SECURITIES AND EXCHANGE COMMISSION
WASHINGTON, D.C. 20549
☒ ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
For the fiscal year ended December 31, 2019
☐ TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
For the transition period from to
Commission file number: 000–26495
(Exact name of Registrant as specified in its charter)
|(State or other jurisdiction of||(I.R.S. Employer|
|incorporation or organization)||Identification No.)|
|10 Ha-Menofim St., 5th Floor|
|(Address of principal executive offices)||(Zip Code)|
Registrant’s telephone number, including area code 011–972–9–863–6888
Securities registered pursuant to Section 12(b) of the Act:
|Title of Each Class||Trading Symbol(s)||Name of Each Exchange on Which Registered|
|Ordinary Shares, par value ILS 0.15 per share||CYRN||Nasdaq Capital Market|
Securities registered pursuant to Section 12(g) of the Act:
Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes ☐ No ☒
Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Exchange Act. Yes ☐ No ☒
Indicate by check mark whether the Registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the Registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes ☒ No ☐
Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). Yes ☒ No ☐
Indicate by check mark whether the Registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.
|Large accelerated filer||☐||Accelerated filer||☐|
|Non-Accelerated filer||☒||Smaller reporting company||☒|
|Emerging growth company||☐|
If an emerging growth company, indicate by checkmark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐
Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act) Yes ☐ No ☒
The aggregate market value of the voting stock held by non-affiliates of the Registrant was approximately $45.6 million as of June 30, 2019.
The number of shares outstanding of the Registrant’s ordinary shares (as of February 29, 2020): Ordinary Shares — 59,946,350.
Documents Incorporated By Reference
Table of Contents
|ITEM 1A.||RISK FACTORS||15|
|ITEM 1B.||UNRESOLVED STAFF COMMENTS||33|
|ITEM 3.||LEGAL PROCEEDINGS||33|
|ITEM 4.||MINE SAFETY DISCLOSURE||33|
|ITEM 5.||MARKET FOR REGISTRANT’S COMMON EQUITY, RELATED STOCKHOLDER MATTERS AND ISSUER PURCHASES OF EQUITY SECURITIES||34|
|ITEM 6.||SELECTED FINANCIAL DATA||34|
|ITEM 7.||MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS||35|
|ITEM 7A.||QUANTITATIVE AND QUALITATIVE DISCLOSURES ABOUT MARKET RISK||46|
|ITEM 8.||FINANCIAL STATEMENTS AND SUPPLEMENTARY DATA||48|
|ITEM 9.||CHANGES IN AND DISAGREEMENTS WITH ACCOUNTANTS ON ACCOUNTING AND FINANCIAL DISCLOSURE||48|
|ITEM 9A.||CONTROLS AND PROCEDURES||49|
|ITEM 10.||DIRECTORS, EXECUTIVE OFFICERS AND CORPORATE GOVERNANCE||50|
|ITEM 11.||EXECUTIVE COMPENSATION||56|
|ITEM 12.||SECURITY OWNERSHIP OF CERTAIN BENEFICIAL OWNERS AND MANAGEMENT AND RELATED STOCKHOLDER MATTERS||65|
|ITEM 13.||CERTAIN RELATIONSHIPS AND RELATED TRANSACTIONS, AND DIRECTOR INDEPENDENCE||67|
|ITEM 14.||PRINCIPAL ACCOUNTING FEES AND SERVICES||70|
|ITEM 15.||EXHIBITS, FINANCIAL STATEMENT SCHEDULES||71|
|ITEM 16.||FORM 10-K SUMMARY||71|
ITEM 1. BUSINESS
Unless otherwise indicated, all references in this document to “Cyren”, “the Company,” “we,” “us” or “our” are to Cyren Ltd., and its consolidated subsidiaries, namely Cyren Inc., Cyren Iceland hf, Cyren UK Ltd., and Cyren Gesellschaft GmbH.
Purpose built for the cloud, Cyren is an early pioneer and leading innovator of Software-as-a-Service (SaaS) security solutions that protect businesses, their employees and customers against threats from email and the web.
Cyren’s cloud-based approach to security sets us apart from other vendors in the market. Our security solutions are architected around the fundamental belief that cybersecurity is a race against time – and the cloud best enables the speed, sophistication and advanced automation needed to detect and block threats as they emerge on the internet. As more and more businesses move their data and applications to the cloud, they need a security provider that is able to keep pace.
Today’s security threats are more prevalent and stealthier than ever. As cybercrime has become more sophisticated, every malware, phishing and ransomware variant is unique, making it more difficult to detect attacks. While organizations have traditionally protected their users with gateway security appliances at their network perimeter, more frequent and evasive attacks combined with a more distributed workforce are reducing the effectiveness of this approach. Traditional appliances lack the real-time threat intelligence and processing power to detect emerging threats, and the growth of mobile devices and an increasingly distributed workforce mean that more and more business is conducted outside of the traditional network perimeter. As a result, when new attacks appear in a matter of seconds, legacy appliances can leave companies vulnerable for hours, days or even weeks.
Cyren’s cloud security products and services fall into three categories:
|●||Cyren Threat Detection Services – these services detect a variety of threats in email and from the web, and are embedded into products from the world’s leading technology and security vendors. Cyren Threat Detection Services include our Email Security Detection Engine, Malware Detection Engine, Web Security Engine, and Threat Analysis Service.|
|●||Cyren Threat Intelligence Feeds – Cyren’s threat intelligence feeds provide valuable threat intelligence data that can be used by enterprise or OEM customers to support threat detection, threat hunting and incident response. Cyren’s threat intelligence feed offerings include IP Reputation Intelligence, Phishing Intelligence, Malware Intelligence and Zombie Intelligence.|
|●||Cyren Enterprise Email Security Products – these include cloud-based solutions designed for enterprise customers, and are sold either directly or through channel partners. Cyren enterprise email security products include Cyren Email Security, a cloud-based secure email gateway and Cyren Inbox Security, an anti-phishing product for Office 365.|
All of Cyren’s security products are powered by Cyren GlobalView, Cyren’s global security cloud that identifies emerging threats on a global basis, in real-time. GlobalView analyzes billions of security transactions each day and rapidly detects a variety of threats in email, files and from the web. By inspecting internet traffic in the cloud, Cyren identifies threats as they emerge, stopping them before they reach users. Google, Microsoft and Check Point are just a few of the organizations that depend on Cyren to power their security infrastructure.
With a massive volume of customer traffic flowing through it every day, from more than 180 countries, GlobalView is able to identify emerging threats on the internet within seconds. The key to GlobalView’s detection capabilities include:
|(i)||Massive Security Data Flow – Everyday, Cyren processes billions of security transactions generated by over 1.3 billion users worldwide to detect cyber threats as they emerge – including thousands of new IP addresses, phishing sites and URLs. As a result, Cyren is able to identify new and emerging threats in seconds.|
|(ii)||Comprehensive Detection Technologies – Cyren’s family of proprietary detection engines leverage big data analytics, advanced heuristics, Recurrent Pattern Detection (RPD), and behavioral sandboxing, all tied together in a single-pass streaming architecture that applies these detection techniques in parallel. Distributed, massively scalable, and fault tolerant, this approach delivers fully automated real-time threat identification across web, DNS, email, and files.|
|(iii)||Advanced Cyber Intelligence – Real-time, actionable cyber intelligence services are used by over 100 technology and security providers including Google, Microsoft and Check Point. The breadth and accuracy of our security cloud identifies more than 300 million threats each day, and enables protection from malicious messages, hosts and websites.|
Figure 1: Cyren Threat Intelligence Services include threat detection engines, threat intelligence data feeds and our threat analysis services which are connected through the GlobalView security cloud.
Threat Detection Services
Used and trusted by many of the world’s leading technology, network and security vendors, Cyren Threat Detection Services empower technology companies with the real-time detection capabilities enabled by our threat detection engines and our GlobalView threat intelligence network, backed by a dedicated technical and commercial support model. Our globally comprehensive and unique insights into current and emerging threats are provided as individual cyber intelligence services:
Email Security Engine – Our embedded email security includes a complete set of protection that can be deployed in a wide range of configurations. Suitable as a core security offering or as a complementary layer, the flexible engine easily integrates into existing platforms, minimizing costs without affecting performance. Available services include:
|●||Anti-Spam Inbound Service|
|●||Anti-Spam Outbound Service|
|●||IP Reputation Service for Email|
|●||Virus Outbreak Detection for Email|
Malware Detection Engine – Our malware detection capabilities are used to detect the latest viruses, malware, ransomware, and advanced threats that are used by hackers to infiltrate an enterprise’s network. Our SDK can scan and classify objects including files, scripts, emails, and web-based threats, and use cases include email scanning, UTM and firewall appliances, and anti-malware software applications. Cyren’s malware detection engine is used to protect email applications.
Web Security Engine – Our web security engine is used by customers to provide URL classification for web browser filtering and safe search capabilities. Cyren provides dozens of URL categories and classifications, with a unique capability for security-based URL classifications. Use cases for Cyren web security engine include UTM and firewall appliances, endpoint filtering software applications, and cloud-based web filtering.
Threat Analysis Service – Cyren’s advanced Threat Analysis Service delivers outstanding detection of the most advanced cyber threats. Cyren’s technology uses a patented, cloud-based, multi-sandbox array which includes multi-stage hash threat lookup, file analysis, and full sandbox detonation. The service includes file analysis and threat reporting on an individual file or aggregate basis and can be used by OEMs as well as enterprise customers.
Cyren Threat Intelligence Feeds
Cyren’s Threat Detection Services generate billions of security transactions each day within the GlobalView network. OEM partners and enterprise customers can benefit from the millions of unique threats that are detected each day by subscribing to Cyren’s real-time Threat Intelligence data feeds to supplement their security solutions and improve their overall threat posture. Cyren’s Threat Intelligence data feeds include the following discrete offerings:
|●||Real-Time Phishing Intelligence|
|●||Real-Time Malware File Intelligence|
IP Reputation Intelligence
|●||Real-Time Malware URL Intelligence|
|●||Real Time Zombie Host Intelligence|
Cyren Enterprise Security Products
Cyren has historically provided SMB and enterprise customers a broad set of internet security services from a common integrated platform called Cyren Cloud Security (CCS). CCS applications included Cyren Web Security (a SaaS secure web gateway), Cyren Email Security (a SaaS secure email gateway), Cyren DNS Security (a SaaS DNS web filtering solution), and Cyren Cloud Sandboxing (an advanced threat protection service integrated into Cyren Web Security and Cyren Email Security, and also available as a standalone service). These products were available on the CCS platform, leveraging shared threat detection services, a common policy framework, integrated reporting, customer onboarding and license management. All products were sold on a per-user SaaS subscription model, providing customers with a quick-to-deploy, easy-to-manage solution and a low total cost of ownership.
During 2019, Cyren revised its enterprise product strategy to focus on email security solutions, threat detection services, threat intelligence and cloud sandbox threat analysis, and began to de-emphasize standalone and bundled Web Security (CWS) offerings. Cyren will continue to support existing CWS customers through the end of 2020 but is no longer pursuing new sales of this product.
Cyren’s current and anticipated Enterprise Security products include:
Cyren Email Security (CES) – a cloud-based secure email gateway that works well with both on premise and cloud-based business email, Cyren Email Security filters an organization’s inbound and outbound email to protect users from security threats and spam. Inbound email security protects against malware, phishing, business email compromise, and more, with advanced threat protection from cloud sandboxing, malware outbreak protection and time-of-click analysis. Support for SPF (Sender Policy Framework) provides sender validation to prevent email spoofing, while policy-based encryption protects sensitive email communications. Outbound protections block botnet-infected devices from sending malware or spam from a customer’s domain.
Cyren Threat Explorer – an advanced layer of security that augments Cyren’s web and email security services, Cyren Threat Explorer is a cloud-based sandbox designed to protect businesses against breaches and data loss from today’s most sophisticated and evasive threats. Cyren Threat Explorer “detonates” suspicious files and URLs to determine if they are malicious, even threats that have never been seen before, including zero-day exploits, targeted attacks, and advanced persistent threats. Because these kinds of threats are increasingly “sandbox aware” as hackers use diverse strategies to evade detection by traditional sandboxing appliances, Cyren’s unique cloud sandbox array technology automatically detonates these malicious files and embedded URLs across multiple different sandboxes until they express their full set of behaviors.
Figure 2: Cyren Inbox Security offers advanced phishing security for Office 365 – continuously monitors, detects and remediates user inboxes for today’s evasive phishing attacks.
Cyren Inbox Security (CIS) – Since 2018, Cyren has been developing an anti-phishing solution targeted at enterprise customers using Office 365 in a market segment that Gartner has defined as Cloud Email Security Supplements (CESS)(1). Cyren’s CESS solution, Cyren Inbox Security (CIS), is expected to be generally available during the second quarter of 2020.
By utilizing the native API integration offered by Office 365, Cyren is able to detect email-based phishing threats on a continuous basis, as well as provide a powerful set of remediation capabilities to identify and mitigate the types of phishing messages which legacy perimeter defenses find challenging to stop, including:
Phishing emails utilizing evasive techniques, like delayed URL activation, URLs hidden
in attachments, use of strong encryption, use of real and valid SSL certificates, etc;
|●||Spoofed spear phishing messages impersonating employees or trusted partners;|
|●||BEC and CEO fraud and other targeted social engineering attacks; and|
|●||New zero-day phishing campaigns and account takeovers.|
(1) Gartner Market Guide for Email Security (Neil Wynne, Peter Firstbrook, Published 6 June 2019).
Sales and Marketing
Cyren’s cloud security solutions are sold into two markets:
|●||OEM/Embedded Security (Security product vendors, email providers, MSPs/MMSPs)|
|○||In this market segment, our customers embed Cyren Threat Detection Services and Threat Intelligence Feeds into their infrastructure and/or products to protect their customers and users.|
In this market segment, Cyren provides enterprise customers email security products, threat intelligence and cloud-based sandbox threat analysis to protect their employees, data and IP.
OEM/Embedded Security Market
We target two primary segments to sell our Threat Detection Services and Threat Intelligence Feeds:
|●||Service providers. Organizations offering internet access or email services that need to protect their customers from internet threats. For these partners, we offer carrier-class email security, web security, and advanced threat protection services that can be integrated into their large-scale, high performance infrastructures.|
|●||Security vendors. Network equipment and security vendors offering endpoint, gateway, and cloud-based solutions that need to augment their security capabilities or integrate third party best-of-breed internet security capabilities into their products. For these partners, we offer cloud-based APIs and SDKs for email security, web security, endpoint protection, and advanced threat protection that can be integrated into their on-premise appliances or cloud solutions.|
Our sales team for these segments are organized by geographic regions, including Europe, the Middle East and Africa (EMEA), North America, and Asia Pacific. The sales process for these segments entails consultative, technical business development engagements working with partner product management and engineering teams to architect and integrate our solutions into their products. Our OEM installed base of customers consists of approximately 100 customers, many of whom consume multiple services and have been customers of Cyren for over 10 years.
Our sales and marketing programs are organized by geographic regions, including EMEA and North America.
We sell through both direct and indirect channels, including value added resellers and managed service providers:
|●||Direct sales. We market and sell our solutions to enterprise customers directly through our direct sales teams, as well as indirectly through channels where our sales organization actively works with our network of distributors and resellers. Our sales personnel are located in North America and EMEA.|
|●||Reseller channel. We engage value-added resellers via a two-tier distribution model, where resellers purchase Cyren services through their distribution partner, as opposed to directly from us, and distributors provide sales support services such as technical support, education, training and financial services. Our reseller partners maintain relationships with their customers throughout the territories in which they operate, providing them with services and third-party solutions to help meet their evolving security requirements. As such, these partners act as a direct conduit through which we can connect with these prospective customers to offer our solutions.|
|●||Managed service providers. Unlike many other security products on the market today, Cyren’s platform is architected as an integrated platform offering multi-tenant cloud services and delegated administration. This enables MSPs to operate our services on behalf of multiple customers, allowing them to deliver turnkey internet security services to their customer bases.|
We execute marketing programs to build awareness and encourage customer adoption of our solutions. Our marketing programs include a variety of digital marketing, advertising, conferences, events, white-papers, public relations activities and web-based seminar campaigns targeted at key decision makers within our prospective customers. We offer free online diagnostic tools to identify security gaps, free trials, and competitive evaluations to allow prospective customers to experience the quality of our solutions, to learn in detail about the features and functionality of our suite, and to quantify the potential benefits of our solutions.
We regard our patented and patent pending anti-spam and antivirus technology, copyrights, service marks, trademarks, trade secrets and similar intellectual property as critical to our success, and rely on patent, trademark and copyright law, trade secret protection and confidentiality and/or license agreements with our employees, customers, partners and others to protect our proprietary rights.
In 2004, we purchased a United States patent, U.S. Patent No. 6,330,590 that relates to the Recurrent Pattern Detection (RPD) technology used in many of our security solutions. During 2006, we filed a provisional patent application in the United States relating to the prevention of spam in streaming systems or, in other words, unwanted conversational media sessions (i.e., voice and video related). This provisional application was converted to a full patent application and that application was then divided into three applications. The United States Patent and Trademark Office granted the original application as United States Patent No. 7,849,186. The three divisional patents were also subsequently granted as United States Patent No. 7,991,919, United States Patent No. 8,190,737 and United States Patent No. 8,195,795, all of which have a term concurrent with US Patent No. 7,849,186. In 2016, we filed a provisional patent application in the United States relating to a multi-sandbox array that utilizes unique intellectual property we developed in support of our cyber threat protection capabilities. In February 2017, we converted this provisional application into full patent applications for the multi-sandbox array in the United States, Europe and Israel. The resulting US patent No. 10,482,243 was issued in November 2019, and Israel patent application 250797 was allowed in January 2020. The European sandbox patent application is still in stages of prosecution. In July 2018 we filed a provisional patent application in the United States relating to phishing detection systems and methods we developed in support of our anti-phishing capabilities. In July 2019, we converted this provisional application into full patent applications for phishing detection in the United States, Europe and Israel. In 2019 U.S. Patent No. 6,330,590 expired after completion of its full 20 year term. We may seek to patent certain additional software or other technology in the future.
We have registered trademarks for our company name “Cyren” in the US and Europe and we are also maintaining our registered trademark for “Commtouch” in the U.S. Through acquisition, we also acquired registered trademarks such as “FRISK”, “F-PROT”, “eleven”, “Expurgate” and “Command Antimalware”. We may allow certain of these trademarks to lapse over time. Since at least September 2003, we have claimed common law trademark rights in “RPD” and “Recurrent Pattern Detection”, as applicable to our messaging security solutions. We have also been claiming common law trademark rights in “Zero-Hour” in relation to our virus outbreak detection product (and more recently one of our web security products) and “GlobalView” in relation to our Internet Protocol, or IP, reputation and web security products, as well as our “cloud computing” network infrastructure.
It may be possible for unauthorized third parties to copy or reverse engineer certain portions of our products or obtain and use information that we regard as proprietary. In addition, the laws of some foreign countries do not protect proprietary rights to the same extent as do the laws of the United States. There can be no assurance that our means of protecting our proprietary rights in the United States, Europe or elsewhere will be adequate or that competing companies will not independently develop similar technology.
Other parties may assert infringement claims against us. We may also be subject to legal proceedings and claims from time to time in the ordinary course of our business, including claims of alleged infringement by us and/or our customers of the trademarks and other intellectual property rights of third parties. Our customer agreements typically include indemnity provisions so we may be obligated to defend against third party intellectual property rights infringement claims on behalf of our customers. Such claims, even if not meritorious, could result in the expenditure of significant financial and managerial resources.
Under the R&D Law, research and development programs approved by the Research Committee of the Israel Innovation Authority (respectively, the “Research Committee” and the “IIA”) are eligible for “Benefits” which include grants, loans, exemptions, discounts, guarantees and additional means of assistance, but with the exclusion of purchase of shares, provided under various tracks promulgated by the Council Body (the “Tracks”). Most Tracks require the repayment of the Benefits in the form of the payment of royalties from the sale of the product developed in accordance with the published Track guidelines and subject to other restrictions. Once a project is approved, the IIA awards grants of up to 50% of the project’s expenditures in return for royalties, usually at the rate of 3% to 5% of sales of products developed with such grants. For projects approved after January 1, 1999, the amount of royalties payable was up to a dollar-linked amount equal to 100% of such grants plus interest at LIBOR. Our total commitment for royalties payable with respect to future sales, based on IIA participations received, net of royalties paid or accrued, totaled $2,765 thousand as of December 31, 2019.
The terms of these grants prohibit the manufacturing outside of Israel of the product developed in accordance with the program without the prior consent of the Research Committee. Such approval is generally subject to an increase in the total amount to be repaid to the IIA to between 120% and 300% of the amount granted, depending on the extent of the manufacturing that is conducted outside of Israel.
The R&D Law, also provides that know-how from the research and development and any derivatives thereof, cannot be transferred or licensed to Israeli third parties without the approval of the Research Committee. The R&D Law stresses that it is not just transfer of know-how that was prohibited, but also transfer of any rights in such know-how. Approval of the transfer and/or license could be granted only if the Israeli transferee undertook to abide by all of the provisions of the R&D Law and regulations promulgated thereunder, including the restrictions on the transfer of know-how and the obligation to pay royalties, if applicable.
Assignment of the know-how from the research and development and any derivatives thereof, cannot be transferred or licensed to non-Israeli third parties without the approval of the Research Committee, which approval is generally contingent on payment of a significant penalty of up to six times the grant amount plus LIBOR and minus any royalties paid. Such restriction does not apply to exports from Israel of final products developed with such technologies. On May 7, 2017, the IIA published the Rules for Granting Authorization for Use of Know-How Outside of Israel (the “Licensing Rules”). The Licensing Rules enable the approval of out-licensing arrangements and other arrangements for granting of an authorization to an entity outside of Israel to use know-how developed under research and development programs funded by the IIA and any derivatives thereof. Subject to payment of a “License Fee” to the IIA, at a rate that will be determined by the IIA in accordance with the Licensing Rules, the IIA may now approve arrangements for the license of know-how outside of Israel. This allows companies that have received IIA support to commercialize know-how in a manner which was not previously available.
Laws aimed at curtailing the spread of spam have been adopted by the United States federal government, i.e., the CAN-SPAM Act, and certain individual U.S. states, with the CAN-SPAM Act superseding some state laws or certain elements thereof. The Israel government has also adopted an amendment to the Communications Law, 1982, aimed at curtailing the spread of spam transmittal of commercial advertisements by email, fax, SMS or automated dialing systems without the consent of the recipient. Such laws may impact our marketing activities. The law sets punitive fines for advertisers of spam, who may also be subject to civil lawsuits and class actions.
The propagation of email viruses, whether through email or websites, which are aimed at destroying or stealing third party data, is illegal under standard state and federal law outlawing theft, misappropriation, conversion, etc., without the need for special legislation prohibiting such activities on the internet. Despite the existence of these laws, sources for internet viruses continue to spread multi-variant viruses seemingly without much fear of recrimination. New laws providing for more stringent penalties could be adopted in various jurisdictions, but it is unclear what, if any, affect these would have on the antivirus industry in general and our solutions in particular.
On October 6, 2015, the European Court of Justice invalidated the U.S. - EU Safe Harbor framework and the Swiss data protection authorities later invalidated the U.S.-Swiss Safe Harbor framework. Subsequently, the U.S. and E.U. announced agreement on a new framework for transatlantic data flows entitled the EU-US Privacy Shield. We are currently certified under the EU-U.S. Privacy Shield framework with the U.S. Department of Commerce. However, it is possible that Privacy Shield may be challenged in EU courts, so there is some uncertainty regarding its future validity and our ability to rely on it for EU to US data transfers. Additionally, the EU enacted the General Data Protection Regulation (GDPR), which took effect on May 25, 2018 and carries with it significantly increased responsibilities and potential penalties for companies that process EU personal data. In connection with GDPR, we expect increased regulatory and customer attention surrounding data privacy in the EU. Furthermore, outside of the EU, we continue to see increased regulation of data privacy and security, including the adoption of more stringent subject matter specific state laws, national laws regulating the collection and use of data, and security and data breach obligations. We have invested heavily in data sovereignty features to ensure that Cyren customer data is handled in accordance with applicable law. If one or more of the legal bases for transferring data from Europe to the United States is invalidated, if we are unable to transfer data between and among countries and regions in which we operate, or if we are restricted from sharing data among our products and services, it could affect the manner in which we provide our services.
We will continue to monitor legal requirements and will follow additional legal requirements for customer data privacy as they evolve.
We conduct our business on the basis of one reportable segment.
Research and Development
We invest substantial resources in research and development to enhance our products and services, build add-on functionality and improve our core technology. We believe that both hardware and software are critical to expanding our leadership in the security industry. Therefore, we invest heavily in our cloud infrastructure and our new offerings such as CIS. Our engineering team has deep security expertise and works closely with customers to identify their current and future needs. In addition to our focus on hardware and software, our research and development team is focused on research into next-generation threats, which is required to respond to the rapidly changing threat landscape. We plan to continue to significantly invest in resources to conduct our research and development effort.
As of December 31, 2019, we had customers of all sizes across a wide variety of industries. During the year ended December 31, 2019, one customer accounted for approximately 20% of total revenue. No other individual customer accounted for more than 10% of total revenue. During the year ended December 31, 2018, one customer accounted for approximately 17% of total revenue.
The markets in which Cyren competes are intensely competitive and rapidly changing. However, we believe there are few competitors that offer the complete package of anti-spam, antivirus, threat intelligence, email security and web security protections that Cyren provides.
The principal competitive factors in our industry include price, product functionality, product integration, platform coverage and ability to scale, worldwide sales infrastructure and global technical support. Some of our competitors have greater financial, technical, sales, marketing and other resources than we do, as well as greater name recognition and a larger installed customer base. Additionally, some of these competitors have research and development capabilities that may allow them to develop new or improved products that may compete with product lines and services we market and distribute, possibly at a lower cost. Our success will depend on our ability to adapt to these competing forces, to develop more advanced products more rapidly and less expensively than our competitors and/or to purchase new products by way of strategic acquisitions, and to educate potential OEM customers as to the benefits of using our products rather than developing their own products.
In the market for messaging security solutions, there are sophisticated offerings that compete with our solutions. Email defense security providers offering forms of Software-as-a-Service email gateways, multi-functional appliances and managed service solutions and which may be viewed as both competitors and potential customers to Cyren include Google, Symantec, McAfee, Cisco, Proofpoint, and Mimecast. Messaging security providers offering solutions on an OEM basis similar to Cyren’s business model, and which may be viewed as direct competitors, include Proofpoint (via the Cloudmark acquisition), Sophos, Mailshell and Vade Secure.
The market for real-time virus protection products is also constantly evolving, as those designing and proliferating viruses and other malware seek new vulnerabilities and distribution techniques, and also continue to leverage email distribution as a cost-effective medium for accurately targeting broad, numerous potential victims. Cyren’s real-time offering differs from traditional antivirus solutions by leveraging our global footprint and RPD technology to rapidly detect outbreaks, often hours or days before traditional antimalware solutions; it thereby offers a complementary solution to signature and heuristic-based antivirus engines. For this reason, our virus outbreak detection engine has been deployed by many security companies and service providers.
In the market for antimalware solutions, there are vendors offering fairly effective solutions using various technologies based on signatures, emulation and heuristics. Cyren has a targeted OEM/service provider focus, plus an increasing focus on heuristics and zero day effectiveness. Most companies in this space provide endpoint products and, in some cases, make software development kits available on an OEM basis. Competitors to Cyren include Sophos, Bitdefender, Kaspersky, McAfee, Symantec and open source software such as Clam-AV (now part of Cisco).
In the market for web security solutions, there are advanced offerings that compete with our GlobalView URL filtering solution and CWS. Web security providers offering forms of software (secure web gateway), multi-functional appliances and managed service solutions and which may be viewed as both competitors and potential customers to Cyren include McAfee, ForcePoint, Symantec, Zscaler, Barracuda, and Cisco. Web security providers offering solutions on an OEM basis similar to Cyren’s business model, and which may be viewed as direct competitors, include Webroot (acquired by Carbonite/OpenText), Netstar and zvelo.
In the market for anti-phishing solutions targeted at enterprise customers, Gartner has defined a competitive category called Cloud Email Security Supplements (CESS) for providers of cloud delivered supplementary email security solutions such as Cyren Inbox Security(1). Although this is an early stage market, Gartner has identified several competitors to Cyren such as Agari, Avanan, GreatHorn, Graphus, Inky, Ironscales and Vade Secure.
We expect that the markets for internet security solutions will continue to become more consolidated, with companies increasing their presence in this market or entering ancillary markets by acquiring or forming strategic alliances with our competitors or business partners. Industry analyst Momentum Cyber noted that the cybersecurity industry saw a record 188 mergers and acquisitions totaling $27.6 billion dollars in 2019, including several multi-billion dollar deals such as the acquisition of Symantec by Broadcom, the acquisition of Sophos by Thoma Bravo and the acquisition of Carbon Black by VMware(2). See also disclosure under “Risk Factors—Business Risks— we face intense competition and could lose market share to our competitors, which could adversely affect our business, financial condition and results of operations.”
The last several years have possibly experienced the greatest amount of dramatic global incidents directly related to malware and cyber threats since the advent of the internet. From election hacks to global ransomware attacks, malware threats are at an all-time high. As long as these activities prove lucrative, we expect these incidents to get worse.
In this “cyber-war”, with respect specifically to malware, three battlefronts stand out: ransomware, hyper-evasive malware, and malware distribution via HTTPS.
Ransomware has become especially lucrative for cybercriminals. Massive scale ransomware attacks have spread extremely quickly around the globe targeting governments, corporations, and private citizens. With hyper-evasive malware, cybercriminals are using codes designed to specifically detect and evade conventional sandbox detection and analysis. With respect to encrypted HTTPS traffic from “secure” web sites, a 2017 Cyren study of traffic passing through the Cyren security cloud found that almost 40% of all malware being disseminated is utilizing HTTPS connections for distribution or communications, yet surveys show that many companies around the globe are not inspecting that traffic.
It has become clear that cybercriminals know the weak points in standard corporate defenses and are optimizing their attacks to leverage these security gaps in every possible way.
Today, no item or user connected to the internet is immune to attack. While many businesses are still studying what security measures might be necessary, cybercriminals are “all in”, creating dangerous new tools to target companies, governments, and private citizens. We need to be mindful that the world has changed, hyper-evasive malware and threat distribution via HTTPS are growing rapidly; mobile devices— both Android and Apple—are increasingly targets; and Internet of Things (IoT) devices, from refrigerators to televisions, are an inviting new vector for criminal purposes.
(1) Gartner Market Guide for Email Security (Neil Wynne, Peter Firstbrook, Published 6 June 2019).
(2) Momentum Cyber Cybersecurity Almanac (Published 18 February 2020).
Cloud and Mobility
Businesses are going through a massive change in their IT strategies as they look to drive more business value, agility, and better customer experiences.
|●||Business internet traffic continues to increase every year – executives, employees, partners, contractors and customers are accustomed to transacting online. As a result, individuals are far more comfortable opening emails, clicking on links and providing sensitive data and information without questioning the authenticity of the applicable request. The simple organic growth in this usage of the internet is taxing existing legacy appliance solutions that have built-in capacity restrictions limiting their ability to scale.|
|●||Data and applications are increasingly moving to the cloud – where we used to protect the servers, data and applications we ran in our data centers behind an appliance-based security perimeter, today these apps and data have moved outside of this security perimeter and into the cloud.|
|●||More and more users are working remotely — users have left the perimeter, and are working from home offices, airports, hotels, and coffee shops, accessing the internet without protection from our perimeter security appliances.|
As organizations go through this transition, many are finding it increasingly difficult to protect their users, data and networks with traditional on-premise security solutions.
|●||Buyers continue to move away from traditional on-premise solutions — preference for service-based security solutions are growing, driven by innovations, increasing need for security beyond the perimeter, and lower total cost of ownership.|
|●||Mature and legacy on premise deployments are reaching end of life — and these are increasingly being replaced by SaaS alternatives.|
|●||IT security staffing shortages – driving products with lower management overhead, as well as some outsourcing to key technology partners.|
|●||Increasingly fast, sophisticated, expensive and high-profile attacks target organizations of all sizes – attacks are increasingly focused on small companies, less-regulated and less-security aware industries, dictating increased security investment.|
|●||Compliance and regulatory mandates are creating increased concern among buyers, especially as the cost of failure becomes more painful. Continued, large-scale breaches — themselves a driver for security purchases — will bring about even more stringent levels of regulation.|
|●||Heightened cybercrime activity among commercial enterprises and nation states – political and economic motivations are driving cyberattacks of both private enterprises and government entities.|
|●||Automation is increasingly considered critical to accelerating detection and protection, and to countering IT talent shortages.|
These reasons explain why Cyren’s vision for 100% cloud security is compelling to IT security teams looking to protect their businesses in today’s cloud-centric mobile-first world.
As of December 31, 2019, we had 248 total employees and 210 full-time employees.
While employment-related issues occasionally arise in the normal course, we believe that, on the whole, relations with our employees are good.
We were incorporated as a private company under the laws of the State of Israel on February 10, 1991 and our legal form is a company limited by shares. We became a public company on July 15, 1999 under the name Commtouch Software Ltd. In January 2014, we changed our legal name to Cyren Ltd. Our website is https://www.cyren.com. The SEC maintains an internet site that contains reports, proxy and information statements and other information regarding issuers that file electronically with the SEC. Our filings under the Exchange Act are available on our website and are also available electronically from the website maintained by the SEC at www.sec.gov.
Our principal executive offices are located at 10 Ha-Menofim St., 5th Floor, Herzliya, Israel 4672561, where our telephone number is +972–9–863–6888.
ITEM 1A. RISK FACTORS
We have a history of losses and may not be able to achieve or maintain profitability.
We have a history of incurring net losses, including net losses of $18.0 million and $19.4 million in 2019 and 2018, respectively. As a result, we had an accumulated deficit of $231.3 million as of December 31, 2019. Achieving profitability will require us to increase revenue, manage our cost structure, and avoid unanticipated liabilities. We have made and expect to continue to make significant expenditures to develop and expand our business and we do not expect to be profitable in the near term. Revenue growth may slow or revenue may decline for a number of possible reasons, including slowing demand for our solutions, increasing competition, expense reductions, a decrease in the growth of our overall market, the impact of the recent novel coronavirus 2019 (COVID-19) pandemic, or if we fail for any reason to continue to capitalize on growth opportunities. Any failure by us to obtain and sustain profitability, or to continue our revenue growth, could cause the price of our ordinary shares to decline significantly.
If the internet security market does not accept our cloud-based product offerings, our sales will not grow as quickly as anticipated, or at all, and our business, results of operations and financial condition would be harmed.
We are seeking to exploit our cloud-based security offerings, Cyren Cloud Security (“CCS”) and Cyren Inbox Security (“CIS”) to disrupt the internet security and the email security markets and our historic business model. Our success will depend to a substantial extent on the willingness of enterprises, large and small, to increase their use of cloud computing services. The market for messaging security and compliance solutions delivered as a service in particular is at an early stage relative to on-premise solutions, and these applications may not achieve and sustain high levels of demand and market acceptance. In particular, we have been developing CIS since 2018 and expect to make it generally available for purchase in the second quarter of 2020. However, there is no assurance that this product will achieve a high level of demand or market acceptance.
Historically, companies have used appliance-based security products, such as firewalls, intrusion prevention systems, or IPS, anti-virus, or AV, and web and messaging gateways, for their IT security. These enterprises may be hesitant to purchase our cloud-based security offering if they believe that signature-based products, or our competitors’ products, are more cost-effective, provide substantially the same functionality or otherwise provide a sufficient level of IT security. Many enterprises have invested substantial personnel and financial resources to integrate traditional enterprise software or hardware appliances for these applications into their businesses, and currently, most enterprises have not allocated a fixed portion of their budgets to protect against next-generation advanced cyber attacks. As a result, to expand our customer base, we need to convince potential customers to allocate a portion of their discretionary budgets to purchase our products and services. If we do not succeed in convincing customers that our offerings should be an integral part of their overall approach to IT security, our sales will not grow as quickly as anticipated, or at all, which would have an adverse impact on our business, results of operations and financial condition.
In addition, many enterprises may be reluctant or unwilling to use cloud computing services because they have concerns regarding the risks associated with its reliability and security, among other things, of this delivery model, or its ability to help them comply with applicable laws and regulations. If enterprises do not perceive the benefits of this delivery model, then the market for our services and our sales would not grow as quickly as we anticipate or at all and our business, results of operations and financial condition would be harmed.
If the market does not continue to respond favorably to our traditional Threat Intelligence Service security solutions, including our Threat Detection Services and Threat Intelligence Feeds, or future services do not gain acceptance, we will fail to generate sufficient revenues.
Our success depends on the continued acceptance and use of our Threat Intelligence Service security solutions by current and new businesses, Original Equipment Manufacturers (“OEMs”), and service provider customers, plus the interest of such customers in our newest offerings. As the markets for messaging, antivirus and web security products continue to mature and consolidate, we are seeing increasing competitive pressures and demands for even higher quality products at lower prices. This increasing demand comes at a time when internet security threats are more varied and intensive, challenging top end solutions to keep their performance at an industry-acceptable level of accuracy. If our solutions do not continue to evolve to meet market demand, or newer products on the market prove more effective, our business could fail. Also, if growth in the markets for these solutions begins to slow, our business, results of operations and financial condition will suffer dramatically.
If we are unable to effectively integrate future investments and acquisitions, our business operations and financial results will suffer.
Our success will depend, in part, on our ability to expand our service and product offerings and grow our business in response to changing technologies, customer demands and competitive pressures. In some circumstances, we may decide to do so through the acquisition of complementary businesses and technologies rather than through internal development, including, for example, our 2012 acquisition of the antivirus business of the Icelandic company, Frisk Software International (“Frisk”) and the German internet security company eleven GmbH (“eleven”).
If we encounter further difficulties or unforeseen expenditures in integrating the business, technologies, products, personnel or operations of any company that we acquire, the revenue and operating results of the combined company could be adversely affected. The risks we face in connection with acquisitions include:
|●||disruption of our ongoing business, diversion of resources, increased expenses and distraction of our management from operating our business to addressing acquisition integration challenges;|
|●||additional legal and regulatory compliance;|
|●||cultural challenges associated with integrating employees from the acquired companies into our organization;|
|●||inability to retain key employees from the acquired companies;|
|●||inability to strengthen our competitive position, achieve our strategic goals, generate sufficient financial return to offset acquisition costs or realize the expected benefits of the acquisition;|
|●||failure to identify significant problems or liabilities, including liabilities resulting from the acquired companies’ pre-acquisition failure to comply with applicable laws, during our pre-acquisition due diligence;|
|●||difficulties related to our entry into geographic or business markets in which we have little or no prior experience or where competitors have stronger market positions;|
|●||difficulties in, or inability to, successfully sell any acquired products or services;|
|●||difficulties with the coordination of research and development, sales and marketing, accounting, human resources and other general and administrative systems;|
|●||changes in relationships with strategic partners as a result of product acquisitions or strategic positioning resulting from the acquisitions;|
|●||liability for activities of the acquired companies before the acquisition, including intellectual property infringement claims, violations of laws, commercial disputes, tax liabilities and litigation; and|
|●||unanticipated write-offs or charges.|
The occurrence of any of these risks could have a material adverse effect on our business operations and financial results.
We face intense competition and could lose market share to our competitors, which could adversely affect our business, financial condition and results of operations.
The market for security products and services is intensely competitive and characterized by rapid changes in technology, customer requirements, industry standards and frequent new product introductions and improvements. We anticipate continued challenges from current competitors as well as by new entrants into the industry. If we are unable to anticipate or effectively react to these competitive challenges, our competitive position could weaken, and we could experience a decline in our revenue that could adversely affect our business and results of operations.
Many of our existing competitors have, and some of our potential competitors could have, substantial competitive advantages such as:
|●||greater name recognition and larger customer bases;|
|●||larger sales and marketing budgets and resources;|
|●||broader distribution and established relationships with channel and distribution partners and customers;|
|●||greater customer support resources;|
|●||lower labor and research and development costs; and|
|●||substantially greater financial, technical and other resources.|
In addition, some of our larger competitors have substantially broader product offerings and may be able to leverage their relationships with distribution partners and customers based on other products or incorporate functionality into existing products to gain business in a manner that may discourage users from purchasing our products, subscriptions and services, including by selling at zero or negative margins, product bundling or offering closed technology platforms.
Potential customers may also prefer to purchase from their existing suppliers rather than a new supplier regardless of product performance or features. As a result, even if the features of our offerings are superior, customers may not purchase our services or products. In addition, innovative start-up companies, and larger companies that are making significant investments in research and development, may invent similar or superior products and technologies that compete with our product and services. Our current and potential competitors may also establish cooperative relationships among themselves or with third parties that may further enhance their resources. If we are unable to compete successfully, or if competing successfully requires us to take costly actions in response to the actions of our competitors, our business, financial condition and results of operations could be adversely affected.
Some of our competitors have acquired businesses that may allow them to offer more directly competitive and comprehensive solutions than they had previously offered. As a result of such acquisitions, our current or potential competitors might be able to adapt more quickly to new technologies and end user needs, devote greater resources to the promotion or sale of their products and services, initiate or withstand substantial price competition, take advantage of acquisitions or other opportunities more readily, or develop and expand their product and service offerings more quickly than we can. Due to various reasons, organizations may be more willing to incrementally add solutions to their existing security infrastructure from competitors than to replace it with our solutions. These competitive pressures in our market or our failure to compete effectively may result in price reductions, fewer orders, reduced revenue and gross margins, and loss of market share. Any failure to meet and address these factors could seriously harm our business and operating results.
Also, many of our smaller competitors that specialize in providing protection from a single type of business security threat may deliver these specialized business security products to the market more quickly than we can or may introduce innovative new products or enhancements before we do. Conditions in our markets could change rapidly and significantly as a result of technological advancements.
If we are unable to enhance our existing solutions and develop new solutions, our growth will be impeded.
Our ability to attract new customers and increase revenue from existing customers will depend in large part on our ability to enhance and improve our existing solutions and to introduce new solutions. The success of any enhancement or new solution depends on several factors, including the timely completion, introduction and market acceptance of the enhancement or solution. Any enhancement or solution we develop or acquire may not be introduced in a timely or cost-effective manner and may not achieve the broad market acceptance necessary to generate significant revenue. If we are unable to successfully develop or acquire new solutions or enhance our existing solutions to meet customer requirements, we may not grow as expected.
We cannot be certain that our development activities will be successful or that we will not incur delays or cost overruns. Furthermore, we may not have sufficient financial resources to identify and develop new technologies and bring enhancements or new solutions to market in a timely and cost-effective manner. New technologies and enhancements could be delayed or cost more than we expect, and we cannot ensure that any of these solutions will be commercially successful if and when they are introduced.
A loss of any of our large customers could have a material adverse effect on our financial condition and results of operations.
In the year ended December 31, 2019, our three largest customers accounted for approximately 31% of our annual revenues (including our largest customer that accounted for approximately 20% of total revenue). A significant reduction in revenue in the future from these major customers could have a material adverse effect on our financial condition, results of operations and cash flow. In addition, if one or more of our major customers were to develop its own competing technology or to experience economic difficulties, changes in purchasing policies or difficulties in fulfilling their obligations to us, our financial condition could be materially and adversely affected.
Adverse conditions in the national and global financial markets could have a material adverse effect on our business, operating results and financial condition.
Our financial performance depends, in part, on the state of the economy, which may deteriorate in the future including, as a result of the spread or fear of spread of contagious diseases (such as the COVID-19 pandemic). Challenging economic conditions worldwide have from time to time contributed, and may continue to contribute, to slowdowns in the information technology industry, resulting in reduced demand for our solutions as a result of continued constraints on IT-related capital spending by our customers and increased price competition for our solutions. Additionally, concerns regarding the effects of the "Brexit" decision, uncertainties related to changes in public policies such as domestic and international regulations, taxes or international trade agreements as well as geopolitical turmoil and other disruptions to global and regional economies and markets in many parts of the world, have and may continue to put pressure on global economic conditions and overall spending on IT security.
If the economies of countries in which our customers and potential customers are located weaken, our customers may reduce or postpone their spending significantly. This could result in reductions in sales of our services and longer sales cycles, slower adoption of new technologies and increased price competition. In addition, weakness in the end user market could negatively affect the cash flow of our OEM and service provider partners, distributors and resellers who could, in turn, delay paying their obligations to us. This would increase our credit risk exposure and cause delays in our recognition of revenues on future sales to these customers. Specific economic trends, such as declines in the demand for PCs, servers, and other computing devices, or weakness in corporate information technology spending, could have a more direct impact on our business. Any of these events would likely harm our business, operating results and financial condition.
The outbreak of COVID-19 and its international spread may have an adverse effect on our business.
Pandemics and epidemics such as the current COVID-19 outbreak or other widespread public health problems could negatively impact our business. The current outbreak of COVID-19 presents concerns that may dramatically affect our ability to conduct our business effectively, including, but not limited to, our inability to travel to various destinations due to travel restrictions and quarantine requirements, attend certain industry-related conferences and effectively maintain ongoing sales operations. The spread of COVID-19 from China to other countries has resulted in the Director General of the World Health Organization declaring the outbreak of COVID-19 as a pandemic. If COVID-19 continues to spread in ways that negatively impact the overall economy and buying patterns of partners or potential customers, this may materially negatively impact our sales, operating results and business. A significant reduction in global economic activity may result in reduced IT budgets, including for cyber security software. While the ultimate impact of the COVID-19 outbreak or a similar health pandemic or epidemic is highly uncertain and subject to change, a significant duration of the COVID-19 outbreak and related government actions will impact many aspects of our business. If a significant percentage of our workforce is unable to work, either because of illness or travel or government restrictions in connection with the COVID-19 outbreak, our operations may be negatively impacted.
If the perceived general level of advanced cyber attacks declines, demand for our solutions may decrease, our cost of doing business may increase and our business could be harmed.
Our business is substantially dependent on enterprises recognizing that advanced cyber attacks are pervasive and are not effectively prevented by legacy security solutions. High visibility attacks on prominent enterprises and governments have increased market awareness of the problem of advanced cyber attacks and help to provide an impetus for enterprises to devote resources to protecting against advanced cyber attacks, such as purchasing our services and products and broadly deploying our services and products within their organizations. If advanced cyber attacks were to decline, or enterprises perceived that the general level of advanced cyber attacks have declined, our ability to attract new customers and expand our offerings within existing customers could be materially and adversely affected and harm our business, results of operations and financial condition.
In addition, various state legislatures have enacted laws aimed at regulating the distribution of unsolicited email. These and similar legal measures, both in the United States and worldwide, may have the effect of reducing the amount of unsolicited email and malicious software that is distributed and hence diminish the need for our internet security solutions. Any such developments would have an adverse impact on our revenues.
We depend upon OEM partners, service providers and resellers to sell the majority of our products, and if our partners fail to perform, our ability to sell and distribute our products and services will be limited, and our operating results will be harmed.
We expect to continue to be dependent upon OEM partners and service providers for a significant portion of our revenues, which will be derived from sales of our messaging, antivirus and web security solutions. We also expect resellers to become important in the distribution of our newer cloud-based internet security solutions.
We anticipate that in the future we will derive a substantial portion of the sales of CCS and CIS through channel partners. In order to scale our channel program to support growth in our business, it is important that we help our partners enhance their ability to independently sell and deploy our solutions. We may be unable to successfully expand and improve the effectiveness of our channel sales program.
Our operating results and financial condition may be materially adversely affected if:
|●||anticipated orders or payments from these partners fail to materialize;|
our partners cease the promotion of our business or begin to promote solutions other than ours;
|●||our partners are acquired by larger companies who may have other relationships or technologies that lead to the displacement or termination of Cyren contracts;|
|●||our partners do not live up to their contractual agreements or fail to pay for services rendered; or|
|●||our partners’ businesses fail.|
If we are unable to maintain our relationships with these channel partners, or otherwise develop and expand our indirect distribution channel, our business, results of operations, financial condition or cash flows could be adversely affected.
Our quarterly operating results may fluctuate, which could adversely affect our share price.
Our revenues and operating results could vary significantly from period to period as a result of a variety of factors, many of which are outside of our control. As a result, comparing our revenues and operating results on a period-to-period basis may not be meaningful, and shareholders should not rely on our past results as an indication of our future performance. We may not be able to accurately predict our future revenues or results of operations. We base our current and future expense levels on our operating plans and sales forecasts, and our operating costs are relatively fixed in the short-term. As a result, we may not be able to reduce our costs sufficiently to compensate for an unexpected shortfall in revenues, and even a small shortfall in revenues could disproportionately and adversely affect financial results for that quarter. If our revenues or operating results fall below the expectations of investors or any securities analysts that cover our stock, our share price could decline substantially.
A number of factors, many of which are enumerated in this “Risk Factors” section, are likely to cause fluctuations in our operating results or cause our share price to decline. These factors include:
|●||our ability to successfully market both our traditional messaging, antivirus and web security solutions and our newer cloud-based internet security solutions in new markets, both domestic and international;|
|●||our ability to successfully develop and market new, modified or upgraded solutions, as may be needed;|
demand for, and the continued acceptance of our solutions by our current partners and customer base and the level of perceived urgency regarding security threats and compliance requirements;
|●||our ability to expand our workforce with qualified personnel, as may be needed;|
|●||unanticipated bugs or other problems affecting the delivery of our solutions to customers;|
|●||the success of our partners’ sales efforts to their customer base;|
|●||the solvency of our partners and their ability to allocate sufficient resources towards the marketing of our solutions;|
|●||our partners’ ability to effectively integrate our solutions into their product offerings;|
|●||the substantial decrease in information technology spending;|
|●||the pricing of our solutions;|
|●||our ability to timely collect fees owed by our customers and partners;|
general economic conditions, including a global slowdown (for example, as a result of the COVID-19 outbreak);
|●||sudden, dramatic fluctuations in exchange rates of currencies covering the fees we collect from our foreign customers versus the currencies utilized in our business (namely, the Israeli Shekel (“ILS”), the U.S. Dollar (“USD”), the Euro (“EUR”) and the British Pound (“GBP”);|
|●||our ability to add cost-effective space and equipment to our current data centers in a timely and effective manner to match the rate of growth in our business, plus our ability to build new, cost-effective data centers as worldwide demand for our products may require;|
|●||the effectiveness of our end user support, whether provided by our customers or directly by Cyren;|
|●||customer budgeting cycles and seasonal buying patterns;|
|●||the extent to which customers subscribe for additional solutions or increase the number of users;|
|●||any disruption in our sales channels or termination of our relationship with strategic channel partners;|
|●||insolvency or credit difficulties confronting our customers, affecting their ability to purchase or pay for our solutions; and|
|●||price competition or any changes in the competitive landscape of our industry, including consolidation among our competitors, customers, partners or resellers.|
Our indebtedness may have an adverse effect on our business or limit our ability to take advantage of business, strategic or financing opportunities; our debt instruments contain certain events of default which, if triggered, may result in acceleration of our debt.
On March 19, 2020, we issued $10.25 million aggregate principal amount of our 5.75% convertible debentures due March 19, 2024 (the “Convertible Debentures”). On December 5, 2018, we issued $10.0 million aggregate principal amount of 5.75% convertible notes due December 5, 2021 (the “Convertible Notes”). Our Convertible Debentures and Convertible Notes contain certain covenants with which we must comply and events of default which, if triggered, may result in the Convertible Debentures and/or Convertible Notes becoming immediately due and payable. These events of default include, but are not limited to, failure to pay interest and principal when due, failure to perform any term, covenant or agreement contained in the Convertible Debentures or Convertible Notes, certain events of bankruptcy, insolvency or reorganization, and certain defaults on our obligations under other debt instruments. In addition, as long as the Convertible Debentures and Convertible Notes are outstanding, we must obtain consent of the holders in order to take the following actions as required by the respective debt instruments:
|●||incur certain additional indebtedness or guarantee indebtedness;|
|●||create certain liens;|
|●||sell certain assets;|
|●||make certain amendments to our charter documents;|
|●||repay, repurchase or acquire ordinary shares or indebtedness except under certain circumstances;|
|●||pay cash dividends or distributions on any equity securities; or|
|●||enter into transactions with affiliates, with certain exceptions.|
These consent requirements could restrict us from taking any of the above actions that we believe to be in our best interests and could adversely affect our ability to obtain additional financing, engage in certain business activities, take advantage of business opportunities, or otherwise execute our business strategies. In addition, our ability to comply with the terms of the Convertible Debentures and the Convertible Notes may be affected by general economic conditions, industry conditions, and other events beyond our control. As a result, we cannot assure you that we will be able to comply with these terms. Failure to comply with the terms of the Convertible Debentures or the Convertible Notes could result in a default under these debt instruments, upon which the outstanding debt would become immediately due and payable. This could have serious consequences to our financial condition and results of operations. We cannot assure you that our assets or cash flow would be sufficient to repay our obligations under the Convertible Debentures or the Convertible Notes if accelerated upon an event of default, or that we would be able to borrow sufficient funds to refinance these debt instruments.
Our ability to continue to increase our revenues will depend on our ability to successfully execute our sales and business development plan.
The complexity of the underlying technological base of messaging, antivirus and web security solutions, and the current landscape of the markets, require highly trained sales and business development personnel to educate prospective distributors, resellers, OEM and service provider partners and customers regarding the use and benefits of our solutions. We continue to be substantially dependent on our sales force to obtain new customers and to drive additional use cases and adoption among our existing customers. We believe that there is significant competition for sales personnel with the skills and technical knowledge that we require. Our ability to achieve significant revenue growth will depend, in large part, on our success in recruiting, training and retaining sufficient numbers of sales personnel to support our growth. New hires require significant training and may take significant time before they achieve full productivity. Our recent hires and planned hires may not become productive as quickly as we expect, and we may be unable to hire or retain sufficient numbers of qualified individuals in the markets where we do business or plan to do business.
Our future success depends on our ability to sell additional solutions to our customers, such as our CIS solution which we expect to make generally available for purchase in the second quarter of 2020. This may require increasingly sophisticated and costly sales efforts and may not result in additional sales. In addition, the rate at which our customers purchase additional solutions depends on a number of factors, including the perceived need for additional solutions, growth in the number of end users, and general economic conditions. If our efforts to sell additional solutions to our customers are not successful, our business, financial condition and/or results of operations may suffer.
We rely on our management team and other key employees and will need additional personnel to grow our business, and the loss of one or more key employees or our inability to attract and retain qualified personnel could harm our business.
Our success is substantially dependent on our ability to attract, retain and motivate the members of our management team and other key employees throughout our organization. Competition for highly skilled personnel is intense in Israel, Germany, Iceland, the United Kingdom, Sunnyvale, Austin, and the Washington D.C. metro area, where we have offices and a need for highly skilled personnel. We may not be successful in attracting qualified personnel to fulfill our current or future needs. Our competitors may be successful in recruiting and hiring members of our management team or other key employees, and it may be difficult for us to find suitable replacements on a timely basis, on competitive terms, or at all. Also, to the extent we hire employees from mature public companies with significant financial resources, we may be subject to allegations that such employees have been improperly solicited, that they have divulged proprietary or other confidential information or that their former employers own such employees’ inventions or other work product.
In addition, we believe that it is important to establish and maintain a corporate culture that facilitates the maintenance and transfer of institutional knowledge within our organization and also fosters innovation, teamwork, a passion for customers and a focus on execution.
The loss of our software developers or senior operations personnel may also adversely affect the continued development and support of both our current messaging, antivirus and web security solutions and future solutions presently included in our roadmap for development, thereby causing our operating results to suffer and the value of your investment to decline.
We do not have employment agreements inclusive of set periods of employment with any of our key personnel. We cannot prevent them from leaving at any time. We do not maintain key-person life insurance policies, listing us as a beneficiary, on any of our employees. If one or more of our key employees resigns or otherwise ceases to provide us with their service, our business, financial condition and/or results of operations could be harmed.
Our business and operating results could suffer if we do not successfully address potential risks inherent in doing business overseas.
We market and sell our products worldwide and have personnel in many parts of the world. In addition, we have sales offices and research and development facilities outside the United States, and we conduct, and expect to continue to conduct, a significant amount of our business with companies that are located outside the United States, particularly in Europe, Israel and Asia. We also enter into strategic distributor and reseller relationships with companies in certain international markets where we do not have a local presence. If we are not able to maintain successful strategic distributor relationships internationally or recruit additional companies to enter into strategic distributor relationships, our future success in these international markets could be limited. Business practices and regulations in the international markets that we serve differ from those in the United States and Israel and periodically require us to include terms other than our standard terms in customer contracts. To the extent that we enter into customer contracts that include non-standard terms related to payment, warranties, or performance obligations, our operating results may be adversely impacted.
Additionally, our international sales and operations are subject to a number of risks, including the following:
|●||greater difficulty in enforcing contracts and accounts receivable collection and longer collection periods;|
|●||the uncertainty of protection for intellectual property rights in some countries;|
|●||greater risk of changes in regulatory practices, tariffs, and tax laws and treaties;|
|●||risks associated with trade restrictions and foreign legal requirements, including the importation, certification, and localization of our products required in foreign countries;|
|●||the potential that our operations in Israel and the U.S. may limit the acceptability of our products to some foreign governments, and vice versa;|
|●||greater risk of a failure of foreign employees, partners, distributors, and resellers to comply with both U.S. and foreign laws, including antitrust regulations, and any trade regulations ensuring fair trade practices;|
|●||heightened risk of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of, or irregularities in, financial statements;|
|●||the potential for acts of terrorism, hostilities or war;|
the impact of COVID-19 on the economic conditions in these foreign markets and the travel restrictions in and between various geographic regions;
increased expenses incurred in establishing and maintaining office space and equipment for our multinational operations;
|●||greater difficulty in recruiting local experienced personnel, and the costs and expenses associated with such activities;|
|●||management communication and integration problems resulting from cultural and geographic dispersion;|
|●||fluctuations in exchange rates between the U.S. Dollar, Shekel, Euro, Pound and other foreign currencies in markets where we do business; and|
|●||general economic and political conditions and uncertainties in these foreign markets.|
These factors and other factors could harm our ability to gain future international revenues and, consequently, materially impact our business, operating results, and financial condition. The expansion of our existing international operations and entry into additional international markets will require significant management attention and financial resources.
Changes in the tax treatment of companies engaged in internet commerce may adversely affect the commercial use of our services and our financial results.
Due to the global nature of the internet and the global reach of our network, it is possible that various states or countries might attempt to regulate our transmissions or levy sales, income, consumption, use or other taxes relating to our services or activities, or impose obligations on us to collect such taxes. Tax authorities in many jurisdictions are currently reviewing the appropriate treatment of companies engaged in internet commerce such as the provision of cloud computing services and other online services. The imposition of new or revised tax laws or regulations may subject us to additional sales, income, consumption, use or other taxes. We cannot predict the effect of current attempts to impose such taxes on commerce over the internet. New or revised taxes and, in particular, sales, use or consumption taxes, the Value Added Tax and similar taxes would likely increase the cost of doing business online. New taxes could also create significant increases in internal costs necessary to capture data, and collect and remit taxes. Any of these events could have an adverse effect on our business and results of operations.
The application of tax laws is subject to interpretation and if tax authorities challenge our methodologies or our analysis of our tax rates it could result in an increase to our worldwide effective tax rate and cause us to change the way we operate our business.
The application of the tax laws of various jurisdictions to our international business activities is subject to interpretation and also depends on our ability to operate our business in a manner consistent with our corporate structure and intercompany arrangements. The tax authorities of the jurisdictions in which we operate may challenge our methodologies for valuing developed technology or intercompany arrangements, including our transfer pricing, or determine that the manner in which we operate our business does not achieve the expected tax consequences, which could increase our worldwide effective tax rate and adversely affect our financial position and results of operations.
A certain degree of judgment is required in evaluating our tax positions and determining our provision for income taxes. In the ordinary course of business, there are many transactions and calculations for which the ultimate tax determination is uncertain. For example, our effective tax rates could be adversely affected by earnings being lower than anticipated in countries where we have lower statutory rates and higher than anticipated in countries where we have higher statutory rates, by changes in foreign currency exchange rates or by changes in the relevant tax, accounting and other laws, regulations, principles and interpretations. As we operate in numerous taxing jurisdictions, the application of tax laws can be subject to diverging and sometimes conflicting interpretations by tax authorities of these jurisdictions. It is not uncommon for tax authorities in different countries to have conflicting views, for instance, with respect to, among other things, the manner in which the arm’s length standard is applied for transfer pricing purposes, or with respect to the valuation of intellectual property. In addition, tax laws are dynamic and subject to change as new laws are passed and new regulations or interpretations of the law are issued or applied. For example, the work being carried out by the OECD on base erosion and profit shifting as a response to increasing globalization of trade could result in changes in tax treaties or the introduction of new legislation that could impose an additional tax on businesses. As a result of changes to laws or interpretations, our tax positions could be challenged, and our income tax expenses could increase in the future.
For instance, if tax authorities in any of the countries in which we operate were to successfully challenge our transfer prices, they could require us to reallocate our income (or part of our income) to reflect transfer pricing adjustments, which could result in an increased tax liability to us. In addition, if the country from which the income was reallocated did not agree with the reallocation asserted by the first country, we could become subject to tax on the same income in both countries, resulting in double taxation. If tax authorities were to allocate income to a higher tax jurisdiction, subject our income to double taxation or assess interest and penalties, it could increase our tax liability, which could adversely affect our financial position and results of operations.
We are subject to privacy and data protection laws and regulations in various jurisdictions, including the EU General Data Protection Regulation, as well as contractual privacy and data protection obligations, which may limit the use and adoption of, or require modification of, our products and services and could affect our marketing activities. Our failure to comply with such laws, regulations or obligations could subject us to liability and could harm our reputation and business.
Our industry is highly regulated, and many federal, state and foreign government bodies and agencies have adopted, or are adopting, laws and regulations regarding the collection, use, and disclosure of personal information. Some of our solutions process customer data which may contain the personal information of end users, and any failure to adequately address privacy concerns, or to otherwise comply with applicable privacy laws and regulations could result in liability, damage to our reputation, loss of sales, or further harm our business. Privacy concerns, whether or not valid, may inhibit market adoption of our solutions. The costs of compliance with such laws and regulations that apply to our customers’ business may in turn limit their use and adoption of our products and services and therefore reduce overall demand for them.
We are subject to the privacy and data protection laws and regulations adopted by Israel, Europe and the United States and potentially other jurisdictions. Where the local data protection and privacy laws of a jurisdiction apply, we may be required to register our operations in that jurisdiction or make changes to our business so that registered users’ data is only collected and processed in accordance with applicable local law. The proliferation of such laws within the jurisdictions in which we operate may result in conflicting and contradictory requirements, particularly in relation to evolving technologies such as cloud computing. Any failure to successfully navigate the changing regulatory landscape could result in legal liability or impairment to our reputation in the marketplace, which could have a material adverse effect on our business, results of operations and financial condition.
In particular, the European Union has imposed greater obligations under their privacy and data protection laws. For example, the European Union adopted the General Data Protection Regulation (GDPR) which took effect on May 25, 2018 and is wide ranging in scope. GDPR replaced, to a large extent, the data protection laws of each European Union member state and imposed stringent requirements for data processors and controllers. Such requirements include more fulsome disclosures about the processing of personal information, data retention limits and deletion requirements, mandatory notification in the case of a data breach and heightened standards regarding valid consent in some specific cases of data processing. The GDPR also includes substantially higher penalties for failure to comply (a fine up to 20 million Euro or up to 4% of the annual worldwide turnover, whichever is greater, can be imposed). Given the breadth of the GDPR, compliance with its requirements is likely to continue to require significant expenditure of resources on an ongoing basis, and there can be no assurance that the measures we have taken for the purposes of compliance will be successful in preventing a breach of the GDPR. Given the potential fines, liabilities and damage to our reputation in the event of an actual or perceived breach of the GDPR, such a breach may have an adverse effect on our business and operations.
Similarly, California recently enacted the California Consumer Privacy Act (“CCPA”), which, among other things, requires covered companies to provide new disclosures to California consumers and afford such consumers new rights to opt-out of certain sales of personal information. In addition, other states have enacted or proposed legislation that regulates the collection, use, and sale of personal information, and such regimes might not be compatible with either the GDPR or the CCPA or may require us to undertake additional practices. We cannot yet predict the impact of the CCPA or impending legislation on our business or operations, but it may require us to further modify our data processing practices and policies and incur substantial costs and expenses in an effort to comply.
Further, in June 2016, “Brexit" (described below) could lead to further legislative and regulatory changes. The United Kingdom Data Protection Act that substantially implements the GDPR became law in May 2018 and was subject to statutory amendments in 2019 that further align it with the GDPR. The development of United Kingdom data protection laws or regulations and regulation of data transfers to and from the United Kingdom in the medium to longer term, however, remains unclear.
Even the perception of privacy, data protection or information security concerns, whether or not valid, may harm our reputation, inhibit adoption of our products by current and future customers, or adversely impact our ability to hire and retain workforce talent. If our security measures are or are believed to be inadequate or breached as a result of third-party action, employee negligence, error or malfeasance, product defects, social engineering techniques or otherwise, and this results in, or is believed to result in, the disruption of the confidentiality, integrity or availability of our systems or networks or any data we process or maintain, or the loss, destruction or corruption of such data, or our privacy practices are or are perceived to be inadequate, we could incur significant liability, we could face a loss of revenues, and our business may suffer and our reputation and competitive position may be damaged.
If any of our customers or prospective customers decide not to purchase our products or services because of regulatory uncertainty, our revenues could decline and our business could suffer. Any inability by us, or a third-party contractor, to adequately address privacy concerns, whether valid or not, or to comply with applicable privacy or data protection laws, regulations and privacy standards, could result in additional cost and liability to us, damage our reputation, inhibit sales of our solutions and harm our business.
Uncertainty regarding the effects of Brexit could adversely affect our future results.
The United Kingdom (“UK”) left the European Union (“EU”) on January 31, 2020 (“Brexit”). At that time, the EU treaties automatically ceased to apply to the UK. However, as part of the withdrawal agreement between the UK and the EU, an implementation period has been agreed which will extend the application of EU law and provide for continuing membership of the EU single market until the end of 2020 (with the possibility of extension). The withdrawal agreement does not in general address the future relationship between the UK and the EU, which will be the subject of a separate negotiation and agreement between the UK and the EU.
As such, the ongoing negotiations surrounding Brexit have yet to provide clarity on what the final outcome will be for the UK or the EU. The unavoidable uncertainties related to Brexit and the new relationship between the UK and EU, which continues to be defined, could cause volatility in currency exchange rates, in interest rates, and in EU, UK or worldwide political, regulatory, economic or market conditions; and could contribute to instability in political institutions, regulatory agencies, and financial markets. Any of these effects of Brexit, and others that cannot be anticipated, could adversely affect our future results.
We may not have the resources or skills required to adapt to the changing technological requirements and shifting preferences of our customers and their users.
The messaging, antimalware and web security industries are characterized by difficult technological challenges, sophisticated distributors of internet security threats, multiple-variant viruses, advanced persistent threats, unique phishing scams and constantly evolving malevolent software distribution practices and targets that could render our solutions and proprietary technology ineffective. Our success depends, in part, on our ability to continually enhance our existing messaging, antimalware and web security solutions and to develop new solutions, functions and technology that address the potential needs of prospective and current customers and their users.
Many of our end users operate in markets characterized by rapidly changing technologies and business plans, which require them to adapt to increasingly complex IT networks, incorporating a variety of hardware, software applications, operating systems and networking protocols. As their technologies and business plans grow more complex, we expect these customers to face new and increasingly sophisticated methods of attack. We face significant challenges in ensuring that our solutions effectively identify and respond to these advanced and evolving attacks without disrupting our customers’ network performance. As a result of the continued rapid innovations in the technology industry, including the rapid growth of smart phones, tablets and other devices and the trend of “bring your own device” in enterprises, we expect the networks of our end users to continue to change rapidly and become more complex.
We have identified and implemented a number of new products and enhancements to our platform that we believe are important to our continued success in the IT security market. Going forward, we may not be successful in developing and marketing, on a timely basis, such new products or enhancements or our new products or enhancements may not adequately address the changing needs of the marketplace. In addition, some of our new products and enhancements may require us to develop new architectures that involve complex, expensive and time-consuming research and development processes. Although the market expects rapid introduction of new products and enhancements to respond to new threats, the development of these products and enhancements is difficult and the timetable for commercial release and availability is uncertain, as there can be significant time lags between initial beta releases and the commercial availability of new products and enhancements. We may experience unanticipated delays in the availability of new products and enhancements to our platform and fail to meet customer expectations with respect to the timing of such availability. If we do not quickly respond to the rapidly changing and rigorous needs of our customers by developing, releasing and making available on a timely basis new products and enhancements to our services and products that can adequately respond to advanced threats and our customers’ needs, our competitive position and business prospects will be harmed. Furthermore, from time to time, we, or our competitors, may announce new products with capabilities or technologies that could have the potential to replace or shorten the life cycles of our existing services products. Announcements of new products could cause customers to defer purchasing our existing services or products.
Additionally, the process of developing new technology is expensive, complex and uncertain. The success of new products and enhancements depends on several factors, including appropriate component costs, timely completion and introduction, differentiation of new products and services from those of our competitors, and market acceptance. To maintain our competitive position, we must continue to commit significant resources to developing new products or services before knowing whether these investments will be cost-effective or achieve the intended results. We may not be able to successfully identify new product opportunities, develop and bring new products or services to market in a timely manner, or achieve market acceptance of our platform. Products and technologies developed by others may render our offerings obsolete or noncompetitive. If we expend significant resources on researching and developing products or services and such products and services are not successful, our business, financial position and results of operations may be adversely affected. We may not be able to use new technologies effectively or adapt to OEM, service provider, customer or end user requirements or emerging industry standards.
Our solutions may be adversely affected by defects or denial of service attacks, which could cause our OEM and service provider partners, customers or end users to stop using our solutions.
Our messaging, antimalware and web security solutions are based in part upon new and complex software and highly advanced computer systems. Complex software and computer systems can contain defects, particularly when first introduced or when new versions are released, and are possible targets for denial of service attacks instigated by “hackers”. Although we conduct extensive testing and implement internet security processes, we may not discover defects or vulnerabilities in our software or systems that affect our new or current solutions or enhancements until after they are delivered. Although we have not experienced any material defects or vulnerabilities to date in our messaging, antimalware and web security offerings, it is possible that, despite testing by us, defects or vulnerabilities may exist in the solutions we provide. These defects or vulnerabilities could cause or lead to interruptions for customers of our solutions, resulting in damage to our reputation, legal risks, loss of revenue, delays in market acceptance and diversion of our development resources, any of which could cause our business, financial condition and/or results of operations to suffer.
Real or perceived defects, errors or vulnerabilities in our services or the failure of our services to block malware or prevent a cyber-attack or security breach could harm our reputation and adversely impact our business, financial condition and results of operations.
Because our products and services are complex, they have contained and may contain design or manufacturing defects or errors that are not detected until after their commercial release and deployment by our end users. For example, from time to time, certain of our end users have reported defects in our products related to performance, scalability and compatibility that were not detected before offering the service. Additionally, defects may cause our products or services to be vulnerable to security attacks, cause them to fail to help secure networks or temporarily interrupt end users’ networking traffic. Because the techniques used by computer hackers to access or sabotage networks change frequently and may not be recognized until launched against a target, we may be unable to anticipate these techniques and provide a solution in time to protect our end users’ networks.
Furthermore, as a well-known provider of internet security solutions, our networks, products, and services could be targeted by attacks specifically designed to disrupt our business and harm our reputation. In addition, our data centers, which are located in various locations worldwide, and networks may experience technical failures and downtime, may fail to distribute appropriate updates, or may fail to meet the increased requirements of a growing end user base, any of which could temporarily or permanently expose our end users’ networks, leaving their networks unprotected against the latest security threats.
Any real or perceived defects, errors or vulnerabilities in our services, or any other failure of our services to detect an advanced threat, could result in certain events, including:
|●||a loss of existing or potential customers or channel partners;|
|●||delayed or lost revenue;|
|●||a delay in attaining, or the failure to attain, market acceptance;|
|●||the expenditure of significant financial and product development resources in efforts to analyze, correct, eliminate, or work around errors or defects, to address and eliminate vulnerabilities, or to identify and ramp up production with alternative third-party manufacturers;|
an increase in service level availability or warranty claims, or an increase in the cost of servicing such claims, either of which would adversely affect our revenue and gross margins;
negative publicity, which could harm to our reputation or brand;
|●||lost market share;|
|●||loss of our proprietary technology;|
|●||our solutions being susceptible to hacking or electronic break-ins or otherwise failing to secure data;|
|●||loss or disclosure of our customers’ confidential information, or the inability to access such information; and|
|●||litigation, regulatory inquiries or investigations that may be costly to address and further harm our reputation.|
Data thieves are sophisticated, often affiliated with organized crime and operate large scale and complex automated attacks. In addition, their techniques change frequently and generally are not recognized until launched against a target. If we fail to identify and respond to new and complex methods of attack and to update our services to detect or prevent such threats in time to protect our end users’ systems, our business and reputation will suffer.
An actual or perceived security breach or theft of the sensitive data of one of our end users, regardless of whether the breach is attributable to the failure of our products or services, could adversely affect the market’s perception of our security offerings. Despite our best efforts, there is no guarantee that our products and services will be free of flaws or vulnerabilities, and even if we discover these weaknesses, we may not be able to correct them promptly, if at all. A breach of our systems could also result in the disclosure of sensitive and confidential information as well as information regarding our customers, end users and partners. Our end user customers may also misuse our products and services, which could result in a breach or theft of business data.
If the delivery of our services to our customers is interrupted or delayed for any reason, our business could suffer.
Any interruption or delay in the delivery of our services will negatively impact our customers. Our solutions are deployed via the internet, and our customers’ internet traffic is routed through our cloud platform. Our customers depend on the continuous availability of our services, and our services are designed to operate in accordance with applicable service level commitments. The adverse effects of any service interruptions on our reputation and financial condition may be disproportionately heightened due to the nature of our business and the fact that our customers expect continuous and uninterrupted service and have a low tolerance for interruptions of any duration.
The following factors, many of which are beyond our control, can affect the delivery and availability of our services and the performance of our cloud:
|●||the development and maintenance of the infrastructure of the internet;|
|●||the performance and availability of third-party telecommunications services with the necessary speed, data capacity and security for providing reliable internet access and services;|
|●||decisions by the owners and operators of the data centers where our cloud infrastructure is deployed or by global telecommunications service provider partners who provide us with network bandwidth to terminate our contracts, discontinue services to us, shut down operations or facilities, increase prices, change service levels, limit bandwidth, declare bankruptcy or prioritize the traffic of other parties;|
|●||the occurrence of earthquakes, floods, fires, power loss, system failures, physical or electronic break-ins, acts of war or terrorism, human error or interference (including by disgruntled employees, former employees or contractors) and other catastrophic events;|
|●||failure by us to maintain and update our cloud infrastructure to meet our traffic capacity requirements;|
|●||errors, defects or performance problems in our software, including third-party software incorporated in our software;|
|●||improper deployment or configuration of our services; and|
|●||the failure of our redundancy systems, in the event of a service disruption at one of our data centers, to provide failover to other data centers in our data center network.|
The occurrence of any of these factors, or if we are unable to efficiently and cost-effectively fix such errors or other problems that may be identified, could damage our reputation, negatively impact our relationship with our customers or otherwise materially harm our business, results of operations and financial condition.
Our messaging, antimalware and web security solutions may be adversely affected if we are not able to receive a sufficient sampling of internet traffic or our data centers were to become unavailable.
Our messaging, antimalware and web security solutions are dependent, in part, on the ability of our data centers to analyze, in an automated fashion, live feeds of internet and web related traffic received through our services to customers and other contractual arrangements. If we were to suffer an unanticipated, substantial decrease in such traffic or our multiple data centers become unavailable for any significant period, the effectiveness of our technologies would drop, our product offerings would become less attractive to customers/potential customers and revenues could decline.
False detection of applications, viruses, malware, spyware, vulnerability exploits, data patterns or URL categories could adversely affect our business.
Our classifications of application type, virus, malware, spyware, vulnerability exploits, data, or URL categories may falsely detect applications, content or threats that do not actually exist. This risk is heightened by the inclusion of a “heuristics” feature in our products, which attempts to identify applications and other threats not based on any known signatures but based on characteristics or anomalies which indicate that a particular item may be a threat. These “false positives”, while typical in our industry, may impair the perceived reliability of our products and may therefore adversely impact market acceptance of our services and products. If our services and products restrict important files or applications based on falsely identifying them as malware or some other item that should be restricted, this could adversely affect end users’ systems and cause material system failures. Any such false identification of important files or applications could result in damage to our reputation, negative publicity, loss of end users and sales, increased costs to remedy any problem, and costly litigation.
Our cloud-based enterprise SaaS security offerings include newer service offerings, so we may not see the customer traction in these offerings that we anticipate.
Security-as-a-Service (“SecaaS”) is a model of cloud-based services offerings. In March 2017, we launched CCS 4.0 which unified four fully cloud based internet security services on one platform including – CWS, CES, DNS security and cloud sandboxing. During 2019, Cyren revised its enterprise product strategy to focus on email security solutions, threat detection services, threat intelligence and cloud sandbox threat analysis, and began to de-emphasize standalone and bundled Web Security (CWS) offerings due to lack of significant customer traction. We expect to make CIS generally available for purchase in the second quarter of 2020 and other enterprise products during the second half of 2020. The solutions we are promoting and will promote to this market enable us to offer internet security solutions directly to our Enterprise customers or through our channel partners. Among other things, this cloud-based approach is intended to speed up the process of moving our solutions to market, and ease the integration burden for our customers.
In recent years, companies have begun to expect that key security software services, such as URL filtering, be provided through a SecaaS model. In order to provide CCS and CIS via a SecaaS deployment, we have made and will continue to make capital investments to implement this alternative business model, which could negatively affect our financial results. Even with these investments, the SecaaS business model for CCS and CIS may not be successful. Because of the newness of the technologies involved and the resulting learning curve required of all employees in the sale and support of the new offerings, we cannot be certain that we will convince potential customers of the benefits of these new offerings and sell them at the rate we anticipate. If we fall short of our expectations, and especially given the significant resources invested by us in bringing these new offerings to market, our financial results will suffer and the value of shareholder investments will decline.
If we fail to develop or protect our Cyren brand name, our business may be harmed.
Developing and maintaining awareness and integrity of our company and our new brand are important to achieving widespread acceptance of our existing and future offerings and are important elements in attracting new customers. The importance of brand recognition will increase as competition in our market further intensifies. Successful promotion of our brand will depend on the effectiveness of our marketing efforts and on our ability to provide reliable and useful solutions at competitive prices. We plan to continue investing substantial resources to promote our brand, both domestically and internationally, but there is no guarantee that our brand development strategies will enhance the recognition of our brand. Some of our existing and potential competitors have well-established brands with greater recognition than we have. If our efforts to promote and maintain our brand are not successful, our operating results and our ability to attract and retain customers may be adversely affected. In addition, even if our brand recognition and loyalty increases, this may not result in increased use of our solutions or higher revenue.
Our use of open source technology could impose limitations on our ability to commercialize our solutions.
We use open source software in certain of our solutions, and although we monitor our use of open source software to avoid subjecting our solutions to conditions we do not intend, the terms of many open source licenses have not been interpreted by U.S. or foreign courts. As a result, there is a risk that these licenses could be construed in a way that could impose unanticipated conditions or restrictions on our ability to commercialize our solutions. From time to time, we may face claims from third parties claiming ownership of, or demanding release of, the open source software or derivative works that we have developed using such software or otherwise seeking to enforce the terms of the applicable open source license. In such an event, we could be required to seek licenses from third parties to continue offering our solutions, to make our proprietary code generally available in source code form, to re-engineer our solutions or to discontinue the sale of our solutions if re-engineering could not be accomplished on a timely basis, any of which could adversely affect our business, operating results and financial condition.
Risks Related to our Ordinary Shares
We may not be able to comply with all applicable listing requirements or standards of The Nasdaq Capital Market and Nasdaq could delist our ordinary shares.
Our ordinary shares are currently listed on The Nasdaq Capital Market. To maintain that listing, we must satisfy minimum financial and other continued listing requirements and standards. One such requirement is that we maintain a minimum bid price of at least $1.00 per ordinary share. As of March 27, 2020, the bid price of our ordinary shares has closed below $1.00 per share for 13 consecutive trading days. If the bid price of our ordinary shares remains below such threshold for 30 consecutive trading days, Nasdaq may take steps to delist our ordinary shares for our lack of compliance with the $1.00 minimum bid price requirement.
There can be no assurance that we will continue to be in compliance with the $1.00 minimum bid price requirement or comply with Nasdaq’s other continued listing standards in the future. In the event that our ordinary shares are not eligible for continued listing on Nasdaq or another national securities exchange, trading of our ordinary shares could be conducted in the over-the-counter market or on an electronic bulletin board established for unlisted securities such as the Pink Sheets or the OTC Bulletin Board. In such event, it could become more difficult to dispose of, or obtain accurate price quotations for, our ordinary shares, and there would likely also be a reduction in our coverage by security analysts and the news media, which could cause the price of our ordinary shares to decline further. Also, it may be difficult for us to raise additional capital if we are not listed on a major exchange.
The issuance of additional shares in connection with financings, acquisitions, investments, our equity incentive plans, conversion of our convertible notes and debentures or otherwise will dilute other shareholders. In addition, our failure in the future to raise additional capital or generate the significant capital necessary to expand our operations and invest in new services and products could reduce our ability to compete and could harm our business.
We have made, and intend to continue to make, investments to support our business growth and may require additional funds to respond to business challenges, including the need to develop new features to enhance our services and products, improve our operating infrastructure or acquire complementary businesses and technologies. Accordingly, we may need to engage in equity or debt financings to secure additional funds. For example, in December 2018, we issued $10 million aggregate principal amount of Convertible Notes to an existing minority investor in a private placement. In November 2019, we closed our rights offering, pursuant to which we issued 4,635,584 ordinary shares at $1.73 per share, including 4,624,277 shares issued to Warburg Pincus. In addition, in March 2020, we issued $10.25 million aggregate principal amount of our Convertible Debentures to accredited investors in a private placement. Our shareholders have experienced dilution of their equity interests as a result of these issuances and prior issuances. Furthermore, we may elect to satisfy interest payments on the Convertible Notes and Convertible Debentures by the issuance of ordinary shares based on the market price at the time of the interest payment. Subject to certain exceptions, if we issue equity securities at a price lower than the current conversion prices of the Convertible Debentures and the Convertible Notes, the conversion prices will be reduced, which would cause further dilution.
We evaluate financing opportunities from time to time, and our ability to obtain financing will depend, among other things, on our development efforts, business plans and operating performance and the condition of the capital markets at the time we seek financing. If we raise additional equity or convertible debt financing, our shareholders may experience further significant dilution of their ownership interests and the per share value of our ordinary shares could decline. Furthermore, if we engage in debt financing, the holders of debt would have priority over the holders of our ordinary shares, and we may be required to accept terms that restrict our ability to incur additional indebtedness or that otherwise restrict our ability to operate our business. We may also be required to take other actions that would otherwise be in the interests of the debt holders and force us to maintain specified liquidity or other ratios, any of which could harm our business, operating results, and financial condition. We may not be able to obtain additional financing on terms favorable to us, if at all. If we are unable to obtain adequate financing or financing on terms satisfactory to us when we require it, our ability to continue to support our business growth and to respond to business challenges could be significantly impaired, and our business may be adversely affected.
Our alternative strategies to fund our operations and meet our cash obligations may not be successful.
As previously disclosed, in 2019, the Board approved a contingency plan to be effected if needed, in whole or in part, at its discretion, to allow the Company to continue its operations and meet its cash obligations beyond the next 12 month reporting period. The contingency plan, which has been updated for 2020, consists of cost reduction, which mainly involves reductions in consultants’ expenses, headcount, compensation paid to key management personnel and capital expenditures. In addition, the Board from time to time considers possible strategic alternatives which could result in, among other things, a sale, a merger, consolidation or business combination, asset divestiture, partnering or other collaboration agreements, or potential acquisitions or recapitalizations, in one or more transactions, or continuing to operate with our current business plan and strategy or our approved contingency plan. We cannot assure you that any of our alternative strategies to meet our cash obligations including, our contingency plan, identifying or completing a strategic alternative or raising additional capital and/or financing on acceptable terms, would be successful. If we fail to successfully implement one or more of our strategies, our business and cash flows would be materially adversely affected.
We are controlled by Warburg Pincus whose interest in our business may be different from yours.
Our controlling shareholder, Warburg Pincus, holds approximately 54% of our outstanding ordinary shares as of February 29, 2020, and has the right to nominate the number of directors proportional to its holdings of our outstanding shares. Currently, four directors nominated by Warburg Pincus serve on our Board. Warburg Pincus is able to exercise significant influence over many matters requiring the approval of our Board and/or shareholders, including the election of directors and approval of significant corporate transactions. In addition, our other directors and our executive officers that are not related to Warburg Pincus (together known as “affiliated entities”), beneficially own, in the aggregate, approximately 7% of our outstanding ordinary shares as of February 29, 2020. If they vote together (especially if they were to exercise all vested options into shares entitled to voting rights in the Company), these shareholders will be able to exercise influence over matters requiring a special majority vote of our shareholders, including the compensation of directors and approval of certain significant corporate transactions. In this regard, we know of no shareholders or voting agreement between major shareholders or between such shareholders and directors or officers.
In addition, conflicts of interest may arise as a consequence of the control by Warburg Pincus, including:
|●||conflicts between Warburg Pincus and our other shareholders whose interests may differ with respect to, among other things, our strategic direction or significant corporate transactions;|
|●||conflicts related to corporate opportunities that could be pursued by us, on the one hand, or by Warburg Pincus, on the other hand; or|
|●||conflicts related to existing or new contractual relationships between us, on the one hand, and Warburg Pincus, on the other hand.|
U.S. holders of our shares could be subject to material adverse tax consequences if we are considered a “passive foreign investment company” for U.S. federal income tax purposes.
We do not believe that we are a passive foreign investment company, and we do not expect to become a passive foreign investment company. However, our status in any taxable year will depend on our assets, income and activities in each year, and because this is a factual determination made annually after the end of each taxable year, there can be no assurance that we will not be considered a passive foreign investment company for the current taxable year or any future taxable years. If we were a passive foreign investment company for any taxable year while a taxable U.S. holder held our shares, such U.S. holder could face adverse U.S. federal income tax consequences, including having gains realized on the sale of our ordinary shares classified as ordinary income, rather than as capital gain, the loss of the preferential rate applicable to dividends received on our ordinary shares by individuals who are U.S. holders, and having interest charges apply to distributions by us and the proceeds of share sales.
U.S. holders that own 10% or more of the vote or value of our ordinary shares may suffer adverse tax consequences because we and/or any of our non-U.S. subsidiaries are expected to be characterized as a “controlled foreign corporation,” or a CFC, under Section 957(a) of the U.S. Internal Revenue Code of 1986, as amended, or the Code.
A non-U.S. corporation is considered a CFC if more than 50% of (1) the total combined voting power of all classes of stock of such corporation entitled to vote, or (2) the total value of the stock of such corporation, is owned, or is considered as owned by applying certain constructive ownership rules, by United States shareholders (U.S. persons who own stock representing 10% or more of the vote or 10% or more of the value) on any day during the taxable year of such non-U.S. corporation. Certain United States shareholders of a CFC generally are required to include currently in gross income such shareholders’ share of the CFC’s “Subpart F income,” a portion of the CFC’s earnings to the extent the CFC holds certain U.S. property, and a portion of the CFC’s “global intangible low-taxed income” (as defined under Section 951A of the Code). Such United States shareholders are subject to current U.S. federal income tax with respect to such items, even if the CFC has not made an actual distribution to such shareholders. “Subpart F income” includes, among other things, certain passive income (such as income from dividends, interests, royalties, rents and annuities or gain from the sale of property that produces such types of income) and certain sales and services income arising in connection with transactions between the CFC and a person related to the CFC. “Global intangible low-taxed income” may include most of the remainder of a CFC’s income over a deemed return on its tangible assets.
As a result of certain changes in the U.S. tax law introduced by the Tax Cuts and Jobs Act, we believe that we and our non-U.S. subsidiaries would be classified as CFCs in the current taxable year. For U.S. holders who hold 10% or more of the vote or value of our ordinary shares, this may result in adverse U.S. federal income tax consequences, such as current U.S. taxation of Subpart F income and of any such shareholder’s share of our accumulated non-U.S. earnings and profits (regardless of whether we make any distributions), taxation of amounts treated as global intangible low-taxed income under Section 951A of the Code with respect to such shareholder, and being subject to certain reporting requirements with the U.S. Internal Revenue Service, or the IRS. Any such U.S. holder who is an individual generally would not be allowed certain tax deductions or foreign tax credits that would be allowed to a U.S. corporation. If you are a U.S. holder who holds 10% or more of the vote or value of our ordinary shares, you should consult your own tax advisors regarding the U.S. tax consequences of acquiring, owning, or disposing our ordinary shares and the impact of the Tax Cuts and Jobs Act, especially the changes to the rules relating to CFCs.
We do not intend to pay dividends for the foreseeable future.
We have never declared or paid any dividends on our ordinary shares. We intend to retain any earnings to finance the operation and expansion of our business, and we do not anticipate paying any cash dividends in the future. As a result, you may only receive a return on your investment in our ordinary shares if the market price of our ordinary shares increases.
Intellectual Property Risks
If we fail to adequately protect our intellectual property rights or face a claim of intellectual property infringement by a third party, we could lose our intellectual property rights or be liable for significant damages.
We regard our patented and patent pending technology, copyrights, service marks, trademarks, trade secrets and similar intellectual property as critical to our success, and rely on patent, trademark and copyright law, trade secret protection and confidentiality or license agreements with our employees and customers to protect our proprietary rights. See Item 1. Business, Intellectual Property for information pertaining to our patent activities. We may seek to patent certain additional software or other technology in the future. Any such patent applications might not result in patents issued within the scope of the claims we seek, or at all.
Despite our precautions, unauthorized third parties may copy certain portions of our technology, reverse engineer or obtain and use information that we regard as proprietary or otherwise infringe or misappropriate our patent or our patent pending technology, trade secrets, copyrights, trademarks and similar proprietary rights. In addition, the laws of some foreign countries do not protect proprietary rights to the same extent as do the laws of the United States. Thus, our means of protecting our proprietary rights in the United States or abroad, as well as our financial resources, may not be adequate, and competitors may independently develop similar technology. Given the cost, effort, risks and downside of obtaining patent protection, including the requirement to ultimately disclose the invention to the public, we may not choose to seek patent protection for certain innovations. However, such patent protection could later prove to be important to our business. Even if issued, there can be no assurance that any patents will have the coverage originally sought or adequately protect our intellectual property, as the legal standards relating to the validity, enforceability and scope of protection of patent and other intellectual property rights are uncertain. Any patents that are issued may be invalidated or otherwise limited, or may lapse or may be abandoned, enabling other companies to better develop products that compete with our solutions, which could adversely affect our competitive business position, business prospects and financial condition.
We cannot be certain that our security solutions do not infringe issued patents in certain parts of the world. Therefore, other parties, whether in the United States or elsewhere, may assert infringement claims against us. We may also be subject to legal proceedings and claims from time to time in the ordinary course of our business, including claims of alleged infringement of copyrights, trademarks and other intellectual property rights of third parties by ourselves and our customers. Our customer agreements typically include indemnity provisions, so we may be obligated to defend against third party intellectual property rights infringement claims on behalf of our customers. Such claims, even if not meritorious, could result in the expenditure of significant financial and managerial resources. We may not have the proper resources in order to adequately defend against such claims.
Risks Relating to Operations in Israel
Conditions in Israel may limit our ability to develop and sell our products, resulting in a decline in revenues.
We are incorporated under the laws of the State of Israel. Our principal research and development facilities are located in Israel. Since the establishment of the State of Israel in 1948, a number of armed conflicts have taken place between Israel and its neighboring countries, as well as incidents of civil unrest, and a number of state and non-state actors have publicly committed to its destruction. Political, economic and military conditions in Israel could directly affect our operations. We could be adversely affected by any major hostilities involving Israel, including acts of terrorism or any other hostilities involving or threatening Israel, the interruption or curtailment of trade between Israel and its trading partners, a significant increase in inflation or a significant downturn in the economic or financial condition of Israel. Any on-going or future violence between Israel and the Palestinians, armed conflicts, terrorist activities, tension along the Israeli borders or with other countries in the region, including Iran, or political instability in the region could disrupt international trading activities in Israel and may materially and negatively affect our business and could harm our results of operations.
Certain countries, as well as certain companies and organizations, continue to participate in a boycott of Israeli firms, firms with large Israeli operations and others doing business with Israel and Israeli companies. In addition, such boycott, restrictive laws, policies or practices may change over time in unpredictable ways, and could, individually or in the aggregate, have a material adverse effect on our business in the future. Should the BDS Movement, the movement for boycotting, divesting and sanctioning Israel and Israeli institutions (including universities) and products become increasingly influential in the United States, Europe and around the world, this may also adversely affect our business and financial condition.
Some of our employees in Israel, including some of our executive officers, are obligated to perform annual military reserve duty in the Israel Defense Forces, depending on their age and position in the armed forces. Furthermore, they may be called to active reserve duty at any time under emergency circumstances for extended periods of time. Our operations could be disrupted by the absence, for a significant period, of one or more of our executive officers or key employees due to military service, and any significant disruption in our operations could harm our business.
Because a substantial portion of our revenues historically have been generated in U.S. dollars (USD) and the Euro (EUR), and a significant portion of our expenses have been incurred in Israeli Shekel (ILS), British Pound (GBP) and Icelandic Krona (ISK), our results of operations may be adversely affected by currency fluctuations.
We have generated a substantial portion of our revenues in USD and EUR, and incurred a substantial portion of our expenses, principally salaries and related personnel expenses, office rent and other outside services, in currencies other than USD. Those expenses incurred in Israel are denominated in Shekels, those incurred in the United Kingdom are denominated in GBP and those incurred in Iceland are denominated in ISK. We anticipate that a significant portion of our expenses will continue to be denominated in these currencies. As a result, we are exposed to risk to the extent that the value of the USD depreciates against the ILS, GBP and ISK or to the extent that the value of the USD appreciates against the EUR. In those events, the USD cost of Cyren’s operations will increase and the USD value of Cyren’s revenues will decrease, respectively, and the Company’s USD measured results of operations will be adversely affected. During 2019, the USD value of operating costs denominated in ILS and GBP increased due to the depreciation of the USD vs. all such currencies, while the USD value of operating costs denominated in ISK decreased due to the appreciation of the USD, and the USD value of revenues denominated in EUR increased due to the depreciation of the USD vs the EUR. During 2018, the USD value of operating costs denominated in ILS, GBP and ISK decreased due to the appreciation of the USD vs. all such currencies, and the USD value of revenues denominated in EUR decreased due to the appreciation of the USD vs the EUR.
We cannot predict the trend for future years. Our operations also could be adversely affected if we are unable to guard against currency fluctuations in the future. To date, we have not engaged in any significant hedging transactions. In the future, we may enter into currency hedging transactions to decrease the risk of financial exposure from fluctuations in the exchange rate of the dollar against the ILS. Foreign currency fluctuations, and our attempts to mitigate the risks caused by such fluctuations, could have a material and adverse effect on our results of operations and financial condition.
The government programs and benefits which we previously received require us to meet several conditions and may be terminated or reduced in the future.
We received grants from the Government of Israel through a program with the Israel Innovation Authority, or the IIA (formerly known as the Office of the Chief Scientist of the Israeli Ministry of Economy and Industry, or OCS), pursuant to the Israeli Law for the Encouragement of Industrial Research and Development, 1984, and related regulations (the “R&D Law”), to finance a significant portion of our research and development expenditures in Israel. In 2019 and 2018, we received $0.0 and $228 thousand, respectively.
In order to meet specified conditions in connection with grants and programs of the IIA, we have made representations to the Israel government about our Israeli operations. One of the grants requires a minimum commitment of three years and we are required to share information with other companies and academics. From time to time, the conduct of our Israeli operations has deviated from our forecasts. If we fail to meet the conditions of the grants, including the maintenance of a material presence in Israel, or if there is any material deviation from the representations made by us to the Israeli government, we could be required to refund the grants previously received (together with an adjustment based on the Israeli consumer price index and an interest factor) and would likely be ineligible to receive IIA grants in the future.
In addition, the terms of our IIA grants and programs prohibit the manufacture outside of Israel of the product developed in accordance with the program without the prior consent of the Research Committee. Such approval is generally subject to an increase in the total amount to be repaid to the IIA to between 120% and 300% of the amount granted, depending on the extent of the manufacturing that is conducted outside of Israel. In addition, the R&D Law provides that know-how from the research and development and any derivatives thereof, cannot be transferred or licensed to Israeli third parties without the approval of the Research Committee. The R&D Law stresses that it is not just transfer of know-how that is prohibited, but also transfer of any rights in such know-how. Approval of the transfer and/or license may be granted only if the Israeli transferee undertakes to abide by all of the provisions of the R&D Law and regulations promulgated thereunder, including the restrictions on the transfer of know-how and the obligation to pay royalties, if applicable.
You may have difficulties enforcing a U.S. judgment against us and our executive officers and directors or asserting U.S. securities laws claims in Israel.
Cyren Ltd. is organized under the laws of Israel, and we maintain significant operations in Israel. In addition, a significant portion of our assets are located outside the United States. Service of process upon our non-U.S. resident directors and enforcement of judgments obtained in the United States against them and Cyren Ltd. may be difficult to obtain within the United States. It may be difficult to enforce civil causes of actions under U.S. securities law in original actions instituted in Israel. Israeli courts may refuse to hear a claim based on a violation of U.S. securities laws because Israel is not the most appropriate forum in which to bring such a claim. In addition, even if an Israeli court agrees to hear a claim, it may determine that Israeli law and not U.S. law is applicable to the claim. If U.S. law is found to be applicable, the substance of the applicable U.S. law must be proved as a fact, which can be a time-consuming and costly process. Certain matters of procedure will also be governed by Israeli law. Furthermore, there is little binding case law in Israel addressing these matters.
Israeli courts might not enforce judgments rendered outside Israel which may make it difficult to collect on judgments rendered against us. Subject to certain time limitations, an Israeli court may declare a foreign civil judgment enforceable only if it finds that (a) the judgment was rendered by a court which was, according to the laws of the state of the court, competent to render the judgment; (b) the judgment may no longer be appealed; (c) the obligation imposed by the judgment is enforceable according to the rules relating to the enforceability of judgments in Israel and the substance of the judgment is not contrary to public policy; and (d) the judgment is executory in the state in which it was given.
Even if these conditions are satisfied, an Israeli court will not enforce a foreign judgment if it was given in a state whose laws do not provide for the enforcement of judgments of Israeli courts (subject to exceptional cases) or if its enforcement is likely to prejudice the sovereignty or security of the State of Israel. An Israeli court also will not declare a foreign judgment enforceable if (i) the judgment was obtained by fraud; (ii) there is a finding of lack of due process; (iii) the judgment was rendered by a court not competent to render it according to the laws of private international law in Israel; (iv) the judgment is at variance with another judgment that was given in the same matter between the same parties and that is still valid; or (v) at the time the action was brought in the foreign court, a suit in the same matter and between the same parties was pending before a court or tribunal in Israel.
In addition, if a foreign judgment is enforced by an Israeli court, it generally will be payable in ILS, which can then be converted into foreign currency at the rate of exchange of such foreign currency on the date of payment. Pending collection, the amount of the judgment of an Israeli court stated in ILS (without any linkage to a foreign currency) ordinarily will be linked to the Israeli consumer price index plus interest at the annual statutory rate prevailing at such time. Judgment creditors bear the risk of unfavorable exchange rates.
Provisions of Israeli law may delay, prevent or make difficult an acquisition of Cyren Ltd., which could prevent a change of control and therefore depress the price of our shares.
Israeli corporate law regulates mergers and acquisitions of shares through tender offers, requires special approvals for transactions involving officers, directors or significant shareholders and regulates other matters that may be relevant to these types of transactions. Furthermore, Israeli tax considerations may make potential transactions unappealing to us or to our shareholders whose country of residence does not have a tax treaty with Israel exempting such shareholders from Israeli tax. For example, Israeli tax law does not recognize tax-free share exchanges to the same extent as U.S. tax law. With respect to mergers, Israeli tax law allows for tax deferral in certain circumstances but makes the deferral contingent on the fulfillment of a number of conditions, including a holding period of two years from the date of the transaction during which sales and dispositions of shares of the participating companies are subject to certain restrictions. Moreover, with respect to certain share swap transactions, the tax deferral is limited in time, and when such time expires, the tax becomes payable even if no disposition of the shares has occurred. These and other similar provisions could delay, prevent or impede an acquisition of our company or our merger with another company, even if such an acquisition or merger would be beneficial to us or to our shareholders.
Your rights and responsibilities as a shareholder will be governed by Israeli law which differs in some respects from the rights and responsibilities of shareholders of U.S. companies.
We are incorporated under Israeli law. The rights and responsibilities of the holders of our ordinary shares are governed by our Articles of Association and Israeli law. These rights and responsibilities differ in some respects from the rights and responsibilities of shareholders in typical U.S.-based corporations. In particular, a shareholder of an Israeli company has a duty to act in good faith toward the company and other shareholders and to refrain from abusing its power in the company, including, among other things, in voting at the general meeting of shareholders on matters such as amendments to a company’s articles of association, increases in a company’s authorized share capital, mergers and acquisitions and interested party transactions requiring shareholder approval. In addition, a controlling shareholder, a shareholder who knows that it possesses the power to determine the outcome of a shareholder vote or to appoint or prevent the appointment of a director or executive officer in the company, has a duty of fairness toward the company. There is limited case law available to assist us in understanding the implications of these provisions that govern shareholders’ actions. These provisions may be interpreted to impose additional obligations and liabilities on holders of our ordinary shares that are not typically imposed on shareholders of U.S. corporations.
We have lost our foreign private issuer status, which will result in significant additional costs and expenses.
On January 1, 2019, as a result of losing our foreign private issuer status, we became a “U.S. domestic issuer”. The regulatory and compliance costs to us under U.S. securities laws as a U.S. domestic issuer are significantly higher than the costs we previously incurred as a foreign private issuer. In addition to having to make the above described filings with the U.S. Securities and Exchange Commission, which are more detailed than forms typically filed by a foreign private issuer, we lost our ability to rely upon exemptions from certain corporate governance. We were also required to make certain changes to our corporate governance practices and update certain of our policies to comply with requirements applicable to U.S. domestic issuers. Compliance with these additional requirements has resulted in significant legal and financial compliance costs and will continue to make some activities more time consuming and costly. In addition, our management and other personnel needs to divert attention from operational and other business matters to devote substantial time to these requirements.
We are a “controlled company” within the meaning of the Nasdaq Listing Rules and rely on exemptions from certain corporate governance requirements.
Warburg Pincus controls a majority of our ordinary shares. As a result, we are a “controlled company” within the meaning of the Nasdaq Listing Rules. Under these rules, a company of which more than 50% of the voting power for the election of directors is held by an individual, a group or another company is a “controlled company” and may elect not to comply with certain Nasdaq corporate governance requirements, including, without limitation (i) the requirement that a majority of the board of directors consist of independent directors, (ii) the requirement that the compensation of our officers be determined or recommended to our board of directors by a compensation committee that is comprised solely of independent directors, and (iii) the requirement that director nominees be selected or recommended to the board of directors by a majority of independent directors or a nominating committee comprised solely of independent directors. We nevertheless have a Compensation Committee comprised of all independent directors. In light of our status as a controlled company, at present, five out of ten directors on our board are independent. In addition, our Nominating and Governance Committee, while not comprised solely of independent directors, is comprised of a majority of independent directors. Accordingly, you will not have the same protections afforded to stockholders of companies that are subject to all of the Nasdaq corporate governance requirements.
ITEM 1B. UNRESOLVED STAFF COMMENTS
ITEM 2. PROPERTIES
Our principal executive office in Herzilya, Israel, is approximately 18,342 square feet and houses research and development, sales, marketing, support and administrative personnel. The lease for our Herzliya office expires in April 30, 2023, with a five-year extension option.
We lease additional offices in the United States and Europe. Our U.S. subsidiary Cyren Inc. is headquartered in McLean, Virginia in an office of approximately 4,707 square feet and it houses executive management, finance, HR and administrative personnel; its office in Sunnyvale, California (approximately 2,497 square feet), is staffed by operations, sales and marketing personnel; and its office in Austin, TX (approximately 4,177 square feet) which houses sales, marketing and support personnel. A portion of our leased office space in the United States has been sub-leased. Our subsidiary Cyren Iceland hf is located in Hafnarfjordur, Iceland in an office of approximately 7,136 square feet, which houses antivirus research and development and operations and some administrative personnel. Our subsidiary Cyren GmbH is based in Berlin, Germany, in an office of approximately 9,496 square feet, which houses research and development, operations, sales, marketing and administrative personnel. Our subsidiary Cyren UK Ltd. is based in Bracknell, UK in an office of approximately 3,180 square feet, which houses sales and marketing personnel.
ITEM 3. LEGAL PROCEEDINGS
In June 2017, zvelo, Inc. (“zvelo”) filed a Statement of Claim in the Tel Aviv District Court. The Company and zvelo had been parties to an agreement for the receipt of certain URL categorization and filtering services. In September 2015, the Company terminated the agreement, effective as of December 31, 2015. zvelo claimed that the Company continued to make use of zvelo’s data post termination in breach of the agreement, infringing on zvelo’s rights and commercial secrets, and being unjustly enriched. zvelo claimed damages of NIS 11,000,000 and an order for the Company to cease from utilizing such data. The Company filed a statement of defense in November 2017, and, in accordance with the court’s recommendation, the parties engaged in a mediation process. In September 2018 and January 2019, zvelo filed lawsuits against two of the Company’s customers in the District Court for the District of Colorado in the United States alleging trade secret misappropriation and seeking injunctive relief and monetary damages in an amount to be determined and the Company agreed to indemnify both customers against those claims. As such, the Company took over the representation in those lawsuits. On September 30, 2019, the court dismissed one of the lawsuits in its entirety for lack of personal jurisdiction and, in the second lawsuit, dismissed part of the claims with prejudice but granted zvelo the right to amend its other claims. On October 31, 2019, zvelo filed an amended complaint. On December 27, 2019, the Company and zvelo entered into a settlement agreement with respect to all pending claims. For additional information, please refer to Note 7 of the consolidated financial statements included elsewhere in this Annual Report.
We may, from time to time, be party to litigation and subject to claims that arise in the ordinary course of business. In addition, third parties may, from time to time, assert claims against us in the form of letters and other communications. We currently believe that these ordinary course matters will not have a material adverse effect on our business, consolidated financial position, results of operations or cash flows; however, the results of litigation and claims are inherently unpredictable. Regardless of the outcome, litigation can have an adverse impact on us because of defense and settlement costs, diversion of management resources and other factors.
ITEM 4. MINE SAFETY DISCLOSURE
ITEM 5. MARKET FOR REGISTRANT’S COMMON EQUITY, RELATED STOCKHOLDER MATTERS AND ISSUER PURCHASES OF EQUITY SECURITIES
Market for our Ordinary Shares
Our ordinary shares trade on the Nasdaq Capital Market under the symbol “CYRN”. We delisted the company’s ordinary shares from trading on the TASE on April 10, 2019. As of March 15, 2019, there were 33 record holders of our ordinary shares.
If the Company decides to distribute a cash dividend, Israeli residents who are individuals are generally subject to Israeli income tax at a rate of either 25% or 30%, if the recipient of such dividend is a “substantial shareholder” at the time of distribution or at any time during the preceding 12-month period, unless the cash dividend is paid out of income that has been tax exempt due to an “approved enterprise” status under the Law for the Encouragement of Capital Investments, 5719-1959, in which case the Company will be subject to corporate tax at a rate then in effect under Israeli law on the amount of cash dividend and in addition, an Israeli shareholder, corporation or individual, will be subject to a tax rate of 20% on such cash dividend distribution. In addition, Israeli resident corporations are generally exempt from Israeli corporate tax for dividends paid on our ordinary shares. Pursuant to the Convention Between the Government of the United States of America and the Government of Israel with Respect to Taxes on Income, as amended (the “U.S.-Israel Tax Treaty”), the maximum tax on dividends paid to a holder of our ordinary shares who qualifies as a resident of the United States within the meaning of the U.S.-Israel Tax Treaty is 25% or 15% in case of dividends paid out of the profits of an “approved enterprise”, subject to certain conditions. Furthermore, dividends not generated by an “approved enterprise” paid to a U.S. corporation holding at least 10% of our issued voting power during the part of the tax year which precedes the date of payment of the dividend and during the whole of its prior tax year (if any), are generally taxed at a rate of 12.5%, subject to certain conditions. The Company has never declared or paid cash dividends on its ordinary shares. However, the Company has not adopted a policy not to pay cash dividends and therefore may declare a dividend in the future. The actual amount, timing and frequency of future dividends, if any, will be at the sole discretion of the board of directors and will be declared based upon various factors, many of which are beyond our control. The Company’s current plans are to retain future earnings primarily to finance the development of its business and for other corporate purposes.
Equity Compensation Plan Information
See “Item 12. Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters” for disclosure regarding our equity compensation plans.
Unregistered Sales of Equity Securities
Repurchases of our Equity Securities
ITEM 6. SELECTED FINANCIAL DATA
ITEM 7. MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS
The following discussion and analysis of our financial condition and results of operations should be read in conjunction with the information contained in our consolidated financial statements and the notes thereto. The following discussion and analysis includes forward-looking statements that involve certain risks and uncertainties, including, but not limited to, those described in Item 1A. Risk Factors. Our actual results may differ materially from those discussed below. See “Special Note Regarding Forward-Looking Statements” and Item 1A. Risk Factors.
Purpose built for the cloud, Cyren is an early pioneer and leading innovator of Software-as-a-Service (SaaS) security solutions that protect businesses, their employees and customers against threats from email and the web.
Cyren’s cloud-based approach to security sets us apart from other vendors in the market. Our security solutions are architected around the fundamental belief that cyber security is a race against time – and the cloud best enables the speed, sophistication and advanced automation needed to detect and block threats as they emerge on the internet. As more and more businesses move their data and applications to the cloud, they need a security provider that is able to keep pace.
Cyren’s security cloud delivers faster detection and protection, with SaaS security solutions that inspect web and email traffic before it reaches a user’s browser or inbox – often identifying and blocking threats in just seconds. Our SaaS solutions are easy to deploy and manage, delivering critical security and faster innovation, for a low total cost of ownership.
Cyren’s cloud security products and services fall into three categories:
|●||Cyren Threat Detection Services – these services detect a variety of threats in email and from the web, and are embedded into products from the world’s leading technology and security vendors. Cyren Threat Detection Services include our Email Security Detection Engine, Malware Detection Engine, Web Security Engine, and Threat Analysis Service.|
|●||Cyren Threat Intelligence Feeds – Cyren’s threat intelligence feeds provide valuable threat intelligence data that can be used by enterprise or OEM customers to support threat detection, threat hunting and incident response. Cyren’s threat intelligence feed offerings include IP Reputation Intelligence, Phishing Intelligence, Malware Intelligence and Zombie Intelligence.|
|●||Cyren Enterprise Email Security Products – these include cloud-based solutions designed for enterprise customers, and are sold either directly or through channel partners. Cyren enterprise email security products include Cyren Email Security, a cloud-based secure email gateway and Cyren Inbox Security, an anti-phishing product for Office 365.|
Key Opportunities and Challenges
The last several years have possibly experienced the greatest amount of dramatic global incidents directly related to malware and cyber threats since the advent of the internet. From election hacks to global ransomware attacks, malware threats are at an all-time high. Phishing attacks have become increasingly common, and no company, large or small seems immune to these threats. Hackers have become more successful at monetizing these attacks, and as long as these activities prove lucrative, we expect these incidents to continue.
Cloud and Mobility
Businesses are going through a massive change in their IT strategies as they look to drive more business value, agility, and better customer experiences, while cloud and mobility are becoming increasingly important, as evidenced by the following trends:
|●||Business internet traffic continues to increase every year;|
|●||Data and applications are increasingly moving to the cloud;|
|●||More and more users are working remotely;|
|●||Buyers continue to move away from traditional on-premise solutions;|
|●||Mature and legacy on premise deployments are reaching end of life and are increasingly being replaced by cloud and SaaS alternatives;|
|●||IT security staffing shortages;|
|●||Increasingly fast, sophisticated, expensive and high-profile attacks target organizations of all sizes;|
|●||Compliance and regulatory mandates;|
|●||Heightened cybercrime activity among commercial enterprises and nation states;|
|●||Automation is increasingly considered critical to accelerating detection and protection;|
|●||The need to simplify operations through vendor consolidation.|
These are some of the reasons why we believe Cyren’s vision for 100% cloud security is compelling to IT security teams looking to protect their businesses in today’s cloud-centric mobile-first world.
Investments in Operations, Research and Development and Sales and Marketing
Our cost of revenues, research and development expenses, and sales and marketing expenses are all significant contributing factors to our operating losses. Over time, we expect that our utilization of our cloud infrastructure will increase and provide the opportunity for improved gross margins. Our investments in research and development are required in order to enhance and improve our solutions. In the future, we expect to lower the rate of R&D investment as a percentage of revenue, and we expect to be able to drive more revenue from existing solutions rather than by adding new solutions. The return on our sales and marketing investment is tied to attracting new customers and enhancing our business with existing customers, thereby lowering the overall sales and marketing costs as a percent of revenues. During 2019 we reduced our overall headcount in order to reduce expenses, and we believe managing future headcount and expense growth will be key in improving our gross and operating margins over time.
Growing Our Enterprise Business
Although all of our services are subscription services, our Enterprise offerings on the CCS and CIS platforms are typically invoiced up front for an annual contract amount, or the full multi-year contract amount, at the start of the term. As a result, this business is expected to provide a larger immediate contribution to cash flow and better return on investment. As this enterprise business grows as a portion of our overall revenues, we expect to increase deferred revenue and our operating results and cash flow to improve, which will make us less reliant on other sources of capital in the future.
Components of our Operating Results
We derive revenues from the sale of real-time cloud-based services for each of Cyren’s email security, web security, antimalware and advanced threat protection offerings.
We sell all of our solutions as subscription services, either through OEMs and service providers, which are considered Cyren customers, or as complete security services directly, or indirectly via our partners, to enterprises.
Cost of Revenue
Personnel costs, which consist of salaries, benefits, bonuses and stock-based compensation for employees that operate our network and provide support services to our customers, as well as data center costs, are the most significant components of our cost of revenues. Other costs include third party contractors, royalties for use of third-party technologies, amortization of intangibles and depreciation of data center equipment. We expect these costs may increase in absolute dollars as we continue to optimize our cloud infrastructure and our support services, but should reduce as a percentage of overall revenue.
Our operating expenses consist of research and development, sales and marketing, and general and administrative expenses. Personnel costs, which consist of salaries, benefits, bonuses, and stock-based compensation, are the most significant component of our operating expenses. Operating expenses also include allocated overhead costs for facilities, IT and depreciation. We expect operating expenses to increase in absolute dollars as we continue to grow.
Research and Development. Research and development expenses consists primarily of personnel costs, outsourced engineering and threat analysis services. We believe these investments are crucial for our ability to continue to enhance the functionality of our services, as well as to develop and introduce new services to the market. We expect research and development expenses may decrease as we release our new products later in 2020. Development costs related to internal use technology that supports our security services are capitalized on the balance sheet, while other development costs are expensed as they are incurred.
Sales and Marketing. Sales and marketing expenses primarily include personnel costs, sales commissions, marketing activities, and travel associated with sales and marketing. We market and sell our services worldwide through our sales organization and distribution channels. We capitalize sales commissions paid to internal sales personnel and amortize these expenses over an estimated period of benefit that reflects the expected future revenue streams. We reduced sales and marketing expense in 2019 but anticipate that we may need to increase investment in these areas as we launch or new products and enhance our sales and marketing teams to support our further growth. Our sales personnel are typically not immediately productive, and therefore the increase in expenses we incur when adding personnel is not immediately accompanied by increased revenue and in some cases may not result in increased revenue if these new sales personnel are unsuccessful in becoming productive.
General and Administrative. General and administrative expenses consist primarily of personnel costs, audit fees, legal expenses, recruiting expenses and other general operating costs. We expect our general and administrative expenses to continue to grow in absolute dollars as we continue our operational growth.
Other Income (Expense), net
Other income (expense), net consists generally of capital gain or loss from the sale of assets. However, in the first quarter of 2019, we reached a financial settlement with the former shareholders of eleven related to the legal dispute regarding the amount and timing of the earn-out payments related to the acquisition of eleven (the “eleven settlement”). Since the financial settlement was less than the accrued interest and the unpaid earn-out consideration on the Company’s balance sheet was reflected as other income during the period.
Financial Expenses, net
Financial expenses, net consist mainly of foreign exchange gains and losses, interest expense on our outstanding debt and interest income earned on our cash and cash equivalents. In 2019, these expenses also included income related to the accounting for a multi-year arrangement where a customer paid upfront the full contract value. This has been deemed a significant financing component under ASC 606.
Our tax benefit is derived primarily from income taxes in foreign jurisdictions in which we conduct business. We estimate income taxes in each of the jurisdictions in which we operate. This process involves determining income tax expense together with calculating the deferred income tax expense related to temporary differences resulting from the differing treatment of items for tax and accounting purposes. Deferred tax assets and liabilities are measured using enacted tax rates in effect for the year in which those temporary differences are expected to be recovered or settled. These temporary differences result in deferred tax assets and liabilities, which are included net as applicable within our balance sheets. For most of our recent years, we have incurred operating losses in Israel and the U.S., where we have recorded a full valuation allowance against our deferred tax assets in those jurisdictions.
Results of Operations
The following table sets forth financial data for the years ended December 31, 2019 and 2018 (in thousands):
|Year ended December 31,|
|Cost of revenues||15,557||14,540|
|Research and development, net||15,801||16,116|
|Sales and marketing||13,825||16,202|
|General and administrative||10,877||8,343|
|Total operating expenses||40,503||40,661|
|Other income (expense), net||266||(11||)|
|Financial expense, net||(727||)||(255||)|
|Loss before taxes on income||(18,130||)||(19,567||)|
Comparison of Years Ended December 31, 2019 and 2018
Revenues. 2019 revenues of $38.4 million increased by $2.5 million from $35.9 million in 2018, which represents a 7% year-over-year increase. The increase was mainly driven by a contract expansion with our largest customer which accounted for an additional $1.6 million in revenues during 2019 compared to 2018. Our largest enterprise account which now stands at over 100,000 seats, had a full year of revenue and an increase in usage in 2019 thus contributing higher revenue. This increase was offset by several terminations of partner contracts in the Threat Intelligence services, mostly due to customers who were unwilling or unable to absorb price increases upon renewal, or which were ending the life of their product offerings which utilized our services. The overall trend in both our Enterprise and Threat Intelligence service lines is positive as we continue to offer additional products and services to our partners while disengaging from partners that have a different product focus or that are principally driven by price.
Cost of Revenues. Cost of revenues for 2019 totaling $15.6 million increased by $1.1 million from $14.5 million in 2018, which represents an 8% increase year-over-year. The increase is mainly due to our continued investment in enhancing our network and customer support capabilities through increased outside services expenses and increased payroll and related expenses. Headcount associated with cost of revenues throughout the year decreased from 42 to 39 employees during 2019. Payroll and related expenses increased by $0.6 million driven by higher salaries and costs associated with employee benefits. Outside services and datacenter costs increased by $0.6 million during 2019 compared to 2018. These increases are required as a foundation for the continued growth of the business. Intangible amortization expenses decreased by $0.3 million in 2019 compared to 2018, which included additional expense in 2019 related to $0.2 million of intangible asset impairment recorded. Allocated costs from operating expenses related to our Corporate and IT departments contributed to $0.1 million of an increase in 2019 compared to 2018 as a result of higher operating costs associated with those departments. This increase had an accounting impact of reducing the gross margin in accordance with U.S. GAAP.
Research and Development, Net. Research and development expenses for 2019 in the amount of $15.8 million decreased by $0.3 million compared to $16.1 million in 2018, which represents a 2% annual decrease. Payroll and related expenses, net decreased by approximately $0.8 million primarily driven by lower headcount and an increase in the capitalization of payroll related costs due to an increase in new product development in 2019. Outside services and outsourced engineering expenses associated with our increased investment in R&D increased by $0.5 million. R&D headcount during 2019 decreased from 140 to 132 employees.
Sales and Marketing. Sales and marketing expenses for 2019 totaling $13.8 million decreased by $2.4 million, compared to $16.2 million in 2018. The change is mainly due to a $0.8 million decrease in payroll and related expenses due to lower headcount, a $1.0 million decrease in expenses related to outside services associated with marketing activities, $0.2 million decrease in travel related expenses, a $0.2 million decrease associated with amortization of intangible assets and a $0.2 million decrease in allocated costs from the Corporate and IT departments due to lower headcount during 2019. Sales and Marketing headcount during 2019 decreased from 62 to 45 employees, with most of the decrease occurring in the fourth quarter.
General and Administrative. General and administrative expenses for 2019 of $10.9 million increased by $2.6 million, compared to $8.3 million in 2018, which represents a 31% annual increase. The increase is due to an increase of $1.0 million in payroll related expenses, primarily driven by higher salary costs and ASC 718 expense related to RSUs issued in 2019 with a 1-year vesting period offset by lower bonus expense. Outside services increased by $2.0 million in 2019 primarily due to higher legal expenses due to the litigation settlement of approximately $1.1 million in additional expense in 2019, as outlined in Note 7 of the consolidated financial statements included elsewhere in this Annual Report, and an increase in board of director fees. Offsetting the increases was a decrease in travel related costs of $0.1 million and a decrease in employee recruitment costs of $0.3 million. G&A headcount during 2019 decreased from 34 to 32 employees.
Other Income (Expense), Net. Other Income (Expense) was $0.3 million in 2019 primarily related to the earn-out payment.
Financial Expense, Net. Financial expenses, net, for 2019 of $0.7 million increased by $0.4 million, compared to $0.3 million in 2018. The increase is mainly due to a $0.5 million increase in interest expenses associated with the Convertible Notes issued in December 2018 offset by an increase of $0.1 due to higher capitalization of interest associated with the increased in 2019 capitalization associated with the development of new products.
Effective Corporate Tax Rates
Corporate tax rates and real capital gains tax in Israel were 23% in 2019 and 2018. There has been no change to date in 2020.
The Company’s German subsidiary is subject to German tax at a consolidated rate of approximately 30%.
Other non-Israeli subsidiaries are taxed according to the tax laws in their respective countries of residence.
We do not provide deferred tax liabilities when we intend to reinvest earnings of foreign subsidiaries indefinitely. As of December 31, 2019, there are no undistributed earnings of foreign subsidiaries.
We may currently qualify as an “industrial company” within the definition of the Law for the Encouragement of Industry (Taxation), as such, we may be eligible for certain tax benefits, including, inter alia, special depreciation rates for machinery, equipment and buildings, amortization of patents, certain other intangible property rights and deduction of share issuance expenses.
Net Operating Loss Carry-Forwards
As of December 31, 2019, Cyren’s net operating loss carryforwards for tax purposes amounted to $91.7 million and capital loss carryforwards of $17.8 million which may be carried forward and offset against taxable income in the future, for an indefinite period.
As of December 31, 2019, the U.S. subsidiary had net operating loss carryforwards of $39.7 million for federal tax purposes and $11.1 million for state tax purposes. These losses may offset any future U.S. taxable income of the U.S. subsidiary and will expire in the years 2020 through 2039.
Management currently believes that based upon its estimations for future taxable income, it is more likely than not that the deferred tax assets regarding the loss carryforwards will not be utilized in the foreseeable future. Thus, a valuation allowance was provided to reduce deferred tax assets to their realizable value.
Liquidity and Capital Resources
We finance our operations primarily from our cash and cash equivalents and cash from operations. As of December 31, 2019, and 2018, we had approximately $11.6 million and $17.6 million of cash and cash equivalents, respectively.
Our future capital requirements will depend on many factors, including, but not limited to our growth, market acceptance of our offerings, the timing and extent of spending to support our efforts to develop our platform and the expansion of sales and marketing activities. We may be required to seek additional equity or debt financing. In the event that additional financing is required from outside sources, we may not be able to raise it on terms acceptable to us or at all. If we are unable to raise additional capital when desired, our business, financial condition and results of operations could be adversely affected.
During 2020, we expect to continue to incur capital expenditures associated with R&D and data center infrastructure. Over the past several years, the Company has devoted substantially most of its effort to research and development, product development and increasing revenues through additional investments in sales & marketing. The Company generated a loss of $18.0 million and negative cash flow of $6.9 million from operating activities in the twelve-month period ended December 31, 2019, and has an accumulated deficit of $231.3 million as of December 31, 2019. The Company is planning to finance its operations from its existing and future working capital resources and to continue to evaluate additional sources of capital and financing. However, there is no assurance that additional capital and/or financing will be available to the Company, and even if available, whether it will be on terms acceptable to the Company or in amounts required. Accordingly, the Company’s Board modified its contingency plan, to be effected if needed, in whole or in part, at its discretion, to allow the Company to continue its operations and meet its cash obligations. The contingency plan consists of cost reduction, which include mainly the following steps: reduction in consultants’ expenses, headcount, compensation paid to key management personnel and capital expenditures. The Company and the Board believes that its existing capital resources and other future measures that may be implemented, if so required, will be adequate to satisfy its expected liquidity requirements for at least twelve months from the filing date.
Cash Flows from Operating Activities
In 2019, net cash used in operating activities was $6.9 million and was primarily due to a net loss of $18.0 million adjusted for non-cash activity of $3.8 million amortization of intangible assets, $1.9 million depreciation of property and equipment, $2.4 million stock-based compensation expenses, $1.2 million amortization of deferred commissions, $1.3 million in amortization of operating lease right-of-use assets associated with the adoption of ASC 842 effective January 1, 2019, $2.9 million increase in deferred revenues, $1.5 million increase in trade receivables, net and offset by a decrease in deferred commissions of $1.0 million, a decrease trade payable of $0.7 and a decrease of $1.0 in employee and payroll accruals, accrued expenses and other liabilities and a decrease in operating lease liabilities of $1.2 million.
In 2018, net cash used in operating activities was $11.5 million and was primarily due to a net loss of $19.4 million adjusted for non-cash activity of $4.2 million amortization of intangible assets, $1.9 million depreciation of property and equipment, $1.4 million stock-based compensation expenses, $1.4 million amortization of deferred commissions, $0.7 million increase in deferred revenues, $0.5 million increase in employee and payroll accruals, accrued expenses and other liabilities, and offset by an increase in deferred commissions of $2.3 million.
Cash Flows from Investing Activities
In 2019, net cash used in investing activities consisted of $3.7 million for capitalization of technology and $1.5 million used to purchase property and equipment.
In 2018, net cash used in investing activities consisted of $2.0 million for capitalization of technology and $3.3 million used to purchase property and equipment.
Our capital expenditures over the last three years consisted primarily of continued investment in R&D and also purchases of property and equipment to modernize and expand our data centers and to invest in our infrastructure in order to support new business and the growth of the Company.
Cash Flows from Financing Activities
In 2019, net cash generated by financing activities was $6.0 million and was due to net proceeds of $8.0 million from the rights offering, $0.7 million proceeds from exercise of options, and offset by $2.7 million payment of earn-out consideration.
In 2018, net cash generated by financing activities was $10.8 million and was due to net proceeds of $10.0 million from the issuance of convertible notes, $1.4 million proceeds from exercise of options, and offset by $0.6 million payment of earn-out consideration.
As of December 31, 2019, and 2018, we had positive capital of $0.6 million and $7.7 million, respectively. The decrease in working capital during 2019 is primarily due to our negative cash flow from operating and investing activities primarily driven by the increase in deferred revenues and in 2019 the recording of operating lease liabilities on the balance sheet, an overall lower cash balance, and the lower amount of capital raised compared to 2018.
On December 5, 2018, the Company issued $10.0 million aggregate principal amount of Convertible Notes in a private placement to affiliates of an existing minority institutional shareholder. The Convertible Notes are unsecured, unsubordinated obligations of Cyren and carry a 5.75% interest rate, payable semi-annually in (i) 50% cash and (ii) 50% cash or ordinary shares at Cyren’s election. The notes have a 3-year term and mature in December 2021, unless converted in accordance with their terms prior to maturity. The notes were issued with a conversion price of $3.90 per share which was subject to adjustment using a weighted average ratchet mechanism based on the size and price of future equity offerings and the total shares outstanding.
On November 7, 2019 Cyren announced the closing of a rights offering that raised gross proceeds of $8.0 million. As a result of this offering, the conversion price of the Convertible Notes was adjusted to $3.73. In addition, the notes would be subject to immediate conversion upon any change in control in the Company (or subject to repayment if the price in the change in control transaction is less than the conversion price).
On March 19, 2020, we issued $10.25 million aggregate principal amount of Convertible Debentures in a private placement to certain investors. The Convertible Debentures are secured by a guarantee by two of our subsidiaries and carry a 5.75% interest rate, payable semi-annually in cash or, subject to the satisfaction of certain equity conditions, in ordinary shares. The Convertible Debentures mature in March 2024, unless converted in accordance with their terms prior to maturity. The Convertible Debentures have an initial conversion price of $0.75 per share, subject to adjustments. If the closing bid price of our ordinary shares has been at least $2.25 (subject to adjustment) for at least 20 trading days during any 30 consecutive trading day period, and certain conditions are satisfied, we may force a conversion of all or any part of the outstanding principal amount of the Convertible Debentures, accrued and unpaid interest and any other amounts then owing, subject to certain conditions.
In conjunction with the 2012 acquisition of eleven, the Company entered into an earn-out agreement with the former shareholders that would pay additional consideration based on the revenue performance for the years ending 2012-2015. Subsequently in 2014 the Company had a legal dispute regarding the amount and timing of the earn-out payments and had entered into arbitral proceedings with the former shareholders of eleven. On March 9, 2017, the Company received the arbitral judgement. Pursuant to the judgement, the earn-out consideration balance was increased to reflect additional legal expenses and interest expenses covering the period up to December 31, 2016. During 2017 and 2018, the Company continued to accrue interest on the unpaid earn-out consideration balance. Such interest is reflected in the consolidated statements of operations under financial expenses, net. In May 2018, the Company made a partial payment of the earn-out consideration to five of the six former shareholders, in an amount of $604 thousand. The earn-out consideration balance presented on the Company’s balance sheet as of December 31, 2018 reflects the complete remaining liability relating to the earn-out, including accrued interest. Subsequent to the reporting period, in February 2019, the parties agreed to resolve all pending claims, and on February 28, 2019 the Company paid approximately $2.7 million to settle the earn-out consideration in full. For additional information, please refer to Note 7b(i) of the consolidated financial statements included elsewhere in this Annual Report.
In connection with our private placement to Warburg Pincus in November 2017, in which we issued approximately 10.6 million ordinary shares for $1.85 per share, we and Warburg Pincus entered into a registration rights agreement, which, among other things, provides Warburg Pincus with three demand registration rights, piggyback and shelf registration rights. The demand registration rights may be exercised starting August 6, 2018, subject to certain customary blackout periods.
In connection with issuance of the Convertible Debentures, we entered into a Registration Rights Agreement with the purchasers. Pursuant to that agreement, we agreed to file one or more registration statements with the SEC within sixty days of the date of the agreement to cover the resale of the shares of our ordinary shares that are issuable to the purchasers upon any conversion of the Convertible Debentures or as interest payments.
On September 21, 2018, we filed a shelf registration statement on Form F-3 with the SEC, which we converted to a Form S-3 on August 16, 2019. This registration statement enables us to issue debt securities, ordinary shares, warrants or subscription rights up to an aggregate amount of $50 million. Under the rules governing shelf registration statements, we will file a prospectus supplement with the SEC which describes the amount and type of securities being offered each time we issue securities under this registration statement. No securities were issued under the registration statement on Form F-3. In November 2019, we issued shares as part of our rights offerings using our Form S-3 as described below.
Off-Balance Sheet Arrangements
Critical Accounting Policies and Estimates
This section is based upon our consolidated financial statements, which have been prepared in accordance with accounting principles generally accepted in the United States (“U.S. GAAP”). The preparation of these financial statements requires management to make estimates, judgements and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes. Actual results could differ from those estimates. On an ongoing basis, the Company’s management evaluates estimates, including those related to fair value and useful lives of intangible assets, fair value of earn-out liabilities, valuation allowance on deferred tax assets, income tax uncertainties, fair values of stock-based awards, other contingent liabilities and estimates used in applying the revenue recognition policy. Such estimates are based on historical experience and on various other assumptions that are believed to be reasonable, the results of which form the basis for making judgments about the carrying values of assets and liabilities.
The critical accounting policies requiring estimates, assumptions, and judgements that we believe have the most significant impact on our consolidated financial statements are described below.
Intangible assets that are not considered to have an indefinite useful life are amortized over their estimated useful lives, which range from 1 to 20 years. Acquired customer contracts and relationships are amortized over their estimated useful lives in proportion to the economic benefits realized. This accounting policy results in accelerated amortization of such customer contracts and relationships arrangements as compared to the straight-line method. Technology, intellectual property and trademarks are amortized over their estimated useful lives on a straight-line basis.
Impairment of Long-Lived Assets
The Company’s long-lived assets and identifiable intangibles are reviewed for impairment in accordance with ASC 360 “Property, Plant and Equipment”, whenever events or changes in circumstances indicate that the carrying amount of an asset may not be recoverable.
Recoverability of these assets is measured by comparison of the carrying amount of each asset group to the future undiscounted cash flows the asset group is expected to generate. If the asset is considered to be impaired, the amount of any impairment is measured as the difference between the carrying value and the fair value of the impaired asset.
In the fourth quarter of 2019, we have recognized an impairment loss of $0.2 related to R&D, an acquired intangible asset from a prior acquisition. We have determined that the benefit of the acquired R&D would not be realized. This amount has been recognized in cost of revenue. While this was a non-cash charge, it is expected to reduce amortization expense by $0.1 on an annualized basis.
The Company did not record an impairment related to the year-ended December 31, 2018.
Goodwill represents the excess of the purchase price in a business combination over the fair value of net tangible and intangible assets acquired. Goodwill is not amortized, but rather is subject to an impairment test.
The Company performs an annual impairment test at December 31, of each fiscal year, or more frequently if impairment indicators are present. The Company operates in one operating segment, and this segment comprises its only reporting unit.
ASC 350 prescribes a two-phase process for impairment testing of goodwill. The first phase screens for impairment, while the second phase (if necessary) measures impairment. Goodwill impairment is deemed to exist if the net book value of a reporting unit exceeds its estimated fair value determined using market capitalization. In such case, the second phase is then performed, and the Company measures impairment by comparing the carrying amount of the reporting unit’s goodwill to the implied fair value of that goodwill. An impairment loss is recognized in an amount equal to the excess. ASC 350 allows an entity to first assess qualitative factors to determine whether it is necessary to perform the two-step quantitative goodwill impairment test. An entity is not required to calculate the fair value of a reporting unit unless the entity determines, based on a qualitative assessment, that it is more likely than not that its fair value is less than its carrying amount. Alternatively, ASC 350 permits an entity to bypass the qualitative assessment for any reporting unit and proceed directly to performing the first step of the goodwill impairment test. Accordingly, the Company elected to proceed directly to the first step of the quantitative goodwill impairment test and compares the fair value of the reporting unit with its carrying value.
For each of the two years in the period ended December 31, 2019, no impairment losses have been identified.
Fair Value Measurements
The carrying amounts of cash and cash equivalents, trade receivables, prepaid expenses, other receivables and trade payables, approximate their fair values due to the short-term maturities of such financial instruments.
Fair value is an exit price, representing the amount that would be received to sell an asset or paid to transfer a liability in an orderly transaction between market participants. As such, fair value is a market-based measurement that should be determined based on assumptions that market participants would use in pricing an asset or a liability. A three-tiered fair value hierarchy is established as a basis for considering such assumptions and for inputs used in the valuation methodologies in measuring fair value:
Level 1 - Quoted prices (unadjusted) in active markets for identical assets or liabilities that the Company can access at the measurement date.
Level 2 - Inputs other than quoted prices included within Level 1 that are observable for the asset or liability, either directly or indirectly.
Level 3 - Unobservable inputs for the asset or liability.
The availability of observable inputs can vary from instrument to instrument and is affected by a wide variety of factors, including, for example, the type of instrument, the liquidity of markets and other characteristics particular to the transaction. To the extent that valuation is based on models or inputs that are less observable or unobservable in the market, the determination of fair value requires more judgment and the instruments are categorized as Level 3.
The fair value hierarchy also requires an entity to maximize the use of observable inputs and minimize the use of unobservable inputs when measuring fair value.
Effective January 1, 2018, the Company adopted the requirements of ASC 606 under the modified retrospective method of transition which was applied to all customer contracts that were not completed on the effective date of ASC 606. The Company implemented internal controls and key system functionality to enable the preparation of financial information on adoption. The adoption of ASC 606 resulted in changes to the Company’s accounting policies for revenue recognition previously recognized under ASC 605 as detailed below.
Revenue Recognition Policy
The Company derives its revenues from the sale of real-time cloud-based services for each of Cyren’s email security, web security, antimalware and advanced threat protection offerings.
The Company sells all of its solutions as subscription services, either through OEMs, which are considered end-users, or as complete security services directly, or via our partners, to enterprises.
The Company recognizes revenue under the core principle that transfer of control to the Company’s customers should be depicted in an amount reflecting the consideration the Company expects to receive in revenue.
Subscription Service Revenue - Subscription service revenue is derived from a subscription-based licensing model with contract terms typically ranging from one to three years, and consists of (1) subscription fees from the licensing of the Company’s Enterprise or Threat Intelligence Services and (2) subscription fees for real-time threat updates and software with support and related future updates where the software updates are critical to the customers’ ability to derive benefit from the software due to the fast changing nature of the technology. These function together as one performance obligation. The hosted on-demand service arrangements do not provide customers with the right to take possession of the software supporting the hosted services. Support revenue is derived from ongoing security updates, upgrades, bug fixes, and maintenance. A time-elapsed method is used to measure progress because the Company transfers control evenly over the contractual period. Accordingly, the fixed consideration related to subscription service revenue is generally recognized on a straight-line basis over the contract term beginning on the date access is provided, as long as other revenue recognition criteria have been met. Most of the company’s contracts are non-cancelable over the contract term. Customers typically have the right to terminate their contract for cause if the Company fails to perform in accordance with the contractual terms. Some of the Company’s customers have the option to purchase additional subscription services at a stated price. These options are evaluated on a case-by-case basis but generally do not provide a material right as they are priced at or above the Company’s standalone selling price and, as such, would not result in a separate performance obligation.
Variable Consideration - Revenue from sales is recorded at the net sales price, which is the transaction price, and includes estimates of variable consideration. The amount of variable consideration that is included in the transaction price is constrained and is included in the net sales price only to the extent that it is probable that a significant reversal in the amount of the cumulative revenue will not occur when the uncertainty is resolved. If the Company’s services or products do not meet certain service level commitments, the Company’s customers are entitled to receive service credits representing a form of variable consideration. The Company has not historically experienced any significant incidents affecting the defined levels of reliability and performance as required by the Company’s subscription contracts. Accordingly, there are no estimated refunds related to these contracts in the consolidated financial statements during the periods presented.
The Company capitalizes sales commissions paid to internal sales personnel that are generally incremental to the acquisition of customer contracts. These costs are recorded as deferred commissions on the consolidated balance sheets. The Company determines whether costs should be deferred based on its sales compensation plans, if the commissions are incremental and would not have occurred absent the customer contract. Sales commissions for renewal of a subscription contract are not considered commensurate with the commissions paid for the acquisition of the initial subscription contract given the substantive difference in commission rate between new and renewal contracts. Commissions paid upon the initial acquisition of a contract are amortized over an estimated period of benefit while commissions paid related to renewal contracts are amortized over a contractual renewal period. Amortization is recognized based on the expected future revenue streams under the customer contracts. Amortization of deferred sales commissions is included in sales and marketing expense in the accompanying consolidated statements of operations. The Company determines the period of benefit for commissions paid for the acquisition of the initial subscription contract by taking into consideration factors such as peer estimates of technology lives and customer lives as well as the Company’s own historical data. The Company classifies deferred commissions as current or long-term based on the timing of when the Company expects to recognize the expense. The Company periodically reviews these deferred commission costs to determine whether events or changes in circumstances have occurred that could impact the period of benefit of these deferred contract acquisition costs. There were no material impairment losses recorded during the periods presented.
The Company capitalizes development costs incurred during the application development stage which are related to internal-use technology that supports its security services. Costs related to preliminary project activities and post implementation activities are expensed as incurred as research and development costs on the statements of operations. Capitalized internal-use technology is included in intangible assets on the balance sheet and is amortized on a straight-line basis over its estimated useful life, which is generally one to three years. Amortization expenses are recognized under cost of goods sold. Management evaluates the useful lives of these assets on an annual basis and tests for impairment whenever events or changes in circumstances occur that could impact the recoverability of these assets.
Accounting for Stock–Based Compensation
ASC 718 - “Compensation-stock Compensation”- (“ASC 718”) requires companies to estimate the fair value of equity-based payment awards on the date of grant using an option-pricing model. The value of the portion of the award that is ultimately expected to vest is recognized as an expense over the requisite service periods in the Company’s consolidated statements of operations.
The Company recognizes compensation expense for the value of its awards on a straight-line basis over the requisite service period of each of the awards, net of estimated forfeitures. Estimated forfeitures are based on actual historical pre-vesting forfeitures. ASC 718 requires forfeitures to be estimated at the time of grant and revised, if necessary, in subsequent periods if actual forfeitures differ from those estimates. Estimated forfeitures are based on actual historical pre-vesting forfeitures (pursuant to the adoption of ASU 2016-09, the Company made a policy election to estimate the number of awards that are expected to vest).
The Company estimates the fair value of stock options granted using the Black-Scholes option-pricing model. The option-pricing model requires a number of assumptions, of which the most significant are the expected stock price volatility and the expected option term. Expected volatility was calculated based upon actual historical stock price movements over the most recent periods ending on the grant date, equal to the expected term of the options. The expected term of options granted represents the period of time that options granted are expected to be outstanding, based upon historical experience. The risk-free interest rate is based on the yield from U.S. treasury bonds with an equivalent term. The Company has historically not paid dividends and has no foreseeable plans to pay dividends.
The Company applies ASC 718, and ASC 505-50, “Equity Based Payments to Non-Employees” (“ASC 505-50”), with respect to options issued to non-employees.
The fair value for options granted in 2019 and 2018 is estimated at the date of grant using a Black-Scholes options pricing model with the following assumptions:
|Year ended December 31,|
|Risk-free interest rate||1.5%-2.5||%||2.3%-3.1||%|
|Expected life (years)||3.7-4.0||3.6-5.0|
Accounting for Income Tax
The Company accounts for income taxes in accordance with ASC 740, “Income Taxes” (“ASC 740”). ASC 740 prescribes the use of the liability method whereby deferred tax asset and liability account balances are determined based on differences between financial reporting and tax bases of assets and liabilities and are measured using the enacted tax rates and laws that will be in effect when the differences are expected to reverse. The Company provides a valuation allowance to reduce deferred tax assets to amounts more likely than not to be realized.
ASC 740 contains a two-step approach to recognizing and measuring a liability for uncertain tax positions. The first step is to evaluate the tax position taken or expected to be taken in a tax return by determining if the weight of available evidence indicates that it is more likely than not that, on an evaluation of the technical merits, the tax position will be sustained on audit, including resolution of any related appeals or litigation processes. The second step is to measure the tax benefit as the largest amount that is more than 50% (cumulative basis) likely to be realized upon ultimate settlement.
We are subject to the possibility of various loss contingencies arising in the ordinary course of business. We consider the likelihood of loss or impairment of an asset, or the incurrence of a liability, as well as our ability to reasonably estimate the amount of loss, in determining loss contingencies. An estimated loss contingency is accrued when it is probable that an asset has been impaired or a liability has been incurred and the amount of loss can be reasonably estimated. If we determine that a loss is possible and the range of the loss can be reasonably determined, then we disclose the range of the possible loss. We regularly evaluate current information available to us to determine whether an accrual is required, an accrual should be adjusted or a range of possible loss should be disclosed.
Recent Accounting Pronouncements
Refer to Note 2 of the notes to our consolidated financial statements included in Part II, Item 8 of this Annual Report on form 10-K for a full description of recent accounting pronouncements.
Off-Balance Sheet Arrangements
ITEM 7A. QUANTITATIVE AND QUALITATIVE DISCLOSURES ABOUT MARKET RISK
Not required for smaller reporting companies.
Special Note Regarding Forward-Looking Statements
This Annual Report contains “forward-looking statements” within the meaning of Section 27A of the Securities Act and Section 21E of the Exchange Act. These statements concern expectations, beliefs, projections, plans and strategies, anticipated events or trends and similar expressions concerning matters that are not historical facts. We urge you to consider that statements which use the terms “anticipate,” “believe,” “expect,” “plan,” “intend,” “estimate”, “will” and similar expressions are intended to identify forward-looking statements. Specifically, this Annual Report contains forward-looking statements regarding:
|●||our intention to release two new enterprise-focused product offerings in 2020 and the anticipated solutions such offerings will provide to our customers;|
|●||our expectations regarding the timing of availability of our CIS solution to the market and the timing of its revenue impact;|
|●||our expectations regarding our integrated offering and our partnership with Microsoft;|
|●||our expectations regarding our future profitability and revenue growth;|
|●||our expectations regarding increases in cost of revenue and operating expenses, including as a result of our anticipated investments in R&D;|
|●||our beliefs regarding the importance of R&D;|
|●||our expectation to lower the rate of R&D investment as a percentage of revenue in the future and to drive more revenue from existing solutions rather than by adding new solutions;|
|●||our expectations regarding reducing the historical rate of headcount growth and its resulting impact on our gross and operating margins over time;|
|●||our expectations regarding our business strategies, including our contingency plan;|
|●||our expectations regarding growth of our enterprise business and its expected impact on our business, including its contribution to our cash flow and return on investment;|
|●||our expectations regarding our capital expenditures for 2020;|
|●||our belief regarding the adequacy of our existing capital resources and other future measures to satisfy our expected liquidity requirements;|
|●||our beliefs regarding our competitive position in the market in which we operate;|
|●||our expectations regarding the regulatory environment of data privacy in the EU;|
|●||our anticipated significant investments in R&D and promotion of our brand;|
|●||our expectations regarding trends in the market for internet security and technology industry;|
|●||our expectations regarding existing and new threats, key challenges and opportunities in our industry and their impact on our business, including the impact of innovations in the technology industry;|
|●||our expectations regarding the increase in utilization of our cloud infrastructure and the resulting impact on our gross margins;|
|●||our expectations regarding continued and future customers that will contribute to our revenue, and the solutions we provide to such customers;|
|●||our beliefs regarding factors that make our vision compelling to the IT security market;|
|●||our expectations regarding the locations where we conduct our business;|
|●||our belief regarding passive foreign investment company status;|
|●||our expectations regarding the impact of litigation;|
|●||our beliefs regarding our net operating loss carry-forwards; and|
|●||our expectations and estimates regarding certain tax and accounting matters, including the impact on our financial statements.|
These forward-looking statements reflect our current views about future events and are subject to risks, uncertainties and assumptions. We wish to caution readers that certain important factors may have affected and could in the future affect our actual results and could cause actual results to differ significantly from those expressed in any forward-looking statement. The most important factors that could prevent us from achieving our goals, and cause the assumptions underlying forward-looking statements and the actual results to differ materially from those expressed in or implied by those forward-looking statements include, but are not limited to, the following:
|●||our ability to execute our business strategies, including our sales and business development plan;|
|●||our ability to timely and successfully enhance and improve our existing solutions and introduce our new solutions;|
|●||the commercial success of such enhancements and new solutions;|
|●||lack of demand for our solutions, including as a result of actual or perceived decreases in levels of advanced cyber attacks;|
|●||our ability to manage our cost structure, avoid unanticipated liabilities and achieve profitability;|
|●||our ability to grow our revenues, including the ability of existing solutions to drive sufficient revenue;|
|●||our ability to attract new customers and increase revenue from existing customers;|
|●||market acceptance of our existing and new product offerings;|
|●||the success of our partnership with Microsoft, including our ability to successfully integrate our web security technology into its platform;|
|●||our ability to adapt to changing technological requirements and shifting preferences of our customers and their users;|
the impact of the of the COVID-19 outbreak;
|●||our continued listing on Nasdaq;|
|●||our ability to successfully shift the focus of our product development and sales efforts to new products, while de-emphasizing our CWS offerings;|
|●||loss of any of our large customers;|
|●||adverse conditions in the national and global financial markets;|
|●||the impact of currency fluctuations;|
|●||political and other conditions in Israel that may limit our R&D activities;|
|●||increased competition or our ability to anticipate or effectively react to competitive challenges;|
|●||the ability of our brand development strategies to enhance our brand recognition;|
|●||our ability to retain key personnel;|
|●||performance of our OEM partners, service providers and resellers;|
|●||our ability to successfully implement our contingency plan, if needed, and its ability to allow us to continue our operations and meet our cash obligations;|
|●||our ability to successfully estimate the impact of regulatory and litigation matters;|
|●||our ability to comply with applicable laws and regulations and the impact of changes in applicable laws and regulations, including tax legislation or policies;|
|●||economic, regulatory and political risks associated with our international operations;|
|●||the impact of cyber attacks or a security breach of our systems;|
|●||our ability to protect our brand name and intellectual property rights;|
the impact of our controlling shareholder’s decisions, which may differ with respect to our strategic direction; and
|●||our ability to successfully estimate the impact of certain accounting and tax matters, including the effect on our company of adopting certain accounting pronouncements.|
The foregoing list of important factors does not include all such factors, nor necessarily present them in order of importance. In addition, you should consult other disclosures made by the Company (such as in our other filings with the SEC or in company press releases) for other factors that may cause actual results to differ materially from those projected by the Company. Please refer to Part I. Item 1A. Risk Factors, of this Annual Report for additional information regarding factors that could affect our results of operations, financial condition and liquidity. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of the date hereof. Except as required by applicable law, including the securities laws of the United States, we undertake no obligation to update or revise any forward-looking statements to reflect new information, future events or circumstances, or otherwise after the date hereof.
Impact from the COVID-19 Outbreak
On March 11, 2020, the World Health Organization declared the outbreak of a respiratory disease caused by a new coronavirus as a “pandemic” which is now known as COVID-19. The outbreak has impacted thousands of individuals worldwide. In response, many countries have implemented measures to combat the outbreak which have impacted global business operations.
As of the date of issuance of the financial statements, the Company’s operations have not been significantly impacted, however, the Company continues to monitor the situation. The ultimate extent of the impact of any epidemic, pandemic or other health crisis on our business, financial condition and results of operations will depend on future developments, which are highly uncertain and cannot be predicted, including new information that may emerge concerning the severity of such epidemic, pandemic or other health crisis and actions taken to contain or prevent their further spread, among others.
No impairments were recorded as of the balance sheet date as no triggering events or changes in circumstances had occurred as of year-end; however, due to significant uncertainty surrounding the situation, management's judgment regarding this could change in the future.
In addition, while the Company’s results of operations, cash flows and financial condition could be negatively impacted, the extent of the impact cannot be reasonably estimated at this time.
ITEM 8. FINANCIAL STATEMENTS AND SUPPLEMENTARY DATA
Financial statements and supplementary data are on pages F-1 through F-36.
ITEM 9. CHANGES IN AND DISAGREEMENTS WITH ACCOUNTANTS ON ACCOUNTING AND FINANCIAL DISCLOSURE
ITEM 9A. CONTROLS AND PROCEDURES
Disclosure Controls and Procedures
As of December 31, 2019, we performed an evaluation under the supervision and with the participation of our management, including our Chief Executive Officer and Chief Financial Officer, of the effectiveness of the design and operation of our disclosure controls and procedures (as defined in Rules 13a-15(e) and 15d-15(e) of the Exchange Act). Our management recognizes that any controls and procedures, no matter how well designed and operated, can provide only reasonable assurance of achieving their objectives and our management necessarily applies its judgment in evaluating the cost-benefit relationship of possible controls and procedures. Based on this evaluation, our Chief Executive Officer and Chief Financial Officer concluded that our disclosure controls and procedures are effective as of December 31, 2019, to provide reasonable assurance that the information required to be disclosed in filings and submissions under the Exchange Act, is recorded, processed, summarized, and reported within the time periods specified by the SEC’s rules and forms, and that such information related to us and our consolidated subsidiary is accumulated and communicated to management, including the Chief Executive Officer and Chief Financial Officer, as appropriate to allow timely decisions about required disclosure.
Management’s Annual Report on Internal Control over Financial Reporting
Our management is responsible for establishing and maintaining adequate internal control over our financial reporting, as such term is defined in Rule 13a-15(f) under the Exchange Act. Our internal control over financial reporting system was designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles.
A company’s internal control over financial reporting includes those policies and procedures that (i) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (ii) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (iii) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements.
Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements and even when determined to be effective can only provide reasonable assurance with respect to financial statements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.
Our management assessed our internal control over financial reporting as of December 31, 2019. Our management based its assessment on criteria established in Internal Control- Integrated Framework (2013) issued by the Committee of Sponsoring Organization of the Treadway Commission. Based on this assessment, our management has concluded that, as of December 31, 2019, our internal control over financial reporting is effective.
This Annual Report does not include an attestation report of our independent registered public accounting firm regarding internal control over financial reporting. Management’s report was not subject to attestation by our independent registered public accounting firm pursuant to a provision under the Dodd-Frank Wall Street Reform and Consumer Protection Act which grants a permanent exemption for non-accelerated filers from complying with Section 404(b) of the Sarbanes-Oxley Act of 2002.
During the quarter ended December 31, 2019, there were no changes to our internal control over financial reporting that have materially affected, or are reasonably likely to materially affect, our internal control over financial reporting.
ITEM 10. DIRECTORS, EXECUTIVE OFFICERS AND CORPORATE GOVERNANCE
The following table identifies our current directors, their ages and their respective positions.
|Name||Age||Position with CYREN|
|Hila Karah (1)(2)(4)||51||Director|
|Lior Samuelson||71||Chairman of the Board|
|Todd Thomson (3)(4)||59||Lead Director|
|James Hamilton (1)(2)(3)(4)||56||Director|
|David Earhart (1)(2)(3)(4)||58||Director|
|John Becker (1)(3)(4)||62||Director|
|Brian Chang (2)||38||Director|
Cary Davis, Brian Chang, Lauren Zletz and Rajveer Kushwaha are employees of an affiliate of Warburg Pincus.
|(1)||Member of the compensation committee.|
|(2)||Member of nominating and governance committee.|
|(3)||Member of the audit committee.|
|(4)||Determined by the audit committee and the Board to be an independent director pursuant to Nasdaq Corporate Governance Listing Rule 5605(a)(2) and the Israeli Companies Law, 1999 (the “Companies Law”).|
Lior Samuelson joined the Board in August 2010 and has held the position of Chairman of the Board since December 2010. Mr. Samuelson served as the Chief Executive Officer at Cyren beginning December 2013 through May 2019. During his extensive career, Mr. Samuelson has served as chairman, CEO and board member of companies in technology, telecommunications, financial services and management consulting, such as Deltathree (DDDC), PricewaterhouseCoopers Securities and The Barents Group. Mr. Samuelson was previously a managing partner with KPMG and a senior manager at Booz Allen Hamilton. Mr. Samuelson holds both a B.A. and a M.A. in economics from Virginia Tech. We believe Mr. Samuelson is qualified to serve on our board of directors because of his longstanding service with us and his extensive experience serving on company boards and in senior leadership positions.
Hila Karah joined the Board in March 2008. Ms. Karah is an experienced board director and, since 2013, serves as an independent business consultant to private and public companies on strategy, operations, financing, regulatory and corporate governance. From November 2017 to September 2018, Ms. Karah was the executive chairperson of FloraFotonica Ltd., an Israeli Agro Tech startup. From 2006 until 2013, Ms. Karah was the chief investment officer of Eurotrust Ltd., a family office, where she focused primarily on investments in life science, internet and high-tech companies. Prior to joining Eurotrust, Ms. Karah served as a senior analyst at Perceptive Life Sciences Ltd., a New York-based hedge fund. Prior to her position at Perceptive, Ms. Karah was a research analyst at Oracle Partners Ltd., a healthcare-focused hedge fund based in Connecticut. Ms. Karah has served on the board of Intec Pharma Ltd. a specialty pharma company (Nasdaq: NTEC) since 2009 and the board of Dario Health Corp. (Nasdaq: DRIO) since 2014. She also serves on the board of several private companies. Ms. Karah has a BA in molecular and cell biology from the University of California, Berkeley, and has studied at the UCSB – UCSF Joint Medical Program. We believe Ms. Karah is qualified to serve on our board of directors because of her longstanding service with us, her investment career in high-tech companies and experience serving on public company boards.
Todd Thomson joined the Board in November 2011 and has held the position of Lead Director since December 2015. Mr. Thomson has been the chairman of Dynasty Financial Partners since November 2016 and is also the founder and CEO of Headwaters Capital since April 2007. He served in top management positions at Citigroup, including CFO of the Company and CEO of the Global Wealth Management division. Prior to joining Citigroup, Todd Thomson held senior executive positions at GE Capital, Barents Group and Bain & Co. He was also a board member of Cordia Bancorp (Nasdaq: BVA) from 2010 to 2016 and of Bank of Virginia as well as chairman of the Wharton Leadership Advisory Board. Todd Thomson received his M.B.A, with Distinction, from the Wharton School of Business and his bachelor’s degree in economics from Davidson College. We believe Mr. Thomson is qualified to serve on our board of directors because of his longstanding service with us, his extensive experience serving on company boards and his extensive finance background.
James Hamilton joined the Board in February 2012. Mr. Hamilton has been Chief Executive Officer of Vitaltech Holdings since August 2018 and Chairman of Wedge Networks, a security solution company, since August 2015. Mr. Hamilton is also the president of Valletta Capital, LLC since 2014. Mr. Hamilton has more than 25 years of leadership experience in senior executive roles across many highly successful high-tech companies. He brings proven success at building and leading high-potential, high growth companies from startup to IPO and often through acquisition. Mr. Hamilton was the CEO of Tipping Point, the renowned market leader in Intrusion Prevention Systems (IPS). Mr. Hamilton was also president of Click Security, and president of Efficient Networks, which also achieved a highly successful IPO and was later acquired by Siemens. He has also held various senior sales roles with multiple companies; most recently as SVP of worldwide sales and field operations at Cyan, Inc from March 2013 through August 2015. Mr. Hamilton is active in multiple venture capital, corporate, and charitable boards. We believe Mr. Hamilton is qualified to serve on our board of directors because of his longstanding service with us and his extensive leadership experience in senior executive roles across many highly successful high-tech companies.
David Earhart joined the Board as an External Director in July 2013. David Earhart is the President of One Identity, a Quest Software business, which was spun out of Dell Software and is backed by Francisco Partners and Elliott Management since December 2017. Previously, David was CEO of Core Security from July 2015 and served as SVP of Worldwide Field Operations for Damballa, a leading provider of advanced threat protection, from January 2013. In this role, he was responsible for record, triple-digit growth. Beginning in December 2006, David was SVP of Security (IAM) Field Operations at CA Technologies, where his team delivered 300% growth in the security business. Prior to that, David held leadership and executive positions at BMC Software and venture-backed companies within the sales, support and services functions. He holds a B.B.A. in Finance from Texas Tech University. We believe Mr. Earhart is qualified to serve on our board of directors because of his longstanding service with us and his extensive leadership experience in senior executive roles across many highly successful high-tech companies, including more than 20 years of security and systems management experience.
John Becker joined the Board as an External Director in April 2017. Mr. Becker has been a consultant since October 2013 and brings more than 30 years of security industry and technology experience and offers a lengthy record of growing highly successful companies. In addition to serving on numerous boards, he previously served as the Chief Executive Officer of Sourcefire, ScienceLogic, Approva, Cybertrust, Trusecure, and AXENT Technologies. Mr. Becker is a CPA and graduated from the Robins School of Business at the University of Richmond. We believe Mr. Becker is qualified to serve on our board of directors because of his extensive leadership experience in senior executive roles across many highly successful high-tech companies and his accounting background.
Cary Davis joined the Board in November 2017. Mr. Davis is a Managing Director at Warburg Pincus, which he joined in 1994, and focuses on investments in the software and financial technology sectors. He also serves on the boards of several private companies. Prior to joining Warburg Pincus, he was Executive Assistant to Michael Dell at Dell Computer and a consultant at McKinsey & Company. Mr. Davis received a B.A. in economics from Yale University and an M.B.A. from Harvard Business School. We believe Mr. Davis is qualified to serve on our board of directors because of his investment career in high-tech companies and experience serving on company boards.
Brian Chang joined the Board in November 2017. Mr. Chang is a Managing Director at Warburg Pincus, which he joined in 2005 and returned in 2009. Mr. Chang focuses on investments in the technology, software and financial technology sectors. He currently serves on the board of several private companies. Prior to joining Warburg Pincus, Mr. Chang worked at Merrill Lynch focusing on corporate finance and mergers and acquisitions transactions. Mr. Chang received a B.S. with Distinction in electrical engineering from Stanford University and an M.B.A. from the Stanford University Graduate School of Business. We believe Mr. Chang is qualified to serve on our board of directors because of his investment career in high-tech companies and experience serving on company boards.
Lauren Zletz joined the Board in May 2018. Ms. Zletz is a Principal at Warburg Pincus, which she joined in 2015. Prior to joining Warburg Pincus, Lauren worked in private equity at Thomas H. Lee Partners from July 2011 to July 2013, and investment banking at Greenhill & Company from June 2009 to June 2011. Lauren focuses on investments in the technology, software, and internet sectors, and has served on the boards of several companies. Lauren received an A.B. in Social Studies from Harvard College and an M.B.A. from the Stanford Graduate School of Business. We believe Ms. Zletz is qualified to serve on our board of directors because of her investment career in high-tech companies and experience serving on company boards.
Rajveer Kushwaha joined the Board in August 2018. Mr. Kushwaha is the Chief Technology Officer and a Managing Director at Warburg Pincus, which he joined in 2012. Mr. Kushwaha has over 25 years of experience in leading commercial software product development, strategic planning, technology operations, business transformation, ERP implementations, and process outsourcing initiatives at Fortune 500 companies in a variety of industries. Prior to joining Warburg Pincus, Mr. Kushwaha held senior management positions at Zimmer Holdings Inc., Dell Computer Corporation, First Data Corporation (FDC), Cummins Engine Company and Safway, Inc. He has been recognized as one of the top 100 IT innovators in the automotive/manufacturing industry, is the recipient of a CIO 100 innovation award and has filed numerous patents in the field of disruptive services technologies. Mr. Kushwaha holds an M.S. in management of technology from MIT, an M.B.A. from the University of Wisconsin at Madison and Idaho State University; a B.S. in electrical engineering from India and completed the Advanced Management Program (AMP) from Harvard University. We believe that Mr. Kushwaha is qualified to serve on our board of directors because of his significant software and technical experience and his experience holding senior management positions in the high-tech industry.
The following table identifies our current executive officers, their ages and their respective positions.
|Brett Jackson||61||Chief Executive Officer|
|Atif Ahmed||46||Vice President Sales, EMEA|
|Boris Bogod||45||Vice President, Global Cloud Operations|
|Bruce Johnson||63||Vice President, Sales North America|
|Richard Ford||43||Chief Technology Officer|
Chief Strategy Officer & EVP, Advanced Solutions
|Matt Mosley||43||Vice President, Product Management|
|Eva Markowitz||45||Vice President, Human Resources|
|J. Michael Myshrall||50||Chief Financial Officer|
|Eric Spindel||43||Vice President, General Counsel and Corporate Secretary|
|Sigurdur Stefnisson||44||Vice President, Detection|
|Michael Tamir||46||Vice President, Global Support Services|
Brett Jackson joined Cyren in May 2019 as our Chief Executive Officer. Previously, he served as Chief Executive Officer of Digital Reasoning, an artificial intelligence analytics software company, from April 2017 to February 2019. Prior to Digital Reasoning, Mr. Jackson was Chief Executive Officer of Logi Analytics from December 2008 to April 2016 and Chairman of Logi Analytics from May 2016 to October 2017. Earlier, Mr. Jackson was Chief Executive Officer of Digital Harbor and eSecurity, and previously served as Chief Operating Officer of Cybertrust (acquired by Verizon) and Axent Technologies (acquired by Symantec).
Atif Ahmed joined Cyren in July 2016 and is responsible for overseeing sales, services, strategic channels and alliances in the Europe, Middle East and Africa (EMEA) region for Cyren, as well as driving additional business in new EMEA territories. With more than 20 years of experience in the security space, Ahmed most recently served in senior sales leadership positions at AppSense from January 2015 to July 2016, Websense from April 2011 to January 2015 and Check Point Software from June 2004 to June 2010. He also previously held sales management roles in the security business unit at Azlan and at Acer UK. Mr. Ahmed holds a holds a B.Sc. in Computing from the University West of England.
Boris Bogod joined Cyren in August 2017 and is responsible for the infrastructure and operation of Cyren’s global security cloud. He brings to the task over 20 years of experience deploying, managing and optimizing IT networks and the delivery of cloud services. Mr. Bogod joined Cyren from Sears Israel (subsidiary of SHC) where he served as Director of Operations and then Vice President of Operations from August 2010 to August 2017, and previously held senior operations and infrastructure management positions for several Web based companies including ICAP, Playtech and others. Mr. Bogod holds a B.Sc. in Industrial Engineering and Management (specialization in Information Systems) from Ben-Gurion University in the Negev.
Bruce Johnson joined Cyren in August 2019 and is responsible for leading Cyren’s sales and go-to-market activities in the Americas. He has over 30 years of experience leading sales teams for high-growth cybersecurity companies, including several which have had successful exits. Bruce has held senior sales leadership positions at 4iQ (April 2018 – January 2019), Vaultive (September 2015 – March 2018), Fortscale (July 2014 – June 2015), Thales-Vormetric (May 2003 – January 2014), Entercept Security Technologies, Arcot Systems and Axent. He holds a Bachelor’s degree in Economics and Marketing from California State University in Chico.
Dr. Richard Ford joined Cyren in May 2019. Dr. Ford was previously Chief Scientist and Chief Technology Officer at Forcepoint, a developer and marketer of cybersecurity software, from January 2016 to April 2019. He spent over 20 years as a researcher of anti-malware and advanced threat detection technologies for various companies. During his career, Dr. Ford has held positions with Virus Bulletin, IBM Research, Command Software Systems, and NTT Verio. He has published numerous papers and holds several patents in the security area, and held an endowed chair as Head of the Computer Sciences and Cybersecurity Department at the Florida Institute of Technology (July 2004-July 2015). Dr. Ford holds a Bachelor’s, Master’s and D.Phil. in Physics from the University of Oxford.
Lior Kohavi joined Cyren in June 2013 as Chief Technology Officer and was appointed as Chief Strategy Officer & EVP, Advanced Solutions in May 2019. Mr. Kohavi brings over 25 years of vast experience as an engineer, product and technology executive. Previously, Mr. Kohavi held multiple leadership roles, including business strategy architect and partner group manager at Microsoft, VP and GM at Websense, VP Engineering and EVP product management and strategy at Whale Communications (Microsoft acquired). Mr. Kohavi also served as a GM at Cylink VPN Labs and led the development of cryptographic network security products at Algorithmic Research (Cylink acquired) and served as head of the Israel Air Force’s Network and Operations Systems Department. Mr. Kohavi holds a B.A. degree in computer science from Bar-Ilan University and an Executive MBA from Tel Aviv University.
Matt Mosley joined Cyren in November 2019 as the Vice President Product Management. Mr. Mosley oversees the company’s global product management team and is responsible for developing and delivering Cyren’s product vision. Previously, Mr. Mosley held multiple leadership positions at Devo (June 2018 – November 2019), where he was Vice President of Products for Devo’s Cyber Security business. Prior to Devo, Mr. Mosley served as Director of Product Management for Symantec’s MSSP business (June 2014 – March 2018) and has held other senior leadership roles with leading security firms including NetIQ, Internet Security Systems, Intellitactics, and Brabeion Software. Mr. Mosley is a frequent speaker and writer on information security topics and holds the CISSP, CISM, and CISA designations.
Eva Markowitz, SPHR, SWP, SHRM-SCP, joined Cyren as Vice President Human Resources in October 2013. With more than 15 years of Human Resource leadership, Ms. Markowitz orchestrates the management and development of Cyren’s most valuable asset: its employees. She previously worked as Human Resources Director for the Analysis Research Planning Corporation (ARPC). She has also held positions with Thomas & Herbert Consulting, LLC, and SteelCloud. Ms. Markowitz received her B.A. from the University of Maryland.
J. Michael Myshrall joined Cyren in January 2011 serving as Vice President of Corporate Development and subsequently served as Vice President of Financial Planning & Analysis. Since March 2014, Mr. Myshrall has been the company’s Chief Financial Officer. Mr. Myshrall brings two decades of investment banking, business development and technology experience. Prior to joining Cyren, he focused on technology strategy, financial advisory and mergers and acquisitions, first with Mercator Capital and more recently with Trilos Ventures. Mr. Myshrall previously held various roles with Nortel, Newbridge Networks, Corvis, and Civcom. He holds a degree in electrical engineering from the University of New Brunswick and an MBA from Harvard Business School.
Eric Spindel joined Cyren in May 2016 as General Counsel and Corporate Secretary. Mr. Spindel is responsible for all legal, regulatory, compliance, and corporate governance functions for Cyren. Before joining Cyren, he was a partner at Yigal Arnon & Co., one of Israel’s leading law firms from September 2011 to April 2016. Mr. Spindel previously practiced corporate and securities law for a number of years at Skadden, Arps, Slate, Meagher & Flom LLP and Davies Ward Phillips & Vineberg LLP, and also served as internal counsel for a private equity firm. He received a joint JD/MBA degree from Osgoode Hall Law School/Schulich School of Business in Toronto, Canada.
Sigurdur Stefnisson joined Cyren in October 2012 through the acquisition of FRISK, and serves as Cyren’s Vice President of Detection. Mr. Stefnisson joined FRISK in 1996 and contributed to the development of numerous state-of-the-art cybersecurity innovations and has become an authority in the field of advanced threat protection. Mr. Stefnisson oversees all the Advanced Threat Lab and malware research, which is integral in our development of next-generation cybersecurity solutions. He is active in the global security community as a reporter for the Wildlist Organization and as a member of CARO (Computer Antivirus Research Organization) whose mission is to research and study malware.
Michael Tamir first joined Cyren in 2000 and is responsible for Cyren’s global support, deployment and customer success teams. He has previously served as director of security solutions, director of technical services, and director of professional services at Cyren over the past 13 years. Prior to joining the company, Michael spent six years in various system administrator and IT manager roles. Michael is based in Cyren’s Toronto office.
To the best of our knowledge, there are no arrangements or understandings with major shareholders, customers, suppliers or others pursuant to which any person referred to above was selected as a director or executive officer (other than Cary Davis, Brian Chang, Lauren Zletz and Rajveer Kushwaha, who were appointed in connection with the Private Placement to Warburg Pincus as described below). There are no family relationships among any of the directors or executive officers of Cyren.
In February 2019, we announced that Mr. Samuelson intended to step down as CEO after transitioning his responsibilities to a successor but would remain in his position as Chairman of the Board. Mr. Samuelson continued in his role as CEO until May 2019 when he transitioned his responsibilities to Brett Jackson as our new CEO.
Code of Ethics
The Company, by way of Board resolution, has adopted a Code of Ethics applicable to our senior financial officers, including its principal executive, financial and accounting officers. The Code of Ethics is posted on the Company’s website at www.cyren.com, under the tab for “Corporate Governance”. We intend to provide disclosure of any amendments or waivers of our Code of Ethics on our website within four business days following the date of the amendment or waiver.
Audit Committee and Audit Committee Financial Expert
We currently have a standing audit committee. The audit committee’s duties include providing assistance to the Board in fulfilling its legal and fiduciary obligations in matters involving our accounting, auditing, financial reporting, internal control and legal compliance functions. In this respect the audit committee approves the services performed by our independent registered public accounting firm and reviews their reports regarding our accounting practices and systems of internal accounting controls. The audit committee also oversees the audits conducted by our independent registered public accounting firm and takes those actions as it deems necessary to confirm that the accountants are independent of management. Under the Companies Law, the responsibilities of the audit committee include identifying irregularities in the management of our business and approving related party transactions as required by law, classifying company transactions as extraordinary transactions or non-extraordinary transactions and as material or non-material transactions in which an officer has an interest (which will have the effect of determining the kind of corporate approvals required for such transaction), assessing the proper function of the company’s internal audit regime and determining whether its internal auditor has the requisite tools and resources required to perform his role and to regulate the company’s rules on employee complaints, reviewing the scope of work of the company’s independent accountants and their fees, and implementing a whistleblower protection plan with respect to employee complaints of business irregularities. The responsibilities of the audit committee under the Companies Law also include the following matters: (i) to establish procedures to be followed in respect of related party transactions with a controlling shareholder (where such are not extraordinary transactions), which may include, where applicable, the establishment of a competitive process for such transaction, under the supervision of the audit committee, or individual, or other committee or body selected by the audit committee, in accordance with criteria determined by the audit committee; and (ii) to determine procedures for approving certain related party transactions with a controlling shareholder, which were determined by the audit committee not to be extraordinary transactions, but which were also determined by the audit committee not to be negligible transactions.
Under the Nasdaq Listing Rules, an audit committee must consist of at least three directors meeting the independence standards under Nasdaq Listing Rules. The audit committee consists of David Earhart (chairman), Todd Thomson, John Becker and James Hamilton. The Board has determined that each member of the audit committee meets the independence requirements under the Nasdaq Listing Rules and the enhanced independence standards for audit committee members required by the SEC. In addition, the Board has determined that Todd Thomson meets the requirements of an audit committee financial expert under SEC rules.
The compensation committee is responsible for (i) proposing executive officer compensation policy, including compensation for our NEOs, to the Board, (ii) proposing necessary revisions to the compensation policy and examining its implementation, (iii) determining whether to approve transactions with respect to compensation of officers, and (iv) determining, in accordance with our compensation policy, whether to exempt the compensation terms with an unaffiliated nominee for the position of chief executive officer from requiring shareholders’ approval, provided such terms meet with the Company’s compensation policy. The compensation committee is also responsible for administering the Company’s various stock option plans, including the issuance of option grants to employees of the Company and its subsidiaries.
The compensation committee consists of John Becker (chair), Hila Karah, James Hamilton and David Earhart. The Board has determined that each member of the compensation committee meets the independence requirements under Rule 5605(a)(2) of the Nasdaq Listing Rules.
Nominating and Governance Committee
The nominating and governance committee’s responsibilities include identifying individuals qualified to become board members and recommending director nominees to the board.
The nominating and governance committee consists of Hila Karah (chair), David Earhart, James Hamilton and Brian Chang. The Board has determined that each member of the nominating and governance meets the independence requirements under Rule 5605(a)(2) of the Nasdaq Listing Rules, except Brian Chang.
Process for Shareholder Nominations
Pursuant to the provisions of the Companies Law and our Articles of Association, as amended, directors (other than External Directors (as defined in the Companies Law)) are elected by shareholders at the annual general meeting of the shareholders and hold office until the next annual general meeting following the annual general meeting at which such director is elected and until a successor is elected, or until the director is removed. An annual general meeting must be held at least once in every calendar year, but not more than 15 months after the preceding annual general meeting. Directors may be removed and other directors may be elected in their place or to fill vacancies in the Board at any time by the holders of a majority of the voting power at a general meeting of the shareholders. Until a vacancy is filled by the shareholders, the Board may appoint new directors temporarily to fill vacancies on the Board. Our Articles of Association authorize the shareholders to determine, from time to time, the number of directors.
Delinquent Section 16(a) Reports
Section 16(a) of the Exchange Act and the rules thereunder require our directors and executive officers and persons who beneficially own more than 10% of a registered class of our equity securities, to file reports with the SEC relating to their share ownership and changes in such ownership. Based on a review of our records and certain written representations received from our executive officers and directors, we believe that during the year ended December 31, 2019, all Section 16(a) filing requirements applicable to directors, executive officers and greater than 10% shareholders were complied with on a timely basis, except that Rajveer Kushwaha did not timely file a Form 3.
ITEM 11. EXECUTIVE COMPENSATION
Summary Compensation Table
The following table summarizes all compensation paid by us in the past two fiscal years to: (i) our Chief Executive Officers; (ii) our Chief Financial Officer; and (iii) our Vice President Sales, EMEA. We refer to the persons listed in (i) through (iii) collectively as our named executive officers or NEOs.
|Name and Principal Position||Year||
Non-Equity Incentive Plan
|Chief Executive Officer(8)||2018||312,000||84,600||115,000||322,366||-||30,142||864,108|
|Chief Executive Officer(9)|
|J. Michael Myshrall||2019||260,125||-||(4)||250,000||-||-||38,059||548,184|
|Chief Financial Officer||2018||260,125||99,888||69,000||-||-||45,586||474,599|
|Vice President Sales, EMEA||2018||191,835||(7)||-||46,000||-||303,164||(5)(7)||46,403||(7)||587,402|
The amounts shown represent the estimated aggregate grant date fair value of the awards made in each fiscal year relating to restricted stock units (“RSUs”) and options granted to the NEOs. The aggregate grant date fair value of these awards is computed in accordance with FASB ASC Topic 718. Assumptions used in determining the aggregate grant date fair value of RSU and option awards are set forth in Note 2 in our financial statements, which are included elsewhere in this Annual Report on Form 10-K. The stock awards represent the grant date fair value of awards to (i) Mr. Samuelson of 25,000 RSUs awarded in July 2019, (ii) Mr. Jackson of 1,080,000 stock options awarded in May 2019 and 810,000 RSUs awarded in July 2019, (iii) Mr. Myshrall of 97,276 RSUs awarded in February 2019 and (iv) Mr. Ahmed of 58,366 RSUs awarded in February 2019. Mr. Jackson’s stock option grants vest over four years beginning on May 6, 2019 and his RSU grants vest in four equal annual installments beginning on July 30, 2019; Mr. Samuelson’s RSU grants vest in four equal quarterly installments beginning on July 30, 2019; Mr. Myshrall’s and Mr. Ahmed’s RSU grants fully vested after one year on February 17, 2020.
Mr. Samuelson’s employment as Chief Executive Officer ended on May 5, 2019 with an annual base salary of $312,000, when he returned to the position as Chairman of the Board. The 2019 salary listed above is pro-rated for his partial year of employment as CEO and his compensation as Chairman is listed on page 63. Upon termination as CEO, Mr. Samuelson was also awarded severance and accrued vacation, which is included in the All Other Compensation column.
Mr. Jackson’s employment with the Company started on May 6, 2019 with an annual base salary of $365,000 and annual target bonus of $225,000. The 2019 salary listed above is pro-rated for his partial year of employment, and no executive bonuses were awarded for the 2019 fiscal year.
|(4)||No executive bonuses were awarded for the 2019 fiscal year.|
|(5)||This amount represents commission earned in 2019 and 2018 based on the achievement of pre-established sales targets.|
|(6)||Includes Social Security & Medicare paid by the Company, pension fund, 401(k) match, health insurance premiums, in the case of Mr. Ahmed, car allowance, and in the case of Mr. Samuelson, severance.|
In the case of Mr. Ahmed, converted from British Pound to U.S. Dollars using currency ratio of 1.00 British Pound Sterling = 1.3159 U.S. Dollars as of December 31, 2019.
|(8)||Mr. Samuelson served as CEO until May 5, 2019.|
|(9)||Mr. Jackson commenced his tenure as CEO on May 6, 2019.|
The following table summarizes the compensation paid by us in the past two fiscal years to our next two most highly compensated officers. This information is included solely to comply with Israeli law which requires us to provide the compensation granted to our five most highly compensated officers during the past fiscal year.
|Name and Principal Position||Year||
|Chief Technology Officer|
|Chief Strategy Officer||2018||248,562||(6)||341,052||338,900||-||-||37,409||(6)||965,923|
|(1)||The amounts shown represent the estimated aggregate grant date fair value of the awards made in each fiscal year relating to RSUs and options granted to the NEOs. The aggregate grant date fair value of these awards is computed in accordance with FASB ASC Topic 718. Assumptions used in determining the aggregate grant date fair value of RSU and option awards are set forth in Note 2 in our financial statements in our Annual Report, which are included elsewhere in this Annual Report on Form 10-K.|
|(2)||Mr. Ford’s employment with the company started on May 20, 2019 with an annual base salary of $325,000 and annual target bonus of $110,500. The 2019 salary listed above is pro-rated for his partial year of employment, and no executive bonuses were awarded for the 2019 fiscal year.|
|(3)||No executive bonuses were awarded for the 2019 fiscal year.|
|(4)||This amount represents the grant date fair value of awards to (i) Mr. Ford of 550,000 stock options which vest over four years beginning August 12, 2019 and (ii) Mr. Kohavi of 58,366 RSUs which fully vested after one year on February 17, 2020.|
|(5)||Includes Social Security & Medicare paid by the Company, pension fund, 401(k) match, severance pay fund, health insurance premiums, in the case of Mr. Kohavi, study fund.|
|(6)||In the case of Mr. Kohavi, converted from Israeli Shekel to U.S. Dollars using currency ratio of 1.00 Israeli Shekel = 0.2877 U.S. Dollar as of December 31, 2019.|
Executive Compensation Policy
On August 28, 2018, our shareholders approved the Cyren Executive Compensation Policy (the “Policy”), which had been recommended by the compensation committee and approved by the Board, for the Company’s directors and officers, in accordance with the requirements of the Companies Law. The Policy includes, among other matters prescribed by the Companies Law, a framework for establishing the terms of office and employment of the directors and officers and guidelines with respect to the structure of the variable pay of officers.
The Policy provides that the compensation package for officers shall generally consist of some or all of the following items:
|●||Fixed base salary;|
|●||Performance-based rewards (Annual, Special and Signing Bonuses)|
|●||Social benefits; and|
|●||Retirement and termination payment.|
In particular, the Policy, (i) sets an annual cap of US$450,000 for the annual base salary for officers (including the CEO); (ii) sets an annual cap of 600% of the annual base salary on equity based compensation to current officers or a one-time grant of up to 5% of outstanding shares of the Company at the date of grant for new executive hires; and (iii) sets an annual cap of 200% of the annual base salary for performance based cash awards (which may include any combination of annual bonus, special bonus in recognition of outstanding contributions and/or signing bonus for new hires).
With respect to bonuses, the calculation for each officer is a product of the Company’s performance and individual performance and the Policy further provides that the majority of any cash bonus must be based on measurable criteria (i.e. financial measures or individual performance criteria while a smaller portion may be discretionary. Equity based compensation may be granted in any form permitted under our equity incentive plans, as in effect from time to time (collectively, the “Equity Incentive Plans”), including stock options and restricted stock units. Equity grants to officers shall be made in accordance with the terms of the Equity Incentive Plans.
The Policy also includes a claw back provision which provides that officers will be required to refund any part of the annual performance-based bonuses paid based on financial results that are proven to be inaccurate and which are restated in the financial statements during the three years following the actual payment of the annual bonus, provided the officer is still employed by the Company upon publication of the restated financial statements.
The Company may indemnify, insure and exculpate the officers to the full extent permitted by applicable law from time to time, including by entering into indemnification, insurance and exculpation agreements, subject to the requisite approvals under applicable law.
Finally, the Policy provides that non-employee directors may be compensated up to the maximum pay allowable under Israeli law unless the Company’s shareholders approve higher compensation from time to time.
Our compensation committee will periodically review the Policy and monitor its implementation, and recommend to our Board and shareholders to amend the Policy as it deems necessary from time to time. The term of the Policy is three years as of the date of its adoption, during which, the Board is required to examine the Policy and revise it from time to time, if the circumstances under which it had been adopted have materially changed. Following such three-year term, the Policy, including any revisions recommended by our compensation committee and approved by our Board, as applicable, will be brought once again to the shareholders for approval.
Employment Agreements; Termination and Change in Control Provisions
We have entered into employment agreements with each of our named executive officers. A summary of the material terms of our current employment arrangements with each of these officers is set forth below. The summaries below are qualified in their entirety by reference to the text of their employment agreements, which are filed with this Annual Report on Form 10-K.
Mr. Jackson Executive Employment Agreement
Pursuant to the terms of the executive employment agreement dated April 23, 2019 between the Company and Mr. Jackson, he became our Chief Executive Officer effective May 6, 2019 following Board approval on April 23, 2019.
Under this executive employment agreement, Mr. Jackson’s employment is on an at-will basis and can be terminated by Mr. Jackson upon 30 days’ advance written notice, except in the case of termination for “Cause”. Mr. Jackson is entitled to the following compensation:
|●||An annual base salary of $365,000;|
|●||Annual bonus of up to $225,000 which will be based on pre-determined performance targets approved by the Compensation Committee and Board; and|
|●||A grant of 1,080,000 stock options and 810,000 RSUs under the Company’s 2016 Equity Incentive Plan.|
In connection with his employment with our Company, Mr. Jackson also signed a confidentiality and inventions assignment agreement.
Mr. Jackson’s executive employment agreement grants him certain rights upon termination of his employment. In connection with any termination by the Company other than for “Cause”, death or disability and other than during the period one month before and 12 months after a “change in control,” or if Mr. Jackson terminates his employment for “good reason”:
|●||an advance notice period of 3 months followed by a lump sum payment equal to 6 months of his then annual base salary;|
|●||9 months of accelerated vesting for all unvested time-based equity awards; and|
continued Company-paid COBRA coverage for 9 months.
In connection with any termination by the Company other than for “Cause” death or disability and termination occurs during the period one month before and 12 months after a “change in control,” he will be entitled to receive:
|●||A lump sum payment equal to 6 months of his then annual base salary;|
|●||100% accelerated vesting for all unvested time-based equity awards; and|
|●||continued Company-paid COBRA coverage under Cyren’s health/vision/dental plan for Executive and his eligible dependents for 6 months.|
Under Mr. Jackson’s executive employment agreement, “Cause” means (i) a dishonest act or fraud by Mr. Jackson involving his responsibilities as an employee or his failure to abide by the Company’s code of conduct or other material policies; (ii) Mr. Jackson being convicted of, or “no contest” plea to, a felony or crime involving fraud, embezzlement, dishonesty, misappropriation of funds or other moral turpitude; (iii) Mr. Jackson’s gross negligence or willful misconduct in performance of duties; (iv) Mr. Jackson’s repeated failure to perform any reasonable assigned duties after written notice from the Board; (v) a material breach by Mr. Jackson of his fiduciary duty, or duty of loyalty or breach of duty of confidentiality; or (vi) Mr. Jackson’s action or inaction which, in the reasonable discretion of the Board, causes actual material harm to the Company.
“Good Reason” means any of the following: (i) a material reduction in Mr. Jackson’s annual base salary or target bonus amount without his consent; (ii) a change in the geographic location to greater than fifty (50) miles from Cyren’s current Virginia office location without Mr. Jackson’s consent; (iii) a change in Mr. Jackson’s position with the Company which materially reduces his duties and responsibilities without his’s consent or (iv) any other action or inaction that constitutes a material breach by the Company of this Agreement.
“Change of Control” means the occurrence of either of the following events: (i) any “person” (as such term is used in Sections 13(d) and 14(d) of the Exchange Act), other than Warburg Pincus and/or its affiliates, becomes the “beneficial owner” (as defined in Rule 13d-3 under the Exchange Act), directly or indirectly, of securities of the Company representing more than 50% of the total voting power represented by the Company’s then outstanding voting securities; or (ii) the consummation of the sale or disposition by the Company of all or substantially all of the Company’s assets.
Mr. Myshrall Offer Letter
Pursuant to the terms of the Offer Letter dated January 9, 2011 between the Company and Mr. Myshrall, he became our VP, Corporate Business Development effective January 9, 2011. Mr. Myshrall was later appointed Chief Financial Officer following board approval in March 2014. The terms of Mr. Myshrall’s employment were supplemented by letter agreement on March 2, 2020.
Mr. Myshrall’s employment is on an at-will basis and can be terminated by Mr. Myshrall upon 30 days’ advance written notice, except in the case of termination for “Cause”. Mr. Myshrall is currently entitled to the following compensation:
|●||An annual base salary of $260,125;|
|●||Annual bonus of up to 40% of his base salary which will be based on pre-determined performance targets approved by the Compensation Committee and Board; and|
|●||An initial grant of 50,000 stock options under the Company’s stock option plan.|
Mr. Myshrall’s employment agreement grants him certain rights upon termination of his employment. In connection with any termination by the Company other than for “Cause”, or should Mr. Myshrall voluntarily terminate his employment for “Good Reason”, Mr. Myshrall shall be entitled to:
|●||Severance equal to 6 months of his then annual base salary; and|
Continued Company-paid COBRA coverage for 6 months;
Under Mr. Myshrall’s agreement, “Cause” is as defined in the Company’s 2016 Equity Incentive Plan.
“Good Reason” means any of the following: (i) the assignment of employment responsibilities which are not of comparable responsibility and status as the employment responsibilities held immediately prior to a change of control; (ii) a reduction of title below that of a Vice President of the Company; (iii) the requirement to relocate in order to work out of one the Company’s corporate offices, rather than working from Mr. Myshrall’s office in Virginia or (iv) a reduction by the Company of Mr. Myshrall’s annual base salary as in effect immediately prior to a change of control.
Mr. Ahmed Letter Agreement
Pursuant to the terms of an employment contract dated June 29, 2016 between the Company and Mr. Ahmed, he became our Vice President, Sales - EMEA on July 11, 2016.
Under this agreement, Mr. Ahmed’s employment is on an at-will basis and can be terminated by either party upon 90 days’ advance written notice, except in the case of termination for “Good Cause”. Mr. Ahmed is entitled to the following compensation:
|●||An annual base salary of £150,000, with any subsequent base salaries to be reviewed at the beginning of each calendar year;|
|●||Annual variable commission targets of £150,000 per year, based on the achievement of sales targets to be set annually;|
|●||A grant of 140,000 stock options under the Company’s stock option plan; and|
|●||Benefits including private medical insurance coverage of up to £19,200 per year, car allowance of £10,000 per year, and pension contribution of £5,000 per year.|
In connection with his employment with our Company, Mr. Ahmed’s agreement also includes non-disclosure and inventions assignment undertakings.
Mr. Ahmed’s agreement grants him certain rights upon termination of his employment. In connection with any termination other than for “Good Cause” or disability:
|●||Mr. Ahmed will receive his salary and the standard contractual social benefits he is entitled to receive during the notice period, whether he continues to perform his duties during the notice period or whether placed on ‘garden leave’ by the Company;|
|●||Under Mr. Ahmed’s employment agreement, “Good Cause” means (i) an action by Mr. Ahmed involving gross misconduct which affects the business of the Company; (ii) a serious or repeated breach by him of any provision of his employment agreement or a violation by him of a reasonable and lawful Company rule; (iii) him being negligent and incompetent in the performance of his duties, as reasonably determined by the Board; (iv) him being declared bankrupt or if he makes any arrangement with or for the benefit of his creditors or has a county court administration order made against him under the County Court Act 1984; (v) him being convicted of any criminal offence (other than an offence under any road traffic legislation in the United Kingdom or elsewhere for which a fine or non-custodial penalty is imposed); (vi) him becoming of unsound mind (which includes lacking capacity under the Mental Capacity Act 2005), or a patient under any statute relating to mental health; (vii) him no longer being able to work in the United Kingdom; (viii) him committing any fraudulent or dishonest acts or him acting in any manner which in the opinion of the Company brings or is likely to bring him or the Company into disrepute or is materially adverse to the interests of the Company; (ix) him committing a serious breach of any rules issued by the Company from time to time regarding its electronic communications systems.|
Equity Grant Agreements
In addition to the severance payments that would be payable under our existing employment agreements, our awards of options and RSUs to executive officers (and other employees) are subject to double trigger accelerated vesting upon a Change in Control. This means these awards are subject to accelerated vesting immediately upon a Change in Control if an officer’s employment is Involuntarily Terminated as a result of the Change in Control and not otherwise for Cause, or on the termination date if such Involuntary Termination occurs within twelve months following such Change in Control.
If the acquiring company assumes or substitutes the options in connection with the Change in Control, and the officer remains employed, 50% of the officer’s options will immediately vest and the remaining 50% will vest upon the earlier of (i) the one year anniversary of the Change in Control, provided the officer remains employed with the acquiring company; (ii) the original vesting date of the option; or (iii) an Involuntary Termination of the officer’s employment prior to such one year anniversary.
“Involuntary Termination” means termination by reason of the officer’s (i) involuntary dismissal or discharge by us other than for Cause or (ii) voluntary resignation following (a) a change in the officer’s position with us which materially reduces the officer’s duties and responsibility; (b) a reduction in the officer’s level of compensation by more than 10%; or (c) a relocation of the officer’s place of employment by more than 50 kilometers, provided and only if such change, reduction or relocation is effected without the officer’s consent.
“Cause” means the officer’s (i) theft, dishonesty, willful misconduct, breach of fiduciary duty for personal profit, or falsification of any Participating Company (as defined in the 2016 Equity Incentive Plan) documents or records; (ii) material failure to abide by a Participating Company’s code of conduct or other policies; (iii) unauthorized use, misappropriation, destruction or diversion of any tangible or intangible asset or corporate opportunity of a Participating Company; (iv) intentional act which has a material detrimental effect on the Participating Company’s reputation or business; (v) repeated failure to perform any reasonable assigned duties after written notice from a Participating Company of, and a reasonable opportunity to cure, such failure; (vi) material breach of any employment, service, non-disclosure, non-competition, non-solicitation or other similar agreement between the officer and a Participating Company, which is not cured; or (vii) conviction (including any plea of guilty or nolo contendere) of any criminal act involving fraud, dishonesty, misappropriation or moral turpitude, or which impairs the officer’s ability to perform his or her duties with a Participating Company.
“Change in Control” means the occurrence of any one or a combination of the following: (i) any person becomes the beneficial owner of 50% or more of the total fair market value or total combined voting power of our then-outstanding securities; provided, however, that a Change in Control shall not be deemed to have occurred if such beneficial ownership results from any of the following: (A) an acquisition by any person who on December 22, 2016 was the beneficial owner of more than fifty percent (50%) of such voting power, (B) any acquisition directly from us, including pursuant to or in connection with a public offering of securities, (C) any acquisition by us, (D) any acquisition by a trustee or other fiduciary under an employee benefit plan of a participating company or (E) any acquisition by an entity owned directly or indirectly by our stockholders in substantially the same proportions as their ownership of our voting securities; or (ii) (A) the direct or indirect sale or exchange by our stockholders of more than fifty percent (50%) of the total combined voting power of our then outstanding securities in a single or series of related transactions; (B) a merger or consolidation in which we are a party; or (C) the sale, exchange, or transfer of all or substantially all of our assets (other than a sale, exchange or transfer to one or more of our subsidiaries) (collectively, a “Transaction”) in which our stockholders immediately before the Transaction do not retain immediately after the Transaction direct or indirect beneficial ownership of more than fifty percent (50%) of the total combined voting power of our outstanding securities or the entity to which the assets of the Company were transferred, as the case may be; or (iii) a date specified by the compensation committee following approval by the stockholders of a plan of complete liquidation or dissolution of the Company; provided, however, that a Change in Control shall not include a transaction in which a majority of the members of the Board of the continuing, surviving or successor entity, or parent thereof, immediately after such transaction is comprised of incumbent directors. An incumbent director means a director who either (A) was a member of the Board on December 22, 2016, or (B) is elected, or nominated for election, to the Board with the affirmative votes of at least a majority of the incumbent directors at the time of such election or nomination.
Retirement or Similar Benefit Plans
Israeli law generally requires Cyren to make contributions to employees’ pensions and the payment of severance pay upon the retirement or death of an employee or upon termination of employment by the employer or, in certain circumstances, by the employee. Additionally, a general practice in Israel followed by Cyren, although not legally required, is the contribution of funds on behalf of certain employees to an individual insurance policy known as “Managers’ Insurance.” This policy provides a combination of savings plan, insurance and severance pay benefits to the insured employee. It provides for payments to the employee upon retirement or death and secures a substantial portion of the severance pay, if any, to which the employee is legally entitled upon termination of employment. Each participating employee contributes an amount equal to 6% of such employee’s base salary, and we contribute between 12.5% and 14.83% of the employee’s base salary.
In the United States, Cyren offers employees the option to participate in the Company’s 401(k) program, which provides partial Company matching up to certain annual contribution limits. Employees can contribute up to the maximum IRS annual contribution limit, and the Company will provide a 50% matching contribution up to a maximum of 3% of an employee’s annual salary. The Company match portion is subject to a 4-year vesting period.
Employee Equity Incentive Plan
Employees, including executive officers and other management employees, participate in the Company’s employee option plans. On December 22, 2016, our shareholders approved a new stock option plan - the 2016 Equity Incentive Plan (the “Employee Plan”). This plan replaced all prior employee stock option plans which terminated.
The Employee Plan allows for the issuance of RSUs, as well as options. The options and RSUs generally vest over a period of four years but may have shorter vesting periods under certain circumstances. Options granted under the Employee Plan generally expire after six years from the date of grant. Options and RSUs cease vesting upon termination of the optionee’s employment or other relationship with the Company. The per share exercise price for options shall be no less than 100% of the fair market value per ordinary share on the date of grant. Any options and RSUs that are canceled or not exercised within the option term become available for future grant.
All employee stock option plans are administered by the compensation committee. Subject to the provisions of the equity plans and applicable law, the compensation committee has the authority to determine, among other things, to whom options may be granted; the number of ordinary shares to which an option may relate; the exercise price for each share; the vesting period of the option and the terms, conditions and restrictions thereof, including accelerated vesting on change in control provisions; to amend provisions relating to such plans; and to make all other determinations deemed necessary or advisable for the administration of such plans.
Non-Employee Director Equity Incentive Plan
On December 22, 2016, our shareholders approved the 2016 Non-Employee Director Equity Incentive Plan (the “Non-Employee Plan”). This plan replaced all previous non-employee stock option plans which terminated. The Non-Employee Plan allows for the issuance of RSUs, as well as options. Each option and RSU granted under the Non-Employee Plan generally vests over a period of four years. Each option has an exercise price equal to the fair market value of the ordinary shares on the grant date of such option. Options granted under the Non-Employee Plan generally expire after six years from the date of grant. Options and RSUs cease vesting upon termination of the relationship with the Company, unless the terminated relationship is with a director who has served the Company for at least three years, and he has not resigned voluntarily or was not removed from the Board due to a failure to perform any of his/her duties to the Company, in which case all unvested options or RSUs would be subject to full accelerated vesting.
Outstanding Equity Awards at Fiscal Year-End
The following table sets forth the outstanding equity awards at fiscal year-end, or December 31, 2019, for our named executive officers.
|Option Awards||Stock Awards|
|Number of Securities Underlying Unexercised Options||
|Chief Executive Officer(8)||28,797||1.44||02/10/2022|
|Chief Executive Officer(9)|
|J. Michael Myshrall||40,000||3.32||05/14/2020||119,776||(6)||153,313|
|Chief Financial Officer||60,000||3.00||02/18/2021|
|Vice President Sales,|
|(1)||The amounts in this column are based on the closing price of our ordinary shares on December 31, 2019 of $1.28.|
|(2)||This amount reflects 50,000 RSUs which vest in four equal annual installments beginning on January 25, 2019, and 25,000 RSUs which vest in four equal quarterly installments beginning on October 30, 2019 subject to earlier vesting upon a change of control.|
|(3)||This amount represents options, one quarter of which vest on August 28, 2019 and the remainder of which vest in equal monthly installments for the next 36 months thereafter, subject to earlier vesting upon a change of control.|
|(4)||This amount represents options, one quarter of which vest on May 6, 2020 and the remainder of which vest in equal monthly installments for the next 36 months thereafter, subject to earlier vesting upon a change of control.|
|(5)||This amount reflects RSUs which vest in four equal annual installments beginning on July 30, 2020 subject to earlier vesting upon a change of control.|
|(6)||This amount reflects 30,000 RSUs which vest in four equal annual installments beginning on January 25, 2019, and 97,276 RSUs which vest in one annual installment on February 17, 2020 subject to earlier vesting upon a change of control.|
This amount reflects 20,000 RSUs which vest in four equal annual installments beginning on January 25, 2019, and 58,366 RSUs which vest in one annual installment on February 17, 2020 subject to earlier vesting upon a change of control.
|(8)||Mr. Samuelson served as CEO until May 5, 2019.|
|(9)||Mr. Jackson commenced his tenure as CEO on May 6, 2019.|
Under the Companies Law, as amended, pursuant to Amendment 20 of the Companies Law, our directors can be paid for their services as directors to the extent such payments are in accordance with the compensation policy adopted by the Company after approval by the compensation committee, our Board and our shareholders by ordinary majority, or, if their compensation deviates from the compensation policy, after approval by the compensation committee, our Board and our shareholders by a special majority, provided that (i) the majority of the votes includes at least a majority of all the votes of shareholders who are not controlling shareholders of the Company or who do not have a personal interest in the compensation paid to the directors and participating in the vote or (ii) the total of opposing votes from among the shareholders described in subsection (i) above does not exceed 2% of all the voting rights in the company.
At the Company’s Annual Meeting of Shareholders held on July 30, 2019 (the “2019 Annual Meeting”), the Company’s shareholders approved the amendment of the Company’s non-executive director compensation policy and approved that, the cash compensation paid to non-employee directors (other than Mr. Samuelson, our Chairman) will be $7,500 per quarter and $15,000 for the Lead Director. Directors also are reimbursed for their expenses for each Board meeting attended. New non-employee directors are currently entitled to an initial grant of 50,000 options. In addition, it was approved that non-employee directors who are re-elected at the annual meeting of shareholders are entitled to additional grants of 20,000 RSUs, Mr. Thomson who is entitled to an annual grant of 30,000 RSUs in his capacity as Lead Director and David Earhart who is entitled to an annual grant of 24,000 RSUs in his capacity as Chairperson of the Audit Committee.
Shareholders further approved in the 2019 Annual Meeting the compensation terms for Lior Samuelson as non- executive Chairman of the Board. Effective May 5, 2019, Lior Samuelson stepped down as our CEO, however, he continues to serve as Chairman of our Board. Mr. Samuelson previously did not receive compensation for his service as Chairman of our Board while serving as our CEO. Our Shareholders approved that Mr. Samuelson is entitled to annual cash compensation of $15,000 per month, paid quarterly as of May 6, 2019. Mr. Samuelson also received a grant of 25,000 RSUs which was issued to him on the date of the 2019 Annual Meeting, as well as the following additional terms with respect to Mr. Samuelson’s previous equity grants: (i) existing vested options will expire on the earlier of (x) 6 years from date of grant and (y) three months after Mr. Samuelson’s service as a director ends; (ii) existing unvested equity grants will fully vest on May 6, 2020 (one year after the first day of Mr. Samuelson’s service as Chairman-only); and (iii) accelerated vesting for unvested equity grants should Mr. Samuelson be removed as Chairman without cause prior to May 6, 2020.
The table below summarizes the compensation paid by us to our non-employee directors for services rendered in 2019.
|(1)||The amounts shown in these columns represent the estimated aggregate grant date fair value of the RSU and option awards granted to the non-employee directors in 2019. The aggregate grant date fair value of these awards is computed in accordance with FASB ASC Topic 718. Assumptions used in determining the aggregate grant date fair value of RSU and option awards are set forth in Note 2.q in our financial statements, which is included elsewhere in this Annual Report on Form 10-K.|
|(2)||Each director, with the exception of Mr. Davis and Mr. Chang who joined our Board in November 2017 and Ms. Zletz and Mr. Kushwaha who joined our Board during 2018, received a grant on January 1, 2018 of 10,000 RSUs under our 2016 Non-Employee Director Equity Incentive Plan. Mr. Thompson, our Lead Director, received a grant of 20,000 RSUs. Mr. Davis and Mr. Chang each received a grant of 50,000 options on January 1, 2018, and Ms. Zletz and Mr. Kushwaha each received a grant of 50,000 options on August 28, 2018, upon joining our Board.|
|(3)||Mr. Samuelson’s employment as Chief Executive Officer ended on May 5, 2019, when he returned to the position as Chairman of the Board with an annual base salary of $180,000. The fees above are pro-rated for his partial year of service as Chairman.|
|(4)||The table below sets forth the aggregate number of RSUs and unexercised stock options outstanding at December 31, 2019 for each of our non-employee directors.|
Aggregate Number of RSUs Outstanding
Aggregate Number of Unexercised
Stock Options Outstanding at
ITEM 12. SECURITY OWNERSHIP OF CERTAIN BENEFICIAL OWNERS AND MANAGEMENT AND RELATED STOCKHOLDER MATTERS
The following table sets forth certain information with respect to the beneficial ownership of our ordinary shares, as of February 29, 2020 (the “Reporting Date”), by (i) each person known to us to beneficially own more than 5% of our ordinary shares; (ii) our named executive officers for the fiscal year ended December 31, 2019; (iii) each director; and (iv) all of the executive officers and directors as a group. Except as shown in the table, no other person is known by us to beneficially own more than 5% of our outstanding ordinary shares. The percentage of shares beneficially owned is based on 59,946,350 ordinary shares outstanding as of February 29, 2020.
|Name of Beneficial Owner(1)||Number of Ordinary Shares Beneficially Owned(2)||Percent(2)|
|Holding more than 5%:|
|WP XII Investments B.V. (3)||32,211,020||53.73||%|
|Yelin Lapidot Holdings Management Ltd. (4)||4,882,373||8.14||%|
|Named Executive Officers and Directors:|
|Brett Jackson (5)||—||*||%|
|J. Michael Myshrall (6)||299,996||*||%|
|Atif Ahmed (7)||175,946||*|
|Lior Samuelson (8)||633,734||1.05||%|
|Hila Karah (9)||109,765||*|
|James Hamilton (10)||44,167||*|
|Todd Thomson (11)||61,667||*|
|David Earhart (12)||44,167||*|
|John Becker (13)||57,500||*|
|Cary Davis (14)(15)||32,241,645||53.76||%|
|Brian Chang (14)(16)||32,241,645||53.76||%|
|Lauren Zletz (17)||21,250||*|
|Rajveer Kushwaha (14)(18)||32,232,270||53.75||%|
|Total of all Executive Officers and Directors as a Group (22 persons) (19)||35,210,103||56.86||%|
|*||Less than one percent.|
|(1)||Unless otherwise indicated, the address of each of the beneficial owners identified is c/o Cyren Inc., 1430 Spring Hill Road, Suite 330, McLean, VA 22102.|
|(2)||The number and percentage of shares beneficially owned by each person has been determined in accordance with Rule 13d-3 of the Exchange Act. Pursuant to the rules of the SEC, the number of ordinary shares deemed outstanding includes ordinary shares issuable upon settlement of RSUs held by the respective person or group that will vest within 60 days of the Reporting Date and pursuant to options held by the respective person or group that are currently exercisable or may be exercised within 60 days of the Reporting Date. Unless otherwise indicated in the footnotes or table, each person or entity has sole voting and investment power with respect to the shares shown as beneficially owned.|
|(3)||Based on a Schedule 13D/A as filed with the SEC on February 10, 2020. The shareholder of the Company is WP XII Investments B.V., a company incorporated in the Netherlands (“WP XII Investments”), which is wholly owned by WP XII Investments Coöperatief U.A., a company incorporated in the Netherlands (“WP XII Investments Coöperatief”), which itself is wholly owned by (i) Warburg Pincus (Callisto) Private Equity XII (Cayman), L.P., a Cayman Islands exempted limited partnership (“WP XII Callisto”), (ii) Warburg Pincus (Europa) Private Equity XII (Cayman), L.P., a Cayman Islands exempted limited partnership (“WP XII Europa”), (iii) Warburg Pincus (Ganymede) Private Equity XII (Cayman), L.P., a Cayman Islands exempted limited partnership (“WP XII Ganymede”), (iv) Warburg Pincus Private Equity XII-B (Cayman), L.P., a Cayman Islands exempted limited partnership (“WP XII-B”), (v) Warburg Pincus Private Equity XII-D (Cayman), L.P., a Cayman Islands exempted limited partnership (“WP XII-D”), (vi) Warburg Pincus Private Equity XII-E (Cayman), L.P., a Cayman Islands exempted limited partnership (“WP XII-E”), (vii) Warburg Pincus XII Partners (Cayman), L.P., a Cayman Islands exempted limited partnership (“Warburg Pincus XII Partners”), and (viii) WP XII Partners (Cayman), L.P., a Cayman Islands exempted limited partnership (“WP XII Partners,” and together with WP XII Callisto, WP XII Europa, WP XII Ganymede, WP XII-B, WP XII-D, WP XII-E and Warburg Pincus XII Partners, the “WP XII Funds”). Warburg Pincus LLC, a New York limited liability company (“WP LLC”), is the manager of the WP XII Funds. Warburg Pincus (Cayman) XII, L.P., a Cayman Islands exempted limited partnership (“WP XII Cayman GP”), is the general partner of each of the WP XII Funds. Warburg Pincus (Cayman) XII GP LLC, a Delaware limited liability company (“WP XII Cayman GP LLC”), is the general partner of WP XII Cayman GP. Warburg Pincus Partners II (Cayman), L.P., a Cayman Islands exempted limited partnership (“WPP II Cayman”), is the sole member of WP XII Cayman GP LLC. Warburg Pincus (Bermuda) Private Equity GP Ltd., a Bermuda exempted company (“WP Bermuda GP”), is the general partner of WPP II Cayman. Investment and voting decisions with respect to the ordinary shares are made by a committee comprised of three or more individuals and all members of such committee disclaim beneficial ownership of the shares. WP XII Investments has shared power to vote or direct the vote with respect to all of the shares and shared power to dispose or direct the disposition of all of the shares. The address of WP XII Investments is c/o Warburg Pincus & Co., 450 Lexington Avenue, New York, NY 10017.|
|(4)||Based on a Schedule 13G/A as filed with the SEC on February 10, 2020. As of December 31, 2019, these securities were beneficially owned as follows: (i) 4,874,624 Ordinary Shares beneficially owned by mutual funds managed by Yelin Lapidot Mutual Funds Management Ltd. and (ii) 7,749 Ordinary Shares beneficially owned by provident funds managed by Yelin Lapidot Provident Funds Management Ltd. The securities are beneficially owned by provident funds managed by Yelin Lapidot Provident Funds Management Ltd. and/or mutual funds managed by Yelin Lapidot Mutual Funds Management Ltd. (the “Subsidiaries”), each a wholly-owned subsidiary of Yelin Lapidot Holdings Management Ltd. (“Yelin Lapidot Holdings”). Dov Yelin and Yair Lapidot each own 24.38% of the share capital and 25.004% of the voting rights of Yelin Lapidot Holdings. Any economic interest or beneficial ownership in any of these securities is held for the benefit of the members of the provident funds or mutual funds, as the case may be. Each of Messrs. Yelin and Lapidot, Yelin Lapidot Holdings, and the Subsidiaries disclaims beneficial ownership of any these securities. Yelin Lapidot Holdings has shared power to vote or direct the vote with respect to all of the shares and shared power to dispose or direct the disposition of all of the shares. The address of Messrs. Yelin and Lapidot, Yelin Lapidot Holdings, and the Subsidiaries is 50 Dizengoff St., Dizengoff Center, Gate 3, Top Tower, 13th floor, Tel Aviv 64332, Israel.|
There are no shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date. This amount excludes (i) 810,000 RSUs that have not yet vested and (ii) 1,080,000 shares issuable upon exercise of options that have not yet vested.
|(6)||This amount includes 170,306 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date. This amount excludes 335,000 RSUs that have not yet vested.|
|(7)||This amount includes 140,000 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date. This amount excludes 10,000 RSUs that have not yet vested.|
|(8)||This amount includes 443,385 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date. This amount excludes 17,500 RSUs that have not yet vested and (ii) 160,412 shares issuable upon exercise of options that have not yet vested.|
|(9)||This amount includes 33,334 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date. This amount excludes (i) 32,500 RSUs that have not yet vested.|
|(10)||This amount includes 16,667 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date. This amount excludes 32,500 RSUs that have not yet vested.|
|(11)||This amount includes 16,667 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date. This amount excludes 55,000 RSUs that have not yet vested.|
|(12)||This amount includes 16,667 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date. This amount excludes 36,500 RSUs that have not yet vested.|
|(13)||This amount includes 50,000 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date. This amount excludes 32,500 RSUs that have not yet vested.|
|(14)||Each of Messrs. Davis, Chang and Kushwaha (each, a “Warburg Director”) is an indirect beneficial owner of WP Bermuda GP, and a Member and Managing Director of WP LLC. 32,211,020 of the shares indicated as held by each of the Warburg Directors are included because of his affiliation with the Warburg Entities and the WP XII Funds. See footnote (3) above for additional information. Each Warburg Director disclaims beneficial ownership of all shares owned by the Warburg Entities and the WP XII Funds except to the extent of any indirect pecuniary interest therein. Each of the Warburg Directors has shared power to vote or direct the vote with respect to all of the shares and shared power to dispose or direct the disposition of all of the shares. The address of each Warburg Director is c/o Warburg Pincus & Co., 450 Lexington Avenue, New York, NY 10017.|
|(15)||This amount includes 28,125 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date. This amount excludes (i) 21,875 options and (ii) 27,500 RSUs that have not yet vested.|
|(16)||This amount includes 28,125 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date. This amount excludes (i) 21,875 options and (ii) 27,500 RSUs that have not yet vested.|
|(17)||This amount includes 21,250 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date. This amount excludes (i) 31,250 options and (ii) 27,500 RSUs that have not yet vested. The address of Ms. Zletz (also a Warburg Director) is c/o Warburg Pincus & Co., 450 Lexington Avenue, New York, NY 10017.|
|(18)||This amount includes 21,250 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date. This amount excludes (i) 31,250 options and (ii) 27,500 RSUs that have not yet vested.|
|(19)||This amount includes an aggregate of 1,979,776 shares issuable upon exercise of options which are fully vested or that will vest within 60 days of the Reporting Date exercisable. There are no RSUs that will vest within 60 days after the Reporting Date.|
Equity Compensation Plans
The following table gives information about Cyren’s ordinary shares that may be issued under Cyren’s existing equity compensation plans as of December 31, 2019:
securities to be
options and RSUs
available for future
the first column)
|2016 Equity Incentive Plan||7,965,417||$||2.11||8,515,306|
|2016 Non-Employee Director Equity Incentive Plan||1,138,382||$||2.52||1,396,882|
|(1)||Reflects the weighted-average exercise price of outstanding options only, because there is no exercise price associated with the vesting of RSUs.|
ITEM 13. CERTAIN RELATIONSHIPS AND RELATED TRANSACTIONS, AND DIRECTOR INDEPENDENCE
Certain Relationships and Related Transactions
Under applicable Nasdaq Listing Rules, all related person transactions must be approved by our audit committee or another independent body of the Board. Current SEC rules define transactions with related persons to include any transaction, arrangement or relationship (i) in which the company is a participant, (ii) in which the amount involved exceeds $120,000 (or, in the case of a smaller reporting company, the lesser of $120,000 or one percent of the average of the company’s total assets at year-end for the last two completed fiscal years), and (iii) in which any executive officer, director, director nominee, beneficial owner of more than 5% of the company’s common stock, or any immediate family member of such persons has or will have a direct or indirect material interest. All directors must recuse themselves from any discussion or decision in which they may have a conflict (i.e. matters affecting their personal, business or professional interests). In addition, pursuant to the Companies Law, certain related party transactions, including (i) engagements with our officers, (ii) engagements with our controlling shareholder, and (iii) substantial private placements, require the approval of our audit or compensation committee, board of directors and shareholders.
Except as set forth below, since January 1, 2018, we have not had any relationships or transactions with any of our executive officers, directors, beneficial owners of more than 5% of our ordinary shares or any immediate family member of such persons that were required to be reported pursuant to Item 404(a) of Regulation S-K.
On November 6, 2017, Warburg Pincus, our controlling shareholder, purchased 10.6 million ordinary shares from us for $1.85 per share, representing gross proceeds of approximately $19.6 million. In connection with the private placement, we entered into a registration rights agreement with Warburg Pincus with respect to such ordinary shares.
On December 5, 2018, the Company issued $10.0 million aggregate principal amount of Convertible Notes in a private placement to affiliates of Yelin Lapidot Holdings Management Ltd., which holds more than 5% of the Company’s securities. For more information regarding the Convertible Notes, see “Financings” above.
On November 7, 2019, following the closing of the Rights Offering, we issued 4,624,277 ordinary shares to Warburg Pincus, our controlling shareholder, upon exercise of its basic and over-subscription rights in the Rights Offering. The ordinary shares were issued at $1.73 per share, for a total of approximately $8 million of gross proceeds to the Company. For more information regarding the Rights Offering, see “Financings” above.
On March 19, 2020, our CEO, Brett Jackson, participated in our offering of Convertible Debentures, in which he purchased from the Company a Convertible Debenture in the principal amount of $250,000 pursuant to a purchase agreement. We also entered into a registration rights agreement with Mr. Jackson and the other purchasers pursuant to which we agreed to, among other things, file one or more registration statements with the SEC within sixty days of the date of the registration rights agreement upon any conversion of the Convertible Debentures or as interest payments. For more information regarding the Convertible Debentures, see “Financings” above.
Controlled Company Status
We are a controlled company as defined in Rule 5615(c)(1) of the Nasdaq Listing Rules because Warburg Pincus holds more than 50% of our voting power for the election of directors. Therefore, we are not required under Nasdaq rules to have a majority of our board of directors be independent, nor are we required to have a compensation committee or an independent nominating function. We nevertheless have a Compensation Committee comprised of all independent directors. In light of our status as a controlled company, at present, five out of ten directors on our board are independent. In addition, our Nominating and Governance Committee, while not comprised solely of independent directors, is comprised of a majority of independent directors, as more fully described below.
Each year, the Board undertakes a review of director independence, which includes a review of each director’s responses to questionnaires asking about any relationships with us. This review is designed to identify and evaluate any transactions or relationships between a director or any member of his or her immediate family and us, or members of our senior management or other members of our Board, and all relevant facts and circumstances regarding any such transactions or relationships. Consistent with these considerations, our Board has affirmatively determined that all of our non-employee directors, who are listed below, are “independent directors” pursuant to Nasdaq Listing Rule 5605(a)(2):
The Companies Law requires Israeli companies with shares that have been offered to the public in or outside of Israel to appoint at least two External Directors, unless certain conditions are met by the company pursuant to the Israeli Companies Regulations (Relief for Companies Whose Shares are Registered for Trading Outside of Israel) – 2000 (the “Relief Regulations”), as further detailed below. According to the Companies Law, no person may be appointed as an External Director if the person or the person’s relative, partner, employer or any entity under the person’s control has or had, on or within the two years preceding the date of the person’s appointment to serve as External Director, any affiliation with the company or any entity controlling, controlled by or under common control with the company. The External Directors are John Becker and David Earhart. The term affiliation includes:
|●||an employment relationship;|
|●||a business or professional relationship maintained on a regular basis;|
|●||service as an officer or director.|
The Israeli Minister of Justice, in consultation with the Israeli Securities Authority, may determine that certain matters will not constitute an affiliation, and has issued certain regulations with respect thereof. In addition, pursuant to provisions of the Companies Law, a business or professional relationship maintained on a regular basis will not constitute affiliation if the relationship commenced after the appointment of the External Director for office, the company and the External Director consider the relationship to be negligible and the audit committee approved, based on information presented to it, that the relationship is negligible, and the External Director declared that he did not know and could not have reasonably known about the formation of the relationship and has no control over their existence or termination.
If the company does not have a controlling shareholder or a shareholder who holds company shares entitling him to vote at least 25% of the votes in a shareholders meeting, then the company may not appoint as an External Director any person or such person’s relative, partner, employer or any entity under the person’s control, who has or had, on or within the two years preceding the date of the person’s appointment to serve as External Director, any affiliation with the Chairman of the Board, Chief Executive Officer, a substantial shareholder who holds at least 5% of the issued and outstanding shares of the company or voting rights which entitle him to vote at least 5% of the votes in a shareholders meeting, or the Chief Financial Officer.
No person may serve as an External Director if the person’s position or other business activities create, or may create, a conflict of interest with the person’s responsibilities as an External Director or may otherwise interfere with the person’s ability to serve as an External Director. Additionally, no person may serve as an External Director if the person, the person’s relative, spouse, employer or any entity controlling or controlled by the person, has a business or professional relationship with someone with whom affiliation is prohibited, even if such relationship is not maintained on a regular basis, excepting negligible relationships, or if such person received from the company any compensation as an External Director in excess of what is permitted by the Companies Law. If, at the time External Directors are to be appointed, all current members of the Board who are not controlling shareholders or relatives of such shareholders are of the same gender, then at least one External Director must be of the other gender. Under the Companies law, at least one of the External Directors is required to have “financial and accounting expertise,”, and the other External Director or Directors are required to have either “professional expertise,” or “financial and accounting expertise”, all as defined under the Companies Law. However, if at least one of our other directors (i) meets the independence requirements under the Securities Exchange Act of 1934, as amended, or (ii) meets the standards of the Nasdaq Listing Rules for membership on the audit committee, and (iii) has accounting and financial expertise as defined under Israeli law, then neither of our External Directors is required to possess accounting and financial expertise as long as both possess other requisite “professional expertise”.
A director can satisfy the requirements of having “financial and accounting expertise” if due to his or her education, experience and qualifications he or she has acquired expertise and understanding in business and accounting matters and financial statements, in a manner that allows him or her to understand, in depth, the company’s financial statements and to spur a discussion regarding the manner in which the financial data is presented.
A public company’s board of directors must evaluate the proposed External Director’s expertise in finance and accounting, by considering, among other things, such candidate’s education, experience and knowledge in the following: (i) accounting and auditing issues typical to the field in which the company operates and to companies of a size and complexity similar to such company; (ii) the company’s independent public accountant’s duties and obligations; (iii) preparation of the company’s consolidated financial statements and their approval in accordance with the Companies Law and the Israeli Securities Law - 1968.
A director is deemed to have “professional expertise” if he or she meets any of the following criteria: (i) has an academic degree in any of the following professions: economics, business administration, accounting, law or public administration; (ii) has a different academic degree or has completed higher education in a field that is the company’s main field of operations, or a field relevant to his or her position; or (iii) has at least five years’ experience in any of the following, or has at least a cumulative total of at least five years’ experience in any two of the following: (A) a senior position in the business management of a corporation with a significant extent of business, (B) a senior public position or a senior position in public service, or (C) a senior position in the company’s main field of operations. As with a candidate’s expertise in finance and accounting, the board of directors here too must evaluate the proposed External Director’s “professional qualification” in accordance with the criteria set forth above.
The declaration required by law to be signed by a candidate to serve as External Director must include a statement by such candidate concerning his or her education and experience, if relevant, in order that the Board may properly evaluate whether such candidate meets the requirements of having “financial and accounting expertise” or having “professional expertise” as set forth in the regulations. Additionally, the candidate should submit documents and certificates that support the statements set forth in the declaration.
External Directors are to be elected by a majority vote at a shareholders’ meeting, provided that either:
|●||such majority includes a majority of the shares held by non–controlling shareholders and shareholders who have no personal interest in the election of the External Directors (excluding a personal interest that is not related to a relationship with the controlling shareholders) who are present and voting at the meeting; or|
|●||the total number of shares held by non–controlling shareholders and disinterested shareholders voting against the election of the director at the meeting does not exceed two percent of the aggregate voting rights in the company.|
The initial term of an External Director is three years and may be extended for up to two additional periods of three years each. However, under regulations promulgated pursuant to the Companies law, companies whose shares are listed for trading on specified exchanges outside of Israel, including the Nasdaq Global Select, Global and Capital markets, may propose that an External Director be reelected by the shareholders for such additional periods, beyond the initial three terms, of up to three years each only if (1) the audit committee and the Board, in nominating the External Director, confirms that, in light of the External Director’s expertise and special contribution to the work of the board of directors and its committees, the reelection for such additional period(s) is beneficial to the company, (2) the election was approved by the majority of shareholders required to appoint External Directors for their initial term and (3) the term during which the nominee has served as an external director and the reasons given by the audit committee and board of directors for extending his or her term of office having been presented to the shareholders prior to their approval.
External Directors may be re-elected for additional terms of three years each as set forth above, provided that with respect to the appointment for each such additional three-year term, one of the following has occurred: (i) the reappointment of the External Director has been proposed by one or more shareholders holding together 1% or more of the aggregate voting rights in the company and the appointment was approved at the general meeting of the shareholders by a simple majority, provided that: (1)(x) in calculating the majority, votes of controlling shareholders or shareholders having a personal interest in the appointment as a result of an affiliation with a controlling shareholder and abstentions are disregarded and (y) the total number of shares of shareholders who do not have a personal interest in the appointment as a result of an affiliation with a controlling shareholder and/or who are not controlling shareholders, present and voting in favor of the appointment exceed 2% of the aggregate voting rights in the company, and (2) the External Director who has been nominated in such fashion is not a linked or competing shareholder, and does not have or has not had, on or within the two years preceding the date of such person’s appointment to serve as another term as External Director, any affiliation with a linked or competing shareholder. The term “linked or competing shareholder” means either the shareholder(s) who nominated the external director for reappointment or a material shareholder of the company holding more than 5% of the shares in the company, provided that at the time of the reappointment, such shareholder(s) of the company, the controlling shareholder of such shareholder(s) of the company, or a company under such shareholder(s) of the company’s control, has a business relationship with the company or are competitors of the company; the Israeli Minister of Justice, in consultation with the Israeli Securities Authority, may determine that certain matters will not constitute a business relationship or competition with the company; (ii) the reappointment of the External Director has been proposed by the board of directors and the appointment was approved by the majority of shareholders required for the initial appointment of an External Director or (iii) the External Director has proposed himself for reappointment and the appointment was approved by the majority of shareholders required under Section (i) above.
External Directors may be removed only by the same percentage of shareholders as is required for their election, or by a court, and then only if the External Director ceases to meet the statutory qualifications for their appointment or if they violate their fiduciary duty to the company. Each committee of a company’s board of directors which has been granted any authority normally reserved for the board of directors must include at least one External Director provided, however that each of the audit committee and the compensation committee, which are statutorily required under the Companies Law, must include all External Directors.
An External Director is entitled to compensation as provided in the regulations adopted under the Companies Law and is otherwise prohibited from receiving any other compensation, directly or indirectly, in connection with service provided as an External Director.
ITEM 14. PRINCIPAL ACCOUNTING FEES AND SERVICES
Kost, Forer, Gabbay & Kasierer, a member of Ernst & Young Global (“EY Global”), has served as our independent registered public accounting firm for each of the fiscal years in the two-year period ended December 31, 2019, for which audited financial statements appear in this Annual Report. The following table presents the aggregate fees billed to us for audit and other services provided by Kost, Forer, Gabbay & Kasierer, a member of EY Global, and other members of EY Global during the years ended December 31, 2019 and 2018:
|Audit Fees (1)||$||243||$||215|
|Tax Fees (2)||9||8|
|All Other Fees||-||-|
|(1)||Audit fees consist of fees billed for the annual audit services engagement and other audit services, which are those services that only the independent registered public accounting firm can reasonably provide, and include the group audit including statutory audits; consents; and assistance in connection with documents filed with the SEC.|
|(2)||Tax fees are for professional services rendered by our auditors for tax compliance, tax advice on actual or contemplated transactions, tax consulting associated with international transfer prices and global mobility of employees.|
Audit Committee Pre-approval Policies and Procedures
Below is a summary of our current policies and procedures:
The main role of the Company’s audit committee is to assist the Board in fulfilling its responsibility for oversight of the quality and integrity of the accounting, auditing and reporting practices of the Company. The audit committee oversees the appointment, compensation, and oversight of the Company’s independent registered public accounting firm engaged to prepare or issue an audit report on the financial statements of the Company. The audit committee’s specific responsibilities in carrying out its oversight role include the approval of all audit and non-audit services to be provided by the external auditor, the quarterly review of the firm’s non-audit services and related fees and the potential impact of such services on auditor independence. These services may include audit services, audit-related services, tax services and other services, as described above. It is the policy of the audit committee to approve in advance the particular services or categories of services to be provided to the Company periodically. Additional services may be pre-approved by the audit committee on an individual basis during the year. The audit committee did not avail itself of section (c)(7)(i)(C) of Rule 2-01 of Regulation S-X during 2019, which allows for an exemption from the pre-approval process under certain limited circumstances. Consistent with these policies and procedures, the audit committee approved all of the services rendered by Kost, Forer, Gabbay & Kasierer, a member of EY Global, and other members of EY Global during fiscal year 2019, as described above.
ITEM 15. EXHIBITS, FINANCIAL STATEMENT SCHEDULES
|(a)||Documents filed as part of this report:|
See Item 8 for Financial Statements included with this Annual Report.
|(2)||Financial Statement Schedules|
|Incorporated by Reference|
|Exhibit No.||Exhibit Description||Form||Period Covered or Date of Filing|
|3.2||Amended and Restated Articles of Association of the Company, as amended on July 30, 2019.||8-K||
|4.1||Description of Securities*|
|10.1||2016 Non-Employee Director Equity Incentive Plan, as amended and restated.†||8-K||08/02/2019|
|10.2||2016 Equity Incentive Plan, as amended and restated.†||8-K||08/02/2019|
|10.3||Form of Notice of Grant under the 2016 Equity Incentive Plan.†||10-K||
December 31, 2018
|10.4||Form of Notice of Grant under the Non-Employee Director 2016 Equity Incentive Plan.†||10-K||
December 31, 2018
|10.5||Summary of Director Compensation.*|
|10.6||The Executive Compensation Policy of the Company, as approved in August 2018||6-K||07/02/2018|
|10.7||Form of Convertible Note.||10-K||
December 31, 2018
|10.8||Securities Purchase Agreement dated November 6, 2017 between Cyren Ltd. and WP XII Investments BV.||20-F||
December 31, 2017
|10.9||Registration Rights Agreement dated November 6, 2017 between Cyren Ltd. and WP XII Investments BV.||20-F||
December 31, 2017
|10.10||Form of Indemnification Agreement†||6-K||07/02/2018|
|10.12||Offer Letter dated January 9, 2011, between Commtouch Ltd. and J. Michael Myshrall, as supplemented on March 2, 2020.†*|
|10.13||Employment Contract dated June 29, 2016 between Cyren GmbH and Atif Ahmed†||10-K||
December 31, 2018
|10.14||Offer Letter dated November 19, 2013 between Commtouch Inc. and Lior Samuelson.||10-K||
December 31, 2018
|21||List of Subsidiaries of the Company.*|
|23.1||Consent of Kost, Forer, Gabbay & Kasierer, independent registered public accounting firm.*|
|31.1||Certification of Company’s Principal Executive Officer Pursuant to Exchange Act Rule 13a-14(a) or 15d-14(a).*|
|31.2||Certification of Company’s Principal Financial Officer Pursuant to Exchange Act Rule 13a-14(a) or 15d-14(a).*|
|32.1||Certification of Company’s Principal Executive Officer and Principal Financial Officer Pursuant to 18 U.S.C. 1350. **|
The following materials from our Annual Report on Form 10-K for the year ended December 31, 2019 formatted in XBRL (eXtensible Business Reporting Language): (i) the Consolidated Balance Sheets, (ii) the Consolidated Statements of Operations, (iii) the Consolidated Statements of Comprehensive Loss, (iv) the Statements of Changes in Shareholders’ Equity, (v) the Consolidated Statements of Cash Flows and (vi) the Notes to Consolidated Financial Statements, tagged as blocks of text and in detail.*
|†||Management contract or compensatory plan or arrangement.|
ITEM 16. FORM 10-K SUMMARY
Pursuant to the requirements of Section 13 or 15(d) of the Securities Exchange Act of 1934, the Registrant has duly caused this report to be signed on its behalf by the undersigned, thereunto duly authorized.
|By:||/s/ Brett Jackson|
|Chief Executive Officer|
|Date:||March 30, 2020|
Pursuant to the requirements of the Securities Exchange Act of 1934, this report has been signed below by the following persons on behalf of the Registrant and in the capacities and on the dates indicated.
/s/ Brett Jackson
|Chief Executive Officer||
March 30, 2020
|(Principal Executive Officer)|
|/s/ J. Michael Myshrall||Chief Financial Officer||March 30, 2020|
|J. Michael Myshrall||(Principal Financial and Accounting Officer)|
/s/ Lior Samuelson
|Chairman of the Board||March 30, 2020|
|/s/ Hila Karah||Director||March 30, 2020|
|/s/ Todd Thomson||Director||March 30, 2020|
|/s/ James Hamilton||Director||March 30, 2020|
|/s/ David Earhart||Director||March 30, 2020|
|/s/ John Becker||Director||March 30, 2020|
|/s/ Cary Davis||Director||March 30, 2020|
|/s/ Brian Chang||Director||March 30, 2020|
|/s/ Rajveer Kushwaha||Director||March 30, 2020|
|/s/ Lauren Zletz||Director||March 30, 2020|
CYREN LTD. AND ITS SUBSIDIARIES
CONSOLIDATED FINANCIAL STATEMENTS
AS OF DECEMBER 31, 2019
U.S. DOLLARS IN THOUSANDS
|Report of Independent Registered Public Accounting Firm||F-2|
|Consolidated Balance Sheets||F-3 - F-4|
|Consolidated Statements of Operations||F-5|
|Consolidated Statements of Comprehensive Loss||F-6|
|Statements of Changes in Shareholders’ Equity||F-7|
|Consolidated Statements of Cash Flows||F-8 - F-9|
|Notes to Consolidated Financial Statements||F-10 - F-36|
- - - - - - - - - - - - - - - - - - - -
CYREN LTD. AND ITS SUBSIDIARIES
Forer Gabbay & Kasierer
144 Menachem Begin Road, Building A
Tel-Aviv 6492102, Israel
REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM
To the Shareholders and Board of Directors of
Opinion on the Financial Statements
We have audited the accompanying consolidated balance sheets of Cyren Ltd. and its subsidiaries (the “Company”) as of December 31, 2019 and 2018, the related consolidated statements of operations, comprehensive loss, shareholders’ equity and cash flows for each of the two years in the period ended December 31, 2019, and the related notes (collectively referred to as the “Consolidated Financial Statements”). In our opinion, the consolidated financial statements present fairly, in all material respects, the financial position of the Company at December 31, 2019 and 2018, and the results of its operations and its cash flows for each of the two years in the period ended December 31, 2019, in conformity with U.S. generally accepted accounting principles.
Basis for Opinion
These financial statements are the responsibility of the Company’s management. Our responsibility is to express an opinion on the Company’s financial statements based on our audits. We are a public accounting firm registered with the Public Company Accounting Oversight Board (United States) (PCAOB) and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.
We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether due to error or fraud. The Company is not required to have, nor were we engaged to perform, an audit of its internal control over financial reporting. As part of our audits we are required to obtain an understanding of internal control over financial reporting but not for the purpose of expressing an opinion on the effectiveness of the Company’s internal control over financial reporting. Accordingly, we express no such opinion.
Our audits included performing procedures to assess the risks of material misstatement of the financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the financial statements. Our audits also included evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe that our audits provide a reasonable basis for our opinion.
/s/ Kost Forer Gabbay and Kasierer
Kost Forer Gabbay and Kasierer
a Member of Ernst & Young Global
We have served as the Company’s auditor since at least 1997, but we are unable to determine this specific year.
March 30, 2020
CYREN LTD. AND ITS SUBSIDIARIES
CONSOLIDATED BALANCE SHEETS
(in thousands of U.S. dollars)
|Cash and cash equivalents||$||11,551||$||17,571|
|Trade receivables (net of allowances for doubtful accounts of $129 and $20 as of December 31, 2019 and 2018, respectively)||2,187||3,658|
|Prepaid expenses and other receivables ($- and $6 attributable to related parties, respectively)||
|Total current assets||15,505||22,894|
|Long-term deferred commissions||1,580||1,880|
|Long-term lease deposits||
|Operating lease right-of-use assets||8,695|
|Severance pay fund||659||503|
|Property and equipment, net||4,410||4,608|
|Intangible assets, net||8,966||8,802|
|Total long-term assets||45,323||37,133|
The accompanying notes are an integral part of the consolidated financial statements.
CYREN LTD. AND ITS SUBSIDIARIES
CONSOLIDATED BALANCE SHEETS
(in thousands of U.S. dollars, except share and per share data)
|LIABILITIES AND SHAREHOLDERS’ EQUITY|
|Employees and payroll accruals||3,427||3,959|
|Accrued expenses and other liabilities ($32 and $40 attributable to related parties, respectively)||1,145||910|
|Operating lease liabilities||1,946||-|
|Earn-out consideration and related costs||-||2,926|
|Total current liabilities||14,910||15,236|
|Convertible notes (related party)||10,000||10,000|
|Long-term operating lease liabilities||7,174||-|
|Deferred tax liability, net||796||1,130|
|Accrued severance pay||811||598|
|Total long-term liabilities||21,207||12,931|
|COMMITMENTS AND CONTINGENCIES (Note 7)|
|Ordinary shares nominal value ILS 0.15 par value -|
|Authorized: 110,000,000 and 75,353,340 shares as of December 31, 2019 and 2018; Issued: 59,372,173 and 54,405,881 shares as of December 31, 2019 and 2018; Outstanding: 59,372,173 and 54,057,208 shares as of December 31, 2019 and 2018, respectively||2,309||2,097|
|Additional paid-in capital||255,741||245,570|
|Treasury shares at cost: 0 and 348,673 Ordinary shares as of December 31, 2019 and 2018, respectively||-||(998||)|
|Accumulated other comprehensive loss||(2,010||)||(1,666||)|
|Total shareholders’ equity||24,711||31,860|
|Total liabilities and shareholders’ equity||$||60,828||$||60,027|
The accompanying notes are an integral part of the consolidated financial statements.
CYREN LTD. AND ITS SUBSIDIARIES
CONSOLIDATED STATEMENTS OF OPERATIONS
(in thousands of U.S. dollars, except share and per share data)
|Cost of revenues||15,557||14,540|
|Research and development, net ($- and $25 attributable to related parties, respectively)||15,801||16,116|
|Sales and marketing||13,825||16,202|
|General and administrative||10,877||8,343|
|Total operating expenses||40,503||40,661|
|Other income (expense), net||266||(11||)|
|Financial expenses, net ($567 and $40 attributable to related parties, respectively)||(727||)||(255||)|
|Loss before taxes on income||(18,130||)||(19,567||)|
|Basic and diluted loss per share||$||(0.33||)||$||(0.36||)|
|Weighted average number of shares used in computing basic and diluted loss per share||55,166,573||53,634,199|
The accompanying notes are an integral part of these consolidated financial statements.
CYREN LTD. AND ITS SUBSIDIARIES
CONSOLIDATED STATEMENTS OF COMPREHENSIVE LOSS
(in thousands of U.S. dollars)