United States

SECURITIES AND EXCHANGE COMMISSION

Washington, D.C. 20549

 

Form 10-K

 

(Mark One)

ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the fiscal year ended December 31, 2019

TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the transition period from            to            

Commission File Number: 0-17995

 

Zix Corporation

(Exact Name of Registrant as Specified in its Charter)

 

 

Texas

75-2216818

(State or Other Jurisdiction of

(I.R.S. Employer

Incorporation or Organization)

Identification Number)

 

2711 N. Haskell Avenue, Suite 2200, LB 36, Dallas, Texas 75204-2960

(Address of Principal Executive Offices)

(214) 370-2000

(Registrant’s Telephone Number, Including Area Code)

Securities Registered Pursuant to Section 12(b) of the Act:

 

Title of each class of stock

Trading Symbol

Name of each exchange on which registered

Common Stock

ZIXI

NASDAQ

$0.01 Par Value

 

 

 

Securities Registered Pursuant to Section 12(g) of the Act: None

 

Indicate by check mark whether the Registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act.    Yes      No  

Indicate by check mark whether the Registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act.    Yes      No  

Indicate by check mark whether the Registrant: (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the Registrant was required to file such reports) and (2) has been subject to such filing requirements for the past 90 days.    Yes      No  

Indicate by check mark whether the Registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such reports)    Yes      No  

Indicate by check mark if disclosure of delinquent filers pursuant to Item 405 of Regulation S-K (§229.405 of this chapter) is not contained herein, and will not be contained, to the best of Registrant’s knowledge, in definitive proxy or information statements incorporated by reference in Part III of this Form 10-K or any amendment to this Form 10-K.  

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer,  smaller reporting company, or an emerging growth company. See definitions of “large accelerated filer,” “accelerated filer,”  “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.

 

Large accelerated filer

 

Accelerated filer

 

 

 

 

 

Non-accelerated filer

 

Smaller reporting company

 

 

 

Emerging growth company

 

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13 (a) of the Exchange Act.  

 

Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act).    Yes      No  

As of March 4, 2020, there were 55,641,885 shares of Zix Corporation $0.01 par value common stock outstanding. As of June 30, 2019, the aggregate market value of the shares of Zix Corporation common stock held by non-affiliates was $498,353,887.

DOCUMENTS INCORPORATED BY REFERENCE

Portions of the Registrant’s 2020 Proxy Statement are incorporated by reference into Part III of this Form 10-K.

 

 

 

 

 


TABLE OF CONTENTS

 

 

 

PART I

 

Item 1.

 

Business

3

Item 1A.

 

Risk Factors

9

Item 1B.

 

Unresolved Staff Comments

26

Item 2.

 

Properties

26

Item 3.

 

Legal Proceedings

26

Item 4.

 

Mine Safety Disclosures

26

 

 

PART II

 

Item 5.

 

Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities

27

Item 6.

 

Selected Financial Data

29

Item 7.

 

Management’s Discussion and Analysis of Financial Condition and Results of Operations

30

Item 7A.

 

Quantitative and Qualitative Disclosures About Market Risk

41

Item 8.

 

Financial Statements and Supplementary Data

42

Item 9.

 

Changes in and Disagreements with Accountants on Accounting and Financial Disclosure

42

Item 9A.

 

Controls and Procedures

42

Item 9B.

 

Other Information

44

 

 

PART III

 

Item 10.

 

Directors, Executive Officers and Corporate Governance

45

Item 11.

 

Executive Compensation

45

Item 12.

 

Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters

45

Item 13.

 

Certain Relationships and Related Transactions, and Director Independence

45

Item 14.

 

Principal Accountant Fees and Services

45

 

 

PART IV

 

Item 15.

 

Exhibits and Financial Statement Schedules

46

Item 16.

 

Form 10-K Summary

48

 

 

 

2


PART I

Item 1. Business

Zix® (the “Company,” “we,” “our,” or “us”) is a leading provider of cloud email security, productivity and compliance solutions. Trusted by the nation’s most influential institutions in healthcare, finance and government. Zix delivers a superior experience and easy-to-use solutions for email encryption and data loss prevention (“DLP”), advanced threat protection and archiving. As a leading provider of cloud-based cybersecurity, compliance, and productivity solutions for businesses of all sizes, we are focused on the protection of business communication, enabling our customers to better secure data and meet compliance needs. We serve organizations in many industries, with particular emphasis on the healthcare (including multiple major hospitals and several Blue Cross Blue Shield plans), financial services (including several U.S. Banks), and insurance and government (including divisions of the U.S. Treasury and the U.S. Securities and Exchange Commission (the “SEC”)) sectors.

Our email encryption and DLP capabilities enable the secure exchange of email that includes sensitive information. Through a comprehensive secure messaging service, called Email Encryption (formerly ZixEncrypt), we allow an enterprise to use policy-driven rules to determine which email messages should be sent securely or quarantined for review to comply with regulations or company-defined policies.

The main differentiation for Email Encryption in the marketplace is our exceptional ease of use. The best example of this is our ability to provide transparent delivery of encrypted email. Most email encryption solutions are focused on the sender. They typically introduce an added burden on recipients, often requiring additional user authentication with the creation of a new user identity and password. We designed our solution to alleviate the recipient’s burden by enabling the delivery of encrypted email automatically and transparently. Zix enables transparent delivery through (1) The Directory (formerly ZixDirectory®), the world’s largest email encryption community which is designed to share identities of our tens of millions of members, (2) Zix’s patented Best Method of Delivery®, which is designed to deliver email in the most secure, most convenient method possible for the recipient, and (3) Email Encryption, which automatically encrypts and decrypts messages with sensitive content. The result is secure, transparent encrypted email, such that secure email can be exchanged without any impact to administrators or extra steps for both senders and recipients. Our Email Encryption also addresses a business’s greatest source of data loss – corporate email – with an easy, straightforward DLP approach. By focusing strictly on the risks of email, Email Encryption simplifies DLP in comparison to other DLP solutions by decreasing complexity and cost, reducing deployment time from months to hours and minimizing impact on customer resources and workflow. In addition, Zix offers a convenient experience for both employees interacting with our solution and administrators managing the system.

Our Email Encryption solution enables DLP capabilities for email by combining proven policy and content scanning capabilities with quarantine functionality. The quarantine system and its intuitive interface allow administrators to (1) easily define policies and create custom lexicons for quarantining email messages, (2) conveniently manage quarantined messages using flexible searching and filtering options, (3) release or delete individual or multiple quarantined messages with one click, (4) review reports that monitor quarantine activities and trends and (5) automate custom notifications informing employees of quarantined messages.

Email Encryption from Zix also provides greater visibility into an organization’s data risks in email by capturing data in outbound emails and highlighting violations that trigger policy filters to encrypt or quarantine. Through our interactive, real-time interface, companies can monitor their greatest vulnerabilities, generate reports for business executives and train employees about the sensitivity of their company’s data.

The solution is available as a hosted solution, as a multi-tenant solution, or as a physical or virtual on-premises appliance.

In March 2017, Zix acquired Greenview Data, Inc. (“Greenview”), an email security company. Zix’s acquisition of Greenview addresses increasing buyer demand for email security bundles by adding advanced threat protection, antivirus, anti-spam and archiving capabilities to its industry-leading email encryption. Greenview was a good fit for Zix’s business based on its employees’ expertise in email security and its emphasis on customer success, which align with Zix’s reputation for delivering industry-leading solutions and a superior experience.

Through the acquisition of Greenview, Zix launched two new solutions in April 2017 – ZixProtectSM and ZixArchiveSM. ZixProtect is now called Advanced Email Threat Protection while ZixArchive is called Information Archive.  Advanced Email Threat Protection defends organizations from zero-day malware, ransomware, phishing, CEO fraud, W-2 phishing attacks, spam and viruses in email with multi-layer filtering techniques. Accuracy in protecting organizations from email threats is increased further with automated traffic analysis, machine learning and real-time threat analysis.  The solution is available as a cloud-based service in a variety of bundles.  Information Archive (formerly ZixArchive) is a low-cost, cloud-based email retention solution that easily enables user retrieval, compliance and eDiscovery. Available as a standalone or add-on solution for other products, Zix’s Information Archive includes policy-based retention, automatic indexing and flexible search capabilities for audit and legal requirements. With on-demand access through the cloud, organizations can conveniently share messages with employees, auditors and outside consultants or legal counsel, as well as revoke access when needed.

3


In April 2018, Zix acquired Erado, a unified archiving company. Erado strengthened Zix’s comprehensive archiving solutions with unified archiving, supervision, security, and messaging solutions for customers that demand bundled services. Erado’s long standing focus on helping its customers comply with FINRA and SEC regulations helped further strengthen Zix’s offerings for customers with compliance requirements. This acquisition also expanded Zix’s cloud-based email archiving capabilities into more than 50 content channels, including social media, instant message, mobile, web, audio and video.

On February 20, 2019, Zix acquired AppRiver, a leading provider of cloud-based cybersecurity solutions for Small and Medium Businesses (“SMB”).  The combined company creates one of the leading cloud-based security solutions providers, particularly for the small and mid-size enterprise market. This acquisition further strengthened that alignment by bolstering our security offerings, expanding our go-to-market channels, and providing a stronger cloud platform to drive even more value for our customers and partners.  In addition, we now can directly offer Microsoft’s substantial catalog of productivity and Microsoft Office 365 cloud email solutions.  

On May 7, 2019, Zix acquired DeliverySlip, expanding our portfolio with additional email encryption, e-signatures, and secure file sharing solutions.

Our business operations and service offerings are supported by the ZixData Center™, which is PCI DSS 3.2 certified for applicable services, SOC2 accredited and SOC 3 certified. The operations of the ZixData Center are independently audited annually to maintain AICPA SOC3 certification in the areas of security, confidentiality, integrity and availability. Auditors also produce a SOC2 report on the effectiveness of operational controls used over the audit period.  

Our company was incorporated as a corporation in Texas in 1988. Originally named Amtech Corporation, we changed our name to ZixIt® Corporation in 1999 when we entered the encrypted email market. In 2002, we became Zix Corporation, and in 2017, the Company rebranded to Zix.

Overview

Email is a mission-critical means of communication for enterprises. However, if email leaves a secure network environment in clear text, it can be intercepted along the path between a sender and a recipient, which permits theft, redirection, manipulation or exposure to unauthorized parties. Failure to control and manage such risks can result in enforcement penalties for noncompliance under numerous regulations, in addition to damaged reputation, competitive disadvantage, a loss of intellectual property or other corporate assets, exposure to negligence or liability claims, and diversion of resources to repair such damage. For example, healthcare organizations, business associates and sub-contractors are subject to the Privacy, Security, and Enforcement Rules of the Health Information Portability and Accountability Act (“HIPAA”) enacted in 1996, and as amended by the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”) enacted in 2009. Financial institutions are subject to data privacy laws including the Gramm-Leach-Bliley Act (“GLBA”) enacted in 1999. These federal laws help drive the use of encrypted email. In addition, individual states such as Massachusetts and Nevada have enacted privacy laws requiring the safeguard of personal data, and almost all states encourage email encryption by allowing exemptions from data breach notification laws.

Corporations require easy to use, cost-effective email protection that can be used on an enterprise-wide basis. They need it to be quickly deployed and regularly updated to evolve with innovative technology practices and meet changing regulatory standards. To satisfy these needs, our Email Encryption Service provides a comprehensive solution that analyzes and encrypts email communications.

Our Email Encryption Service allows a user to send encrypted email to any email user anywhere and on any Internet-enabled device. Encrypted email is delivered through the patented Best Method of Delivery protocol which automatically determines the most direct and appropriate means of delivery, based on the sender’s and recipient’s communications environment and preferences. The protocol supports a number of encrypted email delivery mechanisms, including S/MIME, Transport Layer Security (“TLS”), Open Pretty Good Privacy (“PGP”), “push” delivery and secure portal “pull” delivery. These last two mechanisms enable users to send messages securely to anyone with an email address, including those who do not have an encryption tool. Our Best Method of Delivery makes the technology simple for end users and provides flexibility and ease of implementation for information technology professionals. We believe the ability to send messages through different modes of delivery is one of many differentiators that makes our Email Encryption Service superior to competitive offerings.

The deployment of our Email Encryption Service at the periphery of the customer’s network means our Email Encryption Service encrypts outbound email for an enterprise without the need to create, deploy or manage end user encryption keys or deploy desktop software. Our technology solutions are easy to use, easy to deploy, and can be made operational quickly.

Our service has an integrated policy management capability. This policy engine can inspect the contents of emails and apply policies matching specific industry criteria such as HIPAA, the HITECH Act and GLBA. Customers can also build their own custom policies. This policy driven email encryption for regulatory compliance means customers can reduce the training required of their staff and significantly reduce the risk of inadvertently sending sensitive content by controlling the method of delivery through preset policies.

4


Email is the number one communication tool for businesses and it is also one of the top vectors for cyberattacks. Attacks can jeopardize a company through malware, phishing, ransomware, business email compromise, viruses and other threats. Our Advanced Email Threat Protection solution uses a multi-layer approach to accurately identify email threats and defend against email-borne attacks. Our threat filters first analyze IP addresses and URLs then examine content for targeted phrases, campaign patterns and both known and zero-hour malware attacks. Accuracy is increased further with real-time threat analysts, automated traffic analysis and machine learning.

To safeguard against increasingly targeted and sophisticated attacks, our Advanced Email Threat Protection can also leverage attachment assurance and time-of-click link defense to provide enhanced protection. Attachment assurance offers quarantine and sandbox inspection of emails to perform forensic analysis of attachments in our secure, cloud-based sandbox environment. Testing efficiently handles evasive attacker techniques while fully examining files for suspicious and malicious activity. Time-of-click link defense reduces the risk of users clicking links in emails and inadvertently visiting malicious or compromised websites. This feature re-writes all full, shortened, or obfuscated links to safe versions and performs time-of-click analysis on the destination address, including IP address and domain blacklists, domain age and reputation, and other checks.

By combining our Email Encryption and Advanced Email Threat Protection solutions, Zix meets customers’ increasing desire for a bundled solution that protects inbound and outbound email with leading email security.

Competition

The most significant differentiators for Zix as compared with our competition is ease of use and exceptional support. The best example of our superior ease of use is transparent delivery of encrypted email messages. We are able to deliver transparent email encryption as a result of The Directory and Best Method of Delivery capabilities of our Email Encryption. The most critical and highly differentiated component of our solution is The Directory, which provides the ability to share user identities for encryption, and in turn provides frictionless interoperability between users in a community of interest such as healthcare, finance or government.

Our capability to offer interoperability is particularly important when it is necessary to communicate with external networks, as is the case with the healthcare and financial services markets. Our customers become part of The Directory, a global “white pages” enabling transparent secure communications with other Email Encryption customers using our centralized key management system and overall unique approach to implementing encrypted email. We enable secure communications with other users via TLS, Open PGP, “push” delivery and secure portal “pull” delivery mechanisms. However, we believe our unique transparent delivery is the more preferred delivery model.

Our phenomenal support allows customers to reach Zix via phone or email at all times to address any questions or concerns. With the increasing cost and sophistication of email attacks, convenient access to our threat analysts at any time of the day provides our customers with unmatched peace of mind.

We view our primary competitors in the email security space to be Proofpoint Inc., MimeCast, and Barracuda Networks. Technically, while these companies offer advanced threat protection against email attacks and “send-to-anyone” encrypted email, we believe that Zix offers superior customer service and unparalleled benefits that come from access to The Directory, use of our Best Method of Delivery protocol, and the industry’s only transparent email encryption. Nevertheless, some of these competitors are large enterprises with substantial financial and technical resources that exceed ours. We are also competing against other value-added cloud distributor platforms such as PAX8 and Sherweb.

Regulatory Drivers

We have been successful in securing market penetration in our target vertical markets of healthcare, finance services and government primarily due to regulations that address the need for data privacy and security.

In addition to the need to protect personal data and sensitive business communication, demand for email security in the healthcare sector, including business associates of healthcare providers, is augmented by regulatory requirements under HIPAA and HITECH Act. The Privacy and Security rules under those acts provide severe penalties for violations, including strict breach notification requirements, and allow states to pursue HIPAA violations. In the financial services industry, financial institutions and their service providers are subject to the GLBA, which is enforced by the U.S. Federal Trade Commission (“FTC”). The FTC has issued guidance saying that businesses that transmit sensitive data by email should ensure that data is encrypted.

In choosing an email security provider, companies are influenced by the solutions chosen by their regulators. Our customers include all of the federal regulators that comprise the FFIEC as well as the state banking regulators in more than twenty states. Our service is also a recommended solution of the Conference of State Bank Supervisors, whose members regulate the more than 4,200 state-chartered banks in the U.S.

5


Additionally, state data breach laws and privacy regulations, along with highly publicized breaches, have enhanced security awareness in vertical markets outside of healthcare and financial services and have prompted affected organizations to consider adopting systems that ensure data security and privacy. Even where there are no specific regulations, businesses may require email protection to adhere to evolving industry best practices for protecting sensitive information.

Sales and Marketing

We sell our Email Encryption, Advanced Email Threat Protection, Information Archive, and DLP Services through a direct sales force that focuses on larger businesses and a telesales force that focuses on small to medium-sized accounts. We also use a network of resellers and other distribution partners, including other managed service providers (“MSP”) seeking an email security offering. Approximately 74% of our new business transacted in 2019 resulted from our partner relationships. As of December 31, 2019, we had 4,338 monthly transacting MSP partners.

Employees

We had 566 employees as of December 31, 2019. The majority of our employees are located in Gulf Breeze, Florida and Dallas, Texas.

Research and Development

We incurred research and development (“R&D”) expenses of $20.4 million, $11.3 million, and $11.0 million for the twelve-month periods ended December 31, 2019, 2018, and 2017, respectively.

Early 2019 saw technical completion of our new security and compliance bundle platform (ZixSuite) which includes enhanced variants of core Threat Protection, Encryption, Continuity and Archiving Technologies. The introduction of ZixSuite was immediately followed by the announcement of our AppRiver acquisition and ensuing technology integration thrust.

As part of early AppRiver integration, we delivered a technology interoperation framework, which enabled enhanced Encryption and Archive models from ZixSuite to be sold with AppRiver service using the AppRiver Nautical framework for customer partner ordering, provisioning, and billing. This was followed by a much larger set of R&D projects targeting consolidation of best-in-class subsystems from both companies into one premium Email Threat Protection offer, seamless LDAP driven integration of bundle services and modernized and enhanced web access and provisioning capabilities for these bundled services through an enhanced Nautical customer enablement and tech touch framework. The service components can be bundled and integrated with Microsoft Office 365 mailboxes or offered separately. Enhanced reporting and Security Information and Event Management (SIEM) integration capabilities dovetail into the resulting new service portfolio, which we expect to become commercially available in early 2020.

Year 2019 also saw completion of the first full technical integration of the EMS appliance into the Zix Encryption Network.  We acquired the EMS technology in late 2017, bringing us an on premises encryption portal and encryption interoperation technologies, which were complementary to our legacy encryption service portfolio.  Our 2019 investments significantly improved mobile web responsiveness and accessibility features and added an Outlook plugin client framework and capability to integrate into the Email Encryption Best Method of Delivery.  The capabilities are currently available.

Intellectual Property

We depend upon our ability to develop, maintain and protect our proprietary technology and our related intellectual property rights. We rely on a combination of patent, trademark, trade secret and copyright law and contractual restrictions to protect the proprietary aspects of our technology and related property rights and to defend against infringement and/or misappropriation claims from others. We own 44 U.S. patents with various expiration dates through 2036, and 15 pending U.S. applications. We have a program to file applications for and obtain patents and trademarks in the United States and in specific foreign countries where we believe filing for such protection is appropriate. While intellectual property rights are generally important to our business, we do not believe that our business is dependent on any single item of intellectual property, or that any single item of intellectual property is material to the operation of our business. Rather, we believe that our intellectual property rights provide us with a competitive advantage, and from time to time we have taken steps to enforce our intellectual property rights as a means of protecting that competitive advantage.

Our Company and certain of our subsidiaries are the owners of trademarks and service marks registered with the United States Patent & Trademark Office. These marks are renewable indefinitely, contingent upon continued use and payment of applicable renewal fees. Additionally, our Company and certain of our subsidiaries own several pending trademark applications with the United States Patent & Trademark Office as well as a number of United States common law trademarks, several service marks and trademarks and service marks registered in foreign countries. We consider our trademark and service marks as valuable assets of the Company due to their recognition by our customers. We are not aware of any valid claims of infringement or challenges to our right to use any of our trademarks or service marks in the United States.

6


Please see generally the risks that are more fully disclosed in “Item 1A. Risk Factors” for risks related to our intellectual property.

Compliance with Environmental Regulations

We have not incurred, and do not expect to incur, any material expenditures or obligations related to environmental compliance issues.

Governmental Contracts

We have contracts with many local, state and federal agencies and regulators, which in the aggregate contributed approximately 4% of our annual revenue in 2019.

Significant Customers

In each of 2019, 2018, and 2017, no single customer accounted for 10% or more of our total revenues.

Backlog

Our backlog is comprised of contractual commitments that we expect to recognize as revenue in the future. Our backlog was $89.4 million at December 31, 2019, compared to $73.0 million at December 31, 2018.

As of December 31, 2019, our backlog is comprised of the following elements: $43.3 million of deferred revenue that has been billed and paid, $10.9 million billed but unpaid, and approximately $35.2 million of unbilled contracts.

The backlog is recognized into revenue ratably as the services are performed. Approximately 70% of our total backlog at December 31, 2019, is expected to be recognized as revenue during the next twelve months.

Seasonality

The Company typically experiences less new business in the first quarter of the calendar year. Our annual budget anticipates this in our forecasting of the first quarter, but historically this has not resulted in a material impact to our revenue or earnings on a seasonal basis. The first quarter typically includes a slight decline in profitability and cash flow for the Company, as our first quarter includes increases in cost associated with payroll taxes, sales and marketing investments for the year and timing of the payment of the Company’s annual bonus program and retention bonuses associated with our acquisitions.

Geographic Information

Our operations are primarily based in the U.S., with approximately 4% of our employees located internationally, predominantly in Canada. We did not have significant dependencies on any other foreign countries as of December 31, 2019. While the vast majority of our revenues are sourced in the U.S. and all significant corporate assets at December 31, 2019 were located in the U.S., we host data in foreign countries, such as the United Kingdom and Switzerland and are strategizing to increase our international footprint in United Kingdom and European Union for further revenue growth in those geographic areas.  

Financial Information About Industry Segments

We have one reportable segment consisting of email encryption and security solutions. We internally evaluate all of our product offerings and other sources of revenue as one industry segment, and, accordingly, do not report segment information.

Available Information

Our Internet address is www.zix.com. Our Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, and amendments to those reports filed or furnished pursuant to Section 13(a) or 15(d) of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), are available on our website, without charge, as soon as reasonably practicable after we electronically file such material with, or furnish it to, the SEC. The information found on our website shall not be considered to be part of this or any other report filed with or furnished to the SEC.

In addition to our website, you may read and copy any materials we electronically file with the SEC through the SEC’s website at www.sec.gov. The SEC’s website contains reports, proxy and other information statements, and other information regarding issuers, including us, that file electronically with the SEC.

7


NOTE ON FORWARD-LOOKING STATEMENTS AND RISK FACTORS

This document contains “forward-looking statements” (including the discussion appearing under the caption “Liquidity Summary” in “Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations”) within the meaning of Section 27A of the Securities Act of 1933, as amended (the “Act”) and Section 21E of the Exchange Act. All statements other than statements of historical fact are “forward-looking statements” for purposes of federal and state securities laws, including, but not limited to: any projections of future business, market share, earnings, revenues, recognition of revenues from backlog, cash receipts, or other financial items; any statements of the plans, strategies, and objectives of management for future operations, future acquisitions or the integration thereof; any statements concerning proposed new products, services, or developments; any statements regarding future economic conditions or performance; any statements of belief; and any statements of assumptions underlying any of the foregoing. Forward-looking statements may, but need not, include words such as “may,” “will,” “predict,” “project,” “forecast,” “plan,” “should,” “could,” “goal,” “estimate,” “intend,” “continue,” “believe,” “expect,” “outlook,” “anticipate,” “hope,” and other similar expressions. Any forward-looking statements involve risks and uncertainties that could cause actual events or results to differ materially from the events or results described in the forward-looking statements, including, but not limited to, the risks and uncertainties described in the “Item 1A. Risk Factors” section.

Although we believe that expectations reflected in and the assumptions underlying our forward-looking statements are reasonable, actual results or assumptions made could differ materially from those projected or assumed in any of our forward-looking statements. Our future financial condition and results of operations, as well as any forward-looking statements, are subject to change and to inherent risks and uncertainties, including, but not limited to, those disclosed in this document. Forward-looking statements speak only as of the date on which they are made, and we do not intend, and undertake no obligation, to update any forward-looking statement.

8


Item 1A. Risk Factors

The following is a cautionary discussion of risks, uncertainties and assumptions that we believe are significant to our business, financial condition and financial results. In addition to the factors discussed elsewhere in this Annual Report on Form 10-K, the following are some of the important factors that, individually or in the aggregate, we believe could make our results differ materially from those described in any forward-looking statements. It is impossible to predict or identify all such factors and, as a result, you should not consider the following factors to be a complete discussion of risks, uncertainties and assumptions.

Risks Related to our Business

Our business depends upon customers using email and certain social media platforms to exchange confidential information, and a significant shift of those messages to other communication channels could impair our growth prospects and negatively affect our business, financial condition and financial results.

Our customers deploy and use our products and services to easily, securely and confidentially send and receive electronic messages, by way of internet communications channels including email and certain social media platforms. Our business and revenue substantially depend on our current and potential customers using email and social media to exchange sensitive information electronically. New technologies, products, or business models that could support migration to alternative means of secure communications could be disruptive to our business. If prospective or current customers were to send and receive sensitive information using technology or communication channels other than email or the social media platforms that we support, our growth prospects and our business, financial condition and financial results could be materially adversely affected.

Our business depends on market acceptance of our products and services, and our failure to achieve and maintain influential customers could negatively affect our business, financial condition and financial results.

In order to continue to operate profitably and grow, we must achieve and maintain broad market acceptance of our products and services at a price that provides us with an acceptable rate of return relative to our costs. We have been successful in selling our Email Encryption products and services to high-profile customers in the healthcare, financial services and government segments of the market. The acceptance and use of our products and services by those significant customers facilitates our sales to other potential customers. The loss of an influential customer of our existing products and services, or the failure to achieve sufficient market adoption of new products including Advanced Email Threat Protection and Information Archive, could impair our ability to expand the market penetration of our products and services, or cause us to reduce or increase prices, which could reduce our revenues and net income and materially adversely affect our business, financial condition and financial results.

Our business relies on securing new customer subscriptions and subscription renewals from existing customers.

The vast majority of our revenue is derived from customer subscriptions, and existing customers have no contractual obligations to purchase beyond the initial subscription or contract period. Our ability to grow our business is dependent in part on customers renewing their existing subscriptions and purchasing additional solutions or services after the initial term of their agreement. Though we maintain and analyze historical data with respect to rates of customer renewals, upgrades and expansions, those rates may not accurately predict future trends in renewal of certain products and services offered by us. If our customers cancel or amend their agreements with us during their term, do not renew their agreements, renew on less favorable terms or do not purchase additional solutions or products during renewal periods, our revenue may grow more slowly than expected or decline and our profitability may be harmed.

Additionally, we have experienced, and expect to continue to experience, some level of attrition with existing customers and we may not maintain historical subscription rates, and we may be unable to accurately predict our customer renewal rates. Although we have historically retained approximately 90% of our recurring revenue on an annual basis, there has been some recent decline in such retention and our customers’ renewal rates may further decline or fluctuate as a result of a number of factors, including the level of their satisfaction with our products and technical support services, customer merger or acquisition activity, customer budgets, the pricing of our products compared with those offered by our competitors, technology trends, the prevailing regulatory regime and general market conditions. If new subscriptions or subscription renewals decline from their current levels, our revenue or revenue growth may decline, and our business may suffer which could have a materially adverse effect on our financial performance.

9


The security of our networks and data centers is critical to our business and an actual or perceived breach of security through a cyber-attack or otherwise could cause us to lose customers and could negatively affect our reputation, business, financial condition and financial results.

We are dependent on our networks and data centers to provide our products and services. Due to the nature of the products and services we provide and the sensitive nature of the information we collect, process, store, use and transmit, we detect cyber-attacks from unauthorized parties attempting to penetrate our networks and data centers.  We are also susceptible to inadvertent data protection breaches, computer viruses and other similar disruptions from process, coding or human error that could harm our networks and data centers. Our business depends on customers having and maintaining confidence that we provide effective network and security protection. To reduce the risk of a successful cyber-attack or similar event, we have implemented significant physical and logical security measures to detect, identify and mitigate threats as well as to monitor for and respond to potential breaches and incidents. Despite these security measures, we may be unable to anticipate malicious techniques or implement adequate measures to prevent an intrusion and our networks and data centers may remain vulnerable. We may not be able to correct a security flaw or particular vulnerability promptly, or at all. Further efforts to limit the ability of malicious third parties to disrupt or undermine our security efforts may be costly to implement and may not be successful. Also, many of our products are cloud-based, and the amount of data we store for our customers on our servers has been increasing as our business as grown. The risk that these types of events could seriously harm our business is likely to increase as we expand the number of cloud-based products we offer and operate in more countries. Despite the implementation of security measures, if a cyber-attack or other breach of security occurs, or is perceived to have occurred, in our internal systems or at our data centers and networks, it could cause negative publicity, interruption of our services, damage to our reputation, unauthorized disclosure of our customers’ confidential or proprietary information (including personally identifiable information), disclosure of our intellectual property, disclosure, modification or removal of our confidential or sensitive information, theft or unauthorized use or publication of our trade secrets, loss of customers, lost revenue and increased expense (including potentially indemnification or warranty costs), any of which could have a material adverse effect on our business, financial condition and financial results.

In addition, while we maintain cyber liability insurance coverage that may cover certain liabilities in connection with a cybersecurity incident, we cannot be certain that our insurance coverage will be adequate for liabilities actually incurred, that insurance will continue to be available to us on commercially reasonable terms, or at all, or that any insurer will not deny coverage as to any future claim. The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could have a material adverse effect on our business, financial condition, financial results and reputation.  

Public key and other cryptographic technologies used in our businesses are subject to technology risks that could reduce demand for our products and services and could negatively affect our business, financial condition and financial results.

Our business employs public key cryptography technology and other encryption technologies to encrypt and decrypt sensitive data. The security afforded by encryption depends on the strength of the private key, which is predicated on the assumption that it is very difficult to mathematically derive the private key from the related public key. Successful decryption of intercepted encrypted email, or public reports of successful decryption, whether or not true, could reduce demand for our products and services. If new methods or technologies, such as quantum computing, make it easier to derive the private key from the related public key, the security of encryption services using public key cryptography technology could be impaired and our products and services could become less marketable. That could require us to make significant changes to our products and services, which could increase our costs, damage our reputation, or otherwise harm our business. Any of these events could reduce our revenues, increase our expenses and materially adversely affect our business, financial condition and financial results.

Our business depends substantially on our data center facilities and other systems and infrastructure provided by third parties, and their unreliability or unavailability for a significant period could cause us to lose customers and could negatively affect our business, financial condition and financial results.

Our business relies on third-party suppliers of computer, cloud and telecommunications infrastructure to provide our products and services through the global internet and to provide network access between our data centers, our customers and end-users of our products and services. Much of the computer and communications hardware upon which our businesses depend is located in our data center facilities in North America and Europe. In addition to our data centers, as our business has grown, we have increased the use of co-located data centers managed by third parties to support our computer and communications hardware. If we are unable to maintain our contractual relationships with existing co-located data center providers or establish new contractual relationships with co-located data center providers on favorable terms, or at all, we could be required to move our equipment to a new facility and may experience delays, increased costs or downtime for our customers. Our company-owned and co-located data centers might be damaged or interrupted as a result of numerous factors, many of which are beyond our control, including epidemics, fire, flood, natural disasters, power loss, mechanical failure, telecommunications failure, break-ins, cyber-attacks, sabotage, vandalism, earthquakes, terrorist attacks, hostilities or war or other events. Computer viruses, equipment failure, denial of service attacks, and similar disruptions affecting the internet, infrastructure supplied by third parties or our systems might cause service interruptions, delays and loss of critical data, and could prevent us from providing our services. Problems affecting our data center operations or the networks on which we rely, whether or not in our control, could result in loss of revenues, increased expenses, failure to achieve market acceptance, diversion of resources, injury to our reputation, liability and increased costs, and may cause our customers to terminate or elect not to renew their agreements. We do not carry sufficient insurance to compensate us for all losses that may occur as a result of any of these events. Though our products generally tolerate isolated supplier failures, the occurrence of any of these events, including multiple supplier outages or problems, could materially adversely affect our business, financial condition and financial results.

10


Outages or problems with internet communication systems and infrastructure supplied by third parties could negatively affect our business, financial condition and financial results.

Our business relies on third-party suppliers of the telecommunications and internet infrastructure. We use various communications service suppliers and the global internet to provide network access between our data centers, our customers and end-users of our products and services. If those suppliers do not enable us to provide our customers with reliable, real-time access to our systems, we may be unable to gain or retain customers. These suppliers periodically experience outages or other operational problems as a result of internal system failures or external third-party actions. They might be damaged or interrupted as a result of numerous factors, many of which are beyond our or their control, including fire, flood, power loss, mechanical failure, telecommunications failure, break-ins, cyber-attacks, sabotage, vandalism, earthquakes, terrorist attacks, hostilities or war or other events. Computer viruses, equipment failure, denial of service attacks, and similar disruptions affecting the internet, infrastructure supplied by third parties or our systems might cause service interruptions, delays and loss of critical data, and could prevent us from providing our services. Further, striving to protect email recipients from phishing and other exports, such suppliers email and web page security protection systems outside of our control may randomly and inadvertently delay or block important customer email streams or interfere with linkages between emails and web page access. Though our products generally tolerate isolated supplier failures, multiple supplier outages, problems providing reliable, real-time access or inadvertent delays or blocking of access could materially adversely affect our business, financial condition and financial results.

The infrastructure supporting our business may suffer capacity constraints and business interruptions that could cause us to lose customers, increase our operating costs and could negatively affect our business, financial condition and financial results.

Our business depends on our providing our customers reliable, real-time access to our data centers and networks. Customers will not tolerate a service hampered by slow delivery times, unreliable service levels, service outages, or insufficient capacity. System capacity limits or constraints arising from unexpected increases in our volume of business or network traffic could cause interruptions, outages or delays in our services, or deterioration in their performance, or could impair our ability to process transactions. We may not be able to accurately project the rate of increase in usage of our systems or to increase capacity to accommodate increased traffic on our systems in a timely fashion. System delays or interruptions may prevent us from efficiently providing services to our customers or other third parties, which could result in our losing customers and revenues, or incurring liabilities that could have a material adverse effect on our business, financial condition and financial results. 

The growth of our business may require significant investment in systems and infrastructure and these investments may achieve delayed, or lower than expected benefits, which could impair our profitability and negatively affect our business, financial condition and financial results.

As our operations grow in size and scope, we continually need to improve and upgrade our technology offerings, systems and infrastructure to offer an increasing number of customers enhanced products, services, features and functionality, while maintaining the reliability and integrity of our systems and infrastructure and pursuing reduced costs per transaction. Expanding our technology offerings, systems and infrastructure may require us to commit substantial financial, operational and technical resources, with no assurance that the volume of our business will increase, which could reduce our net income, deplete our cash, and materially adversely affect our business, financial condition and financial results. Developing and launching new product offerings adjacent to or outside of our core service offerings can be particularly costly in terms of capital investments for both product development and marketing. At the same time, we may not be able to accurately forecast demand or predict the results we will realize from these new offerings increasing the uncertainty concerning both market acceptance and our ability to successfully execute a sales and marketing strategy that justifies our investments. Our failure to properly manage and execute new product initiatives could materially adversely affect our business, financial condition and financial results. 

Development of our products depends on software service and maintenance and information systems provided by third parties, and their unreliability, system failures, interruptions or breaches of security could cause us to lose customers and could negatively affect our business, financial condition and financial results.

We rely on third-party contractors, often located outside of the United States, to perform certain services and maintain our software and develop our products. If we are unable to maintain our contractual relationships with existing third parties that facilitate our business or establish new contractual relationships with third parties that facilitate our business on favorable terms, or at all, it could adversely affect our ability to provide products and services to our customers. The third parties upon which we rely may fail to operate properly or experience operational disruption, failure, termination, or capacity constraints which might cause service interruptions, delays and loss of critical data, and could prevent us from timely development of our products or from providing our services. Such parties could also be the source or cause of an attack on, or breach of, our operational systems, data or infrastructure. Problems with respect to such third parties, whether or not in our control, could result in loss of revenues, increased expenses, inability to bill our customers, failure to achieve market acceptance, diversion of resources, injury to our reputation, liability and increased costs, and may cause our customers to terminate or elect not to renew their agreements.

11


Because we recognize subscription revenue over the term of the applicable customer agreement, a decline in subscription renewals or new service agreements may not be reflected immediately in our operating results.

We recognize revenue from some customers ratably over the terms of their customer agreements, which may be one year or two years. As a result, much of the revenue we report in each quarter is deferred revenue from customer agreements entered into during previous quarters. Consequently, a decline in new or renewed client agreements in any one quarter will not be fully reflected in our revenue or our results of operations until future periods. Accordingly, this revenue recognition model also makes it difficult for us to rapidly increase our revenue through additional sales in any period, as revenue from new clients must be recognized over the applicable subscription term. 

Our failure to keep pace with rapid technology changes could have a negative impact on our business, financial condition and financial results.

The markets for our products and services are characterized by rapid technological developments and frequent changes in customer requirements. We must continually improve the performance, features and reliability of our products and services, particularly in response to competitive offerings, to keep pace with these developments. We must ensure that our products and services address evolving operating environments, devices, industry trends, certifications and standards. For example, we have been required to expand our offerings to support newer multi-tenant cloud architectures and accessibility standards. We also may need to develop products that are compatible with new operating systems while remaining compatible with existing, popular operating systems. Our business could be harmed by our competitors announcing or introducing new products and services that could be perceived by customers as superior to ours. We spend considerable resources on technology research and development, but our research and development resources are more limited than many of our competitors.

In addition, we are also focused on addressing new and accelerating market trends, such as the continued decline of on premise email security and advance threat protection solution(s) and the continued transition towards cloud-based solutions, which requires us to continue to improve our product and service offerings. We may experience delays in the anticipated timing of activities related to our efforts to address these challenges and higher than expected or unanticipated execution costs. Our failure to introduce new or enhanced products on a timely basis, to keep pace with rapid industry, technological or market changes or to gain customer acceptance for our new and existing products and services, such as mobile device data protection, could have a material adverse effect on our business, financial condition and financial results.

Mobile devices are increasingly used to access the internet, and our cloud-based and mobile support products may not operate or be as effective when accessed through these devices, which could harm our business.

Historically, we designed our web-based products for use on a desktop or laptop computer; however, mobile devices, such as smartphones and tablets, are increasingly being used as the primary means for accessing the internet and conducting e-commerce. We are dependent on the interoperability of our products with third-party mobile devices and mobile operating systems, as well as web browsers we do not control. Any changes in such devices, systems or web browsers which degrade the functionality of our products or give preferential treatment to competitive products could adversely affect usage of our products. In the event our customers have difficulty accessing and using our products on mobile devices, our customer growth, business and operating results could be adversely affected.

Failure to effectively manage our product and service lifecycles could harm our business.

As part of the natural lifecycle of our products and services and synergies resulting from our recent acquisitions, we periodically inform customers that products or services will be reaching their end of life or end of availability and will no longer be supported or receive updates and security patches. To the extent these products or services remain subject to a service contract with the customer, we offer to transition the customer to alternative products or services. Failure to effectively manage our product and service lifecycles and effectively convert to alternative products and services could result in us losing customers and revenues, or incurring contractual liabilities, which could adversely affect our business, financial condition and financial results.

We face strong competition, which could negatively affect our business, financial condition and financial results.

The markets in which we compete are characterized by rapid change and converging technologies and are very competitive. With rising demand for private and secure email communications, there is strong competition for our products and services. Our Email Encryption Threat Protection, Archive, and Data Loss Prevention business competes with products and services offered by companies such as Barracuda Networks, Inc., Proofpoint, and Mimecast. Strong competition requires us to develop new technology solutions and service offerings to expand the functionality and value that we offer to our customers. Our competitors may develop products and services that are perceived by customers as equivalent to, or having advantages over, our products and services. We are also competing against other value-added cloud distributor platforms such as PAX8 and Sherweb, and our ability to maintain our managed service provider partners is dependent on our success in successfully competing with such competitors. Competitors could capture a significant share in our markets, causing our sales and revenue to decline or grow more slowly. Barriers to entry are relatively low, and new ventures are often formed that create products and platforms competitive with our products and platforms. Competitive pressures could lead to price discounting or to increases in expenses such as advertising and marketing costs. Increased competition could also decrease demand for our products and services. Competition could reduce our revenues and net income and materially adversely affect our business, financial condition and financial results.

12


Industry consolidation may lead to increased competition and may negatively affect our operating results.

There has been a trend toward consolidation in our industry for several years. We expect this trend to continue as companies attempt to strengthen or hold their market positions in an evolving industry and as companies are acquired or are unable to continue operations. For example, some of our current and potential competitors have made acquisitions, or announced new strategic alliances. Companies that are strategic alliance partners in some areas of our business may acquire or form alliances with our competitors, thereby reducing their business with us. We believe that industry consolidation may result in stronger competitors that are better able to compete as sole-source vendors for customers. This could have a material adverse effect on our business, financial condition and financial results.

Some competitors have advantages that may allow them to compete more effectively than us, which could negatively affect our business, financial condition and financial results.

Some of our competitors have longer operating histories, more extensive operations, greater name recognition, larger technical staffs, bigger product development and acquisition budgets, established relationships with more distributors and hardware vendors, and greater financial and marketing resources than we do. These advantages might enable them (independently or through alliances) to develop and expand functionality of products and services faster than we can, to spend more money to market and distribute products and services than we can, or to offer their products and services at prices lower than ours. These advantages could reduce our revenues and net income and materially adversely affect our business, financial condition and financial results.

We rely on marketing efforts of our sales force and channels to promote our brand and acquire new customers. If we do not effectively expand and train our sales force or lose access to these channels, we may be unable to add new customers or increase sales to our existing customers and our business may be negatively affected.

We rely on our sales force and a variety of channels, including online keyword search, television, email and social media marketing, to promote our brand, to obtain new customers and to sell additional solutions to our existing customers. We believe that there is significant competition for sales personnel with the skills and technical knowledge that we require and our ability to achieve significant revenue growth will depend, in large part, on our success in recruiting, training and retaining sufficient numbers of sales personnel to support our growth. New hires require significant training and, in most cases, take significant time before they achieve full productivity. If we lose access to one of more of our marketing channels, either because the costs of advertising become prohibitively expensive or we change our marketing practices, or for other reasons, we may become unable to promote our brand effectively, limiting our ability to grow the business. Our marketing channels and our recent and planned hires may not become as productive or cost-effective as we expect in generating traffic to our website, attracting customers and renewing sales of our products. If we are unable to hire and train sufficient numbers of effective sales personnel or maintain access to sufficient channels, or the sales personnel and marketing channels are not successful in obtaining new clients or increasing sales to our existing client base, our business will be harmed.

If we do not successfully manage our strategic alliances, we may not realize the expected benefits from such alliances and we may experience increased competition or delays in product development.

We have entered into several strategic alliances with other companies to offer complementary products and services. These arrangements are generally limited to specific projects or series of projects, and their main goal is generally to facilitate product compatibility and adoption of industry standards. There can be no assurance that we will realize the expected benefits from these strategic alliances. If successful, these relationships may be mutually beneficial and result in industry growth. However, alliances carry an element of risk because, in most cases, we must compete in some business areas with a company with which we have a strategic alliance and, at the same time, cooperate with that company in other business areas and these alliances can require substantial investment while providing no assurance of return. Also, if these partner companies fail to perform or if these relationships fail to materialize as expected, we could suffer delays in product development or other operational difficulties.  If we are unable to maintain our contractual relationships with existing strategic partners or establish new contractual relationships with potential partners on favorable terms, or at all, we may not be able to offer the products and related functionality our customers expect, and we may experience delays and increased costs in adding customers and may lose customers. Any ineffectiveness of our strategic alliances could materially adversely affect our business, financial condition and financial results.  

We enlist third-party distributors to market our products and services, and our failure to succeed in those relationships could negatively affect our business, financial condition and financial results.

We distribute a significant percentage of our products and services by entering into alliances with third parties who can offer our products and services along with their own or our competitors’ products and services. Increased reliance on third parties to market and distribute our products and services exposes us to a variety of risks. For example, we have limited control over and visibility into the sales cycles of third-party distributors, which could increase the length of our sales cycle, cause our revenue to fluctuate unpredictably and make it difficult to accurately forecast our revenue. In addition, we may not succeed in developing or maintaining marketing alliances. Companies with which we have marketing alliances may in the future discontinue their relationships with us, form marketing alliances with our competitors, or develop and market their own products and services that compete with ours. If a significant distributor were to discontinue its relationship with us, we could experience an interruption in the distribution of our products and services and our revenues could decline. Our failure to develop, maintain and expand strategic distribution relationships could reduce our revenues and net income and materially adversely affect our business, financial condition and financial results.

13


Our relationship with Microsoft is non-exclusive and our failure to effectively manage and maintain this relationship or to successfully compete with other providers of Microsoft could negatively affect our business, financial condition and financial results.

Because we provide our products to customers with Microsoft products, including Office 365, as well as the fact that a significant portion of our revenue is reliant on Microsoft products, Microsoft has a significant direct and indirect influence on our business. If we do not maintain our relationship with Microsoft as a reseller, or if they decide to stop utilizing resellers in distribution of their products, make an adverse change in their reseller program or change their product offerings, it could reduce our revenues and net income and materially adversely affect our business, financial condition and financial results.

Microsoft can change its product pricing and discounting to us at any time, and unless we are able to pass through such changes to our customers, our revenue, gross profit and operating results would be negatively impacted. Further, Microsoft currently offers co-op and rebate programs in conjunction with our resale activities in which we earn money for certain purposes or achieving certain predefined objectives. If Microsoft changed the way that co-op or rebates are earned by eliminating or negatively modifying the programs, our gross profit and operating results distribution of our products and services and our revenues could decline.

Our relationship with Microsoft is non-exclusive and there are other resellers that also provide Microsoft products, including Office 365. Currently, we maintain a portion of the discount provided by Microsoft in the reseller program and pass along part of the discount to our distributors. Other resellers may be passing along to their third-party distributors the discount provided by Microsoft differently than us, which may increase competition for third-party distributors. Our failure to effectively compete with other Microsoft resellers could reduce our revenues and net income and materially adversely affect our business, financial condition and financial results.

Our future growth and success may be affected by acquisitions. If we are not able to successfully identify, negotiate, complete and integrate acquisitions, our operating results and prospects could be negatively affected.

We have acquired and expect to continue to acquire new products and technology, as well as customers, through acquisitions. The success of our future acquisition strategy will depend on our ability to identify suitable acquisition candidates, negotiate on favorable terms, successfully complete and fully integrate such acquisitions. We may have to pay cash, incur debt or issue equity securities to pay for future acquisitions, each of which could adversely affect our financial condition or the value of our common stock. Equity issuances in connection with potential future acquisitions may also result in dilution to our stockholders. Acquisitions are inherently risky, and any acquisition we complete may not be successful. Acquisitions we pursue, including our recent AppRiver acquisition and DeliverySlip asset acquisition, involve numerous risks, including the following:

 

difficulties in integrating and managing the operations and technologies of the companies and assets we acquire;

 

diversion of our management’s attention from normal daily operations of our business;

 

our inability to maintain or changes in relationships with the customers, the key employees, the key business relationships and the reputations of the businesses and products we acquire and our current strategic partners;

 

our inability to generate sufficient revenue from acquisitions to offset increased expenses generally associated with acquisitions;

 

difficulties in predicting or achieving synergies and cost savings between our existing businesses and acquired businesses;

 

our responsibility for the liabilities of the businesses we acquire, including liabilities arising out of their failure to operate correctly, maintain effective data security, data integrity, disaster recovery and privacy controls prior to acquisition, or their infringement or alleged infringement of third-party intellectual property, contract or data access rights prior to acquisition, tax liabilities, litigation claims from terminated employees, customers, former stockholders or other third parties and other known or unknown liabilities;

 

difficulties in complying with new markets or regulatory standards to which we were not previously subject;

 

difficulties or unanticipated expenses associated with development work that is necessary to achieve interoperability between our products and solutions and the products and solutions we acquire;

 

difficulties or unanticipated expenses associated with migrating customers from products and solutions developed by our acquisition targets to our own products and solutions;

 

delays in our ability to implement internal standards, controls, procedures and policies in the businesses we acquire increasing our vulnerability to network attacks security incidents, or similar events; and

 

adverse effects of acquisition activity on the key performance indicators we use to monitor our performance as a business, including impacts resulting from performance earn-outs or contingent bonuses.

14


Unanticipated events and circumstances occurring in future periods may affect the realizability of intangible assets that we are required to record on our balance sheet as a result of acquisitions. These events and circumstances could include significant under-performance relative to projected future operating results and significant changes in our overall business or product strategies. Such events and circumstances may cause us to revise our estimates and assumptions used in analyzing the value of our intangible assets, and any such revision could result in a non-cash impairment charge that could have a material impact on our financial results.

Unfavorable economic environments, particularly in the U.S., could negatively affect our business, financial condition and financial results.

Challenging economic conditions worldwide have from time to time contributed, and may contribute to future slowdowns in the technology and networking industries at large, as well as in the email/data security market and in specific geographic markets in which we operate. If economic growth in those markets, particularly in the U.S., which accounts for a substantial majority of our revenue, slows, or credit is unavailable at a reasonable cost, current and potential customers may delay or reduce technology purchases, including the deployment or expansion of our products and services and make it difficult to accurately forecast and plan our future business activities. Additionally, as our business grows in international markets, we may become more susceptible to unfavorable economic environments outside the U.S. and that could compound the negative effects of unfavorable economic environments in markets in which we currently operate. This could result in reduced sales of our products and services, longer sales cycles, slower adoption of new technologies and increased price competition. In addition, adverse economic conditions and changes in trade policies, treaties, government regulations and tariffs could negatively affect the cash flow of our customers and distributors, which might result in failures or delays in payments to us. This could increase our credit risk exposure and delay our recognition of revenue. Specific economic trends, such as declines in the demand for cloud computing services and computing devices, or softness in corporate information technology spending, could have a more direct impact on our business. In addition, changing economic conditions may also adversely affect third parties with which we have entered into strategic relationships and upon which we depend in order to grow our business.  As a result, we may be unable to continue to grow in the event of future economic slowdowns. If these conditions persist, spread or deteriorate further, our business, financial condition and financial results could be materially adversely affected.

If our products have defects or security vulnerabilities, our reputation, business, financial condition and financial results could be negatively affected and we could experience negative publicity, declining sales and legal liability.

The threats facing our customers are constantly evolving and the techniques used by experienced hackers to access or sabotage data change frequently, often are not recognized until launched against a target, and may originate from less regulated or remote areas around the world. As a result, we must constantly update our product solutions to respond to these threats. We produce complex solutions that incorporate leading-edge technology, including both hardware and software that must operate in a wide variety of technology environments. Software may contain defects or “bugs” that can interfere with expected operations or introduce security vulnerabilities that can lead to unauthorized use or data loss. Through our acquisitions, we have acquired some technology that we did not produce that may be particularly vulnerable to defects or “bugs”. There can be no assurance that our testing programs will be adequate to detect all defects prior to the product being introduced, which might decrease customer satisfaction with our products and services. The product reengineering cost to remedy a product defect or mitigate vulnerabilities could be material to our operating results. Our inability to cure a product defect could result in the temporary or permanent withdrawal of a product or service from the market, a security breach, negative publicity, damage to our reputation, failure to achieve market acceptance, lost revenue and increased expense, any of which could have a material adverse effect on our reputation, business, financial condition and financial results.

If our products do not work properly and customers do not receive high-quality customer service and support, our reputation, business, financial condition and financial results could be negatively affected and we could experience negative publicity and declining sales.

After implementing our product offerings, customers depend on our customer service and support team to quickly resolve any issues relating to those offerings. Further, as we continue to broaden our portfolio of solutions and increase the size of our customer base, we must continue to adapt our customer support organization to ensure our customers continue to receive the high level of customer service which they have come to expect. Notwithstanding our commitment to customer support, our customers will occasionally encounter defects or “bugs” that can interfere with expected operations or introduce security vulnerabilities that can lead to unauthorized use or data loss and other technical challenges and it is therefore critical we are there to provide ongoing, high-quality support to help our customers. If we do not provide effective ongoing customer service and support, our ability to sell our products to new and existing customers could be harmed, and our subscription renewal rates and cross-selling of our products may decline, any of which could have a material adverse effect on our reputation, business, financial condition and financial results.

15


If our cloud platform does not interoperate with our customers’ network and security infrastructure or with third-party products, websites or services, our cloud platform may become less competitive and our results of operations may be harmed.

Our cloud platform must interoperate with our customers’ existing network and security infrastructure. These complex systems are developed, delivered and maintained by the customer and a myriad of vendors and service providers. As a result, the components of our customers’ infrastructure have different specifications, rapidly evolve, utilize multiple protocol standards, include multiple versions and generations of products and may be highly customized. We must be able to interoperate and provide our security services to customers with highly complex and customized networks, which requires careful planning and execution between our customers, our customer support teams and our channel partners. Further, when new or updated elements of our customers’ infrastructure or new industry standards or protocols, such as IPv6 are introduced, we may have to update or enhance our cloud platform to allow us to continue to provide service to customers. Our competitors or other vendors may refuse to work with us to allow their products to interoperate with our solutions, which could make it difficult for our cloud platform to function properly in customer networks that include these third-party products.

We also seek to integrate our customers’ existing network and infrastructure to establish interoperability with our Information Archive product. The integration requires coordination with other venders that could refuse to work with us or make it difficult to complete these integrations, potentially impacting our sales and revenue.

We may not deliver or maintain interoperability quickly or cost-effectively, or at all. These efforts require capital investment and engineering resources. If we fail to maintain compatibility of our cloud platform and products with our customers’ network and security infrastructures, our customers may not be able to fully utilize our solutions, and we may, among other consequences, lose or fail to increase our market share and experience reduced demand for our services, which would materially harm our business, operating results and financial condition.

Our transmission and storage of personally identifiable information, including the personal data of European data subjects and other confidential information, and the potential for inadvertent exposure of PII or CI, could cause us to violate data privacy laws or lose customers and could negatively affect our business, financial condition and financial results.

We transmit and store large amounts of personally identifiable information (“PII”) about individuals, which may include healthcare or financial information, and other confidential information (“CI”). Data privacy and protection is highly regulated in many jurisdictions and may become the subject of additional regulation in the future. For example, lawmakers and regulators worldwide are considering proposals that would require companies, like us that encrypt users’ data to ensure access to such data by law enforcement authorities. Although we have established, and continue to develop and enhance, security measures and controls to help protect against unauthorized disclosure of such PII and other CI and comply with applicable laws, an inadvertent disclosure of, or unauthorized third-party access to, PII or CI, or failure to comply with applicable laws could disrupt our operations, damage our reputation and subject us to claims, fines or other liabilities.

In addition, our processing and storage of certain types of data is subject to confidentiality agreements with our clients and handling PII is increasingly subject to a variety of changing privacy and data security regulations around the world. For example, California recently enacted the California Consumer Protection Act, or the CCPA, that will, among other things, require covered companies to provide new disclosures to California consumers and afford such consumers new abilities to opt-out of certain sales of personal information; the CCPA will go into full effect on July 1, 2020. The CCPA has been amended on multiple occasions and is the subject of proposed regulations of the California Attorney General released on October 10, 2019. We cannot fully predict the impact of the CCPA on our business or operations, but it may require us to modify our data processing practices and policies and to incur substantial costs and expenses in an effort to comply. Future restrictions on the collection, use, sharing or disclosure of our users’ data or additional requirements for express or implied consent of users for the use and disclosure of such information could require us to modify our products, possibly in a material manner, stop offering certain products and could limit our ability to develop and implement new product features.

16


In addition, several foreign countries and governmental bodies, including the European Union and Canada, have laws and regulations concerning the collection and use of personally identifiable information obtained from their residents which are often more restrictive than those in the U.S. For example, the collection and use of personal data in the European Union is governed by the General Data Protection Regulation, or GDPR, which became effective in May 2018. GDPR imposes several requirements relating to the collection, use, processing and transfer of personal data, such as requirements for using consent or other legal grounds to process personal data, providing information to individuals about how their personal data is used, maintaining adequate security and data protection measures, giving data breach notifications, complying with individuals’ requests to access, correct or delete their personal data and using third-party processors of personal data. GDPR also maintains the European Union’s strict rules limiting the transfer of personal data out of the European Economic Area. Failure to comply with the requirements of GDPR and the applicable national data protection laws of the European Union Member States may result in fines and other administrative penalties. GDPR imposes substantial potential fines for violations and increased our responsibility and liability in relation to personal data that we process. We are an Active Participant in the Privacy Shield program. Although our personal data practices, policies, and procedures are intended to comply with GDPR, there can be no assurance that regulatory or enforcement authorities will view these arrangements as being in compliance with applicable laws, or that one or more of our employees or agents will not disregard the rules we have established which allows us to transfer personal data of European data subjects that we receive from customers to the United States, in compliance with the Privacy Shield principles. Such laws and regulations, Privacy Shield certification and other mechanisms are subject to pending legal challenges which may result in new and differing interpretations and different European data protection regulators applying differing standards for the transfer of personal data among jurisdictions. Further, following a referendum in June 2016 in which United Kingdom voters approved an exit from the European Union, the United Kingdom officially left the European Union on January 31, 2020, with a transitional period set to end on December 31, 2020 (often referred to as “Brexit”), which has created uncertainty with regard to the requirements for data transfers between the United Kingdom and the European Union and other jurisdictions.

Any new laws, regulations, or other legal obligations or industry standards, or future changes in requirements or interpretations under these regulations may be inconsistent with our existing data management practices. If so, we could be required to fundamentally change our business activities and practices or modify our software, which could have an adverse effect on our business, including increased cost of compliance, negative publicity to us and limitations on data transfer for us and our customers.

Any inability to adequately address privacy concerns, even if unfounded, or to comply with applicable privacy or data protection laws, regulations and policies, could result in additional costs and liability to us, damage our reputation, inhibit sales, and harm our business. Furthermore, any inadvertent disclosure of, or unauthorized access (including due to a cyber-attack) to, PII or other CI or other failure by us to comply with data privacy requirements could subject us to significant penalties, damages, remediation and other expenses, and damage our reputation, any of which could have a material adverse effect on our business, financial condition and financial results.

Problems with protecting and enforcing our intellectual property rights could negatively affect our business, financial condition and financial results.

We rely on a combination of contractual rights, trademarks, trade secrets, patents and copyrights to establish and protect intellectual property rights and other proprietary rights in our products and services. These intellectual property rights or other proprietary rights might be challenged, invalidated or circumvented. We attempt to protect our intellectual property under patent, trademark, copyright and trade secret laws, and through a combination of confidentiality procedures, contractual provisions and other methods, all of which may not prevent the misuse, theft or misappropriation of our proprietary information. We may choose not to seek patent or trademark protection for certain innovations or not to pursue patent or trademark protection in certain jurisdictions, and may choose to abandon patents and trademarks that are no longer of strategic value to us. The process of obtaining patent and trademark protection is expensive and time-consuming, and we may not be able to prosecute all necessary or desirable patent and trademark applications at a reasonable cost or in a timely manner.

Despite our efforts to protect our proprietary information, competitors may independently develop technologies or products that are substantially equivalent or superior to our products or that inappropriately incorporate our intellectual property rights or other proprietary technology into their products. Competitors may hire our former employees who may misappropriate our intellectual property rights or other proprietary technology. Policing unauthorized use of our proprietary information is difficult, expensive and time-consuming, particularly in some jurisdictions which may not provide adequate legal protection of our intellectual property rights or other proprietary technology and where mechanisms for enforcement of intellectual property rights may be weak. As we continue to grow our international business, our exposure to unauthorized copying and use of our products and proprietary information may increase.

17


We may have to defend or assert our rights in intellectual property that we use in our products and services, and we could be found to infringe the intellectual property rights of others, which could be disruptive and expensive to our business.

We may have to defend against claims that we or our customers are infringing the rights of third parties in patents, copyrights, trademarks and other intellectual property. If we acquire technology to include in our products and services from third parties, our exposure to infringement actions may increase because we must rely upon these third parties to verify the origin and ownership of such technology. Also, we may be required to spend significant resources to monitor and protect our intellectual property rights, including initiating claims or litigation against third parties for infringement or misappropriation. Intellectual property litigation and controversies are disruptive and expensive, whether or not resolved in our favor and may be particularly difficult, expensive and time-consuming in some jurisdictions which do not afford as strong of legal protections of our intellectual property rights or other proprietary technology and where mechanisms for enforcement of intellectual property rights may be weak. Even unmeritorious claims brought against us or our customers may harm our reputation and customer relationships, may cause us to incur significant legal and other fees to defend, and may have to be settled for significant amounts. Infringement claims against us could require us to develop non-infringing products and services or enter into expensive royalty or licensing arrangements. Our business, financial condition and financial results could be materially adversely affected if we are not able to develop non-infringing technology or license technology on commercially reasonable terms.

We may face risks from using “open source” software that could negatively affect our business, financial condition and financial results.

Like many other software companies, we use “open source” software in order to take advantage of common industry building blocks and to add functionality to our products quickly and inexpensively. Open source software license terms could adversely affect our intellectual property rights in our products that include open source software. Depending upon how the open source software is deployed, we could be required to offer products that use the open source software for no cost, or make available the source code for modifications or derivative works. Any of these obligations could have an adverse impact on our intellectual property rights and revenue from products incorporating the open source software. Using open source code could also cause us to inadvertently infringe third-party intellectual property rights or require us to publicly disclose proprietary information. We have processes and controls in place that are designed to address these risks and concerns, but we cannot be sure that our process or controls will be sufficient to mitigate all risk in this regard. Open source software might also introduce security vulnerabilities or defective functionality. The open source community may not always respond with adequate urgency to mitigate the impacts of such defects.

We rely on the availability of third-party intellectual property, which may not be accessible to us on reasonable terms or at all.

Some of our products include third-party intellectual property, which may require licenses for our use. For example, a significant portion of the revenue generated by our Erado business is dependent on the licensing of certain electronic message API’s, such as those made available by LinkedIn Corporation, SMS providers, Facebook, and other social media channels, and a significant portion of the revenue generated by our AppRiver business is dependent on the licensing of Microsoft products such as Office 365. We also rely on the licensing of certain third-party APIs with respect to our billing systems for customers. Based on past experience and industry practice, we believe that such licenses can be obtained on reasonable terms; however, there can be no assurance that we will be able to obtain or maintain the necessary licenses for new or current products on acceptable terms or at all. Changes in the terms of such licenses may decrease our product margins and our failure to obtain or maintain such licenses may limit our ability to sell our products, either of which could have a material adverse effect on our business, financial condition and financial results.

We may be a party to litigation in the normal course of business or otherwise, which could affect our financial position and liquidity.

From time to time, we are a party to or otherwise involved in legal proceedings, claims and litigation, law enforcement investigations and other legal matters, both inside and outside the United States, arising in the ordinary course of our business or otherwise. We are currently subject to legal proceedings, claims, and litigation involving our business, and additional claims may arise in the future. Legal proceedings can be complex and take many months, or even years, to reach resolution, with the final outcome depending on a number of variables, some of which are not within our control. Litigation is subject to significant uncertainty and may be expensive, time-consuming, and disruptive to our operations. Although we vigorously defend ourselves in such legal proceedings, their ultimate resolution and potential financial and other impacts on us are uncertain. For these and other reasons, we may choose to settle legal proceedings and claims, regardless of their actual merit. If a legal proceeding is resolved against us, it could result in significant compensatory damages, and in certain circumstances punitive or trebled damages, disgorgement of revenue or profits, remedial corporate measures or injunctive relief imposed on us. If our existing insurance does not cover the amount or types of damages awarded, or if other resolution or actions taken as a result of the legal proceeding were to restrain our ability to operate or market our products and services, our consolidated financial position, results of operations or cash flows could be materially adversely affected. In addition, legal proceedings, and any adverse resolution thereof, can result in adverse publicity and damage to our reputation, which could adversely impact our business.

18


Our corporate culture has contributed to our success, and if we cannot maintain this culture, we could lose the innovation, creativity and teamwork fostered by our culture, and our business may be harmed.

We believe a critical contributor to our success has been our corporate culture, which we believe fosters innovation, creativity, diversity, a customer-centric focus, collaboration and loyalty. Our corporate culture is central to our devoted customer support and service team which is a key component of the value we offer our customers. As we continue to evolve our business, we may find it difficult to maintain these important aspects of our corporate culture, which could limit our ability to innovate and operate effectively. Difficulty in preserving our corporate culture could be exacerbated as we continue to expand internationally, grow our employee base and expand our solutions. Any failure to preserve our culture could also negatively affect our ability to retain and recruit personnel, continue to perform at current levels or execute on our business strategy.

We may fail to recruit, retain and motivate key personnel, which could impair our ability to meet key objectives.

Our success depends on our ability to attract, retain and motivate highly-skilled technical, managerial, sales, and marketing personnel. Competition for these personnel is intense and there is high demand for employees who have highly technical skills and experience, increasing difficulty in recruiting, hiring and retaining such key employees. Although we have entered into employment agreements with certain key personnel, our employees generally work for us on an “at-will” basis, which means they may terminate their employment with us at any time and, as highly skilled and experienced personnel, would be difficult to replace. Changes in key personnel may be disruptive to our business. It could be difficult, time consuming and expensive to replace key personnel. Integrating new key personnel may be difficult and costly. Volatility, lack of positive performance in our stock price or changes to our overall compensation program including our stock incentive program may adversely affect our ability to retain key employees, many of whom are compensated, in part, based on the performance of our stock price. The loss of services of any of our key personnel, the inability to retain and attract qualified personnel in the future or delays in hiring required personnel could make it difficult to meet key objectives. Any of these impairments related to our key personnel could negatively affect our business, financial condition and financial results.

Governmental restrictions on the sale of our products and services in non-U.S. markets could negatively affect our business, financial condition and financial results.

Exports of software solutions and services using encryption technology such as ours are generally restricted by the U.S. government. Although we have obtained U.S. government approval to export our service to almost all countries, the list of countries to which we (and our distributors) cannot export our products and services could be expanded in the future. In addition, some countries impose restrictions on the importation and use of encryption solutions and services such as ours. The cost of compliance with U.S. and other export laws, or our failure to obtain governmental approvals to offer our products and services in non-U.S. markets, could affect our ability to sell our products and services and could impair our international expansion. We face a variety of other legal and compliance risks. If we or our distributors fail to comply with applicable law and regulations, we may become subject to penalties, fines or restrictions that could materially adversely affect our business, financial condition and financial results.

As a result of our international operations, we could be adversely affected by violations of the United States Foreign Corrupt Practices Act and similar foreign anti-corruption laws.

The U.S. Foreign Corrupt Practices Act and similar foreign anti-corruption laws generally prohibit companies and their intermediaries from making improper payments or providing anything of value to improperly influence foreign government officials for the purpose of obtaining or retaining business, or obtaining an unfair advantage. Recent years have seen a substantial increase in the global enforcement of anti-corruption laws. Our continued operation and expansion outside the United States, including in developing countries, could increase the risk of such violations. Violations of these laws may result in severe criminal or civil sanctions, could disrupt our business, and result in a material adverse effect on our reputation, business and financial results.

Our sales to government entities are subject to a number of challenges and risks. 

Sales to U.S. federal, state and local governmental agency customers have accounted for a significant portion of our revenue in past periods, and we may in the future increase sales to government agencies. Sales to government entities are subject to a number of challenges and risks. Selling to government entities can be highly competitive, expensive and time consuming, often requiring significant upfront time and expense without any assurance that these efforts will generate a sale. Government contractual requirements often carry a high compliance risk. Government certification requirements for solutions like ours may change and in doing so restrict our ability to sell into the federal government sector until we have attained the revised certification. Government demand and payment for our solutions may be impacted by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our solutions. Government entities also may have statutory, contractual or other legal rights to terminate contracts for convenience or due to a default, and any such termination may adversely impact our future operating results.

19


Risks Related to our Indebtedness, Capital Structure and Ownership of our Common Stock

Our indebtedness could adversely affect our business and limit our ability to expand our business or respond to changes, and we may be unable to generate sufficient cash flow to satisfy our debt service obligations.

In February 2019, we entered into a credit agreement with the lenders party thereto under which we established (i) a senior secured term loan facility in an aggregate principal amount of $175 million, (ii) a senior secured delayed draw term loan facility in an aggregate principal amount of $10 million and (iii) a senior secured revolving credit facility in an aggregate principal amount of $25 million (collectively, the “Credit Facilities”). The Credit Facilities are guaranteed by certain wholly-owned subsidiaries of Zix. The Credit Facilities are secured by substantially all assets of Zix and the guarantors, subject to certain customary exceptions. The Credit Facilities will mature in February of 2024. The incurrence of this indebtedness could have adverse consequences, including the following:

 

reducing the availability of our cash flow for our operations, capital expenditures, future business opportunities, stock buybacks and other purposes;

 

limiting our flexibility in planning for, or reacting to, changes in our business and the industry in which we operate;

 

making it more difficult to pay or refinance our debts as they become due during periods of adverse economic, financial market or industry conditions;

 

limiting our ability to obtain additional financing for working capital, acquisitions or other purposes, particularly since substantially all of our assets are subject to security interests relating to existing indebtedness;

 

requiring our debt to become due and payable upon a change in control;

 

increasing our vulnerability to general adverse economic and industry conditions; and

 

lengthening or otherwise adversely affecting our sales process as customers evaluate our financial viability.

Optional prepayments of borrowings under the Credit Facilities will be permitted at any time, without premium (other than customary LIBOR breakage costs). We must prepay the term loan facility in equal quarterly installments of $437,500 on the last day of each March, June, September and December until maturity in February of 2024. In addition to other customary mandatory prepayment requirements, the term loan facility requires annual prepayments based on a percentage of Zix’s excess cash flow, which percentage will reduce as Zix’s total net leverage ratio decreases. We depend on cash on hand and cash flows from operations to make scheduled debt payments. To a significant extent, our ability to do so is subject to general economic, financial, competitive, legislative, regulatory and other factors that are beyond our control. If our business does not generate sufficient cash flow from operating activities or if future borrowings are not available to us in amounts sufficient to enable us to fund our liquidity needs, our operating results, financial condition and ability to expand our business may be adversely affected.

The interest rate on our Credit Facilities will float over time and is initially LIBOR plus 3.50%, with future step downs in the interest rate margin as our total net leverage reduces. The floating rate nature of this interest rate exposes us to interest rate risk. Changes in economic conditions outside of our control could result in higher interest rates, thereby increasing our interest expense even though the amount borrowed remains the same.

Restrictive covenants in our credit agreement may adversely affect our financial and operational flexibility.

The credit agreement governing our Credit Facilities contains certain financial, operational and legal covenants. The financial covenant requires Zix to maintain a maximum total net leverage ratio (as defined in the credit agreement) and is tested on a quarterly basis, based on the rolling four-quarter period that ends on the last day of each fiscal quarter. The non-financial covenants restrict our ability and the ability of our restricted subsidiaries to, among other things, incur indebtedness, incur liens, merge with or acquire other entities, make investments, dispose of assets, enter into sale and leaseback transactions, make dividends, distributions or stock repurchases, prepay junior indebtedness, enter into transactions with affiliates, enter into restrictive agreements, and amend our organizational documents or the terms of junior indebtedness.

These restrictions may make it more difficult or discourage a takeover of Zix, whether favored or opposed by our management and/or our Board of Directors.

Our ability to comply with some of these restrictive covenants can be affected by events beyond our control, and we may be unable to do so. Failure to comply could require us to seek waivers or amendments of covenants or alternative sources of financing, or to reduce expenditures. We cannot guarantee that such waivers, amendments or alternative financing could be obtained or, if obtained, would be on terms acceptable to us.

20


Upon the occurrence of a default, or if we are unable to make the representations and warranties in the credit agreement governing our Credit Facilities, we will not be able to borrow funds or issue letters of credit under our Credit Facilities. Upon the occurrence of an event of default, our lenders could elect to declare all amounts outstanding under our Credit Facilities to be immediately due and payable. If we are unable to repay that amount, our lenders could seize our assets securing the loans and our business and financial condition could be materially and adversely affected.

Our Series A Convertible Preferred Stock (the “Series A Preferred Stock”), Series B Convertible Preferred Stock (the “Series B Preferred Stock”) and investment agreement restrict our ability to incur certain indebtedness which limits our flexibility in operating our business.

In February 2019, we issued Series A Preferred Stock established by a Certificate of Designations (the “Series A Certificate of Designations”) and Series B Preferred Stock established by a Certificate of Designations (the “Series B Certificate of Designations”), which contain covenants that, among other things, require the consent of the holders of a majority of each of the then-outstanding shares of Series A Preferred Stock and Series B Preferred Stock before we can incur indebtedness in excess of a specified leverage ratio.

In January 2019, we entered into an investment agreement with an investment fund managed by True Wind Capital (the “Investor”), which contains customary covenants, including among others, that for so long as any shares of preferred stock issued pursuant to the investment agreement are outstanding, the consent of the Investor will be necessary for us to issue, subject to certain exceptions, any debt securities convertible into any of our capital stock.

At our Annual Meeting of Shareholders in June 2019, our shareholders voted to approve, in accordance with Nasdaq Listing Rule 5635, (i) the conversion of our then-outstanding shares of Series B Preferred Stock into shares of our Series A Preferred Stock and (ii) the issuance of shares of our common stock in connection with any future conversion or redemption of our Series A Preferred Stock into common stock, or any other issuance of common stock to the Investor pursuant to the terms of the investment agreement that, absent such approval, would violate Nasdaq Listing Rule 5635 (the “Nasdaq Proposal”). Following shareholder approval of the Nasdaq Proposal, the 35,086 then-outstanding shares of our Series B Preferred Stock converted into 35,292 shares of Series A Preferred Stock and we paid to the holders of Series B Preferred Stock cash in lieu of any fractional shares. We currently do not have any shares of Series B Preferred Stock outstanding.  

We may need additional capital, and we cannot be certain that additional financing will be available on favorable terms, or at all, and such additional financing may adversely affect our financial and operational flexibility or cause dilution to existing stockholders.

We may require additional financing in the future to operate or expand our business, acquire assets or repay or refinance our existing debt. Our ability to obtain financing will depend, among other things, on our business development efforts, business plans, operating performance and the condition of the capital markets at the time we seek financing, as well as other factors beyond our control. We cannot provide any assurance that additional financing will be available to us on favorable terms when required, or at all. Additionally, under the terms of our credit agreement, preferred stock and investment agreement, respectively, we are restricted from incurring additional debt, subject to certain exceptions. Any additional funding we obtain may include similar restrictive covenants, which may make it more difficult for us to obtain additional capital and to pursue business opportunities, including potential acquisitions. If we raise additional funds through the issuance of equity, equity-linked or debt securities, those securities may have rights, preferences or privileges senior to the rights of our common stock or preferred stock, and our stockholders may experience dilution.

If we need additional capital and cannot raise it on acceptable terms, we may not be able to, among other things:

 

develop or enhance our solutions;

 

continue to expand our sales and marketing and research and development organizations;

 

repay or refinance our existing debt;

 

acquire complementary technologies, solutions or businesses;

 

expand operations, in the United States or internationally;

 

hire, train and retain employees; or

 

respond to competitive pressure or unanticipated working capital requirements.

Our failure to do any of these things could seriously impact our business, negatively affecting financial condition and operating results.

21


We may be able to incur more debt and take other actions that could diminish our ability to make payments on our indebtedness when due, which could further exacerbate the risks associated with our current level of indebtedness.

Despite our current indebtedness level, we may be able to incur more indebtedness in the future. We are not completely prohibited under the terms of the credit agreement, preferred stock, investment agreement or other agreements governing our current indebtedness from incurring additional debt, securing existing or future debt, recapitalizing our debt or taking a number of other actions, any of which could diminish our ability to make payments on our indebtedness when due and further exacerbate the risks associated with our current level of indebtedness. If new debt is added to our or any of our existing and future subsidiaries' current debt, the related risks that we now face could intensify.

Our preferred stockholders can exercise significant control over the Company, which could limit the ability of our common stockholders to influence the outcome of key transactions, including a change of control.

The Investor holds approximately 24 % of our outstanding voting capital stock based on the number of shares of common stock and convertible Series A Preferred Stock outstanding as of March 4, 2020, on an as-converted basis. The Investor’s aggregate voting power will increase further in connection with future accretion of the Series A Preferred Stock for as long as the Series A Preferred Stock remains outstanding. The holders of our Series A Preferred Stock are entitled to vote their shares, on an as-converted basis, together with holders of our common stock on all matters submitted to a vote of the holders of our common stock. As a result, the holders of shares of the Series A Preferred Stock have the ability to significantly influence the outcome of any matter submitted for the vote of the holders of our common stock. The Investor is entitled to act separately in its own respective interests with respect to its ownership interests in the Company and has the ability to substantially influence the election of the members of our Board of Directors, thereby potentially controlling our management and affairs. In addition, the Investor has significant influence over all matters that require approval by our stockholders, including the approval of significant corporate transactions.

Additionally, holders of a majority of the then-outstanding shares of Series A Preferred Stock are required to approve certain matters as a class, voting separately from the common stock, such as (1) any amendment, alteration or repeal to our Restated Articles of Incorporation (the “Articles of Incorporation”) or the Series A Certificate of Designations in a manner that would adversely affect the rights, preferences, privileges or power of the Series A Preferred Stock; (2) any amendment or alteration to our Articles of Incorporation or any other action to authorize or create, or increase the number of authorized or issued shares of, or any securities convertible into shares of, or reclassify any security into, or issue any parity stock or senior stock as to dividend or liquidation rights; (3) the issuance of shares of Series A Preferred Stock; (4) any action that would cause us to cease to be treated as a domestic corporation for U.S. federal income tax purposes; or (5) the incurrence of indebtedness that would cause us to exceed a specified leverage ratio.

Further, holders of a majority of the then-outstanding shares of Series B Preferred Stock, are required to approve certain matters as a class, voting separately from the common stock and the Series A Preferred Stock, such as (1) any amendment, alteration or repeal to our Articles of Incorporation or the Series B Certificate of Designations in a manner that would adversely affect the rights, preferences, privileges or power of the Series B Preferred Stock; (2) any amendment or alteration to our Articles of Incorporation or any other action to authorize or create, or increase the number of authorized or issued shares of, or any securities convertible into shares of, or reclassify any security into, or issue any parity stock or senior stock as to dividend or liquidation rights; (3) the issuance of any additional shares of Series B Preferred Stock; (4) any action that would cause us to cease to be treated as a domestic corporation for U.S. federal income tax purposes; or (5) the incurrence of indebtedness that would cause us to exceed a specified leverage ratio.

Any issuance of common stock upon conversion of the Series A Preferred Stock will cause dilution to existing stockholders and may depress the market price of our common stock.

The Series A Preferred Stock has an initial stated value of $1,000 per share, which stated value will accrete at an annual rate of 8% per annum, compounded quarterly. Each share of Series A Preferred Stock is convertible, at the option of the holders, into (i) the number of shares of common stock equal to the product of (A) the stated value per share as it has accreted as of such date multiplied by (B) the Conversion Rate as of the applicable conversion date divided by (C) 1,000 plus (ii) cash in lieu of fractional shares. The Conversion Rate is equal to 166.11 shares of our common stock and is subject to adjustment from time to time upon the occurrence of certain customary events in accordance with the terms of the Series A Certificate of Designations. Each share of Series A Preferred Stock is entitled to participate in dividends paid in respect of the common stock on an as-converted basis.

The issuance of common stock upon conversion of the Series A Preferred Stock will result in immediate and substantial dilution to the interests of our common stock holders, and such dilution will increase over time in connection with the future accretion of the Series A Preferred Stock.

22


Our business could be negatively impacted as a result of shareholder activism.

In recent years, shareholder activists have become involved in numerous public companies. Shareholder activists frequently propose to involve themselves in the governance, strategic direction, and operations of companies. We may in the future become subject to such shareholder activism and demands. Such demands may disrupt our business and divert the attention of management and employees, and any perceived uncertainties as to our future direction resulting from such a situation could result in the loss of potential business opportunities, be exploited by our competitors, cause concern to our current or potential customers, and make it more difficult to attract and retain qualified personnel and business partners, all of which could negatively impact our business. Shareholder activism could result in substantial costs. In addition, actions of activist shareholders may cause significant fluctuations in our stock price based on temporary or speculative market perceptions or other factors that do not necessarily reflect the underlying fundamentals of our business.

Texas law and our Articles of Incorporation and bylaws contain certain provisions, including anti-takeover provisions, that limit the ability of stockholders to take certain actions and could delay or discourage takeover attempts that stockholders may consider favorable. 

The Texas Business Organizations Code, as amended (“TBOC”), and our Articles of Incorporation and second amended and restated bylaws contain provisions that could have the effect of rendering more difficult, delaying, or preventing an acquisition deemed undesirable by our Board of Directors and therefore depress the trading price of our common stock. These provisions could also make it difficult for stockholders to take certain actions, including electing directors who are not nominated by the current members of our Board of Directors or taking other corporate actions, including effecting changes in our management. Among other things, our certificate of incorporation and bylaws include provisions regarding:

 

the ability of our Board of Directors to issue shares of preferred stock, including “blank check” preferred stock, and to determine the price and other terms of those shares, including preferences and voting rights, without stockholder approval, which could be used to significantly dilute the ownership of a hostile acquirer, and pursuant to which we have issued the Series A Preferred Stock and Series B Preferred Stock, each of which are entitled to receive a liquidation preference and certain amounts in connection with a change of control of the company and other similar extraordinary transactions;

 

the limitation of the liability of, and the indemnification of, our directors and officers;

 

the requirement that directors may only be removed from our Board of Directors by the affirmative vote of a majority of the issued and outstanding shares entitled to vote in the election of directors at a special meeting of the shareholders called for that purpose at which quorum is present;

 

a prohibition on common stockholder action by written consent, which forces common stockholder action to be taken at an annual or special meeting of stockholders and could delay the ability of stockholders to force consideration of a stockholder proposal or to take other action, including the removal of directors;

 

the requirement that a special meeting of stockholders may be called only by the chairperson of our Board of Directors, our Board of Directors or a holder of at least 10% of all of the shares of the Company entitled to vote at the proposed special meeting, and must be called by our president or secretary at the request in writing of a majority of the members of our Board of Directors, which could delay the ability of stockholders to force consideration of a proposal or to take action, including the removal of directors;

 

provisions enabling us to control the procedures for the conduct and scheduling of Board of Directors and stockholder meetings;

 

the requirement for the affirmative vote of holders of at least a majority of all issued and outstanding shares entitled to vote in the election of directors at a properly called and convened annual or special meeting of shareholders, to amend, alter, change or repeal any provision of our Articles of Incorporation or our bylaws, which could preclude stockholders from bringing matters before annual or special meetings of stockholders and delay changes in our Board of Directors and also may inhibit the ability of an acquirer to effect such amendments to facilitate an unsolicited takeover attempt;

 

the ability of our Board of Directors to amend our bylaws, which may allow our Board of Directors to take additional actions to prevent an unsolicited takeover and inhibit the ability of an acquirer to amend our bylaws to facilitate an unsolicited takeover attempt; and

 

advance notice procedures with which stockholders must comply to nominate candidates to our Board of Directors or to propose matters to be acted upon at a stockholders’ meeting, which could preclude stockholders from bringing matters before annual or special meetings of stockholders and delay changes in our Board of Directors and also may discourage or deter a potential acquirer from conducting a solicitation of proxies to elect the acquirer’s own slate of directors or otherwise attempting to obtain control of our Company.

23


These provisions, alone or together, could delay or prevent hostile takeovers and changes in control or changes in our Board of Directors or management.

In addition, as a Texas corporation, we are subject to provisions of Texas law, including Section 21.606 of the TBOC, which may prohibit certain stockholders holding 20% or more of our outstanding capital stock from engaging in certain business combinations with us for a specified period of time.

Any provision of Texas law or our Articles of Incorporation or bylaws that has the effect of delaying or preventing a change in control could limit the opportunity for our stockholders to receive a premium for their shares of our capital stock and could also affect the price that some investors are willing to pay for our common stock.

Other Risks Related to our Series A Preferred Stock and Series B Preferred Stock

Future resales of our common stock held by our significant stockholders or of the shares of common stock issuable upon conversation of the Series A Preferred Stock may cause the market price of our common stock to drop significantly.

We are obligated to register the resale of the common stock issuable upon conversion of, or issued as dividends upon, the Series A Preferred Stock, and to take certain actions to facilitate the transfer and sale of such shares. Upon such registration, shares of common stock into which the Series A Preferred Stock are converted would be freely tradable. The common stock issuable upon conversion may represent overhang that may also adversely affect the market price of our common stock. Overhang occurs when there is a greater supply of a company’s stock in the market than there is demand for that stock. When this happens, the price of the company’s stock will decrease, and any additional shares which stockholders attempt to sell in the market, or the perception that such sales might occur, will only further decrease the share price. If the share volume of our common stock cannot absorb converted shares sold by the holders of the Series A Preferred Stock, then the value of our common stock will likely decrease.

Any sale of large amounts of our common stock on the open market or in privately negotiated transactions could have the effect of increasing the volatility in the price of our common stock or putting significant downward pressure on the price of our common stock.

Our Series A Preferred Stock and Series B Preferred Stock have rights, preferences and privileges that are not held by, and are preferential to, the rights of our common stockholders, which could adversely affect our liquidity and financial condition, and may result in the interests of the holders of our Series A Preferred Stock and Series B Preferred Stock differing from those of our common stockholders.

In the event of our liquidation, dissolution or the winding up of our affairs, the holders of our Series A Preferred Stock have the right to receive a liquidation preference entitling them to be paid out of our assets generally available for distribution to our equity holders, together with holders of our Series B Preferred Stock and before any payment may be made to holders of any other class or series of capital stock (including our common stock), in an amount equal to the greater of (i) $1,000 plus all accreted but unpaid dividends and (ii) the amount such holder would have been entitled to receive if the Series A Preferred Stock had converted into common stock immediately prior to such liquidation.

In the event of our liquidation, dissolution or the winding up of our affairs, the holders of our Series B Preferred Stock have the right to receive a liquidation preference entitling them to be paid out of our assets generally available for distribution to our equity holders, together with holders of our Series A Preferred Stock and before any payment may be made to holders of any other class or series of capital stock (including our common stock), in an amount equal to $1,000 plus all accrued but unpaid dividends.

In addition, the $1,000 stated value per share of our Series A Preferred Stock will accrete at a fixed rate of 8.0% per annum, compounded quarterly. The holders Series A Preferred Stock are also entitled to receive any dividends paid in respect of our common stock on an as-converted basis. The holders of our Series B Preferred Stock are entitled to receive dividends accruing daily on a cumulative basis payable quarterly in arrears in cash at a fixed rate of 10.0% per annum on the $1,000 stated value per share (the “Dividend Rate”), which rate will automatically increase by 1.0% every six months that the Series B Preferred Stock remains outstanding and unconverted (subject to a cap of 12.0%). If cash dividends are not paid in respect of any dividend payment period, the liquidation preference of each outstanding share of Series B Preferred Stock will automatically increase at the Dividend Rate.

24


Further, the Series A Preferred Stock is mandatorily redeemable upon a change of control (as defined in the Series A Certificate of Designations), at a price per share of Series A Preferred Stock in cash equal to the greater of (i) the Series A Change of Control Redemption Price (as defined below) and (ii) (A) the amount of cash such holder of Series A Preferred Stock would have received plus (B) the fair market value of any other assets such holder would have received, in each case had such holder of the Series A Preferred Stock, immediately prior to such change of control, converted such shares of Series A Preferred Stock into shares of common stock. The “Series A Change of Control Redemption Price” per share of Series A Preferred Stock is the product of the accreted value of such share as of the date of determination multiplied by (1) 1.30 (if the change of control occurs before the first anniversary of the date of issuance); (2) 1.35 (if the change of control occurs on or after the first anniversary of the date of issuance but before the second anniversary of the date of issuance); (3) 1.40 (if the change of control occurs on or after the second anniversary of the date of issuance but before the third anniversary of the date of issuance); (4) 1.45 (if the change of control occurs on or after the third anniversary of the date of issuance but before the fourth anniversary of the date of issuance); and (5) 1.50 (if the change of control occurs on or after the fourth anniversary of the date of issuance).

Further, the holders of our Series B Preferred Stock also have redemption rights upon the occurrence of certain events. Specifically, the Series B Preferred Stock is mandatorily redeemable, upon the holder’s election and after 90 days prior notice, any time after the seventh anniversary of the date of issuance at an amount per share of Series B Preferred Stock equal to the liquidation preference per share of the Series B Preferred Stock to be redeemed as of the applicable redemption date multiplied by 1.50. The Series B Preferred Stock is also mandatorily redeemable upon a change of control (as defined in the Series B Certificate of Designations), at a price per share of Series B Preferred Stock in cash equal to the greater of (i) the Series B Change of Control Redemption Price (as defined below) and (ii) (A) the amount of cash such holder of Series B Preferred Stock would have received plus (B) the fair market value of any other assets in each case had such holder of Series B Preferred Stock, immediately prior to such change of control, converted such shares of Series B Preferred Stock into shares of Series A Preferred Stock. The “Series B Change of Control Redemption Price” per share of Series B Preferred Stock is the product of the liquidation preference of such share as of the date of determination multiplied by (1) 1.30 (if the change of control occurs before the first anniversary of the date of issuance); (2) 1.35 (if the change of control occurs on or after the first anniversary of the date of issuance but before the second anniversary of the date of issuance); (3) 1.40 (if the change of control occurs on or after the second anniversary of the date of issuance but before the third anniversary of the date of issuance); (4) 1.45 (if the change of control occurs on or after the third anniversary of the date of issuance but before the fourth anniversary of the date of issuance); and (5) 1.50 (if the change of control occurs on or after the fourth anniversary of the date of issuance).

Finally, any time after the fourth anniversary of the date of issuance of the Series A Preferred Stock, we have the right to redeem the Series A Preferred Stock for cash at a redemption price equal to the accreted value per share of Series A Preferred Stock to be redeemed multiplied by 1.50. Likewise, at any time after the fourth anniversary of the date of issuance of the Series B Preferred Stock, we have the right to redeem the shares of the Series B Preferred Stock for cash at a redemption price equal to the liquidation preference per share of the Series B Preferred Stock to be redeemed multiplied by 1.50.

These dividend and redemption payment obligations could significantly impact our liquidity and reduce the amount of our cash flows that are available for working capital, capital expenditures, growth opportunities, acquisitions, and other general corporate purposes. Our obligations to the holders of Series A Preferred Stock and Series B Preferred Stock could also limit our ability to obtain additional financing or increase our borrowing costs, which could have an adverse effect on our financial condition. The preferential rights described above could also result in divergent interests between the holders of shares of Series A Preferred Stock and/or Series B Preferred Stock and the holders of our common stock.  

25


Item 1B. Unresolved Staff Comments

None.

Item 2. Properties

We leased properties during 2019 that are considered significant to the operations of the business in the following locations: Florida, Georgia, Massachusetts, Michigan, Texas, Washington, Canada, and the United Kingdom. These leased properties are used as offices for our employees. Our corporate headquarters, which includes the ZixData Center, is located in Dallas, Texas and currently consists of 42,912 square feet of space under a lease that expires in 2024 with two five-year extension options. Another of our major offices is located in Gulf Breeze, Florida and is the headquarters of AppRiver, acquired in February, 2019. The lease consists of 32,246 square feet of office space under a lease that also expires in 2024 with options to renew. We believe our facilities are adequate for our current needs and for the foreseeable future.  

In addition to our ZixData center, we operate several data centers at third-party facilities in California, Georgia, Texas, Virginia, Washington, the United Kingdom and Switzerland.

Item 3. Legal Proceedings

We are subject to legal proceedings, claims, and litigation involving our business. While the outcome of these matters is currently not determinable, and the costs and expenses of resolving these matters may be significant, we currently do not expect that the ultimate costs to resolve these matters will have a material adverse effect on our consolidated financial condition or operating results.

Item 4. Mine Safety Disclosures

Not applicable.

 

 

26


PART II

Item 5. Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities

Our common stock trades on The Nasdaq Stock Market under the symbol ZIXI. The table below shows the high and low sales prices by quarter for fiscal 2019 and 2018.

 

 

 

2019

 

 

2018

 

Quarter Ended

 

High

 

 

Low

 

 

High

 

 

Low

 

March 31

 

$

9.07

 

 

$

5.34

 

 

$

4.75

 

 

$

3.82

 

June 30

 

$

11.15

 

 

$

6.66

 

 

$

5.62

 

 

$

4.25

 

September 30

 

$

10.51

 

 

$

6.91

 

 

$

5.93

 

 

$

4.91

 

December 31

 

$

7.75

 

 

$

6.25

 

 

$

7.09

 

 

$

4.66

 

 

At March 4, 2020, there were 55,641,885 shares of common stock outstanding held by 399 shareholders of record. On that date, the last reported sales price of the common stock was $8.27.

We have not paid any cash dividends on our common stock and do not anticipate doing so in the foreseeable future.

For information regarding options and stock-based compensation awards outstanding and available for future grants, see “Item 12. Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters.”

Performance Graph

The following graph compares the cumulative total return of an investment in our common stock over the five-year period ended December 31, 2019, as compared with the cumulative total return of an investment in (i) the Center for Research in Securities Prices (“CRSP”) Total Return Index for Nasdaq Stock Market (U.S. companies) and (ii) the CRSP Total Return Index for Nasdaq Computer and Data Processing Stocks. The comparison assumes $100 was invested on December 31, 2014, in our common stock and in each of the two indices and assumes reinvestment of all dividends, if any. The stock price performance on the following graph is not necessarily indicative of future stock price performance. A listing of the companies comprising each of the CRSP- NASDAQ indices used in the following graph is available, without charge, upon written request.

 

 

27


Sale of Unregistered Securities

On February 20, 2019, (the “Original Issuance Date” or “Closing Date”), Zix consummated a private placement pursuant to an investment agreement with an investment fund managed by True Wind Capital and issued an aggregate of $100 million of shares of convertible Preferred Stock (as defined below) at a price of $1,000 per share (the “Stated Value”). 64,914 shares of Series A Convertible Preferred Stock (the “Series A Preferred Stock”) were issued for proceeds of $62.7 million, net of issuance costs of $2.3 million, and 35,086 shares of Series B Convertible Preferred Stock (the “Series B Preferred Stock” and, together with the Series A Preferred Stock, the “Preferred Stock”) were issued for proceeds of $33.9 million, net of issuance costs of $1.2 million. The Preferred Stock is classified outside of stockholders’ equity in temporary equity because the shares contain certain redemption features which require redemption upon a change in control. The Series A Preferred Stock can be immediately converted to common stock.

On June 5, 2019, Shareholders approved the conversion of the outstanding shares of Series B Preferred Stock into shares of Series A Preferred Stock. Each share of Series B Preferred Stock was converted into the number of shares of Series A Preferred Stock equal to the liquidation preference of such share of Series B Preferred Stock divided by the accreted value of a share of Series A Preferred Stock on the date of conversion plus cash in lieu of fractional shares. On June 6, 2019, all the outstanding shares of Series B Preferred Stock were converted into 35,292 shares of Series A Preferred Stock. As of December 31, 2019, no shares of Series B Preferred Stock are outstanding.

 

Purchases of Equity Securities by the Issuer

 

Period

 

Total Number of Shares Purchased(1)

 

 

Average Price

Paid per Share

 

 

Total Number of Shares

Purchased as part of

Publicly Announced

Plans or Programs

 

 

Maximum Number (or

Appropriate Dollar

Value) of Shares (or

Units) that May Yet Be

Purchased Under the

Plans or Programs

 

October 1, 2019 to October 31, 2019

 

 

467

 

 

$

7.66

 

 

 

 

 

$

 

November 1, 2019 to November 30, 2019

 

 

2,667

 

 

$

7.98

 

 

 

 

 

$

 

December 1, 2019 to December 31, 2019

 

 

 

 

$

 

 

 

 

 

$

 

Total

 

 

3,134

 

 

$

7.93

 

 

 

 

 

$

 

 

 

1 Of the total number of shares repurchased for the one-month periods ended October 31, 2019, and November 30, 2019; all 3,134 shares of Restricted Stock were withheld by us upon the vesting of outstanding Restricted Stock. These shares were withheld by us to satisfy the minimum statutory tax withholding for the employees for whom Restricted Stock vested during the applicable period, which is required once the Restricted Stock is vested. Certain of these shares relate to awards that were scheduled to vest in prior periods but which did not settle until the fourth quarter of 2019.

28


Item 6. Selected Financial Data

The following selected financial data should be read in conjunction with “Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations” and the consolidated financial statements and notes thereto. No cash dividends were declared in any of the five years shown below:

 

 

 

Year Ended December 31,

 

 

 

2019(1)(2)

 

 

2018(1)

 

 

2017

 

 

2016

 

 

2015

 

 

 

(In thousands, except per share data)

 

Statement of Comphresive Income (Loss):(3)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Revenues

 

$

173,428

 

 

$

70,478

 

 

$

65,663

 

 

$

60,144

 

 

$

54,713

 

Cost of revenue

 

 

76,908

 

 

 

15,186

 

 

 

12,602

 

 

 

10,533

 

 

 

9,593

 

Gross margin

 

 

96,520

 

 

 

55,292

 

 

 

53,061

 

 

 

49,611

 

 

 

45,120

 

Research and development expenses

 

 

20,431

 

 

 

11,323

 

 

 

10,980

 

 

 

9,553

 

 

 

8,317

 

Selling, general and administrative expenses

 

 

85,230

 

 

 

33,999

 

 

 

31,871

 

 

 

30,742

 

 

 

28,887

 

Income tax expense (benefit)(4)

 

 

(4,478

)

 

 

(4,720

)

 

 

18,606

 

 

 

3,692

 

 

 

3,144

 

Net income (loss)

 

 

(14,647

)

 

 

15,444

 

 

 

(8,057

)

 

 

5,837

 

 

 

5,016

 

Deemed and accrued dividends on preferred stock

 

 

9,984

 

 

 

 

 

 

 

 

 

 

 

 

 

Basic income (loss) per common share

 

$

(0.46

)

 

$

0.29

 

 

$

(0.15

)

 

$

0.11

 

 

$

0.09

 

Diluted income (loss) per common share

 

$

(0.46

)

 

$

0.29

 

 

$

(0.15

)

 

$

0.11

 

 

$

0.09

 

Shares used in computing basic income per common share

 

 

53,025

 

 

 

52,592

 

 

 

53,430

 

 

 

53,820

 

 

 

56,422

 

Shares used in computing diluted income per common

   share

 

 

53,025

 

 

 

53,481

 

 

 

53,430

 

 

 

54,395

 

 

 

57,476

 

Statements of Cash Flows Data:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Net cash flows provided by (used for):

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Operating activities

 

$

13,951

 

 

$

16,671

 

 

$

18,204

 

 

$

15,251

 

 

$

15,617

 

Investing activities(5)

 

 

(296,243

)

 

 

(15,952

)

 

 

(11,285

)

 

 

(2,136

)

 

 

(1,951

)

Financing activities(6)

 

 

268,740

 

 

 

(6,593

)

 

 

(367

)

 

 

(15,322

)

 

 

(6,687

)

Balance Sheet Data:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Cash, Cash Equivalents and Marketable Securities

 

$

13,349

 

 

$

27,109

 

 

$

33,009

 

 

$

26,457

 

 

$

28,664

 

Working capital(7)

 

 

(46,610

)

 

 

(7,665

)

 

 

2,104

 

 

 

2

 

 

 

3,821

 

Total assets

 

 

412,721

 

 

 

104,640

 

 

 

81,308

 

 

 

82,358

 

 

 

87,286

 

Stockholders’ equity

 

 

41,291

 

 

 

60,947

 

 

 

43,520

 

 

 

49,070

 

 

 

56,772

 

 

 

(1)

The consolidated statement of comprehensive income (loss) data for fiscal 2019 and 2018, and the selected consolidated balance sheet data as of December 31, 2019 and 2018 reflect the modified retrospective adoption of Accounting Standards Update (“ASU”) 2014-09, “Revenue from Contracts with Customers (“Topic 606”)”.

(2)

January 1, 2019, we adopted Accounting Standards Update No. 2016-02, Leases (Topic 842). Prior period amounts have not been adjusted under the modified retrospective method.

(3)

The 2019 increase in our operating revenue and expenses is primarily attributable to our February 2019 acquisition of AppRiver.  

(4)

The $4.5 million income tax benefit in 2019 is primarily attributed to current year loss which increased our deferred tax asset. The $4.7 million income tax benefit in 2018 resulted from the release of a portion of our deferred tax asset valuation allowance based on expected likelihood to use our existing deferred tax assets prior to their expiration, thus triggering the release. On December 22, 2017, the U.S. enacted the Tax Cuts and Jobs Act of 2017 (the “Tax Act”) which significantly changed U.S. tax law. The Tax Act lowered the Company’s statutory federal income tax rate from 34% to 21% effective January 1, 2018. At December 31, 2017, the Company adjusted its deferred tax balances to reflect the new tax rate that resulted in income tax expense of $12.5 million in that year. See “Income Taxes” in “Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations.”

(5)

Investing activities in 2019 consist of $284.6 million, net of cash acquired, used in the acquisitions of AppRiver and DeliverySlip.

(6)

Financing activities in 2019 includes proceeds from long-term debt of $179.2 million, net of issuance costs of $6.4 million and repayment of $1.4 million. We also raised $96.6 million, net of issuance costs, through the private purchase of preferred stock.

(7)

Working capital includes deferred revenue totaling $40.8 million, $30.6 million, $28.4 million, $25.8 million and $23.2 million, as of December 31, 2019, 2018, 2017, 2016 and 2015, respectively.

 

 

29


Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations

The following discussion and analysis contains forward-looking statements about trends, uncertainties and our plans and expectations of what may happen in the future. Forward-looking statements involve risks and uncertainties that could cause actual events or results to differ materially from the events or results described in the forward-looking statements, including risks and uncertainties described above in “Item 1A. Risk Factors.” Readers are cautioned not to place undue reliance on forward-looking statements. The forward-looking statements in this report are based upon information available to us on the date of this report. We undertake no obligation to publicly update or revise any forward-looking statements. See “NOTE ON FORWARD-LOOKING STATEMENTS AND RISK FACTORS” in “Item 1. Business.”

The following discussion should be read in conjunction with the consolidated financial statements and related notes beginning on page F-1.

Overview

We are a leader in providing cloud email security, productivity, and compliance solutions. We provide easy-to-use solutions for email encryption and data loss prevention (“DLP”), advanced threat protection, and archiving. As a leading provider of cloud-based cybersecurity, compliance, and productivity solutions for businesses of all sizes, we are focused on securing data and meeting the compliance needs of organizations with particular emphasis on the healthcare, finance, and government sectors. One of our core competencies is our ability to deliver this complex service offering with a high level of availability, reliability, integrity and security.

Our 2019 results included record revenues attributable to both our AppRiver acquisition and our ongoing efforts to build a solid and predictable business based on our recurring revenue subscription business model. For 2019, we continued to benefit from growing concerns about data security and integrity issues as well as the growing acceptance of cloud-based offerings along with the growing regulatory compliance burdens on many businesses.

For 2019, we reported revenue of $173.4 million, an increase of $103.0 million over the prior year, primarily driven by new sales attributable to our AppRiver acquisition in February 2019 in addition to continued growth in our subscriber base of existing business.  

For the year ended December 31, 2019, our gross profit of $96.5 million increased 75% compared to 2018. This increase was primarily driven by new sales from AppRiver. Our 2019 operating loss of $9.1 million decreased $19.1 million over the prior year, as the gross profit increase was offset primarily by increased research and development and selling, general and administrative expenses, related to additional headcount, acquisition related costs and integration costs.

Our $14.6 million net loss in 2019 is a decrease of $30.1 million compared to our $15.4 million net income in 2018. Our 2019 net loss includes a $4.5 million income tax benefit resulting from current year net loss. Our 2018 net income includes a $7.8 million tax benefit resulting from a decrease to our deferred tax asset valuation allowance based on expected future profitability and ability to use net operating losses.

Other Financial Highlights

 

Backlog was $89.4 million at the end of 2019, compared with $73.0 million at the end of 2018.

 

Total billings for 2019 were $170.2 million, compared to $77.1 million for 2018, representing an increase of 121%. AppRiver contributed $96.1 million of the 2019 billings.

 

The annual recurring revenue value of our customer subscriptions as of December 31, 2019, was $209.7 million, compared with $75.8 million for the same period in 2018, representing an increase of $133.9 million that was largely attributable to our AppRiver acquisition.

 

Our deferred revenue at the end of 2019 was $43.3 million, compared with $32.2 million at the end of 2018.

 

We generated cash flows from operations of $14.0 million during fiscal 2019. Our cash and cash equivalents were $13.3 million at the end of 2019, compared with $27.1 million at the end of 2018.

Our services are sold on a subscription basis with contract terms historically ranging from one to five years billed annually. We are increasingly moving toward a monthly billing model. This shift has been largely driven by our recent acquisition activity, including AppRiver. We recognize revenue ratably on a monthly basis over the term of the subscription once service commences.

30


We attempt to grow the business by signing new customers to subscription services and/or selling new or higher volume services to existing customers (i.e., “upsell”) while retaining existing customers through renewal of their subscriptions for successive periods.

Our backlog consists of the total order value of contracted business that has not yet been recognized into revenue. Backlog is calculated by adding to the existing contracted order value the total value of all orders booked in the period (e.g., quarterly) less the value of revenue recognized for that period. Although orders are non-cancellable, occasionally we adjust backlog for customer bankruptcy or change of term, but these instances are rare and do not materially impact the backlog amount. The backlog will grow if the value of total orders added in a period exceeds the value of revenue recognized in that period. Conversely, the backlog amount will decline if revenue recognized exceeds the total order value added for the period. A decline in backlog may result from fluctuations in total orders caused by timing of renewal orders or by the shortening of the average term of our contracts from a multi-year to an annual commitment or to a monthly billing and subscription model.

As of December 31, 2019, our total company net dollar retention was 102%. We calculate this percentage by first identifying our current period renewal and upsell orders secured from existing customers and then combining these totals with billings for the period. We then compare this amount to the total orders that were due to renew and were then combined with scheduled billings. Increasing retention is a key driver for the company to increase overall revenue and annual recurring revenue. Deferred revenue is the value of contracted business that has been paid but has not been recognized as revenue. See description of the components of the backlog following in “Backlog and Orders In this “Item 7, Management’s Discussion and Analysis of Financial Condition and Results of Operations.”

As of December 31, 2019, our annual recurring revenue (ARR) was $209.7 million. We calculate ARR by determining the annual or monthly revenue of subscription agreements that are active as of the end of the applicable period and multiplying by 1 or 12. We monitor this metric to aid in determining to what extent individual customer relationships, considered in the aggregate, are growing or declining in financial magnitude.

Our operations and future prospects are further discussed throughout this “Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations.”

There are no assurances we will be successful in our efforts to achieve continued growth. Our continued growth depends on the timely development and market acceptance of our products and services. See “Item 1A. Risk Factors” for more information on the risks relative to our operations and future prospects.

Revenue

Revenue increased by 146% in 2019 compared with 2018. Our revenue growth was primarily driven by new sales attributable to our AppRiver acquisition. We additionally grew out revenue with continued success in our subscription-based business model with both steady additions to the subscriber base and a high rate of existing customer renewals and the realization of previously contracted revenue in our backlog.

Critical Accounting Policies and Estimates

In preparing our consolidated financial statements, we make estimates, assumptions and judgments that can have a significant impact on revenue, income from operations and net income, as well as the value of certain assets and liabilities on our consolidated balance sheet. The application of our critical accounting policies requires an evaluation of a number of complex criteria and significant accounting judgements by us. Management bases its estimates on historical experience and on various other assumptions that are believed to be reasonable under the circumstances, the results of which form the basis for making judgements about the carrying values of assets and liabilities. We evaluate our estimates on a regular basis and make changes accordingly. Senior management has discussed the development, selection and disclosure of these estimates with the Audit Committee of our Board of Directors. Actual results may materially differ from these estimates under different assumptions or conditions. If actual results were to materially differ from these estimates, the resulting changes could have a material adverse effect on our consolidated financial statements.

31


We consider accounting policies to be critical when they require us to make assumptions about matters that are highly uncertain at the time the accounting estimate is made and when different estimates that our management reasonably has used have a material effect on the presentation of our financial condition, changes in financial condition or results of operations. Management believes the following critical accounting policies reflect our more significant estimates and assumptions used in the preparation of our consolidated financial statements.

Our critical accounting policies included the following:

 

Revenue recognition

 

Commission amortization

 

Income taxes

 

Valuation of goodwill and other intangible assets

 

Stock-based compensation costs

 

Right-of-use assets and lease obligations

 

Internal-use software

For additional discussion of the Company’s significant accounting policies, refer to Note 2 to our consolidated financial statements.

Revenue Recognition

In May 2014, The Financial Accounting Standards Board (“FASB”) issued ASC 606 which requires revenue recognition when promised goods or services are transferred to customers in an amount that reflects the consideration to which an entity expects to be entitled to those goods and services. The standard became effective for us in 2018, but did not have a material impact to our revenue recognition process. For additional information regarding our adoption of ASC 606 please see “New Accounting Standards.”

We earn our revenue from subscription fees for rights related to the use of our software. Approximately 73% of our revenue in 2019 was derived from hosted solutions. While some contracts include one or more performance obligations, the revenue recognition pattern generally is not impacted by separate allocations of these obligations because the services are generally satisfied over the same period of time and revenue is recognized ratably over the contract term.

Our subscription terms historically have ranged from one to five years. We are increasingly moving to a monthly subscription model. This shift has been largely driven by our recent acquisition activity, including AppRiver. As we further integrate our business, we expect to focus on a monthly subscription model.

Revenue is recognized by applying the following steps:

 

Step 1: Identify the contract(s) with a customer,

 

Step 2: Identify the performance obligations in the contract,

 

Step 3: Determine the transaction price,

 

Step 4: Allocate the transaction price to the performance obligations in the contract, and

 

Step 5: Recognize revenue when (or as) the performance obligation is satisfied.

 

 

Step 1: Identify the contract(s) with a customer:

 

We consider the terms and conditions of the contract and our customary business practice in identifying our contracts. We determine we have a contract with a customer when (i) the contract is approved, (ii) we can identify each party’s rights regarding the services and products transferred, (iii) we can identify the payment terms for the services and products, (iv) the contract has commercial substance, and (v) it is probable we will be paid.

 

 

Step 2: Identifying the performance obligations in the contract:

 

ASC 606 requires identification and disclosure of performance obligations within a revenue contract. A good or service is considered distinct if the customer can both benefit from the good or service on its own or with other resources that are readily available to the customer, and the promise to transfer the good or service is separately identifiable from other promises in the contract.

 

 

32


Step 3: Determine the transaction price:

 

The transaction price is determined based on the consideration we expect to be entitled to receive in exchange for transferring goods and services to the customer. We include variable consideration in the transaction price if we view it probable that a significant future reduction of cumulative revenue under the contract will not occur.

 

 

Step 4: Allocate the transaction price to the performance obligations in the contract:

 

We allocate transaction prices to each performance obligation based on the stand-alone selling price of our component services.

 

 

Step 5: Recognize revenue when (or as) the performance obligation is satisfied:

 

We recognize revenue when the customer obtains control of the product or services, at the amount allocated to the satisfied performance obligation. Our performance obligations are generally satisfied over time.

 

While some contracts include one or more performance obligations (including the combined elements noted above along with additional ongoing customer support and other hosted services), the revenue recognition pattern generally is not impacted by the separate allocations of these obligations because the services are generally satisfied over the same period of time and revenue is recognized over the contract period. Discounts provided to customers are recorded as reductions in revenue.

 

Commission Amortization

 

We amortize our commission costs to expense on a systemic basis over the period of expected benefit to the customer. Determination of the amortization period requires significant judgement. We apply the practical expedient noted in ASC 606-10-104 to account for our commission costs and related amortizations at the portfolio level. Additionally, the Company has evaluated commissions earned upon contract renewal as compared to initial commissions paid and determined that because commissions paid were not reasonably proportional to their respective contract values, our renewal commissions could not be considered commensurate with the initial commissions paid.

 

We considered our average contract term length and historical customer retention rates to determine an average length of our customer relationships. We also concluded our add-on sales generally occur halfway into our customer relationships, and evaluated our average customer renewal terms. Based on these factors we have determined that 8 years, 4 years and 18 months are the appropriate amortization periods to our new, add-on, and renewal sales commission expenses, respectively. We also perform subsequent assessments for impairment of the related deferred cost asset when indicators present.

 

Following our acquisition of AppRiver in February 2019, we additionally evaluated AppRiver’s sales program to determine whether capitalization of these expenses was appropriate. While we determined certain costs to acquire met the capitalization criteria, we also determined renewal commissions earned were commensurate to the initial sales. Based on AppRiver’s primarily month-to-month commitments the Company has chosen to apply the practical expedient approach to immediately recognize commission expenses associated with the AppRiver program.  

Income Taxes

Deferred tax assets are recognized if it is “more likely than not” that our benefit of the deferred tax assets will be realized on future federal or state income tax returns. At December 31, 2019, we provided a valuation allowance against a significant portion, $22.5 million, of our accumulated deferred tax assets. This significant valuation allowance reflects our historical losses and the uncertainty of future taxable income sufficient to utilize net operating loss carryforwards prior to their expiration. Our total deferred tax assets not subject to a valuation allowance are valued at $36.6 million, and consist of $30.8 million for federal net operating loss carryforwards, $3.2 million relating to temporary timing differences between U.S. Generally Accepted Accounting Principles (“GAAP”) and tax-related expense, $2.2 million relating to U.S. state income tax credits, and $337 thousand related to Alternative Minimum Tax credits. If our U.S. taxable income increases from its current level in a future period or if the facts and circumstances on which our estimates and assumptions are based were to change, thereby impacting the likelihood of realizing our deferred tax assets, judgment would have to be applied in determining the amount of valuation allowance no longer required. Reversal of all or a part of this valuation allowance could have a significant positive impact on operating results in the period that it becomes more likely than not that certain of the Company’s deferred tax assets will be realized. Alternatively, should our future income decrease from current levels, a resulting increase to all or a part of this valuation allowance could have a significant negative impact on our operating results.

33


Valuation of Goodwill and Other Intangible Assets

We account for the valuation of goodwill and other intangible assets after classifying intangible assets into three categories: (1) intangible assets with finite lives subject to amortization; (2) intangible assets with indefinite lives not subject to amortization; and (3) goodwill. For intangible assets with finite lives, tests for impairment must be performed if conditions exist that indicate that the carrying value may not be recoverable. For intangible assets with indefinite lives and goodwill, tests for impairment must be performed at least annually or more frequently if events or circumstances indicate that assets might be impaired.

Goodwill was $171.2 million, or 41%, and $13.8 million, or 13% of total assets, in each of the years ended December 31, 2019 and 2018, respectively.

We evaluate goodwill for impairment annually in the fourth quarter, or when there is reason to believe that the value has been diminished or impaired. Evaluations for possible impairment are based upon a comparison of the estimated fair value of the reporting unit to which the goodwill has been assigned, versus the sum of the carrying value of the assets and liabilities of that unit including the assigned goodwill value. We include our entire Company as the reporting unit. The fair values used in this evaluation are estimated based on the Company’s market capitalization, which is based on the Company’s outstanding common stock and market price of the stock. Impairment is deemed to exist if the net book value of the unit exceeds its estimated fair value. We evaluated our goodwill in the fourth quarter of 2019 and determined no impairment adjustment is required.

Our intangible assets with finite lives are amortized using a straight-line basis over their economic useful lives.

Stock-based Compensation

Our share-based awards include stock options, restricted stock awards and restricted stock units. We have non-qualified stock options outstanding to employees and directors under various stock option plans. The plans require the exercise price of options granted under these plans to equal or exceed the fair market value of the Company’s common stock on the date of grant. The options, subject to termination of employment, generally expire ten years from the date of grant. Employee stock options typically vest pro-rata and annually over three or four years. Restricted stock is issued to the employee at grant but is subject to vesting and transfer restrictions. Stock is issued in exchange for restricted stock units when vesting conditions are met. The transfer restrictions and vesting conditions may be time or performance-based. Restricted stock and restricted stock units typically vest pro-rata annually over three or four years. We use the straight-line amortization method for recognizing stock-based compensation costs. The weighted average grant-date fair value of awards of restricted stock, and restricted stock units is based on the quoted market price of the Company’s common stock on the date of grant. Option, restricted stock and restricted stock unit grants to employees, officers and directors frequently contain accelerated vesting provisions upon the occurrence of a change of control, as defined in the applicable grant agreements.

Right-of-use Assets and Lease Obligations

 

On January 1, 2019, we adopted Accounting Standards Update No. 2016-02, Leases (Topic 842) (ASU 2016-02) using the modified retrospective transition approach by applying the new standard to all leases existing at the date of initial application. Results and disclosure requirements for reporting periods beginning after January 1, 2019, are presented under Topic 842, while prior period amounts have not been adjusted and continue to be reported in accordance with our historical accounting under Topic 840.

 

We elected the package of practical expedients permitted under the transition guidance, which allowed us to carryforward our historical lease classification, our assessment on whether a contract was or contains a lease, and our initial direct costs for any leases that existed prior to January 1, 2019. The first package of practical expedients only can be applied if lease assessment was correct under ASC 840  which defines a lease as an arrangement conveying the right to use property, plant, or equipment usually for a stated period of time. Historically, we did not perform the embedded lease assessment under ASC 840 as such we identified lease components of a service contract as required by ASC 842 upon adoption. We did not elect the hindsight practical expedient in determining the lease and in assessing impairment of our right-of-use assets.  We also elected to combine our lease and non-lease components and to keep leases with an initial term of 12 months or less off the balance sheet and recognize the associated lease payments in the consolidated statements of comprehensive income (loss) on a straight-line basis over the lease term. Additionally, for certain equipment leases, we apply a portfolio approach to effectively account for the finance lease right-of-use (ROU) assets and lease liabilities.

 

Upon adoption, we recognized total ROU assets of $4.8 million, with corresponding lease liabilities of $6.0 million on the consolidated balance sheets. The ROU assets include adjustments for deferred rent liabilities. The adoption did not impact our beginning retained earnings, or our prior year consolidated statements of compressive income (loss) and statements of cash flows.

 

34


Under Topic 842, we determine if an arrangement is a lease at inception. ROU assets and lease liabilities are recognized at commencement date based on the present value of remaining lease payments over the lease term. For this purpose, we consider only payments that are fixed and determinable at the time of commencement. As most of our leases do not provide an implicit rate, we use our incremental borrowing rate based on the information available at commencement date in determining the present value of lease payments. Our incremental borrowing rate is the financing rate of our long-term debt at the commencement date. The ROU asset also includes any lease payments made prior to commencement and is recorded net of any lease incentives received. Our lease terms may include options to extend or terminate the lease when it is reasonably certain that we will exercise such options. When determining the probability of exercising such options, we consider contract-based, asset-based, entity-based, and market-based factors. Our lease agreements may contain variable costs such as common area maintenance, insurance, real estate taxes or other costs. Variable lease costs are expensed as incurred on the consolidated statements of income. Our lease agreements generally do not contain any residual value guarantees or restrictive covenants.

 

Operating leases and finance leases are included in operating lease assets and property and equipment, respectively, on the consolidated balance sheets. Operating lease and finance lease liabilities are separately presented on our consolidated balance sheets.

 

Internal-use Software

 

The Company capitalizes costs related to its cloud email security, productivity and compliance solutions and certain projects for internal use incurred during the application development stage. Costs related to preliminary project activities and post implementation activities are expensed as incurred. Internal-use software is amortized on a straight-line basis over its estimated useful life, which is generally three years. Management evaluates the useful lives of these assets on an annual basis and tests for impairment whenever events or changes in circumstances occur that could impact the recoverability of these assets.

 

Full Year 2019 Summary of Operations

Financial

 

Revenue for 2019 was $173.4 million compared with $70.5 million in 2018 and $65.7 million in 2017.

 

Gross margin for 2019 was $96.5 million or 56% of revenues compared with $55.3 million or 78% of revenues in 2018 and with $53.1 million or 81% of revenues in 2017. Our 2019 decrease in gross margin is related to lower margin of revenue associated with AppRiver’s Microsoft Office365 and hosted exchange products.

 

Net income (loss) for 2019 was $(14.7) million compared with $15.4 million in 2018 and $(8.1) million in 2017. Our 2019 net loss is attributed to significant transaction and integration-related costs incurred to acquire AppRiver and DeliverySlip in 2019, amortization of intangible assets recognized from the same acquisitions as well as higher operating expenses and interest expense. Our 2018 net income includes a $7.8 million tax benefit resulting from a decrease to our deferred tax asset valuation allowance based on our expected future profitability and ability to use net operating losses. This compares to a $12.5 million tax expense incurred in 2017 due to enactment of the Tax Act, which required us to reduce the valuation of our deferred tax asset.

 

Net income (loss) attributable to common shareholders for 2019 was $(24.6) million compared with $15.4 million in 2018 and $(8.1) million in 2017. Our 2019 net loss attributable to common shareholders includes deemed and accrued dividends of $9.9 million to preferred shareholders.

 

Net income (loss) per diluted share was $(0.46) for 2019 compared with $0.29 for 2018 and $(0.15) for 2017.

 

Unrestricted cash was $13.3 million on December 31, 2019.

 

Results of Operations

Revenue

The following table sets forth a year-over-year comparison of our total revenues:

 

 

 

Year Ended December 31,

 

 

Variance

2019 vs. 2018

 

 

Variance

2018 vs. 2017

 

(In thousands)

 

2019

 

 

2018

 

 

2017

 

 

$

 

 

%

 

 

$

 

 

%

 

Revenues

 

$

173,428

 

 

$

70,478

 

 

$

65,663

 

 

$

102,950

 

 

 

146

%

 

$

4,815

 

 

 

7

%

 

35


The $103 million or 146% increase in revenue was primarily related to our AppRiver acquisition in February 2019, which contributed $97.8 million for the year-end December 31, 2019 since the acquisition date.  We additionally grew our revenue with continued success in our subscription-based business model with both steady additions to the subscriber base and a high rate of existing customer renewals and the realization of previously contracted revenue in our backlog. In the year ended December 31, 2019, we categorized our revenue in the following core industry verticals: 23% healthcare, 19% financial services, 4% government sector and 54% as other. In the year ended December 31, 2018, we categorized our revenue in the following core industry verticals: 49% healthcare, 29% financial services, 7% government sector, and 15% as other. The year over year shift in our industry verticals is a result of a more diverse customer base resulting from our AppRiver acquisition.  

 

Additionally, sales continued from a wide base of distributors. Approximately 74% of our new business transacted in the year ended December 31, 2019 resulted from our partner relationships. Approximately 43% of our new business transacted during the year ended December 31, 2018, was from our partner relationships. Our acquired AppRiver partner network was the primary driver in our year over year increase.

 

While we introduced bundled email security pricing during 2017 and have continued to add new bundled price offerings to our product portfolio, our list pricing has remained generally consistent during the periods shown above. However, there are no assurances that potential increased competition in this market or other factors, including inflation, will not result in future price erosion. Price erosion, should it occur, could have a dampening effect on order growth and the revenue derived from our new orders.

Revenue Outlook:

We expect continued growth in our existing offering and in our new products, along with increased sales from our partner channels to increase our business in 2020 and increase our year-over-year revenue.

Annual Recurring Revenue

We measure the health of our subscriber base by the growth of our Annual Recurring Revenue (“ARR”), which is defined as the aggregate annualized contract value attributable to recurring revenue contracts as of the end of the applicable reporting period.  We calculate ARR be determining the annual or monthly revenue of subscription agreements that are active as of the end of the applicable period and multiplying by 1 or 12.  ARR aids us in determining to what extent individual customer relationships, considered in the aggregate, are growing or declining in financial magnitude.  ARR is summarized in the table below:

 

 

 

Year Ended December 31,

 

(In thousands)

 

2019

 

 

2018

 

 

2017

 

Annual Recurring Revenue

 

$

209,715

 

 

$

75,819

 

 

$

67,039

 

 

Backlog

Our backlog was $89.4 million at December 31, 2019, compared to $73.0 million at December 31, 2018.  The backlog is comprised of contractual commitments that we expect to amortize into revenue. As of December 31, 2019, the backlog was comprised of the following elements: $43.3 million of deferred revenue that has been billed and paid, $10.9 million billed but unpaid, and approximately $35.2 million of unbilled contracts.

The backlog is recognized into revenue ratably as the services are performed. Approximately 70% of the total backlog is expected to be recognized as revenue during the next twelve months.

Cost of Revenue

The following table sets forth a year-over-year comparison of the cost of revenue.

 

 

 

Year Ended December 31,

 

 

Variance

2019 vs. 2018

 

 

Variance

2018 vs. 2017

 

(In thousands)

 

2019

 

 

2018

 

 

2017

 

 

$

 

 

%

 

 

$

 

 

%

 

Cost of revenue

 

$

76,908

 

 

$

15,186

 

 

$

12,602

 

 

$

61,722

 

 

 

406

%

 

$

2,584

 

 

 

21

%

 

36


Cost of revenues is comprised of costs related to operating and maintaining the ZixData Center, a field deployment team, customer service and support, Microsoft fees mostly associated with the resale of Microsoft Office365 and hosted exchange products and depreciation expense of computer equipment and amortization of acquired technology. The $61.7 million or 406% increase in 2019 compared to 2018 reflected in the table above resulted primarily from our acquisition of AppRiver in February 2019. As a reseller of Microsoft Office365 and hosted exchange products, which comprise approximately 75% of AppRiver-related revenue earned for the year ended December 31, 2019, we expect our costs of revenue to remain at higher levels than we have historically incurred. We additionally incurred increases in average headcount and other expenses to accommodate revenue growth.

The $2.6 million or 21% increase in cost of revenue in 2018 compared with 2017 reflected in the table above resulted primarily from increases in average headcount, which include additional Information Archive support gained in the Erado acquisition in April 2018 and the Advanced Email Threat Protection support team gained in the Greenview acquisition in March 2017. We also incurred additional costs associated with leased equipment supporting Advanced Threat Protection, and we amortized expense resulting from the acquisition of technology. Additional increases relate to standard software maintenance and license support, and depreciation and other expense relating to investments in networking equipment.  

Research and Development Expenses

The following table sets forth a year-over-year comparison of our research and development expenses:

 

 

 

Year Ended December 31,

 

 

Variance

2019 vs. 2018

 

 

Variance

2018 vs. 2017

 

(In thousands)

 

2019

 

 

2018

 

 

2017

 

 

$

 

 

%

 

 

$

 

 

%

 

Research and development expenses

 

$

20,431

 

 

$

11,323

 

 

$

10,980

 

 

$

9,108

 

 

 

80

%

 

$

343

 

 

 

3

%

 

Research and development expenses consist primarily of salary, benefits and stock-based compensation for our development staff, independent contractor expense, and other direct and indirect costs associated with enhancing our existing products and services and developing new products and services.

 

The $9.1 million or 80% increase in research and development expense in 2019 compared with 2018 reflected in the table above resulted from combined $15.6 million cost increases in headcount and consulting attributable to our AppRiver acquisition in February 2019 and the expansion of our core Zix team, offset by additional $6.5 million of capitalized costs related to development of internal-use software compared to 2018.  

 

The $343 thousand or 3% increase in research and development expense in 2018 compared with 2017 reflected in the table above resulted primarily from an increase in travel and average headcount, including the Advanced Email Threat Protection and additional Information Archive R&D employees gained in the Greenview acquisition and Erado acquisition in March 2017 and April 2018, respectively, partially offset by $1.5 million of costs related to development of new features and functionality for our hosting service arrangements which we began capitalizing in 2018.    

Selling and Marketing Expenses

The following table sets forth a year-over-year comparison of our selling and marketing expenses:

 

 

 

Year Ended December 31,

 

 

Variance

2019  vs. 2018

 

 

Variance

2018  vs. 2017

 

(In thousands)

 

2019

 

 

2018

 

 

2017

 

 

$

 

 

%

 

 

$

 

 

%

 

Selling and marketing expenses

 

$

54,903

 

 

$

20,380

 

 

$

20,472

 

 

$

34,523

 

 

 

169

%

 

$

(92

)

 

 

(0

)%

 

Selling and marketing expenses consist primarily of salary, commissions, travel, stock-based compensation and employee benefits for selling and marketing personnel as well as costs associated with promotional activities and advertising.

 

The $34.5 million or 169% increase in selling and marketing expense in 2019 compared with 2018 reflected in the table above was primarily due to our AppRiver acquisition in February 2019 as well as related integration activities including rebranding and website development. We additionally increased in headcount expense and spending for marketing programs.

 

The $92 thousand decrease in selling and marketing expense in 2018 compared with 2017 resulted from lower commission and bonus expenses driven by our implementation of GAAP accounting rule ASC 606, which became effective for our Company on January 1, 2018, and lower advertising and marketing costs. This decrease was offset by additional headcount expenses, including the employees gained in the April 2018 Erado acquisition and the expansion of our business development lead qualifications team, stock- based compensation, travel, and the amortization of acquisition related intangible assets.  

37


General and Administrative Expenses

The following table sets forth a year-over-year comparison of our general and administrative expenses:

 

 

 

Year Ended December 31,

 

 

Variance

2019  vs. 2018

 

 

Variance

2018  vs. 2017

 

(In thousands)

 

2019

 

 

2018

 

 

2017

 

 

$

 

 

%

 

 

$

 

 

%

 

General and administrative expenses

 

$

30,327

 

 

$

13,619

 

 

$

11,399

 

 

$

16,708

 

 

 

123

%

 

$

2,220

 

 

 

19

%

 

General and administrative expenses consist primarily of salary and bonuses, travel, stock-based compensation and benefits for administrative and executive personnel as well as fees for professional services and other general corporate activities.  

 

The $16.7 million or 123% increase in general and administrative expense from 2019 compared with 2018 resulted primarily from AppRiver acquisition in February 2019 and transaction and integration costs associated with AppRiver acquisition and DeliverySlip acquisition in May 2019.  We additionally incurred increases in headcount expense, stock-based compensation expense as well as advisory and audit fees.

 

The $2.2 million or 19% increase in general and administrative expense from 2018 compared with 2017 resulted from an increase in acquisition-related costs, consulting fees, stock-based compensation expense, the addition of our Erado office, and amortization expense of internal use software, as well as other general and administrative costs due to the increase in headcount.

Income Taxes

Our Company or one of our subsidiaries files income tax returns in the U.S. federal jurisdiction and various states and in the Canadian federal and provincial jurisdictions. We recognize and measure uncertain tax positions using a two-step approach. The first step is to evaluate the tax position for recognition by determining if the weight of available evidence indicates that it is more likely than not that the position will be sustained on audit, including resolution of related appeals or litigation processes, if any. The second step is to measure the tax benefit as the largest amount that is more than 50% likely of being realized upon settlement.

Our Company incurred a tax benefit of $4.5 million and $4.7 million, in 2019 and 2018, respectively, and incurred tax expense of $18.6 million for 2017. The $4.5 million income tax benefit in 2019 is primarily attributed to current year loss, which increased our deferred tax asset. Our 2018 tax benefit includes a $7.8 million release to our deferred tax asset valuation allowance based on expected future profitability. On December 22, 2017, the U.S. enacted the Tax Act which significantly changed U.S. tax law. The Tax Act lowered the Company’s statutory tax rate from 34% to 21% effective January 1, 2018. At December 31, 2017, the Company adjusted its deferred tax balances to reflect the new tax rate that resulted in tax expense of $12.5 million. For all years presented, tax expense represented deferred tax expense, refundable U.S. Alternative Minimum Tax, U.S. research and development credits, non-U.S. taxes payable related to the operations of the Company’s Canadian subsidiary established in late 2002, and state income taxes.

Significant judgement is required in determining any valuation allowance recorded against deferred tax assets. In assessing the need for a valuation allowance, we consider available evidence, including past earnings, estimates of future taxable income, and the feasibility of tax planning strategies. At December 31, 2019, the Company partially reserved its U.S. net deferred tax assets due to the uncertainty of future taxable income sufficient to utilize net loss carryforwards prior to their expiration. The portion of the Company’s deferred tax asset not reserved was $36.6 million. The majority of this unreserved portion related to $30.8 million U.S. net operating losses (“NOLs”) because we believe the Company will generate sufficient taxable income in future years to utilize these NOLs prior to their expiration.  The remaining balance consists of $3.2 million relating to temporary timing differences between GAAP and tax-related expense, $2.2 million relating to U.S. state tax income credits, and $337 thousand related to Alternative Minimum Tax credits.

We have determined that utilization of existing NOLs against future taxable income is not limited by Section 382 of the Internal Revenue Code. Future ownership changes, however, may limit the Company's ability to fully utilize its existing net operating loss carryforwards against any future taxable income.

If we begin to generate additional U.S. taxable income in a future period or if the facts and circumstances on which our current estimates and assumptions are based were to change, thereby impacting the likelihood of realizing a greater or lesser amount of our deferred tax assets, judgement would have to be applied in determining the amount of valuation allowance required. Adjusting our valuation allowance could have a significant impact on operating results in the period that it becomes more likely than not that an additional portion of our deferred tax assets will or will not be realized.

38


Our provision for income taxes is subject to volatility and could be adversely impacted by earnings being lower or higher than anticipated; by tax effects of nondeductible compensation; or by changes in tax laws, regulations, or accounting principles, including accounting for uncertain tax positions or interpretations. Significant judgment is required to determine the recognition and measurement applicable to all income tax positions. This includes the potential recovery of previously paid taxes, which if settled unfavorably could adversely affect our provision for income taxes or additional paid-in capital. In addition, our income tax returns are subject to examination by the Internal Revenue Service and other tax authorities. We regularly assess the likelihood of adverse outcomes resulting from these examinations to determine the adequacy of our provision for income.

Net Income (Loss)

Net Income (Loss) – The Company generated net loss of $14.7 million compared with a net income of $15.4 million in 2018 and net loss of $8.1 million in 2017. The decrease in our net income is primarily due to transaction costs associated with our AppRiver and DeliverySlip acquisitions and integration costs, as well as higher operating expense and interest expense. Additionally, a $4.5 million income tax benefit improved our net loss in 2019. Our 2018 net income included a tax benefit resulting from the decrease to our deferred tax asset valuation allowance as compared to the tax expense incurred following 2017 tax-reform legislation, as discussed above.

Liquidity and Capital Resources

Overview

 

Based on our 2019 financial results and current expectations, we believe our cash and cash equivalents, cash generated from operations, and availability under our $25 million Revolving Facility (under which $2 million was drawn as of December 31, 2019 and the undrawn balance of $23 million was available to fund working capital and for other general corporate purpose, including the financing of permitted acquisitions, investments and restricted payments, subject to the conditions contained in the Credit Agreement) will satisfy our working capital needs, capital expenditures, investment requirements, contractual obligations, commitments, and other liquidity requirements associated with our operations through at least the next twelve months. We plan for and measure our liquidity and capital resources through an annual budgeting process.

 

During 2019, our cash flow from operations was $14.0 million, a decrease of $2.7 million from the $16.7 million cash flow from operations during 2018. At December 31, 2019, our cash and cash equivalents totaled $13.3 million, a decrease of $13.8 million from the December 31, 2018 balance. The $13.8 million decrease in our cash position included an additional cash payment for debt issuance costs, finance lease liabilities and acquisition related contingent consideration related to our acquisitions completed in 2019.  

For the year ended December 31, 2019, we achieved 146% growth in revenue, 56% gross margin and strong cash collections which we invested back for business integration. We expect integration spending to decrease and cash provision from operations to significantly improve with acquired deferred revenue fully amortized and contracts renewal activities. While future results cannot be guaranteed, we expect these trends to continue in the foreseeable future, and believe a significant portion of our spending is discretionary and flexible and that we have the ability to adjust overall cash spending and raise additional funds in order to react, as needed, to any shortfalls in projected cash.

Credit Facilities

On February 20, 2019, the Company entered into a credit agreement (the “Credit Agreement”) with a syndicate of lenders and SunTrust Bank as administrative agent, which (1) provided for borrowing in the form of a senior secured term loan facility in an aggregate principal amount of $175 million (the “Term Loan”), (2) provided for a senior secured delayed draw term loan facility in an aggregate principal amount of $10 million (the “Delayed Draw Term Loan Facility”), and (3) provided for a senior secured revolving credit facility in an aggregate principal amount of $25 million, up to $5 million of which is available for letters of credit (the “Revolving Facility” and, together with the Term Loan and the Delayed Draw Term Loan Facility, the “Credit Facilities”). On February 20, 2019, the Term Loan was borrowed in full to pay a portion of the purchase price in connection with the AppRiver acquisition (described below in Note 22 “Acquisitions”), including certain fees, costs and expenses related thereto. On May 2, 2019, the Delayed Draw Term Loan Facility was borrowed in full to pay a portion of the purchase price in connection with the DeliverySlip acquisition (described below in Note 22 “Acquisitions”), including certain fees, costs and expenses related thereto. The Credit Facilities are secured by substantially all the assets of Zix and its wholly-owned domestic subsidiaries and guaranteed by substantially all of Zix’s wholly-owned domestic subsidiaries.

 

39


Sources and Uses of Cash

 

 

 

Years Ended December 31,

 

(In thousands)

 

2019

 

 

2018

 

 

2017

 

Net cash provided by operations

 

$

13,951

 

 

$

16,671

 

 

$

18,204

 

Net cash used in investing activities

 

$

(296,243

)

 

$

(15,952

)

 

$

(11,285

)

Net cash provided by (used in) financing

   activities

 

$

268,740

 

 

$

(6,593

)

 

$

(367

)

 

Our primary source of liquidity from operations was the collection of revenue in advance from our customers, accounts receivable from our customers, and the management of the timing of payments to our vendors and service providers.

 

Investing activities in 2019 consist of $284.6 million, net of cash acquired, used in the acquisitions of AppRiver and DeliverySlip and $11.7 million for capital expenditures, which include $8.2 million in internal-use software costs, and $3.5 million for computer and networking equipment. These investments in new equipment and cloud hosting infrastructure are to renovate our business processes and product offerings.

 

Investing activities in 2018 consist of $11.8 million, net of cash acquired, used in the acquisition of Erado and $4.2 million for capital expenditures, which include $2.1 million for computer and networking equipment, $1.5 million in internal-use software costs, and $500 thousand for other activities including the acquisition of other internal use software. These investments in new equipment and cloud hosting infrastructure were to modernize our business processes and product offerings.

 

Financing activities in 2019 includes proceeds from long term debt of $179.2 million, net of issuance costs of $6.4 million and repayment of $1.4 million, as well as $96.6 million, net of issuance costs, raised through the private purchase of preferred stock, and $415 thousand received from the exercise of stock options. The proceeds from our debt and preferred stock issuances were used to fund our AppRiver acquisition in February 2019 and our DeliverySlip acquisition in May 2019.  We also used $3.8 million for contingent consideration payments associated with our acquisitions of Greenview, Erado and DeliverySlip. In addition to these items, we paid $1.7 million to satisfy finance lease liabilities and $1.9 million to repurchase common stock related to the tax impact of vesting restricted awards in 2019.

Financing activities in 2018 relate primarily to $5.4 million used in a $10 million share repurchase program authorized by our Board of Directors on April 24, 2017, and $656 thousand used in the repurchase of common stock related to the tax impact of vesting restricted stock awards, and a $605 thousand earn-out payment associated with our acquisition of Greenview. Financing activities in 2017 include $3.8 million used in the same share repurchase program and $762 thousand used in the repurchase of common stock related to the tax impact of vesting restricted awards offset by the receipt of $4.2 million from the exercise of stock options.  

Options of Zix Common Stock

We have significant options outstanding that are currently vested. There is no assurance that any of these options will be exercised; therefore, the extent of future cash inflow and related dilution from additional option activity is not certain. The following table summarizes the options that were outstanding as of December 31, 2019. The vested options are a subset of the outstanding options. The value of the options is the number of options exercisable into shares multiplied by the exercise price for each share.

 

 

 

Summary of Outstanding Options

 

Exercise Price Range

 

Outstanding

Options

 

 

Total Value of

Outstanding

Options

(In thousands)

 

 

Vested

Options

(included in

outstanding

options)

 

 

Total Value of

Vested

Options

(In thousands)

 

$2.00 - $3.49

 

 

294,375

 

 

 

813

 

 

 

294,375

 

 

 

813

 

$3.50 - $4.99

 

 

462,010

 

 

 

1,754

 

 

 

430,760

 

 

 

1,635

 

Total

 

 

756,385

 

 

$

2,567

 

 

 

725,135

 

 

$

2,448

 

 

Liquidity Summary

Based on our current 2020 budget plans, we believe we have adequate resources and liquidity to sustain operations or raise capital as needed for at least the next twelve months.

40


Off-Balance Sheet Arrangements

None.

Contractual Obligations and Contingent Liabilities and Commitments    

Our principal commitments consist primarily of obligations under operating and financing leases, which include among others, certain leases of our offices, colocations and servers as well as contractual commitment related network infrastructure and data center operations. The following table summarizes our commitments to settle contractual obligations in cash as of December 31, 2019:

 

 

 

Payments Due by Year Ending December 31, 2020

 

(In thousands)

 

Total

 

 

Year 1 (1)

 

 

Years 2 & 3

 

 

Years 4 & 5

 

 

Beyond 5 Years

 

Operating leases, including imputed interest

 

 

12,807

 

 

 

3,519

 

 

 

5,102

 

 

 

4,186

 

 

 

 

Finance leases, including imputed interest (1)

 

 

2,165

 

 

 

1,423

 

 

 

736

 

 

 

6

 

 

 

 

Total contractual obligations

 

$

14,972

 

 

$

4,942

 

 

$

5,838

 

 

$

4,192

 

 

$

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

(1) Finance leases are related to servers and network infrastructure and our data center operations.

 

 

As of December 31, 2019, we had severance agreements with certain employees which would require us to pay up to approximately $6.4 million if all such employees were terminated from employment with our Company following a triggering event (e.g., change of control) as defined in the severance agreements.

New Accounting Pronouncements

Leases

 

On January 1, 2019, we adopted Accounting Standards Update No. 2016-02, Leases (Topic 842) (ASU 2016-02) using the modified retrospective transition approach by applying the new standard to all leases existing at the date of initial application. Results and disclosure requirements for reporting periods beginning after January 1, 2019, are presented under Topic 842, while prior period amounts have not been adjusted and continue to be reported in accordance with our historical accounting under Topic 840. Upon adoption, we recognized total ROU assets of $4.8 million, with corresponding lease liabilities of $6.0 million on the consolidated balance sheets. The ROU assets include adjustments for deferred rent liabilities. The adoption did not impact our beginning retained earnings, or our prior year consolidated statements of income and statements of cash flows.

 

Credit Losses

In June 2016, the Financial Accounting Standards Board (FASB) issued Accounting Standard Update No. 2016-13, Financial Instruments-Credit Losses (Topic 326): Measurement of Credit Losses on Financial Instruments (ASU 2016-13), which requires the measurement and recognition of expected credit losses for financial assets held at amortized cost. ASU 2016-13 replaces the existing incurred loss impairment model with a forward-looking expected credit loss model which will result in earlier recognition of credit losses. We will adopt the new standard effective January 1, 2020 and do not expect the adoption of this guidance to have a material impact on our consolidated financial statements.

Income Taxes

In December 2019, the FASB issued Accounting Standard Update No. 2019-12, Income Taxes (Topic 740): Simplifying the Accounting for Income Taxes (ASU 2019-12), which simplifies the accounting for income taxes. This guidance will be effective for us in the first quarter of 2021 on a prospective basis, and early adoption is permitted. We are currently evaluating the impact of the new guidance on our consolidated financial statements.

Item 7A. Quantitative and Qualitative Disclosures About Market Risk

We do not believe that we face exposure to material market risk with respect to our cash, cash equivalents and restricted cash investments, which totaled $13.3 and $27.1 million at December 31, 2019 and 2018, respectively. We held no marketable securities and no debt as of December 31, 2018 and 2017.

Interest Rate Risk

We are exposed to interest rate risk with respect to our Credit Facilities. At December 31, 2019, we had $185.6 million aggregated principal amount of long term debt. We are subject to the risk of higher interest cost if either the LIBOR or the applicable margin increases. The applicable margin varies depending on the Company’s total net leverage ratio.  A hypothetical 25 basis point increase in margin from the current margin as of December 31, 2019 to the maximum level would not result in a material change in the interest rate. We do not currently hedge our variable interest debt, but we may do so in the future.

41


LIBOR is used as a reference rate for borrowings under our Revolving Facility, which had $23 million undrawn balance as of December 31, 2019. LIBOR is set to be phased out at the end of 2021. We are currently reviewing how the LIBO rate phase out will affect us, but we do not expect the impact to be material.

Foreign Currency Exchange Risk

We are growing our business internationally and will be subject to foreign currency risks related to our revenue and operating expenses denominated in currencies other than the U.S. dollar, primarily the Canadian dollar and British Pounds. Accordingly, changes in exchange rates have negatively affected, and may continue to negatively affect, our revenue and other operating results as expressed in U.S. dollars.

 

We will experience fluctuations in our net income as a result of transaction gains or losses related to revaluing monetary asset and liability balances that are denominated in currencies other than the functional currency of the entities in which they are recorded. At this time, we have not entered into, but in the future we may enter into, derivatives or other financial instruments in an attempt to hedge our foreign currency exchange risk. Foreign currency losses recognized in 2019, 2018 and 2017, respectively as investment and other income in our consolidated statement of income are immaterial.  

 

 

Item 8. Financial Statements and Supplementary Data

The information required by this Item 8 begins on page F-1 of this Annual Report on Form 10-K.

Item 9. Changes in and Disagreements with Accountants on Accounting and Financial Disclosure

None.

Item 9A. Controls and Procedures

Effectiveness of Disclosure Controls and Procedure

In accordance with Rule 13a-15(b) of the Exchange Act, as of the end of the period covered by this Annual Report on Form 10-K, management evaluated, with the participation of our principal executive officer and principal financial officer, the effectiveness of the design and operation of the Company’s disclosure controls and procedures (as defined in Rule 13a-15(e) under the Exchange Act). Based on their evaluation of these disclosure controls and procedures, they have concluded that our disclosure controls and procedures were effective as of the date of such evaluation.

Certifications of our principal executive officer and our principal accounting officer, which are required in accordance with Rule 13a- 14 of the Exchange Act, are attached as exhibits to this Annual Report. This “Effectiveness of Disclosure Controls and Procedures” section includes the information concerning the controls evaluation referred to in the certifications, and it should be read in conjunction with the certifications for a more complete understanding of the topics presented.

Management’s Annual Report on Internal Control Over Financial Reporting

Management is responsible for establishing and maintaining adequate internal control over financial reporting, as such term is defined in Exchange Act Rule 13a-15(f). Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with policies or procedures may deteriorate.

Management assessed the effectiveness of our internal control over financial reporting as of December 31, 2019. In making this assessment, management used the criteria set forth in 2013 by the Committee of Sponsoring Organizations of the Treadway Commission in “Internal Control—Integrated Framework”. Based on this assessment, our management concluded that, as of December 31, 2019, our internal control over financial reporting was effective based on those criteria.

The effectiveness of our internal control over financial reporting as of December 31, 2019, has been audited by Whitley Penn LLP, an independent registered public accounting firm, as stated in their report which is included herein.

Changes in Internal Controls over Financial Reporting

During the three months ended December 31, 2019, there have been no changes in our internal control over financial reporting identified in connection with the evaluation described above that have materially affected or are reasonably likely to materially affect internal control over financial reporting.

42


REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM

Board of Directors and Stockholders

Zix Corporation

 

Opinion on Internal Control Over Financial Reporting

 

We have audited Zix Corporation and subsidiaries’ (the “Company”) internal control over financial reporting as of December 31, 2019, based on criteria established in 2013 Internal Control—Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (“COSO”).  In our opinion, the Company maintained, in all material respects, effective internal control over financial reporting as of December 31, 2019, based on criteria established in 2013 Internal Control—Integrated Framework issued by COSO.

 

We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (“PCAOB”), the consolidated balance sheets of the Company, as of December 31, 2019 and 2018, and the related consolidated statements of comprehensive income (loss), stockholders’ equity, and cash flows for each of the years in the three-year period ended December 31, 2019, and our report dated March 6, 2020 expressed an unqualified opinion on those consolidated financial statements.

 

Basis for Opinion

 

The Company’s management is responsible for maintaining effective internal control over financial reporting, and for its assessment of the effectiveness of internal control over financial reporting, included in the accompanying Management’s Report on Internal Control Over Financial Reporting.  Our responsibility is to express an opinion on the entity’s internal control over financial reporting based on our audit. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.

 

We conducted our audit in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects.  Our audit of internal control over financial reporting included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, and testing and evaluating the design and operating effectiveness of internal control based on the assessed risk. Our audit also included performing such other procedures as we considered necessary in the circumstances.  We believe that our audit provides a reasonable basis for our opinion.

 

Definition and Limitations of Internal Control Over Financial Reporting

 

An entity’s internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with accounting principles generally accepted in the United States of America. An entity’s internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the entity; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the entity are being made only in accordance with authorizations of management and directors of the entity; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the entity’s assets that could have a material effect on the financial statements.

 

Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements.  Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.

/s/ WHITLEY PENN LLP

Plano, Texas

March 6, 2020

43


Item 9B. Other Information

None.

 

 

 

44


PART III

Item 10. Directors, Executive Officers and Corporate Governance

Certain information required by this Item 10 is incorporated by reference from our Proxy Statement related to our 2020 Annual Meeting of Shareholders under the sections “OTHER INFORMATION YOU NEED TO MAKE AN INFORMED DECISION — Directors, Executive Officers and Significant Employees” and “Section 16(a) Beneficial Ownership Reporting Compliance,” and “CORPORATE GOVERNANCE — Code of Ethics,” and “Nominating and Corporate Governance Committee, Selection of Director Nominees,” and “Audit Committee.”

Our Board of Directors has adopted a Code of Conduct and Code of Ethics that applies to all directors, officers and employees of the Company. A copy of this document is available on our website at www.zix.com under “Corporate Governance.”  Any waiver or amendment of the Code of Ethics with respect to our chief executive officer and senior financial officers will be publicly disclosed as required by applicable law and regulation, including by posting the waiver on our website.

Item 11. Executive Compensation

The information required by this Item 11, including certain information pertaining to Company securities authorized for issuance under equity compensation plans, is incorporated by reference from our Proxy Statement related to our 2020 Annual Meeting of Shareholders under the section “COMPENSATION OF DIRECTORS AND EXECUTIVE OFFICERS.”

Item 12. Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters

The information required by this Item 12 is incorporated by reference from our Proxy Statement related to our 2020 Annual Meeting of Shareholders under the sections “SECURITY OWNERSHIP OF CERTAIN BENEFICIAL OWNERS AND MANAGEMENT” and “COMPENSATION OF DIRECTORS AND EXECUTIVE OFFICERS — Equity Compensation Plan Information.”

Item 13. Certain Relationships and Related Transactions, and Director Independence

The information required by this Item 13 is incorporated by reference from our Proxy Statement related to our 2020 Annual Meeting of Shareholders under the sections “COMPENSATION OF DIRECTORS AND EXECUTIVE OFFICERS — Certain Relationships and Related Transactions” and “CORPORATE GOVERNANCE — Corporate Governance Requirements and Board Member Independence.”

Item 14. Principal Accountant Fees and Services

The information required by this Item 14 is incorporated by reference from our Proxy Statement related to our 2020 Annual Meeting of Shareholders under the section “INDEPENDENT REGISTERED PUBLIC ACCOUNTANTS.”

 

 

45


PART IV

Item 15. Exhibits and Financial Statement Schedules

(a)(1) Financial Statements

See Index to Consolidated Financial Statements on page F-1 hereof.

(a)(2) Financial Statement Schedules

All schedules for which provision is made in the applicable accounting regulations of the SEC have been omitted because of the absence of the conditions under which they are required or because the information required is included in the consolidated financial statements or notes thereto.

(a)(3) Exhibits

46


 

Exhibit

Number

 

 

 

Description

 

 

 

 

 

  2.1

 

 

Stock Purchase Agreement, dated as of April 2, 2018, by and among Craig Brauff, Julie Lomax Brauff, Shari Wood-Richardson, as Trustee of the Alexandra Brauff Gift Trust U/A 12/21/12, Shari Wood-Richardson, as Trustee of the Courtney Brauff Gift Trust U/A 12/21/12, Julie A. Lomax, as Trustee of the Julie Lomax Gift Trust U/A 12/21/12, and Zix Corporation. Filed as Exhibit 2.1 to Zix Corporation’s Current Report on Form 8-K, filed on April 2, 2018, and incorporated herein by reference.

 

 

 

 

 

  2.2

 

 

Securities Purchase Agreement, dated as of January 14, 2019, by and among Zix Corporation, AR Topco, LLC, AppRiver Marlin Blocker Corp., AppRiver Holdings, LLC, AppRiver Marlin Topco, L.P., AppRiver Management Holding, LLC, Marlin Equity IV, L.P. and Marlin Topco GP, LLC, as the sellers’ representative. Filed as Exhibit 2.2 to Zix Corporation’s Annual Report on Form 10-K for the year ended December 31, 2018, and incorporated herein by reference.

 

 

 

 

 

  3.1

 

 

Restated Articles of Incorporation of Zix Corporation, as filed with the Texas Secretary of State on November 10, 2005. Filed as Exhibit 3.1 to Zix Corporation’s Annual Report on Form 10-K for the year ended December 31, 2005, and incorporated herein by reference.

 

 

 

 

 

  3.2

 

 

Second Amended and Restated Bylaws of Zix Corporation dated November 1, 2016. Filed as Exhibit 3.2 to Zix Corporation’s Quarterly Report on Form 10-Q for the quarterly period ended September 30, 2016, and incorporated herein by reference.

 

 

 

 

 

  3.3

 

 

Certificate of Designations of Series A Convertible Preferred Stock, as filed with the Texas Secretary of State on February 15, 2019. Filed as Exhibit 3.1 to Zix Corporation’s Current Report on Form 8-K, filed on February 22, 2019, and incorporated herein by reference.

 

 

 

 

 

  3.4

 

 

Certificate of Designations of Series B Convertible Preferred Stock, as filed with the Texas Secretary of State on February 15, 2019. Filed as Exhibit 3.1 to Zix Corporation’s Current Report on Form 8-K, filed on February 22, 2019, and incorporated herein by reference.

 

 

 

 

 

 

4.1*

 

 

Description of Securities.

 

 

 

 

 

  10.1†

 

 

Zix Corporation 2004 Stock Option Plan (Amended and Restated as of June 7, 2007). Filed as Exhibit 10.3 to Zix Corporation’s Current Report on Form 8-K, filed on June 12, 2007, and incorporated herein by reference.

 

 

 

 

 

  10.2†

 

 

Zix Corporation 2006 Directors’ Stock Option Plan (Amended and Restated as of June 7, 2007). Filed as Exhibit 10.1 to Zix Corporation’s Current Report on Form 8-K, filed on June 12, 2007, and incorporated herein by reference.

 

 

 

 

 

  10.3†

 

 

Form of Stock Option Agreement (with no “change in control” provision) for Zix Corporation Stock Option Plans. Filed as Exhibit 10.2 to Zix Corporation’s Registration Statement on Form S-8 (Registration No. 333-126576), dated July 13, 2005, and incorporated herein by reference.

 

 

 

 

 

  10.4†

 

 

Form of Stock Option Agreement (with “change in control” provision) for Zix Corporation Stock Option Plans. Filed as Exhibit 10.3 to Zix Corporation’s Registration Statement on Form S-8 (Registration No. 333-126576), dated July 13, 2005, and incorporated herein by reference.

 

 

 

 

 

  10.5†

 

 

Form of Stock Option Agreement (with “acceleration event” provision) for Zix Corporation Stock Option Plans and applicable to option agreements held by the Company’s chief executive officer and direct reports. Filed as Exhibit 10.17 to Zix Corporation’s Annual Report on Form 10-K for the year ended December 31, 2007, and incorporated herein by reference.

 

 

 

 

 

10.6

 

 

Zix Corporation 401(k) Retirement Plan. Filed as Exhibit 10.10 to Zix Corporation’s Annual Report on Form 10-K for the year ended December 31, 2003, and incorporated herein by reference.

 

 

 

 

 

10.7

 

 

Adoption Agreement relating to Zix Corporation 401(k) Retirement Plan. Filed as Exhibit 10.11 to Zix Corporation’s Annual Report on Form 10-K for the year ended December 31, 2003, and incorporated herein by reference.

 

 

 

 

 

  10.8†

 

 

Form of Zix Corporation Outside Director Stock Option Agreement Filed as Exhibit 10.3 to Zix Corporation’s Quarterly Report on Form 10-Q for the quarterly period ended June 30, 2004, and incorporated herein by reference.

 

 

 

 

 

  10.9†

 

 

Zix Corporation Outside Director Stock Option Agreement. Filed as Exhibit 10.1 to Zix Corporation’s Quarterly Report on Form 10-Q for the quarterly period ended June 30, 2010, and incorporated herein by reference.

 

 

 

 

 

    10.10†

 

 

Form of Zix Corporation Employee Stock Option Agreement. Filed as Exhibit 10.2 to Zix Corporation’s Quarterly Report on Form 10-Q for the quarterly period ended June 30, 2010, and incorporated herein by reference.

 

 

 

 

 

    10.11†

 

 

Form of Director Indemnification Agreement. Filed as Exhibit 10.1 to Zix Corporation’s Quarterly Report on Form 10-Q for the quarterly period ended September 30, 2016, and incorporated herein by reference.

 

 

 

 

 

  10.12

 

 

Form of Amended and Restated Employment Termination Benefits Agreement.  Filed as Exhibit 10.1 to Zix Corporation’s Quarterly Report on Form 10-Q for the quarterly period ended June 30, 2015, and incorporated herein by reference.

47


Exhibit

Number

 

 

 

Description

 

 

 

 

 

    10.13†

 

 

Zix Corporation Amended and Restated 2012 Incentive Plan. Filed as Appendix A of Schedule 14A on May 13, 2015, and incorporated herein by reference.

 

 

 

 

 

    10.14†

 

 

Amendment No. One to Zix Corporation Amended and Restated 2012 Incentive Plan. Filed as Exhibit 10.27 to Zix Corporation’s Annual Report on Form 10-K for the year ended December 31, 2015, and incorporated herein by reference.

 

 

 

 

 

    10.15†

 

 

Zix Corporation 2018 Omnibus Incentive Plan. Filed as Appendix A of Schedule 14A on April 27, 2018, and incorporated herein by reference.

 

 

 

 

 

    10.16†

 

 

Form of Executive Restricted Stock Agreement. Filed as Exhibit 10.22 to Zix Corporation’s Annual Report on Form 10-K for the year ended December 31, 2017, and incorporated herein by reference.

 

 

 

 

 

    10.17†

 

 

Form of Executive Restricted Stock Agreement (Qualified Performance Based Award). Filed as Exhibit 10.23 to Zix Corporation’s Annual Report on Form 10-K for the year ended December 31, 2017, and incorporated herein by reference.

 

 

 

 

 

    10.18†

 

 

Form of Executive Restricted Stock Unit Agreement. Filed as Exhibit 10.24 to Zix Corporation’s Annual Report on Form 10-K for the year ended December 31, 2017, and incorporated herein by reference.

 

 

 

 

 

    10.19†

 

 

Form of Executive Restricted Stock Unit Agreement (Qualified Performance Based Award). Filed as Exhibit 10.25 to Zix Corporation’s Annual Report on Form 10-K for the year ended December 31, 2017, and incorporated herein by reference.

 

 

 

 

 

    10.20†

 

 

Form of Non-Employee Director Restricted Stock Agreement. Filed as Exhibit 10.26 to Zix Corporation’s Annual Report on Form 10-K for the year ended December 31, 2017, and incorporated herein by reference

 

 

 

 

 

    10.21†

 

 

Form of Non-Employee Director Deferred Stock Unit Agreement. Filed as Exhibit 10.27 to Zix Corporation’s Annual Report on Form 10-K for the year ended December 31, 2017, and incorporated herein by reference.

 

 

 

 

 

  10.22

 

 

Credit Agreement, dated as of February 20, 2019, by and among Zix Corporation, the lenders party thereto, and SunTrust Bank, as administrative agent. Filed as Exhibit 10.23 to Zix Corporation’s Annual Report on Form 10-K for the year ended December 31, 2018, and incorporated herein by reference.

 

 

 

 

 

  10.23

 

 

Investment Agreement, dated as of January 14, 2019, by and between Zix Corporation and the investor named therein. Filed as Exhibit 10.1 to Zix Corporation’s Current Report on Form 8-K filed on January 17, 2019, and incorporated herein by reference.