| INTERNET SECURITY SYSTEMS INC/GA Item 1A Risk Factors There are many factors that affect ISS’ business and the results of its operations, some of which are beyond ISS’ control |
| The following is a description of some of the important factors that may cause the actual results of ISS’ operations in future periods to differ materially from those currently expected or desired |
| We encourage you to read this section carefully |
| We Operate in a Rapidly Evolving Market We operate in a rapidly evolving market and must, among other things: · respond to competitive developments; · continue to upgrade and expand our product and services offerings; and · continue to attract, retain and motivate our employees |
| 8 ______________________________________________________________________ We cannot be certain that we will successfully address these issues |
| We introduced our Proventia appliance line in April 2003 that includes intrusion prevention and integrated security protection |
| While market response to these products has had a positive impact on our operating results, failure to continue to gain further market acceptance of new appliance products could result in revenues below our expectations and our operating results could be adversely affected |
| Our Future Operating Results Will Likely Fluctuate Significantly We cannot predict our future revenues and operating results with certainty |
| However, we do expect our future revenues and operating results to fluctuate due to a combination of factors, including: · the extent to which the public perceives that unauthorized access to and use of online information are threats to network security; · customer budgets; · the mix of product sales among the various products offered by ISS and whether revenue is recognized upon sale or deferred to subsequent periods; · the volume and timing of orders, including seasonal trends in customer purchasing; · our ability to develop and timely introduce new and enhanced product and managed service offerings; · the introduction and acceptance rate of new ISS branded appliances, including related increased cost of goods sold; · our ability to accurately forecast and produce demanded quantities of our appliance products and models; · availability of component parts of appliance products and reliance on contract manufacturers to produce such products; · our ability to provide scalable managed services offerings in a cost effective manner; · foreign currency exchange rates that affect our international operations; · whether enterprises consolidate their security platforms with fewer vendors and whether ISS benefits from this; · product and price competition in our markets; and · general economic conditions, both domestically and in our foreign markets |
| We focus our direct sales efforts on enterprise-wide security solutions, which consist of our entire product suite, professional services, and managed security services, rather than on the sale of component products |
| In addition, the revenues associated with particular sales vary significantly depending on the number of products acquired by a customer and the number of devices used by the customer |
| Large individual sales, or even small delays in customer orders, can cause significant variation in our license revenues and results of operations for a particular period |
| The timing of large orders is usually difficult to predict and, like many software-based technology companies, many of our customers typically complete transactions in the last month of a quarter |
| 9 ______________________________________________________________________ We cannot predict our operating expenses based on our past results |
| Instead, we establish our spending levels based in large part on our expected future revenues |
| As a result, if our actual revenues in any future period fall below our expectations, our operating results likely will be adversely affected because very few of our expenses vary with our revenues |
| Because of the factors listed above, we believe that our quarterly and annual revenues, expenses and operating results likely will vary significantly in the future |
| Our ability to provide timely guidance and meet the expectations of investors with respect to our operating and financial results is affected by the tendency of a majority of our product and license sales to be completed in the last month of a quarter |
| We may not be able to determine whether we will experience material deviations from guidance or expectations until the end of a quarter |
| Dependence on Third Party Suppliers and Manufacturers We carry little inventory of our appliance products and we rely on suppliers to deliver necessary components to our contract manufacturers in a timely manner based on the forecasts we provide |
| We currently purchase some Proventia appliance components and contract manufacturing services from single or limited sources |
| If shortages occur, supplies are interrupted, or we underestimate demand for models, we may not be able to deliver products to our customers and our revenue and operating results would be adversely affected |
| We provide forecasts of our demand to our contract manufacturers |
| Because our supply of hardware is based on short-term forecasts and purchase orders, our contract manufacturers are not obligated to purchase components for greater quantities over longer periods |
| If we underestimate our requirements, our contract manufacturers may have an inadequate component inventory and, based on lead times, this could interrupt manufacturing and result in delays in shipments and revenues |
| We Face Intense Competition in Our Market The market for network security monitoring, detection, prevention and response solutions is intensely competitive, and we expect competition to increase in the future |
| We cannot guarantee that we will compete successfully against our current or potential competitors, especially those with significantly greater financial resources or brand name recognition |
| Our chief competitors generally fall within the following categories: · large companies, including Symantec Corporation, Cisco Systems, Inc, Juniper Networks, Inc, 3Com Corporation, Check Point Software Technologies, LTD, and McAfee, Inc, that sell competitive products and offerings, as well as other large software companies that have the technical capability and resources to develop competitive products; · software or hardware network infrastructure companies like Cisco Systems, Inc, 3Com Corporation, and Juniper Networks, Inc |
| that could integrate features that are similar to our products into their own products; · smaller software companies offering relatively limited applications for network and Internet security; and · small and large companies with competitive offerings to components of our managed services offerings |
| Mergers or consolidations among these competitors, or acquisitions of small competitors by larger companies, represent risks |
| For example, Symantec Corporation, Cisco Systems, Inc, McAfee, Inc, 3Com Corporation, and Juniper Networks, Inc |
| have acquired during the past several years smaller companies, which have intrusion detection or prevention technologies |
| These acquisitions will make these entities potentially more formidable competitors to us if such products and offerings are effectively integrated |
| Large companies may have advantages over us because of their longer operating histories, greater name recognition, larger customer bases or greater financial, technical and marketing resources |
| As a result, they 10 ______________________________________________________________________ may be able to adapt more quickly to new or emerging technologies and changes in customer requirements |
| They can also devote greater resources to the promotion and sale of their products than we can |
| In addition, these companies have reduced and could continue to reduce, the price of their security monitoring, detection, prevention and response products and managed security services, which increases pricing pressures within our market |
| Several companies currently sell software products (such as encryption, firewall, operating system security and virus detection software) that our customers and potential customers have broadly adopted |
| In addition, the vendors of operating system software or networking hardware may enhance their products to include the same kinds of functions that our products currently provide |
| The widespread inclusion of comparable features to our software in operating system software or networking hardware could render our products less competitive or obsolete, particularly if such features are of a high quality |
| Even if security functions integrated into operating system software or networking hardware are more limited than those of our products, a significant number of customers may accept more limited functionality to avoid purchasing additional products |
| In addition, with the introduction of our Proventia integrated security appliance, we have offerings that compete with vendors of firewalls, VPNs, anti-virus systems, and content and spam filtering products |
| These offerings are competitive with a broader spectrum of network security companies, as well as those that also offer integrated security appliances or broad product suites |
| For the above reasons, we may not be able to compete successfully against our current and future competitors |
| Increased competition may result in price reductions, reduced gross margins and loss of market share |
| We Face Risks Associated with Governmental Contracting Our customers include the US and other national government agencies and a significant number of other state and local governments or agencies |
| · Procurement—Contracting with public sector customers is highly competitive and can be expensive and time-consuming, often requiring that we incur significant upfront time and expense without any assurance that we will win a contract; · Budgetary Constraints and Cycles—Demand and payment for our products and services are impacted by public sector budgetary cycles and funding availability, with funding reductions or delays adversely impacting public sector demand for our products and services; · Modification or Cancellation of Contracts—Public sector customers often have contractual or other legal rights to terminate current contracts for convenience or due to a default |
| If a contract is cancelled for convenience, which can occur if the customer’s product needs change, we may only be able to collect for products and services delivered prior to termination |
| If a contract is cancelled because of default, we may only be able to collect for products and alternative products and services; · Governmental Audits—National governments and other state and local agencies routinely investigate and audit government contractors’ administrative processes |
| They may audit our performance and pricing and review our compliance with applicable rules and regulations |
| If they find that we improperly allocated costs, they may require us to refund those costs or may refuse to pay us for outstanding balances related to the improper allocation |
| An unfavorable audit could result in a reduction of revenue, and may result in civil or criminal liability if the audit uncovers improper or illegal activities |
| 11 ______________________________________________________________________ We Face Rapid Technological Change in Our Industry and Frequent Introductions of New Products Rapid changes in technology pose significant risks to us |
| We do not control nor can we influence the forces behind these changes, which include: · the extent to which businesses and others seek to establish more secure networks; · the extent to which hackers and others seek to compromise secure systems; · evolving computer hardware and software standards; · changing customer requirements; and · frequent introductions of new products and product enhancements |
| To remain successful, we must continue to change, adapt and improve our products in response to these and other changes in technology |
| Our future success hinges on our ability to both continue to enhance our current line of products and professional services and to introduce new products and services that address and respond to innovations in computer hacking, computer technology and customer requirements |
| We cannot be sure that we will successfully develop and market new products that do this |
| Any failure by us to timely develop and introduce new products, to enhance our current products or to expand our professional services capabilities in response to these changes could adversely affect our business, operating results and financial condition |
| Our products involve very complex technology and, as a consequence, major new products and product enhancements require a long time to develop and test before going to market |
| Because this amount of time is difficult to estimate, we have had to delay the scheduled introduction of new and enhanced products in the past and may have to delay the introduction of new and enhanced products in the future |
| The techniques computer hackers use to gain unauthorized access to, or to sabotage, networks and intranets are constantly evolving and increasingly sophisticated |
| Furthermore, because new hacking techniques are usually not recognized until used against one or more targets, we are unable to anticipate most new hacking techniques |
| To the extent that new hacking techniques harm our customers’ computer systems or businesses, affected or prospective customers may believe that our products are ineffective, which may cause them or prospective customers to reduce or avoid purchases of our products |
| Undetected Product Errors or Defects Could Result in Loss of Revenues, Delayed Market Acceptance and Claims Against Us We offer warranties on our products, allowing the end customer to have any defective product repaired, or to receive a replacement product for it during the warranty period, or in certain circumstances return the product for a refund |
| Our products may contain undetected errors or defects |
| If there is a broad product failure across our customer base, we may decide to replace all affected products or we may decide to refund the purchase price for defective units |
| Such defects and actions may adversely affect our ability to record revenue |
| Some errors are discovered only after a product has been installed and used by end customers |
| Any errors discovered after commercial release could result in loss of revenues and claims against us |
| We offer warranties on our service levels for managed security services |
| If we do not meet warranties, the customer generally may obtain credits for service |
| 12 ______________________________________________________________________ If we are unable to fix errors or other product problems that later are identified after full deployment, or if we fail to meet our service levels for managed security services, in addition to the consequences described above, we could experience: · failure to achieve market acceptance; · loss of customers; · loss of or delay in revenues and loss of market share; · diversion of development resources; · increased service and warranty costs; · legal actions by our customers; and · increased insurance costs |
| Our Products are Complex and Are Operated in a Wide Variety of Computer Configurations, Which Could Result in Errors or Product Failures Because we offer very complex products, undetected errors, failures or bugs may occur when they are first introduced or when new versions are released |
| Our products often are installed and used in large-scale computing environments with different operating systems, system management software and equipment and networking configurations, which may cause errors or failures in our products or may expose undetected errors, failures or bugs in our products |
| We discover errors, failures and bugs in certain of our product offerings after their introduction and have experienced delays and could experience lost revenues during the period required to correct these errors |
| Our customers’ computer environments are often characterized by a wide variety of standard and non-standard configurations that make pre-release testing for programming or compatibility errors very difficult and time-consuming |
| Despite testing, errors, failures or bugs may not be found in new products or releases until after commencement of commercial shipments |
| Errors, failures or bugs in products released by us could result in negative publicity, product returns, loss of or delay in market acceptance of our products or claims by customers or others |
| In addition, if an actual or perceived breach of network security occurs in one of our end customer’s security systems, regardless of whether the breach is attributable to our products, the market perception of the effectiveness of our products could be harmed |
| Because the techniques used by computer hackers to access or sabotage networks change frequently and generally are not recognized until launched against a target, we may be unable to anticipate these techniques |
| Alleviating any of these problems could require significant expenditures of our capital and resources and could cause interruptions, delays or cessation of our product licensing, which could cause us to lose existing or potential customers and would adversely affect results of operations |
| We Might Have to Defend Lawsuits or Pay Damages in Connection With Any Alleged or Actual Failure of Our Products and Services Because our products and services provide and monitor network security and may protect valuable information, we could face claims for product liability, tort or breach of warranty |
| Anyone who circumvents our security measures could misappropriate the confidential information or other property of end customers using our products, or interrupt their operations |
| If that happens, affected end customers or others may sue us |
| In addition, we may face liability for breaches caused by faulty installation of our products by our service and support organizations |
| Provisions in our contracts relating to warranty disclaimers and liability limitations may be unenforceable |
| Some courts, for example, have found contractual limitations of liability in standard computer and software contracts to be unenforceable in some circumstances |
| Defending a lawsuit, regardless of its merit, could be costly and could divert 13 ______________________________________________________________________ management attention |
| Our business liability insurance coverage may be inadequate or future coverage may be unavailable on acceptable terms or at all |
| Risks Associated with Our Global Operations The expansion of our international operations includes our presence in dispersed locations throughout the world, including throughout EMEA and the Asia/Pacific and Latin America regions |
| Our international presence and expansion exposes us to risks not present in our US operations, such as: · the difficulty in managing an organization spread over various countries located across the world; · compliance with, and unexpected changes in, a wide range of complex regulatory requirements in countries where we do business; · duties and tariffs imposed on importation of our products in other jurisdictions where other manufacturers may not bear those same costs; · increased financial accounting and reporting burdens; · potentially adverse tax consequences; · fluctuations in foreign currency exchange rates resulting in losses or gains from transactions and expenses denominated in foreign currencies; · reduced protection for intellectual property rights in some countries; · reduced protection for enforcement of creditor and contractual rights in some countries; and · import and export license requirements and restrictions on the import and export of certain technology, especially encryption technology and trade restrictions |
| Despite these risks, we believe that we must continue to expand our operations in international markets to support our growth |
| To this end, we intend to establish additional foreign sales operations, expand our existing offices, hire additional personnel, expand our international sales channels and customize our products for local markets |
| If we fail to execute this strategy, our international sales growth will be limited |
| Our Networks, Products and Services May be Targeted by Hackers Like other companies, our websites, networks, information systems, products and services may be targets for sabotage, disruption or misappropriation by hackers |
| Although we believe we have sufficient controls in place to prevent disruption and misappropriation, and to respond to such situations, we expect these efforts by hackers to continue |
| If these efforts are successful, our operations, reputation and sales could be adversely affected |
| We Must Successfully Integrate Acquisitions As part of our growth strategy, we have and may continue to acquire or make investments in companies with products, technologies or professional services capabilities complementary to our solutions |
| When engaging in acquisitions, we could encounter difficulties in assimilating or completing the development of the technologies, new personnel and operations into our company |
| These difficulties may disrupt our ongoing business, distract our management and employees, increase our expenses and adversely affect our results of operations |
| These difficulties could also include accounting requirements, such as impairment charges related to goodwill or other intangible assets or expensing in-process research and development costs |
| We cannot be certain that we will successfully overcome these risks with respect to any future acquisitions or that we will not encounter other problems in connection with our recent or any 14 ______________________________________________________________________ future acquisitions |
| In addition, any future acquisitions may require us to incur debt or issue equity securities |
| The issuance of equity securities could dilute the investment of our existing stockholders |
| In July 2005, ISS announced a share repurchase program authorizing the use of up to dlra100 million in cash to repurchase outstanding shares of our common stock |
| We expect to repurchase shares for cash as business conditions warrant through July 19, 2006 |
| The full implementation of this repurchase program would use a significant portion of our cash reserves |
| This use of cash could limit our future flexibility to complete acquisitions of businesses or technology or other transactions |
| Our Proprietary Rights May be Difficult to Enforce We rely primarily on copyright, trademark, patent and trade secrets laws, confidentiality procedures and contractual provisions to protect our proprietary rights |
| We hold several United States patents, one Taiwanese patent, and have a number of patent applications pending |
| We also hold numerous United States and foreign trademarks and have a number of trademark applications pending |
| There can be no assurance that patents will be issued from pending applications, or that claims allowed on any patents will be sufficiently broad to protect our technology |
| There can be no assurance that any issued patents will not be challenged, invalidated or circumvented, or that any rights granted under these patents will actually provide competitive advantages to us |
| Despite our efforts to protect our proprietary rights, unauthorized parties may attempt to copy aspects of our products or to obtain and use information that we regard as proprietary |
| Policing unauthorized use of our products is difficult |
| While we cannot determine the extent to which piracy of our software products occurs, we expect software piracy to be a persistent problem |
| In addition, the laws of some foreign countries do not protect our proprietary rights to as great an extent as do the laws of the United States, and many foreign countries do not enforce these laws as diligently as US government agencies and private parties |
| If we are unable to protect our proprietary rights to the totality of the features in our software and products (including aspects of our software and products protected other than by patent rights), we may find ourselves at a competitive disadvantage to others who need not incur the additional expense, time and effort required to create the innovative products that have enabled us to be successful |
| We May Be Found to Infringe the Proprietary Rights of Others Third parties may assert claims or initiate litigation related to exclusive patent, copyright, trademark and other intellectual property rights to technologies that are relevant to our business |
| Because of the large number of patents in the Internet, networking, security and software fields, the secrecy of some pending patents and the rapid rate of issuance of new patents, it is not economically practical (or even possible) to determine in advance whether a product (or any of its components) infringe or will infringe the patent rights of others |
| Third party asserted claims and/or initiated litigation can include claims against us or our manufacturers, suppliers, or customers, alleging infringement of proprietary rights with respect to our existing or future products (or components of those products) |
| Regardless of the merit of these claims, they can be time-consuming, result in costly litigation and diversion of technical and management personnel, or require us to develop a non-infringing technology or enter into license agreements |
| There can be no assurance that licenses will be available on acceptable terms and conditions, if at all, in these circumstances, or that any indemnification that might be available to us would be adequate to cover our costs of defense |
| Furthermore, because of the potential for large judgments, which are not necessarily predictable, it is not unusual to find even arguably unmeritorious claims settled for significant funds |
| If any infringement or other intellectual property claims made against us by a third party is successful, or if we fail to develop non-infringing technology or license the proprietary rights on commercially reasonable terms 15 ______________________________________________________________________ and conditions, our business, operating results, financial condition and liquidity could be materially and adversely affected |
| Some Provisions in the ISS Certificate of Incorporation and Bylaws Make a Takeover of ISS Difficult Our certificate of incorporation and bylaws contain provisions that could have the effect of making it more difficult for a third party to acquire, or of discouraging a third party from attempting to acquire, control of ISS These provisions: · establish a classified board of directors; · create preferred stock purchase rights that grant to holders of common stock the right to purchase shares of Series A Junior Preferred Stock in the event that a third party acquires 20prca or more of the voting power of our outstanding common stock; · prohibit the right of our stockholders to act by written consent; · limit calling special meetings of stockholders; and · impose a requirement that holders of 662¤3prca of the outstanding shares of common stock are required to amend the provisions relating to the classification of our board of directors and action by written consent of stockholders |