INDEX
| |
|
Page
|
| |
PART I
|
|
| |
|
|
|
Item 1.
|
|
2
|
|
Item 1A.
|
|
8 |
|
Item 1B.
|
|
19 |
|
Item 1C.
|
|
20 |
|
Item 2.
|
|
21 |
|
Item 3.
|
|
22 |
|
Item 4.
|
|
22 |
| |
|
|
| |
PART II
|
|
| |
|
|
|
Item 5.
|
|
22 |
|
Item 6.
|
|
22 |
|
Item 7.
|
|
23 |
|
Item 7A.
|
|
27
|
|
Item 8.
|
|
27 |
|
Item 9.
|
|
47 |
|
Item 9A.
|
|
47 |
|
Item 9B.
|
|
47 |
|
Item 9C.
|
|
48 |
| |
|
|
| |
PART III
|
|
| |
|
|
|
Item 10.
|
|
48 |
|
Item 11.
|
|
48 |
|
Item 12.
|
|
48 |
|
Item 13.
|
|
49 |
|
Item 14.
|
|
49 |
| |
|
|
| |
PART IV
|
|
| |
|
|
|
Item 15.
|
|
49 |
SPECIAL NOTE REGARDING FORWARD LOOKING STATEMENTS
We have included or incorporated by reference in this Annual Report on Form 10-K (this “Report”), and from time to time we may make statements that may constitute “forward-looking statements”
within the meaning of Section 27A of the Securities Act of 1933, as amended (the “Securities Act”), and Section 21E of the Securities Exchange Act of 1934, as amended (the “Exchange Act”). These forward-looking statements are based upon our
current expectations, estimates, assumptions, and beliefs concerning future events and conditions and may discuss, among other things, anticipated future performance (including sales and earnings), products, expected growth, future business
plans and costs (including investments, partnerships and collaborations, marketing and business development, staffing strategies and entering into another sector), the impact of potential litigation, the expectation of future stockholder
distributions, statements regarding our efforts and ability to maintain compliance with the New York Stock Exchange (“NYSE”) continued listing standard, our beliefs and statements regarding general industry and market conditions and growth
rates, as well as general domestic and international economic conditions. Any statement that is not historical in nature is a forward-looking statement and may be identified by the use of words and phrases such as “anticipates,” “believes,”
“estimates,” “expects,” “intends,” “plans,” “predicts,” “projects,” “will be,” “will continue,” “will likely result in,” and similar expressions. Readers are cautioned not to place undue reliance on forward-looking statements. Forward-looking
statements are necessarily subject to risks, uncertainties, and other factors, many of which are outside our control, which could cause actual results to differ materially from such statements and from our historical results and experience.
These risks, uncertainties and other factors include, but are not limited to those described in Item 1A – Risk Factors of this Report and elsewhere in this Report and those described from time to time in our reports filed with the Securities
and Exchange Commission (the “SEC”). Readers are cautioned that it is not possible to predict or identify all the risks, uncertainties and other factors that may affect future results and that the risks described herein should not be considered
a complete list. Any forward-looking statement speaks only as of the date on which such statement is made, and we undertake no obligation to update or revise any forward-looking statement, whether as a result of new information, future events
or otherwise.
Among others, the forward-looking statements appearing in this Report that may not occur include statements that pertain to the activities we have undertaken to commercialize our products and
patent portfolio in and outside of the United States including VirnetX One™, War Room™, VirnetX Matrix™ and our Secured Domain Name Registry and Technology. These statements may imply that the worldwide market for our commercialized products is
large and will result in significant future revenue for us. However, commercialization of products such as ours is subject to significant obstacles and risks that may delay or prevent future revenues for us.
EXCEPT AS REQUIRED BY LAW, WE UNDERTAKE NO OBLIGATION TO UPDATE OR REVISE ANY FORWARD- LOOKING STATEMENT AS A RESULT OF NEW INFORMATION, FUTURE EVENTS OR OTHERWISE.
PART I
The Company
We are an Internet security software and technology company with patented technology for Zero Trust Network Access (“ZTNA”) based secure network communications.
VirnetX’s software and technology solutions, including its Secure Domain Name Registry and Technology, VirnetX One™, War Room™, and VirnetX Matrix™ are designed to be device and location-independent, and enable a secure real-time communication
environment for all types of enterprise applications, services, and critical infrastructures. Our technology generates secure connections on a “single-click” basis, significantly simplifying the deployment of secure real-time communication
solutions by eliminating the need for end-users to enter any encryption information.
Our product portfolio includes sophisticated technologies, products and services that are available for sale worldwide. Our next-generation, VirnetX One™ platform builds upon our patented
Secure Domain Name Registry and Technology to further enhance the security and efficiency of our patented secure communication links. VirnetX One™ is a security-as-a-service platform that protects enterprise applications, services, and
infrastructure from cyber-attacks. Our platform allows government organizations, businesses, and other enterprises of all sizes to add a “security umbrella” as an added layer on top of their existing infrastructure to further reduce risk and
bolster security against ever-growing cyberthreats to data, operating systems, other infrastructure products and gateway security controllers.
Our War Room™ software product provides safe and secure video conferencing meeting environment where sensitive communications and data is invisible to those not authorized to view it. War
Room™ validates permissions of all the users, and devices requesting access to any secure meeting room prior to granting access. We believe our War Room™ will be an attractive solution for government and law enforcement agencies as well as all
professional sectors such as legal, financial, and medical where limiting access to confidential data is a critical requirement.
Our VirnetX Matrix™ product provides superior security for internet-enabled enterprise applications and their connected devices, and for control systems currently deployed by those
enterprises (e.g., file servers, data back-up systems, VPN/firewalls). VirnetX Matrix™ provides a true “zero-trust” access protection, “single-click” ease of use, and is a highly-effective added layer of protection that is deployed simply,
without the need for changes to an enterprise’s existing, in-place infrastructure. We believe VirnetX Matrix™ is an attractive solution for all businesses, cloud and on-premise application service providers, and original equipment manufacturers
(“OEMs”), looking to improve visibility and management of their networks to mitigate morphing attacks on their networks and for real time access and control of their users.
We continue to augment our product strategy to provide secure AI to the marketplace. In addition to our investments with L2 Holdings,
LLC (“OmniTeq”), an artificial intelligence and machine learning (AI/ML) solutions provider and OP Media, Inc, a dynamic software platform provider, we participated in a Cooperative Research and Development Agreement (CRADA) with the Air Force
(AF) Research Laboratory Intelligence Systems Directorate (AFRL/RI) to facilitate collaboration on cybersecurity and Zero Trust technologies to support integrated surveillance and reconnaissance operations as well as AF and joint targeting
processes. This CRADA continues through 2030 and allows VirnetX to apply for security clearances for its employees. We are also beginning to integrate AI/ML capabilities into VirnetX Matrix™ to enhance its zero-trust security, threat detection,
and network resilience by enabling autonomous threat response, adaptive access control, and self-healing network architectures.
We have undertaken activities to commercialize our products and intellectual property in and outside the United States including
VirnetX One™, War Room™, VirnetX Matrix™ and our Secured Domain Name Registry and Technology. We believe our product portfolio to secure devices and systems are suitable in areas such as national defense, local, state, Federal and foreign
governments, critical infrastructure, law enforcement, healthcare, finance, legal, oil and gas, medical, and related support industries. We continue to actively pursue new sales opportunities in and outside of the United States.
Our employees include the core development team behind our inventions, technology, and software. Some members of this team have worked together for over twenty years and were on the same team
that invented and developed this technology while working at Leidos, Inc., or Leidos, (f/k/a Science Applications International Corporation, or SAIC). The team has continued its research and development work to refine our unique network
security technology and make it more secure and easy to deploy.
Our portfolio of intellectual property is the foundation of our business model. We currently own U.S. and foreign patents/validations/pending applications. Our patent portfolio is primarily
focused on securing real-time communications over the Internet, and related services, and is used in all our technology and products, some of which were acquired by our principal operating subsidiary, VirnetX, Inc., from Leidos in 2006.
Industry Overview & Trends
We have seen an exponential increase in dynamic and persistent cyber threats to the U.S. national security operational framework, and
critical infrastructure from state-sponsored adversaries, organized cybercriminal groups, and rogue actors employing advanced cyber capabilities. These threats include denial-of-service (DoS), signal jamming, data spoofing, malware injection,
and direct attacks on ground and satellite-based communication networks infrastructure. In the commercial sector, satellite networks that provide communication, navigation, and imagery services are vulnerable to exploitation, posing risks to
critical infrastructure and civilian services. For government systems, adversaries have been targeting vulnerabilities in proliferated constellations, mission-critical data streams, and multi-domain integration efforts. We believe that our
proven proactive, integrated approach to cybersecurity ensures the resilience of defense architectures across the entire conflict continuum.
The shift to remote work and expansion of the enterprise network perimeter has driven the growth of ZTNA solutions. The Zero Trust
concept treats all networks like the Internet, where all users and devices are untrusted by default. Their location within the network is not a factor for deciding trust. Each user and device on the network requires authentication and
authorization, based on policy, prior to accessing any applications or resources on the network. ZTNA facilitates security around remote work, because Zero Trust policies enable granular access control, end-to-end encryption of network
communications and remove application visibility from the public Internet which reduces the potential attack surface.
Cloud computing growth has rapidly expanded as enterprises continue to move applications and services to the cloud. The cloud offers
scalability, operations and development efficiency and remote access benefits for their workforce. The cloud technology adoption is expected to continue to increase quite significantly in industries where the work-from-home initiative is
helping to sustain enterprise business functions. However, shifting critical data to the cloud has resulted in security concerns and the need for enterprises to control access and gain visibility into how information is being used, who is
accessing it and where it is going. We believe our scalable technology allows enterprises to secure applications and services regardless of whether hosting is on-premise or in the cloud.
As billions of connected Internet of Things (“IoT”) devices come online in support of enterprise operations, products, and industrial
controls they will need to be secured and integrated into the enterprise. Facilitated by advancements in 4G/Advanced LTE and high-speed 5G networks, IoT devices will be able to operate from any network, transmit higher volumes of data including
video streaming and sensor data collection and require real-time decisions based on that data. Without next generation security, these IoT devices represent a large attack surface that manages and controls critical enterprise infrastructure.
These IoT devices can operate from anywhere and will need to be secured with the same level of network security and ZTNA solutions enterprises are already deploying for their remote workforce. We believe that the market opportunity for our
software and technology solutions is large and expanding as secure domain names are now an integral part of securing the next generation 5G and 4G/LTE Advanced wireless networks and IoT communications.
Our Approach & Strategy
We believe that VirnetX One™ software products are positioned to help enterprises adapt to the rapidly evolving threat landscape in work environments and the growing need to secure
communications regardless of a user’s location, network, or device.
VirnetX One™ products deliver ZTNA, allowing enterprises to secure their information, control access and gain visibility into how information is being used, who is accessing it and where it
is going. Our patented technology allows enterprises to license our technology for integration into their products and services, easily deploy our technology through our VirnetX One™ family of products for endpoint security or securing their
communications with our mobile and desktop applications.
Our strategy is to become the market leader in securing real-time communications over the Internet and to establish our VirnetX One™ as the industry standard security platforms. Key elements of our strategy are
to:
| |
• |
Direct sales efforts with larger users, particularly those engaged in defense and other governmental or national initiatives.
|
|
• |
Actively recruit partners in various vertical markets, including critical infrastructure, intelligence, defense, healthcare, finance, legal, government to help us expand our enterprise customer base.
|
|
• |
Promote our next-generation VirnetX One™ platform as a solution for delivering ZTNA, and securing enterprise applications, services, and infrastructure.
|
|
• |
Combine with VirnetX One™ platform with technologies from the companies we have invested in, namely OmniTeq and OPMedia, to enhance their offerings and provide supplemental sales channels for VirnetX One™
|
|
• |
Continue to grow our technology licensing program to commercialize our intellectual property.
|
|
• |
Grow registration of VirnetX Secure Domain Names as the network segmentation component of our ZTNA solution. Establish VirnetX as the exclusive, universal registry of secure domain names and enable our
customers to act as registrars for their users and broker secure communication between devices.
|
|
• |
Promote War RoomTM video conferencing product in the general market for sale to end-user enterprises, directly and with
partners, with targeted promotions and other marketing programs to assist remote workers and offer an industry leading secure meeting solution.
|
|
| • |
Promote VirnetX MatrixTM applications, services, and infrastructure.
|
|
| • |
Integrate advanced AI/ML algorithms and models into the VirnetX OneTM platform for enhancements.
|
|
| • |
Explore quantum cryptographic solutions and blockchain applications to improve zero-trust security, to future-proof our software.
|
Competitive Strengths
We believe the following competitive strengths will enable our success in the marketplace:
|
• |
Unique patented technology. We are focused on developing innovative technology for securing real-time communications over the Internet and establishing the exclusive
secure domain name registry in the United States and other key markets around the world. Our unique solutions combine industry standard encryption methods and communication protocols with our patented techniques for automated DNS lookup
mechanisms. Our technology and patented approach enable users to create a secure communication link by generating secure domain names. We currently own U.S. and foreign patents/validations/pending applications. Our portfolio includes
patents and pending patent applications in the United States and other key markets that support our secure domain name registry service for the Internet.
|
|
• |
Scalable licensing business model. We are actively engaged in pursuing additional licensing agreements with industry participants OEMs, service providers and system
integrators within the IP-telephony, mobility, mobile-to-mobile communications, fixed-mobile convergence, and unified communications end-markets.
|
|
• |
Highly experienced research and development team. Our research and development team is comprised of nationally recognized network security and encryption technology
scientists and experts that have worked together as a team for over ten years. During their careers, this team has developed several cutting-edge technologies for U.S. national defense, intelligence, and civilian agencies, many of which
remain critical to our national security today. Prior to joining VirnetX, our team worked for Leidos, during which time they invented the core technology that is the foundation of our current technology and software. Based on the
collective knowledge and experience of our development team, we believe that we have one of the most experienced and sophisticated groups of security experts researching vulnerability and threats to real-time communication over the
Internet and developing solutions to mitigate these problems.
|
License and Service Offerings
We offer a diversified portfolio of licenses, software and service offerings focused on securing real-time communications over the Internet. We believe software products will allow
enterprises to seamlessly integrate ZTNA protection into their networks to secure their applications, services, virtualized resources, and data as it moves into the cloud. Enterprises can quickly deploy VirnetX One software products to protect
legacy applications, secure new cloud-based services and remove application visibility from the public Internet. Enterprises can move towards more granular network access control to protect their network at the edge and away from legacy VPN
technologies. VirnetX One family of software products enables remote employees to securely interact with on-premise and cloud-based applications, regardless of their location. Enterprises can use VirnetX One platform to secure open-source
applications powering communications, data and analytics, infrastructure, and business services with a focus on making those applications easier to secure, access and manage.
We believe our software products and technologies provide the foundation for securing real-time communications and collaboration applications for the enterprise remote workforce. We are
exploring creating a marketplace of applications secured by our VirnetX One platform. This approach will allow us to offer a portfolio of certified applications that can be deployed by the enterprise customers in their business networks with
confidence in keeping their confidential data and communications secure. This marketplace strategy will allow us to offer more flexible licensing options to solve specific customer use-cases, align with partner product offerings and create
upsell opportunities for our products.
Customers and Market Development
We have undertaken activities to commercialize our products and intellectual property in and outside the United States including VirnetX OneTM, War RoomTM, VirnetX MatrixTM, and our Secured
Domain Name Registry and Technology. We believe our product portfolio to secure devices and systems are stable in areas such as City, County and State Governments, Healthcare, Finance, Legal, Oil and Gas, Medical, Law Enforcement, National
Defense and related support industries. We continue to actively pursue new opportunities in and one of United States.
During 2024, due to exponential increase in dynamic and persistent cyber threats to the U.S. national security operational framework,
we decided to increase our focus on offering our VirnetX OneTM platform and its family of products and solutions to the Department of Defense for addressing these challenges using our proven proactive, integrated approach to
cybersecurity that ensures the resilience of defense architectures across the entire conflict continuum. As a part of this effort, we engaged in several significant actions:
|
• |
We established an advisory board comprised of four retired senior U.S. Air Force leaders to assist and advise on business development and
operational direction of VirnetX’s Zero Trust Network Access security technology as a necessary layer of security for defense communications and data management to Department of Defense government officials and commercial contractors.
|
|
• |
We participated in the U.S. Navy Expeditionary Combat Command (NECC) sponsored technology demonstrations during the Rim of the Pacific (RIMPAC)
2024, a large-scale international maritime exercise at Ford Island, Oahu, Hawaii, and successfully demonstrated our VirnetX One Matrix and VirnetX’s War Room secure video conferencing from ship to shore environments. We believe our
technology and solutions can fill defense needs for security, stealth, and flexibility in myriad day-to-day static situations to the most challenging operations in conflict or humanitarian assistance.
|
|
• |
We participated in a Cooperative Research and Development Agreement (CRADA) with the Air Force (AF) Research Laboratory Intelligence Systems
Directorate (AFRL/RI) to facilitate collaboration on cybersecurity and Zero Trust technologies to support integrated surveillance and reconnaissance operations as well as AF and joint targeting processes. The work conducted under this
CRADA is expected to provide the avenue to secure and obfuscate AF targeting, processing, dissemination, and intelligence technology, enabling AF to take advantage of the latest research and developments in commercially available
cybersecurity technology and reduce its IT attack surface in a joint, all-domain environment.
|
|
• |
We hired Dr. John Anthony Jamison as new VirnetX Chief Technical Officer (CTO). Dr. Jamison brings a wealth of technology experience in the
intelligence community and will be instrumental as expand our participation in national defense projects and initiatives.
|
|
• |
We successfully conducted a rigorous functional and penetration testing of our VirnetX One Matrix solution by Pacific Northwest National
Laboratory (PNNL) with support from Johns Hopkins University Applied Physics Laboratory (JHU-APL) at the request of The United States Space Force (USSF).
|
Throughout 2024, we continued to actively engage in discussions with certain third-parties to pitch the capabilities of VirnetX OneTM.
We have continued our engagement with Solution Synergy, WeSecure, Samsung, Every Data Corporation, and Object Security and are working on a number of projects to deploy our VirnetX MatrixTM product. Although there can be no assurance
in this regard, we believe that there are opportunities for Company products' sales directly to, resale arrangements with and/or adoption as vendor standards by, one or more of these third parties.
We have Patent License Agreements with Aastra USA, Inc. Avaya, Inc., Microsoft Corporation, Mitel Networks Corporation, NEC Corporation
and NEC Corporation of America, Siemens Enterprise Communications GmbH & Co. KG, and Siemens Enterprise Communications Inc. to license certain of our patents, for a one-time payment and an ongoing royalty for all future sales through the
expiration of the licensed patents with respect to certain current and future IP-encrypted products.
We are seeking further licensing of our technology, to developers and original equipment manufacturers, or OEMs, of chips, servers, Desktop, mobile devices such as smart phones, tablets,
laptops, net books, and other devices, within the IP-telephony, mobility, fixed- mobile convergence, and unified communications markets including 5G and 4G/LTE. We have published our royalty rates and guidelines on our website. All forward
moving licenses have adhered to these guidelines and have met or exceeded these rates and we will use these rates and guidelines in all future license negotiations.
Marketing and Sales
We employ a leveraged, partner-oriented marketing and sales strategy for software product and services offerings. We have successfully signed several Resellers & Managed Service Provider
Agreements in various market segments, including healthcare, finance, legal, government, etc., to assist us in selling our software products to their customers. We plan to directly market our software products, domain name registry services to
large enterprises and government organizations along with our service provider and system integrator customers.
We believe significant opportunities exist for our VirnetX One™, War Room™, VirnetX Matrix™ products and services in areas such as Local and State Governments, Power and Energy generation,
Healthcare, Finance, Legal, Oil and Gas, Medical, Law Enforcement, National Defense and related support industries. We are actively pursuing a number of sales opportunities, in and outside the United States, for as we seek to extend out our
customer base globally. We expect to leverage our relationship with OmniTeq and Op Media to extend our offering to departments and agencies within the federal government.
We have signed a non-exclusive Distribution and Service Agreement with IP Dream, a Japanese based strategic technology developer and service provider, to sell our software products as well as
VirnetX’s Secure Domain Name technology to its clients in Japan and greater Asia. Jointly with IP Dream, we are currently pursuing several OEM opportunities with some of the largest services providers in Japan. Along with our efforts with IP
Dream, we continue to explore alternative strategies to pursue opportunities to work with other third parties in Japan, and elsewhere, using an approach that will seek to capitalize on these opportunities in part by placing more emphasis on the
use of our own employees.
We intend to continue to license our patent portfolio, technology, and software, including our secure domain name registry service, to domain infrastructure providers, communication service
providers as well as to system integrators. We intend to seek further license of our technology and software products, to enterprise customers, developers and original equipment manufacturers, or OEMs, of chips, servers, Desktop, mobile devices
such as smart phones, tablets, laptops, net books, and other devices, within the IP-telephony, mobility, fixed- mobile convergence, and unified communications markets including 5G and 4G/LTE.
Intellectual Property and Patent Rights
Our intellectual property is primarily comprised of trade secrets, patented know-how, issued and pending patents, copyrights and technological innovation.
We currently own U.S. and foreign patents/validations/pending applications. Our portfolio includes many patents that describe unique systems and methods for securing real- time communications
over the Internet, as well as related services such as the establishment and maintenance of a secure domain name registry. Our software and technology solutions also may have additional applications relating to operating systems and network
security. A complete list of our U.S. licensees is available on our website located at http://www.virnetx.com. Each patent is publicly accessible on U.S. Patent and Trademark Office website at http://www.uspto.gov. Some of our issued U.S. and
foreign patents expire at various times during the period from 2024 to 2034.
Notwithstanding anything to the contrary set forth in any of our filings under the Securities Act or the Exchange Act that might incorporate future filings, the information set forth on the
United States Patent and Trademark Office (the “USPTO”) website, shall not be deemed to be a part of or incorporated by reference into any such filings. We do not warrant the accuracy, completeness or adequacy of the USPTO website, and
expressly disclaim liability for errors or omissions on such website.
Assignment of Patents
Some of our issued patents and pending patent applications were acquired by our principal operating subsidiary, VirnetX, Inc., from Leidos, pursuant to an Assignment Agreement dated December
21, 2006, and a Patent License and Assignment Agreement dated August 12, 2005, as amended on November 2, 2006, including documents prepared pursuant to the November amendment, and as further amended on March 12, 2008. We recorded the assignment
from Leidos, with the U.S. Patent Office on December 21, 2006.
Key terms of these agreements are as follows:
|
• |
Patent Assignment. Leidos, unconditionally and irrevocably conveyed, transferred, assigned, and quitclaimed all its right, title, and interest in and to the patents and
patent applications, as specifically set forth in the assignment document recorded with the U.S. Patent Office, including, without limitation, the right to sue for past infringement.
|
|
• |
License to Leidos, Outside the Field of Use. Effective March 12, 2008, we granted to Leidos, a non-exclusive, royalty free, fully paid, perpetual, worldwide,
irrevocable, sub licensable and transferable right and license permitting Leidos, and its assignees to make, have made, import, use, offer for sale, and sell products and services covered by, and to make improvements to, the patents and
patent applications we acquired from Leidos, solely outside our field of use.
|
|
• |
Compensation Obligations. As consideration for the assignment of the patents and for the rights we obtained from Leidos, as amended, we are required to make payments to
Leidos, based on cash or certain other values generated from those patents. The amount of such payments depends upon the type of value generated, and certain categories are subject to maximums and other limitations. In 2010, we met our
maximum royalty payment requirement; however, Leidos is also entitled under certain circumstances to receive a portion of the proceeds paid to us for certain acquisitions of VirnetX and the settlement of certain patent infringement
claims of ours.
|
Government Regulation
We are subject to various federal, state, local, and foreign laws and regulations, including those relating to privacy, data protection and security, intellectual property, employment and
labor, workplace safety, consumer protection, anti-bribery, import and export controls, immigration, federal securities, and tax. Additional laws and regulations relating to these areas likely will be passed in the future, and these or existing
laws and regulations may be interpreted or enforced in new or expanded manners, each of which could result in significant limitations on how we operate our business.
In particular, the laws governing online secure communications remain unsettled in various respects, even in areas where there has been legislative action. Uncertainty regarding the
interpretation and enforcement of laws governing matters such as intellectual property, privacy, data protection and libel in the context of online communications and media is likely to remain. New and existing legislation, or changes in its
interpretation and enforcement, may interfere with the growth in use of online secure communications and decrease the acceptance of online secure communications as a viable solution, which could adversely affect our business.
Due to the Internet’s increasing and evolving use, new laws regulating secure communications may be adopted. These laws and regulations may cover, among other things, issues relating to
privacy, data protection, cybersecurity, pricing, taxation, telecommunications over the Internet, content, copyrights, distribution and quality of products and services. We intend to work to comply with all new applicable laws and regulations
as they are adopted and put in force. New and evolving laws and regulations, and changes in their enforcement and interpretation, may have material impacts upon our development and commercialization plans or business practices, and may
significantly increase our compliance costs and otherwise adversely affect our business, financial condition, and results of operations.
The U.S. government has controlled the authoritative domain name system, or DNS, root server since the inception of the Internet. On July 1, 1997, the President of the United States directed
the U.S. Secretary of Commerce to privatize the management of the domain name system in a manner that increases competition and facilitates international participation in its management.
On September 29, 2006, the U.S. Department of Commerce extended its delegation of authority by entering into a new agreement with the Internet Corporation for Assigned Names and Numbers, or
ICANN, a California non-profit corporation headquartered in Marina Del Rey, California. ICANN is responsible for managing the accreditation of registry providers and registrars that manage the assignment of top- level domain names associated
with the authoritative DNS root directory. Although it is possible to create and manage other DNS root directories privately without accreditation from ICANN, the possibility of conflicting name and number assignments makes it less likely that
users would widely adopt a top-level domain name associated with an alternative DNS root directory provided by a non-ICANN- accredited registry service.
Employees and Human Capital
As of December 31, 2024, we had 23 full and part time employees, most of whom work remotely. We have had a work-from-home workforce since our inception. The emphasis of our employees is on
our technology research and product development with 15 employees focused on this effort. Our team has been working on enhancing our products and adding new functionality. We also continue building our sales and marketing teams to expand our
product-lines and customer base.
In addition to our regular employees, we also engage with consultants on a regular basis. These consultants can be involved in our product development, customer relations, legal, and/or
regulatory compliance and reporting. We have experienced low employee turnover rates over the years with both employees and consultants participating in our equity incentive plan.
Available Information
We file or furnish various reports, such as registration statements, periodic and current reports, proxy statements and other materials with the SEC. Our website address is
http://www.virnetx.com. You may obtain, free of charge on our website, copies of our annual reports on Form 10-K, quarterly reports on Form 10-Q, current reports on Form 8-K, and amendments to those reports filed or furnished pursuant to
Section 13(a) or 15(d) of the Exchange Act, as soon as reasonably practicable after we electronically file such material with, or furnish it to, the SEC. The information we post is intended for reference purposes only; none of the information
posted on our website is part of this report or incorporated by reference herein.
The SEC also maintains website at http://www.sec.gov that contains reports, proxy and other information statements, and other information regarding issuers, including us, that file
electronically with the SEC.
Our operations and financial results are subject to various risks and uncertainties, including those described below, which could adversely affect our business, financial condition, results
of operations, cash flows, and the trading price of our common and capital stock. You should carefully consider the risks and uncertainties described below in addition to the other information set forth in this Report, including in
“Management’s Discussion and Analysis of Financial Condition and Results of Operations” and our consolidated financial statements and related notes, before making any investment in our common stock. The risks and uncertainties described below
are not the only ones we face. Additional risks and uncertainties not presently known to us or that we currently believe to be immaterial may also adversely affect our business. If any of these risk factors occur, you could lose substantial
value or your entire investment in our shares.
Risks Related to Our Business and Our Financial Reporting
Our operating results may not be consistent and may be difficult to predict and we may not be able to achieve or sustain profitability in the future.
We had a net loss of $6.2 million for the quarter ended December 31, 2024. We had a net loss of $18.2 million for the year ended December 31, 2024. As of December 31, 2024, we had an
accumulated deficit of $204.7 million. Our operating results have fluctuated in the past due to several factors and may fluctuate in the future due to the same or similar factors, which include but are not limited to the following:
| • |
Time and resources required to accelerate transition to new product development and sales strategies targeting large enterprises, government customers, service provider partnerships and grant funding;
|
| • |
Our success depends in part on establishing and maintaining relationships with third parties to integrate our family of cybersecurity products and services into their operations and develop solutions key
to the defense market, critical infrastructure and threat intelligence service;
|
| • |
Customer adoption of our VirnetX One™ platform and software products and services;
|
| • |
The number of product license sales of VirnetX War Room™, VirnetX Matrix™ and associated services;
|
| • |
Adoption of VirnetX OneTM platform by third party application providers of secure communications;
|
| • |
Intensely competitive market with established companies that have larger customer bases, and greater resources than we do;
|
| • |
Prolonged economic uncertainties or downturns, globally or in certain regions or industries, could materially adversely affect our business; and
|
| • |
Government export and import control regulations on selling products with encryption technology in certain international markets.
|
These fluctuations may make our business particularly difficult to manage, adversely affect our business and operating results, make our operating results difficult for investors to predict
and, further, cause our results to fall below investor’s expectations and adversely affect the market price of our common stock. If we fail to increase our revenue to offset any increases in our operating expenses, we may not achieve or sustain
profitability in the future.
Our success depends in part on establishing and maintaining relationships with third parties to incorporate our products and services into their operations.
Part of our business strategy is to enter into partnerships, strategic investments, and other cooperative arrangements with other companies and government agencies. We have invested in and we
continue to seek to invest in or acquire businesses, technologies, or other assets that we believe could complement or expand our business. In addition, we are regularly involved in cooperative efforts with respect to the incorporation of our
products into products of others and vice versa, collaborative research and development efforts with government and university laboratories, distributor and reseller arrangements and service provider partnerships. These relationships are
generally non-exclusive, and some of our partners also have cooperative relationships with certain of our competitors or offer some products and services that are competitive with ours. If we lose third-party relationships, if these
relationships are not commercially successful, or if we are unable to enter into third-party relationships on commercially reasonable terms in the future, our business could be negatively impacted.
We expect that we will experience long and unpredictable sales cycles, which may impact our operating results.
The sales cycle between initial customer contact and execution of a contract or license agreement with a customer or purchaser of our products can vary widely. We expect that our sales cycles
will be long and unpredictable due to several factors, including but not limited to:
| • |
The need to educate potential customers about our product and service capabilities;
|
| • |
Our customers’ budgetary constraints and timing of their budget cycles;
|
| • |
Delays caused by time-consuming internal review processes customary with potential customers including large governments agencies and institutions in the space and defense industries; and
|
| • |
Long sales cycles may increase the risk that our financial resources are exhausted before we are able to generate significant revenue.
|
In addition, potential customers of our products include local, state, federal and foreign government agencies, as well as institutions in the space and defense industries. Sales processes to
government authorities can be extensive and unpredictable. Government authorities generally have complex budgeting, purchasing, and regulatory processes that govern their capital spending, and their spending is likely to be adversely impacted
by economic conditions. In addition, in many instances, sales to government authorities may require field trials and may be delayed by the time it takes for government officials to evaluate multiple competing bids, negotiate terms, and award
contracts.
For these reasons, the sales cycle associated with our products is subject to a number of significant risks that are beyond our control. Consequently, if customer orders are delayed or not
realized, our revenues and results of operations could be materially and adversely affected.
We have limited technical resources and are at an early stage in commercialization of our VirnetX One™ platform and software products.
Part of our business includes the internal development of commercial products we seek to monetize. This aspect of our business may require significant capital, time and resources and we
cannot guarantee that it will be successful or meet our expectations. Based on the scale of our technical resources, our limited historical financial data upon which to base our projected revenue or planned operating expenses related to our
software products and services, we may not be able to effectively:
| • |
Implement an effective marketing strategy to promote awareness of our products;
|
| • |
Attract and retain customers for our products;
|
| • |
Generate revenues or profit from product sales;
|
| • |
Provide appropriate levels of customer training and technical support for our products;
|
| • |
Rapidly anticipate and adapt to changes in the market and evolving customer requirements;
|
| • |
Protect our products from any system failures or other breaches.
|
In addition, a high percentage of our expenses are and will continue to be fixed. Accordingly, if we do not generate revenue as and when anticipated, our losses may be greater than expected
and our operating results will suffer.
The market in which we participate is intensely competitive, and if we do not compete effectively, our operating results could be harmed.
The market for ZTNA security solutions is rapidly evolving and highly competitive as new entrants and traditional network solutions companies offer cloud-based cybersecurity solutions. Many
of our competitors and potential competitors have established brand recognition, larger customer bases, and greater resources than we do. Our primary competitors in the ZTNA market include Appgate, Cloudflare, and Illumio. In the enterprise
market, our primary competitors include Zscaler (ZPA), Palo Alto Networks (Prisma Access), Cisco (Umbrella), Citrix (Secure Private Access), Netskope (Private Access for ZTNA) and Cato Networks. As we expand our product offerings and use cases,
we will begin to compete with companies that offer bundled security-as-a-service solutions that include Secure Access Service Edge (SASE) and Security Service Edge (SSE). With the introduction of new technologies and market entrants, we expect
competition to intensify in the future. For example, disruptive technologies such as generative AI has and may continue to fundamentally alter the market for our services in unpredictable ways and reduce customer demand. If we fail to compete
effectively, our business will be harmed. Some of our competitors offer their products or services at lower prices or for free as part of a broader bundled product sale or enterprise license arrangement, which has placed pricing pressure on our
business. If we are unable to achieve our target pricing levels, our operating results will be negatively impacted. For us to compete effectively, we need to introduce new products and services in a timely and cost-effective manner, meet
customer expectations and needs at prices that customers are willing to pay, and continue to enhance the features and functionalities of our cloud content management platform. In addition, pricing pressures and increased competition could
result in reduced sales, lower margins, losses or the failure of our services to achieve or maintain widespread market acceptance, any of which could harm our business.
Many of our competitors are able to devote greater resources to the development, promotion and sale of their products or services. In addition, many of our competitors have established
marketing relationships and major distribution agreements with government agencies, channel partners, consultants, system integrators and resellers. Competitors may offer products or services at lower prices or with greater depth than our
services. Our competitors may be able to respond more quickly and effectively to new or changing opportunities, technologies, standards or customer requirements. Furthermore, some potential customers, particularly large enterprises, may elect
to develop their own internal solutions. For any of these reasons, we may not be able to compete successfully against our competitors.
Our products are highly technical and may contain undetected errors, which could cause harm to our reputation and adversely affect our business.
Our products are highly technical and complex and, when deployed, may contain errors or defects. Despite testing, some errors in our products may only be discovered after a product has been
installed and used by customers. Any errors or defects discovered in our products after commercial release could result in failure to achieve market acceptance, loss of revenue or delay in revenue recognition, loss of customers and increased
service and warranty cost, any of which could adversely affect our business, operating results, and financial condition. In addition, we could face claims for product liability, tort, or breach of warranty, including claims relating to changes
to our products made by our channel partners. The performance of our products could have unforeseen or unknown adverse effects on the networks over which they are delivered as well as on third-party applications and services that utilize our
services, which could result in legal claims against us, harming our business. Furthermore, we expect to provide implementation, consulting, and other technical services in connection with the implementation and ongoing maintenance of our
products, which typically involves working with sophisticated software, computing, and communications systems. We expect that our contracts with customers will contain provisions relating to warranty disclaimers and liability limitations, which
may not be upheld. Defending a lawsuit, regardless of its merit, is costly and may divert management’s attention and adversely affect the market’s perception of us and our products. In addition, if our business liability insurance coverage
proves inadequate or future coverage is unavailable on acceptable terms or at all, our business, operating results, and financial condition could be adversely impacted.
Malfunctions of third-party communications infrastructure, hardware and software expose us to a variety of risks that we cannot control.
Our business will depend upon, among other things, the capacity, reliability, security, and unimpeded access of the infrastructure owned by third parties that we will use to deploy our
offerings. We have no control over the operation, quality, or maintenance of a significant portion of that infrastructure or whether those third parties will upgrade or improve their equipment. We depend on these companies to maintain the
operational integrity of our connections. If one or more of these companies is unable or unwilling to supply or expand their levels of service to us in the future, our operations could be severely interrupted. Also, to the extent that the
number of users of networks utilizing our current or future products suddenly increases, the technology platform and secure hosting services which will be required to accommodate a higher volume of traffic may result in slower response times or
service interruptions. System interruptions or increases in response time could result in a loss of potential or existing users and, if sustained or repeated, could reduce the appeal of the networks to users. In addition, users depend on
real-time communications; outages caused by increased traffic could result in delays and system failures. These types of occurrences could cause users to perceive that our solution does not function properly and could therefore adversely affect
our ability to attract and retain licensees, strategic partners, and customers.
System failure or interruption or our failure to meet increasing demands on our systems could harm our business.
The success of our license and service offerings will depend on the uninterrupted operation of various systems, secure data centers and other computer and communication networks that we
establish. To the extent, the number of users of networks utilizing our future products suddenly increases, the technology platform and hosting services which will be required to accommodate a higher volume of traffic may result in slower
response times, service interruptions or delays or system failures. Our systems and operations will also be vulnerable to damage or interruption from, among other things:
| • |
Power loss, transmission cable cuts and other telecommunications failures;
|
| • |
Damage or interruption caused by fire, earthquake, and other natural disasters;
|
| • |
Computer viruses, electronic break-ins, sabotage, vandalism or software defects; and
|
| • |
Physical or electronic break-ins, sabotage, intentional acts of vandalism, terrorist attacks and other events beyond our control.
|
System interruptions or failures and increases or delays in response time could result in a loss of potential or existing users and, if sustained or repeated, could reduce the appeal of the
networks to users. These types of occurrences could cause users to perceive that our solution does not function properly and could therefore adversely affect our ability to attract and retain licensees, strategic partners, and customers, and
result in lost revenue, customer dissatisfaction, or lawsuits against us.
If we are not able to adequately protect our patent rights and trade secrets, our business would be negatively impacted.
We believe our patents are valid, enforceable, and valuable. Notwithstanding this belief, third parties may make claims of infringement with respect to our products or services or invalidity
claims with respect to our patents or become aware of our trade secrets by way of leaks from bad actors within or outside of our employee base or otherwise, and such claims could give rise to material cost for defense or settlement or both, and
such claims or leaks could jeopardize or substantially delay a successful outcome of litigation we are or may become involved in, divert resources away from our other activities, limit or cease our related revenues, or otherwise materially and
adversely affect our business. Even if we are successful in protecting our intellectual property rights, they may not ultimately provide us with any competitive advantages and may be less valuable than we currently expect. These risks may be
heightened in countries other than the United States where laws regarding patent protection are less developed and may be negatively affected by the fact that legal standards in the United States and elsewhere for protection of intellectual
property rights in Internet-related businesses are uncertain and still evolving. In addition, there are a significant number of United States and foreign patents and patent applications in our areas of interest, and we expect that significant
litigation in these areas will continue and will add uncertainty to the value of certain patents and other intellectual property rights in our areas of interest. If we are unable to protect our intellectual property rights or otherwise realize
value from them, our business would be negatively affected.
If we experience security breaches or incidents, we could be exposed to liability and our reputation and business could suffer.
We expect to retain certain confidential and proprietary customer information in our secure data centers and secure domain name registry, as well as personal data and other confidential and proprietary information relating to our business. It
will be critical to our business strategy that our facilities and infrastructure, including our secure domain name servers, remain secure and are perceived by the marketplace to be secure. Our secure domain name registry operations will also
depend on our ability to maintain our computer and telecommunications equipment in effective working order and to reasonably protect our systems against interruption, and potentially depend on protection by other registrars in the shared
registration system.. Additionally, we maintain confidential and proprietary business information, including trade secrets. We expect to have to expend significant time and money to maintain or increase the security of our products, facilities,
and infrastructure. Security technologies are constantly being tested by computer professionals, academics and “hackers.” Advances in computer capabilities and the techniques for attacking security solutions, new discoveries in the field of
cryptography or other events or developments could result in compromises or breaches of our security measures and could make some or all our products obsolete or unmarketable. Likewise, we may need to dedicate engineering and other resources to
mitigate or eliminate security vulnerabilities and may find it necessary or appropriate to repair or replace products already sold or licensed to our customers. Despite the security measures that we and our service providers utilize, our
infrastructure and that of our service providers may be vulnerable to physical break-ins, ransomware, computer viruses, other malicious code attacks by hackers, phishing attacks, social engineering, or similar disruptive problems. There can be
no assurances our security measures or those of our service providers will prevent security breaches or incidents. Any disruption or security breach or incident that we or our service providers suffer or are perceived to suffer, including any
such disruption, breach or incident resulting in a loss of, or damage to, data or systems, or inappropriate disclosure, access, loss, or other processing of confidential, financial, proprietary or personal information, including data related to
our personnel, could result in loss, disclosure or other unauthorized processing of such data, could delay our research and development or commercialization efforts, could compel us to comply with breach notification laws and regulations,
subject us to mandatory corrective action, and otherwise subject us to liability under laws and regulations that protect the privacy and security of personal information. It is possible that we may have to expend additional financial and other
resources to address such problems. Remote work by our personnel and those of third parties has resulted in increased vulnerability to cyber-attacks. Additionally, geopolitical tensions and conflicts may create increased risks of cyber-attacks.
As a provider of Internet security software and technology, we may be the target of dedicated efforts by hackers and other third parties to overcome or defeat our security measures. Any physical or electronic break-in or other security breach
or incident or compromise impacting our products, or any information stored at our secure data centers and domain name registration systems, including any compromise due to human error or employee or contractor malfeasance, may jeopardize the
security of information stored on our premises or in the computer systems and networks of our customers. Additionally, any such data security incident, or the perception that one has occurred could also result in adverse publicity, harm to our
reputation and competitive position, and therefore adversely affect the market’s perception of the security of electronic commerce and communications over IP networks as well as the security or reliability of our services, which could have a
material adverse impact on our business, financial condition, and results of operations.
A security breach or other security incident, or the perception any such event has occurred, could require a substantial level of financial resources to address and otherwise respond to, may
be difficult to identify or address in a timely manner, and could result in claims, investigations, inquiries, and other proceedings or actions by private parties or governmental entities that may divert management’s attention and require the
expenditure of significant time and resources, and which may cause us to incur substantial fines, penalties, or other liability and related legal and other costs. Cybersecurity risks pose a particularly significant risk to our business given
our focus on providing internet security software and secure communications technology. Any actual or perceived security breach or other security incident may also harm our reputation, result in a loss of customers, and make it more difficult
or impossible for us to successfully market to others. Any of the foregoing matters could harm our business, operating results and financial condition.
Our products are subject to governmental export and import controls that could subject us to liability or impair our ability to compete in
international markets.
Because we incorporate encryption technology into our products, certain of our products are subject to U.S. export controls and may be exported outside the U.S. only with the required export
license or through an export license exception. If we were to fail to comply with U.S. export licensing requirements, U.S. customs regulations, U.S. economic sanctions, or other laws, we could be subject to substantial civil and criminal
penalties, including fines, incarceration for responsible employees and managers, and the possible loss of export or import privileges. Obtaining the necessary export license for a particular sale may be time-consuming and may result in the
delay or loss of sales opportunities. Furthermore, U.S. export control laws and economic sanctions prohibit the shipment of certain products to U.S. embargoed or sanctioned countries, governments, and persons. Even though we take precautions to
ensure that we comply with all relevant regulations, any failure by us or any partners to comply with such regulations could have negative consequences for us, including reputational harm, government investigations, and penalties.
In addition, various countries regulate the import of certain encryption technology, including through import permit and license requirements, and have enacted laws that could limit our
ability to distribute our products or could limit our end-customers’ ability to implement our products in those countries. Changes in our products or changes in export and import regulations may create delays in the introduction of our products
into international markets, prevent our end-customers with international operations from deploying our products globally or, in some cases, prevent or delay the export or import of our products to certain countries, governments, or persons
altogether. Any change in export or import regulations, economic sanctions, or related legislation, shift in the enforcement, or scope of existing regulations, or change in the countries, governments, persons, or technologies targeted by such
regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential end-customers with international operations. Any decreased use of our products or limitation on
our ability to export to or sell our products in international markets would likely adversely affect our business, financial condition, and results of operations.
Privacy and data security concerns, data collection and transfer restrictions and related domestic or foreign regulations may limit the use and adoption
of our solutions and adversely affect our business.
Personal privacy, information security, and data protection are significant issues in the United States, Europe, and many other jurisdictions where we have operations or offer our products.
The regulatory framework governing the collection, processing, storage and use of confidential and proprietary business information and personal data is rapidly evolving. The United States federal, various state and foreign governments have
adopted or proposed requirements regarding the collection, distribution, use, security, storage, and other processing of personal information and other data relating to individuals, and federal and state consumer protection laws are being
applied to enforce regulations related to the online collection, use and dissemination of data.
Further, many foreign countries and governmental bodies, including the European Union (“EU”), where we conduct business, have laws and regulations concerning the collection and use of
personal data obtained from their residents or by businesses operating within their jurisdiction. These laws and regulations often are more restrictive than those in the United States. Laws and regulations in these jurisdictions apply broadly
to the collection, use, storage, disclosure, and security of data that identifies or may be used to identify or locate an individual.
We also expect that there will continue to be new proposed laws, regulations and industry standards concerning privacy, data protection and information security in the United States, the EU,
and other jurisdictions. For example, the European Commission maintains a General Data Protection Regulation (the “GDPR”) that imposes stringent data protection requirements and provides for substantial penalties for noncompliance. The United
Kingdom has enacted a Data Protection Act and legislation referred to as the UK GDPR that substantially implements the GDPR and provides for a penalty regime similar to the GDPR. We may be required to incur substantial expense in order to make
significant changes to our products and operations to address compliance with the GDPR and similar legislation, such as the UK GDPR and UK Data Protection Act, all of which may adversely affect our revenue and product sales. California has
enacted legislation, the California Consumer Privacy Act (the “CCPA”) that, among other things, requires covered companies to provide disclosures to California consumers, and afford such consumers abilities to opt-out of certain sales of
personal information. The CCPA was modified and expanded by the California Privacy Rights Act (the “CPRA”), which was approved by California voters in the November 2020 election. Additionally, other U.S. states continue to propose, and in
certain cases adopt, privacy-focused legislation. For example, Connecticut, Virginia, Utah and Colorado enacted legislation similar to the CCPA and CPRA that took effect in 2023; Florida, Montana, Oregon, and Texas have enacted similar
legislation that has became effective in 2024; Delaware, Nebraska, Maryland, New Hampshire, New Jersey, Minnesota, Tennessee, and Iowa have enacted similar legislation that has or will become effective in 2025; and Indiana, Kentucky, and Rhode
Island have enacted similar legislation that will become effective in 2026. We cannot yet fully determine the impact these or future laws, regulations and standards may have on our business, but they may require us to modify our data processing
practices and policies and to incur substantial costs and expenses in efforts to comply. Privacy, data protection and information security laws and regulations are often subject to differing interpretations, may be inconsistent among
jurisdictions, and may be alleged to be inconsistent with our current or future practices. Additionally, we may be bound by contractual requirements applicable to our collection, use, processing, and disclosure of various types of data,
including personal data, and may be bound by, or voluntarily comply with, self-regulatory or other industry standards relating to these matters. These and other requirements could reduce demand for our products, increase our costs, impair our
ability to grow our business, or restrict our ability to store and process data or, in some cases, impact our ability to offer our service in some locations and may subject us to liability. Any failure or perceived failure to comply with
applicable laws, regulations, industry standards, and contractual obligations may adversely affect our business. Further, in view of new or modified federal, state, or foreign laws and regulations, industry standards, contractual obligations
and other legal obligations, or any changes in their interpretation, we may find it necessary or desirable to fundamentally change our business activities and practices or to expend significant resources to modify our product and otherwise
adapt to these changes. We may be unable to make such changes and modifications in a commercially reasonable manner or at all, and our ability to develop new products and features could be limited.
The costs of compliance with and other burdens imposed by laws, regulations and standards may limit the use and adoption of our service and reduce overall demand for it, or lead to
significant fines, penalties, or liabilities for any noncompliance. Privacy, information security, and data protection concerns, whether valid or not valid, may inhibit market adoption of our platform, particularly in certain industries and
foreign countries.
Our business has been, and may continue to be, negatively affected by activist shareholders.
Responding to actions and communications by activist shareholders is costly and time-consuming, has diverted the attention of management, our Board of Directors and our employees, and may be
disruptive to our operations. Additionally, perceived uncertainties as to our future direction as a result of shareholder activism may lead to the perception of a change in the direction of our business or other instability, which may be
exploited by our competitors, cause concern to our current or potential customers, and make it more difficult to attract and retain qualified personnel. Furthermore, if customers choose to delay, defer or reduce transactions with us or do
business with our competitors instead of us, then our business, financial condition and operating results would be adversely affected. In addition, our share price could experience periods of increased volatility as a result of shareholder
activism.
Risks Related to Ownership of Our Common Stock
We do not regularly pay dividends on our common stock and thus stockholders must look to appreciation of our common stock to realize a gain on their investments.
Our dividend policy is within the discretion of our Board of Directors and will depend upon various factors, including our business, financial condition, results of operations, capital
requirements, and investment opportunities. We therefore cannot make assurances that our Board of Directors will determine to pay regular or special dividends in the future. Accordingly, unless our Board of Directors determines to pay
dividends, stockholders will be required to look to appreciation of our common stock to realize a gain on their investment, which may not occur.
The exercise of our outstanding stock options and warrants, and the issuance of RSUs and restricted stock would result in a dilution of our current
stockholders’ voting power and an increase in the number of shares eligible for future resale in the public market which may negatively impact the market price of our stock.
The exercise of our outstanding vested stock options and warrants, and the vesting of RSUs and restricted stock dilutes the ownership interests of our existing stockholders. As of December
31, 2024, we had outstanding options, warrants and RSUs to purchase an aggregate of 265,040 shares of common stock representing approximately 6.25% of our total shares outstanding of which 242,352 were vested. To the extent outstanding stock
options or warrants are exercised and RSUs vest, additional shares of common stock will be issued, existing stockholders’ percentage voting interests will decline and the number of shares eligible for resale in the public market will increase.
Such increase may have a negative effect on the value or market trading price of our common stock.
Investors may have limited influence because ownership of our common stock is limited.
As of December 31, 2024, our executive officers and directors beneficially owned approximately 18% of our outstanding common stock. Because of their beneficial ownership interest, our
officers and directors could significantly influence stockholder actions of which you disapprove or that are contrary to your interests. This ability to exercise significant influence could prevent or significantly delay another company from
acquiring or merging with us.
Our protective provisions in our amended and restated certificate of incorporation and amended and restated bylaws could make it difficult for a third party to
successfully acquire us even if you would like to sell your stock to them.
We have protective provisions in our amended and restated certificate of incorporation (“Restated Charter”) and amended and restated bylaws (“Restated Bylaws”) that could delay, discourage, or prevent a third party from acquiring control of us
without the approval of our Board of Directors. These protective provisions include:
| • |
A staggered Board of Directors: Only one or two of five directors will be up for election at any given annual meeting, delaying the ability of stockholders to affect a change in control of us because it
would take two annual meetings to effectively replace a majority of the Board of Directors.
|
| • |
Blank check preferred stock: Our Board of Directors has the authority to establish the rights, preferences, and privileges of our 10,000,000 authorized, but unissued, shares of preferred stock. Therefore,
this stock may be issued at the discretion of our Board of Directors with preferences over your shares of our common stock in a manner that is materially dilutive to you. In addition, blank check preferred stock can be used to create a
“poison pill” which is designed to deter a hostile bidder from buying a controlling interest in our stock without the approval of our Board of Directors. We have not adopted such a “poison pill;” but our Board of Directors can do so in
the future, very rapidly and without stockholder approval.
|
| • |
Advance notice requirements for director nominations and for business to be brought before stockholder meetings: Stockholders wishing to submit director nominations or raise matters to a vote of the
stockholders must provide notice to us within very specific date windows and in very specific form to have the matter voted on at a stockholder meeting. This gives our Board of Directors and management more time to react to stockholder
proposals generally and could also permit us to disregard a stockholder proposal to the extent such proposal is not submitted in accordance with the Restated Bylaws.
|
| • |
No stockholder actions by written consent: No stockholder or group of stockholders may take action by written consent. Along with the advance notice requirements described above, this provision also gives
our Board of Directors and management more time to react to proposed stockholder actions.
|
| • |
Super majority requirement for stockholder amendments to the Restated Bylaws: Stockholder proposals to alter or amend our Restated Bylaws or to adopt new bylaws can only be approved by the affirmative
vote of at least 66 2/3% of the outstanding shares of our common stock.
|
| • |
No ability of stockholders to call a special meeting of the stockholders: A special meeting of the stockholders, other than as required by statute, may be called at any time by the Board of Directors, the
chairman of the Board of Directors, or the president, and any power of stockholders to call a special meeting of stockholders is specifically denied. Accordingly, stockholders, even those who represent a significant percentage of our
shares of common stock, may need to wait for the annual meeting before nominating directors or raising other business proposals to be voted on by the stockholders.
|
In addition, the provisions of Section 203 of the Delaware General Corporation Law govern us. These provisions may prohibit large stockholders, particularly those owning 15% or more of our
outstanding voting stock, from merging or combining with us for a certain period of time.
These and other provisions in our Restated Charter, our Restated Bylaws and under Delaware law could discourage potential takeover attempts, reduce the price that investors might be willing
to pay for shares of our common stock in the future and result in the market price being lower than it would be without these provisions.
Our Restated Bylaws designate a state or federal court located within the State of Delaware as the exclusive forum for substantially all disputes
between us and our stockholders, which could limit our stockholders’ ability to choose the judicial forum for disputes with us or our directors, officers, or employees.
Our Restated Bylaws provide that, unless we consent in writing to the selection of an alternative forum, the sole and exclusive forum for (1) any derivative action or proceeding brought on
our behalf, (2) any action asserting a claim of breach of a fiduciary duty owed by any of our directors, stockholders, officers, or other employees to us or our stockholders, (3) any action arising pursuant to any provision of the Delaware
General Corporation Law, or our Restated Charter or Restated Bylaws or (4) any other action asserting a claim that is governed by the internal affairs doctrine shall be the Court of Chancery of the State of Delaware (or, if the Court of
Chancery does not have jurisdiction, another State court in Delaware or the federal district court for the District of Delaware), in all cases subject to the court having jurisdiction over indispensable parties named as defendants.
However, notwithstanding the exclusive forum provisions, our Restated Bylaws explicitly state that they would not preclude the filing of claims brought to enforce any liability or duty
created under federal securities laws, including the Securities Act or the Exchange Act.
Any person or entity purchasing or otherwise acquiring any interest in any of our securities shall be deemed to have notice of and consented to this provision. This exclusive-forum provision
may limit a stockholder’s ability to bring a claim in a judicial forum of its choosing for disputes with us or our directors, officers, or other employees, which may discourage lawsuits against us and our directors, officers, and other
employees. If a court were to find this exclusive-forum provision in our Restated Bylaws to be inapplicable or unenforceable in an action, we may incur additional costs associated with resolving the dispute in other jurisdictions, which could
harm our results of operations.
General Risk Factors
Failure to meet the NYSE’s continued listing requirements could result in the suspension of trading of our common stock and a subsequent delisting of
our common stock.
On August 28, 2024, we received a written notification from the NYSE that as of August 27, 2024, we were not in compliance with the continued listing standards set forth in Section 802.01B of
the NYSE Listed Company Manual because the average global market capitalization over a consecutive 30 trading-day period and stockholders’ equity were both less than $50 million. In accordance with applicable NYSE procedures, we submitted a
plan to the NYSE on October 11, 2024, and provide quarterly updates advising it of the definitive actions we have taken, are taking and plan to take that would bring us into conformity with the standard set forth in Section 801.01B within 18
months of receipt of the written notification. The written notification has no immediate impact on our ongoing business operations, reporting requirements with the SEC or the listing of our common stock on the NYSE at this time, subject to the
Company’s continued compliance with the plan and NYSE’s other continued listing standards. We are considering all available options to regain compliance with NYSE’s continued listing standards but can provide no assurances that we will be able
to satisfy the requirements of the NYSE.
Our common stock could also be delisted if our average global market capitalization over a consecutive 30 trading-day period is less than $15 million. Our average global market capitalization
over a consecutive 30 trading-day period may fall below $15 million based on continued volatility and fluctuations in the market price of our common stock. In the event that our stock price does not meet the global market capitalization
requirement, the NYSE will promptly suspend our common stock from trading on the NYSE and will simultaneously begin the process to delist our common stock, subject to our right to appeal under NYSE rules. While we may appeal this decision,
there is no assurance that any appeal we undertake will be successful.
If shares of our common stock are delisted from the NYSE, there may be no public market for our common stock. Any over-the-counter or other market that does develop would likely be
characterized by decreased liquidity and greater volatility, which may materially and adversely affect the value of our common stock. A delisting of our common stock could negatively impact the Company and holders of our common stock, including
by reducing the willingness of investors to hold our common stock because of the resulting decreased price, liquidity and trading of our common stock, limited availability of price quotations, and reduced news and analyst coverage. These
developments may also require brokers trading in our common stock to adhere to more stringent rules and may limit our ability to raise capital by issuing additional shares of common stock in the future. Delisting may adversely impact the
perception of our financial condition, cause reputational harm with investors, our employees and parties conducting business with us, and limit our access to debt and equity financing. The perceived decrease in value of employee equity
incentive awards may reduce their effectiveness in encouraging performance and retention.
We may need to raise additional capital to support our business growth, and this capital may be dilutive, may cause our stock price to drop or may not be available on
acceptable terms, if at all.
We may need to raise additional capital, which may not be available to us when needed or may not be available on terms acceptable to us, to support our business growth or to respond to business opportunities, challenges, or unforeseen
circumstances, including sales under our past and any future shelf registration statements. Our ability to obtain additional capital, if and when required, will depend on our business plans, investor demand, our operating performance, the
condition of the capital markets, the terms of our current contractual obligations and other factors.
If we raise additional funds through the issuance of equity, equity-linked or debt securities, including those under our past and any future shelf registration statements, those securities
may have rights, preferences, or privileges senior to the rights of our common stock, and our existing stockholders may experience dilution. Additionally, we are unable to predict the future success of any future offerings. Sales of a
substantial number of shares of our common stock in the public market, or the perception that these sales or other financings might occur, could depress the market price of our common stock, and could also impair our ability to raise capital
through the sale of additional equity securities. If we issue debt securities or incur indebtedness, we could experience increased future payment obligations and a need to comply with restrictive covenants, such as limitations on our ability to
incur additional debt, limitations on our ability to acquire, sell or license intellectual property rights and other operating restrictions that could adversely impact our ability to conduct our business. If we are unable to obtain additional
capital or are unable to obtain additional capital on satisfactory terms, our ability to continue to support our business growth or to respond to business opportunities, challenges, or other circumstances could be adversely affected, and our
business may be harmed.
The departure of Kendall Larsen, our Chief Executive Officer and President, and/or other key personnel could compromise our ability to execute our
strategic plan and materially harm our business.
Our success depends on the skills, experience, and performance of our key personnel. Due to the specialized nature of our business and limited staff, we are particularly dependent on Kendall
Larsen, our Chief Executive Officer and President. We have no employment agreements with any of our key executives that prevent them from leaving us at any time. In addition, we do not maintain key person life insurance for any of our officers
or key employees. The loss of Mr. Larsen, or our failure to retain other key personnel or plan for the succession of key personnel, would jeopardize our ability to execute our strategic plan and materially harm our business.
We will need to recruit and retain additional qualified personnel to successfully grow our business.
Our future success will depend, in part, on our ability to attract and retain qualified engineering, operations, marketing, sales and executive personnel. Inability to attract and retain such
personnel could adversely affect our business. Competition for engineering, operations, marketing, sales, and executive personnel is intense, particularly in the technology and Internet sectors and in the regions where we conduct our business.
We may need to invest significant amounts of cash and equity to attract and retain employees and expend significant time and resources to identify, recruit, train and integrate such employees, and we may never realize returns on these
investments. Additionally, we can provide no assurance that we will attract or retain such personnel.
War, terrorism, other acts of violence, or natural or manmade disasters as well as macroeconomic conditions may affect the markets in which we operate,
our clients and our service delivery.
Our business may be adversely affected by instability, disruption, or destruction in a geographic region in which we operate, regardless of cause, including war, terrorism, riot, civil
insurrection, or social unrest, and natural or manmade disasters, including famine, flood, fire, earthquake, storm, or pandemic events and spread of disease. Our business may also be adversely affected by further downturn in macroeconomic
conditions, including inflation and rising interest rates, tariffs, trade wars, global political and economic uncertainty and tensions, such as the ongoing Russia-Ukraine and Israel-Hamas conflicts, as well as any related political or economic
response, counter responses or otherwise, financial services sector instability, a reduction in business confidence and activity, financial market volatility, unexpected changes in tax law or policy, and other factors. Such events can adversely
affect our operations or the economy as a whole and may cause our customers to delay their decisions on spending for the services we provide and perpetuate significant changes in regional and global economic conditions and cycles. These events
may also pose risks to our personnel and to physical facilities and operations, which could adversely affect our financial results.
Trading in our common stock is limited and the price of our common shares may be subject to volatility.
Our common stock is currently listed on the NYSE and was previously listed on the NYSE American LLC (formerly the NYSE MKT LLC). Over the past years, the market price of our common stock has experienced significant fluctuations. Between January
1, 2024, and December 31, 2024, the adjusted closing price on the NYSE for our common stock ranged between $3.62 and $9.22. The price of our common stock may continue to be volatile as a result of several factors, some of which are beyond our
control. These factors include, but are not limited to, the following:
| • |
Annual variations, actual or anticipated, in our operating results;
|
| • |
Significant changes in our management;
|
| • |
Large purchases or sales of common stock or derivative transactions related to our stock;
|
| • |
Actual or anticipated announcements of new products or services by us or competitors;
|
| • |
General conditions in the markets in which we compete; and
|
| • |
General social, political, economic, and financial conditions, including significant volatility in the global financial markets.
|
In addition, we believe there has been and may continue to be substantial trading in derivatives of our stock, including short selling activity or related similar activities, which are beyond
our control, and which may be beyond the full control of the SEC and Financial Institutions Regulatory Authority (“FINRA”). While the SEC and FINRA rules prohibit some forms of short selling and other activities that may result in stock price
manipulation, such activity may nonetheless occur without detection or enforcement. We have held conversations with regulators concerning trading activity in our stock; however, there can be no assurance that should there be any illegal
manipulation in the trading of our stock, it will be detected, prosecuted, or successfully eradicated. Significant short selling market manipulation could cause our stock trading price to decline, to become more volatile, or both. For more
information regarding trading in our common stock and listing on the NYSE, see additional risk factors included elsewhere in this Annual Report on Form 10-K.
We have broad discretion in how we apply our funds, and we may not use these funds effectively, which could affect our results of operations and cause
our stock price to decline.
Our management has broad discretion in the application of our existing cash, cash equivalents and investments and could spend these funds in ways that do not improve our results of operations
or enhance the value of our common stock. Pending their use, we may invest our available funds in a manner that does not produce income or that loses value. The failure by our management to apply our available funds effectively could result in
financial losses that could cause the price of our common stock to decline and delay the development of our products.
In addition, an entity that, among other things, is or holds itself out as being engaged primarily, or proposes to engage primarily, in the business of investing, reinvesting, owning,
trading, or holding certain types of securities would be deemed an Investment Company under the Investment Company Act of 1940 (the “1940 Act”). If we do not manage our investments and business in a manner that meets the requirements for an
exemption under the 1940 Act, we may be deemed to be an investment company under the 1940 Act and subject to additional limitations on operating our business including limitations on the issuance of securities, which may make it difficult for
us to raise capital.
| Item 1B. |
Unresolved Staff Comments
|
None.
