Regulation of Privacy and Electronic Communications (“ePrivacy Regulation”), would replace the current ePrivacy Directive. Originally planned to be adopted and implemented at the same time as the GDPR, the ePrivacy Regulation is still being negotiated. Most recently, on February 10, 2021, the Council of the EU agreed on its version of the draft ePrivacy Regulation. If adopted, the earliest date for entry into force is in 2023, with broad potential impacts on the use of internet-based services and tracking technologies, such as cookies. Aspects of the ePrivacy Regulation remain for negotiation between the European Commission and the Council. We expect to incur additional costs to comply with the requirements of the ePrivacy Regulation as it is finalized for implementation.
The United Kingdom enacted a Data Protection Act in May 2018 that substantially implements the GDPR, and has implemented legislation referred to as the “UK GDPR” that generally provides for the GDPR to be implemented in the United Kingdom following Brexit and the transition period that ended on December 31, 2020. While the EU has published draft decisions that the United Kingdom may be deemed an “adequate country” to which personal data could be exported from the EEA, this decision may face challenges in the future, creating uncertainty regarding transfers of personal data to the United Kingdom from the EEA. Our EMEA headquarters is in London, causing this uncertainty to be particularly significant to our operations. Some countries also are considering or have passed legislation requiring local storage and processing of data, or similar requirements, which could increase the cost and complexity of delivering our services.
Complying with the GDPR, CCPA, CPRA and CDPA, or other laws, regulations, or other obligations relating to privacy, data protection, data localization or security in the U.S. or other regions worldwide may cause us to incur substantial operational costs or require us to modify our data handling practices. Non-compliance could result in proceedings against us by governmental entities or others, could result in substantial fines or other liability, and may otherwise adversely impact our business, financial condition and operating results.
Some statutory requirements, both in the United States and abroad, such as the Health Insurance Portability and Accountability Act of 1996 and numerous state statutes, include obligations of companies to notify individuals of security breaches involving certain types of personal information, which could result from breaches experienced by us or our service providers. Any actual or perceived security breach or incident could impact our reputation, harm our customer confidence, hurt our sales and expansion into new markets or cause us to lose existing customers, and could expose us to potential liability or require us to expend significant resources on data security and in responding to any such actual or perceived breach or incident.
In addition to government regulation, self-regulatory standards and other industry standards may legally or contractually apply to us, be argued to apply to us, or we may elect to comply with such standards or to facilitate our customers’ compliance with such standards. Because privacy, data protection and data security are critical competitive factors in our industry, we may make statements on our website, in marketing materials, or in other settings about our data processing and data security measures and our compliance with, or our ability to facilitate our customers’ compliance with, these standards. We also expect that laws, regulations, industry standards and other obligations relating to privacy, data protection and security will continue to evolve worldwide, and that there will continue to be new, modified, and re-interpreted laws, regulations, standards, and other obligations in these areas. We cannot yet determine the impact such future laws, regulations and standards, or amendments to or re-interpretations of, existing laws and regulations, industry standards, or other obligations may have on our business. New laws, amendments to or re-interpretations of existing laws and regulations, industry standards, and contractual and other obligations may require us to incur additional costs and restrict our business operations. Because the interpretation and application of laws, standards, contractual obligations and other obligations relating to privacy and data protection are uncertain, these laws, standards, and contractual and other obligations may be interpreted and applied in a manner that is, or is alleged to be, inconsistent with our data management practices, our policies or procedures, or the features of our offerings. If so, in addition to the possibility of fines, lawsuits and other claims, we may find it necessary or appropriate to fundamentally change our business activities and practices, including the establishment of localized data storage or other data processing operations, or modify or cease offering certain offerings either generally or in certain geographic regions, any of which could have an adverse effect on our business. We may be unable to make such changes and modifications in a commercially reasonable manner or at all, and our ability to develop new offerings and features could be limited. Furthermore, the costs of compliance with, and other burdens imposed by, the laws, regulations, and policies that are applicable to the businesses of our customers may limit the use and adoption of, and reduce the overall demand for, our offerings. Any inability to adequately address privacy, data protection or security-related concerns, even if unfounded, or to successfully negotiate privacy, data
protection or security-related contractual terms with customers, or to comply with applicable laws, regulations and other obligations relating to privacy, data protection, and security, could result in additional cost and liability to us, damage our reputation, inhibit sales, slow our sales cycles, and adversely affect our business. Privacy and personal security concerns, whether valid or not valid, may inhibit market adoption of our offerings, particularly in certain industries and foreign countries.
Factors Related to Intellectual Property and Other Proprietary Rights
Failure to protect our intellectual property rights could adversely affect our business and our brand.
Our success and ability to compete depends, in part, on our ability to protect our trade secrets, trademarks, copyrights, patents, know-how, confidential information, proprietary methods and technologies and other intellectual property and proprietary rights, so that we can prevent others from using our inventions, proprietary information and property. We generally rely on patent, copyright, trade secret and trademark laws, and confidentiality or license agreements with our employees, consultants, vendors, customers, partners and others, and generally limit access to and distribution of our proprietary information, in order to protect our intellectual property rights and maintain our competitive position. However, we cannot guarantee that the steps we take to protect our intellectual property rights will be effective.
Our issued patents and any patents issued in the future may not provide us with any competitive advantages, and our patent applications may never be granted. Additionally, the process of obtaining patent protection is expensive and time-consuming, and we may not be able to file and prosecute all necessary or desirable patent applications, or we may not be able to do so at a reasonable cost or in a timely manner. Even if issued, there can be no assurance that these patents will adequately protect our intellectual property, as the legal standards relating to the infringement, validity, enforceability and scope of protection of patent and other intellectual property rights are complex and often uncertain. Any patents that are issued, and any of our other intellectual property rights may be challenged by others and invalidated or narrowed through administrative process, litigation, or similar proceedings, allowing other companies to develop offerings that compete with ours, which could adversely affect our competitive business position, business prospects and financial condition. In addition, issuance of a patent does not guarantee that we have a right to practice the patented invention. We cannot be certain that we were the first to use the inventions claimed in our issued patents or pending patent applications or otherwise used in our offerings, that we were the first to file patent applications, or that third parties do not have blocking patents that could be used to prevent us from marketing or practicing our offerings or technology. Effective patent, trademark, copyright and trade secret protection may not be available to us in every country in which our offerings are available. The laws of some foreign countries may not be as protective of intellectual property rights as those in the United States (in particular, some foreign jurisdictions do not permit patent protection for software, and even in the United States, this protection is limited), and mechanisms for enforcement of intellectual property rights may be inadequate. We have filed for patents in the United States and in limited non-U.S. jurisdictions, but such protections may not be available or adequate in all countries in which we operate or in which we seek to enforce our intellectual property rights, or may be difficult to enforce in practice. For example, many foreign countries have compulsory licensing laws under which a patent owner must grant licenses to third parties. In addition, many countries limit the enforceability of patents against certain third parties, including government agencies or government contractors. In these countries, patents may provide limited or no benefit. As we expand our international activities, our exposure to unauthorized copying and use of our products and platform capabilities and proprietary information will likely increase. We are currently unable to measure the full extent of this unauthorized use of our products, platform capabilities, software, and proprietary information. We believe, however, that such unauthorized use is and can be expected to be a persistent problem that negatively impacts our revenue and financial results. Additional uncertainty may result from recent and future changes to intellectual property legislation in the United States and other countries and from interpretations of the intellectual property laws of the United States and other countries by applicable courts and agencies. Further, although we endeavor to enter into non-disclosure agreements with our employees, licensees and others who may have access to confidential and proprietary information, we cannot assure that these agreements or other steps we have taken will prevent unauthorized use, disclosure or reverse engineering of our technology.
Moreover, third parties may independently develop technologies or products that compete with ours, and we may be unable to prevent this competition.
We might be required to spend significant resources to defend, monitor, and protect our intellectual property rights, such as by initiating claims or litigation against third parties for infringement of our proprietary rights or to establish the validity of our proprietary rights. However, we may not prevail in any lawsuits that we initiate, and the damages or other remedies awarded, if any, may not be adequate to compensate us for the harm suffered. Additionally, we may provoke third parties to assert counterclaims against us. Any litigation, whether or not it is resolved in our favor, could result in significant expense to us and divert the efforts of our technical and management personnel, which may adversely affect our business operations or financial results. For any of these reasons, despite our efforts, we may be unable to prevent third parties from infringing upon or
misappropriating our intellectual property. If we fail to protect our intellectual property rights adequately, our competitors might gain access to our technology or use of our brand, and our business might be adversely affected.
We have been, and may in the future be, subject to intellectual property rights claims by third parties, which are extremely costly to defend, could require us to pay significant damages and could limit our ability to use certain technologies.
Companies in the software and technology industries, including some of our current and potential competitors, own large numbers of patents, copyrights, trademarks and trade secrets and frequently enter into litigation based on allegations of infringement or other violations of intellectual property rights. In addition, many of these companies have the capability to dedicate substantially greater resources to enforce their intellectual property rights and to defend claims that may be brought against them. The litigation may involve patent holding companies or other adverse patent owners that have no relevant product revenues and against which our patents may therefore provide little or no deterrence. From time-to-time, third parties, including certain of these leading companies and non-practicing entities, have asserted and may assert patent, copyright, trademark or other intellectual property rights against us, our partners, our technology partners or our customers. We have received, and may in the future receive, notices that claim we have misappropriated, misused, or infringed other parties’ intellectual property rights, including those obtained through acquisitions of new technologies, and, to the extent we gain greater market visibility, we face a higher risk of being the subject of intellectual property infringement claims, which is not uncommon with respect to the enterprise software market.
There may be third-party intellectual property rights, including issued or pending patents, that cover or claim to cover significant aspects of our technologies or business methods. We may be exposed to increased risk of being the subject of intellectual property infringement claims as a result of acquisitions, as, among other things, we have a lower level of visibility into the development process with respect to such technology or the care taken to safeguard against infringement risks. Any intellectual property claims, with or without merit, could be very time-consuming, could be expensive to settle or litigate and could divert our management’s attention and other resources. These claims could also subject us to significant liability for damages, potentially including treble damages or enhanced statutory damages if we are found to have willfully infringed patents or copyrights. These claims could also result in our having to stop using technology found to be in violation of a third-party’s rights. We might be required to seek a license for the intellectual property, which may not be available on reasonable terms or at all. Even if a license were available, we could be required to pay significant royalties, which would increase our operating expenses. As a result, we may be required to develop alternative non-infringing technology, which could require significant effort and expense. If we cannot license or develop technology for any infringing aspect of our business, we would be forced to limit or stop sales of our offerings and may be unable to compete effectively. Any of these results would adversely affect our business operations and financial results.
If we are not able to maintain and enhance our brand, our business and operating results may be adversely affected.
We believe that maintaining and enhancing the “Splunk” brand identity is critical to our relationships with current customers and partners and to our ability to attract new customers and partners. The successful promotion of our brand will depend largely upon our marketing efforts, our ability to continue to offer high-quality offerings and our ability to successfully differentiate our offerings from those of our competitors. For example, in September 2019, we launched the Data-to-Everything Platform marketing campaign to enhance the “Splunk” brand. This marketing campaign, as well as our general brand promotion activities, may not be successful or yield increased revenues. In addition, independent industry analysts often provide reviews of our offerings, as well as those of our competitors, and perception of our offerings in the marketplace may be significantly influenced by these reviews. If these reviews are negative, or less positive as compared to those of our competitors’ products and services, our brand may be adversely affected.
Moreover, it may be difficult to maintain and enhance our brand in connection with sales through partners. We have and will continue to incur a substantial amount of expenditures in connection with our Data-to-Everything campaigns, and we anticipate that brand promotion expenditures will increase as our market becomes more competitive and as we attempt to grow our business. To the extent that these activities yield increased revenues, these revenues may not offset the increased expenses we incur. If we do not successfully maintain and enhance our brand, our business may not grow, we may have reduced pricing power relative to competitors with stronger brands, and we could lose customers and partners, all of which would adversely affect our business operations and financial results.
Our use of “open source” software could negatively affect our ability to sell our offerings and subject us to possible litigation, and our participation in open source projects may impose unanticipated burdens or restrictions.
We use open source software in our offerings and business, including as incorporated into software we receive from third party commercial software vendors or technologies obtained through acquisitions, and expect to continue to use open source software in the future. Use of open source software may entail greater risks than use of third-party commercial software. The terms of many open source licenses have not been interpreted by U.S. courts, and there is a risk that such licenses could be construed in a manner that imposes unanticipated conditions or restrictions on our ability to market or commercialize our products. We may face claims from others alleging breach of license requirements or infringement of intellectual property rights in what we believe to be licensed open source software. In addition, under the terms of some open source licenses, under certain conditions, we could be required to release our proprietary source code that was developed using, incorporating or linked with such open source software, or apply open source licenses to our proprietary software, including authorizing further modification and redistribution. These claims or requirements, including any change to the applicable license terms, could also result in litigation, require us to purchase a costly license, require us to devote additional research and development resources to change our offerings, or require us to cease offering the implicated products unless and until we can find alternative tools or re-engineer them to avoid infringement or release of our proprietary source code, any of which would have a negative effect on our business and operating results. In addition to risks related to license requirements, usage of open source software can lead to greater risks than use of third-party commercial software, as open source licensors generally do not provide updates, warranties, support, indemnities, assurances of title or controls on origin of the software, or other contractual protections regarding infringement claims or the quality of the code. Likewise, some open source projects have known security and other vulnerabilities and architectural instabilities, or are otherwise subject to security attacks due to their wide availability, and are provided on an “as-is” basis. Additionally, we, including companies that we acquired, have intentionally made certain proprietary software available on an open source basis, both by contributing modifications back to existing open source projects, and by making certain internally developed tools available pursuant to open source licenses, and we plan to continue to do so in the future. While we have established procedures, including a review process for any such contributions, which is designed to protect any code that may be competitively sensitive, we cannot guarantee that this process has always been applied consistently by us or by companies that we have acquired, prior to the acquisition. Even when applied, because any software source code we contribute to open source projects is publicly available, our ability to protect our intellectual property rights with respect to such software source code may be limited or lost entirely, and we may be unable to prevent our competitors or others from using such contributed software source code for competitive purposes, or for commercial or other purposes beyond what we intended. Many of these risks associated with usage of open source software could be difficult to eliminate or manage, and could, if not properly addressed, negatively affect the performance of our offerings and our business.
Factors Related to Reliance on Third Parties
We increasingly rely on third-party providers of cloud infrastructure services to deliver our offerings to users on our platform, and any disruption of or interference with our use of these services could adversely affect our business.
Our cloud services, such as Splunk Cloud, are hosted exclusively by our Cloud Service Providers. We do not have control over the operations or the facilities of Cloud Service Providers that we use, and any changes in a Cloud Service Provider’s service levels, which may be less than 100%, may adversely affect our ability to meet the commitments we make to our customers and their requirements. We currently offer a 100% uptime service level agreement (“SLA”) for Splunk Cloud. It may become increasingly difficult to maintain and improve our performance, especially during peak usage times, as the usage of our offerings increases. If any of the services provided by the Cloud Service Providers fail or become unavailable due to extended outages, interruptions or because they are no longer available on commercially reasonable terms or prices, or if we are unable to deliver 100% uptime under our SLAs, our revenues could be reduced, our reputation could be damaged, we could be exposed to legal liability, expenses could increase, our ability to manage our finances could be interrupted and our processes for managing sales of our offerings and supporting our customers could be impaired until equivalent services, if available, are identified, obtained and implemented, all of which could adversely affect our business, financial results and the usage of our offerings. If we are unable to renew our agreements with our Cloud Service Providers on commercially reasonable terms, or our agreement is prematurely terminated, or we need to add new Cloud Services Providers to increase capacity and uptime, we could experience interruptions, downtime, delays, and additional expenses related to transferring to and providing support for these new platforms. Any of the above circumstances or events may harm our reputation and brand, reduce the availability or usage of our platform and impair our ability to attract new users, any of which could adversely affect our business, financial condition and results of operations.
If we are unable to maintain successful relationships with our partners, and to help our partners enhance their ability to independently sell and deploy our offerings, our business operations, financial results and growth prospects could be adversely affected.
In addition to our direct sales force, we use partners, such as distributors and resellers, to license, provide professional services and support our offerings. Historically, we have relied on a limited number of such partners for a substantial portion of our total sales, particularly in the Europe, Middle East and Africa (“EMEA”) and Asia Pacific (“APAC”) regions, and for sales to government agencies. For example, sales through our top two partners represented 41% of our revenue in the three months ended April 30, 2021. We expect that sales through partners in all regions will continue to be a significant portion of our revenues for the foreseeable future. As changes in our partner strategy are implemented, including potentially emphasizing partner-sourced transactions, results from sales through our partners may be adversely affected.
Our agreements with our partners are generally non-exclusive, meaning our partners may offer customers the products of several different companies, including products that compete with ours. If our partners do not effectively market and sell our offerings, choose to use greater efforts to market and sell their own products or those of our competitors, or fail to meet the needs of our customers, our ability to grow our business and sell our offerings may be adversely affected. Our partners may cease marketing our offerings with limited or no notice and with little or no penalty. The loss of a substantial number of our partners or any of our key partners, our possible inability to replace them, or the failure to recruit additional partners could materially and adversely affect our results of operations and could have an impact on the growth rate of our revenue as we work to obtain new partners or replacement relationships. In addition, sales by partners are more likely than direct sales to involve collectability and compliance concerns, in particular sales by our partners in developing markets, and accordingly, variations in the mix between revenues attributable to sales by partners and revenues attributable to direct sales may result in fluctuations in our operating results.
As we are transitioning our business model, the manner in which we conduct business with and compensate our partners, as well as the business demands placed upon our partners will likely change, requiring some of our historically effective partners to adapt their sales and marketing techniques to sell cloud services and term licenses. Such changes may lead to shorter duration contracts, which require more frequent customer contact by, and different business terms with, our partners. In some circumstances, new partners may be more effective in adapting to our new business model, particularly when such partners have experience selling cloud services. Therefore, our expectations for our partners, and our rubric for evaluating compatible partners may change, which may adversely impact our results of operations during the transition.
Our ability to achieve revenue growth in the future will depend in part on our success in maintaining successful relationships with our partners, and to help our partners enhance their ability to independently sell and deploy our offerings. In order to achieve these objectives, we may be required to adjust our incentives, pricing or discount programs for our partners, which could adversely affect our operating results. If we are unable to maintain our relationships with these partners, or otherwise develop and expand our indirect distribution channel, our business, results of operations, financial condition or cash flows could be adversely affected.
Our future performance depends in part on proper use of our community website, Splunkbase, expansion of our developer ecosystem, and support from third-party software developers.
Our offerings enable third-party software developers to build apps on top of our platform. We operate a community website, Splunkbase, for sharing these third-party apps, including add-ons and extensions. While we expect Splunkbase to support our sales and marketing efforts, it also presents certain risks to our business, including:
•third-party developers may not continue developing or supporting the software apps that they share on Splunkbase;
•we cannot guarantee that if and as we change the architecture of our products and services, third-party developers will evolve their existing software apps to be compatible or that they will participate in the creation of new apps utilizing the new architecture;
•as we migrate our on-premises based products to cloud-based services, third-party developers may not convert their apps to work in the cloud environment or may not find our expanded developer ecosystem to be palatable for their cloud-based apps;
•we cannot provide any assurance that these apps meet the same quality and security standards that we apply to our own development efforts, and, to the extent they contain bugs, defects or security vulnerabilities, they may create disruptions in our customers’ use of our offerings or negatively affect our brand;
•we do not currently provide support for software apps developed by third-party software developers, and users may be left without support and potentially disappointed by their experience of using our offerings if the third-party software developers do not provide appropriate support for these apps;
•these third-party software developers may not possess the appropriate intellectual property rights to develop and share their apps or otherwise may not have assessed legal and compliance risks related to distributing their apps;
•some of these apps are hosted in external sites for a fee and are not controlled or reviewed by us, which may lead to a negative experience by customers that may impact our reputation; and
•some of these developers may use the insight they gain using our offerings and from documentation publicly available on our website to develop competing products.
Many of these risks are not within our control to prevent, and our brand may be damaged if these apps, add-ons and extensions do not perform to our customers’ satisfaction and that dissatisfaction is attributed to us.
If poor advice or misinformation is spread through our community website, Splunk Answers, users of our offerings may experience unsatisfactory results from using our offerings, which could adversely affect our reputation and our ability to grow our business.
We host Splunk Answers for sharing knowledge about how to perform certain functions with our offerings. Our users are increasingly turning to Splunk Answers for support in connection with their use of our offerings. We do not review or test the information that non-Splunk employees post on Splunk Answers to ensure its accuracy or efficacy in resolving technical issues. Therefore, we cannot ensure that all the information listed on Splunk Answers is accurate or that it will not adversely affect the performance of our offerings. Furthermore, users who post such information on Splunk Answers may not have adequate rights to the information to share it publicly, and we could be the subject of intellectual property claims based on our hosting of such information. If poor advice or misinformation is spread among users of Splunk Answers, our customers or other users of our offerings may experience unsatisfactory results from using our offerings, which could adversely affect our reputation and our ability to grow our business.
Factors Related to Our Securities
Servicing our debt requires a significant amount of cash, and we may not have sufficient cash flow from our business to pay our substantial debt.
Our ability to make scheduled payments of the principal of, to pay interest on or to refinance our indebtedness, including the $1.27 billion aggregate principal amount of 1.125% Convertible Senior Notes due 2027 (the “2027 Notes”), $776.7 million aggregate principal amount of 0.50% Convertible Senior Notes due 2023 (the “2023 Notes”) and $862.5 million aggregate principal amount of 1.125% Convertible Senior Notes due 2025 (the “2025 Notes” and collectively, the “Notes”) that we issued in June 2020 and September 2018, depends on our future performance, which is subject to economic, financial, competitive and other factors beyond our control. If the assumptions underlying our cash flow guidance are incorrect, for example, due to unexpected impacts of the ongoing COVID-19 pandemic, our business may not continue to generate cash flow from operations in the future sufficient to service our debt, including the Notes, and make necessary capital expenditures. If we are unable to generate such cash flow, we may be required to adopt one or more alternatives, such as selling assets, restructuring debt or issuing additional equity, equity-linked or debt instruments on terms that may be onerous or highly dilutive. Our ability to refinance our indebtedness will depend on the capital markets and our financial condition at such time. If we are unable to engage in any of these activities or engage in these activities on desirable terms, we may be unable to meet our debt obligations, including the Notes, which would materially and adversely impact our business, financial condition and operating results.
Our current and future indebtedness may limit our operating flexibility or otherwise affect our business.
Our existing and future indebtedness could have important consequences to our stockholders and significant effects on our business. For example, it could:
•make it more difficult for us to satisfy our debt obligations, including the Notes;
•increase our vulnerability to general adverse economic and industry conditions;
•require us to dedicate a substantial portion of our cash flow from operations to payments on our indebtedness, thereby reducing the availability of our cash flow to fund working capital and other general corporate purposes;
•limit our flexibility in planning for, or reacting to, changes in our business and the industry in which we operate;
•restrict us from exploiting business opportunities;
•place us at a competitive disadvantage compared to our competitors that have less indebtedness; and
•limit our availability to borrow additional funds for working capital, capital expenditures, acquisitions, debt service requirements, execution of our business strategy or other general purposes.
Any of the foregoing could have a material adverse effect on our business, results of operations or financial condition.
Conversion of the Notes may dilute the ownership interest of our stockholders or may otherwise depress the price of our common stock.
The conversion of some or all of the Notes may dilute the ownership interests of our stockholders. Upon conversion of the Notes, we have the option to pay or deliver, as the case may be, cash, shares of our common stock, or a combination of cash and shares of our common stock. If we elect to settle our conversion obligation in shares of our common stock or a combination of cash and shares of our common stock, any sales in the public market of our common stock issuable upon such conversion could adversely affect prevailing market prices of our common stock. Holders of the Notes may hedge their positions in the Notes by entering into short positions with respect to the underlying common stock. In addition, any anticipated conversion of the Notes into shares of our common stock could depress the price of our common stock.
The conditional conversion feature of the Notes, if triggered, may adversely affect our financial condition and operating results.
In the event the conditional conversion feature of a series of Notes is triggered, holders of such Notes will be entitled under the applicable indenture governing such Notes to convert their Notes at any time during specified periods at their option. If one or more holders of a series of Notes elect to convert such Notes, unless we elect to satisfy our conversion obligation by delivering solely shares of our common stock, we would be required to settle a portion or all of our conversion obligation through the payment of cash, which could adversely affect our liquidity. In addition, in certain circumstances, such as conversion by holders or redemption, we could be required under applicable accounting rules to reclassify all or a portion of the outstanding principal of the relevant series of Notes as a current rather than long-term liability, which would result in a material reduction of our net working capital.
The accounting method for convertible debt securities that may be settled in cash, such as the Notes, could have a material effect on our reported financial results.
Under Accounting Standards Codification 470-20, Debt with Conversion and Other Options (“ASC 470-20”), an entity must separately account for the liability and equity components of the convertible debt instruments (such as the Notes) that may be settled entirely or partially in cash upon conversion in a manner that reflects the issuer’s economic interest cost. The effect of ASC 470-20 on the accounting for the Notes is that the equity component is required to be included in the additional paid-in capital section of stockholders’ equity in our consolidated balance sheet at issuance, and the value of the equity component is treated as a discount for purposes of accounting for the debt component of the Notes. As a result, we are required to record a greater amount of non-cash interest expense as a result of the amortization of the discounted carrying value of the Notes to their respective face amounts over their respective terms. We report larger net losses or lower net income in our financial results because ASC 470-20 requires interest to include both the amortization of the debt discount and the instrument’s coupon interest rate, which could adversely affect our reported or future financial results, the trading price of our common stock and the trading price of the Notes.
In addition, under certain circumstances, convertible debt instruments (such as the Notes) that may be settled entirely or partly in cash are currently accounted for utilizing the treasury stock method for earnings per share purposes, the effect of which is that the shares issuable upon conversion of a series of Notes are not included in the calculation of diluted earnings per share except to the extent that the conversion value of such series of Notes exceeds their principal amount. Under the treasury stock method, for diluted earnings per share purposes, the transaction is accounted for as if the number of shares of common stock that would be necessary to settle such excess, if we elected to settle such excess in shares, are issued.
We cannot be sure that the accounting standards in the future will continue to permit the use of the treasury stock method. For example, the FASB recently published an accounting standard update ASU 2020-06 to amend these accounting standards to eliminate the treasury stock method for convertible instruments and instead require application of the “if-converted” method. Under that method, if it is adopted, diluted earnings per share would generally be calculated assuming that all the Notes were converted solely into shares of common stock at the beginning of the reporting period, unless the result would be anti-dilutive. If we are unable or otherwise elect not to use the treasury stock method in accounting for the shares issuable upon conversion of the Notes, then our diluted earnings per share would be negatively affected.
We are subject to counterparty risk with respect to the Capped Calls.
In connection with the offerings of the Notes, we entered into privately negotiated capped call transactions with certain counterparties (collectively, the “Capped Calls”). The counterparties to the Capped Calls are financial institutions, and we will be subject to the risk that one or more of the counterparties may default, fail to perform or exercise their termination rights under the Capped Calls. Our exposure to the credit risk of the counterparties will not be secured by any collateral. If a counterparty to the Capped Calls becomes subject to insolvency proceedings, we will become an unsecured creditor in those proceedings with a claim equal to our exposure at the time under such transaction. Our exposure will depend on many factors but, generally, our exposure will increase if the market price or the volatility of our common stock increases. In addition, upon a default, failure to perform or a termination of the Capped Calls by a counterparty, we may suffer more dilution than we currently anticipate with respect to our common stock. We can provide no assurances as to the financial stability or viability of the counterparties.
Our stock price has been volatile, may continue to be volatile and may decline regardless of our financial performance.
The trading prices of the securities of technology companies have been highly volatile. The market price of our common stock has fluctuated significantly and is likely to continue to fluctuate significantly or experience declines in the future. Your investment in our stock could lose some or all of its value. Some of the factors, many of which are beyond our control, that could significantly affect the market price of our stock include:
•actual or anticipated fluctuations in our financial results;
•the financial projections we provide to the public, any changes in these projections or our failure to meet or exceed these projections;
•the impact of our shift to a subscription model, as well as increased annual invoicing and decreased multi-year upfront invoicing, which may impact our revenue, deferred revenue, cash collections, remaining performance obligations, gross margin and operating income;
•failure of securities analysts to initiate or maintain coverage of our company, changes in financial estimates by any securities analysts who follow our company, or our failure to meet these estimates or the expectations of investors;
•ratings changes by any securities analysts who follow our company;
•announcements by us or our competitors of significant technical innovations, acquisitions, strategic partnerships, joint ventures or capital commitments;
•changes in operating performance and stock market valuations of other technology companies generally, or those in our industry in particular;
•price and volume fluctuations in certain categories of companies, such as high-growth or cloud companies, or the overall stock market, including as a result of trends in the global economy;
•public health crises, such as the ongoing COVID-19 pandemic, and related measures by private industry and governments to protect the public health;
•general economic and political conditions and uncertainty, both domestically and internationally, as well as economic and political conditions and uncertainty specifically affecting industries in which our customers participate, including continued impacts from the ongoing COVID-19 pandemic;
•any major change in our board of directors or management;
•lawsuits threatened or filed against us;
•actual or perceived security breaches or incidents; and
•other events or factors, including those resulting from war, incidents of terrorism or responses to these events.
In addition, the stock markets, and in particular the market on which our common stock is listed, have experienced extreme price and volume fluctuations that have affected and continue to affect the market prices of equity securities of many technology companies. Stock prices of many technology companies have fluctuated in a manner unrelated or disproportionate to the financial performance of those companies. In the past, following periods of market volatility, securities class action litigation and stockholder derivative litigation have often been instituted. In December 2020, a putative class action lawsuit was filed in the U.S. District Court for the Northern District of California against us, our CEO and our CFO alleging violations of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), for allegedly making materially false and misleading statements regarding our financial guidance. On March 16, 2021, the Court appointed lead plaintiff and lead counsel in the case. On June 7, 2021, the lead plaintiff filed an amended complaint which alleges that defendants made materially false and
misleading statements regarding our marketing efforts, hiring practices, and retention of personnel. In February, March, and April 2021, several derivative lawsuits related to the securities class action were filed. These lawsuits could subject us to substantial costs, divert resources and the attention of management from our business and adversely affect our business, results of operations, financial condition and cash flows. If we were to become involved in additional litigation in the future, it also could subject us to substantial costs, divert resources and the attention of management from our business and adversely affect our business, results of operations, financial condition and cash flows.
General Factors
Climate change may have a long-term impact on our business.
The long-term effects of climate change on the global economy and the technology industry in particular are unclear, however we recognize that there are inherent climate related risks wherever business is conducted. Our business operations are subject to interruption by natural disasters, flooding, fire, power shortages, pandemics such as the ongoing COVID-19 pandemic, terrorism, political unrest, telecommunications failure, vandalism, cyber-attacks, geopolitical instability, war, the effects of climate change and other events beyond our control. For example, our California corporate offices are located near major seismic faults, and have also historically experienced, and are projected to continue to experience, climate-related events including drought and water scarcity, warmer temperatures, wildfires and air quality impacts and power shut-offs associated with wildfire prevention. Although we maintain crisis management and disaster response plans, such events could make it difficult or impossible for us to deliver our services to our customers, could decrease demand for our services, and could cause us to incur substantial expense. Our insurance may not be sufficient to cover losses or additional expenses that we may sustain. Climate-related events, including the increasing frequency of extreme weather events and their impact on critical infrastructure in the United States and elsewhere, have the potential to disrupt our business, our third-party suppliers, and/or the business of our customers, and may cause us to experience higher attrition, losses and additional costs to maintain and resume operations.
We could be subject to additional tax liabilities.
We are subject to federal, state and local taxes in the United States and numerous foreign jurisdictions. Significant judgment is required in evaluating our tax positions and our worldwide provision for taxes as there are many activities and transactions for which the ultimate tax determination is uncertain. The relevant taxing authorities may disagree with our determinations as to the income and expenses attributable to specific jurisdictions. If such a disagreement were to occur, and our position was not sustained, we could be required to pay additional taxes, interest and penalties, which could result in one-time tax charges, higher effective tax rates, reduced cash flows and lower overall profitability of our operations. At any given
time, we are subject to routine inquiries from taxing jurisdictions worldwide and are working to resolve these various routine questions and potential errors. Our financial statements reflect our best judgement of needed reserves to cover known contingencies, but there can be no assurances on the final outcome of any tax assessment. In addition, our tax obligations and effective tax rates could be adversely affected by changes in the relevant tax, accounting and other laws, regulations, principles and interpretations, including those relating to income tax nexus, by our earnings being lower than anticipated in jurisdictions where we have lower statutory rates and higher than anticipated in jurisdictions where we have higher statutory rates by challenges to our intercompany relationships and transfer pricing arrangements, by changes in foreign currency exchange rates, or by changes in the valuation of our deferred tax assets and liabilities. Many countries and organizations such as the Organization for Economic Cooperation and Development are actively considering changes to existing tax laws or have proposed or enacted new tax laws that could increase our tax liabilities in countries where we do business.
Changes in accounting pronouncements and other financial and nonfinancial reporting standards.
Generally accepted accounting principles in the United States (“U.S. GAAP”) are subject to interpretation by the Financial Accounting Standards Board (“FASB”), the SEC, and other various bodies formed to promulgate and interpret appropriate accounting principles. We regularly monitor our compliance with applicable financial reporting standards and review new pronouncements and interpretations that are relevant to us. As a result of new standards, changes to existing standards and changes in their interpretation, we may be required to change our accounting policies, to alter our operational policies to implement new or enhance existing systems so that they reflect new or amended financial reporting standards, and to adjust our published financial statements. Such changes may have an adverse effect on our business, financial position and operating results, or cause an adverse deviation from our revenue and operating profit targets, which may negatively impact our financial results.
In addition, as we work to align with the recommendations of the Sustainability Accounting Standards Board (“SASB”), and our own ESG materiality assessment, we have expanded and, in the future, may continue to expand our disclosures in these areas. Our failure to report accurately or achieve progress on our metrics on a timely basis, or at all, could adversely affect our reputation, business, financial performance and growth.
The requirements of being a public company and a growing and increasingly complex organization may strain our resources, divert management’s attention and affect our ability to attract and retain executive management and qualified board members.
We are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act, the Dodd-Frank Act, the listing requirements of The NASDAQ Stock Market and other applicable securities rules and regulations. Compliance with these rules and regulations has increased and may continue to increase our legal and financial compliance costs, making some activities more difficult, time-consuming or costly, and has increased and will continue to increase demand on our systems and resources.
In addition, changing laws, regulations, standards and practices relating to corporate governance and public disclosure are creating uncertainty for public companies, increasing legal and financial compliance costs and making some activities more time consuming. These laws, regulations, standards and practices are subject to varying interpretations, in many cases due to their lack of specificity, and, as a result, their application in practice may evolve over time as regulatory and governing bodies provide new guidance or as market practices develop. This could result in continuing uncertainty regarding compliance matters and higher costs necessitated by ongoing revisions to disclosure and governance practices.
From time to time, public companies are subject to campaigns by investors seeking to increase short-term stockholder value through actions such as financial restructuring, increased debt, special dividends, stock repurchases, management changes or sales of assets or the entire company. If stockholders attempt to effect such changes or acquire control over us, responding to such actions would be costly, time-consuming and disruptive, which could adversely affect our results of operations, financial results and the value of our common stock. These factors could also make it more difficult for us to attract and retain qualified employees, executive officers and members of our board of directors.
Anti-takeover provisions in our charter documents and under Delaware law could make an acquisition of our company more difficult, limit attempts by our stockholders to replace or remove our current management and limit the market price of our common stock.
Provisions in our amended and restated certificate of incorporation and amended and restated bylaws may have the effect of delaying or preventing a change of control or changes in our management. Our amended and restated certificate of incorporation and amended and restated bylaws include provisions that:
•authorize our board of directors to issue, without further action by the stockholders, shares of undesignated preferred stock with terms, rights and preferences determined by our board of directors;
•require that any action to be taken by our stockholders be effected at a duly called annual or special meeting and not by written consent;
•specify that special meetings of our stockholders can be called only by our board of directors, the Chairman of our board of directors, or our Chief Executive Officer;
•establish an advance notice procedure for stockholder proposals to be brought before an annual meeting, including proposed nominations of persons for election to our board of directors;
•establish that our board of directors is divided into three classes, Class I, Class II and Class III, with each class serving three-year staggered terms;
•prohibit cumulative voting in the election of directors;
•provide that our directors may be removed only for cause;
•provide that vacancies on our board of directors may be filled only by a majority of directors then in office, even though less than a quorum; and
•require the approval of our board of directors or the holders of a super majority of our outstanding shares of capital stock to amend our amended and restated bylaws and certain provisions of our amended and restated certificate of incorporation.
These provisions may frustrate or prevent any attempts by our stockholders to replace or remove our current management by making it more difficult for stockholders to replace members of our board of directors, which is responsible for appointing the members of our management. In addition, because we are incorporated in Delaware, we are governed by the provisions of Section 203 of the Delaware General Corporation Law, which generally prohibits a Delaware corporation from engaging in any of a broad range of business combinations with any “interested” stockholder for a period of three years following the date on which the stockholder became an “interested” stockholder.