UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
FORM 10-K
☑
☐
ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
For the Fiscal Year Ended December 31, 2018
OR
TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
For the Transition Period from to
Commission File Number 001-35506
PROOFPOINT, INC.
(Exact name of Registrant as specified in its charter)
Delaware
(State or other jurisdiction of
incorporation or organization)
892 Ross Drive
Sunnyvale, California
(Address of principal executive offices)
51-0414846
(I.R.S. employer
identification no.)
94089
(Zip Code)
(408) 517-4710
(Registrant’s telephone number, including area code)
S ecurities registered pursuant to Section 12(b) of the Act:
Title of Each Class
Common Stock, $0.0001 par value per share
Name of each exchange on which registered
NASDAQ Global Select Market
Securities registered pursuant to Section 12(g) of the Act:
None
Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. YES ☑ NO ☐
Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act. YES ☐ NO ☑
Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for
such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. YES ☑ NO ☐
Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter)
during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). YES ☑ NO ☐
Indicate by check mark if disclosure of delinquent filers pursuant to Item 405 of Regulation S-K (§229.405 of this chapter) is not contained herein, and will not be contained, to the best of
registrant’s knowledge, in definitive proxy or information statements incorporated by reference in Part III of this Form 10-K or any amendment to this Form 10-K. ☐
Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, or a smaller reporting company, or an emerging growth company. See the
definitions of “large accelerated filer,” “accelerated filer”, “smaller reporting company” and “emerging growth company” in Rule 12b-2 of the Exchange Act.
Large accelerated filer
Non-accelerated filer
☑
☐
Accelerated filer
Smaller reporting company
Emerging growth company
☐
☐
☐
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting
standards provided pursuant to Section 13(a) of the Exchange Act. ☐
Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act). YES ☐ NO ☑
The aggregate market value of the voting and non-voting common equity held by non-affiliates of the registrant, based upon the closing price of a share of the registrant’s common stock on June
30, 2018 as reported by the NASDAQ Global Select Market on that date, was approximately $5,798 million. This calculation does not reflect a determination that certain persons are affiliates of
the registrant for any other purpose.
The number of shares outstanding of the registrant’s common stock as of February 8, 2019 was 55,349,592 shares.
DOCUMENTS INCORPORATED BY REFERENCE
Portions of the registrant’s Proxy Statement for its 2018 Annual Meeting of Stockholders (the “Proxy Statement”), to be filed with the Securities and Exchange Commission, are incorporated by
reference into Part III of this Annual Report on Form 10-K where indicated. The Proxy Statement will be filed with the Securities and Exchange Commission within 120 days of the registrant’s
fiscal year ended December 31, 2018.
�PROOFPOINT, INC.
FORM 10-K
For the Fiscal Year Ended December 31, 2018
TABLE OF CONTENTS
PART I.
Item 1.
Business
Item 1A.
Risk Factors
Item 1B.
Unresolved Staff Comments
Item 2.
Item 3.
Item 4.
PART II.
Item 5.
Item 6.
Item 7.
Properties
Legal Proceedings
Mine Safety Disclosures
Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities
Selected Financial Data
Management's Discussion and Analysis of Financial Condition and Results of Operations
Item 7A.
Quantitative and Qualitative Disclosures About Market Risk
Item 8.
Item 9.
Financial Statements and Supplementary Data
Changes in and Disagreements with Accountants on Accounting and Financial Disclosure
Item 9A.
Controls and Procedures
Item 9B.
Other Information
PART III.
Item 10.
Directors, Executive Officers and Corporate Governance
Item 11.
Executive Compensation
Item 12.
Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters
Item 13.
Certain Relationships and Related Transactions, and Director Independence
Item 14.
Principal Accountant Fees and Services
PART IV.
Item 15.
Exhibits and Financial Statement Schedules
Signatures
2
Page
4
16
33
33
34
34
35
36
39
60
61
61
61
61
62
62
62
62
62
63
106
�CAUTIONARY STATEMENT REGARDING FORWARD-LOOKING STATEMENTS
This Annual Report on Form 10-K contains forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995.
All statements contained in this Annual Report on Form 10-K other than statements of historical fact, including statements regarding our future results of
operations and financial position, our business strategy and plans, and our objectives for future operations, are forward-looking statements. The words “believe,”
“may,” “will,” “estimate,” “continue,” “anticipate,” “intend,” “expect,” and similar expressions are intended to identify forward-looking statements. We have based
these forward-looking statements largely on our current expectations and projections about future events and trends that we believe may affect our financial
condition, results of operations, business strategy, short-term and long-term business operations and objectives, and financial needs. These forward-looking
statements are subject to a number of risks, uncertainties and assumptions, including those described in Part I, Item 1A, “Risk Factors” in this Annual Report on
Form 10-K. Moreover, we operate in a very competitive and rapidly changing environment. New risks emerge from time to time. It is not possible for our
management to predict all risks, nor can we assess the impact of all factors on our business or the extent to which any factor, or combination of factors, may cause
actual results to differ materially from those contained in any forward-looking statements we may make. In light of these risks, uncertainties and assumptions, the
future events and trends discussed in this Annual Report on Form 10-K may not occur and actual results could differ materially and adversely from those
anticipated or implied in the forward-looking statements. We undertake no obligation to revise or publicly release the results of any revision to these forward-
looking statements, except as required by law. Given these risks and uncertainties, readers are cautioned not to place undue reliance on such forward-looking
statements.
Unless expressly indicated or the context requires otherwise, the terms “Proofpoint,” “Company,” “Registrant,” “we,” “us,” and “our” mean
Proofpoint, Inc. and its subsidiaries unless the context indicates otherwise.
3
�ITEM 1. BUSINESS
Overview
PART I
Proofpoint is a leading next-generation cybersecurity company that enables large and mid-sized organizations worldwide to protect the way their
people work from advanced threats and compliance risks. Our integrated suite of products works together to help organizations build people-centric security and
compliance programs. We provide threat protection, information protection, user protection, business ecosystem protection, and compliance solutions to address
today’s rapidly changing threat and compliance landscape. Our solutions are built on a flexible, cloud-based platform and leverage proprietary technologies -
including big data analytics, machine learning, deep content inspection, secure storage, advanced encryption, intelligent message routing, dynamic malware
analysis, threat correlation, and virtual execution environments.
Every company’s greatest asset and greatest security risk is its people. Cyberattacks have fundamentally shifted from targeting infrastructure to
targeting people, relying on tricking users into running code, divulging their passwords, or even sending money or data. This transformation of the threat landscape
manifests in nearly every form of cyber threat, from nation state advanced persistent threat (APT) actors relying on phishing, through to cybercriminals launching
massive ransomware email campaigns, and more targeted campaigns designed to steal valuable data from both legacy and cloud-based systems. At the same time,
the rapid adoption of cloud applications has increased organizations’ attack surface by moving both threats and sensitive data away from the traditional network
perimeter, reducing the effectiveness of many existing security products. These factors have contributed to an increasing number of severe data breaches and
expanding regulatory mandates, notably the European Union’s General Data Protection Regulation (GDPR), all of which have accelerated demand for effective
threat protection and compliance solutions.
Our platform addresses this growing challenge by not only protecting data as it flows into and out of the enterprise via on-premises and cloud-based
email, social media, and other cloud applications, but also by keeping track of this information as it is modified and distributed throughout the enterprise for
compliance and data loss prevention, and securely archiving these communications for compliance and discovery. We help organizations reduce their critical risk in
five major ways:
•
•
•
•
•
Protecting users from the advanced attacks that target them via email, web, networks, social media, and cloud apps;
Preventing the theft or inadvertent loss of sensitive information and, in turn, ensuring compliance with regulatory data protection mandates;
Improving the resilience of end-users to the threats that target them and training them to be better caretakers of their organizations’ critical data;
Collecting, retaining, supervising and discovering communications and sensitive data for compliance and litigation support; and
Enabling organizations to respond quickly to security issues, providing both the intelligence and the context to prioritize incidents and
orchestrate remediation actions.
Our platform and its associated solutions are sold to customers on a subscription basis and can be deployed through our unique cloud-based
architecture that leverages both our global data centers as well as optional points-of-presence behind our customers’ firewalls. Our flexible deployment model
enables us to deliver superior security and compliance while maintaining the favorable economics afforded by cloud computing, creating a competitive advantage
for us over legacy on-premises and cloud-only offerings.
We were founded in 2002 to provide a unified solution to help enterprises address their growing data security requirements. Our first solution was
commercially released in 2003 to combat the burgeoning problem of spam and viruses and their impact on corporate email systems. To address the evolving threat
landscape and the adoption of communication and collaboration systems beyond corporate email and networks, we have broadened our solutions to defend against
a wide range of threats, including email, mobile apps and social media, to protect the
4
�information people create from both compromise and compliance risks, and to archive and govern corporate information. Today, our solutions are used worldwide
to protect well over 100 million end-users at enterprise customers, and millions mo re via service providers through our Cloudmark division. We market and sell
our solutions worldwide both directly through our sales teams and indirectly through a hybrid model where our sales organization actively assists our network of
distributors and re sellers. We also distribute our solutions through strategic partners.
Proofpoint Solutions
Our integrated suite of on-demand security-as-a-service solutions enables large and mid-sized organizations to protect people throughout the enterprise
from advanced attacks and compliance risks. Our comprehensive platform provides a secure email gateway, advanced threat protection, security awareness
training, threat intelligence, email authentication, email encryption, data loss prevention, digital risk protection, cloud application protection, web browser isolation,
archiving, e-discovery, and threat response capabilities. These solutions are built on a cloud-based architecture, protecting enterprises and their customers from
inbound threats via email, social media, and mobile apps, while identifying and protecting enterprise data not only where it is stored within the enterprise but also
as it transits beyond the organization’s borders such as via email or social media. We have pioneered the use of innovative technologies to deliver better ease-of-
use, greater protection against the latest advanced threats, and lower total cost of ownership than traditional alternatives. The key elements of our solution include:
•
•
•
Superior protection against both advanced and targeted threats . We use a combination of proprietary technologies for big data analytics,
machine learning, deep content inspection, static and dynamic malware analysis, protocol analysis, threat correlation, threat intelligence
extraction, and virtual execution environments to predictively and actively detect and stop targeted “spear phishing” and other sophisticated
advanced threats, including malicious attachments, polymorphic threats, zero-day exploits, user-transparent “drive-by” downloads, malicious
web links, hybrid threats (such as links inserted into attached files), malware free attacks like impostor threats and credential phishing, and other
penetration tactics. By processing, analyzing and correlating billions of data points on a daily basis, we can recognize anomalies in order to
predictively detect targeted attacks before users are exposed. Our deep content inspection technology enables us to identify malicious message
attachments and distinguish between valid messages and “phishing” messages designed to look authentic and trick the end-user into divulging
sensitive data or clicking on a malicious web link. Our machine learning technology enables us to detect targeted “zero-hour” attacks in real-
time, even if they have not been seen previously at other locations, and quarantine them appropriately. Our dynamic malware analysis and virtual
execution environment technologies enable us to examine web site destinations and downloadable files to identify and block potentially hostile
code that would otherwise compromise end-user computers, even in cases where the web sites are considered reputable or the attachment’s
malicious payload is obfuscated or otherwise disguised. Our threat correlation technologies enable us to rapidly confirm and contain threats,
providing rapid, automated protection. In addition, our threat intelligence and response capabilities enable our customers to both prioritize threats
that may have compromised them and orchestrate or automate protective countermeasures.
Comprehensive, integrated email security, advanced threat, information protection and archiving, and digital risk protection product families.
We offer a comprehensive solution for email security that we believe is unparalleled in the market. Our Threat Protection product family
includes solutions to protect organizations across the predominant threat vectors, including email, web, social media, and cloud applications. To
protect enterprise data from security and compliance risks, our Information Protection product family includes a suite of security and compliance
solutions. Finally, we enable organizations to look beyond their borders for threats targeting their customers across email phishing, malicious
web domains, compromised cloud accounts, and fraudulent social media accounts.
Designed to empower end-users. Unlike legacy offerings that simply block communication or report audit violations, our solutions actively
enable secure business-to-business and business-to-consumer communications. Our easy-to-use policy-based email encryption service
automatically encrypts sensitive emails and delivers them to any PC or mobile device. In addition, our secure file-transfer solution makes it easy
for end-users to securely share various forms of documents and other content that are typically too large to send through traditional e-mail
systems. All our solutions provide mobile-optimized capabilities to empower the growing number of people who use mobile devices as their
primary computing platform. We also provide solutions that train end-users to be the last line of defense against cyber-attacks.
5
�•
•
Security optimized cloud architecture. Our multi-tenant security-as-a-service solution leverages a distributed, scalable architecture deployed in
our global data centers for deep content inspectio n, global threat correlation and analytics, high-speed search, secure storage, encryption key
management, software updates, intelligent message routing, and other core functions. Our architecture also enables us to look across hundreds of
billions of data points gathered from across our product portfolio and intelligence feeds to better correlate and analyze both targeted and broad-
based threat campaigns. Customers can choose to deploy optional physical or virtual points-of-presence behind their firewalls f or those who
prefer to deploy certain functionality inside their security perimeter. This architecture enables us to leverage the benefits of the cloud to cost-
effectively deliver superior security and compliance, while optimizing each deployment for the c ustomer’s unique threat environment.
Extensible security-as-a-service platform. The key components of our security-as-a-service platform, including services for secure storage,
content inspection, reputation, big data analytics, encryption, key management, and identity and policy, can be exposed through application
programming interfaces, or APIs, to integrate with internally developed applications as well as with those developed by third-parties. In addition,
these APIs provide a means to integrate with the other security and compliance components deployed in our customers’ infrastructures, including
Proofpoint’s ecosystem partners.
Our Security-as-a-Service Platform
We provide a multi-tiered security-as-a-service platform consisting of solutions, platform technologies and infrastructure. Our platform currently
includes product families and related bundles for the convenience of our customers, distributors and resellers. Each of these solutions is built as an aspect of our
security-as-a-service platform, which includes both platform services and enabling technologies for both security and compliance. Our platform services provide
the key functionality to enable our various solutions while our enabling technologies work in conjunction with our platform services to enable the efficient
construction, scaling and maintenance of our customer-facing solutions.
Our suite is delivered by a cloud infrastructure and can be deployed as a secure cloud-only solution, or as a hybrid solution with optional physical or
virtual points-of-presence behind our customers’ firewalls for those who prefer to deploy certain functionality inside their security perimeter. In all deployment
scenarios, our cloud-based architecture enables us to leverage the benefits of the cloud to cost-effectively deliver superior security and compliance while
maintaining the flexibility to optimize deployments for customers’ unique environm ents. The modularity of our solutions enables our existing customers to
implement additional modules in a simple and efficient manner.
Product Families
Proofpoint Threat Protection
Proofpoint Threat Protection products leverage a broad set of detection techniques that are constantly refined as the threat landscape evolves. The
products detect and prevent threats across email, web, networks, and cloud applications, and deliver rich intelligence to enable enterprises to understand as much as
possible about the attacks they are seeing and the adversaries behind them.
Key capabilities within the Threat Protection products include:
•
•
Email security and continuity. Provides protection from unwanted and malicious email, with granular visibility and business continuity for
organizations of all sizes. It provides IT and security teams with confidence in securing end-users from email threats and maintain email
communications during outages .
Email management essentials for small to medium organizations. Our suite of security-as-a-service and compliance solutions specifically
designed for distribution across managed service providers and dedicated security resellers. Key capabilities include inbound email filtering to
block spam and malware, outbound filtering for compliance with company policies, email continuity to enable email service availability, targeted
attack protection, and email archiving.
6
�•
•
•
•
•
Protection from targeted attacks . Enterprises are protected against both commodity and advanced threats such as phishing and other targeted
email attacks using big data analysis, predictive, virtual execution, static analysis, protocol a nalysis, and dynamic malware analysis techniques
to identify and apply additional security controls against suspicious messages, attachments and any associated links to the web. The same
detection techniques are extended to look for malicious content in en terprise social media accounts, malicious links and files sent to users via
cloud applications. It also detects suspicious login activity that could indicate signs of account compromise.
Detection of compromised cloud accounts and internal email threats. We take a multi-layered approach to protect an organization’s internal
email by scanning all internal email for spam, malicious attachments, and malicious URLs. We also provide automated protection of account
compromise in Office 365. These threats typically start with phishing or other techniques, such as credential-stealing malware and brute-force
credential stuffing. Compromised accounts are then used to launch lateral attacks, everything from business email compromise (“BEC”) to
internal phishing attacks, both inside and outside organizations.
Security orchestration to respond quickly to security alerts . Provides threat information and indicators of compromise (“IoCs”) correlation,
aggregating across Proofpoint and other third-party security products, to confirm and contain system compromises. By taking advantage of this
automated incident response, enterprises can minimize exfiltration windows and leverage staff for breach prevention and mitigation. In addition,
it can be leveraged to automatically remove malicious emails that have been delivered to users’ email inboxes, reducing the potential risk
exposure.
Web browser isolation. Allows end-users to access websites and personal webmail from corporate devices while preventing malware or
malicious content from impacting the user or device.
Threat intelligence feed and ruleset. Verified threat intelligence from one of the world’s largest malware exchanges. Unlike other intelligence
sources that report only domains or IP addresses, ET Intelligence includes a five-year history, proof of conviction, more than 40 threat categories
and related IPs, domains, and samples. This also comes in the form of a timely and accurate rule set for detecting and blocking threats using
existing network security appliances—including next generation firewalls (NGFW) and network IDS/IPS.
Key benefits of Proofpoint Threat Protection include:
•
•
•
•
•
•
Superior protection from advanced threats, spam and viruses . Proofpoint’s agility in deploying new detection measures and adjusting defenses
in response to changes in the threat landscape results in high effectiveness in stopping threats before they reach enterprise users. Protects against
advanced threats, spam and other malware such as remote access Trojans, banking Trojans, ransomware, viruses, and spyware.
Comprehensive outbound threat protection. Analyzes all outbound email traffic to block spam, viruses and other malicious content from
leaving the corporate network and pinpoint the responsible compromised systems.
Protection from internal threats, including compromised email or cloud accounts . Security teams gain visibility into cloud accounts that sent
malicious emails or exhibited suspicious activity, so they can quickly track down and act upon potentially compromised accounts.
Curated threat intelligence. Proofpoint’s threat research team tracks campaigns and actors, providing detailed research in addition to curated
IoCs. The high quality of this threat intelligence enables customers to better prioritize their responses to alerts generated by Proofpoint products,
as well as leverage the intelligence to hunt for threats that may have compromised their enterprises via other channels.
Effective, flexible policy management and administration. Provides a user-friendly, web-based administration interface and robust reporting
capabilities that make it easy to define, enforce and manage an enterprise’s messaging policies.
Easy-to-use end-user controls. Gives email users easy, self-service control over their individual email preferences within the parameters of
corporate-defined messaging policies.
7
�•
•
•
•
Superior protection from business email compromise. Combining a dynamic classifier on the email gateway with a proactive authentication
solution and a lookalike domain discovery service delivers protection from these attacks.
Business continuity. Provides an always-on insurance policy for crucial business communications via email.
Automation of incident response to save time and optimize resources. Automate the threat data enrichment, forensic verification, and response
processes after a security alert is received. Automatically confirm malware infections, check for evidence of past infections, and enrich security
alerts by automatically adding internal and external context and intelligence.
Secure, anonymous web browsing for employees. Mitigates security, productivity, and privacy challenges associated with untrusted, high-risk
web use by employees.
Proofpoint Information Protection
A comprehensive data protection strategy must address both security and compliance risks. Our data loss prevention, encryption and compliance
solutions defend against leaks of confidential information, and helps ensure compliance with common U.S., international and industry-specific data protection
regulations - including the Health Care Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Gramm-Leach-Bliley Act, Canada’s Personal
Information Protection and Electronic Documents Act, as well as acts such as CA SB 24, MA 201 CMR 17.00, ITAR, NERC-CIP, CFTC red flag rules, Basel II,
EuroSOX (Directive 84/253/EEC), the European Union GDPR, and the Payment Card Industry Data Security Standard (PCI-DSS).
Key capabilities within Proofpoint Information Protection products include:
•
•
•
•
•
Advanced data loss prevention. Our advanced data loss prevention solution identifies regulated private content, valuable corporate assets and
confidential information before it leaves the organization via email, cloud applications, or our Secure Share solution. Pre-packaged smart
identifiers and dictionaries automatically and accurately detect a wide range of regulated content such as social security numbers, health records,
credit card numbers, and driver’s license numbers. In addition to regulated content, our machine learning technology can identify confidential,
organization-specific content and assets. Once identified and classified, sensitive data can be blocked, encrypted and transmitted or re-routed
internally based on content and identity-aware policies.
Policy-based encryption. Automatically encrypts regulated and other sensitive data before it leaves an organization’s security perimeter without
requiring cumbersome end-user key management. This enables authorized external recipients, whether or not they are our customers, to quickly
and easily decrypt and view content from most devices.
Encrypted message portal. Organizations in regulated industries like financial services and healthcare frequently need to share highly
confidential messages with outside parties. Proofpoint provides a “pull encryption” portal that enables these organizations to create branded
portals that seamlessly integrate with their email systems to securely communicate with their customers, patients, or other third parties.
Secure file sharing. Cloud-based security-focused solution designed to enable enterprise users to securely exchange large files with ease while
staying compliant with enterprise data policies.
Discovery of sensitive data in on-premises and cloud-based file stores . Automated discovery and remediation solution that identifies sensitive
content across the enterprise and enables corrective action, while reducing risk of data breaches and compliance violations.
Key benefits of Proofpoint Information Protection include:
•
Regulatory compliance . Data Loss Prevention and Encryption enable outbound messages to comply with national and state government and
industry-specific privacy regulations, while Enterprise Archive helps organizations meet regulatory requirements by archiving all messages and
content according to compliance retention policies and enabling staff to systematically review messages for compliance supervision. SaaS
Protection extends the same compliance functionality to cloud applications like Office 365, Box, Salesforce, and G Suite.
8
�•
•
•
Superior malicious and accidental data loss protection. Protects against the loss of sensitive data, whether from a cybercriminal attempting to
exfiltrate valuable data from a compromised system, or from an employee accidentally distributing a file to the wrong party through email,
webmail, social media, file sharing, or other Internet-bas ed mechanisms for publishing content.
Easy-to-use secure communication. Allows corporate end-users to easily share sensitive data without compromising security and privacy, and
enables authorized external recipients to transparently decrypt and read the communications from any device. Our mobile-optimized interfaces
provide an easy experience for the rapidly growing number of recipients on smartphones and tablets.
Reduction in “attack surface”. Enables the automated protection of sensitive data, reducing the amount of critical information potentially
exposed to an attacker in a breach scenario.
Proofpoint User Protection
Proofpoint User Protection combines simulation, assessments, education, reinforcement, and measurement to provide the ideal foundation for your
security awareness and training program, utilizing hundreds of different phishing templates across dozens of languages and categories to simulate attacks and
evaluate end-users on various threats, including malicious attachments, embedded links, and requests for personal data. Users who are deceived by simulated
attacks receive “just-in-time teaching” and administrators receive real-time reporting to focus awareness efforts and track progress.
Key capabilities within Proofpoint User Protection products include:
•
•
•
Simulating phishing attacks. Create simulated attacks that include attachments, embedded links, and requests for personal data in different
languages.
End-user reporting of phishing . End-users can report a suspicious message with a single click using the email reporting button.
Automatically analyze reported messages against multiple intelligence and reputation systems. The system can be configured with other
Proofpoint solutions to delete or quarantine real threats with a single click.
Security awareness training and assessments . Educate employees to improve awareness, change user behavior, and reduce security risk to
the organization. Proofpoint provides a comprehensive and effective library of anti-phishing training.
Key benefits of Proofpoint User Protection include:
•
•
Understand organization’s security and compliance risk. Track training, phishing simulation, and threat reporting results to build your
security awareness program accordingly.
Change end-user behavior to reduce risk to your organization . Application of our continuous training methodology produces highly
effective results for changing user behavior.
Proofpoint Business Ecosystem Protection
Proofpoint Business Ecosystem Protection looks beyond the enterprise perimeter to deliver real-time, omnichannel digital risk discovery and protection
from email fraud, brand fraud, data loss, physical threats, and cyber threats. With this solution, enterprises can engage with their customers across web, email,
mobile, and social media with the confidence that their brands and customers are safe from all forms of digital risk.
Key capabilities within Proofpoint Business Ecosystem Protection products include:
•
•
Preventing email fraud. Enables organizations to understand who is sending email from their domains and create a policy to both
authenticate legitimate email and block fraudulent email.
Detecting brand fraud. Fraudsters imitate companies’ brands across digital channels to target customers with phishing scams, malware,
phishing, and counterfeit products. Using a native cloud-based platform, customers can quickly find fraudulent social media accounts, web
domains, and mobile apps that are affiliated with their brands.
9
�•
•
Detecting external t hreats . External threat management tools enable organizations to quickly identify leaked intellectual property,
credentials, and customer data on the web or dark web. Additionally, detection measures can identify cyber criminals using digital tools to
plan and execute cyber-attacks that target company’s digital presence and/or physical attacks on its executives, employees, and physical
locations.
Compliance monitoring and protection. Leveraging social media APIs, the platform can monitor and apply content policies to the brand’s
owned social media accounts for security, compliance and acceptable use. Using proprietary Deep Social Linguistic Analysis technology,
social media and brand managers can aggregate content from across their enterprise and review it for security, risk and compliance
violations (including Financial Industry Regulatory Authority “FINRA”, Federal Financial Institutions Examination Council, Food and
Drug Administration, SEC, Financial Conduct Authority violations), allowing them to safely syndicate content distribution across their
social media marketing platforms.
Key benefits of Proofpoint Business Ecosystem Protection include:
•
•
•
Reduction of fraud . Enterprises can reduce both the direct and indirect costs relating to fraud by rapidly and proactively identifying
fraudulent web domains, mobile apps, and social media accounts leveraged by cyber criminals in phishing and other forms of attacks.
Visibility into external threats. Organizations benefit from early warnings of potentially harmful threats to physical sites, digital presences,
and key executives, as well as well as unauthorized posting or resale of their private data.
Enhanced compliance . Reduces potential liability from inadvertent posting of sensitive data and demonstrates compliance with more than
35 standards and industry regulations. Automates compliance review processes and social advocate programs through seamless integration
with leading social media management suites.
Proofpoint Compliance Solutions
Proofpoint Compliance Solutions are designed to ensure accurate enforcement of data governance, data retention and supervision policies and
mandates; cost-effective litigation support through efficient discovery; and active legal-hold management. It can store, govern and discover a wide range of data
including email, instant message conversations, social media interactions, and other files throughout the enterprise. With this solution, enterprises can engage with
their customers across web, email, mobile, and social media with the confidence that their brands and customers are safe from all forms of digital risk.
The key features of the Compliance Solutions product family include:
•
•
•
Secure cloud storage. With our proprietary double-blind encryption technology and the associated data storage architecture, all email messages,
files and other content are encrypted with keys controlled by the customer before the data enters the Proofpoint Enterprise Archive. This ensures
that even our employees and law-enforcement agencies cannot access a readable form of the customer data without authorized access by the
customer to the encryption keys stored behind the customer’s firewall.
Flexible remediation and supervision. Content, identity and destination-aware policies enable effective remediation of potential data breaches
or regulatory violations. Remediation options include stopping the transfer completely, automatically forcing data-encryption, or routing to a
compliance supervisor or the end-user for disposition. The solution also provides comprehensive reporting on potential violations and
remediation using our analytics capabilities.
Search performance . By employing parallel, big data search techniques, we can deliver search performance measured in seconds, even when
searching hundreds of terabytes of archived data. Traditional on-premise solutions can take hours or even days to return search results to a
complex query.
10
�•
•
•
Flexible policy enforcement. Enables organizations to easi ly define and automatically enforce data retention and destruction policies necessary
to comply with regulatory mandates or internal policies that can vary by user, group, geography or domain.
Active legal-hold management. Enables administrators or legal professionals to easily designate specific individuals or content as subject to
legal-hold. Proofpoint Enterprise Archive then provides active management of these holds by suspending normal deletion policies and
automatically archiving subsequent messages and files related to the designated matter.
End-user supervision . Leveraging our flexible workflow capabilities, Proofpoint Enterprise Archive analyzes all electronic communications,
including email and communications from leading instant messaging and social networking sites, for potential violations of regulations, such as
those imposed by FINRA and the SEC in the financial services industry.
Key benefits of Proofpoint Compliance Solutions include:
•
•
•
Proactive data governance. Allows organizations to create, maintain and consistently enforce a clear corporate data retention policy, reducing
the risk of data loss and the cost of e-discovery.
Efficient litigation support. Provides advanced search features that reduce the cost of e-discovery and allow organizations to more effectively
manage the litigation hold process.
Reduced storage and management costs. Helps to simplify mailbox and file system management by automatically moving storage-intensive
attachments and files into cost-effective cloud storage.
Platform Services
Our platform services provide the key functionality to implement our various solutions, using our enabling technologies. Our platform services
primarily consist of:
•
•
•
•
•
•
Threat detection. Proofpoint deploys an ensemble approach to detect both malware and malware-free attacks. The approach combines multiple
forms of detection, including composite reputation correlation, sandboxing for malicious attachments, URLs, and credential phishing, code
analysis, network detection, and classifiers for phishing and impostor/BEC attacks.
Threat intel extraction. Proofpoint leverages a dedicated environment to learn as much as possible about threats that are detected by any part of
the ensemble approach. The extraction environment leverages virtual sandboxes, physical hardware, and human analysts to induce malware to
detonate and gather as much forensic detail about it as possible.
Nexus threat graph. Proofpoint synthesizes threat intelligence gathered from the vectors and threat feeds in a graph database known as
Proofpoint Nexus, which is leveraged by threat researchers to correlate threats into campaigns, analyze new threats for links to known actors, and
lend context (e.g. what vertical industries are seeing a given campaign) to all detected threats.
Real-time detection. Proofpoint leverages platform services to be in the flow of the movement of potentially sensitive data, including our email
gateways, API-based social media integrations, mobile applications store scanning tools, and SaaS application API/proxy connectivity.
Information classification. For regulated or otherwise sensitive data, Proofpoint leverages smart identifiers to accurately recognize data types that
are relevant from either a security or compliance perspective.
Intelligent policy. Proofpoint’s information protection and archive products leverage an intelligent policy framework that spans retention, legal
hold, smart identifiers, and compliance frameworks, regardless of where the data may be stored or by which channel it is being sent.
11
�Enab ling Technologies
Our enabling technologies are a proprietary set of building blocks that work in conjunction with our application services to enable the efficient
construction, scaling and maintenance of our customer-facing solutions. These technologies primarily consist of:
•
•
•
•
•
•
•
Big data analytics. Indexes and analyzes petabytes of information in real-time to discover threats, detect data leaks and enable end-users to
quickly and efficiently access information distributed across their organizations.
Machine learning. Builds predictive data models using our proprietary Proofpoint MLX machine learning techniques to rapidly identify and
classify threats and sensitive content in real-time.
Identity and policy. Enables the definition and enforcement of sophisticated data protection policies based on a wide set of variables, including
type of content, sender, recipient, pending legal matters, time and date, regulatory status and more.
Secure storage. Stores petabytes of data in the cloud cost-effectively using proprietary encryption methods, keeping sensitive data tamper-proof
and private, yet fully searchable in real-time.
Virtual execution environments. Exposes suspected malware to a permuted set of instrumented virtual system environments, to assess
maliciousness, exploit activity and compromise processes.
Intelligent message routing. Policies can be established by administrators to automatically direct email communications differently through the
email network, based on aspects of the messages, for security, compliance, supervisory, system performance, or other reasons.
Threat intelligence correlation. Utilizes inputs from Proofpoint, cloud, and other third-party products to assess IoCs and confirm successful
system compromises by malicious actors in near-real-time, then administers network controls to effectively contain the compromised systems.
Infrastructure
We deliver our security-as-a-service solutions through our cloud architecture and international data center infrastructure. We operate thousands of
physical and virtual servers across seventeen data centers located in the United States, Canada, the Netherlands, France, Germany, and Australia.
Our cloud architecture is optimized to meet the unique demands of delivering real-time security-as-a-service to global enterprises. Key design elements
include:
•
•
•
Security. Security is central to our cloud architecture and is designed into all levels of the system, including physical security, network security,
application security, and security at our third-party data centers. Our security measures have met the rigorous standards of SSAE 16
certification. In addition to this commercial certification program, we have also successfully completed the FISMA certification for our cloud-
based information protection and archiving solution, enabling us to serve the rigorous security requirements of U.S. federal agencies.
Scalability and performance. By leveraging a distributed, scalable architecture we process billions of requests against our reputation systems
and hundreds of millions of messages per day, all in near real-time. Massively-parallel query processing technology is designed to ensure rapid
search results over this vast data volume. In addition to this aggregate scalability across all customers, our architecture also scales to effectively
meet the needs of several of our largest individual customers, each of which has millions of users and processes tens of millions of messages per
day.
Hybrid Deployment. Our cloud architecture enables individual customers to deploy entirely in Proofpoint’s global data centers or in hybrid
configurations with optional points of presence located behind the customer’s firewall. This deployment flexibility enables us to deliver security,
compliance and performance tailored to the unique threat profile and operating environment of each customer.
12
�•
•
Customers
High availability . Our services employ a wide range of technologies including redundancy, geographic distribution, real-time data replication
and end-to-end service monitoring to provide 24 x7 system availability.
Network operations control. We employ a team of skilled professionals who monitor, manage and maintain our global data center infrastructure
and its interoperability with the distributed points of presence located behind our customers’ firewalls to ensure 24x7 operations.
As of December 31, 2018, we had customers of all sizes across a wide variety of industries. A number of our largest customers use our platform to
protect more than a million users and handle over a billion messages per day. During the years ended December 31, 2018 and 2017, one partner accounted for 12%
of total revenue, although the partner sold to a number of end-users, none of which accounted for more than 10% of our total revenue in 2018 and 2017. During the
year ended December 31, 2016, no individual customer accounted for more than 10% of total revenue. In each year since the launch of our first solution in 2003,
we have maintained a renewal rate with our existing customers of over 90%.
We target large and mid-sized organizations across all major verticals including aerospace and defense, education, financial services, government,
healthcare, manufacturing and retail. We have been particularly successful selling to the largest enterprises in the United States as ranked by Fortune Magazine. We
have also had success penetrating the market leaders in a number of significant verticals including:
•
•
•
•
•
3 of the 5 largest U.S. retailers
4 of the 5 largest U.S. aerospace and defense contractors
5 of the 5 largest U.S. banks
4 of the 5 largest global pharmaceutical companies
4 of the 5 largest U.S. petroleum refining companies
Sales and Marketing
Sales
We primarily target large and mid-sized organizations across all industries. Our sales and marketing programs are organized by geographic regions,
including Asia-Pacific, EMEA, Japan, North America, and South America, and we further segment and organize our sales force into teams that focus on large
enterprises (4,000 employees and above), mid-sized organizations (1,000 - 4,000 employees) and existing customers. In addition, we create integrated sales and
marketing programs targeting specific vertical-markets. This vertical-market approach enables us to provide a higher level of service and understanding of our
customers’ unique needs, including the industry-specific business and regulatory requirements in industries such as healthcare, financial services, retail and
education.
We sell through both direct and indirect channels, including technology and channel partners:
•
•
Direct sales and reseller channel. We market and sell our solutions to large and mid-sized customers directly through our field and inside sales
teams as well as indirectly through a hybrid model, where our sales organization actively assists our network of distributors and resellers. Our
sales personnel are primarily located in North America, with additional personnel located in Asia-Pacific, EMEA, Japan and South America. Our
reseller partners maintain relationships with their customers throughout the territories in which they operate, providing them with services and
third-party solutions to help meet their evolving security requirements. As such, these partners act as a direct conduit through which we can
connect with these prospective customers to offer our solutions. Our channel partners include security centric resellers such as CDW, Optiv, and
AT&T, as well as distributors such as Ingram Micro and Exclusive Networks.
Strategic relationships. We also sell our solutions indirectly through key technology companies that offer our solutions in conjunction with one
or more of their own products or services. These companies each have their own base of customers, and they distribute our products to augment
their own branded products and solutions, sometimes under their own brand and sometimes under the Proofpoint brand. In addition, our
Cloudmark division delivers email protection to many of the largest global internet service providers.
13
�For sales involving a partner such as a distributor, reseller or strateg ic partner, the partner engages with the prospective customer directly and involves
our sales team as needed to assist in developing and closing an order. At the conclusion of a successful sales cycle, we sell the associated subscription, hardware
and serv ices to the partner who in turn resells these items to the customer, with the partner earning a margin based on the amount paid to Proofpoint as compared
to the amount charged to the customer. With the order completed, we provide these customers with direc t access to our security-as-a-service platform and other
associated services, enabling us to establish a direct relationship and provide them with support as part of ensuring that the customer has a good experience with our
platform. At the end of the cont ract term, the partner engages with the customer to execute a renewal order, with our team providing assistance as required.
Marketing
We have a number of marketing initiatives to build awareness about our solutions and encourage customer adoption of our solutions. Our marketing
programs include a variety of digital marketing, advertising, conferences, events, white-papers, public relations activities and web-based seminar campaigns
targeted at key decision makers within our prospective customers.
We offer free trials, competitive evaluations, and free security and compliance risk assessments to allow prospective customers to experience the
quality of our solutions, to learn in detail about the features and functionality of our suite, and to quantify the potential benefits of our solutions.
Customer Service and Support
We believe that our customer service and support provide a competitive advantage and are critical to retaining and expanding our customer base. We
conduct regular third-party surveys to measure customer loyalty and satisfaction with our solutions.
Proofpoint Support Services
We deliver 24x7x365 customer support from support centers located in EMEA, North America and Asia-Pacific regions. We offer a wide range of
support offerings with varying levels of access to our support resources.
Proofpoint Professional Services and Training
With our security-as-a-service model, our solutions are designed to be implemented, configured, and operated without the need for any training or
professional services. For those customers that would like to develop deeper expertise in the use of our solutions or would like some assistance with complex
configurations or the importing of data, we offer various training and professional services. Many implementation services can be completed in one day and are
primarily provided remotely using web-based conferencing tools. If requested, our professional services organization also provides additional assistance with data
importing, design, implementation, customization, or advanced reporting. We also offer a learning center for both in-person and online training and certification.
Research and Development
We devote significant resources to improve and enhance our existing security solutions and maintain the effectiveness of our platform, monitoring the
threat landscape in real-time and making constant adjustments to remain effective as the threat landscape shifts. We also work closely with our customers to gain
valuable insights into their threat environments and security management practices to assist us in designing new solutions and features that extend the data
protection, archiving and governance capabilities of our platform. Our technical staff monitors and tests our software on a regular basis, and we maintain a regular
release process to update and enhance our existing solutions. Leveraging our on-demand platform model, we can deploy real-time upgrades with no downtime.
Competition
Our markets are highly competitive, fragmented and subject to rapid changes in technology. We compete primarily with companies that offer a broad
array of data protection and governance solutions. Providers of data protection solutions generally have product offerings that include threat protection, virus
protection, data loss prevention, flexible remediation, data encryption, and in some cases secure file transfer. Providers of archiving solutions generally have
product offerings that provide data storage, search, policy enforcement, legal-hold management, and in some cases supervision.
14
�Key comp etitors include:
•
•
Email and Advanced Threat Protection: Cisco Systems, Inc. (through its acquisitions of IronPort, SourceFire, and ThreatGRID), Microsoft
Corporation (through its acquisition of Frontbridge), FireEye, Inc., Symantec Corporation (through its acquisitions of Brightmail and
MessageLabs), Mimecast Ltd, Barracuda Networks, Inc. and Google, Inc. (through its acquisition of Postini).
Archiving: Micro Focus International plc and Veritas Technologies LLC (through its acquisitions of KVS and LiveOffice while under the
ownership of Symantec Corporation).
We believe we compete favorably based on the following factors:
•
•
•
•
•
•
•
effectiveness of our protection against advanced threats;
comprehensiveness and integration of the solution;
flexibility of delivery models;
total cost of ownership;
scalability and performance;
customer support; and
extensibility of platform.
Certain of our competitors have greater sales, marketing and financial resources, more extensive geographic presence and greater name recognition
than we do. We may face future competition in our markets from other large, established companies, as well as from emerging companies. In addition, we expect
that there is likely to be continued consolidation in our industry that could lead to increased price competition and other forms of competition.
Intellectual Property
We rely on a combination of trade secrets, patents, copyrights and trademarks, as well as contractual protections, to establish and protect our
intellectual property rights and protect our proprietary technology. As of December 31, 2018, we had 120 patents and 54 patent applications. We have a number of
registered and unregistered trademarks. We require our employees, consultants and other third parties to enter into confidentiality and proprietary rights agreements
and control access to software, documentation and other proprietary information. Although we rely on intellectual property rights, including trade secrets, patents,
copyrights and trademarks, as well as contractual protections to establish and protect our proprietary rights, we believe that factors such as the technological and
creative skills of our personnel, creation of new modules, features and functionality, and frequent enhancements to our solutions are more essential to establishing
and maintaining our technology leadership position.
Despite our efforts to protect our proprietary technology and our intellectual property rights, unauthorized parties may attempt to copy or obtain and
use our technology to develop products with the same functionality as our solution. Policing unauthorized use of our technology and intellectual property rights is
difficult.
We expect that software and other solutions in our industry may be subject to third-party infringement claims as the number of competitors grows and
the functionality of products in different industry segments overlaps. Any of these third parties might make a claim of infringement against us at any time.
Employees
As of December 31, 2018, we had 2,613 employees. We also engage a number of temporary employees and consultants. None of our employees is
represented by a labor union with respect to his or her employment with us. We have not experienced any work stoppages and we consider our relations with our
employees to be good. Our future success will depend upon our ability to attract and retain qualified personnel. Competition for qualified personnel remains intense
and we may not be successful in retaining our key employees or attracting skilled personnel.
15
�Corporate Information
We were incorporated in Delaware in 2002. Our principal executive offices are located at 892 Ross Drive, Sunnyvale, California 94089, and our
telephone number is +1 (408) 517-4710. Our website is www.proofpoint.com.
Proofpoint, the Proofpoint logo, all of our product names and our other registered or common law trademarks, service marks, or trade names appearing
in this Annual Report on Form 10-K are our property. Other trademarks appearing in this prospectus are the property of their respective holders.
Geographic Information
For financial reporting purposes, net revenue and long-lived assets attributable to significant geographic areas are presented in Note 12, “Segment
Reporting”, to the consolidated financial statements, which is incorporated herein by reference.
Available Information
We file annual reports on Form 10-K, quarterly reports on Form 10-Q, current reports on Form 8-K, proxy and information statements and
amendments to reports filed or furnished pursuant to Sections 13(a), 14 and 15(d) of the Securities Exchange Act of 1934, as amended. The SEC also maintains a
website at http://www.sec.gov that contains reports, proxy and information statements and other information regarding Proofpoint and other companies that file
materials with the SEC electronically. The public may also obtain these filings at the Securities and Exchange Commission (“SEC”)’s Public Reference Room at
100 F Street, NE, Washington, DC 20549 or by calling the SEC at 1-800-SEC-0330. Copies of Proofpoint’s reports on Form 10-K, definitive Proxy Statements,
Forms 10-Q and Forms 8-K, may be obtained, free of charge, electronically through our Internet website, http://investors.proofpoint.com/financials.cfm, or by
sending an electronic message by visiting the Contact Us section within the investor relations portion of our website.
ITEM 1A. RISK FACTORS
Investing in our common stock involves a high degree of risk. You should carefully consider the following risk factors, as well as the other information
in this Annual Report on Form 10-K, before deciding whether to invest in shares of our common stock. The occurrence of any of the events described below could
harm our business, financial condition, results of operation and growth prospects. In such an event, the trading price of our common stock may decline and you
may lose all or part of your investment.
Risks Related to Our Business and Industry
We have a history of losses, and we are unable to predict the extent of any future losses or when, if ever, we will achieve profitability in the future.
We have incurred net losses in every year since our inception, including net losses of $103.7 million, $69.8 million and $96.5 million in 2018, 2017
and 2016, respectively. As a result, we had an accumulated deficit of $595.4 million as of December 31, 2018. Achieving profitability will require us to increase
revenue, manage our cost structure, and avoid unanticipated liabilities. We do not expect to be profitable in the near term. Revenue growth may slow or revenue
may decline for a number of possible reasons, including slowing demand for our solutions, increasing competition, a decrease in the growth of our overall market,
or if we fail for any reason to continue to capitalize on growth opportunities. Any failure by us to obtain and sustain profitability, or to continue our revenue
growth, could cause the price of our common stock to decline significantly.
16
�Our quarterly operating results an d other metrics are likely to vary significantly and be unpredictable, which could cause the trading price of our stock to
decline.
Our operating results and other metrics have historically varied from period to period, and we expect that they will continue to do so as a result of a
number of factors, many of which are outside of our control and may be difficult to predict, including:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
the level of demand for our solutions, including our newly-introduced solutions, and the level of perceived urgency regarding security threats and
compliance requirements;
the timing of new subscriptions and renewals of existing subscriptions;
the mix of solutions sold;
the extent to which customers subscribe for additional solutions or increase the number of users;
customer budgeting cycles and seasonal buying patterns;
the extent to which we bring on new distributors;
any changes in the competitive landscape of our industry, including consolidation among our competitors, customers, partners or resellers;
timing of costs and expenses during a quarter;
deferral of orders in anticipation of new solutions or enhancements announced by us;
price competition;
changes in renewal rates and terms in any quarter;
the impact of acquisitions;
litigation costs;
any disruption in our sales channels or termination of our relationship with strategic channel partners;
general economic conditions, both domestically and in our foreign markets, and related changes to currency exchange rates;
insolvency or credit difficulties confronting our customers, affecting their ability to purchase or pay for our solutions; or
future accounting pronouncements or changes in our accounting policies.
Any one of the factors above or the cumulative effect of some of the factors referred to above may result in significant fluctuations in our financial and
other operating results, including fluctuations in our key metrics. This variability and unpredictability could result in our failing to meet the expectations of
securities analysts or investors for any period. If we fail to meet or exceed such expectations for these or any other reasons, the market price of our shares could fall
substantially and we could face costly lawsuits, including securities class action suits. In addition, a significant percentage of our operating expenses are fixed in
nature and based on forecasted revenue and cash flow trends. Accordingly, in the event of revenue shortfalls, we are generally unable to mitigate the negative
impact on margins or other operating results in the short term.
We may fail to meet or exceed the expectations of securities analysts and investors, and the market price for our common stock could decline. If one or
more of the securities analysts who cover us change their recommendation regarding our stock adversely, the market price for our common stock could decline.
Additionally, our stock price may be based on expectations, estimates or forecasts of our future performance that may be unrealistic or may not be achieved.
Further, our stock price may be affected by financial media, including press reports and blogs.
17
�If we are unable to maintain high subscription renewal rates, our future revenue and operating results will be harmed.
Our customers have no obligation to renew their subscriptions for our solutions after the expiration of their initial subscription period, which typically
ranges from one to three years. In addition, our customers may renew for fewer subscription services or users, renew for shorter contract lengths or renew at lower
prices due to competitive or other pressures. We cannot accurately predict renewal rates and our renewal rates may decline or fluctuate as a result of a number of
factors, including competition, customers’ IT budgeting and spending priorities, and deteriorating general economic conditions. If our customers do not renew their
subscriptions for our solutions, our revenue would decline and our business would suffer.
If we are unable to sell additional solutions to our customers, our future revenue and operating results will be harmed.
Our future success depends on our ability to sell additional solutions to our customers. This may require increasingly sophisticated and costly sales
efforts and may not result in additional sales. In addition, the rate at which our customers purchase additional solutions depends on a number of factors, including
the perceived need for additional solutions, growth in the number of end-users, and general economic conditions. If our efforts to sell additional solutions to our
customers are not successful, our business may suffer.
If our solutions fail to protect our customers from security breaches, our brand and reputation could be harmed, which could have a material adverse effect on
our business and results of operations.
The threats facing our customers are constantly evolving and the techniques used by attackers to access or sabotage data change frequently. As a result,
we must constantly update our solutions to respond to these threats. If we fail to update our solutions in a timely or effective manner to respond to these threats, our
customers could experience security breaches. Many federal, state and foreign governments have enacted laws requiring companies to notify individuals of data
security breaches involving their personal data. These mandatory disclosures regarding a security breach often lead to widespread negative publicity, and any
association of us with such publicity may cause our customers to lose confidence in the effectiveness of our data security measures. Any security breach at one of
our customers or even an unproven allegation of a security breach at one of our customers, could harm our reputation as a secure and trusted company and could
cause the loss of customers. Similarly, if a well-publicized breach of data security at a customer of any other cloud‑based data protection or archiving service
provider or other major enterprise cloud services provider were to occur, there could be a loss of confidence in the cloud‑based protection and storage of sensitive
data and information generally.
In addition, our solutions work in conjunction with a variety of other elements in customers’ IT and security infrastructure, and we may receive blame
and negative publicity for a security breach that may have been the result of the failure of one of the other elements not provided by us. The occurrence of a breach,
whether or not caused by our solutions, or allegations of a breach, even if such allegations turn out to be untrue, could delay or reduce market acceptance of our
solutions and have an adverse effect on our business and financial performance. In addition, any revisions to our solutions that we believe may be necessary or
appropriate in connection with any such breach may cause us to incur significant expenses. Any of these events could have material adverse effects on our brand
and reputation, which could harm our business, financial condition, and operating results.
18
�If our customers experience data losses and breaches via our products or solutions, our brand, reputation and business could be harmed.
Our customers rely on our archiving and other solutions to protect, transfer or store their corporate data, which may include financial records, credit
card information, business information, health information, other personally identifiable information or other sensitive personal information. A breach of our
network security and systems or other events that cause the loss or public disclosure of, or access by third parties to, our customers’ stored files or data could have
serious negative consequences for our business, including possible fines, penalties and damages, reduced demand for our solutions, an unwillingness of our
customers to use our solutions, harm to our brand and reputation, and time-consuming and expensive litigation. The techniques used to obtain unauthorized access,
disable or degrade service, or sabotage systems change frequently, often are not recognized until launched against a target, and may originate from less regulated or
remote areas around the world. As a result, we may be unable to proactively prevent these techniques, implement adequate preventative or reactionary measures, or
enforce the laws and regulations that govern such activities. In addition, because of the large amount of data that we collect and manage, it is possible that hardware
failures, insider errors or malfeasance or errors in our systems could result in data loss or corruption, or cause the information that we collect to be incomplete or
contain inaccuracies that our customers regard as significant. If our customers experience any data loss, or any data corruption or inaccuracies, whether caused by
security breaches or otherwise, our brand, reputation and business would be harmed.
Our insurance may be inadequate or may not be available in the future on acceptable terms, or at all. In addition, our policy may not cover any claim
against us for loss of data or other indirect or consequential damages. Defending a suit based on any data loss or system disruption, regardless of its merit, could be
costly and divert management’s attention.
Defects or vulnerabilities in our solutions could harm our reputation, reduce the sales of our solutions and expose us to liability for losses.
Because our solutions are complex, undetected errors, failures or bugs may occur, especially when solutions are first introduced or when new versions
or updates are released, or when we introduce an acquired company’s products of services, despite our efforts to test those solutions and enhancements prior to
release. This includes not only vulnerabilities that are specific to our solutions, but also vulnerabilities that impact the third-party or open source software that we
use or the hardware that we rely on for our solutions. We may not be able to correct defects, errors, vulnerabilities or failures promptly, or at all.
Any defects, errors, vulnerabilities or failures in our solutions could result in:
•
•
•
•
•
•
•
•
•
•
expenditure of significant financial and development resources in efforts to analyze, correct, eliminate or work around errors or defects or to
address and eliminate vulnerabilities;
loss of existing or potential partners or customers or loss of customer confidence;
loss or disclosure of our customers’ confidential information, or the inability to access such information;
loss of our proprietary technology;
our solutions being susceptible to hacking or electronic break-ins or otherwise failing to secure data;
delayed or lost revenue;
delay or failure to attain market acceptance;
lost market share;
negative publicity, which could harm our reputation; or
litigation, regulatory inquiries or investigations that would be costly and harm our reputation.
19
�Limitation of liability provisions in our standard terms and conditions and our other agreements may not adequately or effectively protect us from any
claims related to defects, errors, vulnerabilities or failures in our solutions, including as a result of federal, state or local laws or ordinances or unfavorable judicial
decisions in the United States or other countries.
Our software, website, hosted and internal systems may be subject to intentional disruption or penetration from external attackers or insiders that could
adversely impact our reputation and future sales.
We could be a target of attacks specifically designed to impede the performance of our solutions, redirect users to malicious sites, harm our reputation
or misappropriate our or our customers’ proprietary information. Similarly, experienced computer hackers may attempt to penetrate our network or other security or
the security of our website or other hosted or internal systems or to trick our employees into taking actions that compromise our security (such as via phishing or
business email compromise attacks) in order to misappropriate proprietary information and/or cause interruptions of our services and/or expose perceived security
vulnerabilities. It is also possible that systems may be disrupted or our sensitive information or the information of our customers might be exposed due to
malfeasance or errors by employees or contractors. Because the techniques used by attackers to access or sabotage networks and compromise our systems and
information change frequently and may not be recognized until launched against a target, we may be unable to anticipate these techniques. If an actual or perceived
breach of network security occurs as a result of third-party action, including cyber-attacks or other intentional misconduct by computer hackers, error or
malfeasance by insiders, or otherwise, it could adversely affect the market perception of our company and our solutions, and may expose us to the loss of
information, litigation and possible liability. In addition, such a security breach could impair our ability to operate our business, including our ability to provide
support services to our customers.
Our solutions may collect, filter and store customer data which may contain personal information, which raises privacy concerns and could result in us having
liability or inhibit sales of our solutions.
Many federal, state and foreign government bodies and agencies have adopted or are considering adopting laws and regulations regarding the
collection, use, and disclosure of personal information. Because many of the features of our solutions use, store, and report on customer data which may contain
personal information from our customers, any inability to adequately address privacy concerns, or comply with applicable privacy laws, regulations and policies
could, even if unfounded, result in liability to us, damage to our reputation, loss of sales, and harm to our business. Furthermore, the costs of compliance with, and
other burdens imposed by, such laws, regulations and policies that are applicable to the businesses of our customers may limit the use and adoption of our solutions
and reduce overall demand for them. Privacy concerns, whether or not valid, may inhibit market adoption of our solutions. For example, in the United States
regulations such as the Gramm‑Leach‑Bliley Act, which protects and restricts the use of consumer credit and financial information, and HIPAA which regulates
the use and disclosure of personal health information, impose significant security and data protection requirements and obligations on businesses that may affect the
use and adoption of our solutions. Similarly, we hold a FedRAMP certification without which we would not be able to provide services and products to certain US
federal entities.
In the past we have relied on U.S.-European Union Frameworks for transatlantic data flows such as the EU-US Privacy Shield, for which we self-
certified under the EU-US Privacy Shield framework on October 5, 2016. However, Privacy Shield is currently being challenged in European Union (“EU”) courts,
so there is some uncertainty regarding its future validity and our ability to rely on it for EU to US data transfers. We also rely on Standard Contractual Clauses
(“SCCs”) authorized by the EU’s Data Protection Directive of 1995 for transatlantic data flows, but the SCCs are also being challenged in EU courts, so there is
some uncertainty regarding our ability to rely on SCCs in the future for EU to US data transfer. Additionally, the EU’s General Data Protection Regulation, began
to be enforced on May 25, 2018, and carries with it significantly increased responsibilities and potential penalties for companies that process EU personal data. We
have seen increased customer attention surrounding EU Data Privacy. Furthermore, outside of the EU, we continue to see increased regulation of data privacy and
security, including the adoption of more stringent subject matter specific state laws (such as the new California Consumer Privacy Act of 2018 that will be effective
January 1, 2020), national laws regulating the collection and use of data, and security and data breach obligations. The uncertainty and changes in the requirements
of multiple jurisdictions may increase the cost of compliance, delay or reduce demand for our services, restrict our ability to offer services in certain locations,
impact our customers’ ability to deploy our solutions in certain jurisdictions, or subject us to
20
�sanctions, by national data protection regulators, all of which could harm our business, financial condition and results o f operations.
The regulatory framework for privacy issues is evolving worldwide, and various government and consumer agencies and public advocacy groups have
called for new regulation and changes in industry practices. It is possible that new laws and regulations will be adopted in the United States and internationally, or
existing laws and regulations may be interpreted in new ways, that would affect our business. Complying with any new regulatory requirements could force us to
incur substantial costs or require us to change our business practices in a manner that could reduce our revenue or compromise our ability to effectively pursue our
growth strategy.
Any failure or perceived failure to comply with laws and regulations or loss of certifications such as the FedRAMP certification may result in
proceedings or actions against us by government entities or others, or could cause us to lose users and customers, which could potentially have an adverse effect on
our business.
We operate in a highly competitive environment with large, established competitors, and our competitors may gain market share in the markets for our
solutions that could adversely affect our business and cause our revenue to decline.
Our traditional competitors include security‑focused software vendors, such as Symantec Corporation and Cisco Systems, Inc. (“Cisco”), which offer
software products that directly compete with our solutions. In addition to competing with these vendors directly for sales to customers, we compete with them for
the opportunity to have our solutions bundled with the product offerings of our strategic partners. Our competitors could gain market share from us if any of these
partners replace our solutions with the products of our competitors or if these partners more actively promote our competitors’ products over our solutions. In
addition, software vendors who have bundled our solutions with theirs may choose to bundle their software with their own or other vendors’ software, or may limit
our access to standard product interfaces and inhibit our ability to develop solutions for their platform.
We also face competition from large technology companies, such as Google Inc., Micro Focus International plc and Microsoft Corporation. These
companies are increasingly developing and incorporating into their products features that compete on various levels with our solutions. Our competitive position
could be adversely affected to the extent that our customers perceive that the functionality incorporated into these products would replace the need for our solutions
or that buying from one vendor would provide them with increased leverage and purchasing power and a better customer experience. We also face competition
from independent security vendors such as FireEye, Inc. that offer network security products and many smaller companies like Barracuda Networks, Inc. and
Mimecast Ltd that specialize in particular segments of the markets in which we compete.
Many of our competitors have greater financial, technical, sales, marketing or other resources than we do and consequently may have the ability to
influence our customers to purchase their products instead of ours. Further consolidation within our industry or other changes in the competitive environment could
also result in larger competitors that compete with us on several levels. In addition, acquisitions of smaller companies by large technology companies that
specialize in particular segments of the markets in which we compete would result in increased competition from these large technology companies. If we are
unsuccessful in responding to our competitors or to changing technological and customer demands, our competitive position and financial results could be
adversely affected.
If we do not effectively expand and train our sales force, we may be unable to add new customers or increase sales to our existing customers and our business
will be harmed.
We continue to be substantially dependent on our sales force to obtain new customers and to sell additional solutions to our existing customers. We
believe that there is significant competition for sales personnel with the skills and technical knowledge that we require. Our ability to achieve significant revenue
growth will depend, in large part, on our success in recruiting, training and retaining sufficient numbers of sales personnel. New hires require significant training
and may take significant time before they achieve full productivity. Our recent hires and planned hires may not become as productive as we expect, and we may be
unable to hire or retain sufficient numbers of qualified individuals in the markets where we do business or plan to do business. If we are unable to hire and train
sufficient numbers of effective sales personnel, or the sales personnel are not successful in obtaining new customers or increasing sales to our existing customer
base, our business will be harmed.
21
�Our sales cycle is long and unpredictable, and our sales efforts require considerable time and expense. As a result, our results are difficult to predict and may
vary substantially from quarter to quarter, which may cause our operating results to fluctuate.
We sell our security and compliance offerings primarily to enterprise IT departments that are managing a growing set of user and compliance demands,
which has increased the complexity of customer requirements to be met and confirmed in the sales cycle. Increasingly, we have found that increasingly security,
legal and compliance departments are involved in testing, evaluating and finally approving purchases, which has also made the sales cycle longer and less
predictable. We may not be able to accurately predict or forecast the timing of sales, which makes our future revenue difficult to predict and could cause our results
to vary significantly. In addition, we might devote substantial time and effort to a particular unsuccessful sales effort, and as a result we could lose other sales
opportunities or incur expenses that are not offset by an increase in revenue, which could harm our business.
Because our long-term success depends, in part, on our ability to expand the sales of our platform to our customers located outside of the United States, our
business will be increasingly susceptible to risks associated with international operations.
One key element of our growth strategy is to develop a worldwide customer base and expand our operations worldwide, such as by adding employees,
offices and customers internationally, particularly in Europe and Asia.
Operating in international markets requires significant resources and management attention and will subject us to regulatory, economic, political and
competitive risks and competition that are different from those in the United States.
In addition, our international operations may fail to succeed due to other risks inherent in operating businesses internationally, including:
•
•
•
•
•
•
•
•
•
•
•
•
•
fluctuations in currency exchange rates, which may cause our revenues and operating results to differ materially from expectations;
our lack of familiarity with commercial and social norms and customs in other countries which may adversely affect our ability to recruit, retain
and manage employees in these countries;
difficulties and costs associated with staffing and managing foreign operations;
the potential diversion of management’s attention to oversee and direct operations that are geographically distant from our U.S. headquarters;
compliance with multiple, conflicting and changing governmental laws and regulations, including employment, tax, privacy and data protection
laws and regulations;
legal systems in which our ability to enforce and protect our rights may be different or less effective than in the United States, including more
limited protection for intellectual property rights in some countries;
immaturity of compliance regulations in other jurisdictions, which may lower demand for our solutions;
greater difficulty with payment collections and longer payment cycles;
higher employee costs and difficulty terminating non-performing employees;
differences in workplace cultures;
the need to adapt our solutions for specific countries;
our ability to comply with differing technical and certification requirements outside the United States;
tariffs, export controls and other non-tariff barriers such as quotas and local content rules;
22
�•
•
•
•
•
uncertainties related to the United Kingdom’s withdrawal from the European Union (“Brexit”) and its impact on our customers, data protection
regulations and our employees and their ability to emigrate and travel to and from the United Kingdom ;
adverse tax consequences;
restrictions on the transfer of funds;
anti-bribery compliance by us or our partners, including under the Foreign Corrupt Practices Act and similar laws of other jurisdictions; and
new and different sources of competition.
In addition, the current U.S. administration has recently instituted or proposed changes to foreign trade policy including the negotiation or termination
of trade agreements, the imposition of tariffs on products imported from certain countries, economic sanctions on individuals, corporations or countries and other
government regulations affecting trade between the United States and other countries in which we do business. New or increased tariffs and other changes in U.S.
trade policy could trigger retaliatory actions by affected countries, and certain foreign governments have instituted or are considering imposing trade sanctions on
certain U.S. manufactured goods. The escalation of protectionist or retaliatory trade measures in either the United States or any other countries in which we do
business, such as a change in tariff structures, export compliance or other trade policies, may increase the cost of, or otherwise interfere with, conducting our
business.
Our failure to manage any of these risks successfully could harm our existing and future international operations and seriously impair our overall
business.
If we are unable to enhance our existing solutions and develop new solutions, our growth will be harmed and we may not be able to achieve profitability.
Our ability to attract new customers and increase revenue from existing customers will depend in large part on our ability to enhance and improve our
existing solutions and to introduce new solutions. The success of any enhancement or new solution depends on several factors, including the timely completion,
introduction and market acceptance of the enhancement or solution. Any new enhancement or solution we develop or acquire may not be introduced in a timely or
cost-effective manner and may not achieve the broad market acceptance necessary to generate significant revenue. If we are unable to successfully develop or
acquire new solutions or enhance our existing solutions to meet customer requirements, we may not grow as expected and we may not achieve profitability.
We cannot be certain that our development activities will be successful or that we will not incur delays or cost overruns. Furthermore, we may not have
sufficient financial resources to identify and develop new technologies and bring enhancements or new solutions to market in a timely and cost-effective manner.
New technologies and enhancements could be delayed or cost more than we expect, and we cannot ensure that any of these solutions will be commercially
successful if and when they are introduced.
If we are unable to cost-effectively scale or adapt our existing architecture to accommodate increased traffic, technological advances or changing customer
requirements, our operating results could be harmed.
As our customer base grows, the number of users accessing our solutions over the Internet will correspondingly increase. Increased traffic could result
in slow access speeds and response times. Since our customer agreements often include service availability commitments, slow speeds or our failure to
accommodate increased traffic could result in breaches of our service level agreements or obligate us to issue service credits. In addition, the market for our
solutions is characterized by rapid technological advances and changes in customer and regulatory requirements. In order to accommodate increased traffic and
respond to technological advances and evolving customer and regulatory requirements, we expect that we will be required to make future investments in our
network architecture. If we do not implement future upgrades to our network architecture cost-effectively, or if we experience prolonged delays or unforeseen
difficulties in connection with upgrading our network architecture, our service quality may suffer and our operating results could be harmed.
23
�If we fail to manag e our sales and distribution channels effectively or if our partners choose not to market and sell our solutions to their customers, our
operating results could be adversely affected.
We have derived and anticipate that in the future we will continue to derive a substantial portion of the sales of our solutions through channel partners.
In order to scale our channel program to support growth in our business, it is important that we continue to help our partners enhance their ability to independently
sell and deploy our solutions. We may be unable to continue to successfully expand and improve the effectiveness of our channel sales program.
Our agreements with our channel partners are generally non-exclusive and some of our channel partners have entered, and may continue to enter, into
strategic relationships with our competitors or are competitors themselves. Further, many of our channel partners have multiple strategic relationships and they may
not regard us as significant for their businesses. Our channel partners may terminate their respective relationships with us with limited or no notice and with limited
or no penalty, pursue other partnerships or relationships, or attempt to develop or acquire products or services that compete with our solutions. Our partners also
may impair our ability to enter into other desirable strategic relationships. If our channel partners do not effectively market and sell our solutions, if they choose to
place greater emphasis on products of their own or those offered by our competitors, or if they fail to meet the needs of our customers, our ability to grow our
business and sell our solutions may be adversely affected. Similarly, the loss of a substantial number of our channel partners, and our possible inability to replace
them, the failure to recruit additional channel partners, any reduction or delay in their sales of our solutions, or any conflicts between channel sales and our direct
sales and marketing activities could materially and adversely affect our results of operations.
Because we recognize revenue from subscriptions over the term of the relevant service period, decreases or increases in sales are not immediately reflected in
full in our operating results.
We recognize revenue from subscriptions over the term of the relevant service period, which typically range from one to three years, with some up to
five years. As a result, most of our quarterly revenue from subscriptions results from agreements entered into during previous quarters. Consequently, a shortfall in
demand for our solutions in any quarter may not significantly reduce our subscription revenue for that quarter, but could negatively affect subscription revenue in
future quarters. We may be unable to adjust our cost structure to compensate for this potential shortfall in subscription revenue. Accordingly, the effect of
significant downturns in sales of subscriptions may not be fully reflected in our results of operations until future periods. Our subscription model also makes it
difficult for us to rapidly increase our subscription revenue through additional sales in any period, as subscription revenue must be recognized over the term of the
contract.
Interruptions or delays in services provided by third parties could impair the delivery of our service and harm our business.
We currently serve our customers from third‑party data center facilities and resources located in the United States, Canada, Australia and Europe. We
also rely on bandwidth providers, Internet service providers, mobile networks and other third-party IT service providers to operate our business and to deliver our
solutions. Any damage to, or failure or disruption of, the systems of our third‑party providers could result in interruptions to our service. If for any reason our
arrangement with one or more of our data centers is terminated we could experience additional expense in arranging for new facilities and support. Our data center
facilities providers have no obligations to renew their agreements with us on commercially reasonable terms, or at all. If we are unable to renew our agreements
with the facilities providers on commercially reasonable terms or if in the future we add additional data center facility providers, we may experience costs or
downtime in connection with the transfer to, or the addition of, new data center facilities. In addition, the failure of our data centers to meet our capacity
requirements could result in interruptions in the availability of our solutions, impair the functionality of our solutions or impede our ability to scale our operations.
As we continue to add data centers, restructure our data management plans, and increase capacity in existing and future data centers, we may move or transfer our
data and our customers’ data. Despite precautions taken during such processes and procedures, any unsuccessful data transfers may impair the delivery of our
service, and we may experience costs or downtime in connection with the transfer of data to other facilities. Similarly, some of our solutions’ features run or
depend on IT services run by third parties, such as data feeds or public clouds, and an extended failure of such services might materially and adversely impact our
ability to provide our services to our customers. Furthermore, some of our sales and business operations, such as CRM and billing and invoicing depend in part on
third-party IT service providers and if those services were to be unavailable for extended periods of time it might materially and adversely affect our ability to
operate.
24
�We also depend on access to the Internet through third ‑party bandwidth providers to operate our business. If we lose the services of one or more of our
bandwidth providers, or if these providers experience outages, for any reason, we could experience disruption in deliverin g our solutions or we could be required to
retain the services of a replacement bandwidth provider. Our business also depends on our customers having high-speed access to the Internet. Any Internet outages
or delays could adversely affect our ability to pr ovide our solutions to our customers.
Our operations rely heavily on the availability of electricity, which also comes from third-party providers. If we or the third-party data center facilities
that we use to deliver our services were to experience a major power outage or if the cost of electricity were to increase significantly, our operations and financial
results could be harmed. If we or our third‑party data centers were to experience a major power outage, we or they would have to rely on back-up generators, which
might not work properly or might not provide an adequate power supply during a major power outage. Such a power outage could result in a significant disruption
of our business.
The occurrence of an extended interruption of our or third‑party services for any reason could result in lengthy interruptions in our services or in the
delivery of customers’ email and require us to provide service credits, refunds, indemnification payments or other payments to our customers, and could also result
in the loss of customers. While we have business continuity and disaster recovery plans and contingencies in place, there can be no assurance that they will be
adequate in the event of an extended or severe disruption.
Any failure to offer high-quality technical support services may adversely affect our relationships with our customers and harm our financial results.
Once our solutions are deployed, our customers depend on our support organization to resolve any technical issues relating to our solutions. In
addition, our sales process is highly dependent on our solutions and business reputation and on strong recommendations from our existing customers. Any failure to
maintain high-quality technical support, or a market perception that we do not maintain high-quality support, could harm our reputation, adversely affect our ability
to sell our solutions to existing and prospective customers, and harm our business, operating results and financial condition.
We offer technical support services with many of our solutions. We may be unable to respond quickly enough to accommodate short-term increases in
customer demand for support services. We also may be unable to modify the format of our support services to compete with changes in support services provided
by competitors. Increased customer demand for these services, without corresponding revenue, could increase costs and adversely affect our operating results.
We have outsourced a substantial portion of our worldwide customer support functions to third‑party service providers. If these companies experience
financial difficulties, do not maintain sufficiently skilled workers and resources to satisfy our contracts, or otherwise fail to perform at a sufficient level, the level of
support services to our customers may be significantly disrupted, which could materially harm our reputation and our relationships with these customers.
If we fail to develop or protect our brand, our business may be harmed.
We believe that developing and maintaining awareness and integrity of our company and our brand are important to achieving widespread acceptance
of our existing and future offerings and are important elements in attracting new customers. We believe that the importance of brand recognition will increase as
competition in our market further intensifies. Successful promotion of our brand will depend on the effectiveness of our marketing efforts and on our ability to
provide reliable and useful solutions at competitive prices. We plan to continue investing substantial resources to promote our brand, both domestically and
internationally, but there is no guarantee that our brand development strategies will enhance the recognition of our brand. Some of our existing and potential
competitors have well-established brands with greater recognition than we have. If our efforts to promote and maintain our brand are not successful, our operating
results and our ability to attract and retain customers may be adversely affected. In addition, even if our brand recognition and loyalty increase, this may not result
in increased use of our solutions or higher revenue.
In addition, independent industry analysts often provide reviews of our solutions, as well as those of our competitors, and perception of our solutions in
the marketplace may be significantly influenced by these reviews. We have no control over what these industry analysts report, and because industry analysts may
influence current and potential customers, our brand could be harmed if they do not provide a positive review of our solutions or view us as a market leader.
25
�The steps we have taken to protect our intellectual property rights may not be adequate.
We rely on a combination of contractual rights, trademarks, trade secrets, patents and copyrights to establish and protect our intellectual property
rights. These offer only limited protection, however, and the steps we have taken to protect our proprietary technology may not deter its misuse, theft or
misappropriation. Any of our patents, copyrights, trademarks or other intellectual property rights may be challenged by others or invalidated through administrative
process or litigation. Competitors may independently develop technologies or products that are substantially equivalent or superior to our solutions or that
inappropriately incorporate our proprietary technology into their products. Competitors may hire our former employees who may misappropriate our proprietary
technology or misuse our confidential information. Although we rely in part upon confidentiality agreements with our employees, consultants and other third
parties to protect our trade secrets and other confidential information, those agreements may not effectively prevent disclosure of trade secrets and other
confidential information and may not provide an adequate remedy in the event of misappropriation of trade secrets or unauthorized disclosure of confidential
information. In addition, others may independently discover our trade secrets and confidential information, and in such cases we could not assert any trade secret
rights against such parties.
We might be required to spend significant resources to monitor and protect our intellectual property rights. We may initiate claims or litigation against
third parties for infringement of our intellectual property rights or misappropriation of our trade secrets, or to establish the validity of our intellectual property
rights. Any litigation, whether or not it is resolved in our favor, could result in significant expense to us and divert the efforts of our technical and management
personnel, which may adversely affect our business, operating results and financial condition. Certain jurisdictions may not provide adequate legal infrastructure
for effective protection of our intellectual property rights. Changing legal interpretations of liability for unauthorized use of our solutions or lessened sensitivity by
corporate, government or institutional users to refraining from intellectual property piracy or other infringements of intellectual property could also harm our
business.
Our issued patents may not provide us with any competitive advantages or may be challenged by third parties, and our patent applications may never
be granted at all. It is possible that innovations for which we seek patent protection may not be protectable. Additionally, the process of obtaining patent protection
is expensive and time consuming, and we may not be able to prosecute all necessary or desirable patent applications at a reasonable cost or in a timely manner.
Given the cost, effort, risks and downside of obtaining patent protection, including the requirement to ultimately disclose the invention to the public, we may not
choose to seek patent protection for certain innovations. However, such patent protection could later prove to be important to our business. Even if issued, there can
be no assurance that any patents will have the coverage originally sought or adequately protect our intellectual property, as the legal standards relating to the
validity, enforceability and scope of protection of patent and other intellectual property rights are uncertain. Any patents that are issued may be invalidated or
otherwise limited, or may lapse or may be abandoned, enabling other companies to better develop products that compete with our solutions, which could adversely
affect our competitive business position, business prospects and financial condition.
We cannot assure you that the measures we have taken to protect our intellectual property will adequately protect us, and any failure to protect our
intellectual property could harm our business.
Third parties claiming that we infringe their intellectual property rights could cause us to incur significant legal expenses and prevent us from selling our
solutions.
Companies in the software and technology industries, including some of our current and potential competitors, own large numbers of patents,
copyrights, trademarks and trade secrets and frequently enter into litigation based on allegations of infringement, misappropriation or other violations of intellectual
property rights. In addition, many of these companies have the capability to dedicate substantially greater resources to enforce their intellectual property rights and
to defend claims that may be brought against them. The litigation may involve patent holding companies or other adverse patent owners who have no relevant
product revenue and against whom our potential patents may provide little or no deterrence. We have received, and may in the future receive, notices that claim we
have infringed, misappropriated or otherwise violated other parties’ intellectual property rights. In the past we have been involved in litigation involving such
allegations of infringement. To the extent we gain greater visibility, we could face a higher risk of being the subject of intellectual property infringement claims,
which is not uncommon with respect to software technologies in general and information security technology in particular. There may be third‑party intellectual
property rights, including issued or pending patents that cover significant aspects of our technologies or business methods. Any intellectual property claims, with or
without merit, could be very time
26
�consuming, could be expensive to settle or litigate and could divert our management’s attention and othe r resources. These claims could also subject us to
significant liability for damages, potentially including treble damages if we are found to have willfully infringed patents or copyrights. These claims could also
result in our having to stop using technol ogy found to be in violation of a third-party’s rights. We might be required to seek a license for the intellectual property,
which may not be available on reasonable terms or at all. Even if a license were available, we could be required to pay significan t royalties, which would increase
our operating expenses. As a result, we may be required to develop alternative non-infringing technology, which could require significant effort and expense. If we
cannot license or develop technology for any infringing as pect of our business, we would be forced to limit or stop sales of one or more of our solutions or features
of our solutions and may be unable to compete effectively. Any of these results would harm our business, operating results and financial condition.
In addition, our agreements with customers and channel partners include indemnification provisions under which we agree to indemnify them for
losses suffered or incurred as a result of claims of intellectual property infringement and, in some cases, for damages caused by us to property or persons. Large
indemnity payments could harm our business, operating results and financial condition.
We rely on technology and intellectual property licensed from other parties, the failure or loss of which could increase our costs and delay or prevent the
delivery of our solutions.
We utilize various types of software and other technology, as well as intellectual property rights, licensed from unaffiliated third parties in order to
provide certain elements of our solutions. Any errors or defects in any third‑party technology could result in errors in our solutions that could harm our business. In
addition, licensed technology and intellectual property rights may not continue to be available on commercially reasonable terms, or at all. While we believe that
there are currently adequate replacements for the third‑party technology we use, any loss of the right to use any of this technology on commercially reasonable
terms, or at all, could result in delays in producing or delivering our solutions until equivalent technology is identified and integrated, which delays could harm our
business. In this situation we would be required to either redesign our solutions to function with software available from other parties or to develop these
components ourselves, which would result in increased costs. Furthermore, we might be forced to limit the features available in our current or future solutions. If
we fail to maintain or renegotiate any of these technology or intellectual property licenses, we could face significant delays and diversion of resources in attempting
to develop similar or replacement technology, or to license and integrate a functional equivalent of the technology.
Some of our solutions contain “open source” software, and any failure to comply with the terms of one or more of these open source licenses could negatively
affect our business.
Some of our solutions are distributed with software licensed by its authors or other third parties under so-called “open source” licenses, which may
include, by way of example, the GNU General Public License, or GPL, and the Apache License. Some of these licenses contain requirements that we make
available source code for modifications or derivative works we create based upon the open source software, and that we license such modifications or derivative
works under the terms of a particular open source license or other license granting third parties certain rights of further use. By the terms of certain open source
licenses, we could be required to release the source code of our proprietary software, and to make our proprietary software available under open source licenses, if
we combine our proprietary software with open source software in a certain manner. In the event that portions of our proprietary software are determined to be
subject to an open source license, we could be required to publicly release the affected portions of our source code, re-engineer all or a portion of our technologies,
or otherwise be limited in the licensing of our technologies, each of which could reduce or eliminate the value of our technologies and solutions. In addition to risks
related to license requirements, usage of open source software can lead to greater risks than use of third-party commercial software, as open source licensors
generally do not provide warranties or controls on the origin of the software. We have established processes to help alleviate these risks, including a review process
for screening requests from our development organizations for the use of open source software, but we cannot be sure that all open source software is submitted for
approval prior to use in our solutions, that our programmers have not incorporated open source software into our proprietary solutions and technologies or that they
will not do so in the future. In addition, many of the risks associated with usage of open source software cannot be eliminated, and could, if not properly addressed,
negatively affect our business.
27
�Governmental regulations affecting the expor t of certain of our solutions could negatively affect our business.
Some of our products are subject to U.S. export controls, and we incorporate encryption technology into certain of our products. These encryption
products and the underlying technology may be exported outside the United States only with the required export authorizations, including by license, a license
exception or other appropriate government authorizations, including the filing of an encryption registration. Governmental regulation of encryption technology and
regulation of imports or exports, or our failure to obtain required import or export approval for our products, could harm our international sales and adversely affect
our revenue.
Failure to comply with such regulations, whether by us or companies that we have acquired, in the future could result in penalties, costs, and
restrictions on export privileges, which could also harm our operating results.
We have, and may further, expand through acquisitions of, or investments in, other companies, which may divert our management’s attention, dilute our
stockholders’ ownership interests and consume corporate resources that otherwise would be necessary to sustain and grow our business.
We have made multiple acquisitions in the past, and our business strategy may, from time to time, continue to include acquiring complementary
products, technologies or businesses. We also may enter into relationships with other businesses in order to expand our solutions, which could involve preferred or
exclusive licenses, additional channels of distribution, or investments by or between the two parties. Negotiating these transactions can be time consuming, difficult
and expensive, and our ability to close these transactions may be subject to third‑party approvals, such as government regulation, which are beyond our control.
Consequently, we can make no assurance that these transactions, once undertaken and announced, will close.
These transactions may result in unforeseen operating difficulties and expenditures. In particular, we may encounter difficulties assimilating or
integrating the businesses, technologies, products, personnel or operations of acquired companies, particularly if the key personnel of the acquired business choose
not to work for us, and we may have difficulty retaining the customers of any acquired business. Acquisitions may also disrupt our ongoing business, divert our
resources and require significant management attention that would otherwise be available for development of our business. Any acquisition or investment could
expose us to unknown liabilities.
In addition, as of December 31, 2018, we had $597.1 million in goodwill and intangible assets, net of accumulated amortization, recorded on our
balance sheet. We will incur expenses related to the amortization of intangible assets and we may in the future need to incur charges with respect to the impairment
of goodwill or intangible assets, which could adversely affect our operating results. Moreover, we cannot assure you that the anticipated benefits of any acquisition
or investment would be realized or that we would not be exposed to unknown liabilities. In connection with these types of transactions, we may issue additional
equity securities that would dilute our stockholders’ ownership interests, use cash that we may need in the future to operate our business, incur debt on terms
unfavorable to us or that we are unable to repay, incur large charges or substantial liabilities, encounter difficulties integrating diverse business cultures, and
become subject to adverse tax consequences, substantial depreciation or deferred compensation charges. These challenges related to acquisitions or investments
could adversely affect our business, operating results and financial condition.
If we are unable to attract and retain qualified employees, lose key personnel, fail to integrate replacement personnel successfully, or fail to manage our
employee base effectively, we may be unable to develop new and enhanced solutions, effectively manage or expand our business, or increase our revenue.
Our future success depends upon our ability to recruit and retain key management, technical, sales, marketing, finance, and other critical personnel.
Competition for qualified management, technical and other personnel is intense, and we may not be successful in attracting and retaining such personnel. If we fail
to attract and retain qualified employees, our ability to grow our business could be harmed. Our officers and other key personnel are employees-at-will, and we
cannot assure you that we will be able to retain them. Competition for people with the specific skills that we require is significant. In order to attract and retain
personnel in a competitive marketplace, we believe that we must provide a competitive compensation package, including cash and equity‑based compensation.
Volatility in our stock price may from time to time adversely affect our ability to recruit or retain employees. If we are unable to hire and retain qualified
employees, or conversely, if we fail to manage employee performance or reduce staffing levels when required by market conditions, our business and operating
results could be adversely affected.
28
�In addition, hiring, training, and successfully integrating replacement personnel could be time consuming, may cause additional disruptions to our
operations, and may be unsuccessful, which could negatively impact future revenue.
Changes in laws and/or regulations related to the Internet or changes in the Internet infrastructure itself may diminish the demand for our solutions, and
could have a negative impact on our business.
The future success of our business depends upon the continued use of the Internet as a primary medium for commerce, communication and business
applications. Federal, state or foreign government bodies or agencies have in the past adopted, and may in the future adopt, laws or regulations affecting data
privacy and the use of the Internet as a commercial medium. Changes in these laws or regulations could require us to modify our solutions in order to comply with
these changes. In addition, government agencies or private organizations may begin to impose taxes, fees or other charges for accessing the Internet or commerce
conducted via the Internet. These laws or charges could limit the growth of Internet‑related commerce or communications generally, result in a decline in the use of
the Internet and the viability of Internet‑based applications such as ours and reduce the demand for our solutions.
The legal and regulatory framework also drives demand for our solutions. Our customers are subject to laws, regulations and internal policies that
mandate how they process, handle, store, use and transmit a variety of sensitive data and communications. These laws and regulations are subject to revision,
change and interpretation at any time, and any such change could either help or hurt the demand for our solutions. We cannot be sure that the legal and regulatory
framework in any given jurisdiction will be favorable to our business or that we will be able to sustain or grow our business if there are any adverse changes to
these laws and regulations.
If we are required to collect sales and use taxes on the solutions we sell, we may be subject to liability for past sales and our future sales may decrease.
State and local taxing jurisdictions have differing rules and regulations governing sales and use taxes, and these rules and regulations are subject to
varying interpretations that may change over time. In particular, the applicability of sales taxes to our subscription services in various jurisdictions is unclear. It is
possible that we could face sales tax audits and that our liability for these taxes could exceed our estimates as state tax authorities could still assert that we are
obligated to collect additional amounts as taxes from our customers and remit those taxes to those authorities. We could also be subject to audits with respect to
state and international jurisdictions for which we have not accrued tax liabilities. A successful assertion that we should be collecting additional sales or other taxes
on our services in jurisdictions where we have not historically done so and do not accrue for sales taxes could result in substantial tax liabilities for past sales,
discourage customers from purchasing our application or otherwise harm our business and operating results.
Adverse conditions in the national and global economies and financial markets may adversely affect our business and financial results.
Adverse macroeconomic conditions could negatively affect our customers, thereby impacting our business, operating results or financial condition.
Challenging economic conditions worldwide have from time to time contributed, and may continue to contribute, to slowdowns in the information technology
industry, resulting in reduced demand for our solutions as a result of continued constraints on IT-related capital spending by our customers and increased price
competition for our solutions. Moreover, we target some of our solutions to the financial services industry and therefore if there is consolidation in that industry, or
layoffs, or lack of funding for IT purchases, our business may suffer. If economic conditions deteriorate, our business, financial condition and operating results
could be materially and adversely affected.
29
�Our business is subject to the risks of earthquakes, fire, power outages, floods and other catastrophic events, and to interruption by manmade problems such as
terrorism.
Natural disasters or other catastrophic events may cause damage or disruption to our operations, international commerce and the global economy, and
thus could have a strong negative effect on us. We have significant operations in the Silicon Valley area of Northern California, a region known for seismic
activity. A major earthquake or other natural disaster, fire, act of terrorism or other catastrophic event that results in the destruction or disruption of any of our
critical business operations or information technology systems could severely affect our ability to conduct normal business operations and, as a result, our future
operating results could be harmed. These negative events could make it difficult or impossible for us to deliver our services to our customers, and could decrease
demand for our services. Because we do not carry earthquake insurance for direct quake‑related losses, and significant recovery time could be required to resume
operations, our financial condition and operating results could be materially adversely affected in the event of a major earthquake or catastrophic event.
A portion of our revenue is generated by sales to government entities, which are subject to a number of challenges and risks.
Sales to U.S. and foreign federal, state and local governmental agency customers have accounted for a portion of our revenue in past periods, and we
may in the future increase sales to government entities. Sales into government entities are subject to a number of risks. Selling to government entities can be highly
competitive, expensive and time consuming, often requiring significant upfront time and expense without any assurance that we will win a sale. We have invested
in the creation of a cloud offering that has been certified under both the Federal Information Security Management Act and the Federal Risk and Authorization
Management Program for government usage but we cannot be sure that we will continue to sustain or renew this certification, that the government will continue to
mandate such certification or that other government agencies or entities will use this cloud offering. Government demand and payment for our solutions may be
impacted by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our
solutions. Government entities may have contractual or other legal rights to terminate contracts with our distributors and resellers for convenience or due to a
default, and any such termination may adversely impact our future results of operations. For example, if the distributor receives a significant portion of its revenue
from sales to such governmental entity, the financial health of the distributor could be substantially harmed, which could negatively affect our future sales to such
distributor. Governments routinely investigate and audit government contractors’ administrative processes, and any unfavorable audit could result in the
government refusing to continue buying our solutions, a reduction of revenue or fines or civil or criminal liability if the audit uncovers improper or illegal activities.
Any such penalties could adversely impact our results of operations in a material way.
If we fail to maintain an effective system of internal controls, our ability to produce timely and accurate financial statements or comply with applicable
regulations could be impaired.
As a public company, we are subject to the reporting requirements of the Exchange Act, the Sarbanes‑Oxley Act of 2002 (the “Sarbanes-Oxley Act”),
and the rules and regulations of the NASDAQ Global Market. We expect that the requirements of these rules and regulations will continue to increase our legal,
accounting and financial compliance costs, make some activities more difficult, time consuming and costly, and place significant strain on our personnel, systems
and resources.
The Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial
reporting. We are continuing to develop and refine our disclosure controls and other procedures that are designed to ensure that information required to be disclosed
by us in the reports that we file with the SEC, is recorded, processed, summarized and reported within the time periods specified in SEC rules and forms, and that
information required to be disclosed in reports under the Exchange Act is accumulated and communicated to our principal executive and financial officers.
Our current controls and any new controls that we develop may become inadequate because of changes in conditions in our business. In addition,
because we have acquired companies in the past and may continue to do so in the future, we will also need to expend resources to integrate the controls of these
acquired entities with ours. Further, weaknesses in our internal controls may be discovered in the future. Any failure to develop or maintain effective controls, or
any difficulties encountered in their implementation or improvement, could harm our operating
30
�results or cause us to fail to meet our reporting obligatio ns and may result in a restatement of our financial statements for prior periods. Any failure to implement
and maintain effective internal controls also could adversely affect the results of periodic management evaluations and annual independent registered public
accounting firm report regarding the effectiveness of our internal control over financial reporting that we are required to include in our Annual Report on Form 10-
K under Section 404 of the Sarbanes ‑Oxley Act. Ineffective disclosure controls and p rocedures and internal control over financial reporting could also cause
investors to lose confidence in our reported financial and other information, which would likely have a negative effect on the trading price of our common stock.
In order to maintain and improve the effectiveness of our disclosure controls and procedures and internal control over financial reporting, we have
expended, and anticipate that we will continue to expend, significant resources, including accounting‑related costs, and provide significant management oversight.
Any failure to maintain the adequacy of our internal controls, or consequent inability to produce accurate financial statements on a timely basis, could increase our
operating costs and could materially impair our ability to operate our business. In the event that we or our independent registered public accounting firm are not
able to complete the work required under Section 404 of the Sarbanes-Oxley Act on a timely basis, or we are not able to demonstrate compliance with Section 404,
we could be subject to late filings of our annual and quarterly reports, restatements of consolidated financial statements or other corrective disclosure, and,
investors may lose confidence in our operating results and our stock price could decline. In addition, if we are unable to continue to meet these requirements, we
may not be able to remain listed on the NASDAQ Global Market.
We may not be able to utilize a significant portion of our net operating loss or research tax credit carryforwards, which could adversely affect our profitability.
As of December 31, 2018, we had federal and state net operating loss carryforwards due to prior period losses, some of which if not utilized will
continue to expire in 2019 for federal and state purposes. We also have federal research tax credit carryforwards, which began to expire in 2018. These net
operating loss and research tax credit carryforwards could expire unused and be unavailable to offset future income tax liabilities, which could adversely affect our
profitability.
In addition, under Sections 382 and 383 of the Internal Revenue Code of 1986, as amended, our ability to utilize net operating loss carryforwards or
other tax attributes, such as research tax credits, in any taxable year may be limited if we experience an “ownership change.” An “ownership change” generally
occurs if one or more stockholders or groups of stockholders who own at least 5% of our stock increase their ownership by more than 50 percentage points over
their lowest ownership percentage within a rolling three-year period. Similar rules may apply under state tax laws.
Future issuances of our stock could cause an “ownership change.” It is possible that any future ownership change could have a material effect on the
use of our net operating loss carryforwards or other tax attributes, which could adversely affect our profitability.
Risks Related to the Ownership of Our Common Stock
Our stock price has been volatile in the past and may be subject to volatility in the future.
The trading price of our common stock has been volatile historically, and is likely to continue to be subject to wide fluctuations in response to various
factors described below. Factors affecting the market price of our securities include:
•
•
•
•
variations in our revenue, billings, gross margin, operating results, free cash flow, loss per share and how these results compare to analyst
expectations;
forward looking guidance that we may provide regarding financial metrics such as billings, revenue, gross margin, operating results, free cash
flow, and loss per share;
announcements of technological innovations, new products or services, strategic alliances, acquisitions or significant agreements by us or by our
competitors;
disruptions in our cloud-based operations or services or disruptions of other prominent cloud-based operations or services;
31
�•
•
•
•
•
the economy as a whole, market conditions in our industry, and the industries of our customers;
trading activity by directors, executive officers and significant stockholders, or the perception in the market that the holders of a large number of
shares intend to sell their shares;
the size of our market float and significant option exercises;
any future issuances of securities; and
any other factors discussed herein.
In addition, the stock markets in general and the NASDAQ Global Market in particular, have experienced substantial price and volume volatility that is
often seemingly unrelated to the operating results of any particular companies. Moreover, if the market for technology stocks, especially security and cloud
computing-related stocks, or the stock market in general experiences uneven investor confidence, the market price of our common stock could decline for reasons
unrelated to our business, operating results or financial condition. The market price for our stock might also decline in reaction to events that affect other companies
within, or outside, our industry, even if these events do not directly affect us. Some companies that have experienced volatility in the trading price of their stock
have been subject of securities litigation. If we are the subject of such litigation, it could result in substantial costs and a diversion of management’s attention and
resources.
Anti-takeover provisions contained in our certificate of incorporation and bylaws, as well as provisions of Delaware law, could impair a takeover attempt.
Our certificate of incorporation and bylaws contain provisions that could have the effect of rendering more difficult, delaying or preventing an
acquisition of our company deemed undesirable by our board of directors. These provisions could also reduce the price that investors might be willing to pay in the
future for shares of our common stock and result in the market price of our common stock being lower than it would be without these provisions. Our corporate
governance documents include provisions:
•
•
•
•
•
creating a classified board of directors whose members serve staggered three-year terms;
authorizing “blank check” preferred stock, which could be issued by our board without stockholder approval which may contain voting,
liquidation, dividend and other rights which are superior to our common stock;
limiting the liability of, and providing indemnification to, our directors and officers;
limiting the ability of our stockholders to call and bring business before special meetings by providing that any stockholder action must be
effected at a duly called meeting of the stockholders and not by a consent in writing, and providing that only our board of directors, the chairman
of our board of directors, our Chief Executive Officer or President may call a special meeting of the stockholders; and
requiring advance notice of stockholder proposals for business to be conducted at meetings of our stockholders and for nominations of
candidates for election to our board of directors.
These provisions, alone or together, could frustrate, delay or prevent hostile takeovers and changes in control or changes in our management.
As a Delaware corporation, we are also subject to provisions of Delaware law, including Section 203 of the Delaware General Corporation law, which
prevents some stockholders holding more than 15% of our outstanding common stock from engaging in certain business combinations merging or combining with
us without approval of the holders of a substantial majority of all of our outstanding common stock.
32
�Our failure to raise additional capital or generate the significant capital necessary to expand our operations and invest in new solutions could reduce our
ability to compe te and could harm our business.
We may need to raise additional funds, and we may not be able to obtain additional debt or equity financing on favorable terms, if at all. If we raise
additional equity financing, our stockholders may experience significant dilution of their ownership interests and the per share value of our common stock could
decline. If we issue equity securities in any additional financing, the new securities may have rights and preferences senior to our common stock. If we engage in
debt financing, we may be required to accept terms that restrict our ability to incur additional indebtedness and force us to maintain specified liquidity or other
ratios. If we need additional capital and cannot raise it on acceptable terms, we may not be able to, among other things:
•
•
•
•
•
develop or enhance our application and services;
continue to expand our product development, sales and marketing organizations;
acquire complementary technologies, products or businesses;
expand operations, in the United States or internationally;
hire, train and retain employees; or
respond to competitive pressures or unanticipated working capital requirements.
Future sales of our common stock in the public market could lower the market price for our common stock and adversely impact the trading price of the Notes.
In the future, we may sell additional shares of our common stock to raise capital. In addition, a substantial number of shares of our common stock is
reserved for issuance upon the exercise of stock options, the vesting of restricted stock units and restricted stock pursuant to our employee benefit plans, for
purchase by employees under our employee stock purchase plan. We cannot predict the size of future issuances or the effect, if any, that they may have on the
market price for our common stock. The issuance and sale of substantial amounts of common stock, or the perception that such issuances and sales may occur,
could adversely affect the market price of our common stock and impair our ability to raise capital through the sale of additional equity securities.
We do not anticipate paying cash dividends, and accordingly, stockholders must rely on stock appreciation for any return on their investment.
We do not anticipate paying cash dividends on our common stock in the future. As a result, only appreciation of the price of our common stock will
provide a return to our stockholders. Investors seeking cash dividends should not invest in our common stock.
ITEM 1B. UNRESOLVED STAFF COMMENTS
None.
ITEM 2. PROPERTIES
Our corporate headquarters, which includes our operations and research and development facilities, is located in Sunnyvale, California, and currently
consists of 95,557 square feet of space under a lease that expires in 2020, with a five-year extension option, and 43,925 square feet space under a lease that expires
in 2024, with a five-year extension option.
33
�In October 2018, we entered into a lease agreement to lease approximately 242,400 square feet of corporate office space in Sunnyvale, California,
which is expec ted to become our new corporate headquarters beginning in 2020. The property will be constructed by the landlord, with the completion date
expected to occur between April and August 2020. The lease has term of 127 months and a five-year extension option.
We lease additional U.S. offices in California, Utah, Pennsylvania, Texas, Indiana and Colorado. We also lease offices in Toronto, Canada; Paris,
France; Tokyo, Japan; Munich, Germany; Reading, United Kingdom; Belfast, Ireland; Sydney, Australia; and Herzliya, Israel. We believe our facilities are
adequate for our current needs and for the foreseeable future.
The following is a list of our locations and the primary functions.
Location
Sunnyvale, California, U.S.
San Francisco, California, U.S.
Draper, Utah, U.S.
Pittsburgh, Pennsylvania, U.S.
Austin, Texas, U.S.
Indianapolis, Indiana, U.S.
Denver and Broomfield, Colorado
Herzliya, Israel
Toronto, Canada
Reading, United Kingdom
Paris, France
Tokyo, Japan
Munich, Germany
Belfast, Ireland
Sydney, Australia
Primary function
Research and development, sales, marketing and administration
Research and development, sales and marketing
Research and development, sales, marketing and administration
Research and development, sales, marketing and administration
Research and development, marketing
Research and development
Research and development, sales and marketing
Research and development
Research and development, sales, marketing and administration
Research and development, sales and marketing
Research and development, sales and marketing
Sales and marketing
Sales and marketing
Research and development, sales and marketing
Sales and marketing
We operate seventeen data centers at third-party facilities throughout the world: eleven in the United States, two in Canada, one in the Netherlands, one
in France, one in Germany and one in Australia.
ITEM 3. LEGAL PROCEEDINGS
From time to time, we may be involved in legal proceedings and subject to claims in the ordinary course of business.
Although the results of these proceedings and claims cannot be predicted with certainty, we do not believe the ultimate cost to resolve these matters
would individually, or taken together, have a material adverse effect on our business, operating results, cash flows or financial condition. Regardless of the
outcome, such proceedings can have an adverse impact on us because of defense and settlement costs, diversion of resources and other factors, and there can be no
assurances that favorable outcomes will be obtained.
ITEM 4. MINE SAFETY DISCLOSURES
Not applicable.
34
�PART II.
ITEM 5. MARKET FOR REGISTRANT’S COMMON EQUITY, RELATED STOCKHOLDER MATTERS AND ISSUER PURCHASES OF EQUITY
SECURITIES
Our common stock is traded on the NASDAQ Global Market, under the symbol PFPT.
As of February 8, 2019, there were 34 stockholders of record, although we believe that there are a larger number of beneficial owners as many of our
shares of our common stock are held by brokers and other institutions on behalf of stockholders.
Dividend Policy
We have never declared or paid any cash dividends on our common stock. We currently intend to retain any future earnings and do not expect to pay
any cash dividends on our common stock for the foreseeable future. Any determination to pay dividends in the future will be at the discretion of our board of
directors and will be dependent on a number of factors, including our earnings, capital requirements and overall financial conditions.
Unregistered Sales of Equity Securities
Not applicable.
Use of Proceeds from Public Offering of Common Stock
There has been no material change in the use of proceeds from our initial public offering in April 2012.
35
�Stock Performance Graph
The following graph shows a comparison of the five years ended December 31, 2018, of the cumulative total return for our common stock, the
NASDAQ Composite Index, and the NASDAQ Computer Index. The graph assumes an investment of $100 on December 31, 2013 and reinvestment of any
dividends. The comparisons in the graph below are required by the Securities and Exchange Commission and are not intended to forecast or be indicative of
possible future performance of our common shares.
Proofpoint, Inc.
NASDAQ Composite - Total Returns
NASDAQ Computer Index
December 31,
2013
December 31,
2014
December 31,
2015
December 31,
2016
December 31,
2017
December 31,
2018
$
$
$
100.00 $
100.00 $
100.00 $
145.40 $
115.31 $
120.51 $
195.99 $
123.34 $
128.04 $
212.99 $
134.27 $
143.75 $
267.74 $
174.07 $
199.47 $
252.67
169.13
192.13
The above stock Performance Graph and related information shall not be deemed “filed” with the SEC and is not to be incorporated by reference into
any filing of Proofpoint, Inc. made under the Securities Act of 1933, as amended, or the Securities Exchange Act of 1934, as amended.
ITEM 6. SELECTED CONSOLIDATED FINANCIAL DATA
The following tables present selected historical financial data for our business. You should read this information together with “Management’s
Discussion and Analysis of Financial Condition and Results of Operations” and the consolidated financial statements, related notes and other financial
information included elsewhere in this Annual Report on Form 10-K. The selected consolidated financial data in this section are not intended to replace the
consolidated financial statements and are qualified in their entirety by the consolidated financial statements and related notes included elsewhere in this Annual
Report on Form 10-K.
We derived the consolidated statements of operations data for the years ended December 31, 2018, 2017 and 2016, and the consolidated balance sheet
data as of December 31, 2018 and 2017 from our audited consolidated financial statements included elsewhere in this report. We derived the consolidated
statements of operations data for the years ended December 31, 2015 and 2014 and the consolidated balance sheet data as of December 31, 2016, 2015 and 2014
from our consolidated financial statements not included in this report. Our historical results are not necessarily indicative of the results to be expected in the future.
36
�As a result of adoption of Accounting Sta ndards Update (“ASU”) No. 2014-09, Revenue from Contracts with Customers: Topic 606 (“ASC 606”) in
the first quarter of 2018, we have adjusted certain of the following financial data as of and for the years ended December 31, 2017 and 2016, as indicated by “as
adjusted” note. See Note 2 of Notes to Consolidated Financial Statements included in Part II, Item 8 of this Annual Report on Form 10-K for further information
regarding the adoption of ASC 606. We did not adjust the financial data as of and for the y ears ended December 31, 2015 and 2014 for ASC 606.
Years Ended December 31,
2016
2017
2018
As Adjusted
As Adjusted
2015
2014
(in thousands, except per share data)
Consolidated Statements of Operations Data:
Revenue:
Subscription
Hardware and services
Total revenue
Cost of revenue :(1)
Subscription
Hardware and services
Total cost of revenue
Gross profit
Operating expense: (1)
Research and development
Sales and marketing
General and administrative
Total operating expense
Operating loss
Interest expense
Other (expense) income, net
Loss before income taxes
Benefit from (provision for) income taxes
Net loss
$
Net loss per share, basic and diluted
Weighted average shares outstanding,
basic and diluted
Includes stock-based compensation and amortization of intangible assets as follows:
$
(1)
$
704,400 $
12,594
716,994
506,355 $
13,326
519,681
367,494 $
10,843
378,337
257,329 $
8,068
265,397
180,253
21,508
201,761
515,233
185,391
345,368
86,185
616,944
(101,711)
(14,168)
(1,102)
(116,981)
13,232
(103,749) $
125,832
17,546
143,378
376,303
129,803
248,694
52,735
431,232
(54,929)
(25,597)
774
(79,752)
9,950
(69,802) $
94,716
13,877
108,593
269,744
98,506
189,324
52,774
340,604
(70,860)
(23,538)
(1,103)
(95,501)
(986)
(96,487) $
71,746
12,312
84,058
181,339
74,459
148,414
36,616
259,489
(78,150)
(18,000)
(1,927)
(98,077)
(635)
(98,712) $
(1.99) $
(1.58) $
(2.31) $
(2.48) $
187,527
8,080
195,607
53,136
12,543
65,679
129,928
51,903
98,333
26,679
176,915
(46,987)
(11,213)
(2,230)
(60,430)
313
(60,117)
(1.61)
52,111
44,258
41,859
39,787
37,381
Stock-based compensation:
Cost of subscription revenue
Cost of hardware and services revenue
Research and development
Sales and marketing
General and administrative
Amortization of intangible assets:
Cost of subscription revenue
Research and development
Sales and marketing
General and administrative
2018
2017
Years Ended December 31,
2016
(in thousands)
2015
2014
$
$
$
$
$
$
$
$
$
14,012 $
2,287 $
40,204 $
50,320 $
35,885 $
26,971 $
45 $
14,141 $
— $
37
10,635 $
1,893 $
30,588 $
33,962 $
20,382 $
14,512 $
60 $
3,934 $
— $
7,427 $
1,494 $
24,342 $
28,607 $
16,826 $
9,423 $
60 $
4,938 $
— $
5,028 $
1,098 $
20,672 $
21,511 $
11,785 $
7,079 $
91 $
5,074 $
12 $
2,404
604
10,204
10,795
6,997
4,157
93
4,494
46
�Consolidated Balance Sheet Data:
Cash, cash equivalents and short-term
investments
Deferred commissions, current and long-term
Property and equipment, net
Total assets
Convertible senior notes
Other debt, current and long-term
Deferred revenue, current and long-term
Total stockholders’ equity
2017
As of December 31,
2016
2018
As Adjusted
As Adjusted
(in thousands)
2015
2014
$
$
$
$
$
$
$
$
231,699 $
107,380 $
70,627 $
1,233,018 $
— $
— $
598,130 $
512,534 $
331,598 $
78,203 $
73,617 $
1,018,432 $
197,858 $
89 $
427,839 $
299,115 $
396,751 $
60,768 $
52,523 $
836,929 $
366,541 $
123 $
295,015 $
96,379 $
406,237 $
22,802 $
34,501 $
705,616 $
345,699 $
155 $
223,726 $
83,185 $
214,986
15,060
18,718
439,076
161,396
695
162,675
71,533
38
�ITEM 7. MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS
The following discussion and analysis of our financial condition and results of operations should be read in conjunction with our “Selected
Consolidated Financial Data” and our consolidated financial statements and related notes included elsewhere in this Annual Report on Form 10-K. This
discussion contains forward-looking statements that involve risks and uncertainties. Our actual results could differ materially from those forward-looking
statements below. Factors that could cause or contribute to those differences include, but are not limited to, those identified below and those discussed in the
section entitled “Risk Factors” included elsewhere in this Annual Report on Form 10-K. This Annual Report on Form 10-K contains “forward-looking statements”
within the meaning of Section 21E of the Securities Exchange Act of 1934, as amended (the “Exchange Act”). These statements are often identified by the use of
words such as “may,” “will,” “expect,” “believe,” “anticipate,” “intend,” “could,” “estimate,” or “continue,” and similar expressions or variations. Such
forward-looking statements are subject to risks, uncertainties and other factors that could cause actual results and the timing of certain events to differ materially
from future results expressed or implied by such forward-looking statements. Factors that could cause or contribute to such differences include, but are not limited
to, those identified herein, and those discussed in the section titled “Risk Factors”, set forth in Part I, Item 1A of this Form 10-K. Except as required by law, we
disclaim any obligation to update any forward-looking statements to reflect events or circumstances after the date of such statements.
Overview
Proofpoint is a leading next generation cybersecurity company that enables large and mid-sized organizations worldwide to protect their employees
from advanced threats and compliance risks. Our security and compliance platform is comprised of an integrated suite of advanced threat protection, information
protection, and brand protection solutions. These capabilities include email protection and authentication, advanced threat protection, data loss prevention, email
encryption, SaaS application protection, response orchestration and automation, digital risk, security training, web browser isolation, archiving, eDiscovery,
supervision, and secure communication. Our solutions are built on a flexible, cloud-based platform and leverage a number of proprietary technologies - including
big data analytics, machine learning, deep content inspection, secure storage, advanced encryption, intelligent message routing, dynamic malware analysis, threat
correlation, and virtual execution environments to address today’s rapidly changing threat and compliance landscape.
Our platform addresses this growing challenge by not only protecting data as it flows into and out of the enterprise via on-premises and cloud-based
email, social media and other cloud applications, but also by keeping track of this information as it is modified and distributed throughout the enterprise for
compliance and data loss prevention, and securely archiving these communications for compliance and discovery. We help organizations reduce their critical risk in
five major ways:
•
•
•
•
•
Protecting users from the advanced attacks that target them via email, web, networks, social media, and cloud apps;
Preventing the theft or inadvertent loss of sensitive information and, in turn, ensuring compliance with regulatory data protection mandates;
Improving the resilience of end-users to the threats that target them and training them to be better caretakers of their organizations’ critical data;
Collecting, retaining, supervising and discovering communications and sensitive data for compliance and litigation support; and
Enabling organizations to respond quickly to security issues, providing both the intelligence and the context to prioritize incidents and
orchestrate remediation actions.
Our platform and its associated solutions are sold to customers on a subscription basis and can be deployed through our unique cloud-based
architecture that leverages both our global data centers as well as optional points-of-presence behind our customers’ firewalls. Our flexible deployment model
enables us to deliver superior security and compliance while maintaining the favorable economics afforded by cloud computing, creating a competitive advantage
for us over legacy on-premises and cloud-only offerings.
39
�We were founded in 2002 to provide a unified solution to help enterprises address their growing data security requirements. Our first solution was
commercially released in 20 03 to combat the burgeoning problem of spam and viruses and their impact on corporate email systems. To address the evolving threat
landscape and the adoption of communication and collaboration systems beyond corporate email and networks, we have broadened our solutions to defend against
a wide range of threats, including email, mobile apps and social media, to protect the information people create from both compromise and compliance risks, and to
archive and govern corporate information. Today, our solutio ns are used worldwide to protect well over 100 million end-users at enterprise customers, and
millions more via service providers through our Cloudmark division . As the threat environment has continued to evolve, we have dedicated significant resources to
meet the ongoing challenges that this highly dynamic environment creates for our customers such as investing significantly to expand the breadth of our data
protection platform as these expenditures are primarily in connection with the replacement and upgr ade of equipment to lower the cost of deployment as well as to
improve the efficiency for our cloud-based architecture.
Our business is based on a recurring revenue model. Our customers pay a subscription fee to license the various components of our SaaS platform for a
contract term that is typically one to three years. At the end of the license term, customers may renew their subscription and in each year since the launch of our
first solution in 2003, we have maintained a renewal rate with our existing customers of over 90%. We derive this retention rate by calculating the total annually
recurring subscription revenue from customers currently using our SaaS platform and dividing it by the total annually recurring subscription revenue from both
these current customers as well as all business lost through non-renewal.
We market and sell our solutions worldwide both directly through our sales teams and indirectly through a hybrid model where our sales organization
actively assists our network of distributors and resellers. We also derive a lesser portion of our total revenue from the license of our solutions to strategic partners
who offer our solutions in conjunction with one or more of their own products or services.
Our solutions are designed to be implemented, configured and operated without the need for any training or professional services. We offer various
training and professional services for those customers that seek to develop deeper expertise in the use of our solutions or would like assistance with complex
configurations or the importing of data. In some cases, we provide a hardware appliance to those customers that elect to host elements of our solution behind their
firewall. Increasing adoption of virtualization in the data center has led to a decline in the sales of our hardware appliances and a shift towards our software-based
virtual appliances, which are delivered as a download via the Internet. Our hardware and services offerings carry lower margins and are provided as a courtesy to
our customers. We expect the overall proportion of revenue derived from the hardware and services offerings to generally remain below 5% of our total revenue.
Historically, the majority of our revenue was derived from our customers in the United States. We believe the markets outside of the United States
offer an opportunity for growth and we intend to make additional investments in sales and marketing to expand in these markets. Revenue from customers outside
of the United States grew 52% for the year ended December 31, 2018 as compared to the prior year. In terms of customer concentration, there was one partner who
accounted for 12% of our total revenue in 2018 and 2017, though that partner sold to a number of end-users, none of which accounted for more than 10% of our
total revenue in 2018 and 2017. No individual customers or partners accounted for more than 10% of our total revenue in 2016.
We have not been profitable to date and will need to grow revenue at a rate faster than our investments in cost of revenue and operating expenses in
order to achieve profitability, as discussed in more detail below.
Key Opportunities and Challenges
The total costs associated with the teams tasked with closing business with new customers and additional business with our existing customers have
represented more than 90% of our total sales and marketing costs since 2008. Although we expect customers to be profitable over the duration of the customer
relationship, the upfront costs typically exceed related revenue during the earlier periods of a contract. As a result, while our practice of invoicing our customers for
the entire amount of the contract at the start of the term provides us with a relatively immediate contribution to cash flow, the revenue is recognized ratably over the
term of the contract, and hence contributions toward operating income are limited in the period where the sales and marketing costs are incurred. Accordingly, an
increase in the mix of new customers as a percentage of total customers would likely negatively
40
�impact our near-term operating results. On the other hand, we expect that an increase in the mix of existing customers as a percentage of total customers would
positively impact our operating results over time. As we accumulate customers that continue to r enew their contracts, we anticipate that our mix of existing
customers will increase, contributing to a decrease in our sales and marketing costs as a percentage of total revenue and a commensurate improvement in our
operating income.
As part of maintaining our SaaS platform, we provide ongoing updates and enhancements to the platform services both in terms of the software as well
as the underlying hardware and data center infrastructure. These updates and enhancements are provided to our customers at no additional charge as part of the
subscription fees paid for the use of our platform. While more traditional products eventually become obsolete and require replacement, we are constantly updating
and maintaining our cloud-based services and as such they operate with a continuous product life cycle. Much of this work is designed to both maintain and
enhance the customers’ experience over time while also lowering our costs to deliver the service. Our SaaS platform is a shared infrastructure that is used by all of
our customers. Accordingly, the costs of the platform are spread in a relatively uniform manner across the entire customer base and no specific infrastructure
elements are directly attached to any particular customer. As such, in the event that a customer chooses to not renew its subscription, the underlying resources are
reallocated either to new customers or to accommodate the expanding needs of our existing customers and, as a result, we do not believe that the loss of any
particular customer has a meaningful impact on our gross profit as long as we continue to grow our customer base.
To date, our customers have primarily used our solutions in conjunction with email messaging content. We have developed solutions to address new
and evolving messaging solutions such as social media and file sharing applications, but these solutions are relatively nascent. If customers increase their use of
these new messaging solutions in the future, we anticipate that our growth in revenue associated with older email messaging solutions may slow over time.
Although revenue associated with our social media and file sharing applications has not been material to date, we believe that our ability to provide security,
archiving, governance and discovery for these new solutions will be viewed as valuable by our existing customers, enabling us to derive revenue from these new
forms of messaging and communication.
While the majority of our current and prospective customers run their email systems on premises, we believe that there is a trend for large and mid-
sized enterprises to migrate these systems to the cloud. While our current revenue derived from customers using cloud-based email systems continues to grow as a
percentage of our total revenue, many of these cloud-based email solutions offer some form of threat protection and governance services, potentially mitigating the
need for customers to buy these capabilities from third parties such as ourselves. We believe that we can continue to provide security, archiving, governance, and
discovery solutions that are differentiated from the services offered by cloud-based email providers, and as such our platform will continue to be viewed as valuable
to enterprises once they have migrated their email services to the cloud, enabling us to continue to derive revenue from this new trend toward cloud-based email
deployment models.
With the majority of our business, we invoice our customers for the entire contract amount at the start of the term and these amounts are recorded as
deferred revenue on our balance sheet, with the dollar weighted average duration of these contracts for any given period over the past three years typically ranging
from 14 to 20 months. As a result, while our practice of invoicing customers for the entire amount of the contract at the start of the term provides us with a
relatively immediate contribution to cash flow, the revenue is recognized ratably over the term of the contract, and hence contributions toward operating income are
realized over an extended period. As such, our efforts to improve our profitability require us to invest far less in operating expenses than the cash flow generated by
our business might otherwise allow. As we strive to invest in an effort to continue to increase the size and scale of our business, we expect that the level of
investment afforded by our growth in revenue should be sufficient to fund the investments needed to drive revenue growth and broaden our product line.
Considering all of these factors, we do not expect to be profitable on a GAAP basis in the near term and in order to achieve profitability we will need to
grow revenue at a rate faster than our investments in operating expenses and cost of revenue.
We intend to grow our revenue through acquiring new customers by investing in our sales and marketing activities. We believe that an increase in new
customers in the near term will result in a larger base of renewal customers, which, over time, we expect to be more profitable for us.
41
�Sales and marketing is our largest expense a nd hence a significant contributing factor to our operating losses. We believe that our opportunity to
improve our return on investment on sales and marketing costs relies primarily on our ongoing ability to cost-effectively renew our business with existin g
customers, thereby lowering our overall sales and marketing costs as a percentage of revenue as the mix of revenue derived from this more profitable renewal
activity increases over time. Therefore, we anticipate that our initial significant investments i n sales and marketing activities will, over time, generate a larger base
of more profitable customers. Cost of subscription revenue is also a significant expense for us, and we expect to continue to build on the improvements over the
past years, such as in replacing third-party technology with our proprietary technology and improving the utilization of our fixed investments in equipment and
infrastructure, in order to provide the opportunity for improved subscription gross margins over time. Although we pla n to continue enhancing our solutions, we
intend to lower our rate of investment in research and development as a percentage of revenue over time by deriving additional revenue from our existing solutions
rather than by adding entirely new categories of so lutions. In addition, as personnel costs are one of the primary drivers of the increases in our operating expenses,
we plan to reduce our historical rate of headcount growth over time.
Key Metrics
We regularly review a number of metrics, including the following key metrics presented in the table below, to evaluate our business, measure our
performance, identify trends in our business, prepare financial projections and make strategic decisions. Many of these key metrics, such as non-GAAP gross
margin, billings and free cash flow, are non-GAAP measures. This non-GAAP information is not necessarily comparable to non-GAAP information of other
companies. Users of this financial information should consider the types of events and transactions for which adjustments have been made.
Total revenue
Growth
Gross margin percentage
Non-GAAP gross margin
Billings (non-GAAP)
Growth
Free cash flows (non-GAAP)
Non-GAAP gross margin
2018
Year Ended December 31,
2017
(in thousands)
2016
$
716,994
$
519,681
$
378,337
38%
72%
78%
37%
72%
78%
$
$
875,323
$
638,839
$
37%
38%
155,222
$
106,728
$
43%
71%
76%
463,086
43%
59,828
We define non-GAAP gross margin as non-GAAP gross profit divided by GAAP revenue. We define non-GAAP gross profit as GAAP gross profit,
adjusted to exclude stock-based compensation expense and the amortization of intangibles associated with acquisitions. We consider this non-GAAP financial
measure to be a useful metric for management and investors because it excludes the effect of stock-based compensation expense and the amortization of intangibles
associated with acquisitions so that our management and investors can compare our business operating results over multiple periods, and compare our financial
results with other companies in its industry, many of which present similar non-GAAP financial measure. However, there are a number of limitations related to the
use of non-GAAP gross margin versus gross margin calculated in accordance with GAAP. For example, stock-based compensation has been and will continue to be
for the foreseeable future a significant recurring expense in our business. Stock-based compensation is an important part of our employees’ compensation and
impacts their performance. In addition, the components of the costs that we exclude in our calculation of non-GAAP gross margin may differ from the components
that our peer companies exclude when they report their non-GAAP results. Management compensates for these limitations by providing specific information
regarding the GAAP amounts excluded from non-GAAP gross margin and evaluating non-GAAP gross margin together with gross margin calculated in accordance
with GAAP.
42
�The following table presents the reconciliation of gross margin to Non-GAAP gross margin for the years ended December 31, 2018, 2017 and 2016:
GAAP gross profit
GAAP gross margin
Plus:
Stock-based compensation expense
Amortization of intangible assets
Non-GAAP gross profit
Non-GAAP gross margin
Billings
2018
Year Ended December 31,
2017
(in thousands)
2016
$
515,233
$
376,303
$
269,744
72%
72%
71%
$
16,299
26,971
558,503
$
78%
12,528
14,512
403,343
$
78%
8,921
9,423
288,088
76%
We have included billings, a non‑GAAP financial measure, in this report because it is a key measure used by our management and board of directors to
manage our business and monitor our near term cash flows. We define billings as revenue recognized plus the change in deferred revenue and customer
prepayments less unbilled accounts receivable from the beginning to the end of the period, but excluding additions to deferred revenue from acquisitions. We have
provided reconciliation between total revenue, the most directly comparable GAAP financial measure, and billings. Accordingly, we believe that billings provide
useful information to investors and others in understanding and evaluating our operating results in the same manner as our management and board of directors.
Our use of billings as a non-GAAP measure has limitations as an analytical tool, and you should not consider it in isolation or as a substitute for
revenue or an analysis of our results as reported under GAAP. Some of these limitations are:
•
•
•
Billings is not a substitute for revenue, as trends in billings are not necessarily directly correlated to trends in revenue;
Billings is affected by a combination of factors including the timing of renewals, the sales of our solutions to both new and existing customers,
the relative duration of contracts sold, and the relative amount of business derived from strategic partners. As each of these elements has unique
characteristics in the relationship between billings and revenue, our billings activity is not necessarily closely correlated to revenue; and
Other companies, including companies in our industry, may not use billings, may calculate billings differently, or may use other financial
measures to evaluate their performance ‑ all of which reduce the usefulness of billings as a comparative measure.
Our deferred revenue consists of amounts that have been invoiced but have not been recognized as revenue as of the period end. Customer
prepayments represent billed amounts for which the contract can be terminated and the customer has a right of refund. Unbilled accounts receivable represent
amounts for which we have recognized revenue, pursuant to our revenue recognition policy, for subscription software already delivered and professional services
already performed, but billed in arrears and for which we believe we have an unconditional right to payment.
43
�The following table presents the reconciliation of total revenue to billings for the years ended December 31, 2018, 2017 and 2016:
Total revenue
Deferred revenue and customer prepayments
Ending
Beginning
Net change
Unbilled accounts receivable
Ending
Beginning
Net change
2018
Year Ended December 31,
2017
(in thousands)
2016
$
716,994 $
519,681 $
378,337
605,073
431,371
173,702
1,276
603
(673)
(14,700)
875,323 $
431,371
295,996
135,375
603
486
(117)
(16,100)
638,839 $
295,996
210,397
85,599
486
836
350
(1,200)
463,086
Less: deferred revenue contributed by acquisitions
Billings
$
Free cash flows
We define free cash flow as net cash provided by operating activities minus capital expenditures. We consider free cash flow to be a liquidity measure
that provides useful information to management and investors about the amount of cash generated by the business that, after the acquisition of property and
equipment, can be used for strategic opportunities, including investing in our business, making strategic acquisitions, and strengthening the balance sheet. Analysis
of free cash flow facilitates management’s comparisons of our operating results to competitors’ operating results. A limitation of using free cash flow versus the
GAAP measure of net cash provided by operating activities as a means for evaluating our company is that free cash flow does not represent the total increase or
decrease in the cash balance from operations for the period because it excludes cash used for capital expenditures during the period. Management compensates for
this limitation by providing information about our capital expenditures on the face of the cash flow statement and in the “Liquidity and Capital Resources” section
below.
GAAP cash flows provided by operating activities:
Less:
Purchase of property and equipment
Non-GAAP free cash flows
2018
Year Ended December 31,
2017
(in thousands)
2016
$
184,744 $
153,686 $
94,235
$
(29,522)
155,222 $
(46,958)
106,728 $
(34,407)
59,828
44
�Components of Our Results of Operations
Revenue
We derive our revenue primarily through the license of various solutions and services on our security-as-a-service platform on a subscription basis,
supplemented by the sales of training, professional services and hardware depending upon our customers’ requirements.
Subscription. We license our platform and its associated solutions and services on a subscription basis. The fees are charged on a per user, per year
basis. Subscriptions are typically one to three years in duration. We invoice our customers upon signing for the entire term of the contract. The invoiced non-
cancellable amounts billed in advance are treated as deferred revenue on the balance sheet and are recognized ratably, in accordance with the appropriate revenue
recognition guidelines, over the term of the contract. We also derive a portion of our subscription revenue from the license of our solutions to strategic partners. We
bill these strategic partners monthly. We expect our subscription revenue will continue to grow and remain above 95% of our total revenue.
Hardware and services. We provide hardware appliances as a convenience to our customers and as such it represents a small part of our business. Our
solutions are designed to be implemented, configured and operated without the need for any training or professional services. For those customers that seek to
develop deeper expertise in the use of our solutions or would like assistance with complex configurations or the importing of data, we offer various training and
professional services. We typically invoice the customer for hardware at the time of shipment. We typically invoice customers for services at the time the order is
placed and recognize this revenue as the services are performed. On occasion, customers may retain us for special projects such as archiving import and export
services; these types of services are recognized upon completion of the project. We expect the overall proportion of revenue derived from hardware and service
offerings to generally remain below 5% of our total revenue.
Cost of Revenue
Our cost of revenues consists of cost of subscription revenue and cost of hardware and services revenue. Personnel costs, which consist of salaries,
benefits, bonuses, stock-based compensation, data center costs and hardware costs, are the most significant components of our cost of revenues. We expect
personnel costs to continue to increase in absolute dollars as we hire new employees to continue to grow our business.
Cost of Subscription Revenue. Cost of subscription revenue primarily includes personnel costs, consisting of salaries, benefits, bonuses, and stock-
based compensation, for employees who provide support services to our customers and operate our data centers. Other costs include fees paid to contractors who
supplement our support and data center personnel; expenses related to the use of third-party data centers in both the United States and internationally; depreciation
of data center equipment; amortization of licensing fees and royalties paid for the use of third-party technology; amortization of internally developed intangible
assets; and the amortization of intangible assets acquired through business combinations. Growth in subscription revenue generally consumes production resources,
requiring us to gradually increase our cost of subscription revenue in absolute dollars as we expand our investment in data center equipment, the third-party data
center space required to house this equipment, and the personnel needed to manage this higher level of activity.
Cost of Hardware and Services Revenue . Cost of hardware and services revenue includes personnel costs for employees who provide training and
professional services to our customers as well as the cost of server hardware shipped to our customers that we procure from third parties and configure with our
software solutions.
Operating Expenses
Our operating expenses consist of research and development, sales and marketing, and general and administrative expenses. Personnel costs, which
consist of salaries, benefits, bonuses, and stock-based compensation, are the most significant component of our operating expenses. Our headcount has increased
from 449 employees as of December 31, 2012 to 2,613 employees as of December 31, 2018. As a result of this growth in headcount, operating expenses have
increased significantly over these periods. We expect personnel costs to continue to increase in absolute dollars as we hire new employees to continue to grow our
business.
45
�Research and Development . Research and development expenses include personnel costs, consulting services and depreciation. We believe that these
investments have played an important role in broadening the capabilities of our platform over the cou rse of our operating history, enhancing the relevance of our
solutions in the market in general and helping us to retain our customers over time. We expect to continue to devote substantial resources to research and
development in an effort to continuously improve our existing solutions as well as to develop new offerings. We believe that these investments are necessary to
maintain and improve our competitive position. However, over the longer term, we intend to monitor these costs so as to decrease this sp ending as a percentage of
total revenue. Our research efforts include both software developed for our internal use on behalf of our customers as well as software elements to be used by our
customers in their own facilities. To date, our capitalized costs o n software developed for internal use on behalf of our customers were not material. For the
software developed for use on our customers’ premises, the costs associated with the development work between technological feasibility and the general
availability has not been material and as such we have not capitalized any of these development costs to date.
Sales and Marketing. Sales and marketing expenses include personnel costs, sales commissions, and other costs including travel and entertainment,
marketing and promotional events, public relations and marketing activities. These costs also include amortization of intangible assets as a result of our past
acquisitions. Due to our continued investment in growing our sales and marketing operations, both domestically and internationally, headcount increases were
reflected in higher compensation expense consistent with our revenue growth. Our sales personnel are typically not immediately productive, and therefore the
increase in sales and marketing expenses we incur when we add new sales representatives is not immediately offset by increased revenue and may not result in
increased revenue over the long-term if these new sales people fail to become productive. The timing of our hiring of new sales personnel and the rate at which they
generate incremental revenue will affect our future financial performance. We expect that sales and marketing expenses will continue to increase in absolute dollars
and be among the most significant components of our operating expenses.
General and Administrative . General and administrative expenses consist of personnel costs, consulting services, audit fees, tax services, legal
expenses and other general corporate items. As a result of our operational growth, we expect our general and administrative expenses to increase in absolute dollars
in future periods as we continue to expand our operations and hire additional personnel.
Interest Expense
Interest expense consists of interest income earned on our cash, cash equivalents and short-term investments, the interest expense related to our
convertible senior notes and our capital lease payments.
Other Income (Expense), Net
Other income (expense), net, consists primarily of the net effect of foreign currency transaction gains and losses.
Benefit from (Provision for) Income Taxes
For most of the prior years, our income tax expense or benefit were primarily related to state and foreign income taxes. As we have incurred operating
losses in all periods to date and recorded a full valuation allowance against our deferred tax assets, we had not historically recorded a provision for federal income
taxes. However, in the year ended December 31, 2017, we recognized $0.2 million of deferred tax benefit in the U.S. related to amortization of tax goodwill on
business acquisitions and $12.3 million of deferred tax benefit in the U.S. related to changes in the Company’s valuation allowance resulting from the Cloudmark,
Inc. and WebLife Balance, Inc. business acquisitions. For the year ended December 31, 2018, we recognized $14.7 million of deferred tax benefit in the U.S.
related to changes in the Company’s valuation allowance resulting from the Wombat Security Technologies, Inc. acquisition. Realization of any of our deferred tax
assets depends upon future earnings, the timing and amount of which are uncertain. Utilization of our net operating losses and research and development credits
may be subject to substantial annual limitation due to the ownership change limitations provided by the Internal Revenue Code and similar state provisions.
Analyses have been conducted to determine whether an ownership change had occurred since inception. The analyses have indicated that although ownership
changes have occurred in prior years, the net operating losses and research and development credits would not expire before utilization as a result of the ownership
change. In the event we have subsequent changes in ownership, net operating losses and research and development credit carryovers could be limited and may
expire unutilized as a result of the subsequent ownership change.
46
�Results of Operations
The following table is a summary of our consolidated statements of operations.
2018
Year Ended December 31,
2017
(in thousands)
2016
Revenue:
Subscription
Hardware and services
Total revenue
Cost of revenue:(1)
Subscription
Hardware and services
Total cost of revenue
Gross profit
Operating expense:(1)
Research and development
Sales and marketing
General and administrative
Total operating expense
Operating loss
Interest expense
Other (expense) income, net
Loss before income taxes
$
704,400 $
12,594
716,994
506,355 $
13,326
519,681
180,253
21,508
201,761
515,233
185,391
345,368
86,185
616,944
(101,711)
(14,168)
(1,102)
(116,981)
13,232
(103,749) $
125,832
17,546
143,378
376,303
129,803
248,694
52,735
431,232
(54,929)
(25,597)
774
(79,752)
9,950
(69,802) $
367,494
10,843
378,337
94,716
13,877
108,593
269,744
98,506
189,324
52,774
340,604
(70,860)
(23,538)
(1,103)
(95,501)
(986)
(96,487)
Benefit from (provision for) income taxes
Net loss
$
The following table sets forth our consolidated results of operations for the specified periods as a percentage of our total revenue for those periods.
Revenue:
Subscription
Hardware and services
Total revenue
Cost of revenue:(1)
Subscription
Hardware and services
Total cost of revenue
Gross profit
Operating expense:(1)
Research and development
Sales and marketing
General and administrative
Total operating expense
Operating loss
Interest expense
Other (expense) income, net
Loss before income taxes
Benefit from (provision for) income taxes
Net loss
(1)
Includes stock-based compensation and amortization of intangible assets as follows:
47
2018
Year Ended December 31,
2017
2016
98%
2
100
25
3
28
72
26
48
12
86
(14)
(2)
—
(16)
2
(14)%
97%
3
100
24
4
28
72
25
47
10
82
(10)
(5)
—
(15)
2
(13)%
97%
3
100
25
4
29
71
26
50
14
90
(19)
(6)
—
(25)
—
(25)%
�Stock-based compensation:
Cost of subscription revenue
Cost of hardware and services revenue
Research and development
Sales and marketing
General and administrative
Amortization of intangible assets:
Cost of subscription revenue
Research and development
Sales and marketing
Revenue
Subscription
Hardware and services
Total revenue
2018
Year Ended December 31,
2017
(in thousands)
2016
$
$
$
$
$
$
$
$
14,012 $
2,287 $
40,204 $
50,320 $
35,885 $
26,971 $
45 $
14,141 $
10,635 $
1,893 $
30,588 $
33,962 $
20,382 $
14,512 $
60 $
3,934 $
7,427
1,494
24,342
28,607
16,826
9,423
60
4,938
Year Ended
December 31,
Change
Year Ended
December 31,
$
2018
2017
(in thousands)
$ 704,400 $ 506,355 $ 198,045
(732)
$ 716,994 $ 519,681 $ 197,313
13,326
12,594
%
2017
2016
(in thousands)
Change
$
%
39% $ 506,355 $ 367,494 $ 138,861
(5)%
2,483
38% $ 519,681 $ 378,337 $ 141,344
10,843
13,326
38%
23%
37%
Subscription revenue increased $198.0 million and $138.9 million, or 39% and 38%, respectively, for 2018 and 2017. These increases were due to a
$153.1 million and $115.1 million increase in revenue from the United States and, a $44.9 million and $23.8 million increase from international customers for 2018
and 2017, respectively.
The increases in subscription revenue for 2018 and 2017 were due to the ongoing demand for our advanced threat and compliance solutions, increase
in add-on activity and renewal rate being higher than 90%. Our enterprise customer count, which consists of customers that generate more than $10,000 in annual
recurring revenue, increased from approximately 4,400 at the end of 2017 to approximately 6,100, or 39%, at the end of 2018. The Wombat acquisition added
approximately 550 customers that were only using Wombat products at the time of the acquisition on February 28, 2018. Our enterprise customer count increased
from approximately 3,600 at the end of 2016 to approximately 4,400, or 22%, at the end of 2017. The revenue recognized from acquired deferred revenue related to
the acquisitions we made was $20.8 million, $3.2 million and $2.7 million in 2018, 2017 and 2016, respectively. The change in subscription revenue due to pricing
was not significant for either period.
Hardware and services revenue for 2018 decreased $0.7 million or 5%, as compared to 2017, primarily due to lower professional service revenue. The
increase in hardware and services revenue in 2017 as compared to 2016 was $2.5 million, or 23%, primarily due to an increase in configuration and installation
service revenue.
Cost of Revenue
Subscription
Hardware and services
Total cost of revenue
Year Ended
December 31,
Change
Year Ended
December 31,
%
2017
2016
(in thousands)
Change
$
%
43% $ 125,832 $ 94,716 $
13,877
23%
41% $ 143,378 $ 108,593 $
17,546
31,116
3,669
34,785
33%
26%
32%
$
2018
2017
(in thousands)
$ 180,253 $ 125,832 $ 54,421
3,962
$ 201,761 $ 143,378 $ 58,383
21,508
17,546
48
�Cost of subscription revenue increased $54.4 million, or 43%, in 2018 as compared to 2017, and $31.1 million, or 33%, in 2017 as compared to 2016.
The increases were primarily due to i ncreases in operations-related expense of $35.4 million and $21.1 million, respectively, due to increased headcount,
depreciation expense as a result of higher capital expenditures to support our growth, and larger amortization of intangible assets expense of developed technology
from recent acquisitions. Additionally, support-related expenses increased $13.3 million and $8.4 million, respectively, primarily due to higher headcount and
consulting costs. Data center costs increased $5.3 million and $1.8 mill ion, respectively, primarily due to subscription revenue growth in our cloud-based
solutions.
Cost of hardware and services revenue for 2018 and 2017 increased $4.0 million and $3.7 million, or 23% and 26%, respectively, as compared to the
year before, primarily due to an increase in professional service costs as our headcount increased.
Operating Expenses
Research and development
Percent of total revenue
Year Ended
December 31,
2018
2017
(in thousands)
Change
Year Ended
December 31,
$
%
2017
$ 185,391
$ 129,803
$ 55,588
43% $ 129,803
26%
25%
25%
26%
2016
(in thousands)
$ 98,506
Change
$
%
$ 31,297
32%
Research and development expenses increased $55.6 million and $31.3 million, or 43% and 32%, for 2018 and 2017, respectively. The increases were
primarily due to increases in personnel-related costs of $46.1 million and $25.3 million for 2018 and 2017, respectively, from higher headcount, including those
from the integration of the acquisitions in 2018 and 2017. Additionally, corporate expense allocated to research and development increased $7.9 million and $5.8
million for 2018 and 2017, respectively, primarily due to higher costs from expanded operations, higher allocated costs from facilities, human resources and IT-
related expense as we grew year-over-year. Outside service expenses increased $1.0 million and travel related expenses increased $0.4 million in 2018.
Sales and marketing
Percent of total revenue
Year Ended
December 31,
2018
$ 345,368
2017
(in thousands)
$ 248,694
Change
$
%
Year Ended
December 31,
2017
2016
(in thousands)
Change
$
%
$ 96,674
39% $ 248,694
$ 189,324
$ 59,370
31%
48%
47%
47%
50%
Sales and marketing expenses increased $96.7 million and $59.4 million, or 39% and 31%, for 2018 and 2017, respectively. The increase in headcount
on a worldwide basis and increase in revenue resulted in increased personnel-related and commissions costs of $65.8 million and $47.4 million, for 2018 and 2017,
respectively. Travel expenses increased $4.5 million in 2018 and $3.8 million in 2017. Corporate and facilities expenses allocated to sales and marketing increased
$6.1 million in 2018 and $4.5 million in 2017 due to costs related to our acquisitions and higher allocated costs as the company expanded. Marketing expenses
related to lead generation, trade shows, advertising and other initiatives increased $8.0 million in 2018 and $4.1 million in 2017. Amortization expense of acquired
intangible assets increased $10.2 million in 2018.
General and administrative
Percent of total revenue
Year Ended
December 31,
2018
$ 86,185
2017
(in thousands)
$ 52,735
Change
Year Ended
December 31,
$
%
2017
$ 33,450
63% $ 52,735
2016
(in thousands)
$ 52,774
Change
$
%
(39)
(0)%
$
14%
12%
10%
10%
49
�General and adm inistrative expenses increased $33.5 million, or 63%, in 2018 as compared to 2017. The change in general and administrative
expenses in 2017 was not material as compared to 2016. Personnel-related costs increased $25.6 million and $9.2 million for 2018 and 2017, respectively, to
support our continued growth as a public company and business acquisitions in 2018 and 2017. Corporate and facilities expense increased $2.1 million and $1.3
million for 2018 and 2017, respectively, primarily due to an increased in headcount. Outside consulting and audit costs increased $1.8 million and $3.5 million for
2018 and 2017, respectively, primarily due to the adoption of new accounting standards , investments in ERP system and other business applications to support the
Compa ny’s growth . Acquisition related costs increased $1.8 million in 2018 primarily due to the business acquisitions made. The change in fair value of
acquisition-related contingent consideration liability and acquisition-related expenses decreased general and administrative expense by $0.9 million and $0.8
million for 2017. Legal expense increased $1.4 million in 2018; and decreased $12.9 million in 2017, primarily due to the timing of litigation and settlement costs
related to the lawsuit and settlement with Finjan, Inc. On June 3, 201 6 , we executed a Confidential Patent License, Settlement and Release Agreement with Finjan,
Inc.
Interest Expense
Interest expense
Year Ended
December 31,
Change
Year Ended
December 31,
2018
2017
(in thousands)
$ (14,168) $ (25,597) $ 11,429
$
%
2017
2016
(in thousands)
(45)% $ (25,597) $ (23,538) $
(2,059)
9%
Change
$
%
Total net interest expense decreased $11.4 million in 2018, primarily due to decreases in accretion expense and cash interest expense of $13.4 million
and $3.0 million, respectively, due to conversions of the 1.25% Notes in 2017 and 0.75% Notes in the third quarter of 2018, offset by a $4.5 million increase in loss
on conversion of the Notes (see Note 9 “Convertible Senior Notes” to the Consolidated Financial Statements).
Total net interest expense increased $2.1 million in 2017, primarily due to a $2.7 million loss on conversion of the 1.25% Notes in 2017, and a $0.9
million increase in amortization of debt issuance costs and accretion of debt discount, partially offset by a $1.4 million increase in interest income from short-term
investments and cash balances.
Other Income (Expense), Net
Year Ended
December 31,
2018
2017
(in thousands)
Change
Year Ended
December 31,
$
%
2017
2016
(in thousands)
Change
$
%
Other income (expense), net
$
(1,102) $
774 $
(1,876)
(242)% $
774 $
(1,103) $
1,877
(170)%
The changes in other income (expense), net for 2018 and 2017 were primarily due to U.S. Dollar translation rate losses or gains on cash and cash
equivalents held in foreign currencies, in particular the Euro, the Japanese Yen, the British Pound and the Canadian Dollar.
Benefit From (Provision For) Income Taxes
Benefit from (provision
for) income taxes
$ 13,232 $
9,950 $
3,282
33% $
9,950 $
(986) $
10,936
1,109%
Year Ended
December 31,
2018
2017
(in thousands)
Change
Year Ended
December 31,
$
%
2017
2016
Change
$
(in thousands)
%
50
�Total benefit from income taxes increased $3.3 million in 2018 as compared to 2017. The increase was primarily due to a $14.7 million of deferred tax
benefit in the U.S. related to changes in the Company’s valuation allowance resulting from the business acquired in 2018 as compared to a $12.3 million benefit
from the businesses acquired in 2017 and a $1. 1 million benefit for U.K. research and development credits recorded in 2018. Total benefit from income taxes
increased $10.9 million in 2017 as compared to 2016. The increase was primarily due to a $12.3 million deferred tax benefit in the U.S. related to changes in the
Company’s valuation allowance resulting from the businesses acquired in 2017 and a $2.0 million deferred tax benefit related to the 2017 Tax Cuts and Jobs Act
(the “Tax Act”), offset by a $2.0 million increase in foreign tax expense due to an increase in spending in certain foreign subsidiaries who operate on a cost-plus
basis.
Quarterly Results of Operations
The following table sets forth our unaudited quarterly consolidated statements of operations data for each of the eight quarters in the period ended
December 31, 2018. We have prepared the quarterly data on a basis consistent with our audited annual financial statements, including, in the opinion of
management, all normal recurring adjustments necessary for the fair statement of the financial information contained in these statements. The historical results are
not necessarily indicative of future results and should be read in conjunction with our consolidated financial statements and the related notes included elsewhere in
this Annual Report on Form 10-K.
Consolidated Statements
of Operations Data:
Revenue:
Subscription
Hardware and services
Total revenue
Cost of revenue:(1)
Subscription
Hardware and services
Total cost of revenue
Gross profit
Operating expense:(1)
Research and development
Sales and marketing
General and administrative
Total operating expense
Operating loss
Interest income (expense)
Other (expense) income, net
Loss before income taxes
(Provision for) benefit from income
taxes
Net loss
Net loss per share, basic
and diluted
Weighted average shares
outstanding, basic and diluted
Dec. 31,
2018
Sept. 30,
2018
June 30,
2018
Three Months Ended
Dec. 31,
2017
Mar. 31,
2018
Sept. 30,
2017
June 30,
2017
Mar. 31,
2017
(in thousands, except per share amounts)
$ 195,089 $ 181,505 $ 169,019 $ 158,787 $ 144,027 $ 130,534 $
3,390
198,479
2,674
184,179
2,856
171,875
3,674
162,461
2,892
146,919
4,152
134,686
118,703 $
3,738
122,441
113,091
2,544
115,635
46,758
6,237
52,995
145,484
48,215
92,554
25,754
166,523
(21,039)
937
(387)
(20,489)
45,679
5,258
50,937
133,242
45,917
90,006
23,877
159,800
(26,558)
(9,097)
(425)
(36,080)
45,618
5,154
50,772
121,103
47,527
84,911
19,029
151,467
(30,364)
(3,187)
(633)
(34,184)
42,198
4,859
47,057
115,404
43,732
77,897
17,525
139,154
(23,750)
(2,821)
343
(26,228)
35,937
4,561
40,498
106,421
35,414
66,242
16,512
118,168
(11,747)
(8,050)
(110)
(19,907)
31,211
4,800
36,011
98,675
32,477
66,406
13,388
112,271
(13,596)
(5,733)
829
(18,500)
30,363
4,130
34,493
87,948
32,306
60,126
12,348
104,780
(16,832)
(5,848)
184
(22,496)
28,321
4,055
32,376
83,259
29,606
55,920
10,487
96,013
(12,754)
(5,966)
(129)
(18,849)
(746)
(21,235) $
$
20
(36,060) $
(114)
(34,298) $
14,072
(12,156) $
13,360
(6,547) $
(977)
(19,477) $
(999)
(23,495) $
(1,434)
(20,283)
$
(0.39) $
(0.69) $
(0.67) $
(0.24) $
(0.14) $
(0.44) $
(0.54) $
(0.47)
54,805
52,184
50,935
50,504
45,424
44,418
43,890
43,230
(1)
Includes stock-based compensation expense and amortization of intangible assets as follows:
51
�Stock-based compensation:
Cost of subscription revenue
Cost of hardware and
services revenue
Research and development
Sales and marketing
General and administrative
Total stock-based compensation
expenses
Amortization of intangible assets:
Cost of subscription revenue
Research and development
Sales and marketing
Total amortization of
intangible assets
Dec. 31,
2018
Sept. 30,
2018
June 30,
2018
Three Months Ended
Dec. 31,
2017
Mar. 31,
2018
(in thousands)
Sept. 30,
2017
June 30,
2017
Mar. 31,
2017
$
3,610 $
3,503 $
3,448 $
3,451 $
2,520 $
2,876 $
2,863 $
2,376
651
10,505
13,245
11,732
474
9,678
13,191
11,250
571
9,986
12,382
7,410
591
10,035
11,502
5,493
492
7,991
8,892
5,350
493
7,803
8,943
5,222
469
7,744
8,230
5,198
439
7,050
7,897
4,612
$
39,743 $
38,096 $
33,797 $
31,072 $
25,245 $
25,337 $
24,504 $
22,374
$
6,830 $
—
3,762
7,121 $
15
3,982
7,244 $
15
3,982
5,776 $
15
2,415
4,945 $
15
1,143
3,190 $
15
875
3,189 $
15
949
3,188
15
967
$
10,592 $
11,118 $
11,241 $
8,206 $
6,103 $
4,080 $
4,153 $
4,170
The following unaudited table sets forth our consolidated results of operations data as a percentage of total revenue.
Dec. 31,
2018
Sept. 30,
2018
June 30,
2018
Mar. 31,
2018
Dec. 31,
2017
Sept. 30,
2017
June 30,
2017
Mar. 31,
2017
Three Months Ended
Consolidated Statements of
Operations Data:
Revenue:
Subscription
Hardware and services
Total revenue
Cost of revenue:
Subscription
Hardware and services
Total cost of revenue
Gross profit
Operating expense:
Research and development
Sales and marketing
General and administrative
Total operating expense
Operating loss
Interest expense
Other (expense) income, net
Loss before income taxes
Benefit from (provision
for) income taxes
Net loss
98%
2
100
99%
1
100
98%
2
100
98%
2
100
98%
2
100
97%
3
100
97%
3
100
98%
2
100
24
3
27
73
24
47
13
84
(11)
1
—
(10)
25
3
28
72
25
49
13
87
(15)
(5)
—
(20)
27
3
30
70
28
49
11
88
(18)
(2)
—
(20)
26
3
29
71
27
48
11
86
(15)
(1)
—
(16)
25
3
28
72
24
45
11
80
(8)
(5)
—
(13)
23
4
27
73
24
49
10
83
(10)
(4)
1
(13)
25
3
28
72
26
49
10
85
(13)
(5)
—
(18)
24
4
28
72
26
48
9
83
(11)
(5)
—
(16)
(1)
(11)%
—
(20)%
—
(20)%
9
(7)%
9
(4)%
(1)
(14)%
(1)
(19)%
(1)
(17)%
52
�Liquidity and Capital Resources
As of December 31, 2018, we had $185.4 million in cash and cash equivalents and $46.3 million in short-term investments, for a total of $231.7
million. Also refer to Note 9 “Convertible Senior Notes” to the consolidated financial statements for discussion of the Notes.
We plan to grow our customer base by continuing to emphasize investments in sales and marketing to add new customers, expand our customers’ use
of our platform, and maintain high renewal rates. We also expect to incur additional cost of subscription revenue in accordance with the resulting growth in our
customer base. We believe that the combination of our ongoing improvements in gross margins, the benefits of lower sales and marketing costs associated with our
renewal activity, and the fact that our contracts are structured to bill our customers in advance should enable us to improve our cash flow from operations as we
grow. Based on our current level of operations and anticipated growth, both of which are expected to be consistent with recent quarters, we believe that our existing
sources of liquidity will be sufficient to fund our operations for at least the next 12 months. Our future capital requirements will depend on many factors, including
our rate of revenue growth, the expansion of our sales and marketing activities, and the timing and extent of spending to support product development efforts and
expansion into new territories, and the timing of introductions of new features and enhancements to our solutions. To the extent that existing cash and cash
equivalents and cash from operations are insufficient to fund our future activities, we may need to raise additional funds through public or private equity or debt
financing. We have invested, and plan to continue investing in acquiring complementary businesses, applications and technologies, and may continue to make such
investments in the future, any of which could also require us to seek equity or debt financing. Additional funds may not be available on terms favorable to us or at
all.
As of December 31, 2018, the amount of cash and cash equivalents held by our foreign subsidiaries was $22.3 million, including intercompany
receivable balances. If these funds were needed for our operations in the United States, we would be required to withhold foreign taxes on the funds repatriated of
approximately $0.5 million. We have not recorded a liability for these taxes, as it is our intention that the majority of these funds are indefinitely reinvested outside
the United States and our current plans do not demonstrate a need to repatriate these funds to our United States operations.
Due to negative earnings and profits in our foreign subsidiaries, we have not recorded a provisional tax liability relating to the one-time mandatory
transition tax imposed by the Tax Act on our accumulated foreign earnings. As the Tax Act also eliminates U.S. taxes on foreign subsidiary distributions, future
earnings in foreign jurisdictions will be available for distribution to the U.S. without incremental U.S. taxes.
Cash Flows
The following table sets forth a summary of our consolidated cash flows for the periods indicated:
Net cash provided by operating activities
Net cash used in investing activities
Net cash used in financing activities
Net Cash Flows Provided by Operating Activities
2018
Years Ended
December 31,
2017
(in thousands)
2016
$
$
$
184,744 $
(250,664) $
(33,861) $
153,686 $
(190,427) $
(23,212) $
94,235
(89,192)
(5,238)
Our net loss and cash flows from operating activities are significantly influenced by our investments in headcount and data center operations to support
anticipated growth. Our cash flows are also influenced by cash payments from customers. We invoice customers for the entire contract amount at the start of the
term, and as such our cash flow from operations is also affected by the length of a customer contract.
Net cash provided by operating activities was $184.7 million in 2018 as compared to $153.7 million in 2017. The increase of $31.0 million was
primarily due to:
•
•
An increase in amortization of intangible assets of $22.7 million due to acquired businesses, and an increase in depreciation of fixed assets of
$8.8 million due to an increase in capital expenditures;
An increase in stock-based compensation expense of $45.2 million due to the increase in headcount and grants made;
53
�•
•
•
•
An increase in a mortization of deferred commissions of $8.6 million due to an increase in revenue;
An increase in loss on conversion of convertible notes of $4.5 million due to their conversion (see Note 9 “Convertible Senior Notes” to the
Consolidated Financial Statements);
An increase in accounts payable and accrued liabilities changes of $10.0 million and $2.6 million, respectively, due to the timing of
compensation and other payments;
An increase in deferred revenue change of $38.9 million due to higher billings;
The increase was offset by a $33.9 million increase in net loss, $13.4 million decrease in amortization of debt issuance costs and accretion of debt
discount due to the conversion of the convertible notes in 2017 and 2018 (see Note 9 “Convertible Senior Notes” to the Consolidated Financial Statements), an
increase in accounts receivable change of $50.1 million, and an increase in deferred commissions change of $20.3 million due to higher billings.
Net cash provided by operating activities was $153.7 million in 2017 as compared to $94.2 million in 2016. The increase of $59.5 million was
primarily due to:
•
•
•
•
•
•
•
A $26.7 million decrease in net loss;
An increase in amortization of intangible assets of $4.1 million due to acquired businesses, and an increase in depreciation of fixed assets of $6.5
million due to an increase in capital expenditures;
Stock-based compensation expense increased $18.8 million due to the increase in headcount and grants made;
Amortization of deferred commissions increased $5.8 million due to an increase in revenue;
Loss on conversion of convertible notes increased $2.7 million due to their conversion in 2017 (see Note 9 “Convertible Senior Notes” to the
Consolidated Financial Statements);
An increase in accrued liabilities change of $8.5 million due to the timing of compensation and other payments;
An increase in deferred revenue change of $32.0 million due to higher billings;
The increase was offset by a deferred income tax expense change of $16.1 million primarily related to a $12.3 million decrease in valuation allowance
due to the business acquisitions made in 2018 and $2.0 million benefit due to the U.S. 2017 Tax Cuts and Job Act, an increase in accounts receivable change of
$13.0 million, an increase in deferred commissions change of $8.5 million due to higher billings, and a $5.9 million decrease in accounts payable change due to the
timing of the payments.
Net Cash Flows Used in Investing Activities
Our primary investing activities consisted of acquisitions of businesses, capital expenditures in support of expanding our infrastructure and workforce
and the purchase and sale of short-term investments. As our business grows, we expect our capital expenditures and our investment activity to continue to increase.
We may also target other companies for acquisition.
Net cash used in investing activities was $250.7 million in 2018 as compared to $190.4 million in 2017. The increase in cash used of $60.3 million was
due to an increase in business acquisition cost of $68.4 million, a $36.5 million decrease in maturities of short-term investments, and a decrease in receipts from
escrow account of $2.7 million, offset by an increase in proceeds from sales of short-term investments of $11.9 million, a decrease in purchase of short-term
investments of $18.1 million, and decrease in capital expenditures of $17.4 million.
Net cash used in investing activities was $190.4 million in 2017 as compared to $89.2 million in 2016. The increase in cash used of $101.2 million was
due to an increase in business acquisition cost of $101.2 million, a $20.8 million decrease in maturities of short-term investments, an increase in capital
expenditures of $12.6 million for infrastructure expansion and daily operations, offset by $17.9 million decrease in payments for short-term investments, $9.6
million paid to escrow account due to the Return Path acquisition in 2016, and by an increase in receipts from escrow account of $5.8 million.
54
�Net Cash Flows Used in Financing Activities
Net cash used in financing activities was $33.9 million in 2018 as compared to $23.2 million in 2017. The increase in cash used of $10.7 million was
primarily due to a $17.9 million increase in withholding taxes paid related to restricted stock unit net share settlement, offset by a $1.9 million increase in proceeds
from common stock issuance related to employee stock plans, and $5.5 million decrease in contingent consideration payment.
Net cash used in financing activities was $23.2 million in 2017 as compared to $5.2 million in 2016. The increase in cash used of $18.0 million was
primarily due to a $17.2 million increase in withholding taxes paid related to restricted stock unit net share settlement, a $6.1 million increase in contingent
consideration payment, partially offset by a $3.9 million increase in proceeds from common stock issuance related to employee stock plans, and $1.4 million paid
in 2017 to release an indemnification holdback liability incurred in connection with the Abaca Technology Corporation acquisition in July 2013.
Contractual Obligations and Commitments
The following table summarizes our contractual obligations as of December 31, 2018 (in thousands):
Operating lease obligations (1)
Purchase obligations (2)
Total (3)
Payment Due by Period
Total (5)
$
$
232,347 $
27,458
259,805 $
Less Than
1 Year
1-3 Years
3-5 Years
More than 5
years
25,313 $
22,807
48,120 $
36,690 $
4,651
41,341 $
41,190 $
—
41,190 $
129,154
—
129,154
(1)
(2)
(3)
Consists of contractual obligations under operating leases for office space and data centers.
Consists of minimum purchase commitment of products and services. Obligations under contracts that we can cancel without a significant penalty were not included in the table above.
As we are unable to reasonably predict the timing of settlement of liabilities related to unrecognized tax benefits, net, the table does not include $4.3 million of such non-current liabilities
included in Other long-term liabilities recorded on our consolidated balance sheet as of December 31, 2018.
Off-Balance Sheet Arrangements
During the periods presented, we did not have, nor do we currently have, any relationships with unconsolidated entities or financial partnerships, such
as entities often referred to as structured finance or special purpose entities, which would have been established for the purpose of facilitating off-balance sheet
arrangements or other contractually narrow or limited purposes. We are therefore not exposed to any financing, liquidity, market or credit risk that could arise if we
had engaged in those types of relationships.
Under the indemnification provisions of our standard customer agreements, we agree to indemnify, defend and hold harmless our customers against,
among other things, infringement of any patents, trademarks or copyrights under any country’s laws or the misappropriation of any trade secrets arising from the
customer’s legal use of our solutions. Certain indemnification provisions potentially expose us to losses in excess of the aggregate amount paid to us by the
customer under the applicable customer agreement. No material claims have been made against us pursuant to these indemnification provisions to date.
Critical Accounting Policies and Estimates
Our management’s discussion and analysis of our financial condition and results of operations are based on our consolidated financial statements,
which have been prepared in accordance with GAAP. GAAP requires us to make certain estimates and judgments that can affect the reported amounts of assets and
liabilities, the disclosure of contingencies, and the reported amounts of revenue and expenses. We base our estimates on historical experience and on various other
assumptions that we believe to be reasonable under the circumstances, the results of which form the basis for making judgments about the carrying values of assets
and liabilities. If actual results or events differ materially from those contemplated by us in making these estimates, our reported financial condition and results of
operations for future periods could be materially affected. See “Risk Factors” for certain matters that may affect our future financial condition or results of
operations. An accounting policy is deemed to be critical if it requires an accounting estimate to be made based on assumptions about matters that are uncertain at
the time the estimate is made, if different estimates reasonably could have been used, or if the changes in estimate that are reasonably likely to occur could
materially impact the financial statements.
55
�Our significant accounting policies, in cluding those considered to be critical accounting policies, are summarized in Note 1 “The Company and
Summary of Significant Accounting Policies” to the accompanying consolidated financial statements in this report. The following critical accounting polic ies
reflect significant judgments and estimates used in the preparation of our consolidated financial statements:
•
•
•
•
•
•
•
Revenue recognition;
Deferred commissions;
Stock-based compensation expense;
Fair value of assets acquired and liabilities assumed in business combinations;
Impairment assessment of goodwill, intangible assets and other long-lived assets
Loss contingencies; and
Recognition and measurement of current and deferred income taxes.
Revenue Recognition
The Company derives its revenue primarily from: (1) subscription service revenue; (2) subscription software revenue, and (3) hardware and services,
which include professional service and training revenue provided to customers related to their use of the platform. Subscription service revenue is derived from a
subscription-based enterprise licensing model with contract terms typically ranging from one to three years, and consists of (1) subscription fees from the licensing
of the Company’s security-as-a-service platform and it’s various components, (2) subscription fees for software with support and related future updates where the
software updates are critical to the customers’ ability to derive benefit from the software due to the fast changing nature of the technology. These function together
as one performance obligation, and (3) subscription fees for the right to access the Company’s customer support services for software with significant standalone
functionality and support services for hardware. Subscription software revenue is primarily derived from term-based software that is deployed on the customers’
own servers and has significant standalone functionality, is recognized upon transfer of control to the customer.
Most of the Company’s contracts with customers contain multiple performance obligations. Determining whether products and services are considered
distinct performance obligations that should be accounted for separately versus together may require judgment. For these contracts, we account for individual
performance obligations separately if they are distinct. The transaction price is allocated to individual performance obligation on a relative standalone selling price
basis. The transaction price allocated to subscription services and subscription software that does not have significant standalone functionality is determined by
considering factors such as historical pricing practices, and the selling price of hardware and professional services is estimated using a cost plus model. The selling
price for support of a functional subscription software license is calculated as a percentage of functional subscription software license value which is derived by
analyzing internal pricing practice, customer expectations, and industry practice.
Deferred Commissions
We capitalize sales commissions and associated payroll taxes paid to internal sales personnel, and referral fees paid to independent third-parties, that
are incremental to the acquisition of customer contracts. These costs are recorded as deferred commissions on the consolidated balance sheets. We determine
whether costs should be deferred based on sales compensation plans, if the commissions are incremental and would not have occurred absent the customer contract.
Sales commissions for renewal of a subscription contract are not considered commensurate with the commissions paid for the acquisition of the initial subscription
contract given the substantive difference in commission rate between new and renewal contracts. Commissions paid upon the initial acquisition of a contract are
amortized over an estimated period of benefit of five years while commissions paid related to renewal contracts are amortized over a contractual renewal period.
Amortization is recognized based on the expected future revenue streams under the customer contracts. Amortization of deferred sales commissions is included in
sales and marketing expense in the accompanying consolidated statements of operations. We determine the period of benefit for commissions paid for the
acquisition of the initial subscription contract by taking into consideration its initial estimated customer life and the technological life of the Company’s software
and related significant features.
56
�Stock-Based Compensation Expense
We use the Black-Scholes option valuation model to estimate the fair value of stock options and ESPP shares. This valuation model requires the input
of highly subjective assumptions, the most significant of which is our estimates of expected volatility and the expected term of the award.
Starting January 1, 2016, the expected volatility of our common stock is based on the Company’s historical volatility. Prior to January 1, 2016, the
common stock price volatility was determined based on the historical average volatilities of the common stock of a group of publicly-traded peer companies that
operated in a similar industry as the Company did not have sufficient trading history for its common stock.
The expected life of options granted has been determined utilizing the “simplified” method as permitted by the SEC. The risk-free interest rate is based
on a daily treasury yield curve rate whose term is consistent with the expected life of the stock options. We have not, historically, paid and, in the future, do not
anticipate paying cash dividends on our shares of common stock and therefore, the expected dividend yield is assumed to be zero.
Fair Value of Assets Acquired and Liabilities Assumed in Business Combinations
In each of our acquisitions, we used the purchase method of accounting which requires us to allocate the fair value of the total consideration transferred
to tangible and identifiable intangible assets acquired and liabilities assumed based on their estimated fair values on the date of the acquisition, with the difference
between the net assets acquired and the total consideration transferred recorded as goodwill. The fair values assigned, defined as the price that would be received to
sell an asset or paid to transfer a liability in an orderly transaction between willing market participants, are based on significant estimates and assumptions
determined by management. These estimates and assumptions are inherently uncertain and subject to refinement, as a result, during the adjustment period, which
may be up to one year from the acquisition date, we may record adjustments to the assets acquired or liabilities assumed with any corresponding offset to goodwill.
Upon conclusion of the measurement period or final determination of the values of assets acquired or liabilities assumed, whichever comes first, any subsequent
adjustments are recorded within our consolidated statements of operations.
We used either the discounted cash flow method, the replacement cost method or the relief from royalty method to assign fair values to acquired
identifiable intangible assets. These methods require significant management judgment to forecast future operating results and establish residual growth rates,
royalty rates and discount factors. These models are based on reasonable estimates and assumptions given available facts and circumstances, including industry
estimates and averages, as of the acquisition dates and are consistent with the plans and estimates that we use to manage our business. If the subsequent actual
results and updated projections of the underlying business activity change compared with the estimates and assumptions used to develop these values, we could
experience impairment charges. In addition, we have estimated the economic lives of certain acquired assets and these lives are used to calculate depreciation and
amortization expense. If our estimates of the economic lives change, depreciation or amortization expenses could be accelerated or slowed.
Accounting for business combinations requires our management to make significant estimates and assumptions, especially at the acquisition date
including our estimates for intangible assets, contractual obligations assumed, restructuring liabilities, pre-acquisition contingencies and contingent consideration,
where applicable. Although we believe the assumptions and estimates we have made in the past have been reasonable and appropriate, they are based in part on
historical experience and information obtained from the management of the acquired companies and are inherently uncertain.
Examples of critical estimates in valuing certain of the intangible assets we have acquired include but are not limited to:
•
•
•
•
•
future expected cash flows from our revenue streams;
cost to build the acquired technology;
royalty rates;
the acquired company’s brand and competitive position, as well as assumptions about the period of time the acquired brand will continue to be
used in the combined company’s product portfolio; and
discount rates.
57
�Unanticipated events and circumstances may occur that may affect the accuracy or validity of such assumptions, estimat es or actual results.
For a given acquisition, we may identify certain pre-acquisition contingencies as of the acquisition date and may extend our review and evaluation of
these pre-acquisition contingencies throughout the measurement period in order to obtain sufficient information to assess whether we include these contingencies as
a part of the fair value estimates of assets acquired and liabilities assumed and, if so, to determine their estimated amounts.
If we cannot reasonably determine the fair value of a pre-acquisition contingency (non-income tax related) by the end of the measurement period,
which is generally the case given the nature of such matters, we will recognize an asset or a liability for such pre-acquisition contingency if: (i) it is probable that an
asset existed or a liability had been incurred at the acquisition date and (ii) the amount of the asset or liability can be reasonably estimated. Subsequent to the
measurement period, changes in our estimates of such contingencies will affect earnings and could have a material effect on our results of operations and financial
position.
In addition, uncertain tax positions and tax related valuation allowances assumed in connection with a business combination are initially estimated as
of the acquisition date. We reevaluate these items quarterly based upon facts and circumstances that existed as of the acquisition date with any adjustments to our
preliminary estimates being recorded to goodwill if identified within the measurement period. Subsequent to the measurement period or our final determination of
the tax allowance’s or contingency’s estimated value, whichever comes first, changes to these uncertain tax positions and tax related valuation allowances will
affect our provision for income taxes in our consolidated statements of operations and could have a material impact on our results of operations and financial
position.
Goodwill, Intangible Assets and Other Long-Lived Assets - Impairment Assessments
We review goodwill for impairment annually and whenever events or changes in circumstances indicate its carrying value may not be recoverable. For
the purposes of impairment testing, we have determined that we have one reporting unit. We perform the two-step impairment test, whereby we compare the fair
value of the reporting unit to its carrying value. If the fair value of the reporting unit exceeds the carrying value of the net assets assigned to that unit, goodwill is
not considered impaired and we are not required to perform further testing. If the carrying value of the net assets assigned to the reporting unit exceeds the fair
value of the reporting unit, then we must perform the second step of the impairment test in order to determine the implied fair value of the reporting unit’s
goodwill. If the carrying value of a reporting unit’s goodwill exceeds its implied fair value, then we would record impairment loss equal to the difference. No
impairment has been noted to date.
We periodically review the carrying amounts of intangible assets and other long-lived assets for impairment whenever events or changes in
circumstances indicate that the carrying value of these assets may not be recoverable. We measure the recoverability of these assets by comparing the carrying
amount of such assets (or asset group) to the future undiscounted cash flow we expect the assets (or asset group) to generate. If we consider any of these assets to
be impaired, the impairment to be recognized equals the amount by which the carrying value of the assets exceeds its fair value. We make judgments about the
recoverability of purchased intangible assets whenever events or changes in circumstances indicate that impairment may exist.
Each period we evaluate the estimated remaining useful lives of intangible assets and other long-lived assets to assess whether a revision to the
remaining periods of amortization is required. Assumptions and estimates about remaining useful lives of our intangible and other long-lived assets are subjective.
They can be affected by a variety of factors, including external factors such as industry and economic trends and internal factors such as changes in our business
strategy. Although we believe the historical assumptions and estimates we have made are reasonable and appropriate, different assumptions and estimates could
materially impact our reported financial results. We did not recognize any intangible asset impairment charges to date.
58
�Loss contingencies
We evaluate contingent liabilities including threatened or pending litigation in accordance with the authoritative guidance on contingencies. We assess
the likelihood of any adverse judgments or outcomes from potential claims or legal proceedings, as well as potential ranges of probable losses, when the outcomes
of the claims or proceedings are probable and reasonably estimable. A determination of the amount of accrued liabilities required, if any, for these contingencies is
made after the analysis of each separate matter. Because of uncertainties related to these matters, we base our estimates on the information available at the time of
our assessment. As additional information becomes available, we reassess the potential liability related to our pending claims and litigation and may revise our
estimates. Any revisions in the estimates of potential liabilities could have a material impact on our operating results and financial position.
Income Taxes
We determine our current and deferred tax provisions based on estimates and assumptions that could differ from the actual results reflected in our
income tax returns filed during the subsequent year. We record adjustments based on filed returns when we have identified and finalized them, which is generally
in the fourth quarters of the subsequent year for U.S. federal and state provisions, respectively. We have placed a full valuation allowance on all net U.S. deferred
tax assets because realization of these tax benefits through future taxable income cannot be reasonably assured. We intend to maintain the valuation allowance until
sufficient positive evidence exists to support the reversal of the valuation allowance. Any decision to reverse part or all of the valuation allowance would be based
on our estimate of future profitability. If our estimate were to be wrong, we could be required to charge potentially significant amounts to income tax expense to
establish a new valuation allowance.
Our effective tax rate includes the impact of certain undistributed foreign earnings for which we partially provided taxes because we plan to reinvest
majority of such earnings indefinitely outside the United States. We plan foreign earnings remittance amounts based on projected cash flow needs as well as the
working capital and long-term investment requirements of our foreign subsidiaries and our domestic operations. Material changes in our estimates of cash, working
capital and long-term investment requirements in the various jurisdictions in which we do business could impact our effective tax rate. We are subject to income
taxes in the United States and certain foreign countries, and we are subject to corporate income tax audits in some of these jurisdictions. We believe that our tax
return positions are fully supported, but tax authorities are likely to challenge certain positions, which may not be fully sustained. However, our income tax expense
includes amounts intended to satisfy income tax assessments that result from these challenges. Determining the income tax expense for these potential assessments
and recording the related assets and liabilities requires management judgments and estimates. We evaluate our uncertain tax positions in accordance with the
guidance for accounting for uncertainty in income taxes. We believe that our liability for uncertain tax positions is adequate. We review our liability for uncertain
tax positions quarterly, and we may adjust such liability because of proposed assessments by tax authorities, changes in facts and circumstances, issuance of new
regulations or new case law, previously unavailable information obtained during the course of an examination, negotiations between tax authorities of different
countries concerning our transfer prices, or the expiration of statutes of limitations.
Recent Accounting Pronouncements
Refer to Note 1 of the notes to our consolidated financial statements in Part II, Item 8 of this Annual Report on Form 10-K for a full description of
recent accounting pronouncements.
59
�Item 7A. QUANTITATIVE AND QUALITAT IVE DISCLOSURES ABOUT MARKET RISK
We have operations both within the United States and internationally, and we are exposed to market risks in the ordinary course of our business. These
risks primarily include interest rate, foreign exchange and inflation risks, as well as risks relating to changes in the general economic conditions in the countries
where we conduct business. To reduce certain of these risks, we monitor the financial condition of our large clients and limit credit exposure by collecting in
advance and setting credit limits as we deem appropriate. In addition, our investment strategy has been to invest in financial instruments that are highly liquid and
readily convertible into cash. To date, we have not used derivative instruments to mitigate the impact of our market risk exposures. We have also not used, nor do
we intend to use, derivatives for trading or speculative purposes.
Interest Rate Risk
We are exposed to market risk related to changes in interest rates. Our investments primarily consist of money market funds, corporate debt securities,
commercial papers, U.S. agency and Treasury securities, and certificates of deposit. As of December 31, 2018, we had cash, cash equivalents, and short-term
investments of $231.7 million. The carrying amount of our cash equivalents and short-term investments reasonably approximates fair value, due to the short
maturities of these investments. The primary objectives of our investment activities are the preservation of capital, the fulfillment of liquidity needs and the
fiduciary control of cash and investments. We do not enter into investments for trading or speculative purposes. Our investments are exposed to market risk due to
a fluctuation in interest rates, which may affect our interest income and the fair market value of our investments. Due to the short-term nature of our investment
portfolio, we believe only dramatic fluctuations in interest rates would have a material effect on our investments. We do not believe that an immediate 10%
increase in interest rates would have a material effect on the fair market value of our portfolio. As such we do not expect our operating results or cash flows to be
materially affected by a sudden change in market interest rates.
Foreign Currency Risk
The functional currency for our wholly owned foreign subsidiaries is the U.S. dollar. Accordingly, the subsidiaries remeasure monetary assets and
liabilities at period-end exchange rates, while nonmonetary items are remeasured at historical rates. Income and expense accounts are remeasured at the average
exchange rates in effect during the year. Remeasurement adjustments are recognized in the consolidated statements of operations as foreign currency transaction
gains or losses in the year of occurrence. Aggregate foreign currency transaction gains (losses) included in determining net loss were $(0.9) million, $0.6 million
and $(0.9) million for 2018, 2017 and 2016, respectively. Transaction gains and losses are included in other (expense) income, net.
As our international operations grow, our risks associated with fluctuation in currency rates will become greater, and we will continue to reassess our
approach to managing this risk. In addition, currency fluctuations or a weakening U.S. dollar can increase the costs of our international expansion. For our
operating results and cash flows, we evaluated the effects of a 10% shift in exchange rates between those currencies and the U.S. dollar. We have determined that
there would not be a material effect on our results of operations from such a shift. To date, we have not entered into any foreign currency hedging contracts, since
exchange rate fluctuations have not had a material impact on our operating results and cash flows. Based on our current international structure, we do not plan on
engaging in hedging activities in the near future.
Inflation Risk
We do not believe that inflation has had a material effect on our business, financial condition or results of operations. Nonetheless, if our costs were to
become subject to significant inflationary pressures, we may not be able to fully offset such higher costs through price increases. Our inability or failure to do so
could harm our business, financial condition and results of operations.
60
�ITEM 8. FINANCIAL STATEMEN TS AND SUPPLEMENTARY DATA
The information in response to this item is included in our consolidated financial statements, together with the report thereon of
PricewaterhouseCoopers LLP, appearing in Item 15 of this Annual Report on Form 10-K, and in Item 7 under the heading Management’s Discussion and Analysis
of Financial Condition and Results of Operations.
ITEM 9. CHANGES IN AND D ISAGREEMENTS WITH ACCOUNTANTS ON ACCOUNTING AND FINANCIAL DISCLOSURE
None.
ITEM 9A. CONTROLS AND PROCEDURES
Evaluation of Disclosure Controls and Procedures
Regulations under the Securities Exchange Act of 1934, or the Exchange Act, require public companies, including us, to maintain “disclosure controls
and procedures,” which are defined in Rule 13a-15(e) and Rule 15d-15(e) to mean a company’s controls and other procedures that are designed to ensure that
information required to be disclosed in the reports that it files or submits under the Exchange Act is recorded, processed, summarized and reported, within the time
periods specified in the SEC’s rules and forms. Disclosure controls and procedures include, without limitation, controls and procedures designed to ensure that
information required to be disclosed in our reports that we file or submit under the Exchange Act is accumulated and communicated to management, including our
Chief Executive Officer and Chief Financial Officer, as appropriate to allow timely decisions regarding required disclosures. Our management, with the
participation of our Chief Executive Officer and Chief Financial Officer, evaluated the effectiveness of the Company’s disclosure controls and procedures as of
December 31, 2018. Based on their evaluation, as of December 31, 2018, our Chief Executive Officer and Chief Financial Officer have concluded that the
Company’s disclosure controls and procedures were effective.
Management’s Annual Report on Internal Control over Financial Reporting
Our management is responsible for establishing and maintaining adequate internal control over financial reporting, as such term is defined in Exchange
Act Rule 13a-15(f) and Rule 15d-15(f). Our management, including our Chief Executive Officer and Chief Financial Officer, conducted an evaluation of the
effectiveness of our internal control over financial reporting based on the framework in I nternal Control - Integrated Framework (2013) issued by the Committee
of Sponsoring Organizations of the Treadway Commission. Based on its evaluation under the framework in Internal Control - Integrated Framework (2013) , our
management concluded that our internal control over financial reporting was effective as of December 31, 2018.
The effectiveness of our internal control over financial reporting as of December 31, 2018, has been audited by PricewaterhouseCoopers LLP, an
independent registered public accounting firm, as stated in their report which appears in Item 15(a) of this Annual Report on Form 10-K.
Changes in Internal Control
There have been no changes in our internal control over financial reporting during the quarter ended December 31, 2018 that materially affected, or are
reasonably likely to materially affect, our internal control over financial reporting.
Inherent Limitations on Effectiveness of Controls
Management does not expect that our disclosure controls and procedures or our internal control over financial reporting will prevent or detect all error
and fraud. Any control system, no matter how well designed and operated, is based upon certain assumptions and can provide only reasonable, not absolute,
assurance that its objectives will be met. Further, no evaluation of controls can provide absolute assurance that misstatements due to error or fraud will not occur or
that all control issues and instances of fraud, if any, within the Company have been detected.
ITEM 9B. OTHER INFORMATION
None.
61
�ITEM 10. DIRECTORS, EXECUTIVE OFFICERS AND CORPORATE GOVERNANCE
PART III
The information required by this item will be set forth in the definitive Proxy Statement for our 2018 Annual Meeting of Stockholders (the “Proxy
Statement”) and is incorporated into this report by reference.
ITEM 11. EXECUTIVE COMPENSATION
The information required by this item will be set forth in the Proxy Statement and is incorporated into this report by reference.
ITEM 12. SECURITY OWNERSHIP OF CERTAIN BENEFICIAL OWNERS AND MANAGEMENT AND RELATED STOCKHOLDER MATTERS
The information required by this item will be set forth in the Proxy Statement and is incorporated into this report by reference.
ITEM 13. CERTAIN RELATIONSHIPS AND RELATED TRANSACTIONS, AND DIRECTOR INDEPENDENCE
The information required by this item will be set forth in the Proxy Statement and is incorporated into this report by reference.
ITEM 14. PRINCIPAL ACCOUNTING FEES AND SERVICES
The information required by this item will be set forth in the Proxy Statement and is incorporated into this report by reference.
62
�PART IV
ITEM 15. EXHIBITS, FINANCIAL STATEMENT SCHEDULES
(a)
(1) Financial Statements
INDEX TO CONSOLIDATED FINANCIAL STATEMENTS
Report of Independent Registered Public Accounting Firm
Consolidated Balance Sheets
Consolidated Statements of Operations
Consolidated Statements of Comprehensive Loss
Consolidated Statements of Stockholders' Equity
Consolidated Statements of Cash Flows
Notes to Consolidated Financial Statements
(2) Financial Statement Schedules
Page
64
66
67
68
69
70
72
Financial statement schedules have been omitted because they are not required, not applicable, not present in amounts sufficient to require submission
of the schedule, or the required information is shown in the Consolidated Financial Statements or Notes thereto.
(3) Exhibits
The information required by this Item is set forth in the Exhibits Index that precedes the signature page of this Annual Report on Form 10-K.
63
�REPORT OF INDEPENDENT REGIST ERED PUBLIC ACCOUNTING FIRM
To the Board of Directors and Stockholders of Proofpoint, Inc.
Opinions on the Financial Statements and Internal Control over Financial Reporting
We have audited the accompanying consolidated balance sheets of Proofpoint, Inc. and its subsidiaries (the “Company”) as of December 31, 2018, and
2017, and the related consolidated statements of operations, comprehensive loss, stockholders’ equity and cash flows for each of the three years in the period ended
December 31, 2018, including the related notes (collectively referred to as the “consolidated financial statements”). We also have audited the Company's internal
control over financial reporting as of December 31, 2018, based on criteria established in Internal Control - Integrated Framework (2013) issued by the Committee
of Sponsoring Organizations of the Treadway Commission (COSO).
In our opinion, the consolidated financial statements referred to above present fairly, in all material respects, the financial position of the Company as
of December 31, 2018 and 2017, and the results of its operations and its cash flows for each of the three years in the period ended December 31, 2018 in conformity
with accounting principles generally accepted in the United States of America. Also in our opinion, the Company maintained, in all material respects, effective
internal control over financial reporting as of December 31, 2018, based on criteria established in Internal Control - Integrated Framework (2013) issued by the
COSO.
Change in Accounting Principle
As discussed in Note 1 to the consolidated financial statements, the Company changed the manner in which it accounts for revenues from contracts
with customer in 2018.
Basis for Opinions
The Company's management is responsible for these consolidated financial statements, for maintaining effective internal control over financial
reporting, and for its assessment of the effectiveness of internal control over financial reporting, included in Management's Annual Report on Internal Control over
Financial Reporting appearing under Item 9A. Our responsibility is to express opinions on the Company’s consolidated financial statements and on the Company's
internal control over financial reporting based on our audits. We are a public accounting firm registered with the Public Company Accounting Oversight Board
(United States) (PCAOB) and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable
rules and regulations of the Securities and Exchange Commission and the PCAOB.
We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audits to obtain
reasonable assurance about whether the consolidated financial statements are free of material misstatement, whether due to error or fraud, and whether effective
internal control over financial reporting was maintained in all material respects.
Our audits of the consolidated financial statements included performing procedures to assess the risks of material misstatement of the consolidated
financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such procedures included examining, on a test basis,
evidence regarding the amounts and disclosures in the consolidated financial statements. Our audits also included evaluating the accounting principles used and
significant estimates made by management, as well as evaluating the overall presentation of the consolidated financial statements. Our audit of internal control over
financial reporting included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, and testing
and evaluating the design and operating effectiveness of internal control based on the assessed risk. Our audits also included performing such other procedures as
we considered necessary in the circumstances. We believe that our audits provide a reasonable basis for our opinions.
64
�Definition and Limitations of Internal Control over Financial Re porting
A company’s internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial
reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company’s internal
control over financial reporting includes those policies and procedures that (i) pertain to the maintenance of records that, in reasonable detail, accurately and fairly
reflect the transactions and dispositions of the assets of the company; (ii) provide reasonable assurance that transactions are recorded as necessary to permit
preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made
only in accordance with authorizations of management and directors of the company; and (iii) provide reasonable assurance regarding prevention or timely
detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements.
Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any
evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of
compliance with the policies or procedures may deteriorate.
/s/ PricewaterhouseCoopers LLP
San Jose, California
February 21, 2019
We have served as the Company’s auditor since 2008, which includes periods before the Company became subject to SEC reporting requirements.
65
�Proofpoint, Inc.
Consolidated Balance Sheets
(in thousands, except per share amounts)
Assets
Current assets:
Cash and cash equivalents
Short-term investments
Accounts receivable, net
Inventory
Deferred product costs
Deferred commissions
Prepaid expenses and other current assets
Total current assets
Property and equipment, net
Long-term deferred product costs
Goodwill
Intangible assets, net
Long-term deferred commissions
Other assets
Total assets
Liabilities and Stockholders’ Equity
Current liabilities:
Accounts payable
Accrued liabilities
Capital lease obligations
Deferred rent
Deferred revenue
Total current liabilities
Convertible senior notes
Long-term capital lease obligations
Long-term deferred rent
Other long-term liabilities
Long-term deferred revenue
Total liabilities
Commitments and contingencies (Note 8)
Stockholders’ equity:
Convertible preferred stock, $0.0001 par value; 5,000 shares authorized;
no shares issued and outstanding as of December 31, 2018 and 2017
Common stock, $0.0001 par value; 200,000 shares authorized; 55,149 and
50,325 shares issued and outstanding at December 31, 2018 and
December 31, 2017, respectively
Additional paid-in capital
Accumulated other comprehensive loss
Accumulated deficit
Total stockholders’ equity
Total liabilities and stockholders’ equity
$
$
$
At December 31,
2018
2017
185,392 $
46,307
199,194
481
1,800
37,391
16,872
487,437
70,627
303
460,425
136,645
69,989
7,592
1,233,018 $
20,237 $
90,719
—
829
492,742
604,527
—
—
3,757
6,812
105,388
720,484
286,072
45,526
107,696
730
1,541
26,249
18,669
486,483
73,617
259
297,704
95,602
51,954
12,813
1,018,432
12,271
65,503
34
586
364,521
442,915
197,858
55
4,102
11,069
63,318
719,317
—
—
6
1,107,953
(7)
(595,418)
512,534
1,233,018 $
5
787,572
(9)
(488,453)
299,115
1,018,432
$
The accompanying notes are an integral part of these consolidated financial statements.
66
�Proofpoint, Inc.
Consolidated Statements of Operations
(in thousands, except per share amounts)
Revenue:
Subscription
Hardware and services
Total revenue
Cost of revenue: (1)(2)
Subscription
Hardware and services
Total cost of revenue
Gross profit
Operating expense: (1)(2)
Research and development
Sales and marketing
General and administrative
Total operating expense
Operating loss
Interest expense
Other (expense) income, net
Loss before income taxes
Benefit from (provision for) income taxes
Net loss
Net loss per share, basic and diluted
Weighted average shares outstanding, basic and diluted
(1) Includes stock-based compensation expense as follows:
Cost of subscription revenue
Cost of hardware and services revenue
Research and development
Sales and marketing
General and administrative
(2) Includes intangible amortization expense as follows:
Cost of subscription revenue
Research and development
Sales and marketing
2018
Year Ended December 31,
2017
2016
$
704,400 $
12,594
716,994
506,355 $
13,326
519,681
180,253
21,508
201,761
515,233
185,391
345,368
86,185
616,944
(101,711)
(14,168)
(1,102)
(116,981)
13,232
(103,749) $
(1.99) $
52,111
14,012 $
2,287 $
40,204 $
50,320 $
35,885 $
26,971 $
45 $
14,141 $
125,832
17,546
143,378
376,303
129,803
248,694
52,735
431,232
(54,929)
(25,597)
774
(79,752)
9,950
(69,802) $
(1.58) $
44,258
10,635 $
1,893 $
30,588 $
33,962 $
20,382 $
14,512 $
60 $
3,934 $
$
$
$
$
$
$
$
$
$
$
367,494
10,843
378,337
94,716
13,877
108,593
269,744
98,506
189,324
52,774
340,604
(70,860)
(23,538)
(1,103)
(95,501)
(986)
(96,487)
(2.31)
41,859
7,427
1,494
24,342
28,607
16,826
9,423
60
4,938
The accompanying notes are an integral part of these consolidated financial statements.
67
�Proofpoint, Inc.
Consolidated Statements of Comprehensive Loss
(In thousands)
Net loss
Other comprehensive income (loss), net of tax:
Unrealized gain (loss) on investments, net
Comprehensive loss
2018
Year Ended December 31,
2017
2016
$
(103,749) $
(69,802) $
(96,487)
2
(2)
$
(103,747) $
(69,804) $
16
(96,471)
The accompanying notes are an integral part of these consolidated financial statements.
68
�Balances at December 31, 2015
Cumulative effect of adjustment
from adoption of ASC 606
Net loss
Unrealized gain on short-term
investments
Stock-based compensation expense
Acquisition of FireLayers, Ltd.
(Note 3)
Common stock issued
Tax withholding upon vesting of
restricted stock awards
Balances at December 31, 2016
Cumulative effect adjustment from
adoption of new accounting
pronouncement
Net loss
Unrealized loss on short-term
investments
Conversion of convertible senior
notes to common stock (Note 9)
Stock-based compensation expense
Acquisition of businesses (Note 3)
Common stock issued
Tax withholding upon vesting of
restricted stock awards
Balances at December 31, 2017
Cumulative effect adjustment from
adoption of new accounting
pronouncement (Note 1)
Net loss
Unrealized gain on short-term
investments
Conversion of convertible senior
notes to common stock (Note 9)
Stock-based compensation expense
Common stock issued
Tax withholding upon vesting of
restricted stock awards
Balances at December 31, 2018
Proofpoint, Inc.
Consolidated Statements of Stockholders’ Equity
(in thousands)
Common Stock
Shares
Amount
Additional
Paid-In
Capital
Accumulated
Other
Comprehensive Accumulated
Income (Loss)
Deficit
Total
Stockholders’
Equity
40,840 $
4 $
441,104 $
(23) $
(357,900) $
83,185
—
—
—
—
111
2,474
(410)
43,015
—
—
—
5,159
—
—
2,672
(521)
50,325
—
—
—
2,928
—
2,463
—
—
—
—
—
—
—
4
—
—
—
1
—
—
—
—
5
—
—
—
1
—
—
—
—
—
70,560
176
27,799
(25,605)
514,034
999
—
—
193,153
88,449
424
34,024
(43,511)
787,572
—
—
—
213,305
131,178
36,449
—
—
16
—
—
—
—
(7)
—
—
(2)
—
—
—
—
—
(9)
—
—
2
—
—
—
(567)
55,149 $
—
6 $
(60,551)
1,107,953 $
—
(7) $
The accompanying notes are an integral part of these consolidated financial statements.
69
36,735
(96,487)
36,735
(96,487)
—
—
—
—
16
70,560
176
27,799
—
(417,652)
(25,605)
96,379
(999)
(69,802)
—
(69,802)
—
—
—
—
—
—
(488,453)
(2)
193,154
88,449
424
34,024
(43,511)
299,115
(3,216)
(103,749)
(3,216)
(103,749)
—
—
—
—
—
(595,418) $
2
213,306
131,178
36,449
(60,551)
512,534
�Proofpoint, Inc.
Consolidated Statements of Cash Flows
(in thousands)
Cash flows from operating activities
Net loss
Adjustments to reconcile net loss to net cash provided by operating activities:
Depreciation and amortization
Stock-based compensation
Change in fair value of contingent consideration
Amortization of debt issuance costs and accretion of debt discount
Amortization of deferred commissions
Loss on conversion of convertible notes
Deferred income taxes
Other
Changes in assets and liabilities, net of effect of acquisitions:
Accounts receivable
Inventory
Deferred product costs
Deferred commissions
Prepaid expenses
Other current assets
Long-term assets
Accounts payable
Accrued liabilities
Deferred rent
Deferred revenue
Net cash provided by operating activities
Cash flows from investing activities
Proceeds from maturities of short-term investments
Proceeds from sales of short-term investments
Purchase of short-term investments
Purchase of property and equipment
Payments to escrow account
Receipts from escrow account
Acquisitions of business, net of cash and restricted cash acquired
Net cash used in investing activities
Cash flows from financing activities
Proceeds from issuance of common stock
Withholding taxes related to restricted stock net share settlement
Repayments of equipment loans and capital lease obligations
Repayment of convertible notes
Holdback payments for prior acquisitions
Contingent consideration payments
Net cash used in financing activities
Effect of exchange rate changes on cash, cash equivalents
and restricted cash
Net decrease in cash, cash equivalents and restricted cash
Cash, cash equivalents, and restricted cash
Beginning of period
End of period
Supplemental disclosures of cash flow information
Cash paid for interest
Cash paid for taxes
Supplemental disclosure of noncash investing and financing activities
Unpaid purchases of property and equipment and asset retirement obligations
Liability awards converted to equity
Convertible senior notes converted to equity
70
2018
Year Ended December 31,
2017
2016
$
(103,749) $
(69,802) $
(96,487)
73,553
142,708
(79)
8,383
37,076
7,207
(15,258)
1,469
(81,890)
249
(302)
(66,254)
(1,905)
2,155
311
8,396
17,184
(101)
155,591
184,744
66,080
11,931
(78,688)
(29,522)
—
3,321
(223,786)
(250,664)
27,579
(60,706)
(37)
(142)
—
(555)
(33,861)
(727)
(100,508)
42,098
97,460
(1,533)
21,789
28,476
2,696
(15,953)
(348)
(31,744)
(132)
338
(45,910)
(1,663)
(139)
(3,429)
(1,648)
14,539
1,867
116,724
153,686
102,556
—
(96,741)
(46,958)
—
6,066
(155,350)
(190,427)
25,725
(42,823)
(34)
(14)
—
(6,066)
(23,212)
1,076
(58,877)
$
$
$
$
$
$
286,660
186,152 $
345,537
286,660 $
1,249 $
120 $
2,706 $
8,870 $
213,306 $
4,236 $
5,311 $
3,349 $
8,307 $
193,153 $
31,552
78,696
(669)
20,842
22,704
—
119
1,170
(18,721)
(113)
402
(37,446)
(2,660)
(1,472)
959
4,271
6,044
292
84,752
94,235
123,405
—
(114,686)
(34,407)
(9,645)
260
(54,119)
(89,192)
21,779
(25,588)
(32)
—
(1,397)
—
(5,238)
(545)
(740)
346,277
345,537
4,250
893
6,035
6,059
—
�Reconciliation of cash, cash equivalents and restricted cash
as shown in the consolidated statement of cash flows
Cash and cash equivalents
Restricted cash included in prepaid expenses and other
current assets
Restricted cash included in other non-current assets
Total cash, cash equivalents and restricted cash
December 31,
2018
December 31,
2017
December 31,
2016
$
185,392 $
286,072 $
345,426
283
477
186,152 $
315
273
286,660 $
79
32
345,537
$
The accompanying notes are an integral part of these consolidated financial statements.
71
�Proofpoint, Inc.
Notes to Consolidated Financial Statements
(dollars and share amounts in thousands, except per share amounts)
1. The Company and Summary of Significant Accounting Policies
The Company
Proofpoint, Inc. (the “Company”) was incorporated in Delaware in June 2002 and is headquartered in California.
Proofpoint, Inc. is a leading security-as-a-service provider that enables large and mid-sized organizations worldwide to defend, protect, archive and
govern their most sensitive data. The Company’s security-and compliance platform is comprised of an integrated suite of threat protection, information protection,
and brand protection solutions, including email protection, advanced threat protection, email authentication, data loss prevention, SaaS application protection,
response orchestration and automation, digital risk, web browser isolation, email encryption, archiving, eDiscovery, supervision, secure communication, phishing
simulation and security awareness computer-based training.
Basis of Presentation and Consolidation
The accompanying consolidated financial statements have been prepared in conformity with U.S. generally accepted accounting principles (“GAAP”).
The consolidated financial statements include the accounts of the Company and its wholly-owned subsidiaries. All intercompany transactions and balances have
been eliminated in consolidation. Certain prior period amounts have been adjusted due to the adoption of Accounting Standards Update (“ASU”) No. 2014-09,
Revenue from Contracts with Customers: Topic 606 (“ASC 606”). Refer to Note 2 “Revenue, Deferred Revenue and Deferred Contract Costs” for more
information.
During the reporting periods, the Company completed a number of acquisitions which are more fully described in Note 3 “Acquisitions”. The
consolidated financial statements include the results of operations from these business combinations from their date of acquisition.
Use of Estimates
The preparation of consolidated financial statements in conformity with GAAP requires management to make estimates and assumptions that affect the
reported amounts of assets and liabilities and disclosure of contingent assets and liabilities at the date of the financial statements, and the reported amounts of
expenses during the reporting period. Actual results could differ materially from those estimates. Significant items subject to such estimates and assumptions
include those related to revenue recognition, deferred commissions, stock-based compensation expense, fair value of assets acquired and liabilities assumed in
business combinations, impairment assessments of goodwill, intangible assets and other long-lived assets, loss contingencies, and income taxes.
Foreign Currency Remeasurement and Transactions
The functional currency of the Company’s wholly-owned foreign subsidiaries is the U.S. dollar. Accordingly, the subsidiaries remeasure monetary
assets and liabilities at period-end exchange rates, while nonmonetary items are remeasured at historical rates. Income and expense accounts are remeasured at the
average exchange rates in effect during the year. Remeasurement adjustments are recognized in the consolidated statements of operations as transaction gains or
losses within other income (expense), net, in the period of occurrence. Aggregate transaction gains (losses) included in determining net loss were $(943), $574 and
$(852) for the years ended December 31, 2018, 2017 and 2016, respectively.
Cash and Cash Equivalents
The Company considers currency on hand, demand deposits, time deposits, money market funds and all highly liquid investments with an original
maturity of three months or less at the date of purchase to be cash and cash equivalents. Cash and cash equivalents are held in various financial institutions in the
United States and internationally.
72
�Proofpoint, Inc.
Notes to Consolidated Financial Statements (Continued)
(dollars and share amounts in thousands, except per share amounts)
Investments
The Company classifies all its investments as available-for-sale at the time of purchase since it is management’s intent that these investments be
available for current operations, and as such, includes these investments as short-term investments on its balance sheets. These investments consist of money
market funds, corporate debt securities, commercial papers, U.S. agency and Treasury securities, and certificates of deposit with original maturities longer than
three months. Short-term investments classified as available-for-sale are recorded at fair value with the related unrealized gains and losses included in accumulated
other comprehensive income (loss), a component of stockholders’ equity. Realized gains and losses are recorded in the consolidated statements of operations and
comprehensive loss based on specific identification.
Inventories
Inventories are stated at lower of cost or net realizable value, with costs computed on a first-in, first-out basis. The Company periodically reviews its
inventories for excess and obsolete items and adjusts carrying costs to estimated net realizable values when they are determined to be less than cost. Inventories
held at December 31, 2018 and December 31, 2017 consist primarily of finished goods.
Revenue Recognition
Effective January 1, 2018, the Company adopted ASC 606 using full retrospective method. Refer to Note 2 for a detailed discussion of accounting
policies related to revenue recognition, including deferred revenue, deferred commissions and deferred product costs.
Property and Equipment
Property and equipment are stated at cost. Depreciation is computed using the straight-line method over the estimated useful life of the related asset.
Amortization of leasehold improvements is computed using the straight-line method over the shorter of the lease term or the estimated useful life of the asset or
improvement. Cost of maintenance and repairs that do not improve or extend the lives of the respective assets are expensed as incurred.
Impairment of Intangible Assets and Other Long-Lived Assets
The Company evaluates long-lived assets, including property, equipment and definitive-lived intangible assets, for impairment whenever events or
changes in circumstances indicate that the carrying value of an asset may not be recoverable. Recoverability of these assets is measured by comparison of the
carrying amount of such assets (or asset group) to the future undiscounted cash flows the assets (or asset group) is expected to generate. If the assets are considered
to be impaired, the amount of any impairment is measured as the difference between the carrying value and the fair value of the impaired assets. The Company also
evaluates the estimated remaining useful lives of intangible assets and other long-lived assets to assess whether a revision to the remaining periods of amortization
is required. No assets were determined to be impaired as of December 31, 2018.
Software Development Costs
Internally developed software includes security software developed to meet the Company’s internal needs to provide cloud-based subscription services
to its end-customers and business software that the Company customizes to meet its operating needs. These capitalized costs consist of internal compensation
related costs and external direct costs incurred during the application development stage. The costs capitalized were not material in the years ended December 31,
2018, 2017 and 2016.
The costs to develop software that is marketed externally have not been capitalized as the current software development process is essentially
completed concurrently with the establishment of technological feasibility. As such, all related software development costs are expensed as incurred and included
in research and development expense in the consolidated statements of operations.
Internally and externally developed software is amortized over the software’s estimated useful life of three to five years.
73
�Proofpoint, Inc.
Notes to Consolidated Financial Statements (Continued)
(dollars and share amounts in thousands, except per share amounts)
Advertising and Promotion Costs
Expenses related to advertising and promotion of solutions is charged to sales and marketing expense as incurred. The Company did not incur any
material advertising and promotion expenses during the years ended December 31, 2018, 2017 and 2016.
Goodwill and Intangible Assets
Goodwill represents the excess of the purchase price of the acquired enterprise over the fair value of identifiable assets acquired and liabilities
assumed. The Company performs an annual goodwill impairment test during the fourth quarter of a calendar year and more frequently if an event or circumstances
indicates that impairment may have occurred. For the purposes of impairment testing, the Company has determined that it has one operating segment and one
reporting unit. The Company performs a two-step impairment test of goodwill whereby the fair value of the reporting unit is compared to its carrying value. If the
fair value of the reporting unit exceeds the carrying value of the net assets assigned to that unit, goodwill is not considered impaired and further testing is not
required. If the carrying value of the net assets assigned to the reporting unit exceeds the fair value of the reporting unit, then the Company must perform the
second step of the impairment test in order to determine the implied fair value of the reporting unit’s goodwill. If the carrying value of a reporting unit’s goodwill
exceeds its implied fair value, then impairment loss equal to the difference is recorded. The identification and measurement of goodwill impairment involves the
estimation of the fair value of the Company. The estimate of fair value of the Company, based on the best information available as of the date of the assessment, is
subjective and requires judgment, including management assumptions about expected future revenue forecasts and discount rates, changes in the overall economy,
trends in the stock price and other factors. No impairment was identified by the Company as of December 31, 2018.
Intangible assets consist of developed technology, customer relationships, non-compete arrangements, trademarks and patents, and order backlog. The
values assigned to intangibles are based on estimates and judgments regarding expectations for success and life cycle of solutions and technologies acquired.
Intangible assets are amortized on a straight-line basis over their estimated lives, which approximate the pattern in which the economic benefits of the
intangible assets are consumed, as follows (in years):
Patents
Developed technology
Customer relationships
Order backlog
Tradenames and trademarks
Warranty
Low
4
3
2
1
1
High
5
7
8
3
5
The Company provides limited warranties on all sales and provides for the estimated cost of the warranties at the date of sale, to the extent not already
provided by its own vendors. Warranty costs and the accrued warranty liabilities were not material for all periods presented.
Income Taxes
The Company accounts for income taxes in accordance with authoritative guidance, which requires use of the asset and liability method. Under this
method, deferred income tax assets and liabilities are determined based on the difference between the consolidated financial statements carrying amounts and the
tax basis of assets and liabilities and are measured using the enacted tax rates expected to apply to taxable income in the years in which the differences are expected
to be reversed.
The Company records net deferred tax assets to the extent the Company believes these assets will more likely than not be realized. In making such
determination, the Company considers all available positive and negative evidence, including future reversals of existing taxable temporary differences, projected
future taxable income, tax planning strategies and recent financial operations.
74
�Proofpoint, Inc.
Notes to Consolidated Financial Statements (Continued)
(dollars and share amounts in thousands, except per share amounts)
The Company recognizes interest and penalties related to uncertain tax positions within the income tax expense li ne in the consolidated statements of
operations. Accrued interest and penalties are included within the related tax liability line on the consolidated balance sheets.
Research and Development
Research and development expense consists primarily of personnel costs, consulting services, allocated facilities costs and depreciation. Research and
development costs are expensed as incurred.
Employee Benefit Plans
The Company’s tax-deferred savings plan is qualified under Section 401(k) of the United States Internal Revenue Code. Employees may make
voluntary, tax-deferred contributions to the 401(k) Plan up to the statutorily prescribed annual limit. The Company makes discretionary matching contributions to
the 401(k) Plan on behalf of employees up to the limit determined by the Board of Directors. The Company contributed $1,563 to the 401(k) Plan in 2018. There
were no contributions made by the Company in 2017 and 2016.
Stock-Based Compensation
The Company issues stock-based compensation awards to employees and directors in the form of stock options, restricted stock units (“RSUs”),
performance stock units (“PSUs”), employee stock purchase plan (“ESPP”) and stock bonus and other liability awards (collectively, “awards”).
The Company measures and recognizes compensation expense for all stock-based awards based on the awards’ fair value. Stock-based compensation
for RSUs and PSUs is measured based on the value of the Company’s common stock on the grant date. Stock-based compensation for employee stock options and
ESPP awards are measured on the date of grant using a Black-Scholes option pricing model.
Stock bonus and other liability awards are accounted for as liability-classified awards, because the obligations are based predominantly on fixed
monetary amounts that are generally known at the inception of the obligation, to be settled with a variable number of shares of the Company’s common stock.
Awards vest either on a graded schedule or in a lump sum. The Company determines the fair value of each award as a single award and recognizes the
expense on a straight-line basis over the service period of the award, which is generally the vesting period. The exercise price of stock options granted is equal to
the fair value of the Company’s common stock on the date of grant. Stock options expire ten years from the date of grant.
Comprehensive Income (Loss)
Comprehensive income (loss) includes all changes in equity that are not the result of transactions with stockholders. The Company’s comprehensive
income (loss) consists of its net loss and changes in unrealized gains (losses) on its available-for-sale investments.
Loss Contingencies
The Company may be involved in various lawsuits, claims and proceedings that arise in the ordinary course of business. The Company records a
provision for a liability when it believes that it is both probable that a liability has been incurred and the amount can be reasonably estimated. Significant judgment
is required to determine both probability and the estimated amount. The Company reviews these provisions at least quarterly and adjusts these provisions to reflect
the impact of negotiations, settlements, rulings, and updated information.
Accounting Pronouncements Adopted in 2018
In May 2014, the Financial Accounting Standards Board (“FASB”) issued ASC 606 to supersede nearly all existing revenue recognition guidance
under U.S. GAAP. The standard contains a comprehensive new revenue recognition model that requires revenue to be recognized in a manner to depict the transfer
of services or products to a customer at an amount that reflects the consideration expected to be received in exchange for those services or products. The FASB has
issued several amendments to the standard, including clarifications on disclosure of prior-period and remaining performance obligations. The Company adopted
ASC 606 effective January 1, 2018 using the full retrospective transition method. Refer to Note 2 “Revenue, Deferred Revenue and Deferred Contract Costs” for
more information.
75
�Proofpoint, Inc.
Notes to Consolidated Financial Statements (Continued)
(dollars and share amounts in thousands, except per share amounts)
In October 2016, the FASB issued ASU No. 2016-16, Income Taxes: Intra-Entity Transfers of Assets Other Than Inventory (“ASU 2016-16”). ASU
2016-16 eliminates the requirement to defer the recognition of current and deferred income taxes for intra-entity asset transfer until the asset has been sold to an
outside party. Therefore, an entity should recognize the income tax consequences of an intra-entity transfer of an asset other than inventory when the transfer
occurs. ASU 2016-16 was adopted on a modified retrospective basis starting January 1, 2018. As a result of the adoption, the Company’s long-term assets
decreased and accumulated deficit increased by $3,216 as of January 1, 2018, the date of adoption.
In August 2016, the FASB issued ASU No. 2016-15, Statement of Cash Flows (Topic 230): Classification of Certain Cash Receipts and Cash
Payments (“ASU 2016-15”). ASU 2016-15 clarifies how certain cash receipts and payments should be classified in the statement of cash flows. The Company
adopted ASU 2016-15 on January 1, 2018 with no impact on its consolidated financial statements.
Recent Accounting Pronouncements Not Yet Effective
In August 2018, the FASB issued ASU No. 2018-15, Customer’s Accounting for Implementation Costs Incurred in a Cloud Computing Arrangement
That Is a Service Contract (“ASU 2018-15”). ASU 2018-15 aligns the requirements for capitalizing implementation costs incurred in a hosting arrangement that is
a service contract with the requirements for capitalizing implementation costs incurred to develop or obtain internal-use software. The update to the standard is
effective for interim and annual periods beginning after December 15, 2019, with early adoption permitted. Entities can choose to adopt the ASU 2018-15
prospectively or retrospectively. The Company is currently assessing the impact ASU 2018-15 will have on its consolidated financial statements.
In January 2017, the FASB issued ASU No. 2017-04, Intangibles - Goodwill and Other (Topic 350): Simplifying the Accounting for Goodwill
Impairment (“ASU 2017-04”). ASU 2017-04 removes the requirement to perform a hypothetical purchase price allocation to measure goodwill impairment. A
goodwill impairment charge will be the amount by which a reporting unit’s carrying value exceeds its fair value, not to exceed the carrying amount of goodwill.
The update to the standard is effective for interim and annual periods beginning after December 15, 2019, with early adoption permitted, and should be applied
prospectively. The Company does not expect ASU 2017-04 to have a material impact on its consolidated financial statements.
In June 2016, the FASB issued ASU No. 2016-13, Financial Instruments - Credit Losses (Topic 326): Measurement of Credit Losses on Financial
Instruments (“ASU 2016-13”). ASU 2016-13 changes the impairment model for most financial assets, and will require the use of an expected loss model in place of
the currently used incurred loss method. Under this model, entities will be required to estimate the lifetime expected credit loss on such instruments and record an
allowance to offset the amortized cost basis of the financial asset, resulting in a net presentation of the amount expected to be collected on the financial asset. The
update to the standard is effective for interim and annual periods beginning after December 15, 2019. The Company is currently evaluating the impact of the
adoption of ASU 2016-13 on its consolidated financial statements.
In February 2016, the FASB issued ASU No. 2016-02, Leases (Topic 842) (“ASU 2016-02”), which requires lessees to put most leases on their
balance sheets but recognize the expenses on their statements of operations in a manner similar to current practice. ASU 2016-02 states that a lessee would
recognize a lease liability for the obligation to make lease payments and a right-of-use asset (“ROU”) for the right to use the underlying asset for the lease term.
The Company will adopt the new standard as of January 1, 2019 and will recognize a cumulative-effect adjustment to the opening balance of accumulated deficit as
of the adoption date. The Company will elect the optional transition approach to not apply ASU 2016-02 in the comparative periods presented and the package of
practical expedients. The Company will also elect the practical expedient to not account for lease and non-lease components separately for office space, data center
and equipment operating leases . The Company expects adoption of ASU 2016-02 will result in the recognition of lease liabilities and ROU assets from $55,000 to
$70,000, with the most significant impact related to the Company’s office space and date center operating leases. The Company does not expect the adoption of
ASU 2016-02 to have a material impact to the consolidated statements of operations or to have any impact on its cash flows from operating, investing or financing
activities.
76
�Proofpoint, Inc.
Notes to Consolidated Financial Statements (Continued)
(dollars and share amounts in thousands, except per share amounts)
2. Revenue, Deferred Revenue and Deferred Contract Costs
Effective January 1, 2018, the Company adopted ASC 606 using the full retrospective method. Under this method, the Company is presenting the
consolidated financial statements as of December 31, 2017, and for the years ended December 31, 2017 and 2016, as if ASC 606 had been effective for those
periods. The most significant impact of the standard related to i) the timing of revenue recognition for contracts related to certain on-premise offerings, in which the
Company granted customers the right to deploy its subscription software on the customers’ own servers. For these contracts, the Company is required to recognize
as revenue a significant portion of the contract price upon delivery of the software compared to the previous practice of recognizing the entire contract price ratably
over a subscription period; and ii) the timing of revenue recognition in instances when all revenue recognition criteria were not met until after the start date of the
subscription. Previously these amounts were recognized prospectively over the remaining contract term, while under ASC 606, the Company is required to
recognize revenue on a cumulative catch-up basis for amounts earned up to the time all revenue recognition criteria have been met. In addition, iii) certain contract
acquisition costs such as sales commissions are being amortized over an expected benefit period that is longer than the Company’s previous policy of amortizing
the deferred amounts over the specific revenue contract term for the associated contract.
The Company applied ASC 606 using two practical expedients: 1) for the reporting periods presented before January 1, 2018, the Company doesn’t
disclose the amount of the transaction price allocated to the remaining performance obligations or an explanation of when the Company expects to recognize that
amount as revenue; 2) the Company doesn’t disclose the amount of the transaction price allocated to the remaining performance obligations for contracts with an
original expected length of one year or less.
Select consolidated balance sheet line items, which reflect the adoption of the new standard, are as follows:
Assets
Accounts receivable, net
Deferred commissions, current
Long-term deferred commissions
Liabilities
Accrued liabilities
Deferred revenue
Long-term deferred revenue
Stockholders’ Equity
Accumulated deficit
December 31, 2017
As Previously
Reported
Adjustments
As Adjusted
$
$
$
$
$
$
$
109,325 $
27,144 $
5,811 $
63,926 $
381,915 $
69,873 $
(1,629) $
(895) $
46,143 $
1,577 $
(17,394) $
(6,555) $
107,696
26,249
51,954
65,503
364,521
63,318
(554,444) $
65,991 $
(488,453)
Select consolidated statements of operations line items, which reflect the adoption of the new standard, are as follows:
Revenue:
Subscription
Hardware and services
Total revenue
Gross profit
Operating expense:
Sales and marketing
Operating loss
Net loss
Net loss per share, basic and diluted
Year Ended December 31, 2017
As Previously
Reported
Adjustments
As Adjusted
$
$
$
$
$
$
$
503,257 $
12,032
515,289 $
371,911 $
258,837 $
(69,464) $
(84,337) $
(1.91) $
3,098 $
1,294
4,392 $
4,392 $
(10,143) $
14,535 $
14,535 $
0.33 $
506,355
13,326
519,681
376,303
248,694
(54,929)
(69,802)
(1.58)
77
�Proofpoint, Inc.
Notes to Consolidated Financial Statements (Continued)
(dollars and share amounts in thousands, except per share amounts)
Revenue:
Subscription
Hardware and services
Total revenue
Gross profit
Operating expense:
Sales and marketing
Operating loss
Net loss
Net loss per share, basic and diluted
Year Ended December 31, 2016
As Previously
Reported
Adjustments
As Adjusted
$
$
$
$
$
$
$
365,960 $
9,536
375,496 $
266,903 $
201,204 $
(85,581) $
(111,208) $
(2.66) $
1,534 $
1,307
2,841 $
2,841 $
(11,880) $
14,721 $
14,721 $
0.35 $
367,494
10,843
378,337
269,744
189,324
(70,860)
(96,487)
(2.31)
Select consolidated statement of cash flows line items, which reflect the adoption of the new standard are as follows:
Cash flows from operating activities
Net loss
Adjustments to reconcile net loss to net cash provided by
operating activities:
Amortization of deferred commissions
Changes in assets and liabilities:
Accounts receivable
Deferred commissions
Accrued liabilities
Deferred revenue
Net cash provided by operating activities
Cash flows from operating activities
Net loss
Adjustments to reconcile net loss to net cash provided by
operating activities:
Amortization of deferred commissions
Changes in assets and liabilities:
Accounts receivable
Deferred commissions
Accrued liabilities
Deferred revenue
Net cash provided by operating activities
Year Ended December 31, 2017
As Previously
Reported
Adjustments
As Adjusted
$
(84,337) $
14,535 $
(69,802)
$
$
$
$
$
$
36,865 $
(8,389) $
28,476
(33,538) $
(44,157) $
13,943 $
123,507 $
153,686 $
1,794 $
(1,753) $
596 $
(6,783) $
— $
(31,744)
(45,910)
14,539
116,724
153,686
Year Ended December 31, 2016
As Previously
Reported
Adjustments
As Adjusted
$
(111,208) $
14,721 $
(96,487)
$
$
$
$
$
$
33,147 $
(10,443) $
22,704
(18,737) $
(36,009) $
6,398 $
87,255 $
94,235 $
16 $
(1,437) $
(354) $
(2,503) $
— $
(18,721)
(37,446)
6,044
84,752
94,235
78
�Proofpoint, Inc.
Notes to Consolidated Financial Statements (Continued)
(dollars and share amounts in thousands, except per share amounts)
The core principle of ASC 606 is to recognize revenue to depict the transfer of services or products to customers in an amount that reflects the
consideration the Company expects to be entitled to in exchange for those services or products. The principle is achieved through the following five-step approach:
•
•
•
•
•
Identification of the contract, or contracts, with the customer - The Company considers the terms and conditions of the contract and its
customary business practice in identifying its contracts under ASC 606. The Company determines it has a contract with a customer when the
contract is approved, the Company can identify each party’s rights regarding the services and products to be transferred, the Company can
identify the payment terms for the services and products, the Company has determined the customer has the ability and intent to pay and the
contract has commercial substance. At contract inception, the Company evaluates whether two or more contracts should be combined and
accounted for as a single contract and whether the combined contract or single contract includes more than one performance obligation. The
Company applies judgment in determining the customer’s ability and intent to pay, which is based on a variety of factors, including the
customer’s historical payment experience or, in the case of a new customer, credit and financial information pertaining to the customer.
Identification of the performance obligation in the contract - Performance obligations promised in a contract are identified based on the services
or products that will be transferred to the customer that are both i) capable of being distinct, whereby the customer can benefit from the service
or product either on its own or together with other resources that are readily available from third parties or from the Company, and ii) distinct in
the context of the contract, whereby the transfer of the services or products is separately identifiable from other promises in the contract. To the
extent a contract includes multiple promised services or products, the Company applies judgment to determine whether promised services or
products are capable of being distinct and distinct in the context of the contract. If these criteria are not met the promised services or products are
accounted for as a combined performance obligation.
Determination of the transaction price - The transaction price is determined based on the consideration to which the Company expects to be
entitled in exchange for transferring services and products to the customer. Variable consideration is included in the transaction price if, in the
Company’s judgment, it is probable that a significant future reversal of cumulative revenue under the contract will not occur. None of the
Company’s contracts contain a significant financing component.
Allocation of the transaction price to the performance obligations in the contract - If the contract contains a single performance obligation, the
entire transaction price is allocated to the single performance obligation. Contracts that contain multiple performance obligations require an
allocation of the transaction price to each performance obligation based on a relative standalone selling price, or SSP, basis.
Recognition of revenue when, or as, the Company satisfies a performance obligation - The Company recognizes revenue when control of the
services or products are transferred to the customers, in an amount that reflects the consideration the Company expects to be entitled to in
exchange for those services or products. The Company records its revenue net of any value added or sales tax.
The Company generates sales directly through its sales team and, to a growing extent, through its channel partners. Sales to channel partners are made
at a discount and revenues are recorded at this discounted price once all revenue recognition criteria are met. Channel partners generally receive an order from an
end-customer prior to placing an order with the Company, and these partners do not carry any inventory of the Company’s products or solutions. Payment from
channel partners is not contingent on the partner’s success in sales to end-customers. In the event that the Company offers rebates, joint marketing funds, or other
incentive programs to a partner, recorded revenues are reduced by these amounts accordingly.
Payment terms on invoiced amounts are typically 30 to 45 days.
79
�Proofpoint, Inc.
Notes to Consolidated Financial Statements (Continued)
(dollars and share amounts in thousands, except per share amounts)
Disaggregation of Revenue
The Company derives its revenue primarily from: (1) subscription service revenue; (2) subscription software revenue, and (3) hardware and services,
which include professional service and training revenue provided to customers related to their use of the platform.
The following table presents the Company’s revenue disaggregation:
Subscription service revenue
Subscription software revenue
Hardware and services
Total revenue
Subscription service revenue
2018
Year Ended December 31,
2017
2016
$
$
681,138 $
23,262
12,594
716,994 $
489,274 $
17,081
13,326
519,681 $
354,341
13,153
10,843
378,337
Subscription service revenue is derived from a subscription-based enterprise licensing model with contract terms typically ranging from one to three
years, and consists of (1) subscription fees from the licensing of the Company’s security-as-a-service platform and it’s various components, (2) subscription fees
for software with support and related future updates where the software updates are critical to the customers’ ability to derive benefit from the software due to the
fast changing nature of the technology. These function together as one performance obligation, and (3) subscription fees for the right to access the Company’s
customer support services for software with significant standalone functionality and support services for hardware. The hosted on-demand service arrangements do
not provide customers with the right to take possession of the software supporting the hosted services. Support revenue is derived from ongoing security updates,
upgrades, bug fixes, and maintenance. A time-elapsed method is used to measure progress because the Company transfers control evenly over the contractual
period. Accordingly, the fixed consideration related to subscription service revenue is generally recognized on a straight-line basis over the contract term beginning
on the date access is provided, as long as other revenue recognition criteria have been met. Most of the company’s contracts are non-cancelable over the contract
term. Customers typically have the right to terminate their contract for cause if the Company fails to perform in accordance with the contractual terms. Some of the
Company’s customers have the option to purchase additional subscription services at a stated price. These options are evaluated on a case-by-case basis but
generally do not provide a material right as they are priced at or above the Company’s SSP and, as such, would not result in a separate performance obligation.
Subscription software revenue
Subscription software revenue is primarily derived from term-based software that is deployed on the customers’ own servers and has significant
standalone functionality, is recognized upon transfer of control to the customer. The control for subscription software is transferred at the later of delivery to the
customer or the software license start date.
Hardware and services
Hardware revenue consists of amounts derived from the sale of the Company’s on-premise hardware appliance, which is recognized upon passage of
control, which occurs upon shipment of the product. Professional services revenue consists of fees associated with consulting, implementation and training services
for assisting customers in implementing and expanding the use of the Company’s services and products. These services are distinct from subscription, subscription
software licenses and hardware. Professional services do not result in significant customization of the Company’s services and products. The Company recognizes
revenue related to the professional services as they are performed.
80
�Proofpoint, Inc.
Notes to Consolidated Financial Statements (Continued)
(dollars and share amounts in thousands, except per share amounts)
Contracts with multiple performance obligations
Most of the Company’s contracts with customers contain multiple performance obligations that are distinct and accounted for separately. The
transaction price allocated to subscription services and subscription software that does not have significant standalone functionality is determined by considering
factors such as historical pricing practices, and the selling price of hardware and professional services is estimated using a cost plus model. The selling price for
support of a functional subscription software license is calculated as a percentage of functional subscription software license value which is derived by analyzing
internal pricing practice, customer expectations, and industry practice.
Variable Consideration
Revenue from sales is recorded at the net sales price, which is the transaction price, and includes estimates of variable consideration. The amount of
variable consideration that is included in the transaction price is constrained, and is included in the net sales price only to the extent that it is probable that a
significant reversal in the amount of the cumulative revenue will not occur when the uncertainty is resolved. If the Company’s services or products do not meet
certain service level commitments, the Company’s customers are entitled to receive service credits representing a form of variable consideration. The Company has
not historically experienced any significant incidents affecting the defined levels of reliability and performance as required by the Company’s subscription
contracts. Accordingly, any estimated refunds related to these contracts in the consolidated financial statements are not material during the periods presented.
Unbilled accounts receivables
Unbilled accounts receivable represents amounts for which the Company has recognized revenue, pursuant to its revenue recognition policy, for
software licenses already delivered and professional services already performed, but billed in arrears and for which the Company believes it has an unconditional
right to payment. The unbilled accounts receivable balance, included in accounts receivable in the consolidated balance sheet, was $1,276 and $603 as of December
31, 2018 and 2017, respectively.
Deferred commissions
The Company capitalizes sales commissions and associated payroll taxes paid to internal sales personnel, and referral fees paid to independent third-
parties, that are incremental to the acquisition of customer contracts. These costs are recorded as deferred commissions on the consolidated balance sheets. The
Company determines whether costs should be deferred based on its sales compensation plans, if the commissions are incremental and would not have occurred
absent the customer contract. Sales commissions for renewal of a subscription contract are not considered commensurate with the commissions paid for the
acquisition of the initial subscription contract given the substantive difference in commission rate between new and renewal contracts. Commissions paid upon the
initial acquisition of a contract are amortized over an estimated period of benefit of five years while commissions paid related to renewal contracts are amortized
over a contractual renewal period. Amortization is recognized based on the expected future revenue streams under the customer contracts. Amortization of deferred
sales commissions is included in sales and marketing expense in the accompanying consolidated statements of operations. The Company determines the period of
benefit for commissions paid for the acquisition of the initial subscription contract by taking into consideration its initial estimated customer life and the
technological life of the Company’s software and related significant features. The Company classifies deferred commissions as current or long-term based on the
timing of when the Company expects to recognize the expense. The Company periodically reviews these deferred commission costs to determine whether events or
changes in circumstances have occurred that could impact the period of benefit of these deferred contract acquisition costs. There were no material impairment
losses recorded during the periods presented.
For the years ended December 31, 2018, 2017 and 2016, the Company capitalized $66,254, $45,910 and $37,446 of commission costs, respectively,
and amortized $37,076, $28,476 and $22,704, respectively.
81
�Proofpoint, Inc.
Notes to Consolidated Financial Statements (Continued)
(dollars and share amounts in thousands, except per share amounts)
Deferred product costs
Deferred product costs are the incremental costs to fulfill a contract that are directly associated with each non-cancellable customer contract and
primarily consist of royalty payments made to third parties, from whom the Company has obtained licenses to integrate certain software into its products. The
deferred product costs are recognized based on the contractual term, and included in cost of revenue in the accompanying consolidated statements of operations.
The Company classifies deferred product costs as current or long-term based on the timing of when the Company expects to recognize the expense.
For the years ended December 31, 2018, 2017 and 2016, the Company capitalized $2,765, $2,510 and $2,922 of deferred product costs, respectively,
and amortized $2,463, $2,849 and $3,325, respectively.
Deferred revenue
The Company records deferred revenue when cash payments are received, or invoices are issued in advance of the Company’s performance, and
generally recognizes revenue over the contractual term. The Company recognized revenue of $363,483, $242,428 and $168,673 during the years ended December
31, 2018, 2017 and 2016, respectively, that was included in the deferred revenue balances at the beginning of the respective periods.
The Company recognized $2,901, $1,055 and $983 of revenue during the years ended December 31, 2018, 2017 and 2016, respectively, related to the
performance obligations satisfied in prior periods. The acquisition of Wombat Securities, Inc. (see Note 3 “Acquisitions”) on February 28, 2018, increased deferred
revenue by $14,700, of which $12,187 was recognized in the year ended December 31, 2018.
Remaining performance obligations
Contracted revenue as of December 31, 2018 that has not yet been recognized (“contracted not recognized”) was $472,989, which includes deferred
revenue and non-cancellable amounts that will be invoiced and recognized as revenue in future periods and excludes contracts with an original expected length of
one year or less. The Company expects 62% of contracted and not recognized revenue to be recognized over the next twelve months, 37% in years two and three,
with the remaining balance recognized thereafter.
3. Acquisitions
Acquisitions are accounted for under the purchase method of accounting in which the tangible and identifiable intangible assets and liabilities of each
acquired company are recorded at their respective fair values as of each acquisition date, including an amount for goodwill representing the difference between the
respective acquisition consideration and fair values of identifiable net assets. The Company believes that for each acquisition, the combined entities will achieve
savings in corporate overhead costs and opportunities for growth through expanded geographic and customer segment diversity with the ability to leverage
additional products and capabilities. These factors, among others, contributed to a purchase price in excess of the estimated fair value of each acquired company’s
net identifiable assets acquired and, as a result, goodwill was recorded in connection with each acquisition. Goodwill related to each acquisition below is not
deductible for tax purposes.
While the Company uses its best estimates and assumptions as part of the purchase price allocation process to value assets acquired and liabilities
assumed at the acquisition date, these estimates and assumptions are subject to refinement. When additional information becomes available, such as finalization of
negotiations of working capital adjustments and tax related matters, the Company may revise its preliminary purchase price allocation. As a result, during the
preliminary purchase price allocation period, which may be up to one year from the acquisition date, the Company may record adjustments to the assets acquired
and liabilities assumed, with the corresponding offset to goodwill. Subsequent to the purchase price allocation period, adjustments to assets acquired or liabilities
assumed are recognized in the operating results.
82
�Proofpoint, Inc.
Notes to Consolidated Financial Statements (Continued)
(dollars and share amounts in thousands, except per share amounts)
2018 Acquisitions
Wombat Security Technologies, Inc.
On February 28, 2018 (the “Wombat Acquisition Date”), pursuant to the terms of the merger agreement, the Company acquired all shares of Wombat
Security Technologies, Inc. (“Wombat”), a leader for phishing simulation and security awareness computer-based training. By collecting data from Wombat’s
PhishAlarm solution, the Company has access to data on phishing campaigns as seen by non-Company customers, providing broader visibility and insight to the
Proofpoint Nexus platform.
With this acquisition, the Company’s customers can leverage the industry’s first solution combining the Company’s advanced threat protection with
Wombat’s phishing simulation and computer-based security awareness training. With the combined solutions, the Company’s customers can:
•
•
•
Use real detected phishing attacks for simulations, assessing users based on the threats that are actually targeting them;
Both investigate and take action on user-reporting phishing, leveraging orchestration and automation to find real attacks, quarantine emails in
users’ inboxes, and lock user accounts to limit risk;
Train users in the moment immediately after they click for both simulated and real phishing attacks.
The Company also expects to achieve savings in corporate overhead costs for the combined entities. These factors, among others, contributed to a
purchase price in excess of the estimated fair value of acquired net identifiable assets and, as a result, goodwill was recorded in connection with the acquisition.
The Company has estimated fair values of acquired tangible assets, intangible assets and liabilities at the Wombat Acquisition Date. The results of
operations and the fair values of the acquired assets and liabilities assumed have been included in the accompanying consolidated financial statements since the
Wombat Acquisition Date.
At the Wombat Acquisition Date, the consideration transferred was $225,366, net of cash acquired of $13,452. Of the consideration transferred,
$22,500 was held in escrow to secure indemnification obligations, which has not been released as of the issuance of these consolidated financial statements. The
Company incurred $719 in acquisition-related costs which were recorded within operating expenses for the year ended December 31, 2018. The Company recorded
$34,958 in revenue from Wombat for the year ended December 31, 2018, and due to the continued integration of the combined businesses, it was impractical to
determine the earnings.
Per the terms of the merger agreement, unvested in-the-money stock options held by Wombat employees were canceled and paid off using the same
amount per option as for the common share less applicable exercise price for each option. The fair value of $1,580 of these unvested options was attributed to pre-
combination service and included in consideration transferred. The fair value of unvested options of $1,571 was allocated to post-combination services and
expensed in the three months ended March 31, 2018. Also, as part of the merger agreement, 51 shares of the Company’s common stock were deferred for certain
key employees with the total fair value of $5,458 (see Note 10 “Equity Award Plans”), which was not included in the purchase price. The deferred shares are
subject to forfeiture if employment terminates prior to the lapse of the restrictions, and their fair value is expensed as stock-based compensation expense over the
vesting period.
83
�Proofpoint, Inc.
Notes to Consolidated Financial Statements (Continued)
(dollars and share amounts in thousands, except per share amounts)
The following table summarizes the fair values o f tangible assets acquired, liabilities assumed, intangible assets and goodwill:
Current assets
Fixed assets
Customer relationships
Order backlog
Core/developed technology
Trade name
Deferred revenue
Deferred tax liability, net
Other liabilities
Goodwill
2017 Acquisitions
Cloudmark, Inc.
Estimated
Fair Value
23,344
954
37,800
6,800
35,200
2,400
(14,700)
(14,725)
(1,120)
162,865
238,818
$
$
Estimated
Useful Life
(in years)
N/A
N/A
7
2
4
4
N/A
N/A
N/A
Indefinite
On November 21, 2017 (the “Cloudmark Acquisition Date”), pursuant to the terms of the merger agreement, the Company acquired all shares of
Cloudmark, Inc. (“Cloudmark”), a leader in messaging security and threat intelligence for internet service providers and mobile carriers worldwide. As part of the
acquisition, Cloudmark’s Global Threat Network was incorporated into Company’s cloud-based Nexus platform, which powers its email, social media, mobile, and
SaaS security effectiveness.
The Company believes that with this acquisition, it will benefit from increased messaging threat intelligence from the analysis of billions of daily
emails, malicious domain intelligence, and visibility into fraudulent and malicious SMS messages directed to mobile carriers worldwide. The Company also
expects to achieve savings in corporate overhead costs for the combined entities. These factors, among others, contributed to a purchase price in excess of the
estimated fair value of acquired net identifiable assets and, as a result, goodwill was recorded in connection with the acquisition.
The Company has estimated fair values of acquired tangible assets, intangible assets and liabilities at the Cloudmark Acquisition Date. The results of
operations and the fair values of the acquired assets and liabilities assumed have been included in the accompanying consolidated financial statements since the
Cloudmark Acquisition Date.
At the Cloudmark Acquisition Date, the consideration transferred was $107,283, net of cash acquired of $31,973. Of the consideration transferred,
$16,700 was held in escrow to secure indemnification obligations, which has not been released as of the issuance of these consolidated financial statements.
Per the terms of the merger agreement, unvested stock options and unvested restricted stock units held by Cloudmark employees were canceled and
exchanged for the Company’s unvested stock options and unvested restricted stock units, respectively. The fair value of $91 of these unvested awards was
attributed to pre-combination services and included in consideration transferred. The fair value of $1,180 was allocated to post-combination services. The unvested
awards are subject to the recipient’s continued service with the Company, and $1,180 is recognized ratably as stock-based compensation expense over the required
remaining service period.
84
�Proofpoint, Inc.
Notes to Consolidated Financial Statements (Continued)
(dollars and share amounts in thousands, except per share amounts)
The following table summarizes the fair values of tangible assets acquired, liabilities assumed, intangible assets and goodwill:
Current assets
Fixed assets
Non-current assets
Liabilities
Deferred revenue
Customer relationships
Order backlog
Core/developed technology
Deferred tax liability, net
Goodwill
WebLife Balance, Inc.
$
$
Fair Value
37,390
543
74
(4,422)
(15,400)
15,300
1,400
18,500
(7,905)
93,776
139,256
Estimated
Useful Life
(in years)
N/A
N/A
N/A
N/A
N/A
8
1
4
N/A
Indefinite
On November 30, 2017 (the “WebLife Acquisition Date”), pursuant to the terms of a merger agreement, the Company acquired all shares of WebLife
Balance, Inc. (“WebLife”), a browser isolation offerings vendor, to extend its advanced threat protection capabilities into personal email, while preserving the
privacy of its users.
The Company has estimated fair values of acquired tangible assets, intangible assets and liabilities at the WebLife Acquisition Date. The results of
operations and the fair values of the acquired assets and liabilities assumed have been included in the accompanying consolidated financial statements since the
WebLife Acquisition Date.
At the WebLife Acquisition Date, the consideration transferred was $48,765, net of cash acquired of $278. Of the consideration transferred, $6,203
was held in escrow to secure indemnification obligations, which has not been released as of the issuance of these consolidated financial statements.
Per the terms of the merger agreement, unvested stock options held by WebLife employees were canceled and exchanged for the Company’s unvested
awards. The fair value of $333 of these unvested options was attributed to pre-combination service and included in consideration transferred. The fair value of
$1,468 was allocated to post-combination services. The unvested awards are subject to the recipient’s continued service with the Company, and $1,468 is
recognized ratably as stock-based compensation expense over the required remaining service period. Also, as part of the merger agreement, 107 shares of the
Company’s common stock were deferred for certain key employees with the total fair value of $9,652 (see Note 10 “Equity Award Plans”), which was not included
in the purchase price. The deferred shares are subject to forfeiture if employment terminates prior to the lapse of the restrictions, and their fair value is expensed as
stock-based compensation expense over the vesting period.
85
�Proofpoint, Inc.
Notes to Consolidated Financial Statements (Continued)
(dollars and share amounts in thousands, except per share amounts)
The following table summarizes the fair values of tangible assets acquired, liabilities assumed, intangible assets and goodwill:
Current assets
Fixed assets
Liabilities
Deferred revenue
Customer relationships
Core/developed technology
Deferred tax liability, net
Goodwill
2016 Acquisitions
FireLayers
$
$
Fair Value
534
23
(88)
(700)
600
16,600
(4,440)
36,514
49,043
Estimated
Useful Life
(in years)
N/A
N/A
N/A
N/A
5
5
N/A
Indefinite
On October 24, 2016 (the “FireLayers Acquisition Date”), pursuant to the terms of a share purchase agreement, the Company acquired all shares of
FireLayers, Ltd. (“FireLayers”), a provider of solutions for organizations to control and protect their cloud applications. With this acquisition, the Company extends
Targeted Attack Protection to SaaS applications, enabling customers to protect their employees using SaaS applications from advanced malware.
The Company has estimated fair values of acquired tangible assets, intangible assets and liabilities at the FireLayers Acquisition Date. The results of
operations and the fair values of the acquired assets and liabilities assumed have been included in the accompanying consolidated financial statements since the
FireLayers Acquisition Date.
The total purchase price was $45,616, net of cash acquired of $210. Of the cash consideration paid, $7,740 was held in escrow to secure
indemnification obligations, which has not been released as of the issuance of these consolidated financial statements.
Per the terms of the share purchase agreement, unvested stock options held by FireLayers employees were canceled and exchanged for unvested stock
options to purchase shares of the Company’s common stock. The fair value of $1,326 of these unvested options, which are subject to the recipient’s continued
service with the Company and thus excluded from the purchase price, are recognized ratably as stock-based compensation expense over the required service period.
Also, as part of the share purchase agreement, 111 shares of restricted stock were issued to certain key employees with the total fair value of $8,669 (see Note 10),
which was not included in the purchase price. The shares of restricted stock are subject to forfeiture if employment terminates prior to the lapse of the restrictions,
and their fair value is expensed as stock-based compensation expense over the vesting period.
86
�Proofpoint, Inc.
Notes to Consolidated Financial Statements (Continued)
(dollars and share amounts in thousands, except per share amounts)
The following table summarizes the fair values of acquired assets and liabilities:
Current assets acquired
Developed technology
Fixed assets
Deferred tax liability, net
Other liabilities assumed
Additional-paid-in-capital
Goodwill
Return Path
$
$
Fair Value
432
22,600
52
(3,530)
(540)
(176)
26,988
45,826
Estimated
Useful Life
(in years)
N/A
5
N/A
N/A
N/A
N/A
Indefinite
On August 24, 2016 (the “Return Path Acquisition Date”), pursuant to the terms of an asset purchase agreement, the Company acquired Return Path,
Inc.’s (“Return Path”) Email Fraud Protection (“EFP”) business unit. Return Path’s EFP business, which provides standards-based DMARC authentication and
proprietary sender-analysis capabilities, is integrated into the Company’s suite of email protection solutions to further enhance its business email compromise
capabilities.
The Company has estimated fair values of acquired tangible assets, intangible assets and liabilities at the Return Path Acquisition Date. The results of
operations and the fair values of the acquired assets and liabilities assumed have been included in the accompanying consolidated financial statements since the
Return Path Acquisition Date. Pro forma results of operations have not been presented because the acquisition was not material to the Company’s consolidated
financial statements.
The total purchase price was $17,513, of which $9,162 was classified and recorded as contingent consideration on the balance sheet as of the Return
Path Acquisition Date.
The fair value of the contingent consideration liability was determined as of the acquisition date using unobservable inputs. These inputs included the
estimated amount and timing of future contract assignments, the probability of success and a risk-adjusted discount rate to adjust the probability-weighted cash
flows to present value.
The following table summarizes the fair values of acquired assets and liabilities:
Customer relationships
Developed technology
Order backlog
Deferred revenue assumed
Goodwill
$
$
Fair Value
7,600
3,900
700
(1,200)
6,513
17,513
Estimated
Useful Life
(in years)
6
4
1
N/A
Indefinite
87
�Proofpoint, Inc.
Notes to Consolidated Financial Statements (Continued)
(dollars and share amounts in thousands, except per share amounts)
Pro Forma Financial Information (unaudited)
The following unaudited pro forma financial information presents the combined results of operations for the years ended December 31, 2018, 2017 and
2016 as though the acquisitions that occurred during the reporting periods had occurred as of the beginning of the comparable prior annual reporting periods, with
adjustments to give effect to pro forma events that are directly attributable to the acquisitions such as amortization expense of acquired intangible assets, stock-
based compensation directly attributable to the acquisitions and acquisition-related transaction costs. The unaudited pro forma results do not include the acquisition
of Return Path, and do not reflect any operating efficiencies or potential cost savings which may result from the consolidation of the operations of the Company and
acquisitions. Accordingly, these unaudited pro forma results are presented for informational purposes only and are not necessarily indicative of what the actual
results of operations of the combined company would have been if the acquisitions had occurred at the beginning of the period presented, nor are they indicative of
future results of operations:
Total revenue
Net loss
Basic and diluted net loss per share
2018
Year Ended December 31,
2017
$
$
$
723,628 $
(103,980) $
(2.00) $
594,966 $
(89,221) $
(2.02) $
2016
414,539
(108,896)
(2.60)
The unaudited pro forma financial information includes acquisition-related transaction costs of $719 for the year ended December 31, 2018.
4. Concentration of Risks
Financial instruments that potentially subject the Company to credit risk consist principally of cash and cash equivalents, short-term investments and
accounts receivable.
The Company limits its concentration of risk in cash equivalents and short-term investments by diversifying its investments among a variety of
industries and issuers and by limiting the average maturity to one year or less. The Company’s professional portfolio managers adhere to this investment policy as
approved by the Company’s Board of Directors.
The Company’s investment policy is to invest only in fixed income investments denominated and payable in U.S. dollars. Investment in obligations of
the U.S. government and its agencies, money market instruments, commercial paper, certificates of deposit, bankers’ acceptances, corporate bonds of U.S.
companies, municipal securities and asset backed securities are allowed. The Company does not invest in auction rate securities, futures contracts, or hedging
instruments.
The Company’s accounts receivables are derived from revenue earned from customers primarily located in the United States of America. The
Company performs periodic evaluations of its customers’ financial condition and generally does not require its customers to provide collateral or other security to
support accounts receivable, and maintains an allowance for doubtful accounts. Credit losses historically have not been material.
During the years ended December 31, 2018 and 2017, one partner accounted for 12% of total revenue, though the partner sold to a number of end-
users, none of which accounted for more than 10% of our total revenue in 2018 and 2017. During the year ended December 31, 2016, no individual customers
accounted for more than 10% of total revenue.
Two partners accounted for 12% of total accounts receivable each as of December 31, 2018, and one partner accounted for 11% of total accounts
receivable as of December 31, 2017.
88
�Proofpoint, Inc.
Notes to Consolidated Financial Statements (Continued)
(dollars and share amounts in thousands, except per share amounts)
5. Balance Sheet Components
Property and equipment at December 31, 2018 and December 31, 2017 consist of the following:
Computer equipment
Software
Furniture
Office equipment
Leasehold improvements
Other
Construction in progress
Less: Accumulated depreciation
Property and equipment acquired under capital leases:
Computer equipment
Less: Accumulated depreciation
Useful Life
(in years)
2 to 4
2 to 5
5
2 to 5
5 years, or lease
term, if shorter
2
December 31,
2018
2017
142,777 $
3,782
3,637
585
13,129
59
1,088
165,057
(94,430)
70,627 $
125,296
2,647
2,523
587
10,632
59
1,854
143,598
(69,981)
73,617
December 31,
2018
2017
— $
—
— $
453
(372)
81
$
$
$
$
Depreciation expense for the years ended December 31, 2018, 2017 and 2016 $32,396, $23,591, and $17,131, respectively. This included depreciation
expense for assets under capital leases of $29, $31 and $31 for the years ended December 31, 2018, 2017 and 2016, respectively.
The allowance for doubtful accounts receivable was not material as of December 31, 2018 and 2017.
Accrued liabilities at December 31, 2018 and December 31, 2017 consisted of the following:
Accrued compensation
ESPP contributions
Customer deposits
Accrued royalties
Acquisition-related contingent consideration
Other
6. Goodwill and Intangible Assets
The goodwill activity and balances are presented below:
Beginning balance
Acquisitions during period
Purchase accounting adjustments
Closing balance
89
December 31,
2018
2017
55,924 $
3,224
5,961
1,373
—
24,237
90,719 $
38,605
2,339
570
780
634
22,575
65,503
Year Ended December 31,
2018
2017
297,704 $
162,865
(144)
460,425 $
167,270
130,434
—
297,704
$
$
$
$
�Proofpoint, Inc.
Notes to Consolidated Financial Statements (Continued)
(dollars and share amounts in thousands, except per share amounts)
Intangible Assets
Intangible assets consisted of the following:
Developed technology
Customer relationships
Trademark and patents
Order backlog
Gross
Carrying
Amount
December 31, 2018
Accumulated
Amortization
Net
Carrying
Amount
Gross
Carrying
Amount
December 31, 2017
Accumulated
Amortization
Net
Carrying
Amount
$
$
154,069 $
71,400
3,330
6,800
235,599 $
(79,525) $
(15,166)
(1,430)
(2,833)
(98,954) $
74,544 $
56,234
1,900
3,967
136,645 $
118,869 $
33,600
930
2,300
155,699 $
(52,554) $
(5,918)
(825)
(800)
(60,097) $
66,315
27,682
105
1,500
95,602
Amortization expense of intangibles totaled $41,157, $18,506 and $14,421 during the years ended December 31, 2018, 2017 and 2016, respectively.
Future estimated amortization costs of intangible assets as of December 31, 2018 are presented below:
Year Ended December 31,
2019
2020
2021
2022
2023
Thereafter
7. Fair Value Measurements and Investments
Fair Value Measurements
$
$
39,650
34,566
31,698
13,501
7,312
9,918
136,645
Fair value is defined as the price that would be received to sell an asset or paid to transfer a liability (i.e., the “exit price”) in an orderly transaction
between market participants at the measurement date. A hierarchy for inputs used in measuring fair value has been defined to minimize the use of unobservable
inputs by requiring the use of observable market data when available. Observable inputs are inputs that market participants would use in pricing the asset or
liability based on active market data. Unobservable inputs are inputs that reflect the Company’s assumptions about the assumptions market participants would use
in pricing the asset or liability based on the best information available in the circumstances.
The fair value hierarchy prioritizes the inputs into three broad levels:
•
•
•
Level 1: Quoted (unadjusted) prices in active markets for identical assets or liabilities. The Company’s Level 1 assets generally consist of money
market funds.
Level 2: Observable inputs other than quoted prices included in Level 1, such as quoted prices for similar assets or liabilities in active markets;
quoted prices for identical or similar assets or liabilities in markets that are not active; or other inputs that are observable or can be corroborated
by observable market data for substantially the full term of the asset or liability. The Company’s Level 2 assets and liabilities generally consist of
corporate debt securities, commercial papers, U.S. agency and Treasury securities.
Level 3: Unobservable inputs to the valuation methodology that are supported by little or no market activity and that are significant to the
measurement of the fair value of the assets or liabilities. Level 3 assets and liabilities include those whose fair value measurements are
determined using pricing models, discounted cash flow methodologies or similar valuation techniques, as well as significant management
judgment or estimation.
90
�Proofpoint, Inc.
Notes to Consolidated Financial Statements (Continued)
(dollars and share amounts in thousands, except per share amounts)
In connection with the acquisition of Return Path, a liability was recognized on Return Path Acquisition Date for the estimate of the fair value o f the
Company’s contingent payment. The Company determined the fair value of the Acquisition-related contingent liability based on the estimated amount and timing
of future contract assignments, and the probability of success. This fair value measurement i s based on significant inputs not observable in the market and thus
represent Level 3 measurement.
The following tables summarize, for each category of assets or liabilities carried at fair value, the respective fair value as of December 31, 2018 and
December 31, 2017 and the classification by level of input within the fair value hierarchy:
Total
Level 1
Level 2
Level 3
December 31, 2018
Assets
Cash equivalents:
Money market funds
Commercial paper
Short-term investments:
Corporate debt securities
Commercial paper
U.S. Treasury securities
Total financial assets
Assets
Cash equivalents:
Money market funds
Commercial paper
U.S. agency securities
Short-term investments:
Corporate debt securities
Commercial paper
U.S. agency securities
U.S. Treasury securities
Total financial assets
Liabilities
Acquisition-related contingent consideration
$
133,202 $
12,478
13,470
30,838
1,999
191,987 $
— $
12,478
13,470
30,838
1,999
58,785 $
133,202 $
—
—
—
—
133,202 $
December 31, 2017
Total
Level 1
Level 2
Level 3
231,828 $
7,995
1,996
11,600
27,939
3,991
1,996
287,345 $
231,828 $
—
—
—
—
—
—
231,828 $
— $
7,995
1,996
11,600
27,939
3,991
1,996
55,517 $
—
—
—
—
—
—
—
—
—
—
—
—
—
—
634 $
— $
— $
634
$
$
$
$
91
�Proofpoint, Inc.
Notes to Consolidated Financial Statements (Continued)
(dollars and share amounts in thousands, except per share amounts)
The following table represents a reconciliation of the Acquisition-related contingent consideration liability measured at fair value on a recurring basis,
using significant unobservable inputs (Level 3):
Balance as of December 31, 2015
Additions during the period
Payments during the period
Adjustments to fair value during the period recorded in General and
administrative expenses
Balance as of December 31, 2016
Additions during the period
Payments during the period
Adjustments to fair value during the period recorded in General and
administrative expenses
Balance as of December 31, 2017
Additions during the period
Payments during the period
Adjustments to fair value during the period recorded in General and
administrative expenses
Balance as of December 31, 2018
$
$
Amount
—
9,162
(260)
(669)
8,233
—
(6,066)
(1,533)
634
—
(555)
(79)
—
The carrying amounts of the Company’s cash equivalents, accounts receivable and accounts payable approximate their fair values due to their short
maturities.
Investments
The cost and fair value of the Company’s cash, cash equivalents and available-for-sale investments as of December 31, 2018 and December 31, 2017
were as follows:
Cash and cash equivalents:
Cash
Money market funds
Commercial paper
Total
Short-term investments:
Corporate debt securities
Commercial paper
U.S. Treasury securities
Total
Amortized
Cost
Unrealized
Gains
Unrealized
Losses
Fair
Value
December 31, 2018
39,712 $
133,202
12,478
185,392 $
13,477 $
30,838
1,999
46,314 $
$
$
$
$
92
— $
—
—
— $
— $
—
—
— $
— $
—
—
— $
(7) $
—
—
(7) $
39,712
133,202
12,478
185,392
13,470
30,838
1,999
46,307
�Proofpoint, Inc.
Notes to Consolidated Financial Statements (Continued)
(dollars and share amounts in thousands, except per share amounts)
Cash and cash equivalents:
Cash
Money market funds
Commercial paper
U.S. agency securities
Total
Short-term investments:
Corporate debt securities
Commercial paper
U.S. agency securities
U.S. Treasury securities
Total
Amortized
Cost
Unrealized
Gains
Unrealized
Losses
Fair
Value
December 31, 2017
$
$
$
$
44,253 $
231,828
7,995
1,996
286,072 $
11,607 $
27,939
3,992
1,997
45,535 $
— $
—
—
—
— $
— $
—
—
—
— $
— $
—
—
—
— $
(7) $
—
(1)
(1)
(9) $
44,253
231,828
7,995
1,996
286,072
11,600
27,939
3,991
1,996
45,526
As of December 31, 2018 and 2017, all investments mature in less than one year. Fair values for marketable securities are based on quoted market
prices for the same or similar instruments.
The Company reviews its investments on a quarterly basis to identify and evaluate investments that have an indication of possible impairment and has
determined that no other-than-temporary impairments were required to be recognized during the years ended December 31, 2018, 2017 and 2016.
8. Commitments and Contingencies
Operating Leases
In October 2018, the Company entered into a 127 months lease agreement to lease approximately 242,400 square feet of corporate office space in
Sunnyvale, California, which is expected to become the Company’s new corporate headquarters beginning in 2020. The property will be constructed by the
landlord, with the completion date expected to occur between April and August 2020. The lease contains a rent holiday period, scheduled rent increases, lease
incentives, and renewal option which allow the lease term to be extended by 5 years. Base rental payments will be approximately $161,300 over the lease term.
The Company leases certain of its facilities under non-cancellable operating leases with various expiration dates through 2031.
Premises rent expense was $10,944, $8,010 and $5,054 for the years ended December 31, 2018, 2017 and 2016, respectively.
At December 31, 2018, future annual minimum lease payments under noncancellable operating leases were as follows:
2019
2020
2021
2022
2023
Thereafter
Total minimum lease payments
93
Operating
Leases
25,313
17,535
19,155
21,581
19,609
129,154
232,347
$
$
�Proofpoint, Inc.
Notes to Consolidated Financial Statements (Continued)
(dollars and share amounts in thousands, except per share amounts)
Purchase Commitments
As of December 31, 2018, the Company’s minimum purchase commitments for products and services were $27,458, of which $4,651 represent long-
term purchase commitments through the year ending December 31, 2021.
Contingencies
Under the indemnification provisions of the Company’s customer agreements, the Company agrees to indemnify and defend and hold harmless its
customers against, among other things, infringement of any patent, trademark or copyright under any country’s laws or the misappropriation of any trade secret
arising from the customers’ legal use of the Company’s solutions. The exposure to the Company under these indemnification provisions is generally limited to the
total amount paid by the customers under the applicable customer agreement. However, certain indemnification provisions potentially expose the Company to
losses in excess of the aggregate amount paid to the Company by the customer under the applicable customer agreement. To date, there have been no claims against
the Company or its customers pursuant to these indemnification provisions.
Legal Contingencies
From time to time, the Company may be involved in legal proceedings and subject to claims in the ordinary course of business. For lawsuits where the
Company is the defendant, the Company is in the process of defending these litigation matters, and while there can be no assurances and the outcomes of these
matters are currently not determinable, the Company currently believes that there are no existing claims or proceedings that are likely to have a material adverse
effect on the Company’s financial position, results of operations or cash flows.
9. Convertible Senior Notes
0.75% Convertible Senior Notes due June 2020
On June 17, 2015, the Company issued $200,000 principal amount of 0.75% Convertible Senior Notes (the “0.75% Notes”) due 2020 in a private
offering to qualified institutional buyers (“Holders”) pursuant to Rule 144A under the Securities Act of 1934, as amended (the “Securities Act”). The initial Holders
of the 0.75% Notes also had an option to purchase an additional $30,000 in principal amount which was exercised in full. The net proceeds after the agent’s
discount and issuance costs of $6,581 from the 0.75% Notes offering were approximately $223,419. The Company used the net proceeds for working capital and
general corporate purposes, which included funding the Company’s operations, capital expenditures, and acquisitions of businesses, products or technologies. The
0.75% Notes bore interest at 0.75% per year, payable semi-annually in arrears every June 15 and December 15, beginning on December 15, 2015.
In accordance with the authoritative accounting guidance, the Company allocated the total amount of the 0.75% Notes into liability and equity
components. The carrying value of the liability component at issuance was calculated as the present value of its cash flows using a discount rate of 6.5% based on
the blended rate between the yield rate for a Moody’s B1 rating and the average debt rate for comparable convertible transactions from similar companies. The
difference between the 0.75% Notes principal and the carrying value of the liability component, representing the value of conversion premium assigned to the
equity component, was recorded as an increase to additional paid in capital and as a debt discount on the issuance date. The equity component was being accreted
using the effective interest rate method over the period from the issuance date through the conversion date as a non-cash charge to interest expense. Upon issuance
of the 0.75% Notes, the Company recorded $174,359 as debt and $55,641 as additional paid in capital within stockholders’ equity.
Additionally, the debt discount and issuance costs were allocated based on the total amount incurred to the liability and equity components using the
same proportions as the proceeds from the 0.75% Notes. The equity issuance costs of $1,592 were recorded as a decrease to additional paid-in capital at the
issuance date.
During the quarter ended September 30, 2018, $229,869 of the principal amount of the 0.75% Notes was converted into 2,928 shares of common stock,
with the remaining $142 repaid in cash. The shares of common stock had a fair value of $336,994 at the time of the conversion. This transaction resulted in a
$7,207 loss on extinguishment that is included in interest expense in the Consolidated Statement of Operations. The loss on extinguishment was calculated as the
difference between the fair value amount allocated to the liability component on the date of conversion and net carrying amount of the liability component.
94
�Proofpoint, Inc.
Notes to Consolidated Financial Statements (Continued)
(dollars and share amounts in thousands, except per share amounts)
The following table presents the carrying values of the 0.75% Notes as of December 31 , 2018 and 2017:
Liability component:
Principal
Less: debt discount and issuance costs, net of amortization
Net carrying amount
Equity component (1)
(1)
Recorded on the consolidated balance sheet as additional paid-in capital, net of the issuance costs in equity
1.25% Convertible Senior Notes due December 2018
December 31, 2018
December 31, 2017
$
$
$
— $
—
— $
— $
230,000
(32,142)
197,858
54,049
On December 11, 2013, the Company issued $175,000 principal amount of 1.25% Convertible Senior Notes (the “1.25% Notes”) due 2018 in a private
offering to Holders pursuant to Rule 144A under the Securities Act. The initial Holders of the 1.25% Notes also had an option to purchase an additional $26,250 in
principal amount which was exercised in full. The net proceeds after the agent’s discount and issuance costs of $5,803 from the 1.25% Notes offering were
approximately $195,446. The Company used the net proceeds for working capital and general corporate purposes, which included funding the Company’s
operations, capital expenditures, and acquisitions of businesses, products or technologies believed to be of strategic importance. The 1.25% Notes bore interest at
1.25% per year, payable semi-annually in arrears every June 15 and December 15, beginning on June 15, 2014.
During the year ended December 31, 2017, $201,250 of the principal amount of the 1.25% Notes was converted into 5,159 shares of common stock,
with the remaining $14 paid in cash. The shares of common stock had a fair value of $473,176 at the time of the conversion. This resulted in a $2,696 loss on
extinguishment that is included in interest expense in the Consolidated Statement of Operations. The loss on extinguishment was calculated as the difference
between the fair value amount allocated to the liability component and net carrying amount of the liability component.
For the years ended December 31, 2018, 2017 and 2016, the Company incurred the following interest expense and loss on conversion related to the
Notes:
Interest expense related to contractual interest coupon
Amortization of debt discount and issuance costs
Loss on conversion
Total
2018
2017
2016
$
$
1,172 $
8,383
7,207
16,762 $
4,123 $
21,789
2,696
28,608 $
4,240
20,842
—
25,082
95
�Proofpoint, Inc.
Notes to Consolidated Financial Statements (Continued)
(dollars and share amounts in thousands, except per share amounts)
10. Equity Award Plans
Stock-Based Compensation Plans
On March 30, 2012, the Board of Directors and the Company’s stockholders approved the 2012 Equity Incentive Plan (the “2012 Plan”), which
became effective in April 2012. The Company has six equity incentive plans: the Company’s 2002 stock option plan (the “2002 Plan”), the 2012 Plan and four
plans assumed by the Company upon various business acquisitions. The assumed plans are the Cloudmark plan, the WebLife plan, and two FireLayers plans. Upon
the Company’s initial public offering, all shares that were reserved under the 2002 Plan but not issued, and shares issued but subsequently returned to the plan
through forfeitures, cancellations and repurchases became part of the 2012 Plan and no further shares will be granted pursuant to the 2002 Plan. No further shares
will be granted pursuant to the assumed plans. All outstanding stock awards under the 2002 Plan, the assumed plans and 2012 Plan will continue to be governed by
their existing terms. Under the 2012 Plan, the Company has the ability to issue incentive stock options (“ISOs”), nonstatutory stock options (“NSOs”), restricted
stock awards, stock bonus awards, stock appreciation rights (“SARs”), restricted stock units (“RSUs”), and performance stock units (“PSUs”). The 2012 Plan also
allows direct issuance of common stock to employees, outside directors and consultants at prices equal to the fair market value at the date of grant of options or
issuance of common stock. Additionally, the 2012 Plan provides for the grant of performance cash awards to employees, directors and consultants. The Company
has the right to repurchase any unvested shares (at the option exercise price) of common stock issued directly or under option exercises. The right of repurchase
generally expires over the vesting period.
Stock bonus and other liability awards are accounted for as liability-classified awards, because the obligations are based predominantly on fixed
monetary amounts that are generally known at the inception of the obligation, to be settled with a variable number of shares of the Company’s common stock.
Under the equity incentive plans, the term of an option grant shall not exceed ten years from the date of its grant and options generally vest over a three
to four-year period, with vesting on a monthly or annual interval. Under the 2012 Plan, 20,316 shares of common stock are reserved for issuance to eligible
participants. As of December 31, 2018, 3,385 shares were available for future grant. Restricted stock awards generally vest over a four-year period.
The Company net-share settles equity awards held by employees by withholding shares upon vesting to satisfy tax withholding obligations. The shares
withheld to satisfy employee tax withholding obligations are returned to the Company’s 2012 Plan and will be available for future issuance. Payments for
employee’s tax obligations to the tax authorities are recognized as a reduction to additional paid-in capital and reflected as financing activities in the Company’s
consolidated statements of cash flows.
Stock Options
The fair value of options granted is estimated on the grant date using the Black-Scholes option valuation model. This valuation model for stock-based
compensation expense requires the Company to make assumptions and judgments about the variables used in the calculation, including the expected term
(weighted-average period of time that the options granted are expected to be outstanding), the volatility of the common stock price and the assumed risk-free
interest rate. The Company accounts for forfeitures as they occur.
No options were granted during the years ended December 31, 2018 and 2017. The weighted average fair value of stock options granted to employees
during the year ended December 31, 2016 was $24.04. The fair values were estimated on the grant dates using the Black-Scholes option-pricing model with the
following weighted-average assumptions:
Expected life (in years)
Volatility
Risk-free interest rate
Dividend yield
96
Year Ended
December 31,
2016
5.31 - 6.08
45%
1.3% - 1.4%
—%
�Proofpoint, Inc.
Notes to Consolidated Financial Statements (Continued)
(dollars and share amounts in thousands, except per share amounts)
The estimate for expected life of options granted reflects the midpoint of the vesting term and the contractual life computed utilizing the simplified
method as allowed by the SEC staff. The Company does not have significant historical share option exercise experience and hence considers the expected term
assumption calculated using the simplified method to be reasonable. Starting January 1, 2016, the expected volatility of the Company ’ s common stock is based on
the Company ’ s historical volatility. Prior to January 1, 2016, the common stock price volatility was determined based on the historical average volatilities of the
common stock of a group of publicly-traded peer co mpanies that operate in a similar industry as the Company did not have sufficient trading history for its
common stock. The risk-free interest rate used was the Federal Reserve Bank ’ s constant maturities interest rate commensurate with the expected life of the options
in effect at the time of the grant. The expected dividend yield was zero, as the Company does not anticipate paying a dividend within the relevant time frame.
The Company realized no income tax benefit from stock option exercises in each of the periods presented due to recurring losses and the valuation
allowances for deferred tax assets.
Stock option activity is as follows:
Balance at December 31, 2015
Options assumed per business acquisition
Options granted
Options exercised
Options forfeited and canceled
Balance at December 31, 2016
Options assumed per business acquisitions
Options exercised
Options forfeited and canceled
Balance at December 31, 2017
Options exercised
Options forfeited and canceled
Balance at December 31, 2018
Exercisable, December 31, 2018
Vested and expected to vest, December 31, 2018
Shares subject to
Options Outstanding
Number of
Shares
Weighted
Average
Exercise
Price
4,042 $
20
237
(1,089)
(27)
3,183
13
(1,126)
(30)
2,040
(767)
(18)
1,255 $
1,184 $
1,255 $
15.10
4.33
54.11
11.59
43.15
18.91
20.27
11.04
45.54
22.88
12.78
49.24
28.67
27.26
28.67
Weighted
Average
Remaining
Contractual
Term
(in years)
Aggregate
Intrinsic
Value
5.77 $
201,736
5.39 $
164,842
5.17 $
134,511
4.77 $
4.62 $
4.77 $
69,224
66,971
69,224
The total intrinsic value of options exercised was $73,057, $82,131 and $58,061, for the years ended December 31, 2018, 2017 and 2016, respectively.
Total cash proceeds from such option exercises were $9,802, $12,383 and $12,620 for the years ended December 31, 2018, 2017 and 2016, respectively.
The grant date fair value of options that vested was $3,447, $7,450 and $9,106 during the years ended December 31, 2018, 2017 and 2016,
respectively.
As of December 31, 2018, the Company had unrecognized stock-based compensation expense of $2,731 related to stock options that will be
recognized, over the average remaining vesting term of the options of 1.06 years.
97
�Proofpoint, Inc.
Notes to Consolidated Financial Statements (Continued)
(dollars and share amounts in thousands, except per share amounts)
Restricted Stock Units and Performance Stock Units
A following table summarizes the activity of RSUs and PSUs:
Awarded and unvested at December 31, 2015
Awards granted
Awards vested
Awards forfeited
Awarded and unvested at December 31, 2016
Awards assumed per business acquisition
Awards granted
Awards vested
Awards forfeited
Awarded and unvested at December 31, 2017
Awards granted
Awards vested
Awards forfeited
Awarded and unvested at December 31, 2018
RSUs and PSUs
Outstanding
Number of
Shares
Granted Fair
Value
Per Unit
3,311 $
1,605
(1,116)
(335)
3,465
8
1,865
(1,320)
(478)
3,540
3,209
(1,446)
(735)
4,568 $
47.94
64.08
44.73
51.40
56.11
91.10
84.91
52.36
63.44
71.77
101.56
69.50
93.70
89.88
As of December 31, 2018, there was $327,812 of unamortized stock-based compensation expense related to unvested RSUs, which are expected to be
recognized over a weighted average period of 3.37 years.
The Company granted 474, 177 and 146 PSUs in the years ended December 31, 2018, 2017 and 2016, respectively. The PSU vesting conditions were
based on individual performance targets. Unamortized stock-based compensation expense was $40,156 as of December 31, 2018.
Stock Bonus Awards and Other Liability Awards
The total accrued liability for the stock bonus awards and other liability awards was $12,741 and $8,502 as of December 31, 2018 and 2017,
respectively.
During the years ended December 31, 2018, 2017 and 2016, 61, 85 and 93 shares of common stock earned under the stock bonus program were issued.
Stock-based compensation expense related to stock bonus program were $12,701, $6,616 and $5,288, respectively, for the years ended December 31, 2018, 2017
and 2016.
In March 2015, the Company issued liability awards with a fair value of $6,885, which vested over three years period and were subject to continuous
service and other conditions. The liability awards were settled with a variable number of shares of the Company’s common stock. During the years ended
December 31, 2018, 2017 and 2016, 20, 29 and 45 shares were vested and issued, respectively. The Company recognized $408, $2,293 and $2,229 of stock-based
compensation expense related to these liability awards in the years ended December 31, 2018, 2017 and 2016. There are no outstanding liability awards as of
December 31, 2018.
Employee Stock Purchase Plan
On March 30, 2012, the Board of Directors and the Company’s stockholders approved the 2012 Employee Stock Purchase Plan (the “ESPP”), which
became effective in April 2012. A total of 745 shares of the Company’s common stock were initially reserved for future issuance under the ESPP. The number of
shares reserved for issuance under the ESPP will increase automatically on January 1 of each of the first eight years commencing with 2013 by the number of
shares equal to 1% of the Company’s shares outstanding on the immediately preceding December 31, but not to exceed 1,490 shares, unless the Board of Directors,
in its discretion, determines to make a smaller increase. As of December 31, 2018, there were 1,880 shares of the Company’s common stock available for future
issuance under the ESPP.
98
�Proofpoint, Inc.
Notes to Consolidated Financial Statements (Continued)
(dollars and share amounts in thousands, except per share amounts)
The fair value of the option component of the ESPP shares was estimated at the grant date using the Black-Scholes option pricing model with the
following weighted average assumptions:
Expected life (in years)
Volatility
Risk-free interest rate
Dividend yield
2018
0.5
33% - 40%
Year ended December 31,
2017
0.5
29% - 37%
2016
0.5
37% - 48%
1.76% - 2.50%
0.76% - 1.16%
0.38% - 0.45%
—%
—%
—%
The Company issued 231 shares, 183 shares and 200 shares under the ESPP in the years ended December 31, 2018, 2017 and 2016, respectively, at a
weighted average exercise price per share of $77.02, $73.02, and $45.65, respectively. As of December 31, 2018, the Company expects to recognize $2,925 of the
total unamortized compensation cost related to employee purchases under the ESPP over a weighted average period of 0.37 years.
Restricted Stock and Deferred Shares
As part of the FireLayers acquisition, the Company granted 111 shares of restricted stock in 2016 to certain key employees with a total fair value of
$8,669 with annual vesting term of three years. The Company recognized $2,887, $2,887 and $546 of stock-based compensation expense in 2018, 2017 and 2016,
respectively. As of December 31, 2018, there was $2,349 of unamortized stock-based compensation expense related to the unvested shares of restricted stock. The
shares of restricted stock are subject to forfeiture if employment terminates prior to the lapse of the restrictions, and are expensed over the vesting period. They are
considered issued and outstanding shares of the Company at the grant date and have the same rights as other shares of common stock.
As part of the Weblife acquisition, 107 shares were deferred for certain key employees with the total fair value of $9,652, and a vesting period between
three and four years. The Company recognized $2,415 and $205 of stock-based compensation in the years ended December 31, 2018 and 2017, respectively. As of
December 31, 2018, there was $7,032 of unamortized stock-based compensation expense related to the unvested deferred shares. The deferred shares are subject to
forfeiture if employment terminates prior to the lapse of the deferral date, and are expensed over the vesting period.
As part of the Wombat acquisition, 51 shares were deferred for certain key employees with the total fair value of $5,458, and a vesting period of two
years. The Company recognized $2,288 of stock-based compensation in the year ended December 31, 2018. As of December 31, 2018, there was $3,170 of
unamortized stock-based compensation expense related to the unvested deferred shares. The deferred shares are subject to forfeiture if employment terminates prior
to the lapse of the deferral date, and are expensed over the vesting period.
11. Net Loss per Share
Basic net loss per share of common stock is calculated by dividing the net loss by the weighted‑average number of shares of common stock
outstanding for the period. The weighted‑average number of shares of common stock used to calculate basic net loss per share of common stock excludes those
shares subject to repurchase related to stock options or restricted stock that were exercised or issued prior to vesting as these shares are not deemed to be issued for
accounting purposes until they vest. Diluted net loss per share of common stock is computed by dividing the net loss using the weighted‑average number of shares
of common stock, excluding common stock subject to repurchase, and, if dilutive, potential shares of common stock outstanding during the period. Basic and
diluted net loss per common share was the same for all periods presented as the impact of all potentially dilutive securities outstanding was anti-dilutive.
99
�Proofpoint, Inc.
Notes to Consolidated Financial Statements (Continued)
(dollars and share amounts in thousands, except per share amounts)
The following table presents the potentially dilutive common shares outstanding that were excluded from the computation of diluted net loss per share
of common stock for the periods presented because including them would have been anti-dilutive:
Stock options to purchase common stock
Restricted stock units
Employee stock purchase plan
Common stock subject to repurchase
Stock bonus awards and other liability awards
1.25% Convertible senior notes
0.75% Convertible senior notes
Total
12. Segment Reporting
2018
December 31,
2017
2016
1,255
4,568
163
195
152
—
—
6,333
2,040
3,540
118
90
98
—
2,831
8,717
3,183
3,465
92
135
159
5,158
2,831
15,023
Operating segments are reported in a manner consistent with the internal reporting supported and defined by the components of an enterprise about
which separate financial information is available, provided and is evaluated regularly by the chief operating decision maker in deciding how to allocate resources
and in assessing performance. The Company’s chief operating decision maker is its Chief Executive Officer. The Company’s Chief Executive Officer reviews
financial information presented on a consolidated basis. The Company has one business activity, and there are no segment managers who are held accountable for
operations, operating results and plans for levels or components below the consolidated unit level. Accordingly, the Company determined that it has one operating
and reportable segment.
The following sets forth total revenue by solutions offered by the Company and by geographic area. Revenue by geographic area is based upon the
billing address of the customer:
Total revenue by solution:
Advanced Threat
Compliance
Total revenue
Total revenue by geographic area:
United States
Rest of world
Total revenue
The following sets forth long-lived tangible assets by geographic area:
Long-lived assets:
United States
Rest of world
Total long-lived assets
100
2018
Year Ended December 31,
2017
2016
538,141 $
178,853
716,994 $
381,565 $
138,116
519,681 $
262,777
115,560
378,337
2018
Year Ended December 31,
2017
2016
584,294 $
132,700
716,994 $
432,564 $
87,117
519,681 $
314,777
63,560
378,337
$
$
$
$
December 31,
2018
2017
$
$
57,682 $
12,945
70,627 $
66,134
7,483
73,617
�Proofpoint, Inc.
Notes to Consolidated Financial Statements (Continued)
(dollars and share amounts in thousands, except per share amounts)
13. Income Taxes
The domestic and foreign components of loss before income taxes were as follows for the years ended December 31, 2018, 2017 and 2016:
Domestic
Foreign
Loss before income taxes
The (provision for) benefit from income taxes is comprised of:
Current tax expense:
Federal
State
Foreign
Total current
Deferred tax expense:
Federal
State
Foreign
Total deferred
(Benefit from) provision for income taxes
2018
Year Ended December 31,
2017
2016
(126,128) $
9,147
(116,981) $
(110,192) $
30,440
(79,752) $
(98,183)
2,682
(95,501)
2018
Year Ended December 31,
2017
2016
— $
258
1,768
2,026
(12,773)
(1,812)
(673)
(15,258)
(13,232) $
— $
80
5,923
6,003
(12,268)
(266)
(3,419)
(15,953)
(9,950) $
—
72
795
867
411
—
(292)
119
986
$
$
$
$
As the result of adopting ASU 2016-09, the Company recorded excess tax benefits on a prospective basis starting January 1, 2017, resulting in a
cumulative-effect adjustment recorded in consolidated statements of stockholders’ equity in 2017. The reconciliation of income tax expense (benefit) to the income
tax provision (benefit) included in the consolidated statements of operations at the statutory federal income tax rate of 21% for the year ended December 31, 2018,
and 34% for the years ended December 31, 2017 and 2016 is as follows:
Tax at federal statutory rate
Foreign income tax rate differential
State, net of federal benefit
Stock compensation charges
SubPart F and other permanent items
Section 162m
Provision to return and other
Research and development credits
Uncertain tax positions
Impact of Tax Act and other tax law changes
Valuation allowance
(Benefit from) provision for income taxes
2018
Year Ended December 31,
2017
2016
$
$
(24,566) $
307
(3,859)
(20,341)
1,597
5,501
(1,082)
(11,165)
2,171
—
38,205
(13,232) $
(27,116) $
(3,076)
(2,942)
(32,150)
2,155
601
2,480
(7,713)
5,888
85,606
(33,683)
(9,950) $
(32,470)
(187)
(2,999)
3,517
1,422
—
1,417
(4,464)
749
—
34,001
986
101
�Proofpoint, Inc.
Notes to Consolidated Financial Statements (Continued)
(dollars and share amounts in thousands, except per share amounts)
Deferred tax assets and liabilities reflect the net tax effects of net operating loss and tax credit carryovers and the temporary differences between the
carrying amount of assets and liabilities for financial reporting and the amounts used for income tax purposes. Significant components of the Company’s deferred
tax assets were as follows:
Deferred tax assets:
Net operating loss carryforwards
Tax credit carryforwards
Research expenditures
Deferred revenue
Stock compensation
Fixed assets
Accruals and other
Gross deferred tax assets
Valuation allowance
Total deferred tax assets
Deferred tax liabilities:
Intangible assets and other
Deferred commissions
Convertible senior notes
Total deferred tax liabilities
Total net deferred tax assets (liabilities)
Non-current deferred income tax assets (included in other long-term assets)
Non-current deferred income tax liabilities (included in long-term liabilities)
At December 31,
2018
2017
$
$
$
$
192,508 $
33,799
577
17,716
16,861
313
12,619
274,393
(222,734)
51,659
(23,282)
(26,008)
—
(49,290)
2,369 $
2,946 $
577 $
158,535
24,700
859
11,552
14,842
274
10,106
220,868
(181,213)
39,655
(12,087)
(18,701)
(6,857)
(37,645)
2,010
2,543
533
The Company records net deferred tax assets to the extent that Company believes these assets will more likely than not be realized. In making such
determination, the Company considers all available positive and negative evidence, including future reversals of existing taxable temporary differences, projected
future taxable income, tax planning strategies and recent financial operations.
Realization of deferred tax assets is dependent upon future earnings, if any, the timing and amount of which are uncertain. The valuation allowance
increased by $41,521, $50,056 and $34,005 during the years ended December 31, 2018, 2017 and 2016, respectively. The change in valuation allowance for the
year ended December 31, 2018, included an increase of $3,392 related to the 0.75% Notes conversion. The change in valuation allowance for the year ended
December 31, 2017, includes an increase of $79,336 related to the prospective adoption of ASU 2016-09, an increase of $2,554 related to 2013 convertible notes
conversion, and an increase of $1,525 related to the Cloudmark acquisition.
During the three months ended March 31, 2017, the Company transferred certain intellectual property rights from its wholly owned subsidiary in Israel
to the United States. Although the transfer of intellectual property rights between consolidated entities did not result in any gain in the consolidated statements of
operations, the transfer did result in a taxable gain in Israel. In the Company’s financial statements ending before January 1, 2018, taxes incurred related to the
intercompany transaction have been treated as a prepaid tax asset in the Company’s consolidated balance sheet and were being amortized to income tax expense
over the life of the intellectual property. Effective January 1, 2018, pursuant to the Company’s modified retrospective adoption of ASU 2016-16, the Company’s
remaining prepaid tax asset of $3,216 was recorded as an increase to accumulated deficit.
In December 22, 2017, the U.S. government enacted comprehensive tax legislation commonly referred to as the Tax Cuts and Jobs Act (the “Tax
Act”). The Tax Act significantly impacts the future ongoing U.S. corporate income tax by, among things, lowering the U.S. corporate income tax rates from 34% to
21%, providing for unlimited net operating loss carry-forward periods, and implementing a territorial tax system. The reduction of the U.S. corporate tax rate
required the Company to revalue its U.S. deferred tax assets and liabilities during fiscal 2017
102
�Proofpoint, Inc.
Notes to Consolidated Financial Statements (Continued)
(dollars and share amounts in thousands, except per share amounts)
to the newly enacted federal rate of 21%. This transitional impact resulted in a provisional deferred tax benefit of $2,024 in the year ended December 31, 2017
related to a reduction in a US deferred tax liabilit y on certain long-lived acquired intangibles. This transitional impact also resulted in a $87,621 provisional
reduction of certain of the Company’s US deferred tax assets which are offset by a full valuation allowance.
As of December 31, 2018, the amounts recorded for the Tax Act no longer remain provisional as the Company completed its accounting for the effect
of the 2017 Tax Act within the measurement period under the SEC guidance. However, the amounts recorded for the repatriation tax, the remeasurement of
deferred taxes, and the Company’s reassessment of permanently reinvested earnings, uncertain tax positions and valuation allowances may be impacted by future
clarification and guidance regarding available tax accounting methods and elections, earnings and profits computations, state tax conformity to federal tax changes,
among others.
During the year ended December 31, 2018, the Company recorded a deferred tax benefit of $14,725 related to changes in the Company’s valuation
allowance resulting from the Wombat business acquisition. During the year ended December 31, 2017, the Company recorded a deferred tax benefit of $7,904 and
$4,440 related to changes in the Company’s US valuation allowances as a result of the Cloudmark and WebLife acquisitions, respectively.
As of December 31, 2018 and 2017, the Company had net operating loss carry-forwards for federal income tax purposes of $797,569 and $659,587,
respectively. The federal net operating losses generated prior to tax year beginning in 2018 and which are subject to expiration will expire between 2019 and 2037.
As of December 31, 2018 and 2017, the Company had federal research credit carry-forwards of $24,556 and $16,122 respectively. The federal research and
development credits will begin to expire in 2022.
As of December 31, 2018 and 2017, the Company had net operating loss carry-forwards for state income tax purposes of approximately $396,665 and
$323,013, respectively. The state net operating losses will continue to expire between 2019 and 2038. As of December 31, 2018 and 2017, the Company had
research and development credit carry-forwards for state income tax purpose of $22,987 and $18,362, respectively. The state research and development credits
have no expiration period.
As of December 31, 2018, the Company had no net operating losses carry-forwards in non-U.S. locations. As of December 31, 2018 and 2017, the
Company had research and development credit carry-forwards in its non-U.S. locations of approximately $2,426 and $2,375, respectively. The non-U.S. research
and development credits will begin to expire in 2031.
Utilization of the federal and state net operating losses may be subject to substantial annual limitation due to the ownership change limitations provided
by the Internal Revenue Code and similar state provisions. Analyses have been conducted to determine whether an ownership change had occurred since inception.
The analyses have indicated that although ownership changes have occurred in prior years, the net operating losses and research and development credits would not
expire before utilization as a result of the ownership change. In the event the Company has subsequent changes in ownership, net operating losses and research and
development credit carryovers could be limited and may expire unutilized as a result of the subsequent ownership change.
The Company recognizes interest and penalties related to uncertain tax positions within the income tax expense line in the consolidated statements of
operations. Accrued interest and penalties are included within the related tax liability line in the consolidated balance sheets. During the year ended December 31,
2018, the Company reduced income tax benefit by $21 from interest and penalties related to tax contingencies and has $309 of interest and penalties recorded as a
long-term income tax liability as of December 31, 2018. During the year ended December 31, 2017, the Company reduced income tax benefit by $90 from interest
and penalties related to tax contingencies and had $288 of interest and penalties recorded as a long-term income tax liability.
As of December 31, 2018, the Company had recorded unrecognized tax benefits of $4,616 that if recognized, would benefit the Company’s effective
tax rate. As of December 31, 2017, the Company had recorded unrecognized tax benefits of $4,700 that, if recognized, would benefit the Company’s effective
tax rate.
103
�Proofpoint, Inc.
Notes to Consolidated Financial Statements (Continued)
(dollars and share amounts in thousands, except per share amounts)
The Company is currently under audit by the Israel Tax Authority for tax years 2013 through 201 7 . Related to the audit by the Israel Tax Authority it
is reasonably possible that the Company’s uncertain tax positions could change within the next 12 months. An estimate of the range of any change cannot be made.
The Company believes it has recorded all appropriate provisions for all juri sdictions and open years. However, the Company can give no assurance that taxing
authorities will not propose adjustments that would increase its tax liabilities. The Company is not currently under audit by the IRS or any similar taxing authority
in any ot her material jurisdiction.
Because of net operating loss and credit carry-forwards, all of the Company’s tax years dating to inception in 2002 remain open to tax examination in
U.S. and certain state tax jurisdictions. For other major non-U.S. jurisdictions, tax years from 2011 to present remain open to tax examination. The Company is not
currently under audit in any material jurisdictions.
The aggregate changes in the balance of gross unrecognized tax benefits were as follows:
Balance as of December 31, 2015
Increase in balances related to tax positions taken during the current period
Increase in balances related to tax positions taken during the prior period
Decrease in balances related to tax positions taken during the prior period
Decrease in balances related to statute expirations during the current period
Balance as of December 31, 2016
Increase in balances related to tax positions taken during the current period
Increase in balances related to tax positions taken during the prior period
Decrease in balances related to tax positions taken during the prior period
Decrease in balances related to statute expirations during the current period
Balance as of December 31, 2017
Increase in balances related to tax positions taken during the current period
Increase in balances related to tax positions taken during the prior period
Decrease in balances related to tax positions taken during the prior period
Decrease in balances related to statute expirations during the current period
Balance as of December 31, 2018
$
$
4,820
1,262
20
(17)
(239)
5,846
8,160
45
(2)
(188)
13,861
2,692
217
—
(316)
16,454
As part of the transition to the new territorial tax system, the Act imposed a one-time repatriation tax on deemed repatriation of historical earnings of
foreign subsidiaries. Based on the evaluation of the Company’s operations, no repatriation tax charge was owed due to negative earnings and profits in the
Company’s foreign operations.
104
�EXHIBIT INDEX
Incorporated by Reference
Exhibit Title
Form
File No.
333-178479
001-35506
333-178479
001-35506
333-178479
333-178479
333-178479
001-35506
Filing Date
April 9, 2012
February 20, 2019
April 9, 2012
October 31, 2017
April 9, 2012
April 9, 2012
April 9, 2012
February 26, 2015
333-178479
December 14, 2011
001-35506
333-178479
333-178479
333-178479
October 25, 2018
December 14, 2011
January 25, 2012
January 25, 2012
001-35506
001-35506
February 23, 2017
July 9, 2018
Exhibit
No.
3.02
3.1
4.01
10.01
10.02
10.03
10.04
10.05
10.05
10.1
10.07
10.08
10.11
10.12
10.01
Exhibit
No.
3.01
3.02
4.01
10.01
10.02
10.03
10.04
10.05
10.06
10.07
10.08
10.09
10.10
10.11
10.12
10.13
10.14
21.01
23.01
31.01
31.02
32.01
32.02
S-1A
8-K
S-1A
10-Q
S-1A
S-1A
S-1A
10-K
S-1
8-K
S-1
S-1A
S-1A
10-K
8-K
Amended and Restated Certificate of Incorporation of the Registrant.
Amended and Restated Bylaws of the Registrant.
Form of Registrant’s common stock certificate.
Form of Indemnity Agreement.
2002 Stock Option/Stock Issuance Plan and form of option grant.
2012 Equity Incentive Plan and form of grant agreements.
2012 Employee Stock Purchase Plan.
Corporate Bonus Program.
Lease Agreement between Registrant and Hines VAF No Cal Properties, L.P., dated as of
March 28, 2011, as amended July 28, 2011.
Lease between the Registrant and Pathline LLC, dated October 23, 2018
Offer Letter to Gary Steele from the Registrant, dated November 17, 2002.
Offer Letter to Paul Auvil from the Registrant, dated March 9, 2007.
Offer Letter to David Knight from the Registrant, dated March 14, 2011.
†
†
†
†
†
†
†
† * Offer Letter to Blake Salle from the Registrant, dated October 24, 2018.
†
†
Offer Letter to Bhagwat Swaroop from Registrant, dated April 27, 2016.
Offer Letter to Klaus Oestermann from the Registrant, dated July 6, 2018.
† * Separation Agreement between Klaus Oestermann and the Registrant, dated October 24,
*
*
*
*
2018
Subsidiaries of Registrant.
Consent of PricewaterhouseCoopers LLP, independent registered public accounting firm.
Certification of Chief Executive Officer Pursuant to Rule 13-a-14 of the Securities
Exchange Act of 1934, as Adopted Pursuant to Section 302 of the Sarbanes-Oxley Act of
2002.
Certification of Chief Financial Officer Pursuant to Rule 13-a-14 of the Securities Exchange
Act of 1934, as Adopted Pursuant to Section 302 of the Sarbanes-Oxley Act of 2002.
** Certification of Chief Executive Officer Pursuant to 18 U.S.C. Section 1350 as Adopted
Pursuant to Section 906 of the Sarbanes-Oxley Act of 2002.
** Certification of Chief Financial Officer Pursuant to 18 U.S.C. Section 1350 as Adopted
Pursuant to Section 906 of the Sarbanes-Oxley Act of 2002.
101.INS
** XBRL Instance Document
101.SCH
** XBRL Taxonomy Extension Schema Document
101.CAL
** XBRL Taxonomy Extension Calculation Linkbase Document
101.DEF
** XBRL Taxonomy Extension Definition Linkbase Document
101.LAB
** XBRL Taxonomy Extension Label Linkbase Document
101.PRE
** XBRL Taxonomy Extension Presentation Linkbase Document
† Indicates a management contract or compensatory plan.
* Filed herewith
**These exhibits are furnished with this Annual Report on Form 10-K and are not deemed filed with the Securities and Exchange Commission and are not incorporated by reference in any filing
of Proofpoint, Inc. under the Securities Act of 1933 or the Exchange Act of 1934, whether made before or after the date hereof and irrespective of any general incorporation language in such
filings.
105
�Pursuant to the requirements of Section 13 or 15(d) of the Securities Exchange Act of 1934, the Company has duly caused this report to be signed on
its behalf by the undersigned, thereunto duly authorized, on February 21, 2019.
SIGNAT URES
PROOFPOINT, INC.
By:
/s/ GARY STEELE
Gary Steele
Chief Executive Officer
106
�POWER OF ATTORNEY
KNOW ALL PERSONS BY THESE PRESENTS, that each person whose signature appears below constitutes and appoints Gary Steele and Paul
Auvil, and each of them, as his or her true and lawful attorneys-in-fact and agents, with full power of substitution and resubstitution, for him or her and in his or her
name, place and stead, in any and all capacities, to sign any and all amendments to this Annual Report on Form 10-K, and to file the same, with all exhibits thereto,
and other documents in connection therewith, with the Securities and Exchange Commission, granting unto said attorneys-in-fact and agents, and each of them, full
power and authority to do and perform each and every act and thing requisite and necessary to be done in connection therewith, as fully to all intents and purposes
as he or she might or could do in person, hereby ratifying and confirming that all said attorneys-in-fact and agents, or any of them or their or his or her substitute or
substitutes, may lawfully do or cause to be done by virtue hereof.
Pursuant to the requirements of the Securities Exchange Act of 1934, this report has been signed below by the following persons in the capacities and
on the date indicated:
Name
/s/ Gary Steele
Gary Steele
/s/ Paul Auvil
Paul Auvil
/s/ Dana Evan
Dana Evan
/s/ Jonathan Feiber
Jonathan Feiber
/s/ Kristen Gil
Kristen Gil
/s/ Kevin Harvey
Kevin Harvey
/s/ R. Scott Herren
R. Scott Herren
/s/ Michael Johnson
Michael Johnson
/s/ Richard Wallace
Richard Wallace
Title
Chief Executive Officer
(Principal Executive Officer)
Chief Financial Officer
(Principal Financial Officer and Principal Accounting officer)
Director
Director
Director
Director
Director
Director
Director
107
Date
February 21, 2019
February 21, 2019
February 21, 2019
February 21, 2019
February 21, 2019
February 21, 2019
February 21, 2019
February 21, 2019
February 21, 2019
�Exhibit
10.11
892 Ross Drive, Sunnyvale, CA 94089 | www.proofpoint.com
October 24, 2018
Blake Salle
[Address Redacted]
Dear Blake,
It is our pleasure to offer you the full-time position of EVP, WW Sales at Proofpoint Inc. (the “Company”). If you accept this
position, you will transition to this role effective October 25, 2018. This letter (“Agreement”) sets out any revised terms of your
employment should you accept this new role with the Company. All other terms and conditions of your employment not
modified in this Agreement shall continue as set forth and executed with you originally.
Your employment with the Company will continue to be at-will, meaning either you or the Company can terminate your
employment at any time, for any reason or no reason, with or without advance notice. Nothing in this letter is intended to
constitute a contract for continued employment or employment for a specified term. During your employment with the
Company, you are expected to comply with the Company's then-current policies and procedures.
1. Duties . Beginning October 25, 2018, you will transition into the role of EVP, WW Sales at Proofpoint. You will report
to the Chief Executive Officer, Gary Steele. Of course, the Company may change your position, duties, and work
location from time to time as it deems appropriate.
2. Compensation
a. Salary . You will earn an annual base salary of $400,000.00 less payroll deductions and all required
withholdings. You will be paid semi-monthly on the Company’s regular payroll dates.
b. Variable Compensation . You will be eligible to earn annual target commission in the amount of $400,000 at
100% of quota attainment (“Target Commissions”). Earned commissions will be paid monthly per the Company’s
regular commission payment process. You will be eligible for monthly commissions based on your attainment of
quota under the applicable Company commission plan.
3. Equity . Upon your acceptance of your new role, the Company will grant to you a Restricted Stock Unit (“RSU”) award
of 30,000 shares of Proofpoint Common Stock. The grant shall be subject to the vesting restrictions and all other
terms of the Proofpoint’s 2012 Equity Incentive Plan and the Restricted Stock Unit Agreement.
4.
Termination of Employment . Within three (3) days following the commencement date of your new role, the Company
will enter into its standard Change in Control and Severance Agreement with you.
�We look forward to continuing to work with you to make Proofpoint a success. If there are any aspects of this offer you would
like clarified, please let us know. To accept this offer, please sign below. This offer, if not accepted, will expire on October 25,
2018.
This Agreement, together with all previously executed documents pertaining to your employment with the company including
but not limited to Confidentiality, Noncompetition, and Invention Assignment Agreement and Arbitration Agreement,
constitutes the complete and final understanding between you and the Company on this subject and supersedes all prior
agreements or representations, whether oral or written. Changes to this Agreement must be requested in writing and
approved in writing by the Chief Executive Officer.
Regards,
/s/ Gary Steele
Gary Steele
Chief Executive Officer and Chairman of the Board
I understand and accept the terms of this Agreement:
/s/ Blake Salle
Blake Salle
10/24/2018
Date
�892 Ross Drive, Sunnyvale, CA 94089 | www.proofpoint.com
Exhibit 10.14
Execution Version
October 24, 2018
Klaus Oestermann
Re: Separation Agreement
Dear Klaus,
This letter sets forth the agreement (“ Agreement ”) between you and Proofpoint, Inc. (the “ Company ”) concerning the terms of
your separation of employment and provides you with separation compensation in exchange for a general release of claims.
1. Separation Date : October 25, 2018, is your last day of employment with the Company (the “ Separation Date ”). The
Company accepts your resignation as an employee and officer of the Company for “good reason,” and accepts your resignation as a member
of the Board of Directors of the Company, in both cases effective on your Separation Date. The Company agrees that your resignation is a
Qualifying Termination under the terms of your Change in Control and Severance Agreement.
2. Acknowledgment of Payment of Wages : On the Separation Date, we will provide you with one or more final
paychecks for all wages, salary, bonuses, commissions, reimbursable expenses previously submitted by you, and any similar payments due
you from the Company as of the Separation Date. By signing below, you acknowledge that the Company does not owe you any other
amounts. Please promptly submit for reimbursement all final outstanding expenses, if any.
3. Separation Compensation : In exchange for your agreement to the general release and waiver of claims set forth on
Exhibit A hereto (the “ Release ”), and your other promises herein and therein, subject to the Release becoming effective as set forth therein
(the “ Release Effective Date ”) the Company agrees to provide you with the following:
a. Severance : The Company agrees to pay you, within ten (10) business days following the Release Effective
Date, a lump sum payment in the gross amount of $500,000.00, less applicable state and federal payroll deductions, which equals 12 months
of your base salary.
b. Bonus : The Company agrees to pay you, within ten (10) business days following the Release Effective Date,
a lump sum payment in the gross amount of $250,000.00, less applicable state and federal payroll deductions, which equals 50% of your
variable compensation.
c. COBRA : Upon your timely election to continue your existing health benefits under COBRA, the Company
will pay the insurance premiums to continue your existing health, dental and vision benefits for 12 months following the Separation Date or,
if earlier until you are eligible to be covered under another substantially equivalent insurance plan by a subsequent employer.
d. Equity Acceleration : You have previously received a Restricted Stock Unit Award representing the right to
receive 82,853 shares of the Company’s common stock over a four-year vesting period (the “ RSUs ”) and two Performance-Based Restricted
Stock Unit Awards representing the right to receive an aggregate of 82,853 shares of the Company’s common stock subject to the
achievements of
�certain performance goals that have not yet been completed (the “ P SU s ”) . A ll of the RSUs and PSUs are currently unvested . O n the
Release Effective Date , the vesting of 20,713 shares subject to the RSU s will be accelerated such that you will be vested in 20,713 s hares
(the “ Accelerated Shares ”) . The remaining 62 ,140 shares subject to the RSU s and all of the shares subject to the PSU s will be forfeited
immediately upon your Separation Date . All Accelerated Shares will be settled within ten (10) days of the Release Effective Date.
4. Proprietary Information : You hereby acknowledge that you will continue to be bound by the attached Confidentiality,
Noncompetition, and Invention Assignment Agreement ( Exhibit B hereto) and that as a result of your employment with the Company you
have had access to the Company’s Proprietary Information (as defined in the agreement), that you will hold all Proprietary Information in
strictest confidence and that you will not make use of such Proprietary Information on behalf of anyone. You further confirm that you have
delivered to the Company all documents and data of any nature containing or pertaining to such Proprietary Information and that you have not
taken with you any such documents or data or any reproduction thereof.
5. Arbitration : You hereby acknowledge that you are bound by the attached Arbitration Agreement ( Exhibit C
hereto). You expressly waive any entitlement to have such controversies decided by a court or a jury.
6. Attorneys’ Fees : If any action is brought to enforce the terms of this Agreement, the prevailing party will be entitled to
recover its reasonable attorneys’ fees, costs and expenses from the other party, in addition to any other relief to which the prevailing party
may be entitled.
7. Complete and Voluntary Agreement : This Agreement, together with the Exhibits hereto, constitute the entire agreement
between you and Releasees with respect to the subject matter hereof and supersedes all prior negotiations and agreements, whether written or
oral, relating to such subject matter. You acknowledge that neither Releasees nor their agents or attorneys have made any promise,
representation or warranty whatsoever, either express or implied, written or oral, which is not contained in this Agreement for the purpose of
inducing you to execute the Agreement, and you acknowledge that you have executed this Agreement in reliance only upon such promises,
representations and warranties as are contained herein, and that you are executing this Agreement voluntarily, free of any duress or coercion.
8. Defend Trade Secrets Act . Pursuant to the Defend Trade Secrets Act (18 U.S.C. § 1833(b)), you acknowledge that you
understand that you will not be held criminally or civilly liable under any federal or state trade secret law for the disclosure of a trade secret of
the Company or its affiliates that (i) is made (A) in confidence to a federal, state, or local government official, either directly or indirectly, or
to your attorney and (B) solely for the purpose of reporting or investigating a suspected violation of law; or (ii) is made in a complaint or
other document that is filed under seal in a lawsuit or other proceeding. You further acknowledge that you understand that if you file a
lawsuit for retaliation for reporting a suspected violation of law, you may disclose the trade secret to your attorney and use the trade secret
information in the court proceeding if you (x) file any document containing the trade secret under seal, and (y) do not disclose the trade secret,
except pursuant to court order. Nothing in this Agreement, or any other agreement with or policy of the Company or its affiliates, is intended
to conflict with 18 U.S.C. § 1833(b) or create liability for disclosures of trade secrets that are expressly allowed by such section. Further,
nothing in this Agreement or any other agreement that you have with the Company shall prohibit or restrict you from making any voluntary
disclosure of information or documents concerning possible violations of law to, or seek a whistleblower award from, any governmental
agency or legislative body, or any self-regulatory organization, in each case, and you may do so without notifying the Company.
2
�9. Section 409A of the Internal Revenue Code . It is intended that payments under this Agreement will be exempt from, or
comply with, Section 409A of the Internal Revenue Code, and accordingly, to the maximum extent permitted, this Agreement shall be
interpreted and administered to be in accordance therewith. Each installment of the payments and benefits provided for in this Agreement
shall be treated as a separate “payment” for purposes of Treasury Regulation Section 1.409A-2(b)(2)(i).
10. Governing Law : This Agreement shall be governed by and construed in accordance with the laws of the State of
California.
If you agree to abide by the terms outlined in this letter, please sign this letter below and also sign the attached copy and return it to
me. I wish you the best in your future endeavors.
READ, UNDERSTOOD AND AGREED
/s/ Klaus Oestermann
Klaus Oestermann
Sincerely,
Proofpoint, Inc.
/s/ Gary Steele
Gary Steele
Chief Executive Officer
Date: October 24, 2018
3
�Exhibit A
GENERAL RELEASE AGREEMENT
In consideration of the severance benefits (the “ Severance ”) offered to me by Proofpoint, Inc. (the “ Company ”) pursuant to
Separation Agreement by and between me and the Company, dated on or about the date hereof (the “ Separation Agreement ”) and in
connection with the termination of my employment, I agree to the following general release (the “ Release ”).
1. On behalf of myself, my heirs, executors, administrators, successors, and assigns, I hereby fully and forever generally release and
discharge the Company, its current, former and future parents, subsidiaries, affiliated companies, related entities, employee benefit plans, and
each of their fiduciaries, predecessors, successors, officers, directors, shareholders, agents, employees and assigns (collectively, the “
Releasees ”) from any and all claims, causes of action and liabilities I have or may have had against Releasees through the date of my
execution of the Release. The claims subject to this release include, but are not limited to, those relating to my employment with the Company
and/or any predecessor or successor to the Company and the termination of such employment. All such claims (including related attorneys’
fees and costs) are hereby waived without regard to whether those claims are based on any alleged breach of a duty arising in statute, contract
or tort. This expressly includes waiver and release of any rights and claims arising under any and all laws, rules, regulations, and
ordinances, including, but not limited to: Title VII of the Civil Rights Act of 1964; the Older Workers Benefit Protection Act; the Americans
With Disabilities Act; the Age Discrimination in Employment Act; the Fair Labor Standards Act; the National Labor Relations Act; the
Family and Medical Leave Act; the Employee Retirement Income Security Act of 1974, as amended (“ ERISA ”); the Workers Adjustment
and Retraining Notification Act; the California Fair Employment and Housing Act (if applicable); the provisions of the California Labor Code
(if applicable); the Equal Pay Act of 1963; and any similar law of any other state or governmental entity. This release extends to any claims
that may be brought on my behalf by any person for monetary or other personal relief, as well as any class or representative action under
which I may have any rights or benefits. I agree not to accept any recovery or benefits under any such claim or action, and I assign any such
recovery or benefits to the Company or its successor. I further waive any rights under Section 1542 of the Civil Code of the State of
California or any similar state statute. Section 1542 states:
A general release does not extend to claims which the creditor does not know or suspect to exist in his or her favor at the time of executing the
release, which, if known to him or her, must have materially affected his or her settlement with the debtor.
This Release does not extend to, and has no effect upon, any benefits that have accrued, and to which I have become vested, under any
employee benefit plan within the meaning of ERISA sponsored by the Company.
2. In understanding the terms of the Release and my rights, I have been advised to consult with an attorney of my choice prior to
executing the Release. I understand that nothing in the Release shall prohibit me from exercising legal rights that are, as a matter of law, not
subject to waiver such as: (a) my rights under applicable workers’ compensation laws; (b) my right, if any, to seek unemployment benefits;
(c) my right to indemnity under California Labor Code section 2802 or other applicable state law right to indemnity; (d) my right to file a
charge or complaint with a government agency such as but not limited to the Equal Employment Opportunity Commission, the National
Labor Relations Board, the Department of Labor, the California Department of Fair Employment and Housing, or other applicable state
agency and (e) my right to report any violation to the U.S. Securities and Exchange Commission or any similar federal, state or local agency.
Moreover, I understand that nothing in this Release precludes me from entitlement to any monetary recovery awarded by the U.S. Securities
and Exchange Commission any federal, state or local
�agency in connection with any action asserted by the Securities and Exchange Commission or such federal, state or local agency. I further
understand that I will continue to be indemnified for any of my actions taken while employed by the Company to the same extent as other
then-current or former directors and officers of the Company under the Company’s Certificate of Incorporation and Bylaws and the Director
and Officer Indemnification Agreement between me and the Company, if any, and that I will continue to be covered by the Company’s
directors and officers liability insurance policy as in effect from time to time to the same extent as other then- current or former directors and
officers of the Company, each subject to the requirements of the laws of the State of California.
3. I understand and agree that that the Company will not provide me with the Severance unless I execute the Release. I also
understand that I have received or will receive, regardless of the execution of the Release, all wages owed to me together with any accrued but
unused vacation pay, less applicable withholdings and deductions, earned through my termination date, and any acceleration of vesting of my
equity awards to which I may be entitled pursuant to the Company’s equity incentive plans.
4. As part of my existing and continuing obligations to the Company, I have returned to the Company all Company documents that I
have had in my possession at any time (including but not limited to Company files, notes, drawings, records, business plans and forecasts,
financial information, specification, computer-recorded information) as well as other tangible property (including, but not limited to,
computers, laptops, cell phones and pagers, credit cards, entry cards, identification badges and keys), and any materials of any kind which
contain or embody any proprietary or confidential information of the Company (and all copies or reproductions thereof). I understand that,
even if I did not sign the Release, I am still bound by any and all confidential/proprietary/trade secret information, non-disclosure and
inventions assignment agreement(s) signed by me in connection with my employment with the Company, or with a predecessor or successor
of the Company pursuant to the terms of such agreement(s).
5. I represent and warrant that I am the sole owner of all claims relating to my employment with the Company and/or with any
predecessor of the Company, and that I have not assigned or transferred any claims relating to my employment to any other person or entity.
6. I agree to keep the Severance and the provisions of the Release confidential and not to reveal its contents to anyone except my
lawyer, my spouse or other immediate family member, and/or my financial consultant, or as required by legal process or applicable law.
7. I understand and agree that the Release shall not be construed at any time as an admission of liability or wrongdoing by either the
Company or myself.
8. I agree that I will not make any negative or disparaging statements or comments, either as fact or as opinion, about the Company,
its employees, officers, directors, shareholders, vendors, products or services, business, technologies, market position or performance.
Nothing in this paragraph shall prohibit me from providing truthful information in response to a subpoena or other legal process.
9. Any controversy or any claim arising out of or relating to the interpretation, enforceability or breach of the Release shall be settled
by arbitration in accordance with the arbitration provision set forth in the Arbitration Agreement attached as Exhibit C to your Separation
Agreement. If for any reason the arbitration provision set forth in the Separation Agreement is not enforceable, I agree to arbitration by a
single arbitrator, in Santa Clara County, conducted by Judicial Arbitration & Mediation Services, Inc. (“ JAMS ”) under or any successor
hereto. I further agree that the arbitrator will not be empowered to add to, subtract from, or modify, alter or amend the terms of the Release.
Any applicable arbitration rules or policies will be interpreted in a manner so as to ensure their enforceability under applicable state or
federal law.
2
�10. I agree that I have had at least twenty-one (21) calendar days in which to consider whether to execute the Release, no one hurried
me into executing the Release during that period, and no one coerced me into executing the Release. I understand that the offer of the
Severance and the Release shall expire on the twenty-second (22 nd ) calendar day after my employment termination date if I have not
accepted it by that time. I further understand that the Company’s obligations under the Release shall not become effective or enforceable until
the eighth (8 th ) calendar day after the date I sign the Release provided that I have timely delivered it to the Company (the “ Effective Date ”)
and that in the seven (7) day period following the date I deliver a signed copy of the Release to the Company, I understand that I may revoke
my acceptance of the Release. I understand that the Severance will become available to me at such time as specified in the Separation
Agreement .
11. In executing the Release, I acknowledge that I have not relied upon any statement made by the Company, or any of its
representatives or employees, with regard to the Release unless the representation is specifically included herein. Furthermore, the Release
contains our entire understanding regarding eligibility for and the payment of severance benefits and supersedes any or all prior representation
and agreement regarding the subject matter of the Release. However, the Release does not modify, amend or supersede written agreements
between me and the Company that are consistent with enforceable provisions of this Release, such as my the Separation Agreement,
proprietary information and invention assignment agreement, and any stock, stock option and/or stock purchase agreements between me and
the Company. Once effective and enforceable, this agreement can only be changed by another written agreement signed by me and an
authorized representative of the Company.
12. Should any provision of the Release be determined by an arbitrator, court of competent jurisdiction, or government agency to be
wholly or partially invalid or unenforceable, the legality, validity and enforceability of the remaining parts, terms, or provisions are intended
to remain in full force and effect. Specifically, should a court, arbitrator, or agency conclude that a particular claim may not be released as a
matter of law, it is the intention of the parties that the general release and the waiver of unknown claims above shall otherwise remain
effective to release any and all other claims. I acknowledge that I have obtained sufficient information to intelligently exercise my own
judgment regarding the terms of the Release before executing the Release.
3
�EMPLOYEE’S ACCEPTANCE OF RELEASE
BEFORE SIGNING MY NAME TO THE RELEASE, I STATE THE FOLLOWING: I HAVE READ THE RELEASE, I
UNDERSTAND IT AND I KNOW THAT I AM GIVING UP IMPORTANT RIGHTS. I HAVE OBTAINED SUFFICIENT
INFORMATION TO INTELLIGENTLY EXERCISE MY OWN JUDGMENT. I HAVE BEEN ADVISED THAT I SHOULD
CONSULT WITH AN ATTORNEY BEFORE SIGNING IT, AND I HAVE SIGNED THE RELEASE KNOWINGLY AND
VOLUNTARILY.
Date delivered to employee October 25 , 2018.
Executed this 25 th day of October, 2018 .
/s/ Klaus Oestermann
Employee Signature
Klaus Oestermann
Employee Name (Please Print)
Agreed and Accepted
Proofpoint, Inc.
By:
Name:
Title:
/s/ Gary Steele
Gary Steele
Chief Executive Officer
Date:
10/25/2018
�CONFIDENTIALITY, NON-COMPETITION, AND INVENTION ASSIGNMENT AGREEMENT
EXHIBIT B
In consideration of my employment by Proofpoint, Inc. (the "Company"), and the compensation I receive from the Company, I agree to
certain restrictions placed by the Company on my activities, including my use of information belonging to the Company. I understand that, during the course of my
work as an employee of the Company, I have had and will have access to Proprietary Information (a term which is defined below) concerning the Company, its
employees, its operations, its vendors, and its customers. I acknowledge that the Company has developed, compiled, and otherwise obtained, often at great expense,
this information and that this information has great value to the Company's business. I agree to hold in strict confidence all Proprietary Information and will not
disclose any Proprietary Information to anyone outside of the Company, as defined more fully below. I also acknowledge that the Company conducts its business
throughout the world and that the Company’s reputation and goodwill are an integral part of its business success throughout the world.
I. DEFINITIONS
A. The "Company".
As used in this Agreement, the "Company" refers to Proofpoint, Inc. and each of its subsidiaries or affiliated companies. I recognize and
agree that my obligations under this Agreement and all terms of this Agreement apply to me regardless of whether I am employed by or work for Company or any
of its subsidiaries or affiliates
B. "Proprietary Information": Definition and Ownership.
I understand that the Company possesses and will possess Proprietary Information which is important to its business. For purposes of this
Agreement, "Proprietary Information" is information that was or will be developed, created, or discovered by or on behalf of the Company, or which became or
will become known by, or was or is conveyed by a third party to the Company, which has commercial value in the Company's business or the business of a third
party disclosing such information.
"Proprietary Information" includes, but is not limited to, the following (whether or not patentable, copyrightable, or registerable under any
intellectual property laws or industrial property laws in the United States or elsewhere): information about software programs and subroutines, source and object
code, databases, database criteria, user profiles, scripts, algorithms, processes, trade secrets, designs, methodologies, technology, know-how, processes, data, ideas,
techniques, inventions, modules, features and modes of operation, internal documentation, works of authorship, technical, business, financial, client, marketing, and
product development plans, forecasts, other employees' positions, skill levels, duties, compensation, and all other terms of their employment (unless disclosure is
permitted by law), client and supplier lists, contacts at or knowledge of clients or prospective clients of the Company, and other information concerning the
Company's or its clients' actual or anticipated products or services, business, research, or development, or any information which is received in confidence by or for
the Company from any other person unless (i) the information is or becomes publicly known through lawful means; (ii) the information was rightfully in my
possession or part of my general knowledge prior to my employment by the Company as specifically identified and disclosed by me in Exhibit A; or (iii) the
information is disclosed to me without confidential or proprietary restriction by a third party who rightfully possesses the information (without confidential or
proprietary restriction). I understand that my employment creates a relationship of confidence and trust between me and the Company with respect to Proprietary
Information.
intellectual property and rights anywhere in the world (collectively "Rights")
All Proprietary Information and all title, patents, patent rights, copyrights, trade secret rights, trademarks, trademark rights, and other
�in connection therewith shall be the sole property of the Company. I hereby assign to the Company any Rights I may have or acquire in Proprietary Information.
C. "Competitor "
"Competitor" means any individual, corporation, or other business entity that engages in a business that involves a product or service
offered by anyone other than the Company that would replace or compete with any product or service offered or to be offered by the Company with which I had
material involvement while employed by the Company, unless Company and/or its subsidiaries are no longer engaged in or planning to engage in that line of
business.
II. OBLIGATIONS TO PROTECT PROPRIETARY INFORMATION
I represent and warrant that from the time of my first contact or communication with the Company, I have held in strict confidence all
Proprietary Information and have not disclosed any Proprietary Information to anyone outside of the Company, or used, copied, published, or summarized any
Proprietary Information except to the extent necessary to carry out my responsibilities as an employee of the Company.
At all times, both during my employment by the Company and after its termination, I will (a) keep in confidence and trust and will not
disclose any Proprietary Information except to other Company employees, agents, and representatives who need to know, or to third parties who are bound by
written confidentiality agreements (and in that event only to the extent necessary to carry out my responsibilities as an employee of the Company and in a manner
consistent with any such third party confidentiality agreements), and (b) use Proprietary Information only for the benefit of the Company.
I hereby acknowledge and understand that employees are expected to report any instance in which they believe that the Company's trade
secret or confidential i nformation may have been misappropriated in violation of a federal or state law. I also understand that I should report any such
misappropriation to my immediate supervisor, or to the Company's Legal counsel. Under 18 U.S.C. 1833(b), I further understand I will not be held criminally or
civilly liable under any state or federal trade secret law for the disclosure of a trade secret in confidence:(i) to either a federal, state or local government official,
either directly or indirectly, or to an attorney, solely for the purpose of reporting or investigating a suspected violation of the law; or (ii) in a complaint or other
document filed in a lawsuit or other proceeding, if such filing is made under seal. Finally, should I file a retaliation lawsuit alleging that I was retaliated against for
reporting a suspected violation of law, I hereby acknowledge and understand that I may disclose trade secret information to my attorney and use that information in
a court proceeding so long as (i) I file any court document containing such trade secret information under seal, and (ii) I do not disclose such trade secret
information, except pursuant to court order. This constitutes notice under 18 U.S.C. 1833(b)(3).
I hereby acknowledge and understand that nothing in this Confidentiality, Noncompetition and Invention Assignment Agreement prohibits
me from reporting possible violations of federal law or regulation to any governmental agency or entity, including but not limited to the Department of Justice, the
Securities and Exchange Commission, the Congress, and any agency Inspector General, or making other disclosures that are protected under the whistleblower
provisions of federal law or regulation. In this regard, I understand that I do not need the prior authorization of the Company to make any such reports or
disclosures and I am not required to notify the Company that I have made such reports or disclosures.
III. MAINTENANCE AND RETURN OF COMPANY MATERIALS
I acknowledge and agree that I have no reasonable expectation of privacy with respect to any of the Company's computer,
telecommunications (including handheld devices), networking, or information processing systems (including, without limitation, stored company files, e-mail, text,
IM
�messages, and voice messages) that are used to conduct Company business. As such, the Company has the right to audit and search all such items and systems,
without further notice to me, to ensure compliance with the Company' s policies and for any other business-related purposes in the Company's sole discretion. I
further agree that any property situated on the Company's premises and owned by the Company, including disks and other storage media, filing cabinets, or other
work areas, is subject to inspection by Company personnel at any time with or without notice. I understand that it is my responsibility to comply with the Company'
s policies governing use of the Company' s documents and internet, email, telephone, and technology systems to which I will have access in connection with my
employment. I acknowledge and agree that I will not copy, save, back-up, download, delete, wipe, defragment, retain, disclose, photograph, or transmit in any form
whatsoever any Proprietary Information, that my work product and anything I create or work on while working for the Company belongs to the Company, and that
I may not copy it or take it with me when I leave (or otherwise place the data anywhere I can access it after I leave the Company). I agree that immediately upon
the termination of my employment by me or by the Company for any reason, or on demand during the period of my employment, I will deliver to the Company
(and will not keep in my possession, recreate, or deliver to anyone else) any and all devices, records, data, notes, emails, reports, proposals, lists, correspondence,
specifications, drawings, blueprints, sketches, laboratory notebooks, materials, flow charts, equipment, other documents, or property (including computers,
handheld devices, telephone equipment, ereaders, other electronic devices, and credit cards), and any and all reproductions of any of the aforementioned items
developed by me pursuant to my employment or otherwise belonging to the Company, its successors, or assigns, excepting only (i) my personal copies of records
relating to my compensation;
the
Company; and (iii) my copy of this Agreement. In the event of the termination of my employment , I agree to sign and deliver the "Termination
Certification" attached hereto as Exhibit B; however, my failure to sign and deliver the Termination Certificate shall in no way diminish my continuing obligations
under this Agreement. I also consent to an exit interview to confirm my compliance with this Section III, and agree to keep the Company advised of my home and
business address for a period of one (1) year after termination.
previously distributed generally to stockholders
any materials
my personal
copies
(ii)
of
of
IV.
DISCLOSURE OF INVENTIONS TO THE COMPANY
As used in this Agreement, "Inventions" mean any work of authorship, discovery, improvement, invention, design, graphic, source,
HTML and other code, trade secret, technology, algorithms, computer program or software, audio, video or other files or content, idea, design, process, technique,
formula or composition, know-how, and data, whether or not patentable or copyrightable. I agree to maintain adequate and current written records and promptly
disclose in writing to my immediate supervisor or as otherwise designated by the Company, all Inventions, made, discovered, conceived, reduced to practice, or
developed by me, either alone or jointly with others, during the term of my employment.
I will also disclose to the President of the Company all Inventions made, discovered, conceived, reduced to practice, or developed by me,
either alone or jointly with others, within six (6) months after the termination of my employment with the Company which resulted, in whole or in part, from my
prior employment by the Company. Such disclosures shall be received by the Company in confidence (to the extent such Inventions are not assigned to the
Company pursuant to Section V below) and do not extend the assignment made in Section V below. I will not disclose Inventions covered by this Section IV to any
person outside the Company unless I am requested to do so by management personnel of the Company.
V. OWNERSHIP OF INVENTIONS
A. Generally.
I agree that all Inventions which I make, conceive, reduce to practice, or develop (in whole or in part, either alone or jointly with others)
during my employment shall be the sole property of the Company to the maximum extent permitted by relevant state law, and I hereby assign such Inventions and
all Rights therein
�to the Company. No assignment in this Agreement shall extend to inventions, the assignment of which is prohibited by relevant state statutes. 1 In compliance with
the prevailing provisions of those statutes, this Agreement does not apply to an invention for which no equipment, supplies, facility, or trade secret information of
the Company was used and which was developed entirely my own time, unless (a) the invention relates (i) to the Company's business, or (ii) to the Company' s
actual or demonstrably an ticipated research or development, or (b) the invention results from any work I performed for the Company. The Company shall be the
sole owner of all Rights in connection therewith. 1 / Including: California Labor Code§ 2870; Delaware Code Title 19 § 805; Illinois 765ILCS1060/1-3,
"Employees Patent Act"; Kansas Statutes § 44-130; Minnesota Statutes, 13A, § 181.78; No rt h Carolina General Statutes, Article 10 A, Chapter 66, Commerce and
Business, § 66-57.1; Utah Code§§ 34-39-1 through 34-39-3, "Employment Inventions Act"; and Washington Rev. Code, Title 49 RCW: Labor Regulations,
Chapter 49.44.140.
B. Works Made for Hire.
The Company shall be the sole owner of all Rights, title, and interest in Inventions. I further acknowledge and agree that such Inventions,
including, without limitation, any computer programs, programming documentation, and other works of authorship, are "works made for hire" for purposes of the
Company's rights under copyright laws. To the extent that any Inv entions may not be considered a "work made for hire," I hereby assign to the Company such
Inventions and all Rights therein, except those Inventions, if any, the assignment of which is prohibited under the relevant state statutes identified above.
C. License.
If any Inventions assigned hereunder are based on, or incorporated, or are improvements or derivatives of, or cannot be reasonably made,
used, reproduced, and distributed without using or violating technology or rights owned or licensed by me and not assigned hereunder, I hereby grant the company
a perpetual, worldwide, royalty-free, non-exclusive, and sub-licensable right and license to exploit and exercise all such technology and rights in support of the
Company’s exercise or exploitation of any assigned Inventions (including any modifications, improvements, and derivatives thereof).
D. List of Inventions.
I have attached hereto as Exhibit A a complete list of all existing Inventions to which I claim ownership as of the date of this Agreement
and that I desire to specifically clarify are not subject to this Agreement, and I acknowledge and agree that such list is complete. If no such list is attached to this
Agreement or if I elect to leave Exhibit A blank, I represent that I have no such Inventions at the time of signing this Agreement.
E. Cooperation.
I agree to perform, during and after my employment, all acts deemed necessary or desirable by the Company to permit and assist it in
further evidencing and perfecting the assignments made to the Company under this Agreement and in obtaining, maintaining, defending, and enforcing Rights in
connection with such Inventions and improvements thereto in any and all countries. Such acts may include, but are not limited to, execution of documents and
assistance or cooperation in legal proceedings. I hereby irrevocably designate and appoint the Company, and its duly authorized officers and agents, as my agents
and attorney-in-fact to act for and on my behalf and instead of me, to execute and file any documents, applications, or related findings and to do all other lawfully
permitted acts to further the purposes set forth above in this Subsection E, including, without limitation, the perfection of assignment and the prosecution and
issuance of patents, patent applications, copyright applications and registrations, trademark applications and registrations, or other rights in connection with such
Inventions and improvements thereto with the same legal force and effect as if executed by me.
�F. Assignment or Waiver of Moral Rights.
Any assignment of copyright hereunder (and any ownership of a copyright as a work made for hire) includes all rights of paternity,
integrity, disclosure, and withdrawal and any other rights that may be known as or referred to as “Moral Rights”). To the extent such Moral Rights cannot be
assigned under applicable law and to the extent the following is allowed by the laws in the various countries where Moral Rights exist, I hereby waive such Moral
Rights and consent to any action of the Company that would violate such Moral Rights in the absence of such consent.
VI. NON-SOLICITATION
I agree that during the term of my employment with the Company and for a period of twelve (12) months immediately following the
termination of my employment with the Company for any reason, I shall not either directly or indirectly solicit, induce, recruit, or encourage any of the
Company's employees or consultants to terminate their relationship with the Company, or attempt to solicit, induce, recruit, encourage, or take away employees or
consultants of the Company, either for myself or for any other person or entity. I also agree not to hire or assist in hiring or retaining any such employee or
consultant to the extent such restriction is enforceable under applicable laws where I reside. Further, during my employment with the Company and at any time
following termination of my employment for any reason, I shall not use any Proprietary Information of the Company to attempt to negatively influence any of the
Company's clients or customers from purchasing Company products or services or to solicit or influence or attempt to influence any client, customer, or other
person either directly or indirectly, to direct his or its purchase of products and/or services to any person, firm, corporation, institution, or other entity in
competition with the business of the Company.
VII. NON-COMPETITION
A. Conflicting Business Activities.
For as long as I am employed by the Company, I agree to devote my full time and efforts to the Company. For as long as I am employed
by the Company, I further agree that I will not engage in any employment, business, or activity that is in any way competitive with the business or proposed
business of the Company, nor will I assist any other person or organization in competing with the Company or in preparing to engage in competition with the
business or proposed business of the Company. The provisions of this Subsection shall apply both during normal working hours and at all other times including,
without limitation, nights, weekends, and vacation time, while I am employed with the Company. During the course of my employment, I shall also inform the
Company before accepting any employment, consulting, or other relationship that requires a significant time commitment.
B. Post-Termination Obligations.
I acknowledge that in some instances, a simple agreement not to disclose or use the Company's Proprietary Information would be
inadequate, standing alone, to protect the Company's legitimate business interests because some activities by a former employee will, by their nature, compromise
such Proprietary Information as well as the goodwill and customer relationships I have been paid to develop. I recognize that activities that violate the Company's
rights in this regard, whether or not intentional, are often undetectable by the Company until it is too late to obtain an effective remedy, and that such activities will
cause irreparable injury to the Company. To prevent this kind of irreparable harm, I agree that for a period of twelve (12) months following the termination of my
employment with the Company, I will not provide services in any role or position (as an employee, consultant, or otherwise) to any Competitor of the Company,
which services would involve job duties or other business-related activities in the United States or in any other country where the Company markets its products
and services, if such job duties or business-related activities are the same as or similar to the job duties or business-related activities in which I participated or as to
which I received Proprietary Information in the last two (2) years of my employment with
�Company. If I am a resident of California, the restriction in this Subsection VII (B) will apply only to activities that result in the unauthorized use or disclosure of
Proprietary Information.
VIII. COMPANY AUTHORIZATION FOR PUBLICATION
Prior to my submitting, or disclosing for possible publication or general dissemination outside the Company (such as through public
speaking engagements or literature), any material prepared by me that incorporates information that concerns the Company's business or anticipated research, I
agree to deliver a copy of such material to an officer of the Company for his or her review. Within twenty (20) days following such submission, the Company
agrees to notify me in writing whether the Company believes such material contains any Proprietary Information or Inventions, and I agree to make such deletions
and revisions as are reasonably requested by the Company to protect its Proprietary Information and Inventions. I further agree to obtain the written consent of the
Company prior to any review of such material by persons outside the Company.
IX. FORMER EMPLOYER INFORMATION
I represent that my performance of all the terms of this Agreement and as an employee of the Company does not and will not breach any
agreement to keep in confidence proprietary information, knowledge, or data acquired by me in confidence or in trust prior to my employment by the Company,
and I will not disclose to the Company or induce the Company to use any confidential or proprietary information or material belonging to any previous employers
or others. I have not entered into and I agree I will not enter into any agreement, either written or oral, in conflict herewith or in conflict with my employment with
the Company. I further agree to conform to the rules and regulations of the Company.
X. AT-WILL EMPLOYMENT
I agree and understand that employment with the Company is "at -will," meaning that it is not for any specified period of time and can be
terminated by me or by the Company at any time, with or without advance notice, and for any or no particular reason or cause. I agree and understand that it also
means that job duties, title and responsibility, reporting level, compensation, and benefits, as well as the Company's personnel policies and procedures, may be
changed at any time at-will by the Company. I understand and agree that nothing about the fact or the content of this Agreement is intended to, nor should be
construed to, alter the at-will nature of my employment with the Company.
XI. SEVERABILITY
If one or more provisions of this Agreement are held to be unenforceable under applicable law, such provisions shall be modified to the
minimum extent necessary to comply with applicable law and the intent of the parties. If any provision of this Agreement, or application of it to any person, place,
or circumstances, shall be held by a court of competent jurisdiction to be invalid, unenforceable, or void, the remainder of this Agreement and such provisions as
applied to other persons, places, and circumstances shall remain in full force and effect.
XII. AUTHORIZATION TO NOTIFY NEW EMPLOYER
termination of my employment with the Company.
I hereby authorize the Company to notify my new employer about my rights and obligations under this Agreement following the
�XIII. ENTIRE AGREEMENT
This Agreement sets forth the entire agreement and understanding between the Company and me relating to the subject matter herein and
supersedes all prior discussions between us. I understand and acknowledge that (i) no other representation or inducement has been made to me, (ii) I have relied on
my own judgment and investigation in accepting my employment with the Company, and (iii) I have not relied on any representation or inducement made by any
officer, employee, or representative of the Company. No modification of or amendment to this Agreement nor any waiver of any rights under this Agreement will
be effective unless in a writing signed by the President of the Company and me. I understand and agree that any subsequent change or changes in my duties, salary,
or compensation will not affect the validity or scope of this Agreement.
XIV. EFFECTIVE DATE AND BINDING UPON SUCCESSORS
executors, and administrators and shall inure to the benefit of the Company, its subsidiaries, successors, and assigns.
This Agreement shall be effective as of the first day of my employment with the Company and shall be binding upon me, my heirs,
XV. GOVERNINGLAW
This Agreement shall be interpreted and enforced in accordance with the laws of the state in which I last resided and performed work for
the Company. Jurisdiction over and venue of any suit arising out of or relating to this Agreement shall be exclusively in the federal and state courts located in San
Francisco, California.
XVI. REMEDIES
I RECOGNIZE THAT NOTHING IN THIS AGREEMENT IS INTENDED TO LIMIT ANY REMEDY OF THE COMPANY
UNDER THE UNIFORM TRADE SECRETS ACT. I RECOGNIZE THAT MY VIOLATION OF THIS AGREEMENT COULD CAUSE THE
COMPANY IRREPARABLE HARM, THE AMOUNT OF WHICH MAY BE EXTREMELY DIFFICULT TO ESTIMATE, MAKING ANY REMEDY
AT LAW OR IN DAMAGES INADEQUATE. THUS, I AGREE THAT THE COMPANY SHALL HAVE THE RIGHT TO APPLY TO ANY COURT
OF COMPETENT JURISDICTION FOR AN ORDER RESTRAINING ANY BREACH OR THREATENED BREACH OF THIS AGREEMENT
PRELIMINARY INJUNCTIONS AND PERMANENT
INCLUDING BUT NOT LIMITED TO TEMPORARY RESTRAINING ORDERS,
INJUNCTIONS WITHOUT THE NECESSITY OF POSTING A BOND OR OTHER SECURITY AND IN ADDITION TO AND WITHOUT
PREJUDICE TO ANY OTHER RIGHTS OR REMEDIES THAT THE COMPANY MAY HAVE FOR A BREACH OF THIS AGREEMENT.
XVII. NON-WAIVER AND ATTORNEYS FEES
Waiver by either me or the Company of strict performance of any provision of this Agreement shall not be a waiver of, nor prejudice
either party’s right to require, strict performance of the same or any other provision in the future. If court proceedings are brought to enforce or interpret any
provision of this Agreement, the prevailing party shall be entitled to an award of reasonable and necessary expenses of litigation, including attorneys’ fees.
XVIII.
APPLICATION OF THIS AGREEMENT
�applicable to Proprietary Information related to any work performed by me for the Company prior to the execution of this Agreement.
I agree that my obligation set forth in this Agreement, along with the Agreement's definitions of Proprietary Information shall be equally
I HAVE READ THIS AGREEMENT CAREFULLY AND I UNDERSTAND ITS TERMS. I ACCEPT THE OBLIGATIONS, WHICH
IT IMPOSES UPON ME WITHOUT RESERVATION. NO PROMISES OR REPRESENTATIONS HAVE BEEN MADE TO ME TO INDUCE ME TO SIGN
THIS AGREEMENT. I SIGN THIS AGREEMENT VOLUNTARILY AND FREELY. I HAVE COMPLETELY NOTED ON EXHIBIT A TO THIS
AGREEMENT ANY PROPRIETARY INFORMATION THAT I DESIRE TO EXCLUDE FROM THIS AGREEMENT.
7/6/2018
Date
/s/ Klaus Oestermann
Employee Signature
Klaus Oestermann
Employee Name (Please Print)
�EXHIBIT A
1.
The following is a complete list of all Inventions relevant to the subject matter of my employment with the Company that
have been made, discovered, conceived, first reduced to practice or developed by me or jointly with others prior to my
employment by the Company that I desire to remove from the operation of the Employee Proprietary Information and
Inventions Agreement:
No Inventions.
See below: Any and all Inventions regarding:
Additional sheets attached.
2.
I propose to bring to my employment the following materials and documents of a former employer:
No materials or documents
See below:
Date: 7/6/2018
Employee Signature: /s/ Klaus Oestermann
�EXHIBIT C
ARBITRATION AGREEMENT
IN CONSIDERATION OF THE MUTUAL PROMISES TO ARBITRATE CLAIMS, I AGREE THAT ANY AND ALL CONTROVERSIES, CLAIMS, OR
DISPUTES, PAST, PRESENT, OR FUTURE, BETWEEN ME AND PROOFPOINT, INC., AND ITS AFFILIATES, SUBSIDIARIES AND PARENT
(COLLECTIVELY THE “COMPANY”)WILL BE DECIDED BY A SINGLE ARBITRATOR THROUGH FINAL AND BINDING ARBITRATION AND
NOT BY WAY OF COURT OR JURY TRIAL. THIS ARBITRATION AGREEMENT (“AGREEMENT”) IS GOVERNED BY THE FEDERAL
ARBITRATION ACT, 9 U.S.C. § 1 ET SEQ., AND EVIDENCES A TRANSACTION INVOLVING COMMERCE.
This Agreement applies to any covered dispute Company has against me or that I have against the Company, and Company’s affiliates, successors and assigns,
and its/their respective officers, directors, employees or agents—all of whom/which may enforce this Agreement as direct or third party beneficiaries. Except as
it otherwise applies, this Agreement covers any dispute or claim arising out of or related to my hiring and candidacy for employment, employment with the
Company, or termination of employment with the Company. Nothing contained in this Agreement shall be construed to prevent or excuse me from utilizing the
Company’s existing internal procedures for resolution of complaints, and this Agreement is not intended to be a substitute for the utilization of such procedures.
Moreover, nothing herein is intended to nor shall preclude either me or the Company from seeking temporary or preliminary injunctive relief from a court of
applicable jurisdiction pending final resolution of a dispute. Except as it otherwise provides, this Agreement is intended to apply to the resolution of disputes
that otherwise would be resolved in a court of law, and therefore this Agreement requires all such disputes to be resolved only by an arbitrator through
final and binding arbitration and not by way of court or jury trial. Such covered disputes include, without limitation, disputes arising out of or relating to the
interpretation, validity, application, enforceability or formation of this Agreement, except as stated in the Class Action Waiver below.
Except as otherwise stated, this Agreement also applies, without limitation, to disputes regarding compensation, breaks and rest periods, termination,
discrimination or harassment, and claims arising under the Civil Rights Act of 1964, Americans With Disabilities Act, Age Discrimination in Employment Act,
Family Medical Leave Act, Fair Labor Standards Act, Employee Retirement Income Security Act, Genetic Information Non-Discrimination Act, Uniformed
Services Employment and Reemployment Rights Act, Worker Adjustment and Retraining Notification Act, Older Workers Benefits Protection Act of 1990,
Occupational Safety and Health Act, Consolidated Omnibus Budget Reconciliation Act of 1985, False Claims Act, and state and local statutes, if any,
addressing the same or similar subject matters, and all other state statutory and common law claims (excluding workers’ compensation benefits, state disability
insurance, and unemployment insurance claims). Regardless of any other terms of this Agreement, claims may be brought before and remedies awarded by an
administrative agency if applicable law permits access to such an agency notwithstanding the existence of an agreement to arbitrate. Such administrative
claims include without limitation claims or charges brought before the Equal Employment Opportunity Commission ( www.eeoc.gov ), the U.S. Department of
Labor ( www.dol.gov ), the National Labor Relations Board ( www.nlrb.gov ), or the Office of Federal Contract Compliance Programs (
www.dol.gov/esa/ofccp ). Nothing in this Agreement shall be deemed to preclude or excuse a party from bringing an administrative claim before any agency
in order to fulfill the party’s obligation to exhaust administrative remedies before making a claim in arbitration. Disputes that may not be subject to pre-dispute
arbitration agreement as provided by controlling federal statute are excluded from the coverage of this Agreement.
Any arbitration will be administered by Judicial Arbitration & Mediation Services, Inc. (“JAMS”), and except as provided in this Agreement, will be pursuant
to its Employment Arbitration Rules & Procedures (the “JAMS Rules”). Copies of these rules are available at http://www.jamsadr.com or by using a service
such as www.google.com or www.Bing.com to search for “JAMS Employment Arbitration Rules”, and shall be made available to me upon request. Any
arbitration under this Agreement shall be conducted in Santa Clara County,
�California, but if I no longer reside in the general geographical vicinity where I last worked for the Company, the Company and I shall agree to a location for
the arbitration within 45 miles of where I reside. The arbitrator shall be selected by mutual agreement of me and the Company pursuant to the selection process
under the JAMS Rules. Unless the Company and I mutually agree otherwise, the arbitrator shall be retired a California Superior Court Judge or retired federal
judge from any jurisdiction. The party bringing the claim must demand arbitration in writing and deliver the written demand by hand or first class mail to the
other party within the applicable statute of limitations period. Any demand for arbitration made to the Company shall be provided to the Company’s Legal
Department at Proofpoint, Attn: HR, 892 Ross Drive, Sunnyvale, CA 94089. I will be given notice of any claim by the Company against me at the last home
address I provided to the Company in writing. The arbitrator shall resolve all disputes regarding the timeliness or propriety of the demand for arbitration.
In arbitration, the parties will have the right to conduct adequate civil discovery, bring dispositive motions, and present witnesses and evidence as needed to
present their cases and defenses, and any disputes in this regard shall be resolved by the arbitrator. However, I agree that there will be no right or authority for
any dispute to be brought, heard, or arbitrated as a class and/ or collective action or as a class member in any purported class and/or collective action, and the
Arbitrator will have no power or authority to preside over any class and/or collective action (“ Class Action Waiver ”). Regardless of anything else in this
Agreement and/or the JAMS Rules, or any amendments and/or modifications to those rules, any claim that all or part of the Class Action Waiver, including, but
not limited to any claim that all or part of the Class Action Waiver is invalid, unenforceable, unconscionable, void or voidable, may be determined only by a
court of competent jurisdiction and not by an arbitrator. The Class Action Waiver will be severable from this Agreement in any case in which there is a final
judicial determination that the Class Action Waiver is invalid, unenforceable, unconscionable, void or voidable. In such case, the class and/or collective action,
to that extent, must be litigated in a civil court of competent jurisdiction—not in arbitration, and any part of the Class Action Waiver that is enforceable will be
enforced in arbitration.
Each party will pay the fees for his, her, or its own attorneys, subject to any remedies to which that party may later be entitled under applicable law. In all
cases where required by law, the Company will pay the arbitrator’s and arbitration fees.
Within 30 days of the close of the arbitration hearing, any party will have the right to prepare, serve on the other party, and file with the arbitrator a brief.
The arbitrator may award any party any remedy to which that party is entitled under applicable law, but such remedies shall be limited to those that would be
available to a party in his or her individual capacity in a court of law for the claims presented to and decided by the arbitrator, and no remedies that otherwise
would be available to an individual in a court of law will be forfeited by virtue of this Agreement. The arbitrator will issue a decision or award in writing stating
the essential findings of fact and conclusions of law. Except as may be permitted or required by law, as determined by the arbitrator, neither a party nor an
arbitrator may disclose the existence, content, or results of any arbitration hereunder without the prior written consent of all parties. A court of competent
jurisdiction shall have the authority to enter a judgment upon the award made pursuant to the arbitration. The Arbitrator shall apply the substantive federal,
state, or local law applicable to the claims asserted. The arbitrator shall not have the power to commit errors of law or legal reasoning, and the award may be
vacated or corrected on appeal to a court of competent jurisdiction for any such error.
It is against Company policy for me to be subject to retaliation if I exercise my right to assert claims under this Agreement. If I believe that I have been
retaliated against by anyone at the Company, I should immediately report this to the Human Resources Department.
This Agreement is the full and complete agreement relating to the formal resolution of employment-related disputes. Except as stated above, in the event any
portion of this Agreement is deemed unenforceable, the remainder of this Agreement will be enforceable. This Agreement shall survive the termination of my
employment and the expiration of any benefit, and it will apply upon re-employment by the Company if my employment is ended but later renewed. I expressly
agree to the assignment of this Agreement by the Company and all rights and obligations hereunder, including, but not limited to, an assignment in connection
with any merger, sale, transfer or acquisition
�of or by the Company. Any contractual disclaimers the Company has in any handbooks, other agreements, or policies do not apply to this Agreement. Unless
this Agreement is deemed void, unenforceable or invalid in its entirety, this Agreement supersedes any prior agreements to arbitrate between me and the
Company.
AGREED TO BY EMPLOYEE:
I ACKNOWLEDGE AND AGREE THAT I AM EXECUTING THIS AGREEMENT VOLUNTARILY AND WITHOUT ANY DURESS OR UNDUE
INFLUENCE BY THE COMPANY OR ANYONE ELSE. I FURTHER ACKNOWLEDGE AND AGREE THAT I HAVE CAREFULLY READ THIS
AGREEMENT AND THAT I HAVE ASKED ANY QUESTIONS NEEDED FOR ME TO UNDERSTAND THE TERMS, CONSEQUENCES, AND
BINDING EFFECT OF THIS AGREEMENT AND FULLY UNDERSTAND IT, INCLUDING THAT I AM WAIVING MY RIGHT TO A JURY TRIAL
. FINALLY, I AGREE THAT I HAVE BEEN PROVIDED AN OPPORTUNITY TO SEEK THE ADVICE OF AN ATTORNEY OF MY CHOICE
BEFORE SIGNING THIS AGREEMENT.
MY SIGNATURE BELOW ATTESTS TO THE FACT THAT I HAVE READ, UNDERSTAND, AND AGREE TO BE LEGALLY BOUND TO
ALL OF THE ABOVE TERMS.
Signed at
San Francisco, CA,
(City), (State)
this day of 7/6/2018.
Klaus Oestermann
Employee’s Name Printed
/s/ Klaus Oestermann
Employee’s Signature
AGREED TO BY THE COMPANY:
/s/ Sharyl Givens
Signature of Authorized Company
Vice President, Human Resources
Title of Representative
�List of Subsidiaries of Proofpoint Inc.
Exhibit 21.01
Wholly-Owned Subsidiaries
PROOFPOINT CANADA INC.
PROOFPOINT GMBH
PROOFPOINT INTERNATIONAL, INC.
PROOFPOINT JAPAN KK
PROOFPOINT LIMITED
PROOFPOINT MALTA LTD
PROOFPOINT PTY LTD
PROOFPOINT SINGAPORE PTE. LTD.
NEXTPAGE, INC.
PROOFPOINT NI LTD.
ABACA TECHNOLOGY CORPORATION
ARMORIZE TECHNOLOGIES, INC. (US)
SENDMAIL, INC.
SENDMAIL INTERNATIONAL, INC.
SENDMAIL SARL
SENDMAIL KK
NETCITADEL, INC.
NEXGATE, INC.
EMERGING THREATS PRO, LLC
MOSCOW ACQUISITION CORPORATION
SOCIALWARE, INC.
ONTARIO ACQUISITION CORPORATION
PROOFPOINT ISRAEL LTD
PROOFPOINT ISRAEL HOLDINGS LTD
FIRELAYERS, INC.
CLOUDMARK, LLC
CLOUDMARK EUROPE LIMITED
BIZANGA LIMITED
CLOUDMARK LABS SARL
WEBLIFE BALANCE, INC.
WOMBAT SECURITY TECHNOLOGIES, INC.
WOMBAT SECURITY TECHNOLOGIES UK LTD
PROOFPOINT MIDDLE EAST FZ-LLC
PROOFPOINT SPAIN SEC S.L.
Jurisdiction of Incorporation
Ontario, Canada
Federal Republic of Germany
Delaware, USA
Japan
England and Wales
Republic of Malta
Commonwealth of Australia
Republic of Singapore
Delaware, USA
Northern Ireland
Delaware, USA
Delaware, USA
Delaware, USA
Delaware, USA
France
Japan
Delaware, USA
Delaware, USA
Indiana, USA
Delaware, USA
Delaware, USA
Delaware, USA
Israel
Israel
Delaware, USA
Delaware, USA
England and Wales
England and Wales
France
Delaware, USA
Delaware, USA
England and Wales
Dubai
Spain
�CONSENT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM
Exhibit 23.01
We hereby consent to the incorporation by reference in the Registration Statement on Form S‑8 (No.333-180839, No.333-187321, No.333-194599, No.333-
202312, No.333-209712, No.333-214366, No.333-216195, No.333-221870 and No. 333-223188) of Proofpoint, Inc. of our report dated February 21, 2019 relating
to the consolidated financial statements and the effectiveness of internal control over financial reporting, which appears in this Form 10‑K.
/s/ PricewaterhouseCoopers LLP
San Jose, California
February 21, 2019
�CERTIFICATION OF PERIODIC REPORT UNDER SECTION 302 OF
THE SARBANES-OXLEY ACT OF 2002
EXHIBIT 31.01
I, Gary Steele, certify that:
1. I have reviewed this Annual Report on Form 10-K of Proofpoint, Inc.;
2. Based on my knowledge, this report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statements
made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this report;
3. Based on my knowledge, the financial statements, and other financial information included in this report, fairly present in all material respects the financial
condition, results of operations and cash flows of the registrant as of, and for, the periods presented in this report;
4. The registrant’s other certifying officer and I are responsible for establishing and maintaining disclosure controls and procedures (as defined in Exchange Act
Rules 13a-15(e) and 15d-15(e)) and internal control over financial reporting (as defined in Exchange Act Rules 13a-15(f) and 15d-15(f)) for the registrant and have:
a) Designed such disclosure controls and procedures, or caused such disclosure controls and procedures to be designed under our supervision, to ensure that
material information relating to the registrant, including its consolidated subsidiaries, is made known to us by others within those entities, particularly during the
period in which this report is being prepared;
b) Designed such internal control over financial reporting, or caused such internal control over financial reporting to be designed under our supervision, to provide
reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally
accepted accounting principles;
c) Evaluated the effectiveness of the registrant’s disclosure controls and procedures and presented in this report our conclusions about the effectiveness of the
disclosure controls and procedures, as of the end of the period covered by this report based on such evaluation; and
d) Disclosed in this report any change in the registrant’s internal control over financial reporting that occurred during the registrant’s most recent fiscal quarter (the
registrant’s fourth fiscal quarter in the case of an annual report) that has materially affected, or is reasonably likely to materially affect, the registrant’s internal
control over financial reporting; and
5. The registrant’s other certifying officer and I have disclosed, based on our most recent evaluation of internal control over financial reporting, to the registrant’s
auditors and the audit committee of the registrant’s board of directors (or persons performing the equivalent functions):
a) All significant deficiencies and material weaknesses in the design or operation of internal control over financial reporting which are reasonably likely to
adversely affect the registrant’s ability to record, process, summarize and report financial information; and
b) Any fraud, whether or not material, that involves management or other employees who have a significant role in the registrant’s internal control over financial
reporting.
Date: February 21, 2019
/s/ GARY STEELE
Gary Steele
Chief Executive Officer
(Principal Executive Officer )
�CERTIFICATION OF PERIODIC REPORT UNDER SECTION 302 OF
THE SARBANES-OXLEY ACT OF 2002
EXHIBIT 31.02
I, Paul Auvil, certify that:
1. I have reviewed this Annual Report on Form 10-K of Proofpoint, Inc.;
2. Based on my knowledge, this report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statements
made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this report;
3. Based on my knowledge, the financial statements, and other financial information included in this report, fairly present in all material respects the financial
condition, results of operations and cash flows of the registrant as of, and for, the periods presented in this report;
4. The registrant’s other certifying officer and I are responsible for establishing and maintaining disclosure controls and procedures (as defined in Exchange Act
Rules 13a-15(e) and 15d-15(e)) and internal control over financial reporting (as defined in Exchange Act Rules 13a-15(f) and 15d-15(f)) for the registrant and have:
a) Designed such disclosure controls and procedures, or caused such disclosure controls and procedures to be designed under our supervision, to ensure that
material information relating to the registrant, including its consolidated subsidiaries, is made known to us by others within those entities, particularly during the
period in which this report is being prepared;
b) Designed such internal control over financial reporting, or caused such internal control over financial reporting to be designed under our supervision, to provide
reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally
accepted accounting principles;
c) Evaluated the effectiveness of the registrant’s disclosure controls and procedures and presented in this report our conclusions about the effectiveness of the
disclosure controls and procedures, as of the end of the period covered by this report based on such evaluation; and
d) Disclosed in this report any change in the registrant’s internal control over financial reporting that occurred during the registrant’s most recent fiscal quarter (the
registrant’s fourth fiscal quarter in the case of an annual report) that has materially affected, or is reasonably likely to materially affect, the registrant’s internal
control over financial reporting; and
5. The registrant’s other certifying officer and I have disclosed, based on our most recent evaluation of internal control over financial reporting, to the registrant’s
auditors and the audit committee of the registrant’s board of directors (or persons performing the equivalent functions):
a) All significant deficiencies and material weaknesses in the design or operation of internal control over financial reporting which are reasonably likely to
adversely affect the registrant’s ability to record, process, summarize and report financial information; and
b) Any fraud, whether or not material, that involves management or other employees who have a significant role in the registrant’s internal control over financial
reporting.
Date: February 21, 2019
/s/ PAUL AUVIL
Paul Auvil
Chief Financial Officer
(Principal Financial Officer)
�CERTIFICATION PURSUANT TO
18 U.S.C. SECTION 1350
AS ADOPTED PURSUANT TO SECTION 906
OF THE SARBANES-OXLEY ACT OF 2002
EXHIBIT 32.01
I, Gary Steele, Chief Executive Officer of Proofpoint, Inc. (the “Company”), do hereby certify, pursuant to 18 U.S.C. Section 1350, as adopted pursuant to
Section 906 of the Sarbanes-Oxley Act of 2002, that:
•
•
the Annual Report on Form 10-K of the Company for the year ended December 31, 2018 (the "Report") fully complies with the requirements of
Section 13(a) or 15(d) of the Securities Exchange Act of 1934; and
the information contained in the Report fairly presents, in all material respects, the financial condition and results of operations of the Company.
Date: February 21, 2019
/s/ GARY STEELE
Gary Steele
Chief Executive Officer
(Principal Executive Officer )
A signed original of this written statement required by Section 906 has been provided to the Company and will be retained by it and furnished to the Securities and
Exchange Commission or its staff upon request.
�ERTIFICATION PURSUANT TO
18 U.S.C. SECTION 1350
AS ADOPTED PURSUANT TO SECTION 906
OF THE SARBANES-OXLEY ACT OF 2002
EXHIBIT 32.02
I, Paul Auvil, Chief Financial Officer of Proofpoint, Inc. (the “Company”), do hereby certify, pursuant to 18 U.S.C. Section 1350, as adopted pursuant to
Section 906 of the Sarbanes-Oxley Act of 2002, that:
•
•
the Annual Report on Form 10-K of the Company for the year ended December 31, 2018 (the "Report") fully complies with the requirements of
Section 13(a) or 15(d) of the Securities Exchange Act of 1934; and
the information contained in the Report fairly presents, in all material respects, the financial condition and results of operations of the Company.
Date: February 21, 2019
/s/ PAUL AUVIL
Paul Auvil
Chief Financial Officer
(Principal Financial Officer)
A signed original of this written statement required by Section 906 has been provided to the Company and will be retained by it and furnished to the Securities and
Exchange Commission or its staff upon request.
�