Item 1. Business.
Elastic is a search company.
Search is foundational to a wide variety of experiences. Elastic makes the power of search—the ability to instantly find relevant information and insights from large amounts of data—available for a diverse set of applications and solutions, including Enterprise Search, Observability, and Security.
Elastic powers the search behind a ride sharing app to help locate nearby riders and drivers. Elastic powers the search for finding the right products to add to your cart for an ecommerce application. Elastic powers the search for a digital creative software company, enabling users to search across millions of digital assets to find the right photo, font, or color palette to complete a creative project. Elastic powers the logging of billions of events per day to track and manage website performance issues and network outages of a telecommunications company with nationwide networks of mobile subscribers. Elastic powers the processing of terabytes of daily data in real time to monitor the usage of thousands of servers for a financial services company across their entire IT environments. Elastic powers a university’s cybersecurity operations to protect thousands of devices and critical data. All of this is search.
Why we search remains constant: we’re looking for insight, information, and answers. But how and what we search changes over time, from the Dewey Decimal System for libraries to Google for the World Wide Web to conversations with virtual assistants for everyday inquiries. Today, what we search has grown to include a rapidly increasing amount of structured and unstructured data from a multitude of sources such as databases, websites, applications, and mobile and connected devices. While search experiences often begin with search boxes, they are not confined to them. Dragging your finger across a map on a smartphone screen is search. Zooming into a specific time frame in a histogram is search. Mining log files for errors is search. Forecasting storage capacity two weeks into the future is search. Using natural language processing to analyze user sentiment is search.
Elastic created the Elastic Stack, a powerful set of software products that ingest and store data from any source, and in any format, and perform search, analysis, and visualization in milliseconds or less. Developers build on top of the Elastic Stack to apply the power of search to their data and solve business problems. We have also built software solutions on the Elastic Stack that address a wide variety of use cases: Elastic Enterprise Search for workplace search, app search and site search, Elastic Observability for logging, metrics and application performance management (“APM”), and Elastic Security for security information and event management (“SIEM”) and endpoint security.
The Elastic Stack and our solutions are designed to run in public or private clouds, in hybrid environments, or in traditional on-premises environments. As the technology landscape shifts, our products grow and adapt. In that sense, we believe that our company is truly elastic.
Our origins are rooted in open source, which facilitates rapid adoption of our software and enables efficient distribution of our technology. Developers can either download or deploy our software directly in the cloud as a managed offering on our website, for use in development and production environments. Our offerings include both free and paid products and solutions.
Our business model is based on a combination of free and paid proprietary software. For self-managed users who download our products, we make some of the proprietary features of our software available for free. Other proprietary features are only available through paid subscriptions, which also include access to support on all free and paid features. We also provide our software as a service (“SaaS”). There is no free subscription tier in our SaaS offerings. Unlike some open source companies, we do not build a separate enterprise version of an original open source project. Instead, we develop and test one robust codebase, over which we maintain control. We believe that maintaining full control over the source code enables us to develop better products for our users and customers. Our sales and marketing efforts start with developers and other users who have already adopted our software and then evolve to departmental decision-makers and senior executives who have broad purchasing power in their organizations. All of these actions help us build a powerful commercial business model.
Our customers often significantly expand their usage of our products over time. Expansion includes increasing the number of developers using our products, increasing the utilization of our products for a particular use case, and applying our products to new use cases. We focus some of our direct sales efforts on encouraging these types of expansion within our customer base.
Our business has experienced rapid growth around the world. As of April 30, 2021, we had over 15,000 customers compared to over 11,300 customers and over 8,100 customers as of April 30, 2020 and April 30, 2019, respectively. Our revenue was $608.5 million in the year ended April 30, 2021, $427.6 million in the year ended April 30, 2020, and $271.7 million in the year ended April 30, 2019, representing year-over-year growth of 42% and 57% for the years ended April 30, 2021 and 2020, respectively. Subscriptions accounted for 93%, 92% and 91% of our total revenue in the years ended
April 30, 2021, 2020 and 2019, respectively. Revenue from outside the United States accounted for 45%, 43% and 43% of our total revenue in the years ended April 30, 2021, 2020 and 2019, respectively.
In the years ended April 30, 2021, 2020 and 2019, we incurred net losses of $129.4 million, $167.2 million and $102.3 million, respectively. For the year ended April 30, 2021, our cash provided by operating activities was $22.5 million, and for the years ended April 30, 2020 and 2019, our cash used in operating activities was $30.6 million and $23.9 million, respectively. We expect we will continue to incur net losses for the foreseeable future.
We founded Elastic to bring the power of search to a broad range of business and consumer use cases. Our products enable our users and customers to instantly find relevant information and insights in large amounts of data.
We offer the Elastic Stack, a powerful set of software products that ingest and store data from any source, in any format, and perform search, analysis, and visualization, usually in milliseconds. The Elastic Stack can be used by developers to power a variety of use cases. We also offer software solutions built in the Elastic Stack that address a wide variety of use cases. The Elastic Stack and our solutions are designed to run in public or private clouds, in hybrid environments, or in traditional on-premises environments.
The Elastic Stack
The Elastic Stack is primarily composed of the following products:
•Elasticsearch. Elasticsearch is the heart of the Elastic Stack. It is a distributed, real-time search and analytics engine and datastore for all types of data, including textual, numerical, geospatial, structured, and unstructured.
•Kibana. Kibana is the user interface for the Elastic Stack. It is the visualization layer for data stored in Elasticsearch. It is also the management and configuration interface for all parts of the Elastic Stack.
The Elastic Stack also supports data ingest with a number of supporting products:
•Logstash. Logstash is the dynamic data processing pipeline for ingesting data into Elasticsearch or other storage systems from a multitude of sources simultaneously.
•Beats. Beats is the family of lightweight, single-purpose data shippers for sending data from edge machines to Elasticsearch or Logstash.
•Elastic Agent. Elastic Agent, currently in beta, is a single, unified way to add monitoring for logs, metrics, and other types of data to each host. Elastic Agent includes integrated host protection and central management.
Some features of the Elastic Stack are free and open, available to users at no cost, while others require paid subscriptions. Paid proprietary features enable capabilities such as automating anomaly detection on time series data at scale through machine learning, facilitating compliance with data security and privacy regulations, supporting search across low cost cold and frozen data tiers, and allowing real-time notifications and alerts. The source code of both free and paid features in the Elastic Stack is visible to the public in the form of “open code.”
We have built a number of solutions on top of the Elastic Stack to make it easier for organizations to use our software for common use cases. Like the Elastic Stack, our solutions comprise a combination of free and open features, and paid proprietary features. Our solutions include:
•Enterprise Search. Our Enterprise Search solution provides powerful search for documents and results living in websites, applications and workplaces. Enterprise Search includes: Workplace Search, a unified search platform for the workplace that seamlessly connects to the most widely used enterprise systems and tools; App Search, a flexible, API-driven tool for building search experiences to support websites and portals, e-commerce, mobile app search, and customer support; and Site Search, an easy way to bring powerful search to any website.
•Observability. Our Observability solution enables unified analysis across the IT ecosystem of applications, networks, and infrastructure. Observability includes: Logs, to search and analyze petabytes of structured and unstructured logs; Metrics, to search and analyze numeric and time series data; APM, to deliver insight into application performance and health metrics and provide developers with confidence in their code; and Uptime, to easily track and monitor the availability of hosts, websites, services and applications.
•Security. Our Security solution provides unified protection to prevent, detect, and respond to threats. Security includes: SIEM, with integrations to network, host, user, and cloud data sources, as well as workflow and
operations, shareable analytics, incident management, and investigations; and Endpoint Security, for prevention, detection and response in a single, stack-integrated agent.
Our Deployment Options
The Elastic Stack and our solutions generally can be deployed in public or private clouds, in hybrid environments, or in traditional on-premises environments, to satisfy various user and customer needs.
•Self-Managed. Today, most users manage their own deployments of the Elastic Stack and our solutions. To help with more complex deployment scenarios, we offer Elastic Cloud Enterprise and Elastic Cloud on Kubernetes, paid proprietary products, to deliver centralized provisioning, management, and monitoring across multiple deployments.
•SaaS. Many customers are becoming increasingly interested in SaaS deployment alternatives that reduce the burden of administration. For these customers we have developed a family of SaaS products called Elastic Cloud, which includes Elasticsearch Service and Site Search Service. We host and manage our Elastic Cloud products on infrastructure from multiple public cloud providers.
Our Business Model
Our business model refers to how we make our software available, including our free and open distribution and go-to-market strategy, and how we charge our customers. We believe our business model creates significant value for our users, our customers, and our company.
Our business model is based on a combination of free and paid proprietary software. We market and distribute the Elastic Stack and our solutions using a free and open distribution strategy. Developers and other users are able to download our software directly from our website. Some features of our software can be used free of charge. Others are only available through paid subscriptions, which include access to proprietary features and support. These paid features can be unlocked with a simple license update, without the need to re-deploy the software. We also provide our software as a service, as part of Elastic Cloud. There is no free subscription tier in our Elastic Cloud offerings. The rate at which our customers purchase additional subscriptions and expand the value of existing subscriptions depends on a number of factors, including customers’ level of satisfaction with our products, the nature and size of the deployments, the desire to address additional use cases, and the perceived need for additional proprietary features. The source code of all Elastic Stack features is visible to the public in the form of “open code.”
Our distribution model facilitates rapid and efficient adoption, particularly by empowering individual developers and other users to download and use our software without payment, registration, or the friction of a formal sales interaction. It also fosters a vibrant developer community around our products and solutions, which drives adoption of our products and increased interaction among users. Further, this approach enables community review of our code and products, which allows us to improve the reliability and security of our software. We believe that the number of times our products have been downloaded and the size of our developer community are indicative of the benefits of our free and open strategy and the growth in adoption of our products. However, we generally do not have visibility into, and cannot accurately determine how often, our downloaded products are being actively used.
We have designed our strategy to avoid some of the risks associated with an open source model. One such risk relates to control over the direction and roadmap of our products. We maintain full control over the source code of our products and solutions. While community members may suggest changes to our products, only Elastic employees are able to commit changes to the codebase. Also, many of our free features have been historically distributed under a proprietary license. In February 2021, with the release of version 7.11 of the Elastic Stack, we changed the source code of Elasticsearch and Kibana that had previously been licensed under an open source license to be licensed under a proprietary license. Further, unlike some open source companies, we do not build a separate enterprise edition of an original open source project. Instead, we develop, maintain, and test a single robust codebase that is shared by our entire developer community.
Some open source companies sell only support for software that they make available at no cost. We believe this can create misaligned incentives in that the support vendor benefits from low software quality. Accordingly, we focus on designing high-quality software products that include proprietary features and are easy to use and reliable. We include support only as part of our subscriptions.
We believe in building products that provide value and appeal to the people who use them, including developers, architects, DevOps personnel, IT professionals, and security analysts. At the same time, a software company should be able to engage and build relationships with departmental or organizational leaders who make large technology purchasing decisions. At Elastic, we do both.
Strengths of Our Products
The strengths of our products include the following:
•Speed. The Elastic Stack can find matches for search criteria in milliseconds within even the largest structured and unstructured datasets. Its schema-less structure and inverted indices enable real-time search of high volumes of structured, unstructured, and time series data.
•Scale. The Elastic Stack is a distributed system and can scale massively. It has the ability to subdivide search indices into multiple pieces called shards, which enables data volume to be scaled horizontally and operations to be distributed across hundreds of systems or more. A developer running hundreds of nodes has the same user experience as a developer running a single node on a laptop.
•Relevance. Elasticsearch uses multiple analytical techniques to determine the similarity between stored data and queries, generating highly relevant results reflecting a deep understanding of text and context. Its sophisticated yet developer-friendly query language permits advanced search and analytics. Additionally, the speed of the Elastic Stack permits query iteration, further enhancing the relevance of search results.
•Ease of Use. The Elastic Stack is engineered to take a user from data to dashboard or inquiry to insight in minutes. It offers an easy getting started experience, featuring streamlined download and deployment, sensible defaults, a simple and intuitive query language that just works, and no need to define a schema up front. Administrative tasks such as securing the Elastic Stack are intuitive and integrated into the user experience, as are investigative tasks such as data visualization.
•Flexibility. The Elastic Stack is able to ingest, filter, store, search, and analyze data in any form, whether structured or unstructured. These capabilities enable the Elastic Stack to generate insights from a wide variety of data sources for a range of use cases. The flexibility of the Elastic Stack also enables users to begin using our products along with their existing systems, which lowers barriers to adoption.
•Extensibility. Developers can use the Elastic Stack as a foundation for addressing a wide variety of use cases. Our open approach to building the Elastic Stack empowers developers to innovate and utilize it to fit their specific needs. Additionally, our developer community actively engages with us to improve and expand the Elastic Stack.
Our Growth Strategies
We intend to pursue the following growth strategies:
•Increase product adoption by improving ease of use and growing our user community. With our engineering efforts focused on the user experience, we will continue to develop software that makes our products easier to use and adopt for both developers and non-developers. We will continue to engage with developers globally through a wide range of touch points such as community meetups, global community groups, hackathons, our global events, which we call ElasticON, and engagement on our website, user forums, and code repositories, to grow our user community.
•Expand our customer base by acquiring new customers. Through our distribution model, self-managed users can easily download our software directly from our website and access many features free of charge, which facilitates rapid adoption. Through Elastic Cloud, our SaaS offering, we provide the fastest and easiest way to get started with a free trial. However, there is no free subscription tier in Elastic Cloud. Our sales and marketing team conducts campaigns to drive further awareness and adoption within the user community. As a result, many of our sales prospects are already familiar with our technology prior to entering into a commercial relationship with us. Additionally, we leverage our network of partners to drive awareness and expand our sales and marketing reach to target new customers. We will continue to engage our community and our partners to drive awareness and to invest in our sales and marketing team to grow our customer base.
•Expand within our existing customer base through new use cases and larger deployments. We often enter an organization through a single developer or a small team for an initial project or use case with an objective to quickly solve a technical challenge or business problem. Because of the rapid success with our products, knowledge of Elastic often spreads within an organization to new teams of developers, architects, IT operations personnel, security personnel, and senior executives. We will continue to invest in helping users and customers be successful with our products, and we view initial success with our products as a path to drive expansion to new use cases and projects and larger deployments within organizations.
•Extend our product leadership through continued investment in our technology. We will continue to invest in our self-managed and SaaS products to extend into new use cases, industries, geographies, and customers.
•Increase usage of Elastic Cloud. We believe that providing our SaaS products represents a significant growth opportunity. We plan to expand Elastic Cloud geographically and through more public cloud providers. We plan to continue to invest resources in increasing the adoption of Elastic Cloud.
•Expand our strategic and regional partnerships. Our partners assist us in driving awareness of Elastic and our products, building new solutions on top of the Elastic Stack to solve customer pain points, and extending our reach in geographic areas and verticals where we do not have a formal sales presence. We have a diverse range of partners and we will continue to pursue partnerships to further the development of the Elastic Stack and our customer reach.
•Selectively pursue acquisitions and strategic investments. We have selectively pursued acquisitions and strategic investments in businesses and technologies in order to drive product and market expansion. Since inception, we have acquired technology underlying our security offerings (formerly Endgame), Site Search and App Search offerings (formerly Swiftype), our APM offering (formerly Opbeat), our machine learning feature (formerly Prelert), our Beats product (formerly Packetbeat), our Elastic Cloud SaaS offering (formerly Found) and our Kibana and Logstash products through strategic transactions. We intend to continue to pursue acquisitions and strategic investments selectively.
Organizations of all sizes, across many industries, both private and public, purchase our products for a variety of use cases. As of April 30, 2021, we had over 15,000 customers. No customer represented more than 10% of our total revenue in the year ended April 30, 2021.
Our engineering organization focuses on enhancing existing products and developing new products, both open source and proprietary, that are easy to use and can be run in any environment including in public or private clouds, in hybrid environments, or in traditional on-premises environments. With a distributed engineering team spanning over 30 countries, we are able to recruit, hire, and retain high-quality, experienced developers, tech leads, and product managers, and operate at a rapid pace to drive product releases, fix bugs, and create new product offerings.
Our software development process is based on iterative releases across the Elastic Stack, our solutions, and Elastic Cloud. We are organized in small functional teams with a high degree of autonomy and accountability. Our distributed and highly modular team structure and well-defined software development processes also allow us to successfully incorporate technologies that we have acquired.
We intend to continue to invest in our research and development capabilities to extend our products. Research and development expense totaled $199.2 million and $165.4 million, in the years ended April 30, 2021 and 2020, respectively. We plan to continue to devote significant resources to research and development.
Sales and Marketing
We make it easy for individual developers to begin using our products in order to drive viral adoption. Users can download our software directly from our website without any sales interaction, and immediately begin using the full set of free and paid features. Access to our paid features is available for an initial trial period for both self-managed and SaaS subscriptions.
As a result of our free and open strategy, our sales prospects are often already using our technology. Our sales and marketing efforts extend our free and open strategy in two key ways. First, we conduct low-touch marketing campaigns to keep users and customers engaged after they download our software. This includes providing high-quality content, documentation, webinars, videos, and blogs through our website. Second, we conduct high-touch virtual and field campaigns with qualified prospects and customers who have typically already deployed our software to drive further awareness, adoption, and expansion of our products and solutions.
Our sales teams are segmented primarily by geography and secondarily by employee count in relation to our prospects and customers. We rely on inside sales development representatives to qualify leads based on their likelihood to make a purchase. We pursue sales opportunities primarily through a direct sales motion, in some cases assisted by partners. Our relationships within customer organizations often extend beyond the initial users of the technology and include technology and business decision-makers at various levels. We also engage with our customers on an ongoing basis through a customer success team, to ensure customer satisfaction and expand their usage of our technology.
We maintain partner relationships that help us market and deliver our products to our customers and complement our community. Our partner relationships include the following:
•Cloud providers. We work with many of the major cloud providers to increase awareness of our products and make it easy to access our software. We partner with Google and Microsoft to offer our Elasticsearch Service (part of Elastic Cloud) on Google Cloud Platform (“GCP”), and Microsoft Azure, respectively, including direct purchase from us and through their respective marketplaces. We also partner with other cloud providers to provide our free and paid proprietary features to users on their cloud platforms. In addition, we make our Elasticsearch Service available on Amazon Web Services (“AWS”), for direct purchase or through the AWS marketplace. Elastic’s Elasticsearch Service is a different offering than Amazon Elasticsearch Service. We do not partner with Amazon, provide support for Amazon Elasticsearch Service, or provide Amazon or customers of Amazon Elasticsearch Service with access to any of our free or paid proprietary features.
•Systems integrators, channel partners, and referral partners. We have a global network of systems integrators, channel partners, and referral partner relationships that help deliver our products to various business and government customers around the world.
•OEM and MSP partners. Our original equipment manufacturing (“OEM”), and managed service provider (“MSP”), partners embed an Elastic subscription into the products or services they offer to their own customers. OEM or MSP partners are able to include Elastic’s paid and unpaid proprietary features in their product, receive ongoing support from Elastic for product development, and receive support for end customer issues related to Elastic.
•Technology partners. Our technology partners collaborate with Elastic to create a standardized solution for end users that includes technology from both Elastic and the partner. For example, we work with Micro Focus to integrate our products with their ArcSight product. Technology partners represent a deeper collaboration than community contributions and are distinct from distribution-oriented relationships like OEMs and MSP partners.
We offer consulting and training as part of our offerings. To assist customers in accelerating their success with our software, our consulting team consists of engineers and architects who bring hands-on experience and deep technical knowledge to a project. Our training offerings enable our users to gain the necessary skills to develop, deploy, and manage our software.
We endeavor to make it easy for users to download, install, deploy and use the Elastic Stack and our solutions. To this end, our user community functions as a source of support and enables users to engage in self-help and collaboration.
However, in many situations, such as those involving complex enterprise IT environments, large deployments and novel use cases, our users require our support. Accordingly, we include support as part of the subscriptions we sell for our products. Our global support organization consists of highly technical support engineers who provide support experiences including troubleshooting, technical audits, cluster tuning, and upgrade assistance. Our support team is distributed across over 20 countries and provides coverage 24 hours per day, 365 days per year, across multiple languages.
We believe that software companies should not have incentives to build low quality software. In that connection, we do not sell support separately from our software subscriptions.
Our products consist of the Elastic Stack, our solutions and software that supports our various deployment alternatives. Because our solutions are built on the Elastic Stack, innovations and new capabilities built into the Elastic Stack may benefit many of our solutions. Our customers can customize and extend our solutions to fit their needs by leveraging the power of the Elastic Stack and our developer capabilities.
Technology Features of the Elastic Stack
Elasticsearch is the heart of the Elastic Stack, where users store, search, and analyze data. Key features of Elasticsearch include the following:
•Store any type of data. Elasticsearch combines powerful parts of traditional search engines, such as an inverted index to power fast full text search and a column store for analytics, with native support for a wide range of data types, including text, dates, numbers, geospatial data, date/numeric ranges, and IP addresses. With sensible defaults, and no upfront schema definition necessary, Elasticsearch makes it easy to start simple and fine-tune as datasets grow.
•Powerful query languages. The Elasticsearch query domain specific language is a flexible, expressive search language that exposes a rich set of query capabilities across any kind of data. From simple Boolean operators to custom relevance functions, users can articulate exactly what they are looking for and bring their own definition of relevance. The query language also includes a composable aggregation framework that enables users to summarize, slice, and analyze structured or semi-structured datasets across multiple dimensions. Examples of these capabilities include tracking the top ten users by spend, looking at data week over week, analyzing data across geographies, and drilling down into details with specific filters all with a single search.
•Developer friendliness. Elasticsearch has consistent, well-documented APIs that work the same way on one node during initial development as on a hundred nodes in production. Elasticsearch also ships with a number of language clients that provide a natural way to integrate with a variety of popular programming frameworks, reducing the learning curve, and leading to a shorter time to realizing value.
•High speed. Everything stored in Elasticsearch is indexed by default, such that users do not need to decide in advance what queries they will want to run. Our architecture optimizes throughput, time-to-data availability and query latency. Elasticsearch can easily index millions of events per second, and newly added data can be available for search nearly instantly.
•High scale and availability. Elasticsearch is designed to scale horizontally and be resilient to node or hardware failures. As nodes join a cluster, data is automatically re-balanced and queries and indexing are spread across the new nodes seamlessly. This makes it easy to add hardware to increase indexing throughput or improve query throughput. Elasticsearch also detects node failures and hardware or network issues and automatically protects user data by ejecting the failing or inaccessible nodes and creating new replicas of the data.
•Machine learning and alerting. Machine learning capabilities such as anomaly detection, forecasting, and categorization are tightly integrated with the Elastic Stack to automatically model the behavior of data, such as trends and periodicity, in real time in order to identify issues faster, streamline root cause analysis, and reduce false positives. Without these capabilities, it can be very difficult to identify issues such as infrastructure problems or intruders in real time across complex, high-volume, fast-moving datasets.
•Security. Security features give administrators the rights to grant specific levels of access to their various types of users, such as IT, operations, and application teams. Elasticsearch serves as the central authentication hub for the entire Elastic Stack. Security features include encrypted communications and encryption-at-rest; role-based access control; single sign-on and authentication; field-level, attribute-level, and document-level security; and audit logging.
Kibana is the user interface for the Elastic Stack. It allows users to manage the Elastic Stack and visualize data. Additionally, the interfaces for many of our solutions are built into Kibana. Key features of Kibana include the following:
•Explore and visualize data stored in Elasticsearch. Kibana provides interactive data views, visualizations, and dashboards powered by structured filtering and unstructured search to enable users to get to answers more quickly. A variety of data visualization types, such as simple line and bar charts, purpose-built geospatial and time series visualizations, tree diagrams, network diagrams, heatmaps, scatter plots, and histograms, support diverse user needs.
•Incorporate advanced analytics and machine learning from Elasticsearch. Kibana’s query, filtering, and data summarization capabilities reflect Elasticsearch’s powerful query domain specific language and aggregation framework while making it interactive.
•Manage the Elastic Stack. Kibana presents a broad user interface showing the health of Elastic Stack components and provides cluster alerts to notify administrators of problems. Its central management user interfaces (UIs) make it easier to operate the Elastic Stack at scale.
•Home for Solutions. Kibana is where our users and customers access the user interfaces for our Observability and Security solutions. Kibana provides core services, like security, alerting, and data visualization components. This makes it easy for users to discover all of the capabilities our solutions provide, and enables solution users to benefit from the core capabilities of the Kibana.
•Application framework. Kibana is designed to be extensible. Users interested in a highly specialized visualization type not distributed with Kibana by default can customize experiences through a Kibana plugin and make the plugin available to the community. Dozens of Kibana plugins have been shared by the community via Elastic documentation and code sharing platforms such as GitHub.
Beats, Elastic Agent, and Logstash are data ingestion tools that enable users to collect and enrich any kind of data from any source for storage in Elasticsearch. Beats and Logstash have an extensible modular architecture. Beats are lightweight agents purpose-built for collecting data on devices, servers, and inside containers. Elastic Agent, currently in beta, is a single, unified way to add monitoring for logs, metrics, and other types of data to each host, and also includes integrated host protection. Key features of Beats and Elastic Agent include the following:
•Data shippers. Beats are lightweight agents built for the purposes of efficient data collection at the edge for specific types of data, such as Filebeat for the collection of logging data, Metricbeat for the collection of system or service metric data, Auditbeat for the collection of security data, Packetbeat for the collection of network data, and Heartbeat for the collection of availability data. Dozens of community Beats enable the collection of data from specialized sources. Elastic Agent introduces a new single agent architecture across hosts that simplifies management and deployment.
•Extensibility and community Beats. The Beats platform enables rapid creation of custom Beats that can be run on a variety of edge technologies for data collection. Over 90 Beats have been shared by the community via Elastic documentation and many more are available through code sharing platforms such as GitHub.
•Host protection. Specifically with Elastic Agent, we extend protection to hosts in addition to data transfer. Elastic Agent stops malware and ransomware and enables environment-wide visibility and advanced threat detection.
Logstash enables centralized collection and extract, transformation, and load capabilities. Key features of Logstash include the following:
•Data transformation engine. Logstash is a centralized data transformation engine that can receive and pull data from multiple sources, transform and filter that data, and send it to multiple outputs. Logstash has a powerful and flexible configuration language that allows users to create data stream acquisition and transformation logic without having to write code. This greatly extends and accelerates the ability to create data management pipelines to a wide variety of organizations and individuals.
•Plugins. Logstash collects data from a variety of sources, such as network devices, queues, endpoints, and public cloud services. Logstash enriches the data via lookups against local data sources, such as a geolocation database, and remote data sources, such as relational databases. Logstash can output events to Elasticsearch or downstream queues and other datastores. We develop and support more than 80 plugins for many common integrations.
•Logstash extensibility and community plugins. A vibrant community of users extends our reach through hundreds of community Logstash plugins that enable integration with a wide variety of data sources across many use cases.
Technology Features of Our Solutions
Our solutions are designed to minimize time-to-value and deployment costs of using the Elastic Stack for common use cases. The functionality of our solutions often includes specialized data collection, through standardized APIs or custom agents, and custom user interfaces for specific data analytics, visualizations, workflows, and actions. Most of our solutions can be self-managed or accessed through Elastic Cloud.
Enterprise Search gives users the tools to bring search experiences to customers, partners and teams quickly and scale them seamlessly.
•Workplace Search. Workplace Search brings modern search to collaborative decisions and experiences. It seamlessly connects to some of the world’s most widely adopted productivity tools, customer relationship management platforms, cloud storage platforms, collaboration tools, operation management platforms, and content management systems. Custom sources provide an elegant set of APIs that lets customers and users ingest any type of content from even more sources while preserving access control information.
•App Search. App Search simplifies the process of building excellent customer-facing search experiences. App Search also provides much of the shared, foundational technology that gives the products in Enterprise Search power within an intuitive user experience. App Search brings the focused power of Elasticsearch to a refined set of APIs and intuitive dashboards, allowing users to leverage scalability, tunable relevance controls, thorough documentation, well-maintained clients, and robust analytics to build a leading search experience with ease.
•Site Search. Site Search provides the tools users need to build powerful website search easily. The maintenance-free crawler keeps content current, while intuitive customization features and robust analytics provide full control over search relevance. All these capabilities are backed at scale by Elasticsearch.
Observability combines analysis across the IT ecosystem of IT applications, networks, and infrastructure to deliver actionable insights into performance, availability, usability, adoption, and anomalous behavior.
•Logs. Logs indexes, searches, and analyzes structured and unstructured logs at large scale to monitor the health and performance of an organization’s services, infrastructure, and applications. Users can analyze and visualize information extracted from logs to understand system behavior and trends to optimize performance and preemptively address potential issues. By querying logs in ad hoc ways, users can triage, troubleshoot, and resolve performance issues.
•Metrics. Metrics ingests, searches, visualizes, and analyzes numeric and time series data from IT systems, including applications, datastores, hosts, containers, cloud infrastructure, and more. Users can review performance and utilization trends to optimize and plan for future needs. Metrics helps users deliver on infrastructure service level objectives (“SLOs”), and resolve downtime or performance issues by understanding how the state of individual components fits into the bigger picture.
•APM. APM delivers insight into application performance at the code level. Developers can instrument apps and see the lifecycle of a transaction across services from front end to back end. This can give developers confidence in the code they ship, and can give operational teams visibility into code-level errors and performance bottlenecks to accelerate root cause analysis and resolution during an investigation.
•Uptime. Customers and users leverage Uptime to track and monitor the availability of the hosts, websites, services, and application endpoints that support business operations. Through proactive monitoring, customers can detect troublesome components before they are reported by end users.
Security delivers unified protection to prevent, detect, and respond to a variety of threats across the IT ecosystem.
•SIEM. Elastic SIEM automates threat detection and remediation, reducing mean time to detect (“MTTD”) and mean time to respond (“MTTR”). With prebuilt Beats integrations, SIEM can ingest data from cloud, network, endpoints, applications, and other systems. With Elastic Common Schema (“ECS”), users can centrally analyze information like logs, flows, and contextual data from disparate data sources. SIEM provides an interactive workspace for security teams to detect and respond to threats. Teams can triage events and perform investigations, gathering evidence on an interactive timeline. SIEM also streamlines opening and updating cases, forwarding potential incidents to security operations workflows and IT ticketing systems.
•Endpoint Security. Endpoint Security combines prevention, detection, and response into a single, autonomous agent that can even run in isolated environments. It is designed for ease of use and for speed, and can help stop threats in early stages of an attack. Endpoint Security includes protection against ransomware, malware, phishing, exploits, fileless attacks, and more. When deployed together, SIEM and Endpoint Security provide a strong security posture with broad visibility on potential threats.
Elastic Cloud, Elastic Cloud Enterprise, and Elastic Cloud on Kubernetes
The Elastic Stack and our solutions can be deployed in public or private clouds, in hybrid environments, or in traditional on-premises environments. We divide our deployment models into two categories: self-managed, which refers to users deploying the Elastic Stack and solutions on infrastructure they manage themselves (such as their own data center or private or public cloud environments), and Elastic Cloud, which refers to our SaaS products that we host and manage. To help self-managed users with more complex deployment scenarios, we offer Elastic Cloud Enterprise and Elastic Cloud on Kubernetes.
•Elastic Cloud. Elastic Cloud is our growing family of SaaS products and technologies that make it easy to deploy, operate, and scale Elastic products and solutions in the cloud. Elastic Cloud products include Elasticsearch Service and Site Search Service and are offered by us on certain large cloud providers.
•Elastic Cloud Enterprise and Elastic Cloud on Kubernetes. As part of building our Elastic Cloud offering, we built a comprehensive orchestration and administration infrastructure tool to easily provision, monitor, manage, secure, upgrade and backup the thousands of clusters that comprise our Elastic Cloud products. We then packaged this infrastructure into a downloadable and easily installable proprietary product called Elastic Cloud Enterprise, which makes this tool available to customers to use with their own self-managed deployments. Elastic Cloud Enterprise enables our customers to provision, monitor, manage, secure, upgrade and backup any number of
clusters. It also helps our customers improve their hardware utilization and operational efficiency by allowing them to leverage shared hardware resources to manage multiple clusters, while still maintaining a strong level of isolation between those clusters. More recently, we also launched Elastic Cloud on Kubernetes, extending our cloud orchestration capabilities to Kubernetes environments via the official Elasticsearch operator for Kubernetes.
Our team extends beyond our employee base. It includes all the users who download our software. Our users interact with us on our website forums and on Twitter, GitHub, Stack Overflow, Quora, Facebook, Weibo, WeChat, and more.
In order to build products that best meet our users’ needs, we focus on, and invest in, building a strong community. Each download of the Elastic Stack is a new opportunity to educate our next contributor, hear about a new use case, explore the need for a new feature, or meet a future member of the team. Community is core to our identity, binding our products closely together with our users. Community gives us an ability to get their candid feedback, creating a direct line of communication between our users and the builders of our products across all of our features—including both free and paid capabilities—enabling us to make our products simpler and better.
The Elastic community has a Code of Conduct. It covers the behaviors of the Elastic community in any forum, mailing list, wiki, website, code repository, IRC channel, private correspondence, or public meeting. It is designed to ensure that the Elastic community is a space where members and users can freely and openly communicate, collaborate, and contribute both ideas and code. It also covers our community ground rules: be considerate, be patient, be respectful, be nice, communicate effectively, and ask for help when unsure.
Our market is highly competitive, rapidly evolving, fragmented, and subject to changing technology, shifting customer needs, and frequent introductions of new offerings. Our principal competitors include:
•For Enterprise Search (app search, site search, and workplace search): incumbent offerings such as Solr (open source offering), Lucidworks Fusion, search tools including Google Custom Search Engine (an advertisement-based site search tool with limited user controls), and workplace search tools including Coveo, Endeca (acquired by Oracle) and Autonomy (acquired by HP and now offered by Micro Focus).
•For Observability (logging, metrics, APM, and uptime monitoring): software vendors with specific observability solutions to analyze logging data, metrics, APM data, or infrastructure uptime, such as Splunk, New Relic, Dynatrace, AppDynamics (owned by Cisco Systems) and Datadog.
•For Security (SIEM and endpoint security): security analytics solutions vendors such as Splunk and Azure Sentinel (offered by Microsoft) and endpoint security vendors such as CrowdStrike, Carbon Black (acquired by VMware), McAfee and Symantec (acquired by Broadcom).
•Certain cloud hosting providers and managed service providers, including Amazon Web Services, that offer products based on older Elastic Stack releases. These offerings are not supported by Elastic and come without any of Elastic’s proprietary features, whether free or paid.
The principal competitive factors for companies in our industry are:
•product capabilities, including speed, scale, and relevance, with which to power search experiences;
•an extensible product “stack” that enables developers to build a wide variety of solutions;
•powerful and flexible technology that can manage a broad variety and large volume of data;
•ease of deployment and ease of use;
•ability to address a variety of evolving customer needs and use cases;
•strength of sales and marketing efforts;
•flexible deployment model across public or private clouds, hybrid environments, or traditional on-premises environments;
•productized solutions engineered to be rapidly adopted to address specific applications;
•mindshare with developers and IT executives;
•adoption of products by many types of users (developers, architects, DevOps personnel, IT professionals, security analysts, and departmental and organizational leaders);
•enterprise-grade technology that is secure and reliable;
•size of customer base and level of user adoption;
•quality of training, consulting, and customer support;
•brand awareness and reputation; and
•low total cost of ownership.
We believe that we compare favorably on the basis of the factors listed above. However, many of our competitors have substantially greater financial, technical and other resources, greater brand recognition, larger sales forces and marketing budgets, broader distribution networks and presence, more established relationships with current or potential customers and partners, more diverse product and services offerings and larger and more mature intellectual property portfolios. They may be able to leverage these resources to gain business in a manner that discourages customers from purchasing our offerings. Furthermore, we expect that our industry will continue to attract new companies, including smaller emerging companies, which could introduce new offerings. We may also expand into new markets and encounter additional competitors in such markets. While our products and solutions have various competitors across different use cases, such as app search, site search, workplace search, logging, metrics, APM, business analytics and security analytics, we believe that few competitors currently have the capabilities to address our entire range of use cases. We believe our industry requires constant change and innovation, and we plan to continue to evolve search as a foundational technology to solve the problems of today and new emerging problems in the future.
We rely on a combination of patents, patent applications, registered and unregistered trademarks, copyrights, trade secrets, license agreements, confidentiality procedures, non-disclosure agreements with third parties, and other contractual measures to safeguard our core technology and other intellectual property assets. In addition, we maintain a policy requiring our employees, contractors, and consultants to enter into disclosure and invention assignment agreements. As of April 30, 2021, we had 24 issued patents in the United States with expirations ranging from 2031 to 2039, 57 pending U.S. patent applications, and 17 pending non-U.S. patent filings. The pending patent applications, if issued, would expire between 2032 and 2041. In addition, as of April 30, 2021, we had 38 registered trademarks in the United States, 2 pending trademark applications in the United States, as well as 326 registered trademarks in various non-U.S. jurisdictions and no pending trademark applications in various non-U.S. jurisdictions.
The laws, procedures and restrictions on which we rely may provide only limited protection, and any of our intellectual property rights may be challenged, invalidated, circumvented, infringed or misappropriated. In addition, the laws of certain countries do not protect proprietary rights to the same extent as the laws of the United States or other jurisdictions, and we therefore may be unable to protect our proprietary technology in certain jurisdictions. For additional information, see the section titled “Risk Factors—Risks Related to the Business.”
In addition, our technology incorporates software components licensed to the general public under open source software licenses such as the Apache Software License Version 2.0. We obtain many components from software developed and released by contributors to independent open source components of our technology. Open source licenses grant licensees broad permissions to use, copy, modify and redistribute our platform. As a result, open source development and licensing practices can limit the value of our software copyright assets.
Human Capital Management
Our employees (whom we call “Elasticians”) and our culture are vital to Elastic’s long-term success. Our human capital management efforts are focused on:
•Attracting, engaging and retaining talent
•Maintaining our strong company culture
•Enhancing our diversity, equity and inclusion (“DEI”)
•Continuing strong employee engagement
•Facilitating continuous employee learning and development
•Offering effective total rewards, including employee well-being
Our management regularly updates our board of directors and its committees on human capital trends and employee-focused activities and initiatives.
As of April 30, 2021, we had a total of 2,179 employees in over 35 countries globally, including 946 employees located outside of the United States. In addition, approximately 30% of our workforce encompasses women and non-binary employees. None of our employees are represented by a labor union. In certain countries in which we operate, such as France and Spain, we are subject to, and comply with, local labor law requirements which may automatically make our employees subject to industry-wide collective bargaining agreements. We have not experienced any work stoppages.
We describe our culture by the Elastic “source code,” the things that make Elastic, Elastic. Our source code guides our culture, business, product development, people practices and brand. The guiding ideas are:
•Home, Dinner. There is no such thing as work-life balance. We are successful if we find balance in life. Elastic empowers its employees with the flexibility to do so. Be home for dinner, go for a run midday, care for a sick child, or visit a parent. Finding balance means being more innovative and efficient at work. Which makes for a better Elastic.
•Space, Time. It’s easy to get stuck in a day-to-day work pattern. Allowing for the space and time to dream requires conscious effort. Embracing a high failure rate does, too. Fulfillment comes from doing the obvious and dreaming up the un-obvious. Both are foundations of Elastic.
•IT, Depends. It’s pretty complicated to make some things simple, and even more complicated to make other things possible. We embrace and value the knowledge required to do both. When a question is asked, buckle up. Sh*t is about to get real. Your journey will likely start with “it depends.”
•Progress, SIMPLE Perfection. Perfection is not a destination. Color inside the lines or color outside the lines. Just pick a color. It’s as simple as 2048. An Elastic that moves is an Elastic that survives, thrives, and stands the test of time.
•01.02, /FORMAT. Our products are distributed by design, our company is distributed by intention. With many languages, perspectives, and cultures, it’s easy to lose something in translation. Over email and chat, doubly so. Until we get a perpetual empathy machine, don’t assume malice. A distributed Elastic makes for a diverse Elastic, which makes for a better Elastic.
•As YOU, Are. We all come in different shapes with different interests and skills. We all have an accent. Celebrate it. Just come as you are. No need to invest neurons trying to fit an arbitrary mold. We’d rather you put them to work shaping Elastic.
•HUMBLE, Ambitious. Ambition drives us to challenge ourselves and the people around us to do better. It is not an excuse to be an *sshole. Be humble. Be ambitious. At Elastic, we are both.
•Speed, SCALE, Relevance. Elastic is a search company. We focus on value to users by producing fast results that operate at scale and are relevant. This is our DNA. We believe search is an experience. It is what defines us, binds us, and makes us unique.
Elastic was born a distributed company and continues to be distributed by design. We have designed our processes, systems, and teams so that employees can generally perform their jobs without needing to be physically present in the same room or even in the same time zone. Just as distributed systems are more resilient, we believe that being distributed helps build a strong company that can scale and adapt as new challenges arise. Having a distributed workforce gives us a global candidate pool, which gives us the opportunity to cast a wider recruiting net, a critical aspect of helping open our pipelines to a broader set of diverse talent.
Diversity, Equity and Inclusion
Our focus on DEI is critical to how we develop, strengthen and sustain a sense of belonging and inclusion among all Elasticians.
Balanced Teams. We strive to be an employer of choice for a diverse and inclusive workforce through our talent brand, talent attraction, development, and retention efforts. Our recruiting approach is underpinned by the desire to create balanced teams at Elastic, which includes considering broad aspects of diversity from race and gender mix as well as diversity of thought, experience and tenure when recruiting new team members. In fiscal year 2021, the created-by-women-for-women workplace review site, Fairygodboss, recognized Elastic as number one in the Best Technology Company for Women category, and as one of the best workplaces for women in two additional categories: Best Company for Women, and Best Company Where CEOs Support Gender Diversity.
Elastician Resource Groups. We strive to embed DEI deep within our culture through various initiatives, projects and programs, the centerpiece of which is the Elastician Resource Groups (“ERGs”), which are organizationally sponsored, self-organized, Elastician-run groups. Aligned to specific shared identities, interests, affinity or allyship, such as Latinx, parent(s), disability or accessibility, Black, LGBTQ+ and others, each group identifies goals and objectives with executive sponsorship to ensure that they provide tangible benefits and result in all Elasticians feeling a sense of belonging.
Code of Conduct. All of our employees must adhere to a Code of Business Conduct and Ethics (the “Code of Conduct”) that sets standards for appropriate behavior and are required to complete annual training on the Code of Conduct and training to help prevent, identify and report any type of discrimination and harassment.
We are committed to ensuring that Elasticians have a voice in how we can collectively make Elastic a better place to work.
New Employee Onboarding. Our new employee onboarding experience is centered around attending “X-School”, our extensive new-hire orientation program, which enables new Elasticians to meet and collaborate with other new Elasticians from around the globe and to learn about our products and solutions.
Engagement Surveys. We maintain a regular pulse on how our employees are feeling through two primary feedback mechanisms – an annual employee engagement survey and a mid-year pulse survey check-in. The results of these surveys are reviewed at the company, functional, team and manager level, with action plans put in place annually. Elasticians were highly engaged in providing feedback in fiscal year 2021, with very high participation rates for the mid-year and annual surveys as well as high engagement scores across a spectrum of questions.
Learning and Development
Our Learning & Organizational Development team’s mission to enable Elasticians to pursue their purpose, in work and life, makes for a better Elastic. To that end, we have a variety of ways in which we support the continuous learning and development of all Elasticians, including access to on-demand video based learning.
We also conduct specific programs to develop managers and leaders at Elastic, including our flagship Leadership Performance Program, an externally-led program focused on high-performing leaders who have the potential to have a significant strategic impact on the achievement of our long-term objectives.
Compensation, Benefits and Well-being. We provide market competitive compensation which typically includes cash compensation as well as equity awards. Reflecting our interest in the whole person, we provide programs designed to enable Elasticians to meet their well-being goals, from starting a family to being at their physical and emotional best. These programs include market competitive medical and dental programs, in addition to focus on mental health and holistic well-being. We provide market competitive paid time off (“PTO”) programs, including offering 16 weeks of paid leave to all new parents. In addition, we also provide retirement and income protection plans, which include a 401k plan with a dollar-for-dollar match by Elastic up to 6% of eligible earnings up to a plan-limit maximum for U.S.-based Elasticians as well as similar competitive plans outside of the United States.
Fair Pay. We have fair and consistent compensation practices through our use of local third-party market data specific to each country, where available, so that we understand local compensation and cost of labor levels. We retain external experts to review our compensation outcomes on an ongoing basis to ensure they are bias-free and fairly reward employee performance and contributions. We take great pride in our focus on fair pay and the positive results we’ve established. Our external review continues to validate that we have gender-based pay parity between male and female Elasticians globally.
Community Involvement. Through Elastic Cares, employees can support the charitable organizations that matter the most to them on a local and global level. Elastic Cares is a program consisting of donation matching, our nonprofit organization program which provides our technology for free to certain nonprofit organizations, and our volunteer time off (“VTO”) initiative. Employees are encouraged to volunteer for these organizations throughout the year using our VTO program which provides our employees with 40 hours of volunteer time each year.
During the COVID-19 pandemic, our primary focus was and continues to be on the safety and well-being of our employees and their families. In the fourth quarter of fiscal 2020, we closed our offices globally and required our employees to
work remotely. Additionally, due to concerns over risks related to travel and large gatherings, we have replaced our in-person events, including our internal global all-hands, annual flagship conference and other in-person marketing events, with web-based virtual events. Given the significant personal and professional impact of the COVID-19 pandemic, we provided reimbursements for home office equipment and established specific learning opportunities for our employees that allowed teams to better connect to each other, including fun activities to help teams bond. To allow employees to deal with and alleviate the physical, mental, and emotional effects of the pandemic on themselves and loved ones, we offered two weeks of COVID leave and implemented company-wide days off called “Shut it Down Days” twice per month.
Our worldwide business activities are subject to various laws, rules, and regulations of the United States as well as of foreign governments. Compliance with these laws, rules, and regulations has not had, and is not expected to have, a material effect upon our capital expenditures, results of operations, or competitive position. Nevertheless, compliance with existing or future governmental regulations, including, but not limited to, those pertaining to global trade, business acquisitions, consumer and data protection, and taxes, could have a material impact on our business. Refer to Item 1A, “Risk Factors—Risks Related to Regulatory Matters” of this Annual Report on Form 10-K” for a discussion of these potential impacts.
We were incorporated in the Netherlands as a private company with limited liability (besloten vennootschap met beperkte aansprakelijkheid) on February 9, 2012 as SearchWorkings Global B.V. On June 19, 2012, we changed our name to elasticsearch global B.V., on December 11, 2013, we changed our name to Elasticsearch Global B.V., and on May 29, 2018, we changed our name to Elastic B.V. Immediately prior to the completion of our initial public offering (“IPO”) on October 10, 2018, we converted into a public company with limited liability (naamloze vennootschap) under Dutch law and changed our name to Elastic N.V. Our principal executive offices are located at 800 West El Camino Real, Suite 350, Mountain View, California 94040, and our telephone number is (650) 458-2620. We are registered with the trade register of the Dutch Chamber of Commerce under number 54655870. Our registered office is at Keizersgracht 281, 1016 ED Amsterdam, the Netherlands.
Our ordinary shares are listed on the New York Stock Exchange (“NYSE”) under the symbol “ESTC”.
Our website address is www.elastic.co. Information contained on, or that can be accessed through, our website does not constitute part of this Annual Report on Form 10-K and inclusions of our website address in this Annual Report on Form 10-K are inactive textual references only.
We announce material information to the public about us, our products and services and other matters through a variety of means, including filings with the U.S. Securities and Exchange Commission (“SEC”), press releases, public conference calls, our website (www.elastic.co), the investor relations section of our website (https://ir.elastic.co), our blog (www.elastic.co/blog), and/or social media, including our Twitter account (https://twitter.com/elastic), Facebook page (www.facebook.com/elastic.co), and/or LinkedIn account (www.linkedin.com/company/elastic-co), in order to achieve broad, non-exclusionary distribution of information to the public. We encourage investors and others to review the information it makes public in these locations, as such information could be deemed to be material information. Please note that this list may be updated from time to time.
Our Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, and amendments to reports filed pursuant to Sections 13(a) and 15(d) of the Exchange Act are filed with the SEC. We are subject to the informational requirements of the Exchange Act and file or furnish reports, proxy statements and other information with the SEC. Such reports and other information filed by us with the SEC are available free of charge on our website at www.elastic.co/ir when such reports are available on the SEC’s website. The SEC maintains an internet site that contains reports, proxy and information statements and other information regarding issuers that file electronically with the SEC at www.sec.gov.
Item 1A. Risk Factors.
A description of the risks and uncertainties associated with our business, industry and ownership of our ordinary shares is set forth below. You should carefully consider the following risks, together with all of the other information in this Annual Report on Form 10-K, including our consolidated financial statements and the related notes thereto, before making a decision to invest in our ordinary shares. The risks and uncertainties described below are not the only ones we face. Additional risks and uncertainties that we are unaware of, or that we currently believe are not material, may also become important
factors that affect us. If any of the following risks occur, our business, financial condition, operating results and prospects could be materially and adversely affected. In that event, the price of our ordinary shares could decline, and you could lose part or all of your investment. In addition, the impact of the COVID-19 pandemic and any worsening of the economic environment may exacerbate the risks described below, any of which could have a material impact on us. This situation is continuously changing and additional impacts may arise that we are not aware of currently.
Summary of Risk Factors
The following is a summary of the key risks and uncertainties associated with our business, industry and ownership of our ordinary shares. The below summary does not contain all of the information that may be important to you, and you should read this summary together with the more detailed description of each risk factor contained in the subheadings below.
•If we do not appropriately manage future growth or are unable to improve our systems and processes, our business and results of operations will be adversely affected.
•We have a history of losses and may not be able to achieve profitability on a consistent basis or at all or positive cash flows on a consistent basis.
•Our future growth, business and results of operations will be harmed if we are not able to keep pace with technological and competitive developments, increase sales of our subscriptions to new and existing customers, renew existing customers’ subscriptions, increase adoption of our SaaS offerings, respond effectively to evolving markets or offer high quality support services.
•The ongoing COVID-19 pandemic could harm our business and results of operations.
•Our operating results may fluctuate from quarter to quarter.
•Our decision to no longer offer Elasticsearch and Kibana under an open source license may harm the adoption of Elasticsearch and Kibana.
•We could be negatively impacted if the Elastic License or the Server Side Public License under which some of our software is licensed are not enforceable.
•Because of the permissive rights accorded to third parties under our open source and source available licenses, there are limited technological barriers to entry into the markets in which we compete.
•We may not be able to effectively develop and expand our sales and marketing capabilities.
•Because we recognize a significant portion of the revenue from subscriptions over the term of the relevant subscription period, downturns or upturns in sales are not immediately reflected in full in our results of operations.
•A real or perceived defect, security vulnerability, error, or performance failure in our software could cause us to lose revenue, damage our reputation, and expose us to liability.
•Incorrect implementation or use of our software could negatively affect our business, operations, financial results, and growth prospects.
•Third parties may offer inadequate or defective implementations of software that we have previously made available under an open source license and our reputation could be harmed.
•Breaches of security measures or unauthorized access to private or proprietary data may result in our software being perceived as not secure, customers reducing or stopping usage of our products, and we may incur significant liabilities.
•Interruptions or performance problems, and our reliance on technologies from third parties may adversely affect our business operations and financial results.
•If our channel partners fail to perform or we are unable to maintain successful relationships with them or our other partners, our ability to market, sell and distribute our solution will be more limited, and our results of operations could be harmed.
•Failure to protect our proprietary technology and intellectual property rights could substantially harm our business and results of operations.
•We could incur substantial costs as a result of any claim of infringement, misappropriation or violation of another party’s intellectual property rights, including as a result of the indemnity provisions in various agreements.
•Our use of third-party open source software within our products could negatively affect our ability to sell our products and subject us to possible litigation.
•One of our marketing strategies is to offer some of our product features for free and to provide free trials to some of our paid features, and we may not be able to realize the benefits of this strategy.
•Our international business exposes us to several risks, and if we are not successful in sustaining and expanding our international business, we may incur additional losses and our revenue growth could be harmed.
•A portion of our revenue is generated by sales to government entities, which are subject to a number of challenges and risks.
•Our business is subject to a variety of government and industry regulations, as well as other obligations, related to privacy, data protection and information security and compliance with anti-bribery, anti-corruption, and anti-money laundering laws.
•The market price for our ordinary shares has been and is likely to continue to be volatile.
•The concentration of our share ownership with insiders will likely limit your ability to influence corporate matters.
•Dutch law and our articles of association include certain anti-takeover provisions.
•If industry or financial analysts do not publish research or reports about our business, or if they issue inaccurate or unfavorable research regarding our ordinary shares, our share price and trading volume could decline.
•Claims of U.S. civil liabilities may not be enforceable against us.
•We may fail to maintain an effective system of disclosure controls and internal control over financial reporting.
Risks Related to our Business and Industry
Our business and operations have experienced rapid growth, and if we do not appropriately manage future growth, if any, or are unable to improve our systems and processes, our business, financial condition, results of operations, and prospects will be adversely affected.
We have experienced rapid growth and increased demand for our offerings. Our employee headcount and number of customers have increased significantly. For example, our total number of customers has grown from over 2,800 as of April 30, 2017 to over 15,000 as of April 30, 2021. Further, our employee headcount is growing as we modify our pace of hiring in light of our growth plans. The growth and expansion of our business and offerings places a continuous and significant strain on our management, operational, and financial resources. In addition, as customers adopt our technology for an increasing number of use cases, we have had to support more complex commercial relationships. We may not be able to hire, train and retain enough qualified employees, and we may not be able to hire and train new employees fast enough, to maintain our growth plans. We must continue to improve and expand our information technology and financial infrastructure, our operating and administrative systems, our relationships with various partners and other third parties, and our ability to manage headcount and processes in an efficient manner to manage our growth to date and any future growth effectively.
We may not be able to sustain the diversity and pace of improvements to our offerings successfully or implement systems, processes, and controls in an efficient or timely manner or in a manner that does not negatively affect our results of operations. Our failure to improve our systems, processes, and controls, or their failure to operate in the intended manner, may result in our inability to manage the growth of our business and to forecast our revenue, expenses, and earnings accurately, or to prevent losses.
As we expand our business and operate as a public company, we may find it difficult to maintain our corporate culture while managing our employee growth. Any failure to manage our anticipated growth and related organizational changes in a manner that preserves our culture could negatively impact future growth and achievement of our business objectives. Additionally, our productivity and the quality of our offerings may be adversely affected if we do not integrate and train our new employees quickly and effectively. Failure to manage any future growth effectively could result in increased costs, negatively affect our customers’ satisfaction with our offerings, and harm our results of operations.
We have a history of losses and may not be able to achieve profitability on a consistent basis or at all, and may not be able to achieve positive cash flows on a consistent basis. As a result, our business, financial condition, and results of operations may suffer.
We have incurred losses in all years since our incorporation. We incurred a net loss of $129.4 million, $167.2 million and, $102.3 million in the years ended April 30, 2021, 2020 and 2019, respectively. As a result, we had an accumulated deficit of $613.3 million as of April 30, 2021. We anticipate that our operating expenses will increase substantially in the foreseeable future as we continue to enhance our offerings, broaden our customer base and pursue larger transactions, expand our sales and marketing activities, expand our operations, hire additional employees, and continue to develop our technology. These efforts
may prove more expensive than we currently anticipate, and we may not succeed in increasing our revenue sufficiently, or at all, to offset these higher expenses. Revenue growth may slow or revenue may decline for a number of possible reasons, including slowing demand for our offerings, increasing competition, or economic downturns, including as a result of the COVID-19 pandemic. You should not consider our revenue growth in recent periods as indicative of our future performance. Any failure to increase our revenue or grow our business could prevent us from achieving profitability at all or on a consistent basis, which would cause our business, financial condition, and results of operations to suffer. Additionally, although we generated positive cash flow in fiscal 2021, any failure to grow our business could prevent us from achieving positive cash flow on a consistent basis, which would cause our business, financial condition, and results of operations to suffer.
We may not be able to compete successfully against current and future competitors.
The market for our products is highly competitive, quickly evolving, and subject to rapid changes in technology. We believe that our ability to compete depends upon many factors both within and beyond our control, including the following:
•product capabilities, including speed, scale, and relevance, with which to power search experiences;
•an extensible product “stack” that enables developers to build a wide variety of solutions;
•powerful and flexible technology that can manage a broad variety and large volume of data;
•ease of deployment and ease of use;
•ability to address a variety of evolving customer needs and use cases;
•strength and execution of sales and marketing strategies;
•flexible deployment model across public or private clouds, hybrid environments, or traditional on-premises environments;
•productized solutions engineered to be rapidly adopted to address specific applications;
•mindshare with developers and IT executives;
•adoption of products by many types of users and decision makers (developers, architects, DevOps personnel, IT professionals, security analysts, and departmental and organizational leaders);
•enterprise-grade technology that is secure and reliable;
•size of customer base and level of user adoption;
•quality of training, consulting, and customer support;
•brand awareness and reputation; and
•low total cost of ownership.
We face competition from both established and emerging competitors. Our current primary competitors generally fall into the following categories:
•For Enterprise Search (app search, site search, and workplace search): incumbent offerings such as Solr (open source offering), Lucidworks Fusion, search tools including Google Custom Search Engine (an advertisement-based site search tool with limited user controls), and workplace search tools including Coveo, Endeca (owned by Oracle) and Autonomy (owned by Micro Focus).
•For Observability (logging, metrics, APM, and uptime monitoring): software vendors with specific observability solutions to analyze logging data, metrics, APM data, or infrastructure uptime, such as Splunk, New Relic, Dynatrace, AppDynamics (owned by Cisco Systems) and Datadog.
•For Security (SIEM and endpoint security): security analytics solutions vendors such as Splunk and Azure Sentinel (by Microsoft) and endpoint security vendors such as CrowdStrike, Carbon Black (owned by VMware), McAfee and Symantec (owned by Broadcom).
•Certain cloud hosting providers and managed service providers, including Amazon Web Services, that offer products based on older Elastic Stack releases. These offerings are not supported by Elastic and come without any of Elastic’s proprietary features, whether free or paid.
Some of our current and potential competitors have longer operating histories, significantly greater financial, technical, marketing and other resources, stronger brand recognition, broader global distribution and presence, more established relationships with current or potential customers and partners, and larger customer bases than we do. These factors may allow our competitors to respond more quickly than we can to new or emerging technologies and changes in customer preferences.
These competitors may engage in more extensive research and development efforts, undertake more far-reaching and successful sales and marketing campaigns, have more experienced sales professionals, execute more successfully on their go-to-market strategy and have greater access to more markets and decision makers, and adopt more aggressive pricing policies which may allow them to build larger customer bases than we have. New start-up companies that innovate and large competitors that are making significant investments in research and development may develop similar offerings that compete with our offerings or that achieve greater market acceptance than our offerings. This could attract customers away from our offerings and reduce our market share. If we are unable to anticipate or react to these competitive challenges, our competitive position would weaken, which would adversely affect our business and results of operations.
Our limited operating history makes it difficult to evaluate our current business and prospects and may increase the risks associated with your investment.
We were founded in 2012. Our limited operating history makes it difficult to evaluate our current business and our future prospects, including our ability to plan for and model future growth. We have encountered and will continue to encounter risks and difficulties frequently experienced by rapidly growing companies in constantly evolving industries, including the risks described in this Annual Report on Form 10-K. If we do not address these risks successfully, our business and results of operations will be adversely affected, and the market price of our ordinary shares could decline.
Further, we have limited historical financial data, and we operate in a rapidly evolving market. As such, any predictions about our future revenue and expenses may not be as accurate as they would be if we had a longer operating history or operated in a more predictable market.
If we are not able to keep pace with technological and competitive developments, our business will be harmed.
The market for search technologies, including enterprise search, observability and security, is subject to rapid technological change, evolving industry standards, and changing regulations, as well as changing customer needs, requirements and preferences. Our success depends upon our ability to enhance existing products, expand the use cases of our products, anticipate and respond to changing customer needs, requirements and preferences, and develop and introduce in a timely manner new offerings that keep pace with technological and competitive developments. We have in the past experienced delays in releasing new products, deployment options and product enhancements and may experience similar delays in the future. As a result, in the past, some of our customers deferred purchasing our products until the next upgrade was released. Future delays or problems in the installation or implementation of our new releases may cause customers to forgo purchases of our products and purchase those of our competitors instead.
Additionally, the success of new product introductions depends on a number of factors including, but not limited to, timely and successful product development, market acceptance, our ability to manage the risks associated with new product releases, the availability of software components for new products, the effective management of development and other spending in connection with anticipated demand for new products, the availability of newly developed products, and the risk that new products may have bugs, errors, or other defects or deficiencies in the early stages of introduction. We have in the past experienced bugs, errors, or other defects or deficiencies in new products and product updates and may have similar experiences in the future. Furthermore, our ability to increase the usage of our products depends, in part, on the development of new use cases for our products, which is typically driven by our developer community and may be outside of our control. We also have invested, and may continue to invest, in the acquisition of complementary businesses, technologies, services, products and other assets that expand the products that we can offer our customers, such as our acquisition of Endgame in October 2019. We may make these investments without being certain that they will result in products or enhancements that will be accepted by existing or prospective customers. Additionally, even if we are able to develop new products and product enhancements, we cannot ensure that they will achieve market acceptance. If we are unable to successfully enhance our existing products to meet evolving customer requirements, increase adoption and usage of our products, develop new products, or if our efforts to increase the usage of our products are more expensive than we expect, then our business, results of operations and financial condition would be adversely affected.
The markets for some of our products are evolving, and our future success depends on the growth and expansion of these markets and our ability to adapt and respond effectively to evolving markets.
The markets for certain of our products, such as our Enterprise Search, Observability and Security solutions, are evolving and our products are relatively new in these markets. Accordingly, it is difficult to predict continued customer adoption and renewals for these products, customers’ demand for these products, the size, growth rate, expansion, and longevity of these markets, the entry of competitive products, or the success of existing competitive products. Our ability to penetrate these evolving markets depends on a number of factors, including the cost, performance, and perceived value associated with our products. If these markets do not continue to grow as expected, or if we are unable to anticipate or react to changes in these markets, our competitive position would weaken, which would adversely affect our business and results of operations.
The ongoing COVID-19 pandemic could harm our business and results of operations.
The ongoing COVID-19 pandemic and efforts to control its spread have significantly curtailed the movement of people, goods and services worldwide, including in most or all of the regions in which we sell our products and services and conduct our business operations, negatively impacting worldwide economic activity. We have taken precautionary measures intended to help minimize the risk of the virus to our employees, our customers, and the communities in which we operate. The continued spread of the COVID-19 pandemic and the resurgence of infection rates in certain regions has caused us to continue to modify our business practices (including suspending employee travel, adapting employee work locations, and holding events and trainings virtually), and we may take further actions as may be required by government authorities or that we determine are in the best interests of our employees, customers, and business partners. There is no certainty that such measures will be sufficient to mitigate the risks posed by the virus or otherwise be satisfactory to government authorities. The full extent to which COVID-19 and our precautionary measures may continue to impact our business will depend on future developments, which continue to be highly uncertain and cannot be predicted at this time, including but not limited to, the duration and geographic spread of the pandemic, its severity, the actions to contain the virus or treat its impact, future spikes of COVID-19 infections resulting in additional preventative measures to contain or mitigate the spread of the virus, the effectiveness, distribution and acceptance of COVID-19 vaccines, including the vaccines’ efficacy against emerging COVID-19 variants, and how quickly and to what extent normal economic and operating conditions can resume. It has been and, until the COVID-19 pandemic is contained and global economic activity stabilizes, will continue to be more difficult for us to forecast our operating results. The magnitude and duration of the disruption and resulting decline in business activity remains uncertain and could negatively impact our sales and marketing efforts, our ability to enter into customer contracts in a timely manner, our international expansion efforts, our ability to deliver professional services, our ability to recruit employees across the organization which, in turn, could have longer term effects on our sales pipeline, or create operational or other challenges, any of which could harm our business. Additionally, as we begin to re-open certain of our offices where local authorities have indicated it is safe to do so, our efforts to re-open them safely may not be successful, could expose our personnel to health risks and could involve additional costs that may adversely affect our business.
In addition, the COVID-19 pandemic has disrupted, and may continue to disrupt, the operations of our customers, vendors, channel partners and government entities for an indefinite period of time, including as a result of travel restrictions and/or business shutdowns, all of which could negatively impact our business and results of operations, including cash flows. Further, the impact of the COVID-19 pandemic has varied significantly across different industries with certain industries experiencing increased demand for their products and services as the needs of the economy shift, while others have struggled to maintain demand for their products and services consistent with historical levels. Because we have a limited history in understanding these impacts, our ability to adapt our sales and marketing initiatives to such changes may be uncertain and our ability to forecast rates of customer retention and expansion may be negatively impacted.
Even after the COVID-19 pandemic has subsided, we may continue to experience materially adverse impacts to our business as a result of its global economic impact, including any recession, economic downturn, or increased unemployment that has occurred or may occur in the future. There has been increased scrutiny of business (including technology) spending by our customers and prospective customers, particularly in industries most impacted by the COVID-19 pandemic, longer sales cycles, as well as reduced demand for our solutions, customers failing to pay us under the terms of our agreements, increased cyber threats, lower renewal rates by our customers and increased competition, all of which could result in a material adverse impact on our business operations and financial condition. For instance, our Net Expansion Rate declined to below 130% at the end of fiscal 2021 as a result of the COVID-19 pandemic, which caused customers to expand their spending with us at a slower rate than before the COVID-19 pandemic.
While we have developed and continue to develop plans intended to help mitigate the negative impacts of the pandemic on our business, these efforts may not be effective and a protracted economic downturn may limit the effectiveness of our mitigation efforts.
Our operating results are likely to fluctuate from quarter to quarter, and our financial results in any one quarter should not be relied upon as indicative of future performance.
Our results of operations, including our revenue, cost of revenue, gross margin, operating expenses, cash flow and deferred revenue, have fluctuated from quarter-to-quarter in the past and may continue to vary significantly in the future so that period-to-period comparisons of our results of operations may not be meaningful. Accordingly, our financial results in any one quarter should not be relied upon as indicative of future performance. Our quarterly financial results may fluctuate as a result of a variety of factors, many of which are outside of our control, may be difficult to predict, and may or may not fully reflect the underlying performance of our business. Factors that may cause fluctuations in our quarterly financial results include:
•our ability to attract new and retain existing customers;
•the loss of existing customers;
•customer renewal rates;
•our ability to successfully expand our business in the U.S. and internationally;
•our ability to foster an ecosystem of developers and users to expand the use cases of our products;
•our ability to gain new partners and retain existing partners;
•fluctuations in the growth rate of the overall market that our products address;
•fluctuations in the mix of our revenue, which may impact our gross margins and operating income;
•the amount and timing of operating expenses related to the maintenance and expansion of our business and operations, including investments in sales and marketing, research and development and general and administrative resources;
•network outages or performance degradation of Elastic Cloud;
•actual or perceived breaches of, or failures relating to, privacy, data protection or information security;
•additions or departures of key personnel;
•the impact of catastrophic events, man-made problems such as terrorism, natural disasters and public health epidemics and pandemics;
•general political, economic, industry and market conditions, including developments resulting from the change of administration in the United States;
•increases or decreases in the number of elements of our subscriptions or pricing changes upon any renewals of customer agreements;
•changes in our pricing policies or those of our competitors;
•the budgeting cycles and purchasing practices of customers;
•decisions by potential customers to purchase alternative solutions;
•decisions by potential customers to develop in-house solutions as alternatives to our products;
•insolvency or credit difficulties confronting our customers, which could adversely affect their ability to purchase or pay for our offerings;
•our ability to collect timely on invoices or receivables;
•delays in our ability to fulfill our customers’ orders;
•the cost and potential outcomes of future litigation or other disputes;
•future accounting pronouncements or changes in our accounting policies;
•our overall effective tax rate, including impacts caused by any reorganization in our corporate tax structure and any new legislation or regulatory developments;
•fluctuations in stock-based compensation expense;
•fluctuations in foreign currency exchange rates;
•the timing and success of new offerings introduced by us or our competitors or any other change in the competitive dynamics of our industry, including consolidation among competitors, customers or partners;
•the timing of expenses related to the development or acquisition of technologies or businesses and potential future charges for impairment of goodwill from acquired companies; and
•other risk factors described in this Annual Report on Form 10-K.
The impact of one or more of the foregoing or other factors may cause our operating results to vary significantly. For example, the full impact of the COVID-19 pandemic is unknown and continues to evolve rapidly, and could result in material adverse changes in our results of operations for an unknown period of time as the virus and its related political, social and economic impacts spread. Such fluctuations could cause us to fail to meet the expectations of investors or securities analysts, which could cause the trading price of our ordinary shares to fall substantially, and we could face costly lawsuits, including securities class action suits, which could have an adverse effect on our business.
If we are unable to increase sales of our subscriptions to new customers, sell additional subscriptions to our existing customers, or expand the value of our existing customers’ subscriptions, our future revenue and results of operations will be harmed.
We offer certain features of our products with no payment required. Customers purchase subscriptions in order to gain access to additional functionality and support. Our future success depends on our ability to sell our subscriptions to new customers, including to large enterprises, and to expand the deployment of our offerings with existing customers by selling paid subscriptions to our existing users and expanding the value and number of existing customers’ subscriptions. Our ability to sell new subscriptions depends on a number of factors, including the prices of our offerings, the prices of products offered by our competitors, and the budgets of our customers. We also face difficulty in displacing the products of incumbent competitors. In addition, a significant aspect of our sales and marketing focus is to expand deployments within existing customers. The rate at which our existing customers purchase additional subscriptions and expand the value of existing subscriptions depends on a number of factors, including customers’ level of satisfaction with our offerings, the nature and size of the deployments, the desire to address additional use cases, and the perceived need for additional features, as well as general economic conditions. If our existing customers do not purchase additional subscriptions or expand the value of their subscriptions, our Net Expansion Rate may decline. We rely in large part on our customers to identify new use cases for our products in order to expand such deployments and grow our business. If our customers do not recognize the potential of our offerings, our business would be materially and adversely affected. If our efforts to sell subscriptions to new customers and to expand deployments at existing customers are not successful, our total revenue and revenue growth rate may decline and our business will suffer.
If our existing customers do not renew their subscriptions, it could have an adverse effect on our business and results of operations.
We expect to derive a significant portion of our revenue from renewals of existing subscriptions. Our customers have no contractual obligation to renew their subscriptions after the completion of their subscription term. Our subscriptions for self-managed deployments typically range from one to three years, while many of our Elastic Cloud customers purchase subscriptions either on a month-to-month basis or on a committed contract of at least one year in duration.
Our customers’ renewal rates may decline or fluctuate as a result of a number of factors, including their satisfaction with our products and our customer support, our products’ ability to integrate with new and changing technologies, the frequency and severity of product outages, our product uptime or latency, and the pricing of our, or competing, products. If our customers renew their subscriptions, they may renew for shorter subscription terms or on other terms that are less economically beneficial to us. We may not accurately predict future renewal trends. If our existing customers do not renew their subscriptions, or renew on less favorable terms, our revenue may grow more slowly than expected or decline.
Our decision to no longer offer Elasticsearch and Kibana under an open source license may harm the adoption of Elasticsearch and Kibana.
In February 2021, with the release of version 7.11 of the Elastic Stack, we changed the source code of Elasticsearch and Kibana that had historically been licensed under Apache 2.0, to be dual licensed under the Elastic License 2.0 (“ELv2”) and the Server Side Public License Version 1.0 (“SSPL”), at the user’s election. Neither the Elastic License nor the SSPL has been approved by the Open Source Initiative or is included in the Free Software Foundation’s list of free software licenses. Further, neither has been interpreted by any court. While the vast majority of downloads of Elasticsearch and Kibana from mid-2018 through early 2021 were licensed under the Elastic License, the removal of the Apache 2.0 alternative could negatively impact certain developers for whom the availability of an open source license was important. In addition, some developers and the companies for whom they work may be hesitant to download or upgrade to new versions of Elasticsearch or Kibana under the Elastic License or SSPL because of uncertainty around how these licenses may be interpreted and enforced. Other developers, including competitors of Elastic such as Amazon, have announced that they have “forked” Elasticsearch and Kibana. In doing so, they will develop a new product based on the software, which they claim will continue to be licensed under Apache 2.0. The combination of uncertainty around our dual license model and the potential competition from the forked versions of our software may negatively impact adoption of Elasticsearch and Kibana, which in turn could lead to reduced brand and product awareness, ultimately leading to a decline in paying customers, which could harm our ability to grow our business or achieve profitability.
We could be negatively impacted if the Elastic License or SSPL under which some of our software is licensed are not enforceable.
We make the source code of our products available under Apache 2.0, the Elastic License, or dual licensed under the Elastic License and SSPL, depending on the product and version. Apache 2.0 is a permissive open source license that allows licensees to freely copy, modify and distribute Apache 2.0-licensed software provided that they meet certain conditions. The Elastic License is our proprietary source available license. The Elastic License permits licensees to use, copy, modify and
distribute the licensed software provided that they do not offer access to the software as a cloud service, interfere with the license key or remove proprietary notices. SSPL is a source available license that is based on the GNU Affero General Public License (“AGPL”) open source license and permits licensees to copy, modify and distribute SSPL-licensed software, but expressly requires licensees that offer the SSPL-licensed software as a third-party service to open source all of the software that they use to offer such service. We rely upon the enforceability of the restrictions set forth in the Elastic License and SSPL to protect our proprietary interests. It is possible that a court could hold that the Elastic License or SSPL are unenforceable. If a court held that the Elastic License or SSPL or certain aspects of these licenses are unenforceable, others may be able to use our software to compete with us in the marketplace in a manner not subject to the restrictions set forth in the Elastic License or SSPL.
Because of the permissive rights accorded to third parties under our open source and source available licenses, there are limited technological barriers to entry into the markets in which we compete and it may be relatively easy for competitors, some of whom may have greater resources than we have, to enter our markets and compete with us.
Anyone may obtain access to source code for the features of our software that we have licensed under open source or source available licenses. Depending on the product and version of the Elastic software, this source code is either available under Apache 2.0, SSPL, or the Elastic License. Each of these licenses allow anyone, subject to compliance with the conditions of the applicable license, to redistribute our software in modified or unmodified form and use it to compete in our markets. Such competition can develop without the degree of overhead and lead time required by traditional proprietary software companies, due to the rights granted to licensees of open source and source available software. It is possible for competitors to develop their own software, including software based on our products, potentially reducing the demand for our products and putting pricing pressure on our subscriptions. For example, Amazon offers some of the features that we had previously made available under an open source license as part of its Amazon Web Services offering. As such, Amazon competes with us for potential customers, and while Amazon cannot provide our proprietary software, Amazon’s offerings may reduce the demand for our offerings and the pricing of Amazon’s offerings may limit our ability to adjust the price of our products. We cannot guarantee that we will be able to compete successfully against current and future competitors or that competitive pressure or the availability of new software will not result in price reductions, reduced operating margins and loss of market share, any one of which could harm our business, financial condition, results of operations and cash flows.
Our ability to grow our business will depend, in part, on the expansion and adoption of our SaaS offerings.
We believe our future success will depend, in part, on the growth in the adoption of Elastic Cloud, our family of SaaS products. We have and will continue to incur substantial costs to develop, sell and support our Elastic Cloud offerings. We believe that we must offer a family of SaaS products to address the market segment that prefers a cloud-based solution to a self-managed solution and that there will be increasing demand for cloud-based offerings of our products. In the years ended April 30, 2021, 2020 and 2019, Elastic Cloud contributed 27%, 22% and 17% of our total revenue, respectively. However, as the use of cloud-based computing solutions is rapidly evolving, it is difficult to predict the potential growth, if any, of general market adoption, customer adoption and retention rates of our cloud-based offerings. There could be decreased demand for our cloud-based offerings due to reasons within or outside of our control, including, among other things, lack of customer acceptance, technological challenges with bringing cloud offerings to market and maintaining those offerings, security or privacy concerns, our inability to properly manage and support our cloud-based offerings, competing technologies and products, weakening economic conditions, and decreases in corporate spending. For example, Amazon Web Services offers SaaS products based on older Elastic Stack releases. As such, Amazon competes with us for potential customers, and while Amazon cannot provide our proprietary software, Amazon's offerings may reduce the demand for our offerings and the pricing of Amazon's offerings may limit our ability to adjust the price of our products. If we are not able to develop, market or deliver cloud-based offerings that satisfy customer requirements technically or commercially, or if our investments in cloud-based offerings do not yield the expected return, or if we are unable to decrease the cost of providing our cloud-based offerings, our business, competitive position, financial condition and results of operations may be harmed.
If we do not effectively develop and expand our sales and marketing capabilities, including expanding and training our sales force, we may be unable to add new customers, increase sales to existing customers or expand the value of our existing customers’ subscriptions and our business will be adversely affected.
We dedicate significant resources to sales and marketing initiatives, which require us to invest significant financial and other resources, including in markets in which we have limited or no experience. Our business and results of operations will be harmed if our sales and marketing efforts do not generate significant revenue increases or increases that are smaller than anticipated.
We may not achieve revenue growth from expanding our sales force if we are unable to hire, train, and retain talented and effective sales personnel. We depend on our sales force to obtain new customers and to drive additional sales to existing customers. We believe that there is significant competition for sales personnel, including sales representatives, sales managers,
and sales engineers, with the requisite skills and technical knowledge. Our ability to achieve significant revenue growth will depend, in large part, on our success in recruiting, training and retaining sufficient sales personnel to support our growth, and as we introduce new products, solutions and marketing strategies, we may need to re-train existing sales personnel. New hires require significant training and may take significant time before they achieve full productivity. Our recent hires and planned hires may not become productive as quickly as we expect, and we may be unable to hire or retain sufficient numbers of qualified individuals in the markets where we do business or plan to do business. In addition, particularly as we continue to grow rapidly, a large percentage of our sales force will have relatively little experience working with us, our subscriptions, and our business model. If we are unable to hire and train sufficient numbers of effective sales personnel, our new and existing sales personnel are unable to achieve desired productivity levels in a reasonable period of time, our sales personnel are not successful in obtaining new customers or increasing sales to our existing customer base, or our sales and marketing programs are not effective, our growth and results of operations could be negatively impacted and our business will be harmed.
Our ability to increase sales of our offerings is highly dependent on the quality of our customer support, and our failure to offer high quality support would have an adverse effect on our business, reputation and results of operations.
After our products are deployed within our customers’ IT environments, our customers depend on our technical support services to resolve issues relating to our products. If we do not succeed in helping our customers quickly resolve post-deployment issues or provide effective ongoing support and education on our products, our ability to sell additional subscriptions to existing customers or expand the value of existing customers’ subscriptions would be adversely affected and our reputation with potential customers could be damaged. Many larger enterprise and government entity customers have more complex IT environments and require higher levels of support than smaller customers. If we fail to meet the requirements of these enterprise customers, it may be more difficult to grow sales with them.
Additionally, it can take several months to recruit, hire, and train qualified technical support employees. We may not be able to hire such resources fast enough to keep up with demand, particularly if the sales of our offerings exceed our internal forecasts. Due to the ongoing uncertainty related to the COVID-19 pandemic, there may also be more competition for qualified employees and delays in hiring, onboarding and training new employees. To the extent that we are unsuccessful in hiring, training, and retaining adequate support resources, our ability to provide adequate and timely support to our customers, and our customers’ satisfaction with our offerings, will be adversely affected. Our failure to provide and maintain, or a market perception that we do not provide or maintain, high-quality support services would have an adverse effect on our business, financial condition, and results of operations.
We rely significantly on revenue from subscriptions and, because we recognize a significant portion of the revenue from subscriptions over the term of the relevant subscription period, downturns or upturns in sales are not immediately reflected in full in our results of operations.
Subscription revenue accounts for the substantial majority of our revenue, comprising 93%, 92% and 91% of total revenue in the years ended April 30, 2021, 2020 and 2019, respectively. We recognize a significant portion of our subscription revenue monthly over the term of the relevant time period. As a result, much of the subscription revenue we report each fiscal quarter is the recognition of deferred revenue from subscription contracts entered into during previous fiscal quarters. Consequently, a decline in new or renewed subscriptions in any one fiscal quarter will not be fully or immediately reflected in revenue in that fiscal quarter and will negatively affect our revenue in future fiscal quarters. Accordingly, the effect of significant downturns in new or renewed sales of our subscriptions is not reflected in full in our results of operations until future periods.
A real or perceived defect, security vulnerability, error, or performance failure in our software could cause us to lose revenue, damage our reputation, and expose us to liability.
Our products are inherently complex and, despite extensive testing and quality control, have in the past and may in the future contain defects or errors, especially when first introduced, or otherwise not perform as contemplated. These defects, security vulnerabilities, errors or performance failures could cause damage to our reputation, loss of customers or revenue, product returns, order cancellations, service terminations, or lack of market acceptance of our software. As the use of our products, including products that were recently acquired or developed, expands to more sensitive, secure, or mission critical uses by our customers, we may be subject to increased scrutiny, potential reputational risk, or potential liability should our software fail to perform as contemplated in such deployments. We have in the past and may in the future need to issue corrective releases of our software to fix these defects, errors or performance failures, which could require us to allocate significant research and development and customer support resources to address these problems.
Any limitation of liability provisions that may be contained in our customer and partner agreements may not be effective as a result of existing or future applicable law or unfavorable judicial decisions. The sale and support of our products
entail the risk of liability claims, which could be substantial in light of the use of our products in enterprise-wide environments. In addition, our insurance against this liability may not be adequate to cover a potential claim.
Incorrect implementation or use of, or our customers’ failure to update, our software could result in customer dissatisfaction and negatively affect our business, operations, financial results, and growth prospects.
Our products are often operated in large scale, complex IT environments. Our customers and some partners require training and experience in the proper use of and the benefits that can be derived from our products to maximize their potential. If our products are not implemented, configured, updated or used correctly or as intended, or in a timely manner, inadequate performance, errors, loss of data, corruptions and/or security vulnerabilities may result. For example, there have been and may in the future continue to be, reports of our customers not properly securing implementations of our products, which can result in unprotected data. Because our customers rely on our software to manage a wide range of operations, the incorrect implementation, use of, or our customers’ failure to update, our software or our failure to train customers on how to use our software productively may result in customer dissatisfaction, negative publicity and may adversely affect our reputation and brand. Failure by us to effectively provide training and implementation services to our customers could result in lost opportunities for follow-on sales to these customers and decrease subscriptions by new customers, and adversely affect our business and growth prospects.
If third parties offer inadequate or defective implementations of software that we have previously made available under an open source license, our reputation could be harmed.
Certain cloud hosting providers and managed service providers, including Amazon Web Services, offer SaaS products based on older Elastic Stack releases, using the names of our products in marketing such offerings. These offerings are not supported by us and come without any of our proprietary features. We do not control how these third parties may use or offer our open source technology. These third parties could inadequately or incorrectly implement our open source technology, or fail to update such technology in light of changing technological or security requirements, which could result in real or perceived defects, security vulnerabilities, errors, or performance failures with respect to their offerings. Users, customers, and potential customers could confuse these third-party products with our products, and attribute such defects, security vulnerabilities, errors, or performance failures to our products. Any damage to our reputation and brand from defective implementations of our open source software could result in lost sales and lack of market acceptance of our products and could adversely affect our business and growth prospects.
We rely on traditional web search engines to direct traffic to our website. If our website fails to rank prominently in unpaid search results, traffic to our website could decline and our business would be adversely affected.
Our success depends in part on our ability to attract users through unpaid Internet search results on traditional web search engines, such as Google. The number of users we attract to our website from search engines is due in large part to how and where our website ranks in unpaid search results. These rankings can be affected by a number of factors, many of which are not in our direct control, and they may change frequently. For example, a search engine may change its ranking algorithms, methodologies or design layouts. As a result, links to our website may not be prominent enough to drive traffic to our website, and we may not know how or otherwise be in a position to influence the results. Any reduction in the number of users directed to our website could reduce our revenue or require us to increase our customer acquisition expenditures.
If our security measures are breached or unauthorized access to private or proprietary data is otherwise obtained, our software may be perceived as not being secure, customers may reduce the use of or stop using our products, and we may incur significant liabilities.
Any security breach, including those resulting from a cybersecurity attack, phishing attack, or any unauthorized access, unauthorized usage, virus, malware, ransomware or similar breach or disruption to our networks and systems, or those of third parties upon which we rely, could result in the loss of confidential information, damage to our reputation, litigation, regulatory investigations or other liabilities. These attacks may come from individual hackers, criminal groups, and state-sponsored organizations. Cyber threats are constantly evolving and becoming increasingly sophisticated and complex, increasing the difficulty of detecting and successfully defending against them. As a provider of security solutions, we may be specifically targeted by bad actors for attacks intended to circumvent our security capabilities as an entry point into customers’ endpoints, networks, or systems. If our security measures are breached as a result of third-party action, employee error, defect or bug in our products, malfeasance or otherwise and, as a result, someone obtains unauthorized access to our confidential information or personal information or the confidential information or personal information of our customers, our reputation may be damaged, our business may suffer and we could incur significant liability. Even the perception of inadequate security may damage our reputation and negatively impact our ability to win new customers and retain existing customers. Further, we could be required to expend significant capital and other resources to address any data security incident or breach.
In addition, many of our customers may use our software for processing their sensitive and proprietary information, including business strategies, financial and operational data, personal or identifying information and other related data. As a result, unauthorized access or use of this data could result in the loss, compromise, corruption or destruction of our customers’ sensitive and proprietary information and lead to litigation, regulatory investigations and claims, indemnity obligations, and other liabilities. It could also hinder our ability to obtain and maintain information security certifications that support customers’ adoption of our products and our retention of those customers. We have implemented administrative, technical and physical measures designed to protect the integrity of customer information and prevent data loss, misappropriation and other security breaches and incidents and may incur significant costs in connection with the implementation of additional preventative measures in the future.
We engage third-party vendors and service providers to store and otherwise process some of our and our customers’ data, including sensitive and personal information. There have been and may continue to be significant supply chain cyber attacks generally, and our third-party vendors and service providers may be targeted or impacted by such attacks. We cannot guarantee that our or our third-party vendors and service providers’ systems and networks have not been breached or that they do not contain exploitable defects or bugs that could result in a breach of or disruption to our systems and networks or the systems and networks of third parties that support us and our services. Our ability to monitor our third-party vendors and service providers’ data security is limited, and, in any event, third parties may be able to circumvent those security measures, resulting in the unauthorized access to, misuse, disclosure, loss or destruction of our and our customers’ data, including sensitive and personal information.
Techniques used to sabotage or obtain unauthorized access to systems or networks are constantly evolving and, in some instances, are not identified until launched against a target. We and our service providers may be unable to anticipate these techniques, react in a timely manner, or implement adequate preventative measures. Security risks are also heightened during the ongoing COVID-19 pandemic as more individuals are working remotely and utilizing home networks for transmitting information, and reported ransomware incidents with significant operational impacts also appear to be escalating in frequency and degree. In addition, laws, regulations, government guidance, and industry standards and practices in the United States and elsewhere are rapidly evolving to combat these threats. We may face increased compliance burdens regarding such requirements with regulators and customers regarding our products and services and also incur additional costs for oversight and monitoring of our own supply chain. We and our customers may also experience increased costs associated with security measures and increased risk of suffering cyberattacks, including ransomware. Should we or the third-party vendors upon which we rely experience such attacks, including from ransomware, our operations may also be hindered or interrupted, with foreseeable secondary contractual, regulatory, financial, and reputational harms that may arise from such an incident.
Further, we cannot assure that any limitations of liability provisions in our customer and user agreements, contracts with third-party vendors and service providers or other contracts would be enforceable or adequate or would otherwise protect us from any liabilities or damages with respect to any particular claim relating to a security breach or other security-related matter. We also cannot be sure that our existing insurance coverage will continue to be available on acceptable terms or will be available in sufficient amounts to cover claims related to a security incident or breach, or that the insurer will not deny coverage as to any future claim. The successful assertion of claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could have a material adverse effect on our business, including our financial condition, operating results, and reputation.
Interruptions or performance problems associated with our technology and infrastructure, and our reliance on technologies from third parties, may adversely affect our business operations and financial results.
We rely on third-party cloud platforms to host our cloud offerings. If we experience an interruption in service for any reason, our cloud offerings would similarly be interrupted. An interruption in our services to our customers could cause our customers’ internal and consumer-facing applications to not function properly, which could have a material adverse effect on our business, results of operations, customer relationships and reputation.
In addition, our website and internal technology infrastructure may experience performance issues due to a variety of factors, including infrastructure changes, human or software errors, website or third-party hosting disruptions, capacity constraints, technical failures, natural disasters or fraud or security attacks. Our use of third-party open source software may increase this risk. If our website is unavailable or our users are unable to download our products or order subscriptions or services within a reasonable amount of time or at all, our business could be harmed. We expect to continue to make significant investments to maintain and improve website performance and to enable rapid releases of new features and applications for our products. To the extent that we do not effectively upgrade our systems as needed and continually develop our technology to accommodate actual and anticipated changes in technology, our business and results of operations may be harmed.
We rely on third-party service providers for many aspects of our business, and any failure to maintain these relationships could harm our business.
Our success depends upon our relationships with third-party service providers, including providers of cloud hosting infrastructure, customer relationship management systems, financial reporting systems, human resource management systems, credit card processing platforms, marketing automation systems, and payroll processing systems, among others. If any of these third parties experience difficulty meeting our requirements or standards, become unavailable due to extended outages or interruptions, temporarily or permanently cease operations, face financial distress or other business disruptions, increase their fees, if our relationships with any of these providers deteriorate, or if any of the agreements we have entered into with such third parties are terminated or not renewed without adequate transition arrangements, we could suffer liabilities, penalties, fines, increased costs and delays in our ability to provide customers with our products and services, our ability to manage our finances could be interrupted, receipt of payments from customers may be delayed, our processes for managing sales of our offerings could be impaired, our ability to generate and manage sales leads could be weakened, or our business operations could be disrupted. Any of such disruptions may adversely impact our business and our financial condition, results of operations or cash flows could be adversely affected until we replace such providers or develop replacement technology or operations. In addition, if we are unsuccessful in identifying high-quality service providers, negotiating cost-effective relationships with them or effectively managing these relationships, it could adversely affect our business and financial results.
The length of our sales cycle can be unpredictable, particularly with respect to sales through our channel partners or sales to large customers, and our sales efforts may require considerable time and expense.
Our results of operations may fluctuate, in part, because of the length and variability of the sales cycle of our subscriptions and the difficulty in making short-term adjustments to our operating expenses. Our results of operations depend in part on sales to new customers, including large customers, and increasing sales to existing customers. The length of our sales cycle, from initial contact with our sales team to contractually committing to our subscriptions can vary substantially from customer to customer based on deal complexity as well as whether a sale is made directly by us or through a channel partner. Our sales cycle can extend to more than a year for some customers, and the length of sales cycles may be further impacted due to the COVID-19 pandemic. Some customers have been scrutinizing their spending more carefully given a challenging economic environment associated with the pandemic, and we generally expect this to continue. This might cause sales cycles to become longer or become more unpredictable. As we target more of our sales efforts at larger enterprise customers, we may face greater costs, longer sales cycles, greater competition and less predictability in completing some of our sales. A customer’s decision to use our solutions may be an enterprise-wide decision, which may require greater levels of education regarding the use cases of our products or prolonged negotiations. In addition, larger customers may demand more configuration, integration services and features. It is difficult to predict exactly when, or even if, we will make a sale to a potential customer or if we can increase sales to our existing customers. As a result, large individual sales have, in some cases, occurred in quarters subsequent to those we anticipated, or have not occurred at all. The loss or delay of one or more large transactions in a quarter could affect our cash flows and results of operations for that quarter and for future quarters. Because a substantial proportion of our expenses are relatively fixed in the short term, our cash flows and results of operations will suffer if revenue falls below our expectations in a particular quarter, which could cause the price of our ordinary shares to decline.
We depend on our senior management and other key employees, and the loss of one or more of these employees or an inability to attract and retain highly skilled employees could harm our business.
Our future success depends, in part, on our ability to continue to attract and retain highly skilled personnel. The loss of the services of any of our key personnel, the inability to attract or retain qualified personnel, or delays in hiring required personnel, particularly in engineering and sales, may seriously harm our business, financial condition, and results of operations. Further, our ability to attract additional qualified personnel may be impacted by the economic uncertainty and insecurity caused by the COVID-19 pandemic. The loss of services of any of our key personnel also increases our dependency on other key personnel who remain with us. Although we have entered into employment offer letters with our key personnel, their employment is for no specific duration and constitutes at-will employment. We are also substantially dependent on the continued service of our existing engineering personnel because of the complexity of our products.
Our future performance also depends on the continued services and continuing contributions of our senior management, particularly our Chief Executive Officer and Chairman, Shay Banon, to execute on our business plan and to identify and pursue new opportunities and product innovations. We do not maintain key person life insurance policies on any of our employees. The loss of services of senior management could significantly delay or prevent the achievement of our development and strategic objectives, which could adversely affect our business, financial condition, and results of operations. Any search for senior management in the future or any search to replace the loss of any senior management may be prolonged, and we may not be able to attract a qualified candidate or replacement, as applicable, in a timely manner or at all, particularly as potential candidates may be wary to transition during the unstable economic conditions caused by the COVID-19 pandemic. Furthermore, the COVID-19 pandemic could make it more difficult to onboard, provide training to and integrate any senior
management or key employees, which could adversely affect their productivity and our business. If we are unable to mitigate these or other similar risks as we experience management turnover, our business, results of operation and financial condition may be adversely affected.
Additionally, the industry in which we operate is generally characterized by significant competition for skilled personnel as well as high employee attrition. We may not be successful in attracting, integrating, or retaining qualified personnel to fulfill our current or future needs. We may need to invest significant amounts of cash and equity to attract and retain new employees, and we may never realize returns on these investments. Also, to the extent we hire personnel from competitors, we may be subject to allegations that they have been improperly solicited, that they have divulged proprietary or other confidential information, or that their former employers own their inventions or other work product.
If we are not able to maintain and enhance our brand, especially among developers, our ability to expand our customer base will be impaired and our business and operating results may be adversely affected.
We believe that developing and maintaining widespread awareness of our brand, especially with developers, is critical to achieving widespread acceptance of our software and attracting new users and customers. We also believe that the importance of brand recognition will increase as competition in our market increases. Successfully maintaining and enhancing our brand will depend largely on the effectiveness of our marketing efforts, our ability to maintain our customers’ trust, our ability to continue to develop new functionality and use cases, and our ability to successfully differentiate our products and platform capability from competitive products. Brand promotion activities may not generate user or customer awareness or increase revenue, and even if they do, any increase in revenue may not offset the expenses we incur in building our brand. For instance, our continued focus and investment in ElasticON and similar investments in our brand, user engagement, and customer engagement may not generate the desired customer awareness or a sufficient financial return. If we fail to successfully promote and maintain our brand, we may fail to attract or retain users and customers necessary to realize a sufficient return on our brand-building efforts, or to achieve the widespread brand awareness that is critical for broad customer adoption of our products, which would adversely affect our business and results of operations.
Our corporate culture has contributed to our success, and if we cannot maintain this culture as we grow, we could lose the innovation, creativity and entrepreneurial spirit we have worked to foster, which could harm our business.
We believe that our culture has been and will continue to be a key contributor to our success. We expect to continue to hire as we expand. If we do not continue to maintain our corporate culture as we grow, we may be unable to foster the innovation, creativity, and entrepreneurial spirit we believe we need to support our growth. Moreover, many of our existing employees may be able to receive significant proceeds from sales of our ordinary shares in the public markets, which could lead to employee attrition and disparities of wealth among our employees that adversely affects relations among employees and our culture in general. Additional headcount growth may result in a change to our corporate culture, which could harm our business.
We rely on channel partners to execute a portion of our sales; if our channel partners fail to perform or we are unable to maintain successful relationships with our channel partners, our ability to market, sell and distribute our solution will be more limited, and our results of operations could be harmed.
A portion of our revenue is generated by sales through our channel partners, especially to U.S. federal government customers and in certain international markets, and these sales may grow and represent a larger portion of our revenues in the future. We provide certain of our channel partners with specific training and programs to assist them in selling our offerings, but there can be no assurance that these steps will be effective. In addition, our channel partners may be unsuccessful in marketing and selling our offerings, particularly in light of the effects of the COVID-19 pandemic. If we are unable to develop and maintain effective sales incentive programs for our channel partners, we may not be able to incentivize these partners to sell our offerings to customers.
Some of these partners may also market, sell, and support offerings that compete with ours, may devote more resources to the marketing, sales, and support of such competitive offerings, may have incentives to promote our competitors’ offerings to the detriment of our own or may cease selling our offerings altogether. Our agreements with our channel partners typically have a duration of one to three years, and generally may be terminated for any reason by either party with advance notice prior to each renewal date. We may not be able to retain these channel partners or secure additional or replacement channel partners. The loss of one or more of our significant channel partners or a decline in the number or size of orders from any of them could harm our results of operations. In addition, many of our new channel partners require extensive training and may take several months or more to achieve productivity. Our channel partner sales structure could subject us to lawsuits, potential liability, and reputational harm if, for example, any of our channel partners misrepresents the functionality of our offerings to customers or violates laws or our or their corporate policies. If our channel partners are unsuccessful in fulfilling the orders for our offerings, or if we are unable to enter into arrangements with and retain high quality channel partners, our ability to sell our offerings and results of operations could be harmed.
If we are unable to maintain successful relationships with our partners, our business operations, financial results and growth prospects could be adversely affected.
We maintain partnership relationships with a variety of partners, including cloud providers, systems integrators, channel partners, referral partners, OEM and MSP partners, and technology partners, to deliver offerings to our end customers and complement our broad community of users. In particular, we partner with various cloud providers to jointly market, sell and deliver our Elastic Cloud offerings, and in some instances this also involves technical integration with such cloud providers.
Our agreements with our partners are generally non-exclusive, meaning our partners may offer customers the offerings of several different companies, including offerings that compete with ours, or may themselves be or become competitors. If our partners do not effectively market and sell our offerings, choose to use greater efforts to market and sell their own offerings or those of our competitors, fail to meet the needs of our customers, or fail to deliver professional services to our customers particularly in light of the effects of the COVID-19 pandemic, our ability to grow our business and sell our offerings may be harmed. Our partners may cease marketing our offerings with limited or no notice and with little or no penalty. The loss of a substantial number of our partners, our possible inability to replace them, or the failure to recruit additional partners could harm our results of operations.
Our ability to achieve revenue growth in the future will depend in part on our success in maintaining successful relationships with our partners and in helping our partners enhance their ability to market and sell our subscriptions. If we are unable to maintain our relationships with these partners, our business, results of operations, financial condition or cash flows could be harmed.
The sales prices of our offerings may decrease, which may reduce our gross profits and adversely affect our financial results.
The sales prices for our offerings may decline or we may introduce new pricing models for a variety of reasons, including competitive pricing pressures, discounts, in anticipation of or in conjunction with the introduction of new offerings, or promotional programs. Competition continues to increase in the market segments in which we operate, and we expect competition to further increase in the future, thereby leading to increased pricing pressures. Larger competitors with more diverse offerings may reduce the price of offerings that compete with ours or may bundle them with other offerings. Additionally, currency fluctuations in certain countries and regions may negatively impact actual prices that customers and channel partners are willing to pay in those countries and regions. Any decrease in the sales prices for our offerings, without a corresponding decrease in costs or increase in volume, would adversely impact our gross profit. Gross profit could also be adversely impacted by a shift in the mix of our subscriptions from self-managed to our cloud offering, for which we incur hosting costs, as well as any increase in our mix of professional services relative to subscriptions. We may not be able to maintain our prices and gross profits at levels that will allow us to achieve and maintain profitability.
We expect our revenue mix to vary over time, which could harm our gross margin and operating results.
We expect our revenue mix to vary over time due to a number of factors, and we expect that revenue from Elastic Cloud will continue to become a larger part of our revenue mix. Due to the differing revenue recognition policies applicable to our subscriptions and professional services, shifts in our business mix from quarter to quarter could produce substantial variation in revenue recognized. Further, our gross margins and operating results could be harmed by changes in revenue mix and costs, together with numerous other factors, including entry into new markets or growth in lower margin markets; entry into markets with different pricing and cost structures; pricing discounts; and increased price competition. Any one of these factors or the cumulative effects of certain of these factors may result in significant fluctuations in our gross margin and operating results. This variability and unpredictability could result in our failure to meet internal expectations or those of securities analysts or investors for a particular period. If we fail to meet or exceed such expectations for these or any other reasons, the market price of our ordinary shares could decline.
Failure to protect our proprietary technology and intellectual property rights could substantially harm our business and results of operations.
Our success depends to a significant degree on our ability to protect our proprietary technology, methodologies, know-how and brand. We rely on a combination of trademarks, copyrights, patents, contractual restrictions, and other intellectual property laws and confidentiality procedures to establish and protect our proprietary rights. However, the steps we take to protect our intellectual property rights may be inadequate. We will not be able to protect our intellectual property rights if we are unable to enforce our rights or if we do not detect unauthorized use of our intellectual property rights. The source code of the proprietary features for the Elastic Stack is publicly available, which may enable others to replicate our proprietary technology and compete more effectively. If we fail to protect our intellectual property rights adequately, our competitors may gain access to our proprietary technology and our business may be harmed. In addition, defending our intellectual property rights might entail significant expense. Any patents, trademarks, or other intellectual property rights that we have or may obtain
may be challenged by others or invalidated through administrative process or litigation. As of April 30, 2021, we had 24 issued U.S. patents, 57 pending U.S. patent applications, and 17 pending non-U.S. filings. There can be no assurance that our patent applications will result in issued patents. Even if we continue to seek patent protection in the future, we may be unable to obtain further patent protection for our technology. In addition, any patents issued in the future may not provide us with competitive advantages, or may be successfully challenged by third parties. Furthermore, legal standards relating to the validity, enforceability, and scope of protection of intellectual property rights are uncertain. Despite our precautions, it may be possible for unauthorized third parties to copy our products and use information that we regard as proprietary to create offerings that compete with ours. Effective patent, trademark, copyright, and trade secret protection may not be available to us in every country in which our products are available. We may be unable to prevent third parties from acquiring domain names or trademarks that are similar to, infringe upon, or diminish the value of our trademarks and other proprietary rights. The laws of some countries may not be as protective of intellectual property rights as those in the United States, and mechanisms for enforcement of intellectual property rights may be inadequate. As we expand our international activities, our exposure to unauthorized copying and use of our products and proprietary information will likely increase. Accordingly, despite our efforts, we may be unable to prevent third parties from infringing upon or misappropriating our intellectual property.
We enter into confidentiality and invention assignment agreements with our employees and consultants and enter into confidentiality agreements with other parties. No assurance can be given that these agreements will be effective in controlling access to and distribution of our proprietary information. Further, these agreements may not prevent our competitors from independently developing technologies that are substantially equivalent or superior to our products.
In order to protect our intellectual property rights, we may be required to spend significant resources to monitor and protect our intellectual property rights. Litigation may be necessary in the future to enforce our intellectual property rights and to protect our trade secrets. For example, on September 4, 2019, we filed suit against floragunn GmbH in the United States District Court for the Northern District of California for copyright infringement and contributory copyright infringement, and on September 27, 2019, we filed a suit against Amazon.com, Inc. in the United States District Court for the Northern District of California for trademark infringement and false advertising. Litigation brought to protect and enforce our intellectual property rights could be costly, time-consuming, and distracting to management, and could result in the impairment or loss of portions of our intellectual property. Further, our efforts to enforce our intellectual property rights may be met with defenses, counterclaims, and countersuits attacking the validity and enforceability of our intellectual property rights. Our inability to protect our proprietary technology against unauthorized copying or use, as well as any costly litigation or diversion of our management’s attention and resources, could delay further sales or the implementation of our products, impair the functionality of our products, delay introductions of new products, result in our substituting inferior or more costly technologies into our products, or injure our reputation.
We could incur substantial costs as a result of any claim of infringement, misappropriation or violation of another party’s intellectual property rights.
In recent years, there has been significant litigation involving patents and other intellectual property rights in the software industry. Companies providing software are increasingly bringing and becoming subject to suits alleging infringement, misappropriation or violation of proprietary rights, particularly patent rights, and to the extent we gain greater market visibility, we face a higher risk of being the subject of intellectual property infringement, misappropriation or violation claims. We do not currently have a large patent portfolio, which could prevent us from deterring patent infringement claims through our own patent portfolio, and our competitors and others may now and in the future have significantly larger and more mature patent portfolios than we have. The risk of patent litigation has been amplified by the increase in the number of a type of patent holder, which we refer to as a non-practicing entity, whose sole or principal business is to assert such claims and against whom our own intellectual property portfolio may provide little deterrent value. We could incur substantial costs in prosecuting or defending any intellectual property litigation. If we sue to enforce our rights or are sued by a third party that claims that our products infringe, misappropriate or violate their rights, the litigation could be expensive and could divert our management resources.
Any intellectual property litigation to which we might become a party, or for which we are required to provide indemnification, may require us to do one or more of the following:
•cease selling or using products that incorporate the intellectual property rights that we allegedly infringe, misappropriate or violate;
•make substantial payments for legal fees, settlement payments or other costs or damages;
•obtain a license, which may not be available on reasonable terms or at all, to sell or use the relevant technology; or
•redesign the allegedly infringing products to avoid infringement, misappropriation or violation, which could be costly, time-consuming or impossible.
If we are required to make substantial payments or undertake any of the other actions noted above as a result of any intellectual property infringement, misappropriation or violation claims against us or any obligation to indemnify our customers for such claims, such payments or actions could harm our business.
Indemnity provisions in various agreements potentially expose us to substantial liability for intellectual property infringement, misappropriation, violation and other losses.
Our agreements with customers and other third parties may include indemnification provisions under which we agree to indemnify them for losses suffered or incurred as a result of claims of intellectual property infringement, misappropriation or violation, damages caused by us to property or persons, or other liabilities relating to or arising from our software, services or other contractual obligations. Large indemnity payments could harm our business, results of operations and financial condition. Although we normally contractually limit our liability with respect to such indemnity obligations, we may still incur substantial liability related to them. Any dispute with a customer with respect to such obligations could have adverse effects on our relationship with that customer and other existing customers and new customers and harm our business and results of operations.
Our use of third-party open source software within our products could negatively affect our ability to sell our products and subject us to possible litigation.
Our technologies incorporate open source software from other developers, and we expect to continue to incorporate such open source software in our products in the future. Few of the licenses applicable to open source software have been interpreted by courts, and there is a risk that these licenses could be construed in a manner that could impose unanticipated conditions or restrictions on our ability to commercialize our products. Moreover, we cannot assure that we have not incorporated third-party open source software in our software in a manner that is inconsistent with the terms of the applicable license or our current policies and procedures. If we fail to comply with these licenses, we may be subject to certain requirements, including requirements that we offer our solutions that incorporate the open source software for no cost, that we make available source code for modifications or derivative works we create based upon, incorporating or using the open source software and that we license such modifications or derivative works under the terms of applicable open source licenses. If an author or other third party that distributes such open source software were to allege that we had not complied with the conditions of one or more of these licenses, we could be required to incur significant legal expenses defending against such allegations and could be subject to significant damages, enjoined from the sale of our products that contained the open source software and required to comply with onerous conditions or restrictions on these products, which could disrupt the distribution and sale of these products. In addition, there have been claims challenging the ownership rights in open source software against companies that incorporate open source software into their products, and the licensors of such open source software provide no warranties or indemnities with respect to such claims. In any of these events, we and our customers could be required to seek licenses from third parties in order to continue offering our products, and to re-engineer our products or discontinue the sale of our products in the event re-engineering cannot be accomplished on a timely basis. We and our customers may also be subject to suits by parties claiming infringement, misappropriation or violation due to the reliance by our solutions on certain open source software, and such litigation could be costly for us to defend or subject us to an injunction. Some open source projects have known vulnerabilities and architectural instabilities and as provided on an “as-is” basis which, if not properly addressed, could negatively affect the performance of our product. Any of the foregoing could require us to devote additional research and development resources to re-engineer our solutions, could result in customer dissatisfaction, and may adversely affect our business, results of operations and financial condition.
One of our marketing strategies is to offer some of our product features for free and to provide free trials of some of our paid features, and we may not be able to realize the benefits of this strategy.
We are dependent upon lead generation strategies, including offering free use of some of our product features and free trials of some of our paid features. These strategies may not be successful in continuing to generate sufficient sales opportunities necessary to increase our revenue. Many users never convert from the free use model or from free trials to the paid versions of our products. To the extent that users do not become, or we are unable to successfully attract, paying customers, we will not realize the intended benefits of these marketing strategies and our ability to grow our revenue will be adversely affected.
With the acquisition of Endgame, we face risks related to the integration of combined businesses, our cash resources and financial results, undisclosed liabilities, and employee and customer retention.
Since the closing of the acquisition of Endgame in October 2019, we have devoted significant management attention and resources to integrating the business practices and operations of the former Endgame business with our business. Potential difficulties we may encounter as we continue to integrate Endgame into our business strategy include those related to the costs
of integration and compliance, diversion of management’s attention, our ability to create and enforce uniform standards, procedures, policies and information systems, potential unknown liabilities, and unforeseen increased expenses or delays.
Our due diligence review in connection with the acquisition may not have discovered undisclosed liabilities of Endgame. If there are undisclosed liabilities, Elastic as a successor owner may be responsible for such undisclosed liabilities. Such undisclosed liabilities could have an adverse effect on the business and results of operations and may adversely affect the value of our ordinary shares.
The acquisition may also result in significant charges or other liabilities that could adversely affect our results of operations, such as cash expenses and non-cash accounting charges incurred in connection with the acquisition and/or integration of the combined businesses and operations.
Our international operations and expansion expose us to several risks.
As of April 30, 2021, we had customers located in over 100 countries, and our strategy is to continue to expand internationally. In addition, as a result of our strategy of leveraging a distributed workforce, as of April 30, 2021, we had employees located in over 35 countries. Our current international operations involve and future initiatives may involve a variety of risks, including:
•unexpected changes in regulatory requirements, taxes, trade laws, tariffs, export quotas, custom duties or other trade restrictions;
•different labor regulations, especially in the European Union, where labor laws are generally more advantageous to employees as compared to the United States, including deemed hourly wage and overtime regulations in these locations;
•exposure to many stringent, particularly in the European Union, and potentially inconsistent laws and regulations relating to privacy, data protection and information security;
•changes in a specific country’s or region’s political or economic conditions;
•political, economic and trade uncertainties or instability related to the effect of the United Kingdom's withdrawal from the European Union (Brexit), including the effects of the Trade and Cooperation Agreement between the European Union, the European Atomic Energy Community and the United Kingdom signed in December 2020, on the economies of, and the relationships between, the United Kingdom, European Union, United States and other countries;
•the evolving relations between the United States and China;
•changes in relations between the Netherlands and the United States;
•risks resulting from changes in currency exchange rates and inflation;
•the impact of public health epidemics or pandemics on our employees, partners and customers;
•challenges inherent to efficiently managing an increased number of employees over large geographic distances, including the need to implement appropriate systems, policies, benefits and compliance programs;
•risks relating to the implementation of trade and economic sanctions, including restrictions promulgated by the OFAC, and other similar trade protection regulations and measures in the United States or in other jurisdictions;
•risks relating to our third-party vendors and service providers’ storage and processing of some of our and our customers’ data, including any supply chain cyber attacks;
•reduced ability to timely collect amounts owed to us by our customers in countries where our recourse may be more limited;
•limitations on our ability to reinvest earnings from operations derived from one country to fund the capital needs of our operations in other countries;
•limited or unfavorable intellectual property protection; and
•exposure to liabilities under anti-corruption and anti-money laundering laws, including the U.S. Foreign Corrupt Practices Act of 1977, as amended (“FCPA”), and similar applicable laws and regulations in other jurisdictions.
If we are unable to address these difficulties and challenges or other problems encountered in connection with our international operations and expansion, we might incur unanticipated liabilities or we might otherwise suffer harm to our business generally.
If we are not successful in sustaining and expanding our international business, we may incur additional losses and our revenue growth could be harmed.
Our future results depend, in part, on our ability to sustain and expand our penetration of the international markets in which we currently operate and to expand into additional international markets. We depend on direct sales and our channel partner relationships to sell our offerings in international markets. Our ability to expand internationally will depend upon our ability to deliver functionality and foreign language translations that reflect the needs of the international clients that we target. Our ability to expand internationally involves various risks, including the need to invest significant resources in such expansion, and the possibility that returns on such investments will not be achieved in the near future or at all in these less familiar competitive environments. We may also choose to conduct our international business through other partnerships. If we are unable to identify partners or negotiate favorable terms, our international growth may be limited. In addition, we have incurred and may continue to incur significant expenses in advance of generating material revenue as we attempt to establish our presence in particular international markets.
If we need to raise additional capital or generate the significant capital necessary to expand our operations and invest in new offerings, it could reduce our ability to compete and could harm our business.
We may need to raise additional funds in the future, and we may not be able to obtain additional debt or equity financing on favorable terms, if at all. If we raise additional equity financing, our shareholders may experience significant dilution of their ownership interests and the per share value of our ordinary shares could decline. Furthermore, if we engage in debt financing, the holders of debt would have priority over the holders of our ordinary shares, and we may be required to accept terms that restrict our ability to incur additional indebtedness. We may also be required to take other actions that would otherwise be in the interests of the debt holders and force us to maintain specified liquidity or other ratios, any of which could harm our business, results of operations, and financial condition. If we need additional capital and cannot raise it on acceptable terms, we may not be able to, among other things:
•develop or enhance our products;
•continue to expand our sales and marketing and research and development organizations;
•acquire complementary technologies, products or businesses;
•expand operations in the United States or internationally;
•hire, train, and retain employees; or
•respond to competitive pressures or unanticipated working capital requirements.
Our failure to have sufficient capital to do any of these things could harm our business, financial condition, and results of operations.
A portion of our revenue is generated by sales to government entities, which are subject to a number of challenges and risks.
Sales to government entities are subject to a number of risks. Selling to government entities can be highly competitive, expensive, and time-consuming, often requiring significant upfront time and expense without any assurance that these efforts will generate a sale. Government certification requirements for products like ours may change, thereby restricting our ability to sell into the U.S. federal government sector, U.S. state government sector, or government sectors of countries other than the United States until we have attained the revised certification. For example, we hold a U.S. Federal Risk and Authorization Management Program Authority to Operate at a moderate impact level; however, such authority is costly to maintain and if we were to lose our certification in the future, it would restrict our ability to sell to government customers. On May 12, 2021, the Biden Administration issued an Executive Order that will ultimately result in additional security requirements for government agencies and their contractors, for example, multifactor authentication, encryption for data at rest and in transit, and broad log creation, preservation, and production requirements. Furthermore, the Executive Order accelerates agency planning and implementation requirements for “zero trust architecture” and will establish a standards-development effort for a software bill of materials. This may increase compliance costs directly for government contracts and indirectly to the extent such requirements require changes or new efforts at an enterprise level. If we are unable to timely meet such requirements, our ability to compete for and maintain federal government contracts may be diminished, which could adversely affect our business, results of operations and financial condition.
Government demand and payment for our offerings may be affected by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our offerings. Sales to government agencies, including classified contracts, are subject to complex regulations. Failure to comply with such regulations could result in contract terminations or other adverse consequences, including but not limited to adversely affecting our eligibility to sell to government agencies in the future. Additionally, we rely on certain partners to provide technical support
services to certain of our government entity customers to resolve any issues relating to our products. If our partners do not effectively assist our government entity customers in deploying our products, succeed in helping our government entity customers quickly resolve post-deployment issues, or provide effective ongoing support, our ability to sell additional offerings to new and existing government entity customers would be adversely affected and our reputation could be damaged.
Government entities may have statutory, contractual, or other legal rights to terminate contracts with us or our channel partners for convenience or due to a default, and any such termination may adversely affect our future results of operations. In addition, multi-year contracts with government entities are usually conditioned on annual fiscal funding actions that the relevant legislative or other decision-making body must take in order to fund each year of a contract. Such legislative or decision-making bodies may elect not to fund each year of a contract. Governments routinely investigate and audit government contractors’ administrative processes, and any unfavorable audit could result in the government refusing to continue buying our subscriptions, a reduction of revenue, or fines or civil or criminal liability if the audit uncovers improper or illegal activities, which could adversely affect our results of operations in a material way.
Unanticipated changes in effective tax rates or adverse outcomes resulting from examination of our income or other tax returns could expose us to greater than anticipated tax liabilities.
Our income tax obligations are based in part on our corporate structure and intercompany arrangements, including the manner in which we develop, value, and use our intellectual property and the valuations of our intercompany transactions. The tax laws applicable to our business, including the laws of the Netherlands, the United States and other jurisdictions, are subject to change and interpretation, and certain jurisdictions may aggressively interpret their laws in an effort to raise additional tax revenue. For example, recently, in the United States, the Biden administration has proposed a number of changes, including an increase to the U.S. corporate income tax rate from 21% to 28%. In addition, other countries, as well as organizations such as the Organization for Economic Cooperation and Development, have recently proposed or recommended changes to existing tax laws or have enacted new laws that could impact our tax obligations in countries where we do business or cause us to change the way we operate our business. Any new legislation or interpretations of existing legislation could result in increased taxation of our international earnings.
The taxing authorities of the jurisdictions in which we operate may challenge our methodologies for valuing developed technology or intercompany arrangements, which could increase our worldwide effective tax rate and harm our financial position and results of operations. Tax authorities examine and may audit our income tax returns and other non-income tax returns, such as payroll, sales, value-added, net worth or franchise, property, goods and services, and excise taxes, in both the United States and foreign jurisdictions. It is possible that tax authorities may disagree with certain positions we have taken, and any adverse outcome of such a review or audit could have a negative effect on our financial position and results of operations. Further, the determination of our worldwide provision for income taxes and other tax liabilities requires significant judgment by management, and there are transactions where the ultimate tax determination is uncertain. Although we believe that our estimates are reasonable, the ultimate tax outcome may differ from the amounts recorded in our consolidated financial statements and may materially affect our financial results in the period or periods for which such determination is made.
Our corporate structure and intercompany arrangements are subject to the tax laws of various jurisdictions, and we could be obligated to pay additional taxes, which would harm our results of operations.
Based on our current corporate structure, we may be subject to taxation in several jurisdictions around the world with increasingly complex tax laws, the application of which can be uncertain. The amount of taxes we pay in these jurisdictions could increase substantially as a result of changes in the applicable tax principles, including increased tax rates, new tax laws or revised interpretations of existing tax laws and precedents. In addition, the authorities in the jurisdictions in which we operate could review our tax returns or require us to file tax returns in jurisdictions in which we are not currently filing, and could impose additional tax, interest and penalties. These authorities could also claim that various withholding requirements apply to us or our subsidiaries, assert that benefits of tax treaties are not available to us or our subsidiaries, or challenge our methodologies for valuing developed technology or intercompany arrangements, including our transfer pricing. The relevant taxing authorities may determine that the manner in which we operate our business does not achieve the intended tax consequences. If such a disagreement was to occur, and our position was not sustained, we could be required to pay additional taxes, and interest and penalties. Any increase in the amount of taxes we pay or that are imposed on us could increase our worldwide effective tax rate and harm our business and results of operations.
Our ability to use our net operating loss carryforwards to offset future taxable income may be subject to certain limitations.
As of April 30, 2021 and 2020, we had net operating loss carryforwards in various jurisdictions of $2.2 billion and $1.3 billion, respectively, which may be utilized against future income taxes. Limitations imposed by the applicable jurisdictions on our ability to utilize net operating loss carryforwards could cause income taxes to be paid earlier than would be paid if such limitations were not in effect and could cause such net operating loss carryforwards to expire unused, in each case
reducing or eliminating the benefit of such net operating loss carryforwards. Furthermore, we may not be able to generate sufficient taxable income to utilize our net operating loss carryforwards before they expire. If any of these events occur, we may not derive some or all of the expected benefits from our net operating loss carryforwards.
We are exposed to fluctuations in currency exchange rates, which could negatively affect our financial condition and results of operations.
A portion of our subscriptions are generated and operating expenses are incurred outside the United States and denominated in foreign currencies and are subject to fluctuations due to changes in foreign currency exchange rates, particularly against the Euro. In part as a result of the COVID-19 pandemic, foreign currency exchange rates have been and could continue to be subject to increased volatility. The strengthening of the U.S. dollar increases the real cost of our offerings to our customers outside of the United States, leading to delays in the purchase of our offerings and the lengthening of our sales cycle. If the strength of the U.S. dollar increases, this could adversely affect our financial condition and results of operations. In addition, increased international sales in the future, including through our channel partners, may result in greater foreign currency denominated sales, increasing our foreign currency risk. Moreover, operating expenses incurred outside the United States and denominated in foreign currencies are increasing and are subject to fluctuations due to changes in foreign currency exchange rates. If we are not able to successfully hedge against the risks associated with currency fluctuations, our financial condition and results of operations could be adversely affected. To date, we have not entered into any hedging transactions in an effort to reduce our exposure to foreign currency exchange risk. While we may decide to enter into hedging transactions in the future, the availability and effectiveness of these hedging transactions may be limited and we may not be able to successfully hedge our exposure, which could adversely affect our financial condition and results of operations.
Seasonality may cause fluctuations in our sales and results of operations.
Historically, we have experienced quarterly fluctuations and seasonality based on the timing of entering into agreements with new and existing customers and the mix between annual and monthly contracts entered in each reporting period. Trends in our business, financial condition, results of operations and cash flows are impacted by seasonality in our sales cycle which generally reflects a trend to greater sales in our second and fourth quarters and lower sales in our first and third quarters, though we believe this trend has been somewhat masked by our overall growth. We expect that this seasonality will continue to affect our results of operations in the future, and might become more pronounced as we continue to target larger enterprise customers.
Risks Related to Regulatory Matters
In connection with the operation of our business, we may collect, store, transfer and otherwise process certain personal data. As a result, our business is subject to a variety of government and industry regulations, as well as other obligations, related to privacy, data protection and information security.
Privacy, data protection and information security have become significant issues in various jurisdictions where we offer our products. The regulatory frameworks for these issues worldwide are rapidly evolving and are likely to remain uncertain for the foreseeable future. Federal, state, or non-U.S. government bodies or agencies have in the past adopted, and may in the future adopt, new laws and regulations or may make amendments to existing laws and regulations affecting data protection, data privacy and/or information security and/or regulating the use of the Internet as a commercial medium. For example, the recently enacted California Consumer Privacy Act (the “CCPA”) provides new data privacy rights for California residents. The enforcement of the CCPA by the California Attorney General commenced July 1, 2020. We cannot fully predict the impact of the CCPA on our business or operations, but we may be required to modify our data processing practices and policies and to incur substantial costs and expenses in connection with our compliance or the compliance of our customers or vendors. The CCPA also provides for civil penalties and a private right of action for violations, which may increase our compliance costs and potential liability. Additionally, a new privacy law, the California Privacy Rights Act (“CPRA”), was approved by California voters in the November 3, 2020 election. The CPRA creates obligations relating to consumer data beginning on January 1, 2022, with implementing regulations expected on or before July 1, 2022, and enforcement beginning July 1, 2023. We will continue to monitor developments related to the CPRA and anticipate additional costs and expenses associated with CPRA compliance. Other U.S. states also are considering omnibus privacy legislation and industry organizations regularly adopt and advocate for new standards in these areas. Many obligations under the CCPA and these other laws and legislative proposals remain uncertain, and we cannot fully predict their impact on our business. If we fail to comply with any of these laws or standards, we may be subject to investigations, enforcement actions, civil litigation, fines and other penalties, all of which may generate negative publicity and have a negative impact on our business.
Additionally, in the United States, we may be subject to investigation and/or enforcement actions brought by federal agencies and state attorneys general and consumer protection agencies. We publicly post statements and other documentation
regarding our practices concerning the processing, use and disclosure of personally identifiable information. Although we endeavor to comply with our published statements and documentation, we may at times fail to do so or be alleged to have failed to do so. The publication of our privacy statement and other documentation that provide promises and assurances about privacy and security can subject us to potential state and federal action if they are found to be deceptive, unfair, or misrepresentative of our actual practices.
Internationally, most jurisdictions in which we operate have established their own privacy, data protection and information security legal frameworks with which we or our customers must comply. Within the European Union, the General Data Protection Regulation (“GDPR”) became fully effective on May 25, 2018, and applies to the processing (which includes the collection and use) of personal data. The GDPR imposes significant obligations and risk upon our business and provides for substantial penalties to which we could be subject in the event of any non-compliance. Administrative fines under the GDPR can amount up to 20 million Euros or four percent of the group’s annual global turnover, whichever is higher. Further, the United Kingdom has implemented legislation that substantially implements the GDPR in the United Kingdom, which legislation provides for penalties for violations of up to the greater of 17.5 million British pounds or four percent of the group’s annual global turnover. Following the exit of the United Kingdom from the European Union however, aspects of U.K. data protection law and the relationship of the United Kingdom and the European Union in the medium to longer term remain unclear, including with respect to how data transfers to and from the United Kingdom will be regulated.
We have incurred substantial expense in complying with new data protection legal frameworks and we may be required to make additional, significant changes in our business operations, all of which may adversely affect our revenue and our business overall. Additionally, because these new regimes lack a substantial enforcement history, we are unable to predict how emerging standards may be applied to us. Despite our efforts to attempt to comply with new data protection obligations, a regulator may determine that we have not done so and subject us to fines and public censure, which could harm our company.
Among other requirements, the GDPR regulates transfers of personal data subject to the GDPR to third countries that have not been found to provide adequate protection to such personal data, including the United States. Some countries also are considering or have passed legislation requiring local storage and processing of data, or similar requirements, which could increase the cost and complexity of delivering our services. We have undertaken certain efforts to conform transfers of personal data from the European Economic Area (“EEA”), to the United States and other jurisdictions based on our understanding of current regulatory obligations and the guidance of data protection authorities, including standard contractual clauses approved by the European Commission (the “SCCs”). Despite this, we may be unsuccessful in maintaining conforming means of transferring such data from the EEA, in particular as a result of continued legal and legislative activity within the EEA that has challenged or called into question existing means of data transfers to countries that have not been found to provide adequate protection for personal data.
The regulatory environment applicable to handling of EEA residents' personal data, and our actions taken in response, may cause us to assume additional liabilities or incur additional costs. In the Schrems II decision issued by the Court of Justice of the European Union (“CJEU”) on July 16, 2020, the CJEU, among other things, imposed additional obligations on companies when relying on the SCCs. We and our customers may face EEA regulators applying different standards to certain data transfers or requiring additional steps in connection with data transfers, and may be required to engage in new contract negotiations with third parties that aid in processing data on our behalf. We may be unsuccessful in maintaining legitimate means for our transfer and receipt of personal data from the EEA, and may experience hesitancy, reluctance, or refusal by European or multi-national customers to continue to use our products due to the potential risk exposure to such customers as a result of sentiment in the EEA regarding international data transfers and data protection obligations imposed on them. We may find it necessary to establish systems to maintain personal data originating from the EEA in the EEA, or may need to take other steps with respect to data handling and data transfers, including means to provide for local data processing, which may involve substantial expense and may require us to divert resources from other aspects of our business, all of which may adversely affect our business. We and our customers may face a risk of enforcement actions by European data protection authorities until the time, if any, that personal data transfers to us and by us from the EEA are legitimized under European law. These and the other risks described above could result in harm to our business, operating results and financial condition. In addition to government regulation, privacy advocates and industry groups may propose new and different self-regulatory standards that may legally or contractually apply to us. One example of such a self-regulatory standard is the Payment Card Industry Data Security Standard (“PCI DSS”), which relates to the processing of payment card information. In the event we or our payment processors fail to comply with the PCI DSS, fines and other penalties could result, and we may suffer reputational harm and damage to our business. Further, our customers increasingly expect us to comply with more stringent privacy, data protection and information security requirements than those imposed by laws, regulations or self-regulatory requirements, and we may be obligated contractually to comply with additional or different standards relating to our handling or protection of data on or by our offerings. Any failure to meet our customers’ requirements may adversely affect our revenues and prospects for growth.
We also expect that there will continue to be changes in interpretations of existing laws and regulations, or new proposed laws, regulations, and other obligations concerning privacy, data protection and information security, which could
impair our or our customers’ ability to collect, use or disclose information relating to consumers, which could decrease demand for our offerings, increase our costs and impair our ability to maintain and grow our customer base and increase our revenue. Because the interpretation and application of many laws and regulations relating to privacy, data protection and information security, along with industry standards, are uncertain, it is possible that these laws and regulations may be interpreted and applied in manners that are, or are alleged to be, inconsistent with our data management practices or the features of our products, and we could face fines, lawsuits, regulatory investigations and other claims and penalties, and we could be required to fundamentally change our products or our business practices, any of which could have an adverse effect on our business. Any inability to adequately address privacy, data protection and information security concerns, even if unfounded, or any actual or perceived failure to comply with applicable privacy, data protection or information security laws, regulations and other obligations, could result in additional cost and liability to us, damage our reputation, inhibit sales and adversely affect our business. Furthermore, the costs of compliance with, and other burdens imposed by, the laws, regulations and policies that are applicable to the businesses of our customers may limit the use and adoption of, and reduce the overall demand for, our products. Privacy, data protection and information security concerns, whether valid or not valid, may inhibit market adoption of our products, particularly in certain industries and countries outside of the United States. If we are not able to adjust to changing laws, regulations and standards related to the Internet, our business may be harmed.
We are subject to governmental export and import controls and economic sanctions programs that could impair our ability to compete in international markets or subject us to liability if we violate these controls.
Our software and services, in some cases, are subject to U.S. export control laws and regulations including the Export Administration Regulations (“EAR”), and trade and economic sanctions maintained by the Office of Foreign Assets Control (“OFAC”). As such, an export license may be required to export or reexport our software and services to certain countries and end-users for certain end-uses. If we were to fail to comply with such U.S. export controls laws and regulations, U.S. economic sanctions, or other similar laws, we could be subject to both civil and criminal penalties, including substantial fines, possible incarceration for employees and managers for willful violations, and the possible loss of our export or import privileges. Obtaining the necessary export license for a particular sale or offering may not be possible and may be time-consuming and may result in the delay or loss of sales opportunities. Furthermore, U.S. export control laws and economic sanctions in many cases prohibit the export of software and services to certain U.S. embargoed or sanctioned countries, governments and persons, as well as for prohibited end-uses. Monitoring and ensuring compliance with these complex U.S. export control laws is particularly challenging because our offerings are widely distributed throughout the world, and information available on the users of these offerings is, in some cases, limited. In addition, because we incorporate encryption functionality into our products, we are also subject to certain provisions of these laws that apply to encryption items. Even though we take precautions to ensure that we and our partners comply with all relevant export control laws and regulations, any failure by us or our partners to comply with such laws and regulations could have negative consequences for us, including reputational harm, government investigations and penalties.
In addition, various countries regulate the export and import of certain encryption software and technology, including through import permit and license requirements, and have enacted laws that could limit our ability to distribute our products and services or could limit our end-customers’ ability to implement our products in those countries. Changes in our products or changes in export and import regulations in such countries may create delays in the introduction of our products and services into international markets, prevent our end-customers with international operations from deploying our products globally or, in some cases, prevent or delay the export or import of our products and services to certain countries, governments or persons altogether. The following developments could result in decreased use of our products and services by, or in our decreased ability to export or sell our products to, existing or potential end-customers with international operations: any change in export or import laws or regulations, economic sanctions or related legislation; shift in the enforcement or scope of existing export, import or sanctions laws or regulations; or change in the countries, governments, persons, or technologies targeted by such export, import or sanctions laws or regulations. Any decreased use of our products or services or limitation on our ability to export to or sell our products or services in international markets could adversely affect our business, financial condition and operating results.
Failure to comply with anti-bribery, anti-corruption, and anti-money laundering laws could subject us to penalties and other adverse consequences.
We are subject to the FCPA, the U.K. Bribery Act and other anti-corruption, anti-bribery and anti-money laundering laws in various jurisdictions both domestic and abroad. We leverage channel partners to sell our offerings abroad and use other third parties, including recruiting firms, professional employer organizations, legal, accounting and other professional advisors, and local vendors to meet our needs associated with doing business abroad. We and these third parties may have direct or indirect interactions with officials and employees of government agencies, or state-owned or affiliated entities, and we may be held liable for the corrupt or other illegal activities of our channel partners and third-party representatives, as well as our employees, representatives, contractors, partners, and agents, even if we do not explicitly authorize such activities. While we
have policies and procedures to address compliance with such laws, we cannot assure you that the channel partners, third-party representatives, our employees, contractors or agents will not take actions in violation of our policies and applicable law, for which we may be ultimately held responsible. Any violation of the FCPA, U.K. Bribery Act or other applicable anti-bribery, anti-corruption laws, and anti-money laundering laws could result in whistleblower complaints, adverse media coverage, investigations, loss of export privileges, severe criminal or civil sanctions, or suspension or debarment from U.S. government contracts, all of which may have an adverse effect on our reputation, business, operating results and prospects.
Risks Related to Ownership of our Ordinary Shares
The market price for our ordinary shares has been and is likely to continue to be volatile or may decline regardless of our operating performance.
The stock markets, and securities of technology companies in particular, have experienced extreme price and volume fluctuations that have affected and continue to affect the market prices of equity securities of many technology companies. Stock prices of many technology companies have fluctuated in a manner unrelated or disproportionate to the operating performance of those companies. The economic impact and uncertainty of the ongoing COVID-19 pandemic have exacerbated this volatility in both the overall stock markets and the market price of our ordinary shares. In the past, shareholders have instituted securities class action litigation following periods of market volatility. If we were to become involved in securities litigation, it could subject us to substantial costs, divert resources and the attention of management from our business and adversely affect our business. The market price of our ordinary shares may fluctuate significantly in response to numerous factors, many of which are beyond our control, including:
•actual or anticipated changes or fluctuations in our operating results;
•the financial projections we may provide to the public, any changes in these projections or our failure to meet these projections;
•announcements by us or our competitors of new offerings or new or terminated significant contracts, commercial relationships or capital commitments;
•industry or financial analyst or investor reaction to our press releases, other public announcements, and filings with the SEC;
•rumors and market speculation involving us or other companies in our industry;
•a gain or loss of investor confidence in the market for technology stocks or the stock market in general;
•future sales or expected future sales of our ordinary shares;
•investor perceptions of us, the benefits of our offerings and the industries in which we operate;
•price and volume fluctuations in the overall stock market from time to time;
•changes in operating performance and/or stock market valuations of other technology companies generally, or those in our industry in particular;
•failure of industry or financial analysts to maintain coverage of us, changes in financial estimates by any analysts who follow our company, or our failure to meet these estimates or the expectations of investors;
•actual or anticipated developments in our business or our competitors’ businesses or the competitive landscape generally;
•litigation involving us, our industry or both, or investigations by regulators into our operations or those of our competitors;
•developments or disputes concerning our intellectual property rights or our solutions, or third-party proprietary rights;
•announced or completed acquisitions of businesses or technologies by us or our competitors;
•breaches of, or failures relating to, privacy, data protection or information security;
•new laws or regulations or new interpretations of existing laws or regulations applicable to our business;
•any major changes in our management or our board of directors, particularly with respect to Mr. Banon;
•general economic conditions and slow or negative growth of our markets, including as a result of the COVID-19 pandemic; and
•other events or factors, including those resulting from war, incidents of terrorism or responses to these events.
We may fail to meet our publicly announced guidance or other expectations about our business and future operating results, which would cause our stock price to decline.
We have provided and may continue to provide guidance and other expectations in our quarterly and annual earnings conference calls, quarterly and annual earnings releases, or otherwise, regarding our future performance. Guidance, as well as other expectations, are forward-looking and represent our management’s estimates as of the date of release and are based upon a number of assumptions and estimates that, while presented with numerical specificity, are inherently subject to significant business, economic and competitive uncertainties and contingencies on our business, many of which are beyond our control and are based upon specific assumptions with respect to future business decisions, some of which will change. One of those key assumptions relates to the impact of the ongoing COVID-19 pandemic and the associated economic uncertainty on our business, which is inherently difficult to predict. Furthermore, analysts and investors may develop and publish their own projections of our business, which may form a consensus about our future performance. Our actual business results may vary significantly from such guidance or other expectations or that consensus due to a number of factors, many of which are outside of our control, including due to the global economic uncertainty and financial market conditions caused by the ongoing COVID-19 pandemic, and which could adversely affect our business and future operating results. There are no comparable recent events that provide insights as to the probable effect of the ongoing COVID-19 pandemic, and, as a result, the ultimate impact of the COVID-19 outbreak is highly uncertain and subject to change. Furthermore, if we make downward revisions of our previously announced guidance or other expectations, if we withdraw our previously announced guidance or other expectations, or if our publicly announced guidance or other expectations of future operating results fail to meet expectations of securities analysts, investors or other interested parties, the price of our ordinary shares would decline. In light of the foregoing, investors are urged not to rely upon our guidance or other expectations in making an investment decision regarding our ordinary shares.
Any failure to successfully implement our operating strategy or the occurrence of any of the events or circumstances set forth in this “Risk Factors” section in this report could result in the actual operating results being different from our guidance or other expectations, and the differences may be adverse and material.
The concentration of our share ownership with insiders will likely limit your ability to influence corporate matters, including the ability to influence the outcome of director elections and other matters requiring shareholder approval.
Our executive officers and directors together beneficially owned 20.7% of our ordinary shares outstanding as of April 30, 2021. As a result, these shareholders, acting together, will have significant influence over matters that require approval by our shareholders, including matters such as adoption of the financial statements, declarations of dividends, the appointment and dismissal of directors, capital increases, amendment to our articles of association and approval of significant corporate transactions. Corporate action might be taken even if other shareholders oppose them. This concentration of ownership might also have the effect of delaying or preventing a change of control of us that other shareholders may view as beneficial.
The issuance of additional shares in connection with financings, acquisitions, investments, our share incentive plans or otherwise will dilute all other shareholders.
Our articles of association authorize us to issue up to 165 million ordinary shares and up to 165 million preference shares with such rights and preferences as included in our articles of association. On September 28, 2018, our extraordinary general meeting of shareholders (the “2018 Extraordinary Meeting”) empowered our board of directors to issue ordinary shares and preference shares up to our authorized share capital for a period of five years from October 10, 2018. Subject to compliance with applicable rules and regulations, we may issue ordinary shares or securities convertible into ordinary shares from time to time in connection with a financing, acquisition, investment, our share incentive plans or otherwise. Any such issuance could result in substantial dilution to our existing shareholders unless pre-emptive rights exist and cause the market price of our ordinary shares to decline.
Certain holders of our ordinary shares may not be able to exercise pre-emptive rights and as a result may experience substantial dilution upon future issuances of ordinary shares.
Holders of our ordinary shares in principle have a pro rata pre-emptive right with respect to any issue of ordinary shares or the granting of rights to subscribe for ordinary shares, unless Dutch law or our articles of association state otherwise or unless explicitly provided otherwise in a resolution by our general meeting of shareholders (the “General Meeting”), or—if authorized by the annual General Meeting or an extraordinary General Meeting—by a resolution of our board of directors. Our 2018 Extraordinary Meeting has empowered our board of directors to limit or exclude pre-emptive rights on ordinary shares for a period of five years from October 10, 2018, which could cause existing shareholders to experience substantial dilution of their interest in us.
Pre-emptive rights do not exist with respect to the issue of preference shares and holders of preference shares, if any, have no pre-emptive right to acquire newly issued ordinary shares. Also, pre-emptive rights do not exist with respect to the issue of shares or grant of rights to subscribe for shares to employees of the company or contributions in kind.
Sales of substantial amounts of our ordinary shares in the public markets, or the perception that they might occur, could reduce the price that our ordinary shares might otherwise attain.
Sales of a substantial number of shares of our ordinary shares in the public market, particularly sales by our directors, executive officers and significant shareholders, or the perception that these sales could occur, could adversely affect the market price of our ordinary shares and may make it more difficult for you to sell your ordinary shares at a time and price that you deem appropriate.
In addition, holders of an aggregate of 18,138,691 ordinary shares, based on shares outstanding as of April 30, 2021, are entitled to rights with respect to registration of these shares under the Securities Act pursuant to our amended and restated investors’ rights agreement, dated July 19, 2016. If these holders of our ordinary shares, by exercising their registration rights, sell a large number of shares, they could adversely affect the market price for our ordinary shares. We have also filed registration statements on Form S-8 under the Securities Act registering all ordinary shares that we may issue under our equity compensation plan, which may in turn be sold and may adversely affect the market price for our ordinary shares.
Certain anti-takeover provisions in our articles of association and under Dutch law may prevent or could make an acquisition of our company more difficult, limit attempts by our shareholders to replace or remove members of our board of directors and may adversely affect the market price of our ordinary shares.
Our articles of association contain provisions that could delay or prevent a change in control of our company. These provisions could also make it difficult for shareholders to appoint directors that are not nominated by the current members of our board of directors or take other corporate actions, including effecting changes in our management. These provisions include:
•the staggered three-year terms of the members of our board of directors, as a result of which only approximately one-third of the members of our board of directors may be subject to election in any one year;
•a provision that the members of our board of directors may only be removed by a General Meeting by a two-thirds majority of votes cast representing at least 50% of our issued share capital if such removal is not proposed by our board of directors;
•a provision that the members of our board of directors may only be appointed upon binding nomination of the board of directors, which can only be overruled with a two-thirds majority of votes cast representing at least 50% of our issued share capital;
•the inclusion of a class of preference shares in our authorized share capital that may be issued by our board of directors, in such a manner as to dilute the interest of shareholders, including any potential acquirer or activist shareholder, in order to delay or discourage any potential unsolicited offer or shareholder activism;
•requirements that certain matters, including an amendment of our articles of association, may only be brought to our shareholders for a vote upon a proposal by our board of directors; and
•minimum shareholding thresholds, based on nominal value, for shareholders to call General Meetings of our shareholders or to add items to the agenda for those meetings.
We are subject to the Dutch Corporate Governance Code but do not comply with all the suggested governance provisions of the Dutch Corporate Governance Code. This may affect your rights as a shareholder.
As a Dutch company, we are subject to the Dutch Corporate Governance Code (“DCGC”). The DCGC contains both principles and suggested governance provisions for management boards, supervisory boards, shareholders and general meetings, financial reporting, auditors, disclosure, compliance and enforcement standards. The DCGC is based on a “comply or explain” principle. Accordingly, public companies are required to disclose in their annual reports, filed in the Netherlands, whether they comply with the suggested governance provisions of the DCGC. If they do not comply with those provisions (e.g., because of a conflicting requirement), the company is required to give the reasons for such noncompliance. The DCGC applies to all Dutch companies listed on a government-recognized stock exchange, whether in the Netherlands or elsewhere, including the NYSE. The principles and suggested governance provisions apply to our board of directors (in relation to role and composition, conflicts of interest and independency requirements, board committees and remuneration), shareholders and the General Meeting (for example, regarding anti-takeover protection and our obligations to provide information to our shareholders) and financial reporting (such as external auditor and internal audit requirements). We comply with all applicable provisions of the DCGC except where such provisions conflict with U.S. exchange listing requirements or with market
practices in the United States or the Netherlands. This may affect your rights as a shareholder, and you may not have the same level of protection as a shareholder in a Dutch company that fully complies with the suggested governance provisions of the DCGC.
We do not intend to pay dividends in the foreseeable future. As a result, your ability to achieve a return on your investment will depend on appreciation in the price of our ordinary shares.
We have never declared or paid any cash dividends on our shares. We currently intend to retain all available funds and any future earnings for use in the operation of our business and do not anticipate paying any dividends on our ordinary shares in the foreseeable future. Were this position to change, payment of future dividends may be made only if our equity exceeds the amount of the paid-in and called-up part of the issued share capital, increased by the reserves required to be maintained by Dutch law or by our articles of association. Accordingly, investors must rely on sales of their ordinary shares after price appreciation, which may never occur, as the only way to realize any future gains on their investments.
Claims of U.S. civil liabilities may not be enforceable against us.
We are incorporated under the laws of the Netherlands and substantial portions of our assets are located outside of the United States. In addition, two members of our board of directors and certain experts named herein reside outside the United States. As a result, it may be difficult for investors to effect service of process within the United States upon us or such other persons residing outside the United States, or to enforce outside the United States judgments obtained against such persons in U.S. courts in any action, including actions predicated upon the civil liability provisions of the U.S. federal securities laws. In addition, it may be difficult for investors to enforce, in original actions brought in courts in jurisdictions located outside the United States, rights predicated upon the U.S. federal securities laws.
There is no treaty between the United States and the Netherlands for the mutual recognition and enforcement of judgments (other than arbitration awards) in civil and commercial matters. Therefore, a final judgment rendered by any federal or state court in the United States based on civil liability, whether or not predicated solely upon the U.S. federal securities laws, would not be enforceable in the Netherlands unless the underlying claim is re-litigated before a Dutch court of competent jurisdiction. In such proceedings, however, a Dutch court may be expected to recognize the binding effect of a judgment of a federal or state court in the United States without re-examination of the substantive matters adjudicated thereby, if (i) the jurisdiction of the U.S. federal or state court has been based on internationally accepted principles of private international law, (ii) that judgment resulted from legal proceedings compatible with Dutch notions of due process, (iii) that judgment does not contravene public policy of the Netherlands and (iv) that judgment is not incompatible with (x) an earlier judgment of a Dutch court between the same parties, or (y) an earlier judgment of a foreign court between the same parties in a dispute regarding the same subject and based on the same cause, if that earlier foreign judgment is recognizable in the Netherlands.
Based on the foregoing, there can be no assurance that U.S. investors will be able to enforce against us or members of our board of directors, officers or certain experts named herein, who are residents of the Netherlands or countries other than the United States, any judgments obtained in U.S. courts in civil and commercial matters, including judgments under the U.S. federal securities laws.
In addition, there can be no assurance that a Dutch court would impose civil liability on us, the members of our board of directors, our officers or certain experts named herein in an original action predicated solely upon the U.S. federal securities laws brought in a court of competent jurisdiction in the Netherlands against us or such members, officers or experts, respectively.
U.S. persons who hold our ordinary shares may suffer adverse tax consequences if we are characterized as a passive foreign investment company.
A non-U.S. corporation will generally be considered a passive foreign investment company (“PFIC”), for U.S. federal income tax purposes, in any taxable year if either (1) at least 75% of its gross income for such year is passive income or (2) at least 50% of the value of its assets (based on an average of the quarterly values of the assets during such year) is attributable to assets that produce or are held for the production of passive income (“the PFIC asset test”). For purposes of the PFIC asset test, the value of our assets will generally be determined by reference to our market capitalization. Based on our past and current projections of our income and assets, we do not expect to be a PFIC for the current taxable year or for the foreseeable future. Nevertheless, a separate factual determination as to whether we are or have become a PFIC must be made each year (after the close of such year). Since our projections may differ from our actual business results and our market capitalization and value of our assets may fluctuate, we cannot assure you that we will not be or become a PFIC in the current taxable year or any future taxable year. If we are a PFIC for any taxable year during which a U.S. person (as defined in Section 7701(a)(30) of the Internal Revenue Code of 1986, as amended) holds our ordinary shares, such U.S. person may be subject to adverse tax consequences. Each U.S. person who holds our ordinary shares is strongly urged to consult his, her or its tax advisor regarding the application of these rules and the availability of any potential elections.
If a U.S. person is treated as owning at least 10% of our ordinary shares, such U.S. person may be subject to adverse U.S. federal income tax consequences.
If a U.S. person is treated as owning (directly, indirectly, or constructively) at least 10% of the total combined voting power of our shares, or of the total value of our shares, such shareholder may be treated as a “United States shareholder” with respect to each “controlled foreign corporation” in our group (if any). Under changes implemented by the legislation commonly referred to as the Tax Cuts and Jobs Act of 2017, because our group includes one or more U.S. subsidiaries, certain of our non-U.S. subsidiaries could be treated as controlled foreign corporations (regardless of whether we are treated as a controlled foreign corporation). A United States shareholder of a controlled foreign corporation may be required to report annually and include in its U.S. taxable income its pro rata share of “Subpart F income,” “global intangible low-taxed income,” and investments in U.S. property by controlled foreign corporations, regardless of whether we make any distributions. An individual that is a United States shareholder with respect to a controlled foreign corporation generally would not be allowed certain tax deductions or foreign tax credits that would be allowed to a United States shareholder that is a U.S. corporation. We cannot provide any assurances that we will assist investors in determining whether we or any of our non-U.S. subsidiaries is treated as a controlled foreign corporation or whether any investor is treated as a United States shareholder with respect to any such controlled foreign corporation or furnish to any investor who may be a United States shareholder information that may be necessary to comply with the aforementioned reporting and tax paying obligations. Failure to comply with these reporting obligations may subject a shareholder who is a United States shareholder to significant monetary penalties and may prevent from starting the statute of limitations with respect to such shareholder’s U.S. federal income tax return for the year for which reporting was due. A U.S. person should consult its advisors regarding the potential application of these rules to an investment in our ordinary shares.
We may not be able to make distributions or repurchase shares without subjecting our shareholders to Dutch withholding tax, and dividends distributed on our ordinary shares to certain related parties in low-tax jurisdictions might in the future become subject to an additional Dutch withholding tax.
We have not paid a dividend on our ordinary shares in the past and we do not intend to pay any dividends to holders of our ordinary shares in the foreseeable future. See “Risk Factors—We do not intend to pay dividends in the foreseeable future. As a result, your ability to achieve a return on your investment will depend on appreciation in the price of our ordinary shares.” However, if we ever do pay dividends or repurchase shares, then under current Dutch tax law, the dividend paid or repurchase price paid may be subject to Dutch dividend withholding tax at a rate of 15% under the Dutch Dividend Withholding Tax Act (Wet op de dividendbelasting 1965, “Regular Dividend Withholding Tax”), unless a domestic or treaty exemption applies.
On March 25, 2021, the Dutch State Secretary of Finance submitted a proposal of law to the Dutch parliament pursuant to which an alternative withholding tax (“Alternative Withholding Tax”) will be imposed on dividends paid to related entities in designated low-tax jurisdictions, effective 1 January 2024. An entity is considered related if (i) it has a “Qualifying Interest” in our company, (ii) our company has a “Qualifying Interest” in the entity holding the ordinary shares, or (iii) a third party has a "Qualifying Interest" in both our company and the entity holding the ordinary shares. The term “Qualifying Interest” means a direct or indirectly held interest either by an entity individually or jointly if an entity is part of a collaborating group (samenwerkende groep) that enables such entity or such collaborating group to exercise a definite influence over another entities' decisions, such as our company or an entity holding ordinary shares as the case may be, and allows it to determine the other entities' activities. The Alternative Withholding Tax will be imposed at the highest Dutch corporate income tax rate in effect at the time of the distribution (currently 25%). The Alternative Withholding Tax will be reduced, but not below zero, with any Regular Dividend Withholding Tax imposed on distributions. As such, based on currently applicable rates, the overall effective rate of withholding of Regular Dividend Withholding Tax and Alternative Withholding Tax will not exceed the highest corporate income tax rate in effect at the time of the distribution (currently 25%). The proposal of law is subject to amendment during the course of the legislative process and it needs to be approved by both chambers of the Dutch parliament before it can enter into force.
If we cease to be a Dutch tax resident for the purposes of a tax treaty concluded by the Netherlands and in certain other events, we could potentially be subject to a proposed Dutch dividend withholding tax in respect of a deemed distribution of our entire market value less paid-up capital.
Under a proposal of law currently pending before the Dutch parliament, the Emergency act conditional dividend exit tax (Spoedwet conditionele eindafrekening dividendbelasting “Dividend Exit Tax”), we will be deemed to have distributed an amount equal to our entire market capitalization less recognized paid-up capital immediately before the occurrence of certain events, including if we cease to be a Dutch tax resident for purposes of a tax treaty concluded by the Netherlands and become, for purposes of such tax treaty, a tax resident of a non-qualifying jurisdiction. This deemed distribution will be subject to a 15% tax. An automatic interest free unconditional indefinite extension for the full amount of the tax will be granted. However, the extension will expire, inter alia, if and to the extent we make distributions after the taxable event for the purposes of the Dividend Exit Tax (in respect of which the extension is granted). In that event, the Dividend Exit Tax rules prescribe that we
will have a right to recover the tax from our shareholders through set-off against their dividend receivable. If we do not recover this amount from our shareholders, we will have to pay such part of the deferred tax ourselves. It is not certain whether the Dividend Exit Tax will be enacted and if so, in what form. If enacted in its present form before the Dutch parliament the Dividend Exit Tax will have retroactive effect from September 18, 2020.
General Risk Factors
Unfavorable or uncertain conditions in our industry or the global economy or reductions in information technology spending, including as a result of the COVID-19 pandemic, could limit our ability to grow our business and negatively affect our results of operations.
Our results of operations may vary based on the impact of changes in our industry or the global economy on us or our customers. Current or future economic uncertainties or downturns could adversely affect our business and results of operations. Negative conditions in the general economy both in the United States and abroad, including conditions resulting from changes in gross domestic product growth, financial and credit market fluctuations, international trade relations, political instability or unrest and new developments resulting from recent elections and changes of administration, natural catastrophes, warfare, infectious diseases and terrorist attacks on the United States, Europe, the Asia Pacific region or elsewhere, could cause a decrease in business investments by our customers and potential customers, including spending on information technology, and negatively affect the growth of our business. For example, the COVID-19 pandemic has curtailed business spending by our customers, resulted in business disruptions for us and/or our customers, restricted travel to customer sites and resulted in a quarantine of affected populations impacting our employees, partners and customers. Additionally, mitigation and containment measures adopted by government authorities to contain the spread of COVID-19 in the U.S. and abroad may significantly impact business continuity for our partners and our customers, reduce our customers’ business operations, delay their engagement with us (including due to travel restrictions and restrictions on in-person meetings) and could thereby adversely affect our business and financial results. Further, these measures by government authorities may continue to remain in place for a significant period of time or, even if lifted, could be reinstated at any time, and additional and/or extended measures could significantly impact the ability of our employees and customers and vendors to work productively.
To the extent our offerings are perceived by customers and potential customers as discretionary, our revenue may be disproportionately affected by delays or reductions in general information technology spending. Also, customers may choose to develop in-house software as an alternative to using our products. Moreover, competitors may respond to market conditions by lowering prices. We cannot predict the timing, strength or duration of any economic slowdown, instability or recovery, generally or within any particular industry. If the economic conditions of the general economy or markets in which we operate do not improve, or worsen from present levels, our business, results of operations and financial condition could be adversely affected.
We may acquire other businesses which could require significant management attention, disrupt our business, or dilute shareholder value. We may be unable to integrate acquired businesses and technologies, and acquisitions could adversely affect our results of operations.
As part of our business strategy, we may acquire or make investments in complementary companies, products, or technologies. We have in the past acquired, and expect in the future to acquire, businesses that we believe will complement or augment our existing business, such as our acquisition of Endgame in October 2019. The identification of suitable acquisition candidates is difficult, and we may not be able to complete such acquisitions on favorable terms, if at all. If we do complete future acquisitions, we may not ultimately strengthen our competitive position or achieve our goals and business strategy, we may be subject to claims or liabilities assumed from an acquired company, product, or technology, and any acquisitions we complete could be viewed negatively by our customers, investors, and securities analysts. In addition, if we are unsuccessful at integrating Endgame or future acquisitions, or the technologies associated with such acquisitions, into our company, the revenue and results of operations of the combined company could be adversely affected. Any integration process may require significant time and resources, which may disrupt our ongoing business and divert management’s attention, and we may not be able to manage the integration process successfully. We may not successfully evaluate or utilize acquired technology or personnel, realize anticipated synergies from acquisitions, or accurately forecast the financial impact of an acquisition transaction and integration of such acquisition, including accounting charges. We may have to pay cash, incur debt, or issue equity or equity-linked securities to pay for any future acquisitions, each of which could adversely affect our financial condition or the market price of our ordinary shares. The sale of equity or issuance of equity-linked debt to finance any future acquisitions could result in dilution to our shareholders. The incurrence of indebtedness would result in increased fixed obligations and could also include covenants or other restrictions that would impede our ability to manage our operations. Additionally, we may acquire development stage companies that are not yet profitable, and that require continued investment, which could adversely affect our results of operations and liquidity. The occurrence of any of these risks could harm our business, results of operations, and financial condition.
Catastrophic events, or man-made problems such as terrorism, may disrupt our business.
A significant natural disaster, such as an earthquake, fire, flood, or significant power outage could have an adverse impact on our business, results of operations, and financial condition. The impact of climate change may increase these risks due to changes in weather patterns, such as increases in storm intensity, sea-level rise, melting of permafrost and temperature extremes in areas where we or our suppliers and customers conduct business. We have a number of our employees and executive officers located in the San Francisco Bay Area, a region known for seismic activity and wildfires. In the event our or our partners’ abilities are hindered by any of the events discussed above, sales could be delayed, resulting in missed financial targets for a particular quarter. In addition, acts of terrorism, acts of war, other geo-political unrest or health issues, such as an outbreak of pandemic or epidemic diseases, such as the COVID-19 pandemic, or fear of such events, could cause disruptions in our business or the business of our partners, customers or the economy as a whole. Any disruption in the business of our partners or customers that affects sales in a given fiscal quarter could have a significant adverse impact on our quarterly results for that and future quarters. For example, the full extent to which the COVID-19 pandemic impacts our business, results of operations and financial condition will depend on future developments, which are highly uncertain and cannot be predicted. In addition, the COVID-19 pandemic has adversely affected the economies of many countries, resulting in economic downturns that could affect demand for our products and likely impact our operating results. All of the aforementioned risks may be further increased if our disaster recovery plans prove to be inadequate. See the risk factor entitled “The ongoing COVID-19 pandemic could harm our business and results of operations.”
If our estimates or judgments relating to our critical accounting policies are based on assumptions that change or prove to be incorrect, our results of operations could fall below expectations of securities analysts and investors, resulting in a decline in the trading price of our ordinary shares.
The preparation of financial statements in conformity with GAAP requires management to make estimates and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, as provided in “Management’s Discussion and Analysis of Financial Condition and Results of Operations” included elsewhere in this Annual Report on Form 10-K, the results of which form the basis for making judgments about the carrying values of assets, liabilities, equity, revenue, and expenses that are not readily apparent from other sources. Our results of operations may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our results of operations to fall below our publicly announced guidance or the expectations of securities analysts and investors, resulting in a decline in the market price of our ordinary shares. Significant assumptions and estimates used in preparing our consolidated financial statements include those related to revenue recognition, measurement of stock-based compensation expense, accounting of intangible assets, goodwill impairment test, and accounting for income taxes including deferred tax assets and liabilities.
If industry or financial analysts do not publish research or reports about our business, or if they issue inaccurate or unfavorable research regarding our ordinary shares, our share price and trading volume could decline, which could adversely affect our business.
The trading market for our ordinary shares is influenced by the research and reports that industry or financial analysts publish about us or our business. We do not control these analysts, or the content and opinions included in their reports. If any of the analysts who cover us issues an inaccurate or unfavorable opinion regarding our company, our stock price would likely decline. In addition, the stock prices of many companies in the technology industry have declined significantly after those companies have failed to meet, or significantly exceed, the financial guidance publicly announced by the companies or the expectations of analysts or public investors. If our financial results fail to meet, or significantly exceed, our announced guidance or the expectations of analysts or public investors, our stock price may decline. Further, analysts could downgrade our ordinary shares or publish unfavorable research about us. If one or more of the analysts who cover our company ceases to cover us, or fails to publish reports on us regularly, our visibility in the financial markets could decrease, which in turn could cause our stock price or trading volume to decline and could adversely affect our business.
The requirements of being a public company may strain our resources, divert management’s attention and affect our ability to attract and retain senior management and qualified board members.
As a public company, we are subject to the reporting and corporate governance requirements of the Exchange Act, the listing requirements of the NYSE and other applicable securities rules and regulations, including the Sarbanes-Oxley Act and the Dodd-Frank Wall Street Reform and Consumer Protection Act. Compliance with these rules and regulations has increased, and we expect will continue increasing our legal and financial compliance costs, make some activities more difficult, time-consuming or costly and increase demand on our systems and resources.
Among other things, the Exchange Act requires that we file annual, quarterly and current reports with respect to our business and results of operations, and the Sarbanes-Oxley Act requires that we maintain effective disclosure controls and
procedures and internal control over financial reporting. In order to improve our disclosure controls and procedures and internal control over financial reporting to meet this standard, significant resources and management oversight is required. As a result, management’s attention may be diverted from other business concerns, which could harm our business, financial condition, results of operations and prospects. Although we have already hired additional personnel to help comply with these requirements, we may need to further expand our legal and finance departments in the future or hire outside consultants, which will increase our costs and expenses.
In addition, changing laws, regulations and standards relating to corporate governance and public disclosure are creating uncertainty for public companies, increasing legal and financial compliance costs and making some activities more time-consuming. These laws, regulations and standards are subject to varying interpretations, in many cases due to their lack of specificity, and, as a result, their application in practice may evolve over time as new guidance is provided by regulatory and governing bodies. This could result in continuing uncertainty regarding compliance matters and higher costs necessitated by ongoing revisions to disclosure and governance practices. We intend to invest resources to comply with evolving laws, regulations and standards, and this investment may result in increased general and administrative expense and a diversion of management’s time and attention from revenue-generating activities to compliance activities. If our efforts to comply with new laws, regulations and standards differ from the activities intended by regulatory or governing bodies, regulatory authorities may initiate legal proceedings against us and our business and prospects may be harmed. As a result of disclosure of information in the filings required of a public company and in this Annual Report on Form 10-K, our business and financial condition will become more visible, which may result in threatened or actual litigation, including by competitors and other third parties. If such claims are successful, our business, financial condition, results of operations and prospects could be materially harmed, and even if the claims do not result in litigation or are resolved in our favor, these claims, and the time and resources necessary to resolve them, could divert the resources of our management and materially harm our business, financial condition, results of operations and prospects. These factors could also make it more difficult for us to attract and retain qualified senior management or members of our board of directors, particularly to serve on our audit and compensation committees.
If we fail to maintain an effective system of disclosure controls and internal control over financial reporting, we may be unable to accurately report our financial results or prevent fraud, and investor confidence and the market price of our ordinary shares may decline, which could adversely affect our business.
As a public company in the United States, we are subject to the Sarbanes-Oxley Act, which requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting. In order to maintain and improve the effectiveness of our disclosure controls and procedures and internal control over financial reporting, we have expended and anticipate that we will continue to expend significant resources, including accounting-related costs and significant management oversight. For example, since our IPO, we have hired additional accounting and financial staff with appropriate public company experience and technical accounting knowledge to assist in our compliance efforts. We have incurred and expect to continue to incur significant expenses and devote substantial management effort toward compliance with the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act. To assist us in complying with these requirements we may need to hire more employees in the future, or engage outside consultants, which will increase our operating expenses.
Despite significant investment, our current controls and any new controls that we develop may become inadequate because of changes in conditions in our business. Further, weaknesses in our disclosure controls and internal control over financial reporting may be discovered in the future. Any failure to implement or maintain effective controls or any difficulties encountered in their implementation or improvement could harm our results of operations or cause us to fail to meet our reporting obligations and may result in a restatement of our financial statements for prior periods. Any failure to implement and maintain effective internal control over financial reporting could also adversely affect the results of periodic management evaluations and annual independent registered public accounting firm attestation reports regarding the effectiveness of our internal control over financial reporting that are required to be included in our periodic reports that we file with the SEC.
Ineffective disclosure controls and procedures and internal control over financial reporting could also cause investors to lose confidence in our reported financial and other information, subject us to sanctions or investigations by the NYSE, the SEC or other regulatory authorities, and would likely cause the trading price of our ordinary shares to decline, which could adversely affect our business.
Item 1B. Unresolved Staff Comments.
Item 2. Properties.
As a distributed company, we employ a distributed workforce with offices and employee hubs around the world. The largest of these hubs is located in Mountain View, California, where we lease approximately 40,000 square feet.
All offices are leased and we do not own any real property. We intend to procure additional space in the future as we continue to add employees and expand geographically. We believe that our current facilities are adequate to meet our current needs and that, as we grow, suitable additional space will be available to either expand existing hubs or open new hubs in new locations.
Item 3. Legal Proceedings.
The information called for by this Item is incorporated herein by reference to Item 8. “Financial Statements and Supplementary Data,” Note 7, “Commitments and Contingencies” included elsewhere in this Annual Report on Form 10-K.
From time to time, we may be subject to legal proceedings and claims that arise in the ordinary course of business, including patent, commercial, product liability, employment, class action, whistleblower and other litigation and claims, as well as governmental and other regulatory investigations and proceedings. In addition, third parties may from time to time assert claims against us in the form of letters and other communications. We are not currently a party to any legal proceedings that, if determined adversely to us, would, in our opinion, have a material adverse effect on our business, results of operations, financial condition or cash flows. Future litigation may be necessary to defend ourselves, our partners and our customers by determining the scope, enforceability and validity of third-party proprietary rights, or to establish our proprietary rights. The results of any current or future litigation cannot be predicted with certainty, and regardless of the outcome, litigation can have an adverse impact on us because of defense and settlement costs, diversion of management resources and other factors.
Item 4. Mine Safety Disclosures.