Quiver Quantitative

Risk Factors Dashboard

Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.

Risk Factors - ZS

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

$ZS Risk Factor changes from 00/09/16/21/2021 to 00/09/15/22/2022

Item 1A. Risk FactorsA description of the risks and uncertainties associated with our business is set forth below.

You should carefully consider the risks and uncertainties described below, as well as the other information in this Annual Report on Form 10-K, including the consolidated financial statements and the related notes and "Management’s Discussion and Analysis of Financial Condition and Results of Operations." The occurrence of any of the events or developments described below, or of additional risks and uncertainties not presently known to us or that we currently deem immaterial, could materially and adversely affect our business, results of operations, financial condition and growth prospects. In such an event, the market price of our common stock could decline, and you could lose all or part of your investment.Summary of Risk FactorsInvesting in our common stock involves a high degree of risk because our business is subject to numerous risks and uncertainties, as more fully described in this section below this summary.Summary of Risk FactorsInvesting in our common stock involves a high degree of risk because our business is subject to numerous risks and uncertainties, as fully described below. The principal factors and uncertainties that make investing in our common stock risky include, among others:•we have a history of losses and may not be able to achieve or sustain profitability in the future;•if organizations do not adopt our cloud platform, our ability to grow our business and operating results may be adversely affected;•if we are unable to attract new customers or our customers do not renew their subscriptions for our services and add additional users and services to their subscriptions, our future results of operations could be harmed;•we face intense and increasing competition and could lose market share to our competitors;•we have experienced rapid revenue and other growth in recent periods, which may not be indicative of our future performance;•our operating results may fluctuate significantly, which could make our future results difficult to predict and could cause our operating results to fall below expectations:•if the delivery of our services to our customers is interrupted or delayed for any reason, our business could suffer;•the actual or perceived failure of our cloud platform to block malware or prevent a security breach or incident could harm our reputation and adversely impact our business;•our business and growth depend in part on the success of our relationships with our channel partners;•if our cloud platform or internal networks, systems or data are or are perceived to have been breached, our solution may be perceived as insecure, our reputation may be damaged and our financial results may be negatively impacted;•we rely on our key technical, sales and management personnel to grow our business, and the loss of one or more key employees or the inability to attract and retain qualified personnel could harm our business;•claims by others that we infringe their proprietary technology or other rights, or other lawsuits asserted against us, could result in significant costs and substantially harm our business; •servicing our debt may require a significant amount of cash, and we may not have sufficient cash flow from our business or the ability to raise funds to pay our substantial debt; and•the impact of the ongoing COVID-19 pandemic, including the resulting global economic disruptions, remains uncertain and may have a material adverse impact on our business. The principal factors and uncertainties that make investing in our common stock risky include, among others:•the impact of the ongoing COVID-19 pandemic is highly uncertain and may adversely impact our business, particularly in India and other regions where we have significant operations and personnel;•we have a history of losses and may not be able to achieve or sustain profitability in the future;•if organizations do not adopt our cloud platform, our ability to grow our business and operating results may be adversely affected;•if we are unable to attract new customers or our customers do not renew their subscriptions for our services and add additional users and services to their subscriptions, our future results of operations could be harmed;•we face intense and increasing competition and could lose market share to our competitors;•we have experienced rapid revenue and other growth in recent periods, which may not be indicative of our future performance;•our operating results may fluctuate significantly, which could make our future results difficult to predict and could cause our operating results to fall below expectations:•if the delivery of our services to our customers is interrupted or delayed for any reason, our business could suffer;•the actual or perceived failure of our cloud platform to block malware or prevent a security breach or incident could harm our reputation and adversely impact our business;•our business and growth depend in part on the success of our relationships with our channel partners;•if our cloud platform or internal networks, systems or data are or are perceived to have been breached, our solution may be perceived as insecure, our reputation may be damaged and our financial results may be negatively impacted;•we rely on our key technical, sales and management personnel to grow our business, and the loss of one or more key employees or the inability to attract and retain qualified personnel could harm our business;•claims by others that we infringe their proprietary technology or other rights, or other lawsuits asserted against us, could result in significant costs and substantially harm our business; and•servicing our debt may require a significant amount of cash, and we may not have sufficient cash flow from our business or the ability to raise funds to pay our substantial debt. 17Table of ContentsRisks Related to Our BusinessWe have a history of losses and may not be able to achieve or sustain profitability in the future.We have incurred net losses in all periods since our inception, and we expect we will continue to incur net losses for the foreseeable future. We experienced net losses of $390. We experienced net losses of $262. 3 million, $262.0 million, $115. 0 million and $115.6 million and $19. 1 million for fiscal 2022, fiscal 2021 and fiscal 2020, respectively.7 million for fiscal 2021, fiscal 2020 and fiscal 2019, respectively. As of July 31, 2022, we had an accumulated deficit of $991.9 million.6 million. Because the market for our cloud platform is rapidly evolving and cloud security solutions have not yet reached widespread adoption, it is difficult for us to predict our future results of operations. We expect our operating expenses to increase significantly over the next several years as we continue to hire additional personnel, particularly in sales and marketing, expand our operations and infrastructure, both domestically and internationally, and continue to develop our platform. If we fail to increase our revenue to offset the increases in our operating expenses, we may not achieve or sustain profitability in the future.If organizations do not adopt our cloud platform, our ability to grow our business and operating results may be adversely affected.Cloud technologies are still evolving, and it is difficult to predict customer demand and adoption rates for our solutions.Cloud technologies are still evolving, and it is difficult to predict customer demand and adoption rates for our solutions or cloud-based offerings generally. We believe that our cloud platform offers superior protection to our customers, who are becoming increasingly dependent on the internet as they move their applications and data to the cloud. We also believe that our cloud platform represents a major shift from on-premises appliance-based security solutions. However, traditional on-premises security appliances are entrenched in the infrastructure of many of our potential customers, particularly large enterprises, because of their prior investment in and the familiarity of their IT personnel with on-premises appliance-based solutions. As a result, our sales process often involves extensive efforts to educate our customers on the benefits and capabilities of our cloud platform, particularly as we continue to pursue customer relationships with large organizations. Even with these efforts, we cannot predict market acceptance of our cloud platform, or the success of competing products, services or technologies based on other technologies. Even with these efforts, we cannot predict market acceptance of our cloud platform, or the development of competing products or services based on other technologies. If we fail to achieve market acceptance of our cloud platform or are unable to keep pace with industry changes, our ability to grow our business and our operating results will be materially and adversely affected.If we are unable to attract new customers, our future results of operations could be harmed.To increase our revenue and achieve and maintain profitability, we must add new customers. To do so, we must successfully convince IT decision makers that, as they adopt SaaS applications and the public cloud, security delivered through the cloud provides significant advantages over legacy on-premises appliance-based security products. Additionally, many of our customers broadly deploy our products, which requires a significant commitment of resources. These factors significantly impact our ability to add new customers and increase the time, resources and sophistication required to do so. In addition, numerous other factors, many of which are out of our control, may now or in the future impact our ability to add new customers, including potential customers’ commitments to legacy IT security vendors and products, real or perceived switching costs, competition from hybrid or cloud security products, our failure to expand, retain and motivate our sales and marketing personnel, our failure to develop or expand relationships with our channel partners or to attract new channel partners, failure by us to help our customers to successfully deploy our cloud platform, negative media or industry or financial analyst commentary regarding us or our solutions, litigation and deteriorating general economic conditions, including as a result of COVID-19 and increased inflation, which has disproportionately affected certain of the industries and markets which we serve, such as transportation, hospitality, leisure and retail. In addition, numerous other factors, many of which are out of our control, may now or in the future impact our ability to add new customers, including potential customers’ commitments to legacy IT security vendors and products, real or perceived switching costs, our failure to expand, retain and motivate our sales and marketing personnel, our failure to develop or expand relationships with our channel partners or to attract new channel partners, failure by us to help our customers to successfully deploy our cloud platform, negative media or industry or financial analyst commentary regarding us or our solutions, litigation and deteriorating general economic conditions, including as a result of the COVID-19 pandemic, which has disproportionately affected certain of the industries and markets which we serve, such as transportation, hospitality, leisure and retail. If our efforts to attract new customers are not successful, our revenue and rate of revenue growth may decline, we may not achieve profitability and our future results of operations could be materially harmed.18Table of ContentsIf our customers do not renew their subscriptions for our services and add additional users and services to their subscriptions, our future results of operations could be harmed.In order for us to maintain or improve our results of operations, it is important that our customers renew their subscriptions for our services when existing contract terms expire, and that we expand our commercial relationships with our existing customers. Our customers have no obligation to renew their subscriptions for our services after the expiration of their contractual subscription period, which is typically one to three years, and in the normal course of business, some customers have elected not to renew. In addition, in certain cases, customers may cancel their subscriptions without cause either at any time or upon advance written notice (typically ranging from 30 days to 60 days), typically subject to an early termination penalty for unused services. In addition, our customers may renew for fewer users, renew for shorter contract lengths or switch to a lower-cost suite. If our customers do not renew their subscription services, we could incur impairment losses related to our deferred contract acquisition costs. It is difficult to accurately predict long-term customer retention because of our varied customer base and given the length of our subscription contracts. Our customer retention and expansion may decline or fluctuate as a result of a number of factors, including our customers’ satisfaction with our services, our prices and pricing plans, our customers’ spending levels, decreases in the number of users to which our customers deploy our solutions, mergers and acquisitions involving our customers, competition and deteriorating general economic conditions.Our future success also depends in part on the rate at which our current customers add additional users or services to their subscriptions, which is driven by a number of factors, including customer satisfaction with our services, customer security and networking issues and requirements, general economic conditions and customer reaction to the price per additional user or of additional services. If our efforts to expand our relationship with our existing customers are not successful, our business may materially suffer.We face intense and increasing competition and could lose market share to our competitors, which could adversely affect our business, financial condition and results of operations.The market for network security solutions is intensely competitive and characterized by rapid changes in technology, customer requirements, industry standards and frequent introductions of new products and services and improvements of existing products and services.The market for network security solutions is intensely competitive and characterized by rapid changes in technology, customer requirements, industry standards and frequent introductions of new and improvements of existing products and services. Our business model of delivering security through the cloud rather than legacy on-premises appliances, while gaining support, has not yet achieved widespread market adoption. Our business model of delivering security through the cloud rather than legacy on-premises appliances is still relatively new and has not yet gained widespread market traction. Moreover, we compete with many established network and security vendors who are aggressively competing against us with their legacy appliance-based solutions and have also introduced cloud-based services that purport to have functionality similar to our cloud platform. Moreover, we compete with many established network and security vendors who are aggressively competing against us with their legacy appliance-based solutions and are also seeking to introduce cloud-based services that have functionality similar to our cloud platform. We expect competition to increase as other established and emerging companies enter the security solutions market, in particular with respect to cloud-based security solutions, as customer requirements evolve and as new products, services and technologies are introduced. If we are unable to anticipate or effectively react to these competitive challenges, our competitive position could weaken, and we could experience a decline in revenue or our growth rate that could materially and adversely affect our business and results of operations.Our competitors and potential competitors include:•independent IT security vendors, such as Check Point Software Technologies Ltd., Fortinet, Inc., Palo Alto Networks, Inc. and Broadcom Inc., which offer a broad mix of network and endpoint security products;•large networking vendors, such as Cisco Systems, Inc. and Broadcom, which offer a broad mix of network and endpoint security products;•large networking vendors, such as Cisco Systems, Inc. and Juniper Networks, Inc., which offer security appliances and incorporate security capabilities in their networking products;•companies such as Skyhigh Security (previously McAfee Enterprise), Trellix (a combination of McAfee Enterprise and FireEye, Inc., which offer security appliances and incorporate security capabilities in their networking products;20Table of Contents•companies such as FireEye, Inc. ), Forcepoint Inc. (previously, Websense, Inc.), Netskope, Inc. and Pulse Secure, LLC with point 19Table of Contentssolutions that compete with some of the features of our cloud platform, such as proxy, firewall, CASB, sandboxing and advanced threat protection, data loss prevention, encryption, load balancing and VPN; and •other providers of IT security services that offer, or may leverage related technologies to introduce, products that compete with or are alternatives to our cloud platform. and Pulse Secure, LLC with point solutions that compete with some of the features of our cloud platform, such as proxy, firewall, sandboxing and advanced threat protection, data loss prevention, encryption, load balancing and VPN; and •other providers of IT security services that offer, or may leverage related technologies to introduce, products that compete with or are alternatives to our cloud platform. Many of our existing competitors have, and some of our potential competitors could have, substantial competitive advantages such as:•greater name recognition, longer operating histories and larger customer bases; •larger sales and marketing budgets and resources; •broader distribution and established relationships with channel partners and customers; •greater customer support resources; •greater resources to make acquisitions and enter into strategic partnerships; •lower labor and research and development costs; •larger and more mature intellectual property rights portfolios; and •substantially greater financial, technical and other resources. Our competitors may be successful in convincing IT decision makers that legacy appliance-based security products or hybrid security cloud solutions based on legacy technology are sufficient to meet their security needs and provide security performance that competes with our cloud platform. Our competitors may be successful in convincing IT decision makers that legacy appliance-based security products or hybrid security cloud solutions based on legacy appliances are sufficient to meet their security needs and provide security performance that competes with our cloud platform. In addition, our competitors may develop cloud-based solutions with architectures similar to our products. Further, many organizations have invested substantial personnel and financial resources to design and operate their appliance-based networks and have established deep relationships with appliance vendors. As a result, these organizations may prefer to purchase from their existing suppliers rather than add or switch to a new supplier.Our larger competitors have substantially broader and more diverse product and services offerings, which may allow them to leverage their relationships based on other products or incorporate functionality into existing products to gain business in a manner that discourages users from purchasing our services, including through selling at zero or negative margins, offering concessions, bundling products or maintaining closed technology platforms. Many competitors that specialize in providing protection from a single type of security threat may be able to deliver these targeted security products to the market more quickly than we can or to convince organizations that these limited products meet their needs.Conditions in our market could change rapidly and significantly as a result of technological advancements, partnering or acquisitions by our competitors or continuing market consolidation. New start-up companies that innovate and large competitors that are making significant investments in research and development may introduce similar or superior products, services and technologies that compete with our cloud platform. New start-up companies that innovate and large competitors that are making significant investments in research and development may invent similar or superior products, services and technologies that compete with our cloud platform. In addition, large companies with substantial communications infrastructure, such as global telecommunications services provider partners or public cloud providers, could choose to enter the security solutions market. Some of our current or potential competitors have made or could make acquisitions of businesses or establish cooperative relationships that may allow them to offer more directly competitive and comprehensive solutions than were previously offered and adapt more quickly to new technologies and customer needs. These competitive pressures in our market or our failure to compete effectively may result in price reductions, fewer orders, reduced revenue and gross margins, increased net losses and loss of market share. Any failure to meet and address these factors could materially harm our business and operating results.20Table of Contents We have experienced rapid revenue and other growth in recent periods, which may not be indicative of our future performance.We have experienced rapid growth in revenue, operations and employee headcount in recent periods. In addition, the number of customers, users and internet traffic on our cloud platform has increased rapidly in recent years. You should not consider our recent growth in these areas as indicative of our future performance. While we expect to continue to expand our operations and to increase our headcount significantly in the future, both domestically and internationally, our growth may not be sustainable. In particular, our recent revenue growth rates may decline in the future and may not be sufficient to achieve and sustain profitability, as we also expect our costs to increase in future periods. We believe that historical comparisons of our revenue may not be meaningful and should not be relied upon as an indication of future performance. Accordingly, you should not rely on our revenue and other growth for any prior quarter or fiscal year as an indication of our future revenue or revenue growth.If we fail to effectively manage our growth, we may be unable to execute our business plan, maintain high levels of service, adequately address competitive challenges or maintain our corporate culture, and our business, financial condition and results of operations would be harmed.Our growth has placed, and future growth will continue to place, a significant strain on our management and our administrative, operational and financial infrastructure. Our success will depend in part on our ability to manage this growth effectively, which will require that we continue to improve our administrative, operational, financial and management systems and controls by, among other things:•effectively attracting, retaining, training and integrating, including collaborating with, a large number of new employees; •further improving our key business applications, processes and IT infrastructure, including our data centers, to support our business needs; •enhancing our information and communication systems to ensure that our employees and offices around the world are well coordinated and can effectively communicate with each other and our growing base of channel partners, customers and users; and •appropriately documenting and testing our IT systems and business processes. Our success will depend in part on our ability to manage this growth effectively, which will require that we continue to improve our administrative, operational, financial and management systems and controls by, among other things:•effectively attracting, training and integrating, including collaborating with, a large number of new employees, and in the short term, to do so remotely during the COVID-19 pandemic; •further improving our key business applications, processes and IT infrastructure, including our data centers, to support our business needs; •enhancing our information and communication systems to ensure that our employees and offices around the world are well coordinated and can effectively communicate with each other and our growing base of channel partners, customers and users; and •appropriately documenting and testing our IT systems and business processes. These and other improvements in our systems and controls will require significant capital expenditures and the allocation of valuable management and employee resources. If we fail to implement these improvements effectively, our ability to manage our expected growth, ensure uninterrupted operation of our cloud platform and key business systems and comply with the rules and regulations applicable to public companies could be impaired, the quality of our platform and services could suffer and we may not be able to adequately address competitive challenges.In addition, we believe that our corporate culture has been a contributor to our success, which we believe fosters innovation, teamwork and an emphasis on customer-focused results. We also believe that our culture creates an environment that drives and perpetuates our strategy and cost-effective distribution approach. As we grow, we may find it difficult to maintain our corporate culture. Preservation of our corporate culture is also made more difficult as most of our work force continues working from home on a full time or part time basis. Preservation of our corporate culture is also made more difficult as our work force has been working from home in connection with restrictions placed upon businesses due to the COVID-19 pandemic. As we re-open offices, we also face the unknown impact to employees who do not wish to return to the office, either full time or part time. Any failure to preserve our culture could harm our future success, including our ability to retain and recruit personnel, innovate and operate effectively and execute on our business strategy. If we experience any of these effects in connection with future growth, it could materially impair our ability to attract new customers, retain existing customers and expand their use of our platform, all of which would materially and adversely affect our business, financial condition and results of operations.21Table of ContentsOur relatively limited operating history makes it difficult to evaluate our current business and prospects and may increase the risk that we will not be successful.Our relatively limited operating history makes it difficult to evaluate our current business and prospects and plan for our future growth. We were incorporated in 2007, with much of our sales and revenue growth occurring in recent years. As a result, our business model has not been fully proven, which subjects us to a number of uncertainties, including our ability to plan for and model future growth. While we have continued to develop our solutions to incorporate multiple security and compliance applications into a single purpose-built, multi-tenant, distributed cloud platform, we have encountered and will continue to encounter risks and uncertainties frequently experienced by rapidly growing companies in developing markets, including our ability to achieve broad market acceptance of our cloud platform, attract additional customers, grow partnerships, withstand increasing competition and manage increasing expenses as we continue to grow our business. If our assumptions regarding these risks and uncertainties are incorrect or change in response to changes in the market for network security solutions, our operating and financial results could differ materially from our expectations and our business could suffer.Our operating results may fluctuate significantly, which could make our future results difficult to predict and could cause our operating results to fall below expectations.Our operating results may fluctuate from quarter to quarter as a result of a number of factors, many of which are outside of our control and may be difficult to predict. Some of the factors that may cause our results of operations to fluctuate from quarter to quarter include:•broad market acceptance and the level of demand for our cloud platform; •our ability to attract new customers, particularly large enterprises; •our ability to retain customers and expand their usage of our platform, particularly our largest customers; •our ability to successfully expand internationally and penetrate key markets; •the effectiveness of our sales and marketing programs; •the length of our sales cycle, including the timing of renewals; •technological changes and the timing and success of new service introductions by us or our competitors or any other change in the competitive landscape of our market; •increases in and timing of operating expenses that we may incur to grow and expand our operations and to remain competitive; •pricing pressure as a result of competition or otherwise; •seasonal buying patterns for IT spending, including the possible slowdown in IT spending due to the recent global economic downturn; •the quality and level of our execution of our business strategy and operating plan; •adverse litigation judgments, settlements or other litigation-related costs; •changes in the legislative or regulatory environment; •the impact and costs related to the acquisition of businesses, talent, technologies or intellectual property rights; 22Table of Contents•fluctuations in currency exchange rates and changes in the proportion of our revenue and expenses denominated in foreign currencies;•changes in U.S. generally accepted accounting principles; and •general economic conditions in either domestic or international markets, including as a result of geopolitical uncertainty and instability (such as the Russia-Ukraine crisis) and global health crises and pandemics, and governmental responses thereto. generally accepted accounting principles; and •general economic conditions in either domestic or international markets, including geopolitical uncertainty and instability and global health crises and pandemics, such as COVID-19, and governmental responses thereto. Any one or more of the factors above may result in significant fluctuations in our results of operations. We also intend to continue to invest significantly to grow our business in the near future rather than optimizing for profitability or cash flows. In addition, we generally experience seasonality in terms of when we enter into agreements with customers. We typically enter into a higher percentage of agreements with new customers, as well as renewal agreements with existing customers, in the second and fourth quarters of our fiscal year. This seasonality is reflected to a much lesser extent, and sometimes is not immediately apparent, in revenue, due to the fact that we recognize subscription revenue ratably over the term of the subscription, which is generally one to three years. We expect that seasonality will continue to affect our operating results in the future and may reduce our ability to predict cash flow and optimize the timing of our operating expenses.The variability and unpredictability of our quarterly results of operations or other operating metrics could result in our failure to meet our expectations or those of industry or financial analysts. If we fail to meet or exceed such expectations for these or any other reasons, the market price of our common stock could fall substantially, and we could face costly lawsuits, including securities class action suits.If the delivery of our services to our customers is interrupted or delayed for any reason, our business could suffer.Any interruption or delay in the delivery of our services will negatively impact our customers. Our solutions are deployed via the internet, and our customers’ internet traffic is routed through our cloud platform. Our customers depend on the continuous availability of our cloud platform to access the internet, and our services are designed to operate without interruption in accordance with our service level commitments. If our entire platform were to fail, customers and users could lose access to the internet until such disruption is resolved or customers deploy disaster recovery options that allow them to bypass our cloud platform to access the internet. The adverse effects of any service interruptions on our reputation and financial condition may be disproportionately heightened due to the nature of our business and the fact that our customers expect continuous and uninterrupted internet access and have a low tolerance for interruptions of any duration. While we do not consider them to have been material, we have experienced, and may in the future experience, service disruptions and other performance problems due to a variety of factors.The following factors, many of which are beyond our control, can affect the delivery and availability of our services and the performance of our cloud:•the development and maintenance of the infrastructure of the internet; •the performance and availability of third-party telecommunications services with the necessary speed, data capacity and security for providing reliable internet access and services; •decisions by the owners and operators of the data centers where our cloud infrastructure is deployed or by global telecommunications service provider partners who provide us with network bandwidth to terminate our contracts, discontinue services to us, shut down operations or facilities, increase prices, change service levels, limit bandwidth, declare bankruptcy or prioritize the traffic of other parties; 23Table of Contents•the occurrence of earthquakes, floods, fires, pandemics, power loss, system failures, physical or electronic break-ins, acts of war, international conflicts (such as the Russia-Ukraine crisis) or terrorism, human error or interference (including by disgruntled employees, former employees or contractors) and other catastrophic events; •cyberattacks, including denial of service attacks, targeted at us, our data centers, our global telecommunications service provider partners or the infrastructure of the internet; •government action to limit access to the internet;•failure by us to maintain and update our cloud infrastructure to meet our traffic capacity requirements; •errors, defects or performance problems in our software, including third-party software incorporated in our software, which we use to operate our cloud platform; •improper classification of websites by our vendors who provide us with lists of malicious websites; •improper deployment or configuration of our services; •the failure of our redundancy systems, in the event of a service disruption at one of our data centers, to provide failover to other data centers in our data center network; and •the failure of our disaster recovery and business continuity arrangements.The following factors, many of which are beyond our control, can affect the delivery and availability of our services and the performance of our cloud:•the development and maintenance of the infrastructure of the internet; •the performance and availability of third-party telecommunications services with the necessary speed, data capacity and security for providing reliable internet access and services; •decisions by the owners and operators of the data centers where our cloud infrastructure is deployed or by global telecommunications service provider partners who provide us with network bandwidth to terminate our contracts, discontinue services to us, shut down operations or facilities, increase prices, change service levels, limit bandwidth, declare bankruptcy or prioritize the traffic of other parties; 24Table of Contents•the occurrence of earthquakes, floods, fires, pandemics, power loss, system failures, physical or electronic break-ins, acts of war or terrorism, human error or interference (including by disgruntled employees, former employees or contractors) and other catastrophic events; •cyberattacks, including denial of service attacks, targeted at us, our data centers, our global telecommunications service provider partners or the infrastructure of the internet; •failure by us to maintain and update our cloud infrastructure to meet our traffic capacity requirements; •errors, defects or performance problems in our software, including third-party software incorporated in our software, which we use to operate our cloud platform; •improper classification of websites by our vendors who provide us with lists of malicious websites; •improper deployment or configuration of our services; •the failure of our redundancy systems, in the event of a service disruption at one of our data centers, to provide failover to other data centers in our data center network; and •the failure of our disaster recovery and business continuity arrangements. The occurrence of any of these factors, or if we are unable to efficiently and cost-effectively fix such errors or other problems that may be identified, could damage our reputation, negatively impact our relationship with our customers or otherwise materially harm our business, results of operations and financial condition.In addition, we provide our services through a cloud-based inline proxy, and some governments, third-party products, websites or services may block proxy-based traffic under certain circumstances. For example, vendors may attempt to block traffic from our cloud platform or blacklist our IP addresses because they cannot identify the source of the proxy-based traffic. Our competitors may use this as an excuse to block traffic from their solutions or blacklist our IP addresses, which may result in our customers’ traffic being blocked from our platform. If our customers experience significant instances of traffic blockages, they will experience reduced functionality or other inefficiencies, which would reduce customer satisfaction with our services and likelihood of renewal.The actual or perceived failure of our cloud platform to block malware or prevent a security breach or incident could harm our reputation and adversely impact our business, financial condition and results of operations.Our cloud platform may fail to detect or prevent security breaches or incidents for any number of reasons. Our cloud platform is complex and may contain performance issues that are not detected until after its deployment. We also provide frequent solution updates and fundamental enhancements, which increase the possibility of errors, and our reporting, tracking, monitoring and quality assurance procedures may not be sufficient to ensure we detect any such defects in a timely manner. The performance of our cloud platform can be negatively impacted by our failure to enhance, expand or update our cloud platform, bugs, errors or defects in our software, improper classification of websites by our vendors who provide us with lists of malicious websites, improper deployment or configuration of our services and many other factors.In addition, the techniques used by cyber threat actors, including state sponsored actors, to access or sabotage networks and other systems change frequently and generally are not recognized until launched against a target. As a result, there is a risk that a cyber threat could emerge that our services are unable to detect or prevent until after some of our customers are impacted. The growth in state sponsored cyber activity, including the increased rate of cyberattacks arising from the Russia-Ukraine crisis and the risk that these cyberattacks could spread globally, showcases the increasing sophistication of cyber 24Table of Contentsthreats and could dramatically expand the global threat landscape. Moreover, as our services are adopted by an increasing number of enterprises, it is possible that the individuals and organizations behind cyber threats will focus on finding ways to defeat our services. If this happens, our cloud platform could be targeted by attacks specifically designed to disrupt our business and create the perception that our cloud platform is not capable of providing superior security, which, in turn, could have a serious impact on our reputation as a provider of security solutions. Further, if a high profile security breach or incident occurs with respect to another cloud services provider, our customers and potential customers may lose trust in cloud solutions generally, and with respect to security in particular, which could materially and adversely impact our ability to retain existing customers or attract new customers. Further, if a high 25Table of Contentsprofile security breach or incident occurs with respect to another cloud services provider, our customers and potential customers may lose trust in cloud solutions generally, and with respect to security in particular, which could materially and adversely impact our ability to retain existing customers or attract new customers. Increasingly, enterprises are subject to a wide variety of attacks on their networks and systems, including traditional threat actors, malicious code (such as viruses and worms), distributed denial-of-service attacks, sophisticated attacks conducted or sponsored by nation-states, advanced persistent threat intrusions, ransomware and other malware and theft or misuse of intellectual property or business or personal data, including by disgruntled employees, former employees or contractors.Increasingly, companies are subject to a wide variety of attacks on their networks and systems, including traditional computer hackers, malicious code (such as viruses and worms), distributed denial-of-service attacks, sophisticated attacks conducted or sponsored by nation-states, advanced persistent threat intrusions, ransomware and other malware, and theft or misuse of intellectual property or business or personal data, including by disgruntled employees, former employees or contractors. No security solution, including our cloud platform, can address all possible security threats or block all methods of penetrating a network or otherwise perpetrating a security breach or incident. Our customers must rely on complex network and security infrastructures, which include products and services from multiple vendors, to secure their networks. If any of our customers becomes infected with malware or experiences a security breach or incident, they could be disappointed with our services, regardless of whether our services are intended to block the attack or would have blocked the attack if the customer had properly configured our cloud platform. Additionally, if any enterprises that are publicly known to use our services are the subject of a cyberattack that becomes publicized, our current or potential customers may look to our competitors for alternatives to our services.From time to time, industry or financial analysts and research firms test our solutions against other security products. Our services may fail to detect or prevent threats in any particular test for a number of reasons, including misconfiguration. To the extent potential customers, industry or financial analysts or testing firms believe that the occurrence of a failure to detect or prevent any particular threat is a flaw or indicates that our services do not provide significant value, our reputation and business could be materially harmed.Any real or perceived flaws in our cloud platform or any real or perceived security breaches or other security incidents of our customers could result in:•a loss of existing or potential customers or channel partners; •delayed or lost sales and harm to our financial condition and results of operations; •a delay in attaining, or the failure to attain, market acceptance; •the expenditure of significant financial resources in efforts to analyze, correct, eliminate, remediate or work around errors or defects, to address and eliminate vulnerabilities and to address any applicable legal or contractual obligations relating to any actual or perceived security breach or incident; •negative publicity and damage to our reputation and brand; and •legal claims and demands (including for stolen assets or information, repair of system damages, and compensation to customers and business partners), litigation, regulatory inquiries or investigations and other liability. Any of the above results could materially and adversely affect our business, financial condition and results of operations.Additionally, with data security a critical competitive factor in our industry, we make public statements in our privacy policies, on our website, and elsewhere describing the security of our platform and the performance of our solutions. As a 25Table of Contentsresult, we may face claims, including claims of unfair or deceptive trade practices, brought by the U. As a result, we may face claims, including claims of unfair or deceptive trade practices, brought by the U. S. Federal Trade Commission, state, local, or foreign regulators, and private litigants.If our global network of data centers which deliver our services was damaged or otherwise failed to meet the requirements of our business, our ability to provide services to our customers and maintain the performance of our cloud platform could be negatively impacted, which could cause our business to suffer.26Table of ContentsIf our global network of data centers which deliver our services was damaged or otherwise failed to meet the requirement of our business, our ability to provide services to our customers and maintain the performance of our cloud platform could be negatively impacted, which could cause our business to suffer. We currently host our cloud platform and serve our customers from a global network of over 150 data centers. While we have electronic access to the components and infrastructure of our cloud platform that are hosted by third parties, we do not control the operation of these facilities. Consequently, we may be subject to service disruptions as well as failures to provide adequate support for reasons that are outside of our direct control. Our data centers are vulnerable to damage or interruption from a variety of sources, including earthquakes, floods, fires, power loss, system failures, computer viruses, physical or electronic break-ins, human error or interference (including by disgruntled employees, former employees or contractors), and other catastrophic events, including those exacerbated by the effects of climate change. Our data centers may also be subject to national or local administrative actions, changes in government regulations, including, for example, the impact of global economic and other sanctions like those levied in response to the Russia-Ukraine crisis, changes to legal or permitting requirements and litigation to stop, limit or delay operations.From time to time, we may become involved in various legal proceedings relating to matters incidental to the ordinary course of our business, including patent, commercial, product liability, employment, class action, whistleblower and other litigation and claims, and governmental and other regulatory investigations and proceedings. Despite precautions taken at these facilities, such as disaster recovery and business continuity arrangements, the occurrence of a natural disaster or an act of terrorism, a decision to close the facilities without adequate notice or other unanticipated problems at these facilities could result in interruptions or delays in our services, impede our ability to scale our operations or have other adverse impacts upon our business. In addition, if we do not accurately plan for our infrastructure capacity requirements or experience significant strains on our data center capacity, we may experience delays and additional expenses in arranging new data centers, and our customers could experience performance degradation or service outages that may subject us to financial liabilities, result in customer losses and materially harm our business. For example, to manage a dramatic increase in ZPA traffic resulting from our customers' employees working from home at the outset of the COVID-19 pandemic, we temporarily increased our use of public cloud infrastructure which is substantially more expensive than our own data centers. For example, to manage a dramatic increase in ZPA traffic resulting from our customers' employees working from home in response to the COVID-19 pandemic, we temporarily increased our use of public cloud infrastructure which is substantially more expensive than our own data centers. If we must again increase our use of public cloud infrastructure in the future, our results of operations could be negatively impacted. Our business and growth depend in part on the success of our relationships with our channel partners.We currently derive most of our revenue from sales through our channel partner network, and we expect for the foreseeable future most of our future revenue growth will also be driven through this network. Not only does our joint sales approach require additional investment to grow and train our sales force, but we believe that continued growth in our business is dependent upon identifying, developing and maintaining strategic relationships with our existing and potential channel partners, including global systems integrators and regional telecommunications service providers that will in turn drive substantial revenue and provide additional value-added services to our customers. Our agreements with our channel partners are generally non-exclusive, meaning our channel partners may offer customers the products of several different companies, including products that compete with our cloud platform. In general, our channel partners may also cease marketing or reselling our platform with limited or no notice and without penalty. If our channel partners do not effectively market and sell subscriptions to our cloud platform, choose to promote our competitors’ products or fail to meet the needs of our customers, our ability to grow our business and sell subscriptions to our cloud platform may be adversely affected. For example, sales through our top five channel partners and their affiliates, in aggregate, represented 28% of our revenue for fiscal 2022, 34% of our revenue for fiscal 2021 and 40% of our revenue for fiscal 2020. For example, sales through our top five channel partners and their affiliates, in aggregate, represented 34% of our revenue for fiscal 2021, 40% of our revenue for fiscal 2020 and 42% of our revenue for fiscal 2019. In addition, our channel partner structure could subject us to lawsuits or reputational harm if, for example, a channel partner misrepresents the functionality of our cloud platform to customers or violates applicable laws or our corporate policies. Moreover, our channel partners' operations may be negatively impacted by events including pandemics, international conflicts, inflation, and other events affecting the global economy in general. For example, these events could increase credit risk of end customers and create uncertainty in credit markets. Our ability to achieve revenue growth in the future will depend in large part on our success in maintaining successful relationships 26Table of Contentswith our channel partners, identifying additional channel partners and training our channel partners to independently sell and deploy our platform. Our ability to achieve revenue growth in the future will depend in large part on our success in maintaining successful relationships with our channel partners, identifying additional channel partners and training our channel partners to independently sell and deploy our platform. If we are unable to maintain our relationships with our existing channel partners or develop successful relationships with new channel partners or if our channel partners fail to perform, our business, financial position and results of operations could be materially and adversely affected.If we are not able to maintain and enhance our brand, our business and results of operations may be adversely affected.27Table of ContentsIf we are not able to maintain and enhance our brand, our business and results of operations may be adversely affected. We believe that maintaining and enhancing our reputation as a provider of high-quality security solutions is critical to our relationship with our existing customers and channel partners and our ability to attract new customers and channel partners. The successful promotion of our brand will depend on a number of factors, including our marketing efforts, our ability to continue to develop high-quality features and solutions for our cloud platform and our ability to successfully differentiate our platform from competitive products and services. Our brand promotion activities may not be successful or yield increased revenue. In addition, independent industry or financial analysts often provide reviews of our platform, as well as products and services of our competitors, and perception of our platform in the marketplace may be significantly influenced by these reviews. If these reviews are negative, or less positive as compared to those of our competitors’ products and services, our brand may be adversely affected. Additionally, the performance of our channel partners may affect our brand and reputation if customers do not have a positive experience with our channel partners’ services. The promotion of our brand requires us to make substantial expenditures, and we anticipate that the expenditures will increase as our market becomes more competitive, we expand into new markets and more sales are generated through our channel partners. To the extent that these activities yield increased revenue, this revenue may not offset the increased expenses we incur. If we do not successfully maintain and enhance our brand, our business may not grow, we may have reduced pricing power relative to competitors and we could lose customers or fail to attract potential customers, all of which would materially and adversely affect our business, results of operations and financial condition.If we do not effectively develop and expand our sales and marketing capabilities, we may be unable to add new customers or increase sales to our existing customers, and our business will be adversely affected.To increase the number of customers and increase the market acceptance of our platform, we will need to expand our sales and marketing operations, including our domestic and international sales force. Although we have a channel sales model, our sales representatives typically engage in direct interaction with our prospective customers. Therefore, we continue to be substantially dependent on our sales force to obtain new customers. Increasing our customer base and achieving broader market acceptance of our cloud platform will depend, to a significant extent, on our ability to expand and further invest in our sales and marketing operations and activities. There is significant competition for sales personnel with the advanced sales skills and technical knowledge we need. We believe that selling a cloud-based security solution requires particularly talented sales personnel with the ability to communicate the transformative potential of our cloud platform. Our ability to achieve significant growth in revenue in the future will depend, in large part, on our success in recruiting, training and retaining sufficient numbers of these talented sales personnel in both the U.S. and international markets. New hires require significant training and may take significant time before they achieve full productivity.New hires require significant training and may take significant time before they achieve full productivity. As a result, our new hires and planned hires may not become as productive as we would like, and we may be unable to hire or retain sufficient numbers of qualified individuals in the future. As a result of our rapid growth, a large percentage of our sales and marketing team is new to our company and selling our solutions, and therefore this team may be less effective than our more seasoned employees. Furthermore, hiring sales personnel in new countries, or expanding our existing presence, requires upfront and ongoing expenditures that we may not recover if the sales personnel fail to achieve full productivity. We cannot predict whether, or to what extent, our sales will increase as we expand our sales force or how long it will take for sales personnel to become productive. The effectiveness of our sales and marketing has also varied over time and, together with the effectiveness of any partners or resellers we may engage, may vary in the future. Our business and operating results may be 27Table of Contentsharmed if our efforts do not generate a correspondingly significant increase in revenue. Our business and operating results may be harmed if our efforts do not generate a correspondingly significant increase in revenue. We may not achieve anticipated revenue growth from expanding our sales force if we are unable to hire, develop and retain talented sales personnel, if our new sales personnel are unable to achieve desired productivity levels in a reasonable period of time, or if our sales and marketing programs are not effective. We may not achieve anticipated revenue growth from expanding our sales force if we are unable to hire, develop and retain talented sales personnel, if our 28Table of Contentsnew sales personnel are unable to achieve desired productivity levels in a reasonable period of time, or if our sales and marketing programs are not effective. Our sales cycles can be long and unpredictable, and our sales efforts require considerable time and expense.The timing of our sales and related revenue recognition is difficult to predict because of the length and unpredictability of the sales cycle for our cloud platform, particularly with respect to large organizations. Our sales efforts typically involve educating our prospective customers about the uses, benefits and the value proposition of our cloud platform. Customers often view the subscription to our cloud platform as a significant decision as part of a strategic transformation initiative and, as a result, frequently require considerable time to evaluate, test and qualify our platform prior to entering into or expanding a relationship with us. Large enterprises and government entities in particular often undertake a significant evaluation process that further lengthens the sales cycle. In addition, the impact of economic conditions, including the ongoing impact to the global and U.S. economies as a result of COVID-19, international conflicts or the increasing effects of inflation, could materially and adversely affect our business, operating results and financial condition in a number of ways, including by reducing sales, lengthening sales cycles and lowering prices for our services. economies due to the COVID-19 pandemic, or a reduction in IT security spending, could materially and adversely affect our business, operating results and financial condition in a number of ways, including by reducing sales, lengthening sales cycles and lowering prices for our services. Our sales force develops relationships directly with our customers, and together with our channel account teams, works with our channel partners on account penetration, account coordination, sales and overall market development. We spend substantial time and resources on our sales efforts without any assurance that our efforts will produce a sale. Platform purchases are frequently subject to budget constraints, multiple approvals and unanticipated administrative, processing and other delays. As a result, it is difficult to predict whether and when a sale will be completed and when revenue from a sale will be recognized.Sales to larger customers involve risks that may not be present, or that are present to a lesser extent, with sales to smaller customers, which can act as a disincentive to our sales team to pursue these larger customers. These risks include:•competition from companies that traditionally target larger enterprises and that may have pre-existing relationships or purchase commitments from such customers;•increased purchasing power and leverage held by larger customers in negotiating contractual arrangements with us;•more stringent requirements in our support obligations; and•longer sales cycles and the associated risk that substantial time and resources may be spent on a potential customer that elects not to purchase our solutions. The failure of our efforts to secure sales after investing resources in a lengthy sales process could materially and adversely affect our business and operating results.If we fail to develop or introduce new enhancements to our cloud platform on a timely basis, our ability to attract and retain customers, remain competitive and grow our business could be impaired.The industry in which we compete is characterized by rapid technological change, frequent introductions of new products and services, evolving industry standards and changing regulations, as well as changing customer needs, requirements and preferences. Our ability to attract new customers and increase revenue from existing customers will depend in significant part on our ability to anticipate and respond effectively to these changes on a timely basis and continue to introduce enhancements to our cloud platform. The success of our cloud platform depends on our continued investment in our research and development organization to increase the reliability, availability and scalability of our existing solutions. The 28Table of Contentssuccess of any enhancement depends on several factors, including the timely completion and market acceptance of the enhancement. The success of any enhancement depends on several factors, including the timely completion and market acceptance of the enhancement. Any new service that we develop might not be introduced in a timely or cost-effective manner and might not achieve the broad market acceptance necessary to generate significant revenue. If new technologies emerge that deliver competitive products and services at lower prices, more efficiently, more conveniently or more securely, these technologies could adversely impact our ability to compete effectively. If new technologies emerge that deliver competitive products and services at lower prices, more efficiently, more conveniently or more securely, these technologies 29Table of Contentscould adversely impact our ability to compete effectively. Any delay or failure in the introduction of enhancements could materially harm our business, results of operations and financial condition.Because we recognize revenue from subscriptions for our services over the term of the subscription, downturns or upturns in new business may not be immediately reflected in our operating results and may be difficult to discern.We generally recognize revenue from customers ratably over the terms of their subscriptions, which are typically one to three years. As a result, a substantial portion of the revenue we report in each period is attributable to the recognition of deferred revenue relating to agreements that we entered into during previous periods. Consequently, any increase or decline in new sales or renewals in any one period may not be immediately reflected in our revenue for that period. Any such change, however, may affect our revenue in future periods. Additionally, subscriptions that are invoiced annually in advance or multi-year in advance contribute significantly to our short-term and long-term deferred revenue in comparison to our invoices issued quarterly and monthly in advance, which will also affect our financial position in any given period. Accordingly, the effect of downturns or upturns in new sales and potential changes in our rate of renewals may not be fully reflected in our results of operations until future periods. We may also be unable to reduce our cost structure in line with a significant deterioration in sales or renewals. Our subscription model also makes it difficult for us to rapidly increase our revenue through additional sales in any period, as revenue from new customers must be recognized over the applicable subscription term.If our cloud platform or internal networks, systems or data are or are perceived to have been breached, our solution may be perceived as insecure, our reputation may be damaged and our financial results may be negatively impacted.It is virtually impossible for us to entirely mitigate the risk of breaches of our cloud platform or other security incidents affecting our cloud platform or our internal systems, networks or data.It is virtually impossible for us to entirely mitigate the risk of breaches of our cloud platform or other security incidents affecting our internal systems, networks or data. In addition, the functionality of our platform may be disrupted, either intentionally or due to negligence, by third parties, including disgruntled employees or contractors and other current or former employees or contractors. The security measures we use internally and have integrated into our cloud platform, which are designed to detect unauthorized activity and prevent or minimize security breaches, may not function as expected or may not be sufficient to identify or protect against certain attacks. Enterprises are subject to a wide variety of attacks on their networks and systems, and techniques used to sabotage or to obtain unauthorized access to networks in which data is stored or through which data is transmitted change frequently and generally are not recognized until launched against a target. Companies are subject to a wide variety of attacks on their networks and systems, and techniques used to sabotage or to obtain unauthorized access to networks in which data is stored or through which data is transmitted change frequently and generally are not recognized until launched against a target. The growth in state sponsored cyber activity, including those actions taken in connections with the Russia-Ukraine crisis, showcase the increasing sophistication of cyber threats. As a result, we may be unable to anticipate these techniques or implement adequate measures to prevent an electronic intrusion into our customers through our cloud platform or to prevent breaches and other security incidents affecting our cloud platform, internal networks, systems or data. Further, once identified, we may be unable to remediate or otherwise respond to a breach or other incident in a timely manner. Actual or perceived security breaches of our cloud platform could result in actual or perceived breaches of our customers’ networks and systems.Our internal systems are exposed to the same cybersecurity risks and consequences of a breach as our customers and other enterprises. However, since our business is focused on providing reliable security services to our customers, we believe that an actual or perceived breach of, or security incident affecting, our internal networks, systems or data, could be especially detrimental to our reputation, customer confidence in our solution and our business. Additionally, many of our personnel continue to work remotely, which may pose additional data security risks. Additionally, many of our customers broadly deploy our products, which requires a significant commitment of resources. 29Table of ContentsFurther, our vendors and service providers may also be the targets of cyberattacks, and their systems and networks may be, or may have been, breached or contain exploitable defects or bugs that could result in a breach of or disruption to their or our systems and networks. Our ability to monitor our vendors’ and service providers’ data security is limited, and, in any event, third parties may be able to circumvent their security measures, resulting in the unauthorized access to, misuse, acquisition, disclosure, loss, alteration, or destruction of our data, including confidential, sensitive, and other information about individuals. Geo-political factors including international conflicts, like the Russia-Ukraine crisis, may increase the risk of such cyberattacks.Any real or perceived security breaches or other security incidents that we suffer with regard to our platform, systems, networks or data, including any such actual or perceived security breaches or security incidents that result, or are believed to result, in actual or perceived breaches of our customers’ networks or systems, could result in:•the expenditure of significant financial resources in efforts to analyze, correct, eliminate, remediate or work around errors or defects, to address and eliminate vulnerabilities and to address any applicable legal or contractual obligations relating to any actual or perceived security breach or other security incident;•negative publicity and damage to our reputation, brand, and market position;•harm to our relationships with, and a loss of, existing or potential customers or channel partners; •delayed or lost sales and harm to our financial condition and results of operations;•a delay in attaining, or the failure to attain, market acceptance; and•legal claims and demands (including for stolen assets or information, repair of system damages and compensation to customers and business partners), litigation, regulatory inquiries or investigations and other liability.Any real or perceived security breaches or other security incidents that we suffer with regard to our systems, networks or data, including any such actual or perceived security breaches or security incidents that result, or are believed to result, in actual or perceived breaches of our customers’ networks or systems, could result in:•the expenditure of significant financial resources in efforts to analyze, correct, eliminate, remediate or work around errors or defects, to address and eliminate vulnerabilities and to address any applicable legal or contractual obligations relating to any actual or perceived security breach or other security incident;30Table of Contents•negative publicity and damage to our reputation, brand, and market position;•harm to our relationships with, and a loss of, existing or potential customers or channel partners; •delayed or lost sales and harm to our financial condition and results of operations;•a delay in attaining, or the failure to attain, market acceptance; and•legal claims and demands (including for stolen assets or information, repair of system damages and compensation to customers and business partners), litigation, regulatory inquiries or investigations and other liability. Any of the above could materially and adversely affect our business, financial condition and results of operations.While we maintain insurance, our insurance may be insufficient to cover all liabilities incurred in relation to actual or perceived security breaches or other security incidents. We also cannot be certain that our insurance coverage will be adequate for liabilities actually incurred, that insurance will continue to be available to us on economically reasonable terms, or at all, or that any insurer will not deny coverage as to any future claim. The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could have a material adverse effect on our business, including our financial condition, operating results, and reputation.If our cloud platform does not interoperate with our customers’ network and security infrastructure or with third-party products, websites or services, our cloud platform may become less competitive and our results of operations may be harmed.Our cloud platform must interoperate with our customers’ existing network and security infrastructure. These complex systems are developed, delivered and maintained by the customer and a myriad of vendors and service providers. As a result, the components of our customers’ infrastructure have different specifications, rapidly evolve, utilize multiple protocol standards, include multiple versions and generations of products and may be highly customized. We must be able to interoperate and provide our security services to customers with highly complex and customized networks, which requires careful planning and execution between our customers, our customer support teams and our channel partners. Further, when new or updated elements of our customers’ infrastructure or new industry standards or protocols are introduced, we may have to update or enhance our cloud platform to allow us to continue to provide services to customers. Our competitors or other 30Table of Contentsvendors may refuse to work with us to allow their products to interoperate with our solutions, which could make it difficult for our cloud platform to function properly in customer networks that include these third-party products. Our competitors or other vendors may refuse to work with us to allow their products to interoperate with our solutions, which could make it difficult for our cloud platform to function properly in customer networks that include these third-party products. We may not deliver or maintain interoperability quickly or cost-effectively, or at all. These efforts require capital investment and engineering resources. If we fail to maintain compatibility of our cloud platform with our customers’ network and security infrastructures, our customers may not be able to fully utilize our solutions, and we may, among other consequences, lose or fail to increase our market share and experience reduced demand for our services, which would materially harm our business, operating results and financial condition.We provide service level commitments under our customer contracts. If we fail to meet these contractual commitments, we could be obligated to provide credits for future service and our business could suffer.Our customer agreements contain service level commitments, which contain specifications regarding the availability and performance of our cloud platform. Any failure of or disruption to our infrastructure could impact the performance of our platform and the availability of services to customers. If we are unable to meet our stated service level commitments or if we suffer extended periods of poor performance or unavailability of our platform, we may be contractually obligated to provide affected customers with service credits for future subscriptions, and, in certain cases, refunds. To date, there has not been a material failure to meet our service level commitments, and we do not currently have any material liabilities accrued on our balance sheet for such commitments. Our revenue, other results of operations and financial condition could be harmed if we suffer performance issues or downtime that exceeds the service level commitments under our agreements with our customers.Our ability to maintain customer satisfaction depends in part on the quality of our customer support, including the quality of the support provided on our behalf by certain channel partners. Failure to maintain high-quality customer support could have an adverse effect on our business, financial condition and results of operations.If we do not provide superior support to our customers, our ability to renew subscriptions, increase the number of users and sell additional services to customers will be adversely affected. We believe that successfully delivering our cloud solution requires a particularly high level of customer support and engagement. We or our channel partners must successfully assist our customers in deploying our cloud platform, resolving performance issues, addressing interoperability challenges with a customer’s existing network and security infrastructure and responding to security threats and cyberattacks. Many enterprises, particularly large organizations, have very complex networks and require high levels of focused support, including premium support offerings, to fully realize the benefits of our cloud platform. Any failure by us to maintain the expected level of support could reduce customer satisfaction and hurt our customer retention, particularly with respect to our large enterprise customers. Additionally, if our channel partners do not provide support to the satisfaction of our customers, we may be required to provide this level of support to those customers, which would require us to hire additional personnel and to invest in additional resources. We may not be able to hire such resources fast enough to keep up with demand, particularly if the sales of our platform exceed our internal forecasts. We may also not be successful in our efforts to fully onboard new hires and provide adequate training to our employees, many of whom continue to work remotely. We may also not be successful in our efforts to fully onboard new hires and provide adequate training to our employees, who are working remotely as a result of the COVID-19 pandemic. To the extent that we or our channel partners are unsuccessful in hiring, training and retaining adequate support resources, our ability and the ability of our channel partners to provide adequate and timely support to our customers will be negatively impacted, and our customers’ satisfaction with our cloud platform could be adversely affected. We currently rely in part on contractors provided by third-party service providers internationally to provide support services to our customers, and we expect to expand our international customer service support team to other countries. Any failure to properly train or oversee such contractors could result in a poor customer experience and an adverse impact on our reputation and ability to renew subscriptions or engage new customers. Furthermore, as we sell our solutions internationally, our support organization faces additional challenges, including those associated with delivering support, training and documentation in languages other than English. Any failure to maintain high-quality customer support, or a market perception that we do not maintain high-quality support, could 31Table of Contentsmaterially harm our reputation, adversely affect our ability to sell our solutions to existing and prospective customers and could harm our business, financial condition and results of operations. Any failure to maintain high-quality customer support, or a market perception that we do not maintain high-quality support, could materially harm our reputation, adversely affect our ability to sell our solutions to existing and prospective customers and could harm our business, financial condition and results of operations. We rely on our key technical, sales and management personnel to grow our business, and the loss of one or more key employees or the inability to attract and retain qualified personnel could harm our business.32Table of ContentsWe rely on our key technical, sales and management personnel to grow our business, and the loss of one or more key employees or the inability to attract and retain qualified personnel could harm our business. Our future success is substantially dependent on our ability to attract, retain and motivate the members of our management team and other key employees throughout our organization. In particular, we are highly dependent on the services of Jay Chaudhry, our chief executive officer and chairman of our board of directors, who is critical to our future vision and strategic direction. In particular, we are highly dependent on the services of Jay Chaudhry, our president, chief executive officer and chairman of our board of directors, who is critical to our future vision and strategic direction. We rely on our leadership team in the areas of operations, security, marketing, sales, support and general and administrative functions, and on individual contributors on our research and development team. Although we have entered into employment agreements with our key personnel, these agreements have no specific duration and constitute at-will employment. We do not maintain key person life insurance policies on any of our employees. The loss of one or more of our executive officers or key employees could seriously harm our business. To execute our growth plan, we must attract and retain highly qualified personnel. Competition for these personnel in the San Francisco Bay Area, where our headquarters are located, and in other locations where we operate, is intense, especially for experienced sales professionals and for engineers experienced in designing and developing cloud applications and security software. Competition for these personnel in the San Francisco Bay Area, where our headquarters are located, and in other locations where we maintain offices, is intense, especially for experienced sales professionals and for engineers experienced in designing and developing cloud applications and security software. In addition, the United States and other regions in which we operate are experiencing an acute workforce shortage for highly skilled workers, which in turn, has created a hyper-competitive wage environment that may impact our ability to attract and retain employees. In addition, the stock market in general, and the market for technology companies in particular, has experienced extreme price and volume fluctuations that have often been unrelated or disproportionate to the operating performance of those companies. We have from time to time experienced, and we expect to continue to experience, difficulty in hiring and retaining employees with appropriate qualifications. For example, in recent years, recruiting, hiring and retaining employees with expertise in the cybersecurity industry has become increasingly difficult as the demand for cybersecurity professionals has increased as a result of the recent cybersecurity attacks on global corporations and governments. Many of the companies with which we compete for experienced personnel have greater resources than we have. In addition, job candidates and existing employees often consider the value of the equity awards they receive in connection with their employment. Volatility or lack of performance in our stock price may also affect our ability to attract and retain our key employees. Also, certain of our key employees have become, or will soon become, vested in a substantial amount of equity awards, which may give them a substantial amount of personal wealth. Also, many of our employees have become, or will soon become, vested in a substantial amount of equity awards, which may give them a substantial amount of personal wealth. This may make it more difficult for us to retain and motivate these employees, and this wealth could affect their decision about whether or not they continue to work for us. If we fail to successfully attract, integrate or retain qualified personnel to fulfill our current or future needs, or if we need to materially increase the value of the compensation packages necessary to attract and retain these employees, our business, operating results and financial condition could be materially and adversely affected. If we are prevented from using certain technology or intellectual property, we may be required to develop alternative, non-infringing technology, which could require significant time, during which we could be unable to continue to offer our affected services or features, effort and expense and may ultimately not be successful. We incorporate technology from third parties into our cloud platform, and our inability to obtain or maintain rights to the technology could harm our business.We incorporate technology from third parties into our cloud platform, and our inability to obtain or maintain rights to the technology could harm our business. We license software and other technology from third parties that we incorporate into or integrate with, our cloud platform. We cannot be certain that our licensors are not infringing the intellectual property rights of third parties or that our licensors have sufficient rights to the licensed intellectual property in all jurisdictions in which we may sell our services. In addition, many licenses are non-exclusive, and therefore our competitors may have access to the same technology licensed to us. Some of our agreements with our licensors may be terminated for convenience by them, or otherwise provide for a limited term. If we are unable to continue to license any of this technology for any reason, our ability to develop and sell our services containing such technology could be harmed. Similarly, if we are unable to license necessary technology from third parties now or in the future, we may be forced to acquire or develop alternative technology, which we may be unable to do in a commercially feasible manner or at all, and we may be required to use alternative technology of lower quality or performance standards. This could limit and delay our ability to offer new or competitive products and services and increase our costs of production. As a result, our business and results of operations could be significantly harmed. Additionally, as part of our 32Table of Contentslonger-term strategy, we plan to open our cloud platform to third-party developers and applications to further extend its functionality. Additionally, as part of our longer-term strategy, we plan to open our cloud platform to third-party developers and applications to further extend its functionality. We cannot be certain that such efforts to grow our business will be successful.Some of our technology incorporates "open source" software, and we license some of our software through open source projects, which could negatively affect our ability to sell our platform and subject us to possible litigation.33Table of ContentsSome of our technology incorporates "open source" software, and we license some of our software through open source projects, which could negatively affect our ability to sell our platform and subject us to possible litigation. Our solutions incorporate software licensed by third parties under open source licenses, including open source software included in software we receive from third-party commercial software vendors. Use of open source software may entail greater risks than use of third-party commercial software, as open source licensors generally do not provide support, updates or warranties or other contractual protections regarding infringement claims or the quality of the code. In addition, the wide availability of open source software used in our solutions could expose us to security vulnerabilities. Furthermore, the terms of many open source licenses have not been interpreted by U.S. courts, and there is a risk that such licenses could be construed in a manner that imposes unanticipated conditions or restrictions on our ability to market or commercialize our solutions. As a result, we could be subject to lawsuits by parties claiming ownership of what we believe to be open source software. Litigation could be costly for us to defend, have a negative effect on our results of operations and financial condition or require us to devote additional research and development resources to change our solutions. In addition, by the terms of some open source licenses, under certain conditions we could be required to release the source code of our proprietary software, and to make our proprietary software available under open source licenses, including authorizing further modification and redistribution. In the event that portions of our proprietary software are determined to be subject to such requirements by an open source license, we could be required to publicly release the affected portions of our source code, re-engineer all or a portion of our platform or otherwise be limited in the licensing of our services, each of which provide an advantage to our competitors or other entrants to the market, create security vulnerabilities in our solutions and could reduce or eliminate the value of our services. Further, if we are held to have breached or otherwise failed to comply with the terms of an open source software license, we could be required to release certain of our proprietary source code under open source licenses, pay monetary damages, seek licenses from third parties to continue offering our services on terms that are not economically feasible or be subject to injunctions that could require us to discontinue the sale of our services if re-engineering could not be accomplished on a timely basis. Many of the risks associated with use of open source software cannot be eliminated and could negatively affect our business. Moreover, we cannot assure you that our processes for controlling our use of open source software in our platform will be effective. Responding to any infringement or noncompliance claim by an open source vendor, regardless of its validity, or discovering open source software code in our platform could harm our business, operating results and financial condition by, among other things:•resulting in time-consuming and costly litigation;•diverting management’s time and attention from developing our business;•requiring us to pay monetary damages or enter into royalty and licensing agreements that we would not normally find acceptable;•causing delays in the deployment of our platform or service offerings to our customers;•requiring us to stop offering certain services on or features of our platform;•requiring us to redesign certain components of our platform using alternative non-infringing or non-open source technology, which could require significant effort and expense;•requiring us to disclose our software source code and the detailed program commands for our software; and•requiring us to satisfy indemnification obligations to our customers.33Table of ContentsWe rely on a limited number of suppliers for certain components of the equipment we use to operate our cloud platform, and any disruption in the availability of these components could delay our ability to expand or increase the capacity of our global data center network or replace defective equipment in our existing data centers.We rely on a limited number of suppliers for several components of the equipment we use to operate our cloud platform and provide services to our customers. Our reliance on these suppliers exposes us to risks, including reduced control over production costs and constraints based on the then-current availability, terms and pricing of these components. For example, we generally purchase these components on a purchase order basis, and do not have long-term contracts guaranteeing supply. In addition, the technology industry has experienced component shortages, delivery delays and price increases in the past, and we may experience shortages, delays or materially increased costs, including as a result of natural disasters, increased demand in the industry or if our suppliers do not have sufficient rights to supply the components in all jurisdictions in which we may host our services. In addition, the technology industry has experienced component shortages and delivery delays in the past, and we may experience shortages or delays, including as a result of natural disasters, increased demand in the industry or if our suppliers do not have sufficient rights to supply the components in all jurisdictions in which we may host our services. For example, though global economic conditions have not yet had a material impact on our supply chain, these conditions have resulted in increased costs and could result in disruptions and delays for these components in the future. If our supply of certain components is disrupted or delayed, there can be no assurance that additional supplies or components can serve as adequate replacements for the existing components or that supplies will be available on terms that are favorable to us, if at all. Any disruption or delay in the supply of our components may delay opening new data centers, delay increasing capacity or replacing defective equipment at existing data centers or cause other constraints on our operations that could damage our channel partner or customer relationships.Claims by others that we infringe their proprietary technology or other rights, or other lawsuits asserted against us, could result in significant costs and substantially harm our business, financial condition, results of operations and prospects.A number of companies in our industry hold a large number of patents and also protect their copyright, trade secret and other intellectual property rights, and companies in the networking and security industry frequently enter into litigation based on allegations of patent infringement or other violations of intellectual property rights. In addition, patent holding companies seek to monetize patents they previously developed, have purchased or otherwise obtained. Many companies, including our competitors, may now, and in the future, have significantly larger and more mature patent, copyright, trademark and trade secret portfolios than we have, which they may use to assert claims of infringement, misappropriation and other violations of intellectual property rights against us. In addition, future litigation may involve non-practicing entities or other patent owners who have no relevant product offerings or revenue and against whom our own patents may therefore provide little or no deterrence or protection. As we face increasing competition and gain an increasingly higher profile the possibility of intellectual property rights claims against us grows. Third parties have asserted in the past and may in the future assert claims of infringement of intellectual property rights against us and these claims, even without merit, could harm our business, including by increasing our costs, reducing our revenue, creating customer concerns that result in delayed or reduced sales, distracting our management from the running of our business and requiring us to cease use of important intellectual property. In addition, because patent applications can take years to issue and are often afforded confidentiality for some period of time, there may currently be pending applications, unknown to us, that later result in issued patents that could cover one or more of our services. Moreover, in a patent infringement claim against us, we may assert, as a defense, that we do not infringe the relevant patent claims, that the patent is invalid or both. The strength of our defenses will depend on the patents asserted, the interpretation of these patents, and our ability to invalidate the asserted patents. However, we could be unsuccessful in advancing non-infringement and/or invalidity arguments in our defense. In the United States, issued patents enjoy a presumption of validity, and the party challenging the validity of a patent claim must present clear and convincing evidence of invalidity, which is a high burden of proof. Conversely, the patent owner need only prove infringement by a preponderance of the evidence, which is a lower burden of proof. Furthermore, because of the substantial amount of discovery required in connection with patent and other intellectual property rights litigation, there is a risk that some of our confidential information could be compromised by the discovery process.34Table of ContentsAs the number of products and competitors in our market increases and overlaps occur, claims of infringement, misappropriation and other violations of intellectual property rights may increase. Our insurance may not cover intellectual property rights infringement claims. Third parties have in the past and may in the future also assert infringement claims against our customers or channel partners, with whom our agreements may obligate us to indemnify against these claims. In addition, to the extent we hire personnel from competitors, we may be subject to allegations that such employees have divulged proprietary or other confidential information to us.From time to time, the U.S. Supreme Court, other U.S. federal courts and the U.S. Patent and Trademark Appeals Board, and their foreign counterparts, have made and may continue to make changes to the interpretation of patent laws in their respective jurisdictions. We cannot predict future changes to the interpretation of existing patent laws or whether U.S. or foreign legislative bodies will amend such laws in the future. Any changes may lead to uncertainties or increased costs and risks surrounding the outcome of third-party infringement claims brought against us and the actual or enhanced damages, including treble damages, that may be awarded in connection with any such current or future claims and could have a material adverse effect on our business and financial condition. We are unable to predict the likelihood of success in defending against future infringement claims. In the event that we fail to successfully defend ourselves against an infringement claim, a successful claimant could secure a judgment or otherwise require payment of legal fees, settlement payments, ongoing royalties or other costs or damages; or we may agree to a settlement that prevents us from offering certain services or features; or we may be required to obtain a license, which may not be available on reasonable terms, or at all, to use the relevant technology. If we are prevented from using certain technology or intellectual property, we may be required to develop alternative, non-infringing technology, which could require significant time, during which we could be unable to continue to offer our affected services or features, effort and expense and may ultimately not be successful. Any of these outcomes could result in a material adverse effect on our business. Even if we were to prevail, third-party infringement lawsuits could be costly and time-consuming, divert the attention of our management and key personnel from our business operations, deter channel partners from selling or licensing our services and dissuade potential customers from purchasing our services, which would also materially harm our business. In addition, any public announcements of the results of any proceedings in third-party infringement lawsuits could be negatively perceived by industry or financial analysts and investors and could cause our stock price to experience volatility or decline. Further, the expense of litigation and the timing of this expense from period to period are difficult to estimate, subject to change and could adversely affect our results of operations.Any of these events could materially and adversely harm our business, financial condition and results of operations.The success of our business depends in part on our ability to protect and enforce our intellectual property rights.We believe our intellectual property is an essential asset of our business, and our success and ability to compete depend in part upon protection of our intellectual property rights. We rely on a combination of patent, copyright, trademark and trade secret laws, as well as confidentiality procedures and contractual provisions, to establish and protect our intellectual property rights, all of which provide only limited protection. The efforts we have taken to protect our intellectual property rights may not be sufficient or effective, and our patents, trademarks and copyrights may be held invalid or unenforceable. Moreover, we cannot assure you that any patents will be issued with respect to our currently pending patent applications in a manner that gives us adequate defensive protection or competitive advantages, or that any patents issued to us will not be challenged, invalidated or circumvented. We have filed for patents in the United States and in certain non-U.S. jurisdictions, but such protections may not be available in all countries in which we operate or in which we seek to enforce our intellectual property rights, or may be difficult to enforce in practice. For example, many foreign countries have compulsory licensing laws under which a patent owner must grant licenses to third parties. In addition, many countries limit the enforceability of patents against certain third parties, including government agencies or government contractors. In these countries, patents may provide limited or no benefit. Moreover, we may need to expend additional resources to defend our intellectual property 35Table of Contentsrights in these countries, and our inability to do so could impair our business or adversely affect our international expansion. Our currently issued patents and any patents that may be issued in the future with respect to pending or future patent applications may not provide sufficiently broad protection or they may not prove to be enforceable in actions against alleged infringers. Additionally, the U.S. Patent and Trademark Office and various foreign governmental patent agencies require compliance with a number of procedural, documentary, fee payment and other similar provisions during the patent application process and to maintain issued patents. There are situations in which noncompliance can result in abandonment or lapse of the patent or patent application, resulting in partial or complete loss of patent rights in the relevant jurisdiction. If this occurs, it could materially harm our business, operating results, financial condition and prospects.We may not be effective in policing unauthorized use of our intellectual property rights, and even if we do detect violations, litigation may be necessary to enforce our intellectual property rights. In addition, our intellectual property may be stolen, including by cybercrimes, and we may not be able to identify the perpetrators or prevent the exploitation of our intellectual property by our competitors or others. Protecting against the unauthorized use of our intellectual property rights, technology and other proprietary rights is expensive and difficult, particularly outside of the United States. Any enforcement efforts we undertake, including litigation, could be time-consuming and expensive and could divert management’s attention, either of which could harm our business, operating results and financial condition. Further, attempts to enforce our rights against third parties could also provoke these third parties to assert their own intellectual property or other rights against us, or result in a holding that invalidates or narrows the scope of our rights, in whole or in part. The inability to adequately protect and enforce our intellectual property and other proprietary rights could seriously harm our business, operating results, financial condition and prospects. Even if we are able to secure our intellectual property rights, we cannot assure you that such rights will provide us with competitive advantages or distinguish our services from those of our competitors or that our competitors will not independently develop similar technology, duplicate any of our technology, or design around our patents.Our business depends, in part, on sales to government organizations, and significant changes in the contracting or fiscal policies of such government organizations could have an adverse effect on our business and operating results.We derive a portion of our revenue from contracts with government organizations, and we believe the success and growth of our business will in part depend on our successful procurement of additional public sector customers. However, demand from government organizations is often unpredictable, and we cannot assure you that we will be able to maintain or grow our revenue from the public sector. Sales to government entities are subject to substantial risks, including the following:•selling to government agencies can be highly competitive, expensive and time-consuming, often requiring significant upfront time and expense without any assurance that such efforts will generate a sale;•U.S. or other government certification requirements applicable to our cloud platform, including the Federal Risk and Authorization Management Program, are often difficult and costly to obtain and maintain and failure to do so will restrict our ability to sell to government customers;•government demand and payment for our services may be impacted by public sector budgetary cycles and funding authorizations; and•governments routinely investigate and audit government contractors’ administrative processes and any unfavorable audit could result in fines, civil or criminal liability, further investigations, damage to our reputation and debarment from further government business.The occurrence of any of the foregoing could cause governments and governmental agencies to delay or refrain from purchasing our solutions in the future or otherwise have an adverse effect on our business and operating results.36Table of ContentsFailure to comply with laws and regulations applicable to our business could subject us to fines and penalties and could also cause us to lose customers in the public sector or negatively impact our ability to contract with the public sector.Our business is subject to regulation by various federal, state, local and foreign governmental agencies, including agencies responsible for monitoring and enforcing laws and regulations relating to privacy, data protection and cybersecurity, employment and labor laws, workplace safety, product safety, environmental laws, consumer protection laws, anti-bribery laws, import and export controls, federal securities laws and tax laws and regulations.Our business is subject to regulation by various federal, state, local and foreign governmental agencies, including agencies responsible for monitoring and enforcing laws and regulations relating to privacy, data protection and cybersecurity,, employment and labor laws, workplace safety, product safety, environmental laws, consumer protection laws, anti-bribery laws, import and export controls, federal securities laws and tax laws and regulations. In certain jurisdictions, these regulatory requirements may be more stringent than in the United States. These laws and regulations impose added costs on our business. Noncompliance with applicable regulations or requirements could subject us to:•investigations, enforcement actions and sanctions;•mandatory changes to our cloud platform;•disgorgement of profits, fines and damages;•civil and criminal penalties or injunctions;•claims for damages by our customers or channel partners;•termination of contracts;•loss of intellectual property rights; and•temporary or permanent debarment from sales to government organizations.If any governmental sanctions are imposed, or if we do not prevail in any possible civil or criminal litigation, our business, operating results and financial condition could be adversely affected. In addition, responding to any action will likely result in a significant diversion of management’s attention and resources and an increase in professional fees. Enforcement actions and sanctions could materially harm our business, operating results and financial condition.We endeavor to properly classify employees as exempt versus non-exempt under applicable law. Although there are no pending or threatened material claims or investigations against us asserting that some employees are improperly classified as exempt, the possibility exists that some of our current or former employees could have been incorrectly classified as exempt employees.In addition, we must comply with laws and regulations relating to the formation, administration and performance of contracts with the public sector, including U.S. federal, state and local governmental organizations, which affect how we and our channel partners do business with governmental agencies. Selling our solutions to the U.S. government, whether directly or through channel partners, also subjects us to certain regulatory and contractual requirements. Failure to comply with these requirements by either us or our channel partners could subject us to investigations, fines and other penalties, which could have an adverse effect on our business, operating results, financial condition and prospects. As an example, the U.S. Department of Justice, or DOJ, and the General Services Administration, or GSA, have in the past pursued claims against and financial settlements with IT vendors under the False Claims Act and other statutes related to pricing and discount practices and compliance with certain provisions of GSA contracts for sales to the federal government. The DOJ and GSA continue to actively pursue such claims. Violations of certain regulatory and contractual requirements could also result in us being suspended or debarred from future government contracting. Any of these outcomes could have a material adverse effect on our revenue, operating results, financial condition and prospects.These laws and regulations impose added costs on our business, and failure to comply with these or other applicable regulations and requirements could lead to claims for damages from our channel partners or customers, penalties, termination 37Table of Contentsof contracts, loss of exclusive rights in our intellectual property and temporary suspension or permanent debarment from government contracting. Any such damages, penalties, disruptions or limitations in our ability to do business with the public sector could have a material adverse effect on our business and operating results.If we were not able to satisfy data protection, security, privacy and other government- and industry-specific requirements or regulations, our business, results of operations and financial condition could be harmed.The regulatory framework for privacy, data protection and security matters are rapidly evolving and are likely to remain volatile for the foreseeable future. Our handling of personal data is subject to various data protection, information security and other telecommunications regulations where we offer our solutions around the world. We also may find it necessary or desirable to join industry or other self-regulatory bodies or other information security or data protection-related organizations that require us to comply with rules pertaining to data protection and information security. Further, we may be bound by additional, more stringent contractual obligations and other actual and asserted obligations, such as industry standards, relating to our collection, use and disclosure of personal, financial and other data. Changes in laws or regulations that adversely affect the use of the internet, including laws impacting net neutrality, could also impact our business.The U.S. federal government, and various state and foreign governments, have adopted or proposed laws and regulations on the collection, distribution, use and storage of information relating to individuals. federal government, and various state and foreign governments, have adopted or proposed regulations on the collection, distribution, use and storage of information relating to individuals. Such laws and regulations may, among other things, require companies to implement privacy and security policies, permit customers to access, correct and delete information stored or maintained by such companies, inform individuals of security breaches that affect their information, and, in some cases, obtain individuals’ consent to use information for certain purposes. Such laws and regulations may require companies to implement privacy and security policies, permit customers to access, correct and delete information stored or maintained by such companies, inform individuals of security breaches that affect their information, and, in some cases, obtain individuals’ consent to use information for certain purposes. Just within the U.S., privacy laws in Colorado, Connecticut, Utah, and Virginia, and significant changes to California’s primary privacy law, will go into effect in 2023 and a federal data privacy law is being considered. The number of emerging and existing data privacy laws creates the risk that obligations may be interpreted inconsistently between jurisdictions which may generate tension with our efforts to align our practices to comply with our privacy, data protection, and security obligations globally. The taxing authorities of the jurisdictions in which we operate may challenge our methodologies for pricing intercompany transactions pursuant to the intercompany arrangements or disagree with our determinations as to the income and expenses attributable to specific jurisdictions. Many of these laws and regulations impose substantial penalties for noncompliance. We expect that there will continue to be new proposed laws, regulations and industry standards concerning privacy, data protection, information security, and telecommunications services jurisdictions in which we operate or may operate, and we cannot yet determine the impact such future laws, regulations and standards may have on our business. We expect that there will continue to be new proposed laws, regulations and industry standards concerning data protection, information security, and telecommunications services in the United States, EU, and other jurisdictions in which we operate or may operate, and we cannot yet determine the impact such future laws, regulations and standards may have on our business. Needing to address new and evolving laws, regulations, standards and other obligations, and changes in the interpretation of existing laws, regulations, standards and other obligations relating to privacy, data protection or security could require us to modify our solutions, restrict our business operations, increase our costs and impair our ability to maintain and grow our customer base and increase our revenue. More generally, addressing new and evolving laws, regulations, standards and other obligations, and changes in the interpretation of existing laws, regulations, standards and other obligations relating to privacy, data protection or security could require us to modify our solutions, restrict our business operations, increase our costs and impair our ability to maintain and grow our customer base and increase our revenue. For example, evolving obligations relating to data transfers outside of the European Economic Area, Switzerland, and the United Kingdom impose additional due diligence and other measures in the procurement process and uncertainty regarding compliance approaches. These and other new and evolving requirements may increase compliance costs, lead to increased regulatory scrutiny or liability, may require additional contractual negotiations, and may adversely impact our business, financial condition and operating results. This may increase compliance costs, lead to increased regulatory scrutiny or liability, may require additional contractual negotiations, and may adversely impact our business, financial condition and operating results. In view of the foregoing, we cannot assure our compliance with all such laws, regulations, standards and obligations. Any failure or perceived failure by us to comply with applicable laws, regulations, standards or actual or asserted obligations, or any actual or suspected security breach or other security incident, whether or not resulting in unauthorized access to, or acquisition, release or transfer of information relating to individuals or other data, may result in governmental investigations, enforcement actions and other proceedings, private claims and litigation, fines and penalties or adverse publicity, and could cause our customers and prospective customers to lose trust in us, which could have an adverse effect on our reputation and business.38Table of ContentsWe are subject to governmental export and import controls that could impair our ability to compete in international markets and subject us to liability if we are not in full compliance with applicable laws.We are subject to governmental export and import controls that could impair our ability to compete in international markets and subject us to liability if we are not in full compliance with applicable laws. Our business activities are subject to various restrictions under U.S. export and similar laws and regulations, including the U.S. Department of Commerce’s Export Administration Regulations and various economic and trade sanctions regulations administered by the U.S. Treasury Department’s Office of Foreign Assets Control. The U.S. export control laws and U.S. economic sanctions laws include restrictions or prohibitions on the sale or supply of certain products and services to U.S. embargoed or sanctioned countries, governments, persons and entities. For example, the U.S. and other countries have implemented economic and other sanctions in response to the Russia-Ukraine crisis. These sanctions and any additional sanctions may impact our ability to continue to operate in Russia and other affected regions. In addition, various countries regulate the import of certain technology and have enacted or could enact laws that could limit our ability to provide our services and operate our cloud platform or could limit our customers’ ability to access or use our services in those countries.Although we take precautions to prevent our services from being provided in violation of such laws, our services may have been in the past, and could in the future be, provided inadvertently in violation of such laws, despite the precautions we take. If we fail to comply with these laws and regulations, we and certain of our employees could be subject to civil or criminal penalties, including the possible loss of export privileges and fines. We may also be materially and adversely affected through penalties, reputational harm, loss of access to certain markets, or otherwise. Obtaining the necessary authorizations, including any required license, for a particular transaction may be time-consuming, is not guaranteed and may result in the delay or loss of sales opportunities. In addition, changes in our platform, or changes in export, sanctions and import laws, could delay the introduction and sale of subscriptions to our platform in international markets, prevent users in certain countries from accessing our services or, in some cases, prevent the provision of our services to certain countries, governments, persons or entities altogether. Any change in export or import regulations, economic sanctions or related laws, shift in the enforcement or scope of existing regulations or change in the countries, governments, persons or technologies targeted by such regulations could decrease our ability to sell subscriptions to our platform to existing customers or potential new customers with international operations. Any decrease in our ability to sell subscriptions to our platform could materially and adversely affect our business, results of operations and financial condition. Our international operations expose us to significant risks, and failure to manage those risks could materially and adversely impact our business.Historically, we have derived a significant portion of our revenue from outside the United States. We derived approximately 51%, 51% and 51% of our revenue from our international customers in fiscal 2022, fiscal 2021 and fiscal 2020, respectively. As of July 31, 2022, approximately 55% of our full-time employees were located outside of the United States. We are continuing to adapt to and develop strategies to address international markets and our growth strategy includes continued expansion into target geographies, such as Japan and the Asia-Pacific region, Latin America and the Middle East, but there is no guarantee that such efforts will be successful. We are continuing to adapt to and develop strategies to address international markets and our growth strategy includes 40Table of Contentscontinued expansion into target geographies, such as Japan and the Asia-Pacific region, Latin America and the Middle East, but there is no guarantee that such efforts will be successful. We expect that our international activities will continue to grow in the future, as we continue to pursue opportunities in international markets. These international operations will require significant management attention and financial resources and are subject to substantial risks, including:•political, economic and social uncertainty or international conflict, such as the Russia-Ukraine crisis;•unexpected costs for the localization of our services, including translation into foreign languages and adaptation for local practices and regulatory requirements;•greater difficulty in enforcing contracts and accounts receivable collection, and longer collection periods;•reduced or uncertain protection for intellectual property rights in some countries;•greater risk of unexpected changes in regulatory practices, tariffs and tax laws and treaties;39Table of Contents•greater risk of a failure of foreign employees, partners, distributors and resellers to comply with both U. These international operations will require significant management attention and financial resources and are subject to substantial risks, including:•political, economic and social uncertainty;•unexpected costs for the localization of our services, including translation into foreign languages and adaptation for local practices and regulatory requirements;•greater difficulty in enforcing contracts and accounts receivable collection, and longer collection periods, which may be further lengthened by the COVID-19 pandemic and governmental responses thereto;•reduced or uncertain protection for intellectual property rights in some countries;•greater risk of unexpected changes in regulatory practices, tariffs and tax laws and treaties;•greater risk of a failure of foreign employees, partners, distributors and resellers to comply with both U. S. and foreign laws, including antitrust regulations, anti-bribery laws, export and import control laws, and any applicable trade regulations ensuring fair trade practices;•requirements to comply with foreign privacy, data protection, cybersecurity and information security laws and regulations and the risks and costs of noncompliance;•increased expenses incurred in establishing and maintaining office space and equipment for our international operations;•greater difficulty in identifying, attracting and retaining local qualified personnel, and the costs and expenses associated with such activities;•differing employment practices and labor relations issues;•difficulties in managing and staffing international offices and increased travel, infrastructure and legal compliance costs associated with multiple international locations;•fluctuations in exchange rates between the U. and foreign laws, including antitrust regulations, anti-bribery laws, export and import control laws, and any applicable trade regulations ensuring fair trade practices;•requirements to comply with foreign privacy, data protection and information security laws and regulations and the risks and costs of noncompliance;•increased expenses incurred in establishing and maintaining office space and equipment for our international operations;•greater difficulty in identifying, attracting and retaining local qualified personnel, and the costs and expenses associated with such activities;•differing employment practices and labor relations issues;•difficulties in managing and staffing international offices and increased travel, infrastructure and legal compliance costs associated with multiple international locations;•fluctuations in exchange rates between the U. S. dollar and foreign currencies in markets where we do business, including the British Pound, Indian Rupee and Euro, and related impact on sales cycles; •the impact of natural disasters and public health pandemics and epidemics, such as the COVID-19 pandemic, on customers, partners, suppliers, employees, travel and the global economy; and•the legal uncertainty in Europe as a result of Brexit.As we continue to develop and grow our business globally, our success will depend, in large part, on our ability to anticipate and effectively manage these risks. The expansion of our existing international operations and entry into additional international markets will require significant management attention and financial resources. Our failure to successfully manage our international operations and the associated risks could limit the future growth of our business.Servicing our debt may require a significant amount of cash, and we may not have sufficient cash flow from our business or the ability to raise funds to pay our substantial debt.On June 25, 2020, we issued $1,150 million in aggregate principal amount of our 0.125% Convertible Senior Notes due 2025, referred to herein as the Notes. We may be required to use a substantial portion of our cash flows from operations to pay interest and principal on our indebtedness. We may be required to use a substantial portion of our cash flows from operations to 41Table of Contentspay interest and principal on our indebtedness. Our ability to make scheduled payments of the principal, to pay interest on or to refinance our indebtedness, including the Notes, depends on our future performance, which is subject to economic, financial, competitive and other factors beyond our control. Such payments will reduce the funds available to us for working capital, capital expenditures, and other corporate purposes and may limit our ability to obtain additional financing for working capital, capital expenditures, expansion plans, and other investments. Our business may not continue to generate cash flow from operations in the future sufficient to service our debt and make necessary capital expenditures. If we are unable to generate such cash flow, we may be required to adopt one or more alternatives, such as selling assets, restructuring debt or obtaining additional equity capital on terms that may be onerous or highly dilutive. If we are unable to engage in any of these activities or engage in these activities on desirable terms, it could result in a default on our debt obligations, which would adversely affect our financial condition.40Table of ContentsOur failure to raise additional capital necessary to expand our operations and invest in new solutions could reduce our ability to compete and could harm our business.Our failure to raise additional capital necessary to expand our operations and invest in new solutions could reduce our ability to compete and could harm our business. We expect that our existing cash, cash equivalents and short-term investments will be sufficient to meet our anticipated cash needs for working capital and capital expenditures for at least the next 12 months. We may, however, need to raise additional funds in the future to fund our operating expenses, make capital purchases and acquire or invest in business or technology, and we may not be able to obtain those funds on favorable terms, or at all. If we raise additional equity financing, our stockholders may experience significant dilution of their ownership interests and the per share value of our common stock could decline.