Risk Factors Dashboard

Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.

View risk factors by ticker

Search filings by term

Risk Factors - FFIV

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Item 1A. Risk Factors" below and in other documents we file from time to time with the Securities and Exchange Commission. We assume no obligation to revise or update any such forward-looking statements.
Unless the context otherwise requires, in this Annual Report on Form 10-K, the terms "F5," "the Company," "we," "us," and "our" refer to F5, Inc. and its subsidiaries. Our fiscal year ends on September 30, and fiscal years are referred to by the calendar year in which they end. For example, "fiscal year 2025" and "fiscal 2025" refer to the fiscal year ended September 30, 2025.

Item 1.Business
General
F5 is a multicloud application delivery and security provider committed to bringing a better digital world to life. F5 partners with the world’s largest, most advanced organizations to optimize and secure every application and Application Programming Interface ("API") anywhere, including on-premises, in the cloud, and at the network edge. F5 enables businesses to continuously stay ahead of threats while delivering exceptional, secure digital experiences for their customers.
Our application delivery and security solutions are available in a range of deployment and consumption models. We sell packaged software in perpetual, subscription, and usage-based consumption models. We also sell our solutions in software-as-a-service ("SaaS") and managed services deployment models with subscription and usage-based consumption models. In addition, we sell high-performance systems, or hardware, as well as a broad range of global services including maintenance, consulting, training and other technical support services.
Our customers include large enterprise businesses, public sector institutions, governments, and service providers. We conduct our business globally and manage our business by geography. Our business is organized into three primary geographic regions: Americas; Europe, the Middle East, and Africa ("EMEA"); and the Asia Pacific region ("APAC").
F5 was incorporated in 1996 and is headquartered in Seattle, Washington. Our website is www.f5.com and through a link on the Investor Relations section of our website, we make available the following filings as soon as reasonably possible after they are electronically filed with or furnished to the Securities and Exchange Commission ("SEC"): our Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, and any amendments to those reports filed or furnished pursuant to Section 13(a) or 15(d) of the Exchange Act. Through a link on the Investor Relations section of our website, we make available the following filings as soon as reasonably possible after they are electronically filed with or furnished to the Securities and Exchange Commission (“SEC”): our Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, and any amendments to those reports filed or furnished pursuant to Section 13(a) or 15(d) of the Exchange Act. All such filings are available free of charge. The information posted on our website is not incorporated into this report.
Cyber Incident
On October 15, 2025, we disclosed a security incident in which a threat actor maintained long-term, persistent access to F5 systems, and exfiltrated certain files, referred to as the "Cyber Incident." For further information about the Cyber Incident, see "Risk Factors" included in Item 1A of Part I of this Annual Report on Form 10-K, and "Management’s Discussion and Analysis of Financial Condition and Results of Operations - Cyber Incident" included in Item 7 of Part II of this Annual Report on Form 10-K.
3
Strategy and Priorities
We deliver a broad portfolio of solutions to help customers address the complexity and risk in today’s hybrid multicloud IT environments. We are able to deliver on this strategy through our solutions portfolio, specifically our F5 BIG-IP, F5 NGINX, and F5 Distributed Cloud Services product families, which deliver a range of integrated, application and delivery services leveraging artificial intelligence and machine learning capabilities that support application performance and protect legacy, modern, and AI-powered applications and APIs across the data center, public clouds, and edge locations.
Key components of our strategy include:
Solving multicloud application delivery and security challenges
Our F5 BIG-IP family delivers essential application delivery and security services, ensuring applications operate efficiently and securely. It is optimized for traditional applications whether deployed on premises, in co-located data centers, or in cloud environments. Our F5 NGINX family also delivers essential application delivery and security services but is optimized for modern, container-native and microservices-based applications and APIs. Our F5 Distributed Cloud Services is a portfolio of SaaS and managed services designed for both traditional and modern applications where a SaaS deployment model is preferred. Our F5 Distributed Cloud Services is a portfolio of SaaS and managed services serving both traditional and modern applications where a SaaS-deployment model is preferred. With our comprehensive portfolio, we are the only provider capable of supporting customers’ modern and legacy application delivery and security needs across any environment — on premises, co-located, in a cloud or at the edge.
Transforming how customers experience F5
We continue to leverage and grow our foundational capabilities in data and insights, digital sales, and SaaS-delivered capabilities to deliver consistent world-class customer experiences, including simple, integrated and friction-free consumption of our solutions. We will continue to improve customer awareness and understanding of F5’s portfolio with a focus on both user and buying personas, and business needs. We intend to enhance our digital customer experiences to deliver both growth and efficiency.
F5 is leveraging AI to accelerate the strength of both our current and future offerings. F5 uses AI in its application delivery and security solutions to support performance and efficacy. Today, our customers are able to further benefit from our four-pronged AI strategy. First, our current portfolio is solving security and performance challenges associated with AI model training and inference and in support of AI-driven workloads. First, our current portfolio is positioned to solve security and performance challenges associated with new AI workloads. We are selling F5 solutions in support of AI data delivery, AI runtime security and AI factory load balancing use cases. Second, we are leveraging AI models in our current data fabric in order to enhance our existing products. Third, we are innovating to create new offerings based on the rapidly evolving application and data security landscapes and the customer needs associated with these changes. Third, we are working to build new offerings based on the changing application and data security landscapes and the customer needs associated with these changes. Finally, we are pursuing partnerships with global leaders in AI to help deliver and secure AI workloads. Finally, we are pursuing partnerships with AI players to help secure and deliver AI workloads.
In response to customers' growing preference for a platform approach, in 2025 we introduced the F5 Application Delivery and Security Platform ("ADSP"). The F5 ADSP aims to unify high-performance traffic management with advanced application and API security at scale across hybrid and multicloud environments. Unlike fragmented point solutions, the F5 ADSP is purpose-built to simplify hybrid multicloud complexity. With the F5 ADSP, we aim to leverage the full strength of our broad portfolio with capabilities to enhance security, scalability, and operational efficiency while enabling key capabilities such as policy management, analytics, and automation.
Capturing growth in security and SaaS
We continue to invest in expanding our SaaS-based F5 Distributed Cloud Services. Our F5 Distributed Cloud Services console extends visibility and simplifies management for F5 BIG-IP and F5 NGINX customers. With F5 Distributed Cloud Services, we enable customers to optimize application deployment across public, private, and edge clouds, providing flexibility in location and architecture while reducing the operational complexity of delivering and securing applications.
F5 Products and Solutions
F5’s portfolio of multicloud application delivery and security technologies enables customers to address the challenges of delivering differentiated digital experiences while safeguarding their applications across complex hybrid and multicloud environments. Our infrastructure-agnostic approach ensures customers can create a unified and optimized experience across diverse IT environments. We sell application delivery and security solutions for web application and API protection, hybrid multicloud networking, enterprise AI delivery and security, application migration, application modernization, zero trust architecture and post quantum cryptography readiness. Our product portfolio includes solutions across the following product families: F5 Distributed Cloud Services, F5 NGINX, F5 BIG-IP.
4
F5 Distributed Cloud Services. A unified, security, networking, and application management service that enables customers to deploy, secure, and operate their applications wherever they may reside, regardless of platform or architecture. F5 Distributed Cloud Services leverages the F5 Global Network, a purpose-built, cloud-based, global private backbone to deliver performance, reliability, and control across hybrid, multicloud, or edge environments. F5 Distributed Cloud Service offerings are available as packaged software and SaaS-based consumption models and include the following:
F5 Distributed Cloud Web App and API Protection ("WAAP"). A comprehensive SaaS-based security solution, F5 Distributed Cloud WAAP allows our customers to accelerate time-to-service, lower total cost of ownership, and increase security efficacy on a cloud native platform that is fully integrated across a single policy engine and management console. F5 Distributed Cloud WAAP can be leveraged through multiple deployment options, allowing organizations to simplify security and improve visibility while reducing operational complexity. The solution provides the following F5 application security technologies:
Advanced Web Application Firewall ("WAF") capabilities through the F5 WAF engine available on BIG-IP and NGINX, allows our customers to quickly apply, secure, and manage uniform comprehensive security policies at scale, across data centers, public or private clouds, and edge computing environments.
Mitigation against OSI Model Layer 3-Layer 7 application-based and volumetric DDoS attacks through advanced F5 Distributed Cloud DDoS Mitigation, a managed, cloud-delivered mitigation service that detects and mitigates large-scale network, SSL, and application-targeted attacks in real time.
Enhanced API security, which leverages machine-based learning, auto-discovery, and anomaly detection, which automates the entire process of finding, securing, and monitoring APIs for anomalous behavior.
Next-generation, AI enabled bot mitigation through F5 Distributed Cloud Bot Defense provides our customers the ability to defend applications and APIs from automated attacks. The solution leverages AI to analyze massive amounts of traffic and machine learning to ensure sustainable bot prediction models with high efficacy.
Protection from sophisticated account takeover attempts.
F5 Distributed Cloud Multi-Cloud Networking ("MCN"). Our MCN solutions simplifies networking with an integrated service stack that securely connects both networks and application workloads, lowering operational costs and increasing agility. Under our MCN solutions we offer the following product solution:
F5 Distributed Cloud Network Connect. A networking solution that offers easy, secure, and consolidated connectivity across public and hybrid clouds, data centers, and edge sites. It provides unified policies and single-pane-of-glass management, reducing complexity and increasing efficiency, including full multi-tenancy and segmentation, enabling self-service capabilities for DevOps, NetOps and SecOps. Network Connect automates the configuration of native public cloud networking resources and seamlessly connects multiple clouds using site-to-site connectivity over a private backbone or the F5 Global Network.
F5 Distributed Cloud App Connect. An application delivery and deployment solution for application-level connectivity across various cloud providers and regions. App Connect offers orchestrated awareness for API endpoints on all connected clusters, allowing cross-cluster service discovery and advertisement for seamless app-to-app communication with fine-grained API control. Connections between sites are self-maintaining, redundant, and fully automated, which reduces the need for administrative tasks such as establishing VPNs and routing. App Connect provides end-to-end visibility for customers, who can choose their underlying transport, including the F5 Global Network.
F5 Distributed Cloud DNS. A cloud-based Domain Name System ("DNS") solution that offers DNS delivery across multicloud environments and modern applications. F5 Distributed Cloud DNS can be distributed globally as either a primary or secondary DNS, providing authoritative DDoS protection, Domain Name System Security Extensions ("DNSSEC"), and the flexibility to automatically scale to meet our customers growing application demands.
F5 Distributed Cloud CDN. A high-performance, multicloud and edge focused content delivery network ("CDN") solution that allows our customers to efficiently connect, secure, and optimize applications and workloads across multi- and hybrid-cloud environments through efficiently leveraging the integrated tools and technologies in the F5 Distributed Cloud Platform. F5 Distributed Cloud CDN can be purchased with other F5 Distributed Cloud offerings or as a stand-alone service.
F5 Distributed Cloud App Stack. A SaaS-based solution that provides our customers the ability to deploy and orchestrate applications on a managed Kubernetes platform with centralized management of distributed applications through a single pane of glass. F5 Distributed Cloud App Stack simplifies the management of application deployments as one across on-premises, cloud, and edge locations.
F5 NGINX. Built from the F5 NGINX open-source software that powers hundreds of millions of websites and applications across the world, our F5 NGINX technology suite delivers a lightweight, agile ADC and API connectivity solution
5
for modern, container-native, micro-services-based applications and APIs. F5 NGINX delivers a range of capabilities including web server, load balancer, proxy, API gateways and caches in packaged software subscription consumption models. F5 NGINX product offerings include the following:
F5 NGINX Plus. F5 NGINX Plus, our all-in-one, high performance load balancer, web server, content cache, and API gateway for modern applications, is offered as packaged software in a subscription consumption model. F5 NGINX Plus software delivers cloud-native, Kubernetes-friendly solutions that drive mission-critical applications and APIs with scalability, visibility, security, and governance. F5 NGINX Plus can be easily integrated into enterprise application workflows and CI/CD pipelines, as well as automation frameworks and ecosystems. F5 NGINX Plus is lightweight and can be used as a per-application ADC, but also scalable and performant enough for an enterprise’s largest and most critical applications. F5 NGINX Plus is also offered as a fully managed native service on the Microsoft Azure Cloud allowing teams to lift-and-shift their applications to the cloud with no configuration change removing the operational burden of self-managed instances from teams.
F5 NGINX One Console. The F5 NGINX One Console is a unified SaaS management platform designed to streamline the deployment, configuration, monitoring, and administration of NGINX instances across hybrid and multi-cloud environments. Tailored for organizations leveraging NGINX for modern application delivery, the NGINX One Console provides centralized visibility and real-time analytics to optimize application performance, ensure security, and monitor traffic flows. Its intuitive interface simplifies the management of NGINX instances and supports automated workflows, integration with DevOps pipelines, and role-based access controls ("RBAC"). By empowering teams to manage containerized and microservices-based applications efficiently, the NGINX One Console enables enterprises to deliver reliable, scalable, and secure applications in increasingly distributed environments.
F5 NGINX Ingress Controller. The F5 NGINX Ingress Controller provides traffic management for Kubernetes clusters. This solution is deployed at the central point of entry into a Kubernetes cluster and reduces complexity, increases uptime, and provides better insights into application health and performance at scale. This offering is sold in a subscription consumption model that scales with the customer’s Kubernetes cluster size.
F5 WAF for NGINX. F5 WAF for NGINX is a comprehensive WAF security and denial-of-service ("DoS") defense solution designed to protect applications and API’s from advanced Layer 7 attacks. It is a lightweight solution that seamlessly integrates into DevOps environments and is platform-agnostic running across distributed architectures and hybrid environments to deliver consistent protection. It can be used in a variety of the use cases where F5 NGINX Plus is deployed and integrate easily into CI/CD pipelines for automation. F5 WAF for NGINX can be added to subscriptions and is bundled into "advanced" offerings for F5 NGINX Ingress Controller. F5 NGINX App Protect can be added to subscriptions and is bundled into “advanced” offerings for F5 Ingress Controller.
F5 BIG-IP. Our F5 BIG-IP family of product offerings provide feature-rich, highly programmable and configurable application delivery and security solutions for legacy applications in enterprises and service providers. Also known as traditional applications, legacy applications are based on monolithic, three-tier, or client-server architectures. Such legacy applications are the most ubiquitous application architecture today, and many organizations continue to rely exclusively on legacy applications to power the most mission-critical business applications, customer-facing digital interfaces and internally used applications. For most organizations, the priority around legacy applications is maximizing operational efficiency and minimizing the total cost of ownership. F5 BIG-IP's "best-of-suite" approach helps standardize and consolidate application delivery and security functions into a single solution, automating functions and reducing operational cost. BIG-IPs “best-of-suite” approach helps standardize and consolidate application security and delivery functions into a single solution, automating functions and reducing operational cost. The F5 BIG-IP family of products includes packaged software, which are available in subscription and perpetual consumption models, and F5 BIG-IP system offerings.
F5 BIG-IP Packaged Software. F5 BIG-IP packaged software includes a growing portfolio of products that provide the performance and security to deliver applications to end users. F5 BIG-IP Packaged Software offerings include the following:
F5 BIG-IP Security. F5 BIG-IP application security products include F5 BIG-IP Access Policy Manager that secures and protects user access to applications, F5 BIG-IP Advanced Web Application Firewall that protects applications with behavioral analytics, bot defense and application layer encryption, and F5 BIG-IP SSL Orchestrator that maximizes infrastructure security with encryption/decryption and traffic steering. We also offer F5 BIG-IP Advanced Firewall Manager which drives accurate detection with machine learning, stress monitoring, dynamic signatures, and attack mitigation, F5 BIG-IP Carrier Grade NAT which provides carrier-grade scalability with a high number of IP address translations, fast network address translation setup rates and high-speed logging, and F5 BIG-IP DDoS Hybrid Defender which delivers advanced cloud and on-premises DDoS defenses to ensure real-time protection against volumetric DDoS threats and dynamic network and applications attacks.
F5 BIG-IP Application Delivery. F5 BIG-IP Application Delivery products include F5 BIG-IP Local Traffic Manager which manages network traffic ensuring applications are always fast, available, and secure; F5 BIG-IP DNS which provides hyperscale and security during high query volumes and DNS DDoS attacks; F5 BIG-IP Policy Enforcement Manager which improves network performance through effective policy management; and F5
6
BIG-IP Next for Kubernetes which supports ingress and egress traffic management for integration to multiple networks.
F5 BIG-IP Automation Tool Chain. F5 BIG-IP Automation Tool Chain is a set of automation tools that make it faster and easier to deploy and configure F5 application services. Via the F5 Automation Tool Chain, F5 BIG-IP capabilities easily integrate into orchestration frameworks such as Ansible, HashiCorp Terraform, OpenShift, and Cloud Foundry as part of a CI/CD pipeline.
F5 BIG-IQ Centralized Management. F5 BIG-IQ simplifies, enhances management of, and reduces customer operational costs associated with F5 BIG-IP deployments through central management, analytics, and automation for F5 BIG-IP instances.
F5 BIG-IP Systems. F5 BIG-IP systems are designed to enhance the performance of our software by leveraging a combination of custom field-programmable gate array ("FPGA") logic and off-the-shelf silicon, providing customers a balance of cost and flexibility. All of our systems run all available F5 BIG-IP software modules. Our next-generation hardware, rSeries systems and VELOS chassis and blades are designed to enable enhanced automation and multi-tenancy, a capability that enables running multiple versions of F5 BIG-IP software on the same system thereby making it easy to migrate from one version to another with minimal or no downtime.
Competition
As F5 expands its reach and role into a broader set of hybrid multicloud application delivery and security solutions, our competitive set evolves and includes vendors with capabilities associated with application delivery, application security, and multicloud networking.
The principal competitive factors in the markets in which we compete include deployment model, consumption model, ecosystem integrations, features and performance, customer support, brand recognition, scope of distribution and sales channels, and pricing. We believe we generally compete favorably on the basis of these factors because of our robust solutions and services, our ability to deliver and secure any application, and any API, anywhere, and our platform approach. We believe we generally compete favorably on the basis of these factors as a result of our robust solutions and services, and our ability to deliver and secure any application, and any API, anywhere.
To provide a unified experience across all our offerings, we have introduced the F5 ADSP. With the F5 ADSP, customers can leverage the full strength of our broad portfolio with capabilities to enhance security, scalability, and operational efficiency while enabling key capabilities such as policy management, analytics, and automation.
While customers broadly are expressing increasing preference for a platform approach that simplifies complexity and eliminates operational burden, we also compete on a point-solution basis. Within application delivery, our customers have the best of both worlds: reliability that F5’s always been known for – across any environment from on-premises to multicloud; and agility and flexibility enabled by lightweight modern technologies, without compromising security or manageability. Our F5 BIG-IP offerings compete against Citrix and Broadcom. Our BIG-IP offerings compete against Citrix and Broadcom. Our lightweight, agile, developer-friendly F5 NGINX offerings, which provide capabilities like optimizing Kubernetes traffic management and load balancing cloud-native and hybrid cloud applications compete against Amazon Web Services ("AWS"), Google Cloud Platform, Envoy, and HAProxy.
In application security, we compete with vendors that offer web application firewall, bot detection and mitigation, API protection, carrier-grade firewall, carrier-grade network address translation ("NAT"), SSL orchestration, access policy management, and DDoS mitigation including Akamai, Cisco, Cloudflare, Fortinet, Juniper Networks, Palo Alto, Radware, and Thales (Imperva).7Table of ContentsIn application security, we compete with vendors that offer web application firewall, bot detection and mitigation, API protection, carrier-grade firewall, carrier-grade network address translation ("NAT"), SSL orchestration, access policy management, and DDoS mitigation including Akamai, Cisco, Cloudflare, Fortinet, Juniper Networks, Palo Alto, Radware, and Thales.
F5 Distributed Cloud Services use cases include application and API security delivered as SaaS, as well as multicloud networking. F5 competes with traditional edge players including Akamai, Cloudflare and Fastly, as well as networking vendors including Broadcom and Cisco, and pure-play vendors like Aviatrix, and public cloud providers.
Manufacturing
We outsource the manufacturing of our products to various manufacturing partners, including our primary third-party manufacturer service provider, Flex Ltd. ("Flex"), to manufacture our hardware systems according to our specifications. Assembly, quality control and systems testing are carried out at Flex's facilities in Guadalajara, Mexico and Zhuhai, China. Additionally, Flex manages material procurement and fulfillment activities on our behalf, ensuring we maintain high standards of efficiency and scalability across our operations. Systems built in Guadalajara are shipped to the Flex fulfillment center in Memphis, Tennessee for distribution primarily to distributors, value-added resellers, or end-users in the Americas and EMEA.Systems built in Guadalajara are shipped to the Flex fulfillment center in Milpitas, California for distribution primarily to distributors, value-added resellers, or end users in the Americas and EMEA. Systems built and fulfilled in Zhuhai are distributed to partners and customers in APAC. Title to the products transfers from Flex to us and then to our customers upon shipment from a designated fulfillment location.
7
Our sales and operations planning cadence provides Flex and other partners with a rolling demand forecast. This approach enables our manufacturing partners to plan for the appropriate stock levels of raw materials and manufacturing line capacity, resulting in the right finished goods inventories to meet our end-user demand. The components for our hardware products consist of commodity parts and custom components. The component parts within our products are either sourced by our manufacturing partners or by us from various component suppliers. F5 has established a robust and resilient global hardware supply chain. We continuously monitor areas of potential impact within our supply chain, such as geopolitical, supplier, and other risk factors, as well as proactively take steps to minimize disruptions, including securing alternate supply when applicable.
Acquisitions
We evaluate opportunities to acquire complementary businesses, technologies, services, and intellectual property to complement our organic innovation and research and development efforts, advance the development of our platforms, and enable further investment in our key priority areas. Our evaluation of acquisition opportunities seeks to confirm that any potential transaction would accelerate our strategy, represent an attractive customer opportunity, address a customer need, align with our customer base and go-to-market strategy, and present a clear timeline and path for value accretion. Our acquisitions enable us to gain access to talent, technology, products and features, and can range in size and complexity, from those that enhance or complement existing products and accelerate development of features to those that result in new offerings.
In September 2025, we completed the acquisition of CalypsoAI Corp. ("CalypsoAI") which is expected to integrate into our F5 ADSP to create a complete solution for securing AI inference. Additionally, we also completed several other immaterial acquisitions in 2025 and in prior years to enhance various aspects of our platform.
Backlog
Backlog is primarily systems-based and represents orders confirmed with a purchase order for products to be fulfilled and invoiced to customers with approved credit status. Orders are subject to cancellation, rescheduling by customers, or product specification changes by customers. Although we believe that the backlog orders are firm, purchase orders may be canceled by the customer prior to fulfillment without significant penalty. For this reason, we believe that our product backlog at any given date is not a reliable indicator of future revenues.
Human Capital Management
F5’s commitment to its employees is to be a human-first and high-performing team equipped with the tools and expertise to deliver extraordinary impact on what matters most to F5, our customers, and our partners. This commitment is delivered through our culture and engagement, our investment in employees’ growth and development, our focus on diversity and inclusion, and our compensation, benefits, and wellbeing offerings.
As of September 30, 2025, we had 6,578 employees – over 99% of whom were full-time employees.EmployeesAs of September 30, 2024, we had 6,557 employees – over 99% of whom were full time employees. Our employees are based in 47 countries with 47% of employees based in the United States. Our employees are in 47 countries with 47% of employees in the United States. None of our employees in the United States are represented by a labor union. We have experienced no work stoppages and believe that our employee relations are in good standing, as evidenced by our annual employee engagement survey results, described in the section below entitled "Culture and Engagement. We have experienced no work stoppages and believe that our employee relations are in good standing, as evidenced by our bi-annual employee engagement survey results and described in the section below entitled Culture and Engagement. "
Culture and Engagement
We have been able to sustain our strong company culture because BeF5 and LeadF5 behaviors are key to executing our strategy.
8
BeF5 image.jpg LeadF5image.jpg
We measure the success of and identify areas of improvement for our company culture through global surveys of employee experience and sentiment at least once each year. As of March 2025, employees reported high satisfaction with F5’s culture on several key questions:
85% of employees favorably rate "I am proud to work for F5."
90% of employees favorably rate "I trust my manager."
91% of employees favorably rate "F5 shows a commitment to ethical business decisions and conduct."
One survey measure that F5 tracks closely as a gauge of our culture increased from fiscal year 2024. As of March 2025, 80% of employees favorably rate "I feel a sense of belonging at F5." This increase in Belonging, compared to 73% a year prior, is critical to F5's efforts to foster the culture that is so important to our employees' and our company's performance.
Growth and Development
We provide employees with opportunities to improve their technical and professional knowledge, nurture our innovation ecosystem, strengthen management and leadership, as well as maintain our high standards of business integrity through ongoing compliance training. These development opportunities are available through both live employee events and third-party on-demand tools and are led by a mix of individual and AI coaches. In fiscal year 2025, F5 invested in tailored coaching and skills-building for its people managers to help continuously raise the bar on performance at F5.
Diversity and Inclusion
F5 is steadfast in its commitment to create a diverse and inclusive workplace. We believe our differences—when embraced with humility and respect—drive smarter decisions, increased innovation, stronger performance, and a culture where everyone can be themselves and reach their full potential.
The most critical drivers of our diversity and inclusion efforts year after year are represented in our seven Employee Inclusion Groups ("EIGs") – F5 Ability, F5 Asian and Pacific Islanders, F5 Appreciates Blackness, F5 Connects Women, F5 Latinx e Hispanos Unidos, F5 Military Veterans, and F5 Pride. Since our first EIG was established in 2013, these global communities represent a space for all F5ers to collaborate, share experiences, and learn. Since our first EIG was established in 2013, these global communities, where everyone is welcome, have grown significantly.
Compensation, Benefits and Wellbeing
F5 aims to attract, reward, and retain extraordinary talent from diverse backgrounds by offering a total compensation package that is equitable, flexible, and market competitive.
This includes the pay, incentive plans, restricted stock unit grants ("RSUs"), Employee Stock Purchase Plan, retirement plans, healthcare, paid time off and family leave F5 provides to employees, as well as the programs that support the diverse needs of our employees’ overall health and wellbeing. In fiscal year 2025, F5 also renewed our popular Wellness Weekends to provide one weekend a quarter when all employees have a set Friday through Monday off to reset and refresh.
Environmental, Social and Governance
F5's Environmental, Social and Governance ("ESG") programs are guided by our fundamental principle to "do the right thing" for each other, our customers, our shareholders, and our communities.
Environmental. F5's 2030 climate target, verified by the Science Based Target Initiative, is to reduce both absolute Scope 1 and 2 emissions by 50% and absolute Scope 3 emissions by 43% from a 2021 baseline. We plan to meet this climate target by
9
optimizing our energy use, sourcing more renewable energy, and enhancing the sustainability of our products and supply chain processes.
As evidence of our progress towards our climate target, F5’s most recent annual ESG report in March 2025 disclosed a reduction in our total emissions from fiscal year 2023 to fiscal year 2024. This was driven by a 16% year-over-year reduction in Scope 1 and 2 emissions and a 10% year-over-year reduction in Scope 3 emissions.As evidence of our progress towards our science-based target, F5’s most recent annual ESG report in April 2024 disclosed a 31% reduction in our total emissions during fiscal year 2023. This achievement was driven by a 40% reduction in Scope 1 and 2 emissions and a 30% reduction in Scope 3 emissions. To ensure the integrity of our emissions reporting, F5 also secured third-party verification for our Scope 1 and 2 emissions data from fiscal year 2024. The auditor’s verification letter is available on page 19 of F5’s 2024 ESG report at f5.com under the ‘‘Company — Investor Relations — ESG’’ section.
Social. In addition to the employee programs and benefits outlined in the Human Capital Management section above, we continue to prioritize F5 Global Good, the community development initiative that amplifies our employee engagement and diversity and inclusion programs. We are proud that employees direct the entirety of Global Good’s donations, through both the Company matching program and grant selection committees. In fiscal year 2025, 72% of all employees worldwide participated in Global Good programs, volunteering over 13,400 hours and directing the entirety of F5’s donations, through both the Company matching program and grant selection committees. In fiscal year 2024, two-thirds of all employees worldwide participated in Global Good programs, volunteering over 15,000 hours and directing the entirety of F5’s donations, through both the Company matching program and grant selection committees. F5 and our employees donated over $3.9 million to more than 3,900 non-profits worldwide in fiscal year 2025.
Governance. In fiscal year 2025, F5 completed its second Double Materiality Assessment, to help identify and assess the most significant ESG issues impacting both our financial performance and our broader societal and environmental impact. Aligned with the definitions and required value chain scope set by the EU's Corporate Sustainability Reporting Directive ("CSRD"), this bi-annual assessment reflected shifts in our stakeholders’ views, as well as changes in the geopolitical and macro-economic environment over the last two years. The Double Materiality Assessment is available on page 7 of F5’s 2024 ESG report at f5.com under the "Company — Investor Relations — ESG" section.

Executive Officers of the Registrant
The following table sets forth certain information with respect to our executive officers as of November 25, 2025:
François Locoh-Donou has served as our President, Chief Executive Officer and member of our Board of Directors since April 2017. Prior to joining F5, Mr. Locoh-Donou served as Senior Vice President and Chief Operating Officer of Ciena Corporation. During his more than 15 years at Ciena, Mr. Locoh-Donou served in several leadership positions. From August 2011 to October 2015, he served as Ciena’s Senior Vice President, Global Products Group. Previously, he served as Ciena’s Vice President and General Manager, Europe, Middle East and Africa from June 2005 to August 2011. He holds an M.B.A. from Stanford University, a 'Mastere' in Optical Telecommunications from the National Institute of Telecommunications of Paris, and a 'Diplome d'Ingenieur' in Physics Engineering from the National Institute of Physics in Marseille, France. Mr. Locoh-Donou serves on the board of Capital One Financial Corporation. He is also the co-founder of Cajou Espoir, a cashew-processing facility that employs several hundred people in rural Togo, 80 percent of whom are women. Cajou Espoir exports more than 400 tons of cashew kernels annually to the U.S. and Europe.
10
Edward Werner has served as our Chief Financial Officer since November 2024. Mr. Werner joined F5 in 2001, and progressively took on roles of increasing responsibility. He served as F5’s Senior Vice President, Finance from 2012 until November 2024. He oversees F5's worldwide financial planning, analysis, accounting, reporting, and internal auditing procedures, as well as investor relations. Mr. Werner holds a B. He holds a B. A. in Business Administration with an Accounting Concentration from the Foster School of Business at the University of Washington.
Tom Fountain has served as our Executive Vice President and Chief Operating Officer since September 2024. From June 2020 through August 2024, he served as Executive Vice President of Global Services and Chief Strategy Officer. Mr. Fountain joined F5 in January 2018 as Executive Vice President and Chief Strategy Officer. Mr. Fountain is responsible for overseeing F5’s global services organization, including global support, consulting, and services teams. He is also responsible for leading F5's digital transformation to accelerate critical solution delivery to customers and for driving execution, productivity and efficiency company wide. From November 2012 to January 2018, Mr. Fountain served as Senior Vice President for Strategy and Corporate Development at McAfee LLC, Vice President of Strategy and Operations at Intel Corporation, and Senior Vice President for Strategy and Corporate Development at McAfee Incorporated. Previously, Mr. Fountain served as Vice President and General Manager of the Content and Media Business Unit at Juniper Networks from December 2011 to November 2012 and Vice President of Corporate Strategy at Juniper Networks from February 2009 to December 2011. Earlier in his career, Mr. Fountain was a venture capitalist at Mayfield Fund from June 2003 to February 2009 and co-founder and engineering leader at Ingrian Networks from December 1999 to June 2004. He holds an M.B.A., an M.S. in Computer Science, an M.S. in Electrical Engineering, and a B.S. in Computer Systems Engineering, each from Stanford University.
Chad Whalen has served as our Executive Vice President and Chief Revenue Officer since September 2024. He is responsible for F5’s global sales go-to-market strategy and brings over 20 years of experience leading global teams across Europe, Asia, and North and South America in network infrastructure, security, and SaaS. From July 2018 to August 2024, he was Executive Vice President of Worldwide Sales. Mr. Whalen joined F5 in 2017 to lead the Cloud Sales team. Prior to joining F5, he ran strategic alliances at Fortinet, worldwide sales and services at Jasper, Americas sales and field operations at Ciena and global sales and marketing at World Wide Packets. He holds a B.A. in Business Administration and Management from Eastern Washington University.
Lyra Schramm has served as our Executive Vice President and Chief People Officer since April 2024. She is responsible for driving people initiatives that support F5’s purpose to help bring a better digital world to life and position the company for continued growth. Prior to joining F5, Ms. Schramm spent nine years at Google in various leadership roles including Vice President, Strategy & Innovation where she spearheaded Google’s first enterprise-wide people strategy supporting the transformation to an AI-first company. In addition, she led human resources for the Global Advisory Functions, was the Chief of Staff to the Chief Human Resource Officer, and led the people strategy for a new business line, Google Technical Services. In addition she led human resources for the Global Advisory Functions, was the Chief of Staff to the Chief Human Resource Officer and led the people strategy for a new business line, Google Technical Services. Previously, Ms. Schramm played a pivotal HR leadership role at the Bill & Melinda Gates Foundation where she was instrumental in the Foundation’s global expansion. Her early career with Amazon set the stage for AWS’s growth, where she developed key recruitment strategies that significantly increased headcount and revenue. Ms. Schramm holds a BA in Marketing from Washington State University.
Kunal Anand has served as our Executive Vice President and Chief Product Officer since October 2025. From October 2024 to October 2025, he served as our Chief Innovation Officer. He joined F5 in April 2024 as Chief Technology Officer. He is responsible for driving the Company’s technology and AI vision and innovation, with a focus on incorporating rapid AI adoption across F5’s product solutions. He is responsible for driving the company’s technology and AI vision and innovation, with a focus on incorporating rapid AI adoption across F5’s product solutions. Prior to F5, Mr. Anand held the dual role of Chief Technology Officer and Chief Information Security Officer at Imperva. He joined Imperva in 2018 with the acquisition of Prevoty, an application security startup he co-founded in 2013. Before joining Prevoty, he was the Director of Technology at BBC Worldwide. His journey to Imperva began in 2018 with the acquisition of Prevoty, an application security startup he co-founded in 2013. Before joining Prevoty, he was the Director of Technology at BBC Worldwide. Mr. Anand has a deep history of innovation and technical expertise, and has held roles leading security, data, technology, and engineering teams at Gravity, MySpace, and the NASA Jet Propulsion Lab. He holds a B.S. degree from Babson College.
John Maddison has served as our Chief Marketing Officer since October 2025. He joined F5 in December 2024 as Chief Product Marketing and Technology Alliances Officer. Mr. Maddison is responsible for overseeing F5’s global marketing, business development, and corporate communications teams. He is also responsible for increasing F5’s market impact and delivering on the Company’s brand promise through its products and partnerships. Prior to joining F5, Mr. Maddison spent twelve years at Fortinet, most recently as Chief Marketing Officer and EVP of Product Strategy. He previously held leadership positions at Trend Micro, Vina Communications, and Octel Communications. Mr. Maddison holds a B.S. in Engineering from Plymouth University in Devon, England.
11
Angelique Okeke has served as our Executive Vice President and General Counsel since March 2025. She is responsible for leading F5's legal, regulatory, compliance, and corporate governance functions. Ms. Okeke brings more than 20 years of legal and operational leadership experience to F5. Prior to joining F5, she spent eight years at Nike, Inc., most recently as Global Vice President where she led strategic legal counsel on enterprise-wide initiatives that transformed Nike’s retail business model and accelerated its digital commerce strategy. Ms. Okeke has held legal leadership roles at AWS and Lotame. Okeke holds a B. He holds a B. A. in Political Science and Communications from Boston College, a Master of Arts in Public Communication from American University, and a Juris Doctor from Howard University School of Law.
Michael Montoya has served as our Executive Vice President and Chief Technology Operations Officer since October 2025. He previously served on our Board of Directors from 2021 to 2025. Prior to joining F5, Mr. Montoya served as Chief Operating Officer at BlueVoyant, overseeing Product, Engineering, and Operations. He previously held Chief Information Security Officer roles at Equinix and Digital Realty, leading enterprise, product, and physical security, as well as compliance. Mr. Montoya holds a B.A. in Economics from The University of New Mexico.
Item 1A.Risk Factors
In addition to the other information in this report, the following risk factors should be carefully considered in evaluating our company and operations.
Risk Factor Summary
Security vulnerabilities or control failures in our IT infrastructure or multicloud application delivery and security products and services as well as unforeseen product errors could have a material adverse impact on our business, results of operations, financial condition and reputation;
The Cyber Incident has had and may continue to have an adverse effect on our business, reputation, customer, employee and partner relations, results of operations, financial condition and cash flows;
We are dependent on various information technology systems, and failures of or interruptions to those systems could harm our business;
Our success depends on our key personnel and our ability to hire, retain and motivate qualified executives, sales and marketing, operations, product development and professional services personnel;
Cloud-based and SaaS computing trends present competitive and execution risks;
Our success depends upon our ability to effectively plan and manage our resources and restructure our business;
Our business may be harmed if our contract manufacturers are not able to provide us with adequate supplies of our products or if a single source of hardware assembly is lost or impaired;
Our business could suffer if there are any interruptions or delays in the supply of hardware components from our third-party sources;
It is difficult to predict our future operating results because we have an unpredictable sales cycle;
We may not be able to sustain or develop new distribution relationships, and a reduction or delay in sales to significant distribution partners could hurt our business;
Reliance on fulfillment at the end of the quarter could cause our revenue for the applicable period to fall below expected levels;
Our operating results are exposed to risks associated with international commerce;
The average selling price of our products may decrease and our costs may increase, which may negatively impact revenues and profits; and
Acquisitions present many risks and we may not realize the financial and strategic goals that are contemplated at the time of the transaction.
Our success depends on our timely development of new software and systems products and features, market acceptance of new software and systems product offerings and proper management of the timing of the life cycle of our software and systems products;
Our success depends on sales and continued innovation of our application delivery and security product lines;
12
Issues related to the development and use of artificial intelligence ("AI") could give rise to legal and/or regulatory action, damage our reputation or otherwise materially harm our business;
Our business could be adversely impacted by conditions affecting the markets in which we compete;
Industry consolidation may result in increased competition;
We may not be able to compete effectively in the application delivery and security market; and
Misuse of our products could harm our reputation.
Our failure to adequately protect personal information could have a material adverse effect on our business;
A portion of our revenue is generated by sales to government entities, which are subject to a number of challenges and risks;
We face litigation risks;
We may not be able to adequately protect our intellectual property, and our products may infringe on the intellectual property rights of third parties;
We are subject to governmental export and import controls that could subject us to liability or impair our ability to compete in international markets; and
Changes in governmental regulations could negatively affect our revenues.
We may have exposure to greater than anticipated tax liabilities;
We are exposed to fluctuations in currency exchange rates, which could negatively affect our financial condition and results of operations;
Changes in financial accounting standards may cause adverse unexpected revenue fluctuations and affect our reported results of operations; and
If we are unable to maintain effective internal control over financial reporting, the accuracy and timeliness of our financial reporting may be adversely affected.
Our quarterly and annual operating results may fluctuate in future periods, which may cause our stock price to fluctuate;
Anti-takeover provisions could make it more difficult for a third party to acquire us;
Our stock price could be volatile, particularly during times of economic uncertainty and volatility in domestic and international stock markets; and
If securities or industry analysts publish inaccurate or unfavorable research about our business, or discontinue publishing research about our business, the price and trading volume of our securities could decline.
Macroeconomic downturns or uncertainties may harm our industry, business, and results of operations;
We face risks associated with having operations and employees located in Israel;
Our business is subject to the risks of earthquakes, fire, power outages, floods, and other catastrophic events, and to interruption by man-made problems such as terrorism; and
Climate change and associated regulation may have an impact on our business.
Operational and Execution Risks
Security vulnerabilities or control failures in our IT infrastructure or multicloud application delivery and security products and services as well as unforeseen product errors could have a material adverse impact on our business, results of operations, financial condition and reputation
In the ordinary course of business, we store sensitive data, including intellectual property, personal data, our proprietary business information and that of our customers, suppliers and business partners on our networks. In addition, we store sensitive data through cloud-based services that may be hosted by third parties and in data center infrastructure maintained by third parties. The secure maintenance of this information is critical to our operations and business strategy. Our IT infrastructure and
13
those of our partners and customers are subject to the increasing threat of intrusions by a wide range of bad actors and malicious parties, including computer programmers, hackers or sophisticated nation-state and nation-state supported actors, or they may be compromised due to employee error or wrongful conduct, malfeasance, or other disruptions. Despite our security measures, and those of our third-party vendors, our IT infrastructure has experienced breaches or disruptions, including the Cyber Incident, and may be vulnerable in the future to breach, attacks or disruptions. Despite our security measures, and those of our third-party vendors, our IT infrastructure has experienced breaches or disruptions and may be vulnerable in the future to breach, attacks or disruptions. If any breach or attack, including the Cyber Incident, compromises our IT infrastructure, creates system disruptions or slowdowns or exploits security vulnerabilities therein, the information stored on our networks or those of our customers could be accessed and modified, publicly disclosed, or lost or stolen, and we may be subject to liability to our customers, individuals, suppliers, business partners and others, and may suffer reputational and financial harm. If any breach or attack compromises our IT infrastructure, creates system disruptions or slowdowns or exploits security vulnerabilities therein, the information stored on our networks or those of our customers could be accessed and modified, publicly disclosed, or lost or stolen, and we may be subject to liability to our customers, individuals, suppliers, business partners and others, and may suffer reputational and financial harm.
Our multicloud application delivery and security products and services are used by our customers to manage their critical applications and data. Bad actors and other malicious parties, have in the past and may attempt in the future to exploit security vulnerabilities and control weaknesses in our internal IT infrastructure or cloud environments that support our SaaS-based and managed solutions and services as well as our products that may be deployed in a customer environment. Despite our efforts to harden our IT infrastructure, our delivery and security products and services against these risks, those efforts may not be successful, and from time to time, those systems and products could be compromised. Threat actors can seek to exploit, among other things, known or unknown vulnerabilities and control weaknesses in technology included in our IT infrastructure, delivery and security products and services, and failure to quickly identify, patch or mitigate security vulnerabilities or strengthen security controls could render our IT infrastructure, delivery and security products and services susceptible to a cyber-attack which may subject the Company to liability to our customers, suppliers, business partners and others, as well as reputational and financial harm. Moreover, inadequate or incomplete security monitoring, logging, asset management, or internal reporting and escalation, or gaps in coverage of security tools in our environment, could impact our ability to detect and respond to threats early and efficiently, giving threat actors an opportunity to gain or maintain access to our environment undetected. Finally, we rely on a number of third parties who connect to our network or with whom we share data, to support our business and operations, and to the extent that these third parties have weaknesses or deficiencies in their security program or vulnerabilities, they present business, operational, reputational, financial and legal risk. If any one or more of these vendors' security is compromised, it could have similar consequences as if we experienced a security event ourselves.
Our products may also contain undetected errors, defects, or vulnerabilities when first introduced or as new versions are released. We have experienced these issues in the past in connection with new products and product upgrades. Our products also must successfully operate with products from other vendors.Our products must successfully operate with products from other vendors. As our products and customer IT infrastructures become increasingly complex, customers may also experience unforeseen errors in implementing our products into their IT environments or integrating them with other vendor products. We expect that these errors, defects, or vulnerabilities will be found from time to time in new or enhanced products after commencement of commercial shipments. Any of these may temporarily or permanently disable our end-customers’ networks, information technology infrastructure or other systems, or expose our end-customers’ networks to attacks or compromise from security threats. These problems may cause us to incur significant warranty and repair costs, divert the attention of our engineering personnel from our product development efforts, cause significant customer relations problems, result in legal claims or liability, and impact demand for our products and services. These problems may cause us to incur significant warranty and repair costs, divert the attention of our engineering personnel from our product development efforts, cause significant customer relations problems, and impact demand for our products and services. We may also be subject to liability claims for damages. We carry insurance policies covering these types of liabilities, but these policies may not provide sufficient protection should a claim be asserted. A material product liability claim may harm our business and results of operations.
Any errors, defects, control failures, or vulnerabilities in our products or IT infrastructure, including the Cyber Incident, could result in:
expenditures of significant financial and product development resources in efforts to analyze, correct, eliminate, or work-around errors and defects or to address and eliminate vulnerabilities;
remediation costs, such as liability for stolen assets or information, repairs or system damage;
increased cybersecurity protection costs which may include systems and technology changes, training, and engagement of third party experts and consultants;
increased insurance premiums;
loss of existing or potential customers or channel partners;
loss of proprietary information leading to lost competitive positioning and lost revenues;
inaccessibility to certain data or systems necessary to operate the business;
negative publicity and damage to our reputation;
delayed or lost revenue;
14
delay or failure to attain market acceptance or decrease in demand for our products and services;
an increase in warranty claims compared with our historical experience, or an increased cost of servicing warranty claims, either of which would adversely affect our gross margins; and
litigation, regulatory inquiries, or investigations that may be costly and harm our reputation.
The Cyber Incident has had and may continue to have an adverse effect on our business, reputation, customer, employee and partner relations, results of operations, financial condition and cash flows
The Cyber Incident may harm our reputation, our customers, employee and partner relations and our operations and business. Customers may in the future defer purchasing or choose to cancel or not renew their agreements or subscriptions with us.
We may expend significant costs and expenses related to the Cyber Incident including in connection with our investigations, and to address the damage to our reputation, customer, employee and partner relations. If we are unable to maintain the trust of our current and prospective customers and partners, or our personnel continue to have to devote significant time to the Cyber Incident, our business, market share, results of operations and financial condition could be negatively affected.
As a result of the Cyber Incident and market forces beyond our control, the cost of our insurance may increase substantially, and we may not be able to obtain additional or comparable insurance coverage on commercially reasonable terms. In addition, governmental authorities investigating the Cyber Incident may seek to impose undertakings, injunctive relief, consent decrees, or other civil or criminal penalties, which could, among other things, materially increase our software development and related expenses or otherwise require us to alter how we operate our business. Further, any legislative or regulatory changes adopted in reaction to the Cyber Incident could require us to make modifications to the operation of our business that could have an adverse effect or increase or accelerate our compliance costs.
We have not seen any evidence of modification to our software supply chain, including our source code and our build release pipelines. We have confirmed that the threat actor exfiltrated files from our BIG-IP product development environment and engineering knowledge management platform. The discovery of new or different information regarding the Cyber Incident, including with respect to its scope and impact on our systems, products or customers, could increase our costs and liabilities related to the Cyber Incident and result in further damage to our business, reputation, intellectual property, results of operations and financial condition. In addition, as many of our products are subject to export control regulations, diversion of our products to restricted third parties by others could result in investigations, penalties, fines, trade restrictions and negative publicity that could damage our reputation and materially impact our business, operating results, and financial condition. The Cyber Incident also may embolden other threat actors to further target our systems, which could result in additional harm to our business. We cannot ensure that our steps to secure our systems, our product development environments and protect the security and integrity of the products that we deliver will be successful to protect against threat actors or cyberattacks or perceived by existing and prospective customers as sufficient to address the harm caused by the Cyber Incident.
We are dependent on various information technology systems, and failures of or interruptions to those systems could harm our business
Many of our business processes depend upon our IT systems, the systems and processes of third parties, including cloud hosting service providers, and on interfaces with the systems of third parties. For example, our order entry system provides information to the systems of our contract manufacturers, which enables them to build and ship our products. If those systems fail or are interrupted, or if our ability to connect to or interact with one or more networks is interrupted, our processes may function at a diminished level or not at all. This could harm our ability to ship products or our ability to deliver cloud-based services used in our operations, which could harm our financial results. This could harm our ability to ship products or our ability to deliver cloud-based services, which could harm our financial results.
Further, our Distributed Cloud Services infrastructure is dependent on our IT systems and related software interfaces, including third-party cloud hosting providers, in order to maintain a reliable and consistent level of performance for our customers. If those systems experience an outage, fail, or are otherwise interrupted, or if our ability to connect to or interact with one or more networks is interrupted, platform services may function at a diminished level or not at all. If those systems fail or are interrupted, or if our ability to connect to or interact with one or more networks is interrupted, our processes may function at a diminished level or not at all. This could harm our ability to deliver services to our customers, which could harm our customers and our financial results. This could harm our ability to ship products or our ability to deliver cloud-based services, which could harm our financial results.
In addition, reconfiguring our IT systems or other business processes in response to changing business needs may be time-consuming and costly. To the extent this impacted our ability to react timely to specific market or business opportunities, our financial results may be harmed.
15
Our success depends on our key personnel and our ability to hire, retain and motivate qualified executives, sales and marketing, operations, product development and professional services personnel
Our success depends, in large part, on our ability to attract, engage, retain, and integrate qualified executives and other key employees throughout all areas of our business. In order to attract and retain executives and other key employees in a competitive marketplace, we must provide a competitive compensation package, including cash- and equity-based compensation. If we do not obtain the stockholder approval needed to continue granting equity compensation in a competitive manner, our ability to attract, retain, and motivate executives and key employees could be weakened. Failure to successfully hire executives and key employees or the loss of any executives and key employees could have a significant impact on our operations. We have recently experienced changes in our senior leadership team and we expect to continue to see changes as we build the team that is needed to execute our strategy. Changes in our management team may be disruptive to our business, and any failure to successfully integrate key new hires or promoted employees could adversely affect our business and results of operations. The complexity of our products and their integration into existing networks and ongoing support, as well as the sophistication of our sales and marketing effort, requires us to retain highly trained developers, professional services, customer support and sales personnel. Competition for qualified developers, professional services, customer support and sales personnel in our industry is intense, especially in Silicon Valley and Seattle where we have substantial operations and a need for highly skilled personnel, because of the limited number of people available with the necessary technical skills and understanding of our products. Also, to the extent we hire personnel from competitors, we may be subject to allegations that they have been improperly solicited, that they have divulged proprietary or other confidential information, that they have violated non-compete obligations to their prior employers, or that their former employers own their inventions or other work product. Our ability to hire and retain these personnel may be adversely affected by volatility or reductions in the price of our common stock or our ability to get approval from shareholders to offer additional common stock to our employees, since these employees are generally granted restricted stock units. The loss of services of any of our key personnel, the inability to retain and attract qualified personnel in the future or delays in hiring qualified personnel may harm our business and results of operations. In addition, restructuring plans to better align strategic and financial objectives, optimize operations, and drive efficiencies for long-term growth and profitability, may include a reduction in force of the Company's workforce. These restructuring activities could lead to increased attrition amongst those employees who were not directly affected by the reduction in force program.
Cloud-based and SaaS computing trends present competitive and execution risks
Customers are transitioning to a hybrid computing environment utilizing various cloud-based software and services accessed via various smart client devices. Pricing and delivery models are evolving and our competitors are developing and deploying cloud-based services for customers. In addition, new cloud infrastructures are enabling the emergence of new competitors including large cloud providers who offer their own application delivery and security functionality as well as smaller companies targeting the growing numbers of "born in the cloud" applications. We devote significant resources to develop and deploy our cloud-based and SaaS software and services strategies. While we believe our expertise and investments in software and infrastructure for cloud-based services provides us with a strong foundation to compete, it is uncertain whether our strategies will continue to attract the customers or generate the revenue required to be successful. In addition to software development costs, we are incurring costs to build and maintain infrastructure to support cloud-computing and SaaS services to secure our customers’ data. These costs may reduce the gross and operating margins we have previously achieved. Whether we are successful in this new business model depends on our execution in a number of areas, including:
continuing to innovate and bring to market compelling cloud-based and SaaS services through consumption models that generate increasing traffic and market share;
maintaining the utility, compatibility and performance of our software on the growing array of cloud and SaaS computing platforms and the enhanced interoperability requirements associated with orchestration of cloud computing environments; and
implementing the infrastructure and the securitization of our customers' data to deliver our own cloud-based and SaaS services.
These new business models may reduce our revenues or gross and operating margins and could have a material adverse effect on our business, results of operations and financial condition.
Our success depends upon our ability to effectively plan and manage our resources and restructure our business
Our ability to successfully offer our products and services in a rapidly evolving market requires an effective planning, forecasting, and management process to enable us to effectively scale and adjust our business and business models in response to fluctuating market opportunities and conditions. From time to time, we have increased investment in our business by increasing headcount, acquiring companies, and increasing our investment in research and development, sales and marketing, and other parts of our business. Conversely, in the last few years, we have initiated restructuring plans to better align strategic
16
and financial objectives, optimize operations, and drive efficiencies for long-term growth and profitability, which resulted in restructuring charges. Our ability to achieve the anticipated cost savings and other benefits from these initiatives is subject to many estimates and assumptions, which are subject to uncertainties. If our estimates and assumptions are incorrect, if we are unsuccessful at implementing changes, or if other unforeseen events occur, our business and results of operations could be adversely affected.
Our business may be harmed if our contract manufacturers are not able to provide us with adequate supplies of our products or if a single source of hardware assembly is lost or impaired
We outsource the manufacturing of our hardware platforms to third party contract manufacturers who assemble these hardware platforms to our specifications. We have experienced minor delays in shipments from contract manufacturers in the past. However, if we experience major delays in the future or other problems, such as inferior quality and insufficient quantity of product, any one or a combination of these factors may harm our business and results of operations. The inability of our contract manufacturers to provide us with adequate supplies of our products or the loss of one or more of our contract manufacturers may cause a delay in our ability to fulfill orders while we obtain a replacement manufacturer and may harm our business and results of operations. In particular, we currently subcontract manufacturing of our products to a single contract manufacturer. If our arrangement with this single source of hardware assembly was terminated or otherwise impaired, and we were not able to engage another contract manufacturer in a timely manner, our business, financial condition and results of operation could be adversely affected.
If the demand for our products grows, we will need to increase our raw material and component purchases, contract manufacturing capacity and internal test and quality control functions. Any disruptions in product flow may limit our revenue, may harm our competitive position and may result in additional costs or cancellation of orders by our customers.
Our business could suffer if there are any interruptions or delays in the supply of hardware components from our third-party sources
We currently purchase several hardware components used in the assembly of our products from a number of single or limited sources. Lead times for these components vary significantly. The unavailability of suitable components, any interruption or delay in the supply of any of these hardware components or the inability to procure a similar component from alternate sources at acceptable prices within a reasonable time, may delay the assembly of our products and our ability to fulfill sales and, hence, our revenues, and may harm our business and results of operations.
It is difficult to predict our future operating results because we have an unpredictable sales cycle
Our products have a lengthy sales cycle and the timing of our revenue is difficult to predict. Historically, our sales cycle has tended to lengthen as our products become increasingly complex. Also, as our distribution strategy is focused on a channel model, utilizing value-added resellers, distributors and systems integrators, the level of variability in the length of sales cycle across transactions has increased and made it more difficult to predict the timing of many of our sales transactions. Sales of our products require us to educate potential customers in their use and benefits. Sales of our products are subject to delays from the lengthy internal budgeting, approval and competitive evaluation processes that large enterprises and governmental entities may require. For example, customers frequently begin by evaluating our products on a limited basis and devote time and resources to testing our products before they decide whether or not to purchase. Customers may also defer orders as a result of anticipated releases of new products or enhancements by our competitors or us. As a result, our products have an unpredictable sales cycle that contributes to the uncertainty of our future operating results.
17
We may not be able to sustain or develop new distribution relationships, and a reduction or delay in sales to significant distribution partners could hurt our business
We sell our products and services through multiple distribution channels in the United States and internationally, including leading industry distributors, value-added resellers, systems integrators, service providers and other indirect channel partners. We have a limited number of agreements with companies in these channels, and we may not be able to increase our number of distribution relationships or maintain our existing relationships. Recruiting and retaining qualified channel partners and training them in our technologies requires significant time and resources. These channel partners may also market, sell and support products and services that are competitive with ours and may devote more resources to the marketing, sales and support of such competitive products. Our indirect sales channel structure could subject us to lawsuits, potential liability, and reputational harm if, for example, any of our channel partners misrepresent the functionality of our products or services to customers or violate laws or our corporate policies. If we are unable to establish or maintain our indirect sales channels, our business and results of operations will be harmed. In addition, two worldwide distributors of our products accounted for 33.3% of our total net revenue for fiscal year 2025. A substantial reduction or delay in sales of our products to these distribution partners, if not replaced by sales to other indirect channel partners and distributors, could harm our business, operating results and financial condition.
Reliance on fulfillment at the end of the quarter could cause our revenue for the applicable period to fall below expected levels
As a result of customer buying patterns and the efforts of our sales force and channel partners to meet or exceed their sales objectives, we have historically received a substantial portion of sales orders and generated a substantial portion of revenue during the last few weeks of each fiscal quarter. In addition, any significant interruption in our information technology systems, which manage critical functions such as order processing, revenue recognition, financial forecasts, inventory and supply chain management, and trade compliance reviews, could result in delayed order fulfillment and decreased revenue for that fiscal quarter. If expected revenue at the end of any fiscal quarter is delayed for any reason, including the failure of anticipated purchase orders to materialize, our third party contract manufacturers’ inability to manufacture and ship products prior to fiscal quarter-end to fulfill purchase orders received near the end of the fiscal quarter, our failure to manage inventory to meet demand, our inability to release new products on schedule, any failure of our systems related to order review and processing, or any delays in shipments based on trade compliance requirements, our revenue for that quarter could fall below our expectations, resulting in a decline in the trading price of our common stock.
Our operating results are exposed to risks associated with international commerce
As our international sales increase, our operating results become more exposed to international operating risks. Additionally, our international sales and operations are subject to a number of risks, including the following:
greater difficulty in enforcing contracts and accounts receivable collection and longer collection periods;
the uncertainty of protection for intellectual property rights in some countries;
greater risk of unexpected changes in regulatory practices, tariffs, and tax laws and treaties;
risks associated with trade restrictions and foreign legal requirements, including the importation, certification, and localization of our products required in foreign countries;
greater risk of a failure of foreign employees, partners, distributors, and resellers to comply with both U.S. and foreign laws, including antitrust regulations, the U.S. Foreign Corrupt Practices Act, and any trade regulations ensuring fair trade practices;
heightened risk of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of, or irregularities in, financial statements;
increased expenses incurred in establishing and maintaining office space and equipment for our international operations;
greater difficulty in recruiting local experienced personnel, and the costs and expenses associated with such activities;
management communication and integration problems resulting from cultural and geographic dispersion;
fluctuations in exchange rates between the U.S. dollar and foreign currencies in markets where we do business;
economic uncertainty around the world, including geopolitical, trade, economic and diplomatic relations may result in regulatory, operational, and cost challenges to our global operations; and
general economic and political conditions in these foreign markets.
18
We must hire and train experienced personnel to staff and manage our foreign operations. To the extent that we experience difficulties in recruiting, training, managing, and retaining an international staff, and specifically staff related to sales management and sales personnel, we may experience difficulties in sales productivity in foreign markets. We also enter into strategic distributor and reseller relationships with companies in certain international markets where we do not have a local presence. If we are not able to maintain successful strategic distributor relationships internationally or recruit additional companies to enter into strategic distributor relationships, our future success in these international markets could be limited. Business practices in the international markets that we serve may differ from those in the United States and may require us in the future to include terms other than our standard terms in customer contracts. We intend to continue expanding into international markets.
These factors and other factors could harm our ability to gain future international revenues and, consequently, materially impact our business, operating results, and financial condition. The expansion of our existing international operations and entry into additional international markets will require significant management attention and financial resources. Our failure to successfully manage our international operations and the associated risks effectively could limit the future growth of our business.
The average selling price of our products may decrease and our costs may increase, which may negatively impact revenues and profits
It is possible that the average selling prices of our products will decrease in the future in response to competitive pricing pressures, increased sales discounts, including responses to inflationary pressures, new product introductions by us or our competitors, or other factors. Therefore, in order to maintain our profits, we must develop and introduce new products and product enhancements on a timely basis and continually reduce our product costs. Our failure to do so could cause our revenue and profits to decline, which would harm our business and results of operations. In addition, we may experience substantial period-to-period fluctuations in future operating results due to the erosion of our average selling prices.
Acquisitions present many risks and we may not realize the financial and strategic goals that are contemplated at the time of the transaction
With respect to our past acquisitions, as well as any other future acquisitions we may undertake, we may find that the acquired businesses, products or technologies do not further our business strategy as expected, that we paid more than what the assets are later worth or that economic conditions change, all of which may generate future impairment charges. Our acquisitions may be viewed negatively by customers, financial markets or investors. There may be difficulty integrating the operations and personnel of the acquired business, and we may have difficulty retaining the key personnel of the acquired business. We may have difficulty in integrating the acquired technologies or products with our existing product lines. Our ongoing business and management’s attention may be disrupted or diverted by transition or integration issues and the complexity of managing geographically and culturally diverse locations. We may have difficulty maintaining uniform standards, controls, procedures and policies across locations. We may experience significant problems or liabilities associated with product quality, technology and other matters.
Our inability to successfully operate and integrate newly-acquired businesses appropriately, effectively and in a timely manner, or to retain key personnel of any acquired business, could have a material adverse effect on our ability to take advantage of further growth in demand for application delivery and security solutions and other advances in technology, as well as on our revenues, gross margins and expenses.
Strategic and Industry Risks
Our success depends on our timely development of new software and systems products and features, market acceptance of new software and systems product offerings and proper management of the timing of the life cycle of our software and systems products
The markets for our products and services are characterized by:
rapid technological change;
evolving industry standards;
consolidation of network and application functions into existing network infrastructure products;
requirements that our products interoperate with technologies from other vendors to enable ease of management;
fluctuations in customer demand;
changes in customer requirements; and
19
frequent new product and service introductions and enhancements.
Our continued success depends on our ability to identify and develop new software and systems products and new features for our existing software and systems products, to meet the demands of these changes, and the acceptance of those products and features by our existing and target customers. In addition, our software and systems products must interoperate with our end customers’ IT infrastructure, including the rapid adoption of AI-enabled software and systems, expanding use of the cloud and hybrid cloud environments, which often have different specifications, deploy products from multiple vendors, and utilize multiple protocol standards. In addition, our software and systems products must interoperate with our end customers’ IT infrastructure, including the expanding use of the cloud and hybrid cloud environments, which often have different specifications, deploy products from multiple vendors, and utilize multiple protocol standards. Our customers’ IT infrastructure is becoming more complex and we may be reliant on orchestration and interoperability with third party vendors on whom we are reliant for testing and support of new software and systems product versions and configurations. If we are unable to identify, develop and deploy new software and systems products and new product features on a timely basis, our business and results of operations may be harmed.
The current development cycle for our software and systems products varies and has become increasingly complex due to the sophistication and the addressing of our customers' needs. The development timetable to commercial release and availability to our customers is uncertain, and the introduction of new products or product enhancements may shorten the life cycle of our existing products, or replace sales of some of our current products, thereby offsetting the benefit of even a successful product introduction, and may cause customers to defer purchasing our existing products in anticipation of the new products. This could harm our operating results by decreasing sales of our software and systems products, or increasing our inventory levels of older systems products and exposing us to greater risk of product obsolescence. We have also experienced, and may in the future experience, delays in developing and releasing new software and systems products and related product enhancements. This has led to, and may in the future lead to, delayed sales, increased expenses and lower quarterly revenue than anticipated. Also, in the development of our systems products, we have experienced delays in the prototyping, which in turn has led to delays in product introductions. In addition, complexity and difficulties in managing product transitions at the end-of-life stage of a product can create excess inventory of components associated with the outgoing product that can lead to increased expenses. Any or all of the above problems could materially harm our business and results of operations.
Our success depends on sales and continued innovation of our application delivery and security product lines
We expect to derive a significant portion of our net revenues from the sale of our cloud, software and hardware application delivery and security product lines in the future. Implementation of our strategy depends upon these products being able to solve critical network availability, performance and security problems for our customers. If our products are unable to solve these problems for our customers or if we are unable to sustain the high levels of innovation in product feature sets needed to maintain leadership in what will continue to be a competitive market environment, our business and results of operations will be harmed.
We operate in an industry of evolving standards and rapid technological advancements. If our competitors are able to develop and implement compelling technological innovations or features into their product offerings or services more rapidly or successfully than we do in the future, our ability to compete effectively may be impacted which could negatively impact our business and results of operations.
Issues related to the development and use of artificial intelligence ("AI") could give rise to legal and/or regulatory action, damage our reputation or otherwise materially harm our business
We currently incorporate AI technology in certain of our products and services and in our business operations. Our research and development of such technology remains ongoing. AI presents risks, challenges, and potential unintended consequences that could affect our and our customers’ adoption and use of this technology. AI solutions may use algorithms, datasets, or training methodologies that are incomplete, reflect biases, or contain other flaws or deficiencies. Additionally, AI technologies are complex and rapidly evolving, and we face significant competition in the market and from other companies regarding such technologies. While we aim to develop and use AI responsibly and attempt to identify and mitigate ethical and legal issues presented by its use, we may be unsuccessful in identifying or resolving issues before they arise. The AI-related legal and regulatory landscape remains uncertain and may be inconsistent from jurisdiction to jurisdiction. Our obligations to comply with the evolving legal and regulatory landscape could entail significant costs or limit our ability to incorporate certain AI capabilities into our offerings. AI-related issues, deficiencies and/or failures could (i) give rise to legal and/or regulatory action, including with respect to proposed legislation regulating AI in jurisdictions such as the European Union and others, and as a result of new applications of existing data protection, privacy, intellectual property, and other laws; (ii) damage our reputation; or (iii) otherwise materially harm our business.
20
Our business could be adversely impacted by conditions affecting the markets in which we compete
A substantial portion of our business depends on the demand for information technology by large enterprise customers and service providers. We are dependent upon the overall economic health of our current and prospective customers. International, national, regional and local economic conditions, such as recessionary economic cycles, protracted economic slowdown or further deterioration of the economy could adversely impact demand for our products. Demand for our products and services depends substantially upon the general demand for application delivery and security solutions, which fluctuates based on numerous factors, including capital spending levels and growth of our current and prospective customers, as well as general economic conditions. Moreover, the purchase of our products is often discretionary and may involve a significant commitment of capital and other resources. Future economic projections for the information technology sector are uncertain as companies continue to reassess their spending for technology projects and embrace a range of consumption models from physical systems to software, SaaS-based and managed services solutions. As a result, spending priorities for our current and future customers may vary and demand for our products and services may be impacted. In addition, customer buying patterns are changing over time and more customers seek to rent software on a subscription basis and to reduce their total cost of ownership. These evolving business models could lead to changes in demand and licensing strategies, which could have a material adverse effect on our business, results of operations and financial condition.
Industry consolidation may result in increased competition
Some of our competitors have made acquisitions or entered into partnerships or other strategic relationships to offer a more comprehensive solution than they had previously offered. We have also entered into large, strategic partnerships to enhance our competitive position in the marketplace. As technology companies attempt to strengthen or maintain their market positions in the evolving application delivery, mobility, cloud networking and cloud platform markets, these companies continue to seek to deliver comprehensive solutions to end users and combine enterprise-level hardware and software solutions that may compete with our solutions and which could negatively impact our partnerships. These consolidators or potential consolidators may have significantly greater financial, technical and other resources than we do and may be better positioned to acquire and offer complementary products and services. The companies resulting from these possible combinations may create more compelling product and service offerings and be able to offer greater pricing flexibility or sales and marketing support for such offerings than we can. These heightened competitive pressures could result in a loss of customers or a reduction in our revenues or revenue growth rates, all of which could adversely affect our business, results of operations and financial condition.
We may not be able to compete effectively in the application delivery and security market
The markets we serve are rapidly evolving and highly competitive, and we expect competition to persist and intensify in the future. As we expand our reach and role into a broader set of multicloud solutions, the companies that we consider competitors evolves as well. In addition to server load balancing, traffic management, and other functions normally associated with application delivery, our suite of solutions has expanded our addressable market into security, and policy management, where we compete with a number of companies focused on niche areas of application security. Similarly, as we continue building AI functionality into our offerings, we expect competition to increase in the future, from established competitors and new market entrants, as AI technologies are integrated into the markets in which we compete.
We expect to continue to face additional competition as new participants enter our markets. We expect to continue to face additional competition as new participants enter our markets. As we continue to expand globally, we may see new competitors in different geographic regions. In addition, larger companies with significant resources, brand recognition, and sales channels may form alliances with or acquire competing application services solutions from other companies and emerge as significant competitors. Potential competitors may bundle their products or incorporate an Internet traffic management or security component into existing products in a manner that discourages users from purchasing our products. Any of these circumstances may limit our opportunities for growth and negatively impact our financial performance.
Misuse of our products could harm our reputation
Our products may be misused by end-customers or third parties that obtain access to our products. For example, our products could be used to censor private access to certain information on the Internet. Such use of our products for censorship could result in negative publicity and damage to our reputation. In addition, as many of our products are subject to export control regulations, diversion of our products to restricted third parties by others could result in investigations, penalties, fines, trade restrictions and negative publicity that could damage our reputation and materially impact our business, operating results, and financial condition.
21
Legal and Regulatory Risks
Our failure to adequately protect personal information could have a material adverse effect on our business
A wide variety of local, state, national, and international laws, directives and regulations apply to the collection, use, retention, protection, disclosure, transfer, and other processing of personal data. These data protection and privacy-related laws and regulations continue to evolve and may result in ever-increasing regulatory and public scrutiny and escalating levels of enforcement and sanctions and increased costs of compliance. Certain safe-harbor exemptions upon which the Company relies for data transfers have been challenged and may no longer be available to us in the future. Our failure to comply with applicable laws and regulations, or to protect such data, could result in enforcement action against us, including fines, imprisonment of company officials and public censure, claims for damages by end-customers and other affected individuals, damage to our reputation and loss of goodwill (both in relation to existing end-customers and prospective end-customers), any of which could have a material adverse effect on our operations, financial performance, and business. Changing definitions of personal data and personal information, within the European Union, the United States, and elsewhere, especially relating to classification of IP addresses, machine identification, location data, and other information, may limit or inhibit our ability to operate or expand our business, including limiting strategic partnerships that may involve the sharing of data. The evolving data protection regulatory environment may require significant management attention and financial resources to analyze and modify our IT infrastructure to meet these changing requirements all of which could reduce our operating margins and impact our operating results and financial condition.
A portion of our revenue is generated by sales to government entities, which are subject to a number of challenges and risks
Sales to U.S. and foreign, federal, state, and local governmental agency end-customers account for a significant portion of our revenues and we may in the future increase sales to government entities. Sales to government entities are subject to a number of risks. Selling to government entities can be highly competitive, expensive, and time consuming, often requiring significant upfront time and expense without any assurance that these efforts will generate a sale. The substantial majority of our sales to date to government entities have been made indirectly through our channel partners. Government certification requirements for products like ours may change, thereby restricting our ability to sell into the federal government sector until we have attained the revised certification. Government demand and payment for our products and services may be impacted by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our products and services. Government entities may have statutory, contractual or other legal rights to terminate contracts with our distributors and resellers for convenience or due to a default, and any such termination may adversely impact our future operating results. Governments routinely investigate and audit government contractors’ administrative processes, and any unfavorable audit could result in the government refusing to continue buying our products and services, a reduction of revenue or fines or civil or criminal liability if the audit uncovers improper or illegal activities, which could adversely impact our operating results in a material way. Finally, for purchases by the U.S. government, the government may require certain products to be manufactured in the United States and other relatively high cost manufacturing locations, and we may not manufacture all products in locations that meet the requirements of the U.S. government, affecting our ability to sell these products to the U.S. government.
We face litigation risks
We are a party to lawsuits in the normal course of our business. Litigation in general, and intellectual property and securities litigation in particular, can be expensive, lengthy and disruptive to normal business operations. Further, we could face litigation in connection with the Cyber Incident. Moreover, the results of complex legal proceedings are difficult to predict. Responding to lawsuits has been, and will likely continue to be, expensive and time-consuming for us. An unfavorable resolution of these lawsuits could adversely affect our business, results of operations or financial condition.
We may not be able to adequately protect our intellectual property, and our products may infringe on the intellectual property rights of third parties
We rely on a combination of patent, copyright, trademark and trade secret laws, and restrictions on disclosure of confidential and proprietary information to protect our intellectual property rights. Despite our efforts to protect our proprietary rights, unauthorized parties may attempt to copy or otherwise obtain and use our products or technology. Monitoring unauthorized use of our products is difficult, and we cannot be certain that the steps we have taken will prevent misappropriation of our technology, particularly in foreign countries where the laws may not protect our proprietary rights as fully as in the United States.
Our industry is characterized by the existence of a large number of patents and frequent claims and related litigation regarding patent and other intellectual property rights. In the ordinary course of our business, we are involved in disputes and
22
licensing discussions with others regarding their claimed proprietary rights and cannot provide assurance that we will always successfully defend ourselves against such claims and such matters are subject to many uncertainties and outcomes are not predictable with assurance. We expect that infringement claims may increase as the number of products and competitors in our market increases and overlaps occur. Also, as we have gained greater visibility, market exposure and competitive success, we face a higher risk of being the subject of intellectual property infringement claims. If we are found to infringe the proprietary rights of others, or if we otherwise settle such claims, we could be compelled to pay damages or royalties and either obtain a license to those intellectual property rights or alter our products so that they no longer infringe upon such proprietary rights. Any license could be very expensive to obtain or may not be available at all or may require us to make royalty payments which could adversely affect gross margins in future periods. The actual liability in any such matters may be materially different from our estimate, if any, which could result in the need to adjust the liability and record additional expenses. Similarly, changing our products or processes to avoid infringing upon the rights of others may be costly or impractical. In addition, we have initiated, and may in the future initiate, claims or litigation against third parties for infringement of our proprietary rights, or to determine the scope and validity of our proprietary rights or those of our competitors. Any of these claims, whether claims that we are infringing the proprietary rights of others, or vice versa, with or without merit, may be time-consuming, result in costly litigation and diversion of technical and management personnel or require us to cease using infringing technology, develop non-infringing technology or enter into royalty or licensing agreements. Further, our license agreements typically require us to indemnify our customers, distributors and resellers for infringement actions related to our technology, which could cause us to become involved in infringement claims made against our customers, distributors or resellers. Any of the above-described circumstances relating to intellectual property rights disputes could result in our business and results of operations being harmed. Any of the above-described 24Table of Contentscircumstances relating to intellectual property rights disputes could result in our business and results of operations being harmed.
We incorporate open source software into our products. Although we monitor our use of open source closely, the terms of many open source licenses have not been interpreted by U.S. courts, and there is a risk that such licenses could be construed in a manner that could impose unanticipated conditions or restrictions on our ability to commercialize our products. We could also be subject to similar conditions or restrictions should there be any changes in the licensing terms of the open source software incorporated into our products. In either event, we could be required to seek licenses from third parties in order to continue offering our products, to re-engineer our products or to discontinue the sale of our products in the event re-engineering cannot be accomplished on a timely or successful basis, any of which could adversely affect our business, operating results and financial condition.
Many of our products include intellectual property licensed from third parties. In the future, it may be necessary to renew licenses for third party intellectual property or obtain new licenses for other technology. These third party licenses may not be available to us on acceptable terms, if at all. The inability to obtain certain licenses, or litigation regarding the interpretation or enforcement of license rights and related intellectual property issues, could have a material adverse effect on our business, operating results and financial condition. Furthermore, we license some third party intellectual property on a non-exclusive basis and this may limit our ability to protect our intellectual property rights in our products.
We are subject to governmental export and import controls that could subject us to liability or impair our ability to compete in international markets
Our products are subject to U.S. export controls and may be exported outside the U.S. only with the required level of export license or through an export license exception because we incorporate encryption technology into our products. In addition, various countries regulate the import of certain encryption technology and have enacted laws that could limit our ability to distribute our products or our customers’ ability to implement our products in those countries. Changes in our products or changes in export and import regulations may create delays in the introduction of our products in international markets, prevent our customers with international operations from deploying our products throughout their global systems or, in some cases, prevent the export or import of our products to certain countries altogether. Any change in export or import regulations or related legislation, shift in approach to the enforcement or scope of existing regulations or change in the countries, persons or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential customers with international operations. Any decreased use of our products or limitation on our ability to export or sell our products would likely adversely affect our business, operating results and financial condition.
Changes in governmental regulations could negatively affect our revenues
Many of our products are subject to various regulations promulgated by the United States and various foreign governments including, but not limited to, environmental regulations and regulations implementing export license requirements and restrictions on the import or export of some technologies, especially encryption technology. Changes in governmental regulation and our inability or failure to obtain required approvals, permits or registrations could harm our international and domestic sales and adversely affect our revenues, business and operations.
23
The SEC requires us, as a public company that uses certain raw materials considered to be "conflict minerals" in our products, to report publicly on the extent to which "conflict minerals" are in our supply chain. As a provider of hardware end-products, we are several steps removed from the mining, smelting, or refining of any conflict minerals. Accordingly, our ability to determine with certainty the origin and chain of custody of these raw materials is limited. Our relationships with customers, suppliers, and investors could suffer if we are unable to describe our products as "conflict-free." We may also face increased costs in complying with conflict minerals disclosure requirements.
Financial Risks
We may have exposure to greater than anticipated tax liabilities
Our provision for income taxes is subject to volatility and could be affected by changes in our business operations, including acquisitions, new offerings, and changes in the jurisdictions in which we operate. The provision for income taxes may also be impacted by changes in stock-based compensation, changes in the research and development tax credit laws, earnings being lower than anticipated in jurisdictions where we have lower statutory rates and being higher than anticipated in jurisdictions where we have higher statutory rates, transfer pricing adjustments, not meeting the terms and conditions of tax holidays or incentives, changes in the valuation of our deferred tax assets and liabilities, changes in actual results versus our estimates, or changes in tax laws, regulations, accounting principles or interpretations thereof, including changes to the tax laws applicable to corporate multinationals. In addition, we may be subject to examination of our income tax returns by the U.S. Internal Revenue Service and other tax authorities. While we regularly assess the likelihood of adverse outcomes from such examinations and the adequacy of our provision for income taxes, there can be no assurance that such provision is sufficient and that a determination by a tax authority will not have an adverse effect on our results of operations and cash flows. The Company operates in countries that have enacted, or have committed to enact, a minimum tax in accordance with the Organisation for Economic Co-operation and Development’s Pillar Two framework, which may increase our tax liability in future years.
We are exposed to fluctuations in currency exchange rates, which could negatively affect our financial condition and results of operations
Our sales contracts are denominated in U.S. dollars, and therefore, substantially all of our revenue is not subject to foreign currency risk. However, a strengthening of the U.S. dollar could increase the real cost of our solutions to our end customers outside of the United States, which could adversely affect our financial condition and operating results. In addition, an increasing portion of our operating expenses is incurred outside the United States, is denominated in foreign currencies, and is subject to fluctuations due to changes in foreign currency exchange rates. If we become more exposed to currency fluctuations and are not able to successfully hedge against the risks associated with currency fluctuations, our operating results could be adversely affected. To date, we have not entered into any hedging arrangements with respect to foreign currency risk or other derivative instruments.
Changes in financial accounting standards may cause adverse unexpected revenue fluctuations and affect our reported results of operations
A change in accounting policies can have a significant effect on our reported results and may even affect our reporting of transactions completed before the change is effective. New pronouncements and varying interpretations of existing pronouncements have occurred with frequency and may occur in the future. Changes to existing rules, or changes to the interpretations of existing rules, could lead to changes in our accounting practices, and such changes could adversely affect our reported financial results or the way we conduct our business.
If we are unable to maintain effective internal control over financial reporting, the accuracy and timeliness of our financial reporting may be adversely affected
As a public company, we are required to design and maintain proper and effective internal controls over financial reporting and to report any material weaknesses in such internal controls. Section 404 of the Sarbanes-Oxley Act of 2002 requires that we evaluate and determine the effectiveness of our internal controls over financial reporting and provide a management report on the internal controls over financial reporting, which must be attested to by our independent registered public accounting firm. We have an ongoing program to review the design of our internal controls framework in keeping with changes in business needs, implement necessary changes to our controls design and test the system and process controls necessary to comply with these requirements. If in the future, our internal controls over financial reporting are determined to be not effective resulting in a material weakness, investor perceptions regarding the reliability of our financial statements may be adversely affected which could cause a decline in the market price of our stock and otherwise negatively affect our liquidity and financial condition.
24
Risks Related to our Common Stock
Our quarterly and annual operating results may fluctuate in future periods, which may cause our stock price to fluctuate
Our quarterly and annual operating results have varied significantly in the past and could vary significantly in the future, which makes it difficult for us to predict our future operating results. Our operating results may fluctuate due to a variety of factors, many of which are outside of our control, including the changing and recently volatile U.S. and global economic environment, which may cause our stock price to fluctuate. In particular, we anticipate that the size of customer orders may increase as we continue to focus on larger business accounts. A delay in the recognition of revenue, even from just one account, may have a significant negative impact on our results of operations for a given period. In the past, a majority of our sales have been realized near the end of a quarter. Accordingly, a delay in an anticipated sale past the end of a particular quarter may negatively impact our results of operations for that quarter, or in some cases, that fiscal year. Additionally, we have exposure to the credit risks of some of our customers. Although we have programs in place that are designed to monitor and mitigate the associated risk, there can be no assurance that such programs will be effective in reducing our credit risks adequately. We monitor individual payment capability in granting credit arrangements, seek to limit the total credit to amounts we believe our customers can pay and maintain reserves we believe are adequate to cover exposure for potential losses. If there is a deterioration of a major customer’s creditworthiness or actual defaults are higher than expected, future losses, if incurred, could harm our business and have a material adverse effect on our operating results. If there is a 26Table of Contentsdeterioration of a major customer’s creditworthiness or actual defaults are higher than expected, future losses, if incurred, could harm our business and have a material adverse effect on our operating results. Further, our operating results may be below the expectations of securities analysts and investors in future quarters or years. Our failure to meet these expectations will likely harm the market price of our common stock. Such a decline could occur, and has occurred in the past, even when we have met our publicly stated revenue and/or earnings guidance.
Anti-takeover provisions could make it more difficult for a third party to acquire us
Our Board of Directors has the authority to issue up to 10,000,000 shares of preferred stock and to determine the price, rights, preferences, privileges and restrictions, including voting rights, of those shares without any further vote or action by the shareholders. The rights of the holders of common stock may be subject to, and may be adversely affected by, the rights of the holders of any preferred stock that may be issued in the future. The issuance of preferred stock may have the effect of delaying, deferring or preventing a change of control of our company without further action by our shareholders and may adversely affect the voting and other rights of the holders of common stock. Further, certain provisions of our bylaws, including a provision limiting the ability of shareholders to raise matters at a meeting of shareholders without giving advance notice, may have the effect of delaying or preventing changes in control or management of our company, which could have an adverse effect on the market price of our common stock. Similarly, state anti-takeover laws in the State of Washington related to corporate takeovers may prevent or delay a change of control of our company.
Our stock price could be volatile, particularly during times of economic uncertainty and volatility in domestic and international stock markets
Our stock price has been volatile and has fluctuated significantly in the past. The trading price of our stock is likely to continue to be volatile and subject to fluctuations in the future. Some of the factors that could significantly affect the market price of our stock include:
Actual or anticipated variations in operating and financial results;
Analyst reports or recommendations;
Rumors, announcements or press articles regarding our competitors’ operations, management, organization, financial condition or financial statements; and
Other events or factors, many of which are beyond our control.
The stock market in general and the market for technology companies in particular, have experienced extreme price and volume fluctuations. These fluctuations have often been unrelated or disproportionate to operating performance. The fluctuations may continue in the future and this could significantly impact the value of our stock and your investment.
If securities or industry analysts publish inaccurate or unfavorable research about our business, or discontinue publishing research about our business, the price and trading volume of our securities could decline
The trading market for our common stock is influenced by the research and reports that industry or securities analysts publish about us, our business, our market or our competitors. If one or more of the analysts who cover us downgrade our common stock or publish inaccurate or unfavorable research about our business, the price of our securities would likely decline. If one or more of these analysts cease coverage of us or fail to publish reports on us regularly, demand for our securities could decrease, which might cause the price and trading volume of our securities to decline.
25
General Risks
Macroeconomic downturns or uncertainties may harm our industry, business, and results of operations
We operate globally and as a result, our business, revenues, and profitability may be impacted by global macroeconomic conditions. Adverse macroeconomic conditions both in the U.S. and abroad, including, but not limited to, rising interest rates, inflationary pressures on goods and services, challenges in the financial and credit markets, labor shortages, supply chain disruptions, trade uncertainty, adverse changes in global taxation and tariffs, sanctions, outbreaks of pandemic diseases, political unrest and social strife, armed conflicts, or other impacts from the macroeconomic environment could adversely affect our business, financial condition, results of operations and cash flows through, among others, softer demand of our products and services as well as unfavorable increases to our operating costs, which could negatively impact our profitability.
We face risks associated with having operations and employees located in Israel
We have offices and employees located in Israel. As a result, political, economic, and military conditions in Israel and the surrounding region directly affect our operations. The future of peace efforts between Israel and its neighbors in the Middle East remains uncertain. There has been a significant increase in hostilities and political unrest in Israel and the surrounding region. The effects of these hostilities and violence on the Israeli economy and our operations in Israel are unclear, and we cannot predict the effect on us of further increases in these hostilities or future armed conflict, political instability or violence in the region. In addition, many of our employees in Israel are obligated to perform annual reserve duty in the Israeli military and are subject to being called for active duty under emergency circumstances. We cannot predict the full impact of these conditions on us in the future, particularly if emergency circumstances or an escalation in the political situation occurs. If many of our employees in Israel are called for active duty for a significant period of time, our operations and our business could be disrupted and may not be able to function at full capacity. Current or future tensions and conflicts in the Middle East could adversely affect our business, operating results, financial condition and cash flows.
Our business is subject to the risks of earthquakes, fire, power outages, floods, and other catastrophic events, and to interruption by man-made problems such as terrorism
A significant natural disaster, such as an earthquake, a fire, a flood, or a significant power outage could have a material adverse impact on our business, operating results, and financial condition. We have an administrative and product development office and a third party contract manufacturer located in the San Francisco Bay Area, a region known for seismic activity. In addition, natural disasters could affect our supply chain, manufacturing vendors, or logistics providers’ ability to provide materials and perform services such as manufacturing products or assisting with shipments on a timely basis. In the event our or our service providers’ information technology systems or manufacturing or logistics abilities are hindered by any of the events discussed above, shipments could be delayed, resulting in missed financial targets, such as revenue and shipment targets, for a particular quarter. In addition, cyber-attacks, acts of terrorism, or other geopolitical unrest could cause disruptions in our business or the business of our supply chain, manufacturers, logistics providers, partners, or end-customers or the economy as a whole. Any disruption in the business of our supply chain, manufacturers, logistics providers, partners or end-customers that impacts sales at the end of a fiscal quarter could have a significant adverse impact on our quarterly results. All of the aforementioned risks may be further increased if the disaster recovery plans for us and our suppliers prove to be inadequate. To the extent that any of the above should result in delays or cancellations of customer orders, or the delay in the manufacture, deployment or shipment of our products, our business, financial condition and operating results would be adversely affected.
Climate change and associated regulation may have an impact on our business
Risks related to climate change are increasing in both impact and type of risk. We believe there will not be significant near-term impacts to our offices worldwide due to climate change, but long-term impacts remain unknown. However, there may be business operational risk due to the significant impacts climate change could pose to our employees’ lives, our supply chain, or electrical power availability from climate-related weather events. Rapidly changing customer requirements to reduce carbon emissions also presents a risk of loss of business if we are not able to meet criteria.
In addition, we are subject to a range of new and anticipated climate-related and sustainability-focused laws and regulations, including the E.U.’s Corporate Sustainability Reporting Directive. To meet the compliance requirements of these new regulations, we may incur extra costs to implement more internal controls, processes, and procedures, in order to assist in the oversight responsibilities for our management and board of directors. Failure to comply with these regulations or requirements could result in investigations, sanctions, enforcement actions, fines, or litigation, potentially harming our business, operating results, or financial condition.
26
In addition to other risks listed in this "Risk Factors" section, factors that may affect our operating results include, but are not limited to:
fluctuations in demand for our products and services due to changing market conditions, pricing conditions, technology evolution, seasonality, or other changes in the global economic environment;
changes or fluctuations in sales and implementation cycles for our products and services;
changes in the mix of our products and services, including increases in SaaS and other subscription-based offerings;
changes in the growth rate of the application delivery market;
reduced visibility into our customers’ spending and implementation plans;
reductions in customers’ budgets for data center and other IT purchases or delays in these purchases;
changes in end-user customer attach rates and renewal rates for our services;
fluctuations in our gross margins, including the factors described herein, which may contribute to such fluctuations;
our ability to control costs, including operating expenses, the costs of hardware and software components, and other manufacturing costs;
our ability to develop, introduce and gain market acceptance of new products, technologies and services, and our success in new and evolving markets;
any significant changes in the competitive environment, including the entry of new competitors or the substantial discounting of products or services;
the timing and execution of product transitions or new product introductions, and related inventory costs;
variations in sales channels, product costs, or mix of products sold;
our ability to establish and manage our distribution channels, and the effectiveness of any changes we make to our distribution model;
the ability of our contract manufacturers and suppliers to provide component parts, hardware platforms and other products in a timely manner;
benefits anticipated from our investments in sales, marketing, product development, manufacturing or other activities;
impacts on our overall tax rate caused by any reorganization in our corporate structure;
changes in tax laws or regulations, or other accounting rules; and
general economic conditions, both domestically and in our foreign markets.
Item 1B.Unresolved Staff Comments
Not applicable.
Item 1C.Cybersecurity
Risk Management and Strategy
We recognize the importance of identifying, assessing, and managing material risks associated with cybersecurity threats. These risks include, among other things: operational risks; intellectual property theft; fraud; extortion; harm to employees or customers; violation of privacy or security laws and other litigation and legal risks; and reputational risks. Our process for identifying and assessing material risks from cybersecurity threats operates in conjunction with our overall risk management systems and processes, covering all company risks.
Our cybersecurity risk management program is led by our Chief Information Security Officer ("CISO"), who manages our security team and is principally responsible for our cybersecurity risk assessment processes, our security controls, and our detection and response to cybersecurity incidents. Our program includes protocols for preventing, monitoring, detecting and responding to cybersecurity events and incidents, and cross-functional coordination and governance of business continuity and disaster recovery plans. Components of our program include:
risk assessments designed to help identify cybersecurity threats to our products and related supportive infrastructure, critical IT systems, information, and our broader enterprise IT environment;
monitoring, detection and collection and analysis of information regarding evolving, ongoing, and emerging threats and vulnerabilities, and corresponding actions to assess and remediate corresponding risks;
27
regular testing and assessments to identify vulnerabilities;
the periodic engagement of independent security firms and other third-party experts, where appropriate, to assess, test, and certify components of our cybersecurity program, and to otherwise assist with aspects of our cybersecurity processes and controls;
annual cybersecurity awareness training for our employees;
regular assessments of the design and operational effectiveness of the program’s key processes and controls by our internal audit team as well as external consultants; and
a risk management process for third-party service providers and vendors that includes due diligence in the selection process and periodic monitoring regarding adherence to applicable cybersecurity standards.
We also have a cybersecurity incident response plan to assess and manage cybersecurity incidents, which includes escalation procedures based on the nature and severity of the incident, including, where appropriate, escalation to the Risk Committee and the Board.29Table of ContentsWe also have a cybersecurity incident response plan to assess and manage cybersecurity incidents, which includes escalation procedures based on the nature and severity of the incident, including, where appropriate, escalation to the Risk Committee and the Board. We periodically perform tabletop exercises to test our incident response procedures, identify gaps and improvement opportunities, and assess team preparedness.
As part of our overall risk mitigation strategy, we maintain insurance coverage that is intended to address certain aspects of cybersecurity risks; however, such insurance may not be sufficient in type or amount to cover us against claims related to cybersecurity breaches, cyberattacks and other related breaches. We periodically review our cybersecurity insurance program.
As of the date of this report, other than with respect to the Cyber Incident, we do not believe that any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect our Company, including our business strategy, results of operations or financial condition. For more information on the Cyber Incident, see Part II, Item 7. "Management's Discussion and Analysis of Financial Condition and Results of Operations - Cyber Incident". Despite our security measures, however, there can be no assurance that we, or third parties with whom we interact, will not experience a cybersecurity incident in the future that will materially affect us. For more information on our cybersecurity related risks, see Part I, Item 1A. "Risk Factors," including "Security vulnerabilities or control failures in our IT infrastructure or multicloud application delivery and security products and services as well as unforeseen product errors could have a material adverse impact on our business, results of operations, financial condition and reputation," and "The Cyber Incident has had and may continue to have an adverse effect on our business, reputation, customer, employee and partner relations, results of operations, financial condition and cash flows. “Risk Factors,” including “Security vulnerabilities or control failures in our IT infrastructure or multicloud application security and delivery products and services as well as unforeseen product errors could have a material adverse impact on our business, results of operations, financial condition and reputation. "
Governance
Our Board of Directors is actively involved in overseeing risks from cybersecurity threats and is assisted in that oversight by its Risk Committee. The Risk Committee reviews and assesses the Company’s cybersecurity risk exposure and evaluates the adequacy and effectiveness of related risk management processes and policies.
As part of the oversight process, the Risk Committee has the following responsibilities, among others:
reviews and advises on our cybersecurity and operational risk strategy, resiliency, crisis and incident management, and security-related information technology planning processes, and reviews strategy and implementation for investing in related systems, controls, and procedures with management;
reviews our compliance with applicable global data protection and security laws and regulations, and the Company’s adoption and implementation of systems, controls and procedures designed to comply with such laws and regulations;
reviews plans for periodic assessments and related findings and remediation of our cybersecurity and operational risk and incident response and disaster recovery programs by outside professionals;
reviews analyses of our cybersecurity and operational risks by management and third parties, as applicable; and
evaluates our disclosure controls and procedures related to cybersecurity to ensure timely and accurate reporting of cybersecurity and operational risks and incidents, as appropriate.
The Risk Committee meets at least four times a year and regularly reports to the full Board, including regarding its review and assessment of cybersecurity risk oversight matters and related recommendations. The Board of Directors discusses our programs and policies related to cybersecurity and risk initiatives and considers them closely both from a risk management perspective and as part of F5’s business strategy.
The Risk Committee receives periodic updates from our CISO, and other persons the Risk Committee deems appropriate, on a range of cybersecurity matters, including those referenced above as well as on the status of the Company’s cybersecurity posture and risk mitigation efforts. If cyber-related issues arise between Risk Committee meetings that the CISO believes could
28
have a material adverse impact on the Company, the CISO, or another appropriate risk management leader, will report to the Chair of the Risk Committee.
At the management level, our CISO leads our enterprise-wide cybersecurity program in partnership with other business leaders, including our General Counsel and Chief Operating Officer. These members of management are informed about and monitor the prevention, mitigation, detection, and remediation of cybersecurity incidents through their management of, and participation in, the cybersecurity risk management and strategy processes described above. Our CISO has over 25 years of experience in technology and information security operations across a diverse range of business sectors. In addition, on October 15, 2025 Michael Montoya, a former member of our Board of Directors, was appointed as the Company's Chief Technology Operations Officer. In his role, Mr. Montoya will lead the enterprise-wide strategy and execution of our enterprise-wide cybersecurity program with our CISO, and in partnership with other business leaders, including our General Counsel and Chief Operating Officer to further embed security into every aspect of how F5 operates.
Recently Filed
Click on a ticker to see risk factors
Ticker * File Date
CASH 7 hours ago
TFSL 7 hours ago
CLFD 7 hours ago
HZEN 7 hours ago
GXLM 7 hours ago
SMG 7 hours ago
CLSK 7 hours ago
PHCI 7 hours ago
RJF 8 hours ago
AVXL 8 hours ago
MAGN 8 hours ago
AMTM 8 hours ago
BDX 8 hours ago
ARMK 8 hours ago
ARWR 8 hours ago
EMBC 8 hours ago
FLNC 8 hours ago
ADI 8 hours ago
GLDM 8 hours ago
GLD 8 hours ago
COR 10 hours ago
WWD 10 hours ago
FFIV 11 hours ago
ROAD 1 day, 6 hours ago
BLBD 1 day, 8 hours ago
ALCO 1 day, 8 hours ago
PNNT 1 day, 8 hours ago
SYM 1 day, 8 hours ago
PFLT 1 day, 8 hours ago
OYCG 1 day, 9 hours ago
CBT 1 day, 14 hours ago
DSNY 1 day, 18 hours ago
GEOS 4 days, 7 hours ago
IIIV 4 days, 8 hours ago
HP 4 days, 8 hours ago
PTC 4 days, 8 hours ago
MATW 4 days, 9 hours ago
UGI 4 days, 9 hours ago
DGII 4 days, 11 hours ago
POST 4 days, 12 hours ago
NFG 4 days, 13 hours ago
IESC 4 days, 16 hours ago
NJR 5 days, 7 hours ago
PXED 5 days, 8 hours ago
TTEK 5 days, 8 hours ago
NTIC 5 days, 8 hours ago
CRNC 5 days, 9 hours ago
EACO 5 days, 10 hours ago
MMS 5 days, 11 hours ago
ASH 5 days, 12 hours ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard