What changed in Tenable Holdings, Inc.'s 2025 10-K compared to 2024?

Across the narrative sections we track, Tenable Holdings, Inc. (TENB) added 352 paragraphs, removed 336, and edited 270 between the 2024 and 2025 10-K filings. The biggest movers are Item 1A. Risk Factors (+204/−167), Item 7. Management's Discussion & Analysis (+74/−99), Item 1. Business (+43/−44).

Did Tenable Holdings, Inc. add new Risk Factors in the 2025 10-K?

Yes — Item 1A Risk Factors shows 204 new/edited paragraphs and 167 removed paragraphs versus the 2024 10-K.

What changed in Tenable Holdings, Inc.'s MD&A (Item 7) in 2025?

Item 7 Management's Discussion & Analysis shows 74 new/edited paragraphs and 99 removed paragraphs year-over-year. Read the side-by-side diff to see exactly which revenue, margin, and outlook commentary was rewritten.

Did Tenable Holdings, Inc. update its Cybersecurity disclosure (Item 1C) in 2025?

Item 1C Cybersecurity has 13 paragraph-level changes between the 2024 and 2025 filings.

Did Tenable Holdings, Inc.'s Legal Proceedings (Item 3) change in 2025?

Item 3 shows 2 added/edited paragraphs and 2 removed paragraphs — usually indicating new litigation disclosed or settled cases removed.

Where does this TENB 10-K diff come from?

The source filings are Tenable Holdings, Inc.'s official 2024 and 2025 Form 10-K annual reports from SEC EDGAR. 10q10k.net parses each filing, aligns paragraphs by section (Item 1, 1A, 1C, 2, 3, 7, 7A), and highlights every added, removed and edited sentence side-by-side.

What changed in Tenable Holdings, Inc.'s 10-K — 2024 vs 2025

Paragraph-level year-over-year comparison of Tenable Holdings, Inc.'s 2024 and 2025 10-K annual filings, covering the Business, Risk Factors, Legal Proceedings, Cybersecurity, MD&A and Market Risk sections. Every new, removed and edited paragraph is highlighted side-by-side so you can see exactly what management changed in the 2025 report.

+352 added−336 removedSource: 10-K (2026-02-27) vs 10-K (2025-02-24)

Top changes in Tenable Holdings, Inc.'s 2025 10-K

352 paragraphs added · 336 removed · 270 edited across 8 sections

Item 1A. Risk Factors+204 / −167 · 146 edited
Item 7. Management's Discussion & Analysis+74 / −99 · 61 edited
Item 1. Business+43 / −44 · 39 edited
Item 1C. Cybersecurity+13 / −14 · 13 edited
Item 5. Market for Registrant's Common Equity+10 / −4 · 3 edited

Item 1. Business

Business — how the company describes what it does

39 edited+4 added−5 removed51 unchanged

2024 filing

2025 filing

Biggest changeFor most organizations, the modern attack surface has expanded to include: • Complex and dynamic multi-cloud environments, which organizations are rapidly adopting even as they face a shortage of cloud security expertise; • Artificial intelligence, or AI, including AI agents, which are programs that autonomously complete tasks to meet established goals; • Identity and access management systems used to control machine identities, application programming interfaces, or APIs, and user privileges, which are vulnerable to misconfigurations that can open up attack pathways within an organization; • An assortment of operational technology, or OT — such as industrial control systems, or ICS, and supervisory control and data acquisition, or SCADA, systems — which is increasingly internet-facing and is often linked to existing IT systems; • Personal devices, including mobile phones and tablets, internet of things, or IoT, devices and other types of “shadow IT” used by employees, often without the knowledge of the IT and security teams; and • Virtual machines, microservices, open-source code repositories, containers and other tools used by DevOps teams.

Biggest changeFor most organizations, the attack surface has expanded to include: • Complex and dynamic hybrid and multi-cloud environments, which organizations are rapidly adopting even as they face a shortage of cloud security expertise; • AI platforms, including agentic AI, the use of which is introducing risk by creating often-invisible security gaps and blind spots; • Human, machine and AI identities, the dramatic rise of which is creating a sense of urgency to improve governance and access controls, and the removal of excessive privileges that can open up attack pathways within an organization; • An assortment of operational technology, or OT, such as industrial control systems, or ICS, and supervisory control and data acquisition, or SCADA systems, which are increasingly at risk due to AI growth velocity — emerging use cases for OT include AI data centers that are being built all around the world; • Personal devices, including mobile phones and tablets, internet of things, or IoT, devices and other types of “shadow IT” and "shadow AI" used by employees, often without the knowledge of the IT and security teams; and • Virtual machines, microservices, open-source code repositories, containers and other tools used by DevOps teams.

We execute marketing programs targeted at new customer acquisition, customer retention and cross-selling and up-selling of products across our platform. 8 Table of Contents Research and Development We continue to invest substantial resources in research and development to enhance our platform offerings by developing new features, functionality, and applications.

We execute marketing programs targeted at new customer acquisition, customer retention and cross-selling and up-selling of products across our platform. Research and Development We continue to invest substantial resources in research and development to enhance our platform offerings by 8 Table of Contents developing new features, functionality, and applications.

These channels be may updated from time to time on our investor relations website. The contents of any website referred to in this Form 10-K are not intended to be incorporated into this Annual Report on Form 10-K or in any other report or document we file with the SEC.

These channels may be updated from time to time on our investor relations website. The contents of any website referred to in this Form 10-K are not intended to be incorporated into this Annual Report on Form 10-K or in any other report or document we file with the SEC.

The complexity of the modern attack surface is a key driver behind the growing need for exposure management programs. Scattered products and siloed views have left organizations struggling to hold back threats across a fragmented attack surface.

The complexity of the attack surface is a key driver behind the growing need for exposure management programs. Scattered products and siloed views have left organizations struggling to hold back threats across a fragmented attack surface.

Our Technology Ecosystem We have partnered and/or integrated with market leading technology companies to pioneer the industry’s first exposure management ecosystem to help organizations build resilient cybersecurity programs. Our ecosystem consists of a variety of third-party data import sources integrated into our platform offerings, as well as export of our data out to third-party IT systems.

Our Technology Ecosystem We have partnered with market leading technology companies to pioneer the industry’s first exposure management ecosystem to help organizations build resilient cybersecurity programs. Our ecosystem consists of a variety of third-party data import sources integrated into our platform offerings, as well as export of our data out to third-party IT systems.

It emphasizes that an inclusive culture fosters employee engagement, fuels innovation and yields outstanding business results. We strive to be a career destination where employees from all backgrounds, regardless of race, gender, ethnicity, sexual orientation or disability, can do their best work.

It emphasizes that an inclusive culture fosters a diversity of opinions, employee engagement, fuels innovation and yields outstanding business results. We strive to be a career destination where employees from all backgrounds, regardless of race, gender, ethnicity, sexual orientation or disability, can do their best work.

Tenable One builds on the speed and breadth of vulnerability coverage from our research team of cybersecurity and data science experts, or Tenable Research, and adds aggregated exposure view analytics, guidance on mitigating attack pathways, centralized asset inventory and patch management that correlates vulnerabilities with remediation actions.

Tenable One builds on the speed and breadth of vulnerability coverage from our long history of data from our research team of cybersecurity and data science experts, or Tenable Research, and adds aggregated exposure view analytics, guidance on mitigating attack pathways, centralized asset inventory and patch management that correlates vulnerabilities with remediation actions.

We strive to 10 Table of Contents be a career destination where employees from all backgrounds are welcome and empowered, are treated with fairness and respect, can make a difference, and have the opportunity to grow. Compensation, Benefits and Talent Development We provide robust compensation and benefits packages to attract and retain our employees.

We strive to be a career destination where employees from all backgrounds feel welcome, are treated with fairness and respect, are empowered to make a difference, and have the opportunity to grow. 10 Table of Contents Compensation, Benefits and Talent Development We provide robust compensation and benefits packages to attract and retain our employees.

Our channel partners include distributors, value-added resellers, system integrators and managed security service providers. Our marketing initiatives cultivate brand awareness and leverage our track record of innovation in exposure management to expand into new markets, such as cloud security.

To accomplish these objectives, we intend to: • Continue to acquire new enterprise platform customers. We believe there is a substantial opportunity to increase adoption of our enterprise platform offerings. We have experienced growth in new enterprise platform customers due to expanded product capabilities and investments in sales and marketing.

To accomplish these objectives, we intend to: • Continue to acquire new enterprise platform customers. We believe there is a substantial opportunity to increase adoption of our exposure management platform. We have experienced growth in new enterprise platform customers due to expanded product capabilities and investments in sales and marketing.

An exposure management program, underpinned by a technology platform such as our Tenable One Exposure Management Platform, or Tenable One, can help address these real-world problems.

An exposure management program, underpinned by a technology platform such as our Tenable One Exposure Management Platform, or Tenable One, can help address these problems.

The platform must include information about configuration issues, vulnerabilities and attack paths across a spectrum of assets and technologies — including cloud configurations and deployments, identity solutions, such as Active Directory, and web applications.

We rely on a combination of trade secrets, copyrights, patents and trademarks, as well as contractual protections, to establish and protect our intellectual property rights and protect our proprietary technology. At December 31, 2024, we had 47 issued patents and 22 patent applications pending in the United States.

We rely on a combination of trade secrets, copyrights, patents and trademarks, as well as contractual protections, to establish and protect our intellectual property rights and protect our proprietary technology. At December 31, 2025, we had 53 issued patents and 22 patent applications pending in the United States.

Engagement and Inclusion Engagement and inclusion at Tenable is a catalyst for cultivating a workplace where every individual's unique strengths contribute to a culture of innovation, belonging and community impact. Our engagement and inclusion mission aligns all initiatives with our Workforce Diversity, Workplace Inclusion and Community Impact pillars to enhance our overall employee value proposition.

Engagement and Inclusion Engagement and inclusion at Tenable is a catalyst for cultivating a workplace where every individual's unique strengths contribute to a culture of innovation, belonging and community impact. Our engagement and inclusion mission aligns all initiatives to our Workforce, Workplace and Community pillars to enhance our overall employee value proposition and propel our success.

Our Enterprise Platform Offerings Tenable One is an AI-powered exposure management platform that gives enterprises a single, unified view of risk across all types of assets and attack pathways. The platform combines broad, industry-leading vulnerability coverage, spanning IT assets, cloud resources, containers, web apps and identity systems.

Human Capital At December 31, 2024, we had 1,872 employees, including 854 employees located outside of the United States. None of our U.S. employees are represented by a labor union or covered by a collective bargaining agreement. Certain international employees are subject to collective bargaining agreements in connection with local labor laws.

Human Capital At December 31, 2025, we had 1,995 employees, including 949 employees located outside of the United States. None of our U.S. employees are represented by a labor union or covered by a collective bargaining agreement. Certain international employees are subject to collective bargaining agreements in connection with local labor laws.

We speak candidly and always do the right thing. • What We Do Matters: The work that we do makes a difference in this world. Our key human capital objectives are to attract, retain, engage, reward and develop our highly talented existing and future employees, while cultivating an inclusive workforce and culture to achieve exceptional business results.

We speak candidly and always do the right thing. • What We Do Matters: The work that we do makes a difference in this world. Our key human capital objectives are to attract, retain, engage, reward and develop our highly-talented existing and future employees, while fostering a culture conducive to achieving exceptional business results.

Existing point tools cannot adequately address the central challenge of modern security: a deeply divided approach to seeing and reducing cyber risk.

Existing point solutions cannot adequately address the central security challenge: a deeply divided approach to seeing and reducing cyber risk.

We also license certain software from third parties for integration into our solutions, including open source software and other software available on commercially reasonable terms. We cannot assure you that such third parties will maintain such software or continue to make it available.

We also license certain software from third parties for integration into our solutions, including open source software 9 Table of Contents and other software available on commercially reasonable terms. We cannot ensure that such third parties will maintain such software or continue to make it available.

Our issued patents expire between 2027 and 2042 and cover our network scanning, monitoring and analysis technologies and 9 Table of Contents additional features of our platform offerings. At December 31, 2024, we had 18 registered trademarks in the United States. We view our copyrights, trade secrets and know-how as a significant component of our intellectual property assets.

Our issued patents expire between 2027 and 2044 and cover our network scanning, monitoring and analysis technologies and additional features of our platform offerings. At December 31, 2025, we had 13 registered trademarks in the United States. We view our copyrights, trade secrets and know-how as a significant component of our intellectual property assets.

Our engineering expertise combines extensive security product development experience with individuals who possess deep cloud and user interface design backgrounds. Our Tenable Research team is staffed by cybersecurity, cloud and data science experts who deliver exposure management intelligence, data science insights, alerts and security advisories.

Our engineering expertise combines extensive security product development experience with individuals who possess expertise in AI, cloud security and user interface design. Our Tenable Research team is staffed by cybersecurity, cloud and data science experts who leverage our long history of data and deliver exposure management intelligence, data science insights, alerts and security advisories.

Furthermore, our data is exported out to enrich third-party IT management and security systems. Our Growth Strategy Our objectives are to expand our market leadership in exposure management and to scale our business by capturing our large market opportunities in cloud, identity and OT, while expanding our operating and free cash flow margins.

Furthermore, our data is exported out to enrich third-party IT management and security systems. Our Growth Strategy Our objectives are to expand our market leadership in exposure management and to scale our business by capturing our large market opportunities with Tenable One, our AI-powered platform, while expanding our operating and free cash flow margins.

Our customers are located in over 170 countries and include organizations of all sizes and span a wide range of industries, including manufacturing, energy and industrials; technology, media and telecommunications; banking, insurance and finance; government, education and non-profit; healthcare; and retail and consumer. At December 31, 2024, we had approximately 44,000 customers.

Our engagement and inclusion mission pillars include: • Workforce Diversity: Attract, retain, and develop talent through strategic partnerships with diversity organizations, targeted branding and inclusive engagement and development opportunities for all employees. • Workplace Inclusion: Cultivate an inclusive workplace where all employees feel they belong and are given the support they need to thrive. • Community Impact: Increase our commitment to supporting the next generation of STEM talent in underrepresented communities.

Our engagement and inclusion mission pillars include: • Workforce: Attract, retain, and develop top talent through partnerships with external organizations, employer branding, and engagement and development opportunities for all employees. • Workplace: Cultivate an inclusive, high-performance workplace where all employees feel they belong and are given the support they need to thrive. • Community: Increase our commitment to supporting the next generation of STEM talent.

We intend to continue to aggressively pursue new domestic and international customers by adding sales capacity and leveraging our network of channel partnerships around the world. • Expand asset coverage within our customer base .

We intend to continue to aggressively pursue new domestic and international customers by strategically investing in sales and marketing and leveraging our network of channel partnerships around the world. • Expand within our customer base .

At December 31, 2024 our customers included approximately 65% of the Fortune 500 and approximately 50% of the Global 2000 and large government agencies. In 2024, 2023 and 2022, no single customer represented more than 2% of our revenue.

At December 31, 2025, we had over 40,000 customers, including approximately 65% of the Fortune 500 and approximately 50% of the Global 2000 and large government agencies. In 2025, 2024 and 2023, no single customer represented more than 2% of our revenue.

We believe we have a significant opportunity to expand our relationships with our existing customers by targeting additional teams, business units or geographies, pursuing 7 Table of Contents broad enterprise deployments and generally expanding our coverage of their network-connected assets and cross-selling new applications and solutions. • Invest in our technology platform .

We believe we have a significant opportunity with Tenable One and AI Security to expand our relationships with our existing customers by targeting additional teams, business units or 7 Table of Contents geographies, pursuing broad enterprise deployments and generally expanding our coverage of their attack surface. • Invest in our technology platform .

We believe an exposure management program can solve three distinct real-world challenges facing cybersecurity professionals and their organizations: • The attack surface isn’t siloed, but security programs often are; • There’s more data than ever, yet it’s difficult for security professionals to analyze cyber risk context and insights to identify true exposures; and • Security professionals and business leaders lack a common risk language to align and mobilize responses.

We believe an exposure management program can solve three distinct challenges facing cybersecurity professionals, including chief information security officers, or CISOs, and their organizations: • The attack surface isn’t siloed, but security programs often are — making organizations ill-prepared to protect against attackers that are traversing from domain to domain (not silo to silo) to find exposures to exploit; • There’s more data than ever, yet it’s difficult for security professionals to analyze cyber risk context and insights to identify true exposures; and • Security professionals and business leaders lack a common risk language to align and mobilize responses.

In addition, we have taken the following actions to enable environmental stewardship: • Implemented recycling in our offices; • Offer biodegradable to-go boxes to reduce food waste; • Have a strict policy for disposing of hardware; and • Use a travel portal that provides detail on our carbon footprint. 11 Table of Contents Tenable and our employees have donated time and money to important environmental causes, such as healthy waterways and other clean-up efforts, recycling, carbon footprint mitigation and protection of threatened wildlife.

Tenable One integrates the following products and tools: • Tenable Vulnerability Management : Our cloud-delivered software-as-a-service, or SaaS, vulnerability management offering provides organizations with a risk-based view of traditional and modern attack surfaces. Tenable Vulnerability Management empowers organizations to know, expose and close their critical vulnerabilities.

It allows organizations to understand and address AI-driven risks before they are exploited, supporting safer adoption of AI. • Tenable Vulnerability Management : Our cloud-delivered software-as-a-service, or SaaS, vulnerability management offering provides organizations with a risk-based view of traditional and modern attack surfaces. Tenable Vulnerability Management empowers organizations to know, expose and close their critical vulnerabilities.

Item 1. Business Overview We are a leading provider of exposure management solutions. Exposure management is the evolution of vulnerability management, advancing risk assessment and prioritization across the entire attack surface – from IT infrastructure to cloud environments to critical infrastructure.

Item 1. Business Overview Tenable is the leading provider of exposure management solutions. Exposure management is an increasingly critical category that extends foundational vulnerability management capabilities to advance risk assessment and prioritization across the entire attack surface – from IT infrastructure and cloud environments to critical infrastructure and artificial intelligence (AI).

We believe this capability is critical to help security executives effectively translate technical information and communicate cybersecurity risk to a non-technical audience, including the C-suite and the board of directors, to enable them to make better strategic decisions on where to focus investment to maximize cybersecurity risk reduction. 6 Table of Contents • Tenable Attack Surface Management : Our solution continuously maps the internet to deliver comprehensive visibility into internet-facing assets, even those security teams don't know about, so they can assess the cybersecurity posture of their entire external attack surface for a more complete picture of where they may be exposed. • Tenable Security Center : Our on-premises vulnerability management offering that provides a risk-based view of an organization’s IT, security and compliance posture so organizations can quickly identify, investigate and prioritize their assets and vulnerabilities based on risk assessment and predictive analytics, and provide insightful remediation guidance. • Tenable OT Security : Our unified security solution for converged OT/IoT environments provides threat detection, asset tracking, vulnerability management, and configuration control capabilities to protect OT environments, including industrial networks.

Users can find and fix existing weaknesses before they are exploited and detect and respond to ongoing attacks in real time without the need to deploy agents or use privileged accounts. • Tenable Web App Scanning : Our easy-to-use, comprehensive and automated Vulnerability Scanning for modern web applications, which allows organizations to quickly configure and manage web app scans, enabling them to identify vulnerabilities and prioritize remediation. 6 Table of Contents • Tenable Attack Surface Management : Our solution continuously maps the internet to deliver comprehensive visibility into internet-facing assets, even those security teams don't know about, so they can assess the cybersecurity posture of their entire external attack surface for a more complete picture of where they may be exposed. • Tenable Security Center : Our on-premises vulnerability management offering that provides a risk-based view of an organization’s IT, security and compliance posture so organizations can quickly identify, investigate and prioritize their assets and vulnerabilities based on risk assessment and predictive analytics, and provide insightful remediation guidance. • Tenable OT Security : Our unified security solution for converged OT/IoT environments provides threat detection, asset tracking, vulnerability management, and configuration control capabilities to protect OT environments, including industrial networks.

Our principal executive offices are located at 6100 Merriweather Drive, Columbia, Maryland 21044. Our telephone number is (410) 872-0555. Our website address is www.tenable.com.

In November 2015, Tenable Network Security, Inc. was merged into a wholly owned subsidiary and in 2017 was renamed as Tenable, Inc. Our principal executive offices are located at 6100 Merriweather Drive, Columbia, Maryland 21044. Our telephone number is (410) 872-0555. Our website address is www.tenable.com.

We are focused on building demand across all segments with a specific emphasis on our enterprise customers and delivering tailored marketing programs for security executives, functional managers, security practitioners, managed service providers and consultants. Our marketing efforts are also designed to establish the Tenable brand as a thought leader and trusted resource of credible educational information and original research.

We are focused on building demand across all segments with a specific emphasis on our enterprise customers and delivering tailored marketing programs for security executives (i.e. CISOs), functional managers, security practitioners, managed service providers and consultants.

We compete with a range of established and emerging cybersecurity software and services vendors, as well as homegrown solutions. With the introduction of new technologies and market entrants, we expect the competitive environment to remain intense going forward.

With the introduction of new technologies and market entrants, we expect the competitive environment to remain intense going forward.

It leverages AI, and machine learning, or ML, rapidly analyzing and interpreting vast data sets to pinpoint priority weaknesses and high-risk attack paths, deliver recommendations and automate routine tasks. The platform also supports ingestion and correlation of third-party security and business data, enabling customers to enrich exposure analysis with contextual signals from across their environment.

At December 31, 2024 and 2023, we had backlog of $33.2 million and $23.4 million, respectively. We expect the majority of the backlog at December 31, 2024 to be invoiced within the following 12 months. Competition The market for cybersecurity solutions is fragmented, intensely competitive and constantly evolving.

At December 31, 2025 and 2024, we had backlog of $159.9 million and $33.2 million, respectively. Competition The market for cybersecurity solutions is fragmented, intensely competitive and constantly evolving. We compete with a range of established and emerging cybersecurity software and services vendors, as well as homegrown solutions.

Corporate Information Tenable Network Security, Inc., our predecessor, was incorporated under the laws of the State of Delaware in 2002. Tenable Holdings, Inc. was incorporated in Delaware in October 2015. In November 2015, Tenable Network Security, Inc. was merged into a wholly owned subsidiary and in 2017 was renamed as Tenable, Inc.

Financial Information and Segments See Note 1 and Note 13 to our consolidated financial statements in this Annual Report on Form 10-K for segment and geographical information. Corporate Information Tenable Network Security, Inc., our predecessor, was incorporated under the laws of the State of Delaware in 2002. Tenable Holdings, Inc. was incorporated in Delaware in October 2015.

Tenable unifies security visibility, insight and action across this attack surface, equipping modern organizations to expose and close the cybersecurity gaps that erode business value, reputation and trust. Organizations are increasingly accelerating their adoption of public and private cloud infrastructure, implementing internet-facing applications and embracing new identity management systems.

Tenable unifies security visibility, insight and action across this attack surface, equipping modern organizations to quickly identify and close the cybersecurity gaps that erode business value, reputation and trust. Business dynamics continue to shift under pressure of geopolitical tensions, talent shortages, the push for greater automation, unrelenting compliance and regulatory pressures, along with the drive to out-innovate and out-pace competitors.

Removed

This rapid digital transformation is dramatically expanding the modern attack surface and introducing new exposures – cyber risks capable of causing liability, loss and irreparable harm.

Added

AI is now a constant undercurrent and is recognized as both a business enabler and a cybersecurity risk.

Removed

Added

Tenable One integrates the following products and tools: • Tenable AI Exposure : Our solution helps organizations identify, assess and reduce security risks associated with the use of artificial intelligence technologies. It provides visibility into AI-related assets, data usage and configurations across enterprise environments, allowing users to detect exposure such as sensitive data leakage, insecure configurations and excessive access.

Removed

We intend to continue to innovate, develop and broaden our exposure and traditional vulnerability management solutions, including expanding the coverage of emerging attack surfaces and asset types and the addition of analytical capabilities, to help our customers measure and manage their cyber exposure.

Added

We intend to innovate to provide our customers with unified visibility, insights and actions in a way that scales with the complexity of the modern attack surface. As we collect and ingest more data from third-party sources, we are also investing in the future of preemptive security, including AI security and remediation. • Explore acquisition opportunities .

Removed

As we collect more data and ingest more data from third-party sources, we believe our data set will become even more valuable over time, which will allow us to continue to develop new analytical products and capabilities to our existing product suite over time. • Explore acquisition opportunities .

Added

Our marketing efforts are also designed to establish the Tenable brand as a thought leader and trusted resource of credible educational information and original research.

Removed

Tenable and our employees have donated time and money to important environmental causes, such as healthy waterways and other clean-up efforts, recycling, carbon footprint mitigation and protection of threatened wildlife. Financial Information and Segments See Note 1 and Note 13 to our consolidated financial statements in this Annual Report on Form 10-K for segment and geographical information.

Item 1A. Risk Factors

Risk Factors — what could go wrong, per management

146 edited+58 added−21 removed317 unchanged

2024 filing

2025 filing

Biggest changeOur current international operations and future initiatives will involve a variety of risks, including: • increased management, infrastructure and legal costs associated with having international operations; • reliance on channel partners; • trade and foreign exchange restrictions, including potential changes in trade relations arising from policy initiatives; • volatility of foreign exchange rates; • economic or political instability in foreign markets, including instability related to the United Kingdom’s recent exit from the European Union and the corresponding impact on its ongoing legal, political, and economic relationship with the European Union and heightened levels of inflation; • greater difficulty in enforcing contracts, accounts receivable collection and longer collection periods; • changes in regulatory requirements, including, but not limited to data privacy, data protection and data security regulations; • difficulties and costs of staffing, managing and potentially reorganizing foreign operations, including increased employee recruitment, training and retention costs related to global employment turnover trends and inflationary pressures in the labor market; • the uncertainty and limitation of protection for intellectual property rights in some countries; • costs of compliance with foreign laws and regulations and the risks and costs of non-compliance with such laws and regulations; • differing labor regulations in foreign jurisdictions where labor laws are generally more advantageous to employees, including deemed hourly wage and overtime regulations in these locations; • costs of compliance with U.S. laws and regulations for foreign operations, including the FCPA, import and export control laws, tariffs imposed by the United States or other governments on our solutions, trade barriers, economic sanctions and other regulatory or contractual limitations on our ability to sell or provide our solutions in certain foreign markets, and the risks and costs of non-compliance; • requirements to comply with foreign privacy, data protection and information security laws and regulations and the risks and costs of noncompliance; • heightened risks of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of, and irregularities in, financial statements; • the potential for political unrest, public health crises such as pandemics or similar outbreaks, acts of terrorism, hostilities or war, including the conflict between Ukraine and Russia, the ongoing conflict in the Middle East and increasing tensions between China and Taiwan; • management communication and integration problems resulting from cultural differences and geographic dispersion; • costs associated with language localization of our solutions; and • costs of compliance with multiple and possibly overlapping tax structures and regimes.

Biggest changeOur current international operations and future initiatives will involve a variety of risks, including: • increased management, infrastructure and legal costs associated with having international operations; • reliance on channel partners; • trade and foreign exchange restrictions, including potential changes in trade relations arising from policy initiatives; 30 Table of Contents • volatility of foreign exchange rates; • global economic trends, competition and geopolitical risks, including evolving impacts from tariffs, sanctions or other trade tensions between the United States and other countries, or disruptions to global markets, cross-border operations, supply chains or workforce availability resulting from events such as a major terrorist attack, war, natural disasters or actual or threatened public health pandemics or other emergencies; • greater difficulty in enforcing contracts, accounts receivable collection and longer collection periods; • changes in regulatory requirements, including, but not limited to data privacy, data protection and data security regulations; • difficulties and costs of staffing, managing and potentially reorganizing foreign operations, including increased employee recruitment, training and retention costs related to global employment turnover trends and inflationary pressures in the labor market; • the uncertainty and limitation of protection for intellectual property rights in some countries; • costs of compliance with foreign laws and regulations and the risks and costs of non-compliance with such laws and regulations; • differing labor regulations in foreign jurisdictions where labor laws are generally more advantageous to employees, including deemed hourly wage and overtime regulations in these locations; • costs of compliance with U.S. laws and regulations for foreign operations, including the FCPA, import and export control laws, tariffs imposed by the United States or other governments on our solutions, trade barriers, economic sanctions and other regulatory or contractual limitations on our ability to sell or provide our solutions in certain foreign markets, and the risks and costs of non-compliance; • requirements to comply with foreign privacy, data protection and information security laws and regulations and the risks and costs of noncompliance; • heightened risks of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of, and irregularities in, financial statements; • management communication and integration problems resulting from cultural differences and geographic dispersion; • costs associated with language localization of our solutions; and • costs of compliance with multiple and possibly overlapping tax structures and regimes.

If any of 12 Table of Contents the following risks or others not specified below materialize, our business, financial condition and results of operations could be materially and adversely affected. Selected Risks Affecting Our Business Our business is subject to a number of risks of which you should be aware before making a decision to invest in our common stock.

If any of the following risks or others not specified below materialize, our business, financial condition and results of operations could be materially and adversely affected. 12 Table of Contents Selected Risks Affecting Our Business Our business is subject to a number of risks of which you should be aware before making a decision to invest in our common stock.

We, our customers, and the third parties upon which we rely are subject to a variety of evolving threats, which are prevalent, continue to rise, and increasingly difficult to detect.

We, our customers, and the third parties upon which we rely are subject to a variety of evolving threats, which are prevalent, continue to rise, and are increasingly difficult to detect.

The use of generative AI processes at scale is relatively new, and may lead to challenges, concerns and risks, including various privacy and security risks that are significant or that we may not be able to predict, especially if our use of these technologies in our products and services becomes more important to our operations over time.

The use of AI technologies, including generative AI processes, at scale is relatively new, and may lead to challenges, concerns and risks, including various privacy and security risks that are significant or that we may not be able to predict, especially if our use of these technologies in our products and services becomes more important to our operations over time.

Our revenue and results of operations have historically varied from period to period, and we expect that they will continue to do so as a result of a number of factors, many of which are outside of our control, including: • the level of demand for our solutions; • the introduction of new products and product enhancements by existing competitors or new entrants into our market, and changes in pricing for solutions offered by us or our competitors; • the rate of renewal of subscriptions, and extent of expansion of assets under such subscriptions, with existing customers; • the mix of customers licensing our products on a subscription basis as compared to a perpetual license; • large customers failing to renew their subscriptions; • the size, timing and terms of our subscription agreements with new customers; • our ability to interoperate our solutions with our customers’ network and security infrastructure, including remote devices; • the timing and growth of our business, in particular through our hiring of new employees and international expansion; • network outages, security breaches, technical difficulties or interruptions with our solutions (including security breaches by our service providers or vendors); • changes in the growth rate of the markets in which we compete; • the length of the license term, amount prepaid and other material terms of subscriptions to our solutions sold during a period; • customers delaying purchasing decisions in anticipation of new developments or enhancements by us or our competitors or otherwise; • changes in customers’ budgets; • seasonal variations related to sales and marketing and other activities, such as expenses related to our customers; • our ability to increase, retain and incentivize the channel partners that market and sell our solutions; • our ability to integrate our solutions with our ecosystem partners’ technology; • our ability to integrate any future acquisitions of businesses; • our brand and reputation; • the timing of our adoption of new or revised accounting pronouncements applicable to public companies and the impact on our results of operations; • our ability to control costs, including our operating expenses, such as personnel costs, third-party cloud infrastructure costs and facilities costs; • our ability to hire, train and maintain our direct sales force; • unforeseen litigation and intellectual property infringement; • fluctuations in our effective tax rate; • general economic and political conditions, both domestically and internationally, as well as economic conditions specifically affecting industries in which our customers operate; and 21 Table of Contents • other events or factors, including those resulting from public health crises such as pandemics or similar outbreaks, war, incidents of terrorism or responses to these events, or an economic recession in the United States or other major markets.

Our revenue and results of operations have historically varied from period to period, and we expect that they will continue to do so as a result of a number of factors, many of which are outside of our control, including: • the level of demand for our solutions; 21 Table of Contents • the introduction of new products and product enhancements by existing competitors or new entrants into our market, and changes in pricing for solutions offered by us or our competitors; • the rate of renewal of subscriptions, and extent of expansion of assets under such subscriptions, with existing customers; • the mix of customers licensing our products on a subscription basis as compared to a perpetual license; • large customers failing to renew their subscriptions; • the size, timing and terms of our subscription agreements with new customers; • our ability to interoperate our solutions with our customers’ network and security infrastructure, including remote devices; • the timing and growth of our business, in particular through our hiring of new employees and international expansion; • network outages, security breaches, technical difficulties or interruptions with our solutions (including security breaches by our service providers or vendors); • changes in the growth rate of the markets in which we compete; • the length of the license term, amount prepaid and other material terms of subscriptions to our solutions sold during a period; • customers delaying purchasing decisions in anticipation of new developments or enhancements by us or our competitors or otherwise; • changes in customers’ budgets; • seasonal variations related to sales and marketing and other activities, such as expenses related to our customers; • our ability to increase, retain and incentivize the channel partners that market and sell our solutions; • our ability to integrate our solutions with our ecosystem partners’ technology; • our ability to integrate any future acquisitions of businesses; • our brand and reputation; • the timing of our adoption of new or revised accounting pronouncements applicable to public companies and the impact on our results of operations; • our ability to control costs, including our operating expenses, such as personnel costs, third-party cloud infrastructure costs and facilities costs; • our ability to hire, train and maintain our direct sales force; • unforeseen litigation and intellectual property infringement; • fluctuations in our effective tax rate; • general economic and political conditions, both domestically and internationally, as well as economic conditions specifically affecting industries in which our customers operate; and • other events or factors, including those resulting from public health crises such as pandemics or similar outbreaks, war, incidents of terrorism or responses to these events, or an economic recession in the United States or other major markets.

If we fail to successfully promote and maintain our brand, or incur substantial expenses, we may fail to attract or retain customers necessary to realize a sufficient return on our brand-building efforts, or to achieve the widespread brand awareness that is critical for broad customer adoption of our solutions.

If we fail to successfully promote and maintain our brand, or if we incur substantial expenses, we may fail to attract or retain customers necessary to realize a sufficient return on our brand-building efforts, or to achieve the widespread brand awareness that is critical for broad customer adoption of our solutions.

In the United States, federal, state, and local governments have enacted numerous data privacy security laws, including data breach notification laws, data privacy laws, consumer protection laws (e.g., Section 5 of the Federal Trade Commission Act), and other similar laws (e.g., wiretapping laws).

In the United States, federal, state, and local governments have enacted numerous data privacy and security laws, including data breach notification laws, data privacy laws, consumer protection laws (e.g., Section 5 of the Federal Trade Commission Act), and other similar laws (e.g., wiretapping laws).

Our ability to generate cash, make scheduled payments or to refinance our debt obligations depends on our successful financial and operating performance, which may be affected by a range of economic, competitive and business factors, many of which are outside of our control and some of which are described elsewhere in the “Risk Factors” section of this report.

Our ability to generate cash, make scheduled payments or refinance our debt obligations depends on our successful financial and operating performance, which may be affected by a range of economic, competitive and business factors, many of which are outside of our control and some of which are described elsewhere in the “Risk Factors” section of this report.

For example, during periods with a relatively strong U.S. dollar, our products are more expensive for existing and prospective international customers, which has impacted, and could in the future impact, the budgets and purchasing decisions of certain of our existing and prospective international customers.

For example, during periods with a relatively strong U.S. dollar, our products are more expensive for existing and prospective international customers, which has impacted, and in the future could impact, the budgets and purchasing decisions of certain of our existing and prospective international customers.

These provisions include: 40 Table of Contents • a classified Board of Directors with three-year staggered terms, which could delay the ability of stockholders to change the membership of a majority of our Board of Directors; • the ability of our Board of Directors to issue shares of preferred stock and to determine the price and other terms of those shares, including preferences and voting rights, without stockholder approval, which could be used to significantly dilute the ownership of a hostile acquirer; • the exclusive right of our Board of Directors to elect a director to fill a vacancy created by the expansion of our Board of Directors or the resignation, death or removal of a director, which prevents stockholders from being able to fill vacancies on our Board of Directors; • a prohibition on stockholder action by written consent, which forces stockholder action to be taken at an annual or special meeting of our stockholders; • the requirement that a special meeting of stockholders may be called only by the chairperson of our Board of Directors, Chief Executive Officer or president (in the absence of a chief executive officer) or a majority vote of our Board of Directors, which could delay the ability of our stockholders to force consideration of a proposal or to take action, including the removal of directors; • the requirement for the affirmative vote of holders of at least 66 2/3% of the voting power of all of the then outstanding shares of the voting stock, voting together as a single class, to amend the provisions of our amended and restated certificate of incorporation relating to the issuance of preferred stock and management of our business or our amended and restated bylaws, which may inhibit the ability of an acquirer to affect such amendments to facilitate an unsolicited takeover attempt; • the ability of our Board of Directors, by majority vote, to amend our amended and restated bylaws, which may allow our Board of Directors to take additional actions to prevent an unsolicited takeover and inhibit the ability of an acquirer to amend our amended and restated bylaws to facilitate an unsolicited takeover attempt; and • advance notice procedures with which stockholders must comply to nominate candidates to our Board of Directors or to propose matters to be acted upon at a stockholders’ meeting, which may discourage or deter a potential acquirer from conducting a solicitation of proxies to elect the acquirer’s own slate of directors or otherwise attempting to obtain control of us.

These provisions include: • a classified Board of Directors with three-year staggered terms, which could delay the ability of stockholders to change the membership of a majority of our Board of Directors; • the ability of our Board of Directors to issue shares of preferred stock and to determine the price and other terms of those shares, including preferences and voting rights, without stockholder approval, which could be used to significantly dilute the ownership of a hostile acquirer; • the exclusive right of our Board of Directors to elect a director to fill a vacancy created by the expansion of our Board of Directors or the resignation, death or removal of a director, which prevents stockholders from being able to fill vacancies on our Board of Directors; • a prohibition on stockholder action by written consent, which forces stockholder action to be taken at an annual or special meeting of our stockholders; • the requirement that a special meeting of stockholders may be called only by the chairperson of our Board of Directors, Chief Executive Officer or president (in the absence of a chief executive officer) or a majority vote of our Board of Directors, which could delay the ability of our stockholders to force consideration of a proposal or to take action, including the removal of directors; • the requirement for the affirmative vote of holders of at least 66 2/3% of the voting power of all of the then outstanding shares of the voting stock, voting together as a single class, to amend the provisions of our amended and restated certificate of incorporation relating to the issuance of preferred stock and management of our business or our amended and restated bylaws, which may inhibit the ability of an acquirer to affect such amendments to facilitate an unsolicited takeover attempt; • the ability of our Board of Directors, by majority vote, to amend our amended and restated bylaws, which may allow our Board of Directors to take additional actions to prevent an unsolicited takeover and inhibit the ability of an acquirer to amend our amended and restated bylaws to facilitate an unsolicited takeover attempt; and 42 Table of Contents • advance notice procedures with which stockholders must comply to nominate candidates to our Board of Directors or to propose matters to be acted upon at a stockholders’ meeting, which may discourage or deter a potential acquirer from conducting a solicitation of proxies to elect the acquirer’s own slate of directors or otherwise attempting to obtain control of us.

Factors that could cause fluctuations in the market price of our common stock include the following: • actual or anticipated changes or fluctuations in our operating results; • the financial projections we may provide to the public, any changes in these projections or our failure to meet these projections; 38 Table of Contents • announcements by us or our competitors of new products or new or terminated significant contracts, commercial relationships or capital commitments; • industry or financial analyst or investor reaction to our press releases, other public announcements and filings with the SEC; • rumors and market speculation involving us or other companies in our industry; • price and volume fluctuations in the overall stock market from time to time; • changes in operating performance and stock market valuations of other technology companies generally, or those in our industry in particular; • failure to comply with the terms of the Credit Agreement; • sales of shares of our common stock by us or our stockholders; • failure of industry or financial analysts to maintain coverage of us, changes in financial estimates by any analysts who follow our company, or our failure to meet these estimates or the expectations of investors; • actual or anticipated developments in our business or our competitors’ businesses or the competitive landscape generally; • litigation involving us, our industry or both, or investigations by regulators into our operations or those of our competitors; • developments or disputes concerning our intellectual property rights or our solutions, or third-party proprietary rights; • announced or completed acquisitions of businesses or technologies by us or our competitors; • new or proposed laws or regulations or new interpretations of existing laws or regulations applicable to our business, including changes to the U.S. corporate income tax rate and capital gains tax rates; • any major changes in our management or our Board of Directors; • general economic conditions and slow or negative growth of our markets; and • other events or factors, including those resulting from public health crises such as pandemics or similar outbreaks, war, incidents of terrorism or responses to these events.

Factors that could cause fluctuations in the market price of our common stock include the following: • actual or anticipated changes or fluctuations in our operating results; • the financial projections we may provide to the public, any changes in these projections or our failure to meet these projections; • announcements by us or our competitors of new products or new or terminated significant contracts, commercial relationships or capital commitments; • industry or financial analyst or investor reaction to our press releases, other public announcements and filings with the SEC; • rumors and market speculation involving us or other companies in our industry; • price and volume fluctuations in the overall stock market from time to time; • changes in operating performance and stock market valuations of other technology companies generally, or those in our industry in particular; • failure to comply with the terms of the Credit Agreement; • sales of shares of our common stock by us or our stockholders; • failure of industry or financial analysts to maintain coverage of us, changes in financial estimates by any analysts who follow our company, or our failure to meet these estimates or the expectations of investors; • actual or anticipated developments in our business or our competitors’ businesses or the competitive landscape generally; • litigation involving us, our industry or both, or investigations by regulators into our operations or those of our competitors; • developments or disputes concerning our intellectual property rights or our solutions, or third-party proprietary rights; • announced or completed acquisitions of businesses or technologies by us or our competitors; 40 Table of Contents • new or proposed laws or regulations or new interpretations of existing laws or regulations applicable to our business, including changes to the U.S. corporate income tax rate and capital gains tax rates; • any major changes in our management or our Board of Directors; • general economic conditions and slow or negative growth of our markets; and • other events or factors, including those resulting from public health crises such as pandemics or similar outbreaks, war, incidents of terrorism or responses to these events.

Additionally, if we do not have adequate rights to utilize the data or other materials and content that our AI technologies depend on, we may face legal consequences for violating applicable laws, third-party intellectual property, privacy or other rights, or contracts to which we are a party.

If we do not have adequate rights to utilize the data or other materials and content that our AI technologies depend on, we may face legal consequences for violating applicable laws, third-party intellectual property, privacy or other rights, or contracts to which we are a party.

Any success that we may experience in the future will depend in large part on our ability to, among other things: • maintain and expand our customer base; • increase revenue from existing customers through increased or broader use of our offerings within their organizations; • improve the performance and capabilities of our offerings through research and development or the integration of acquired products and capabilities; • continue to develop and expand our enterprise platform; • maintain or increase the rate at which customers purchase and renew subscriptions to our enterprise platform offerings; • continue to successfully expand our business domestically and internationally; and • successfully compete with other companies.

Any success that we may experience in the future will depend in large part on our ability to, among other things: 15 Table of Contents • maintain and expand our customer base; • increase revenue from existing customers through increased or broader use of our offerings within their organizations; • improve the performance and capabilities of our offerings through research and development or the integration of acquired products and capabilities; • continue to develop and expand our enterprise platform; • maintain or increase the rate at which customers purchase and renew subscriptions to our enterprise platform offerings; • continue to successfully expand our business domestically and internationally; and • successfully compete with other companies.

In addition, our industry is evolving rapidly and is becoming increasingly competitive. Companies that are larger and more established than us are focusing on cybersecurity and could directly compete with us. For example, Microsoft has a vulnerability management offering and has continued to acquire security solutions for their cybersecurity platform.

Canada's Personal Information Protection and Electronic Documents Act, or PIPEDA, and various related provincial laws, Canada's Anti-Spam Legislation, or CASL, and Brazil's General Data Protection Law (Law No. 13,709/2018), or Lei Geral de Proteção de Dados Pessaois, or LGPD, may apply to our operations.

These threats include but are not limited to: social-engineering attacks (including through deep fakes, which may be increasingly more difficult to identify as fake, and phishing attacks); credential harvesting; malicious code (such as viruses and worms); malware (including as a result of advanced persistent threat intrusions); denial-of-service attacks, credential stuffing; insider threats (including due to personnel misconduct, error or malicious activity); ransomware attacks; supply-chain attacks; software bugs; server malfunctions; software or hardware failures; loss of data or other information technology assets; adware; telecommunications failures; attacks enhanced or facilitated by artificial intelligence and other similar threats.

These threats include but are not limited to: social-engineering attacks (including through deep fakes, which may be increasingly more difficult to identify as fake, and phishing attacks); credential harvesting; malicious code (such as viruses, worms, and, increasingly, code injection in open source software); malware (including as a result of advanced persistent threat intrusions); denial-of-service attacks, credential stuffing; insider threats (including due to personnel misconduct, error or malicious activity); ransomware attacks; supply-chain attacks; software bugs; server malfunctions; software or hardware failures; loss of data or other information technology assets; adware; telecommunications failures; attacks enhanced or facilitated by artificial intelligence and other similar threats.

The CCPA applies to personal data of consumers, business representatives and employees who are California residents and provides for fines for noncompliance (up to $7,500 per intentional violations. Further, the CCPA allows private litigants affected by certain data breaches to recover significant statutory damages.

The CCPA applies to personal data of consumers, business representatives and employees who are California residents and provides for fines for noncompliance (up to $7,500 per intentional violation). Further, the CCPA allows private litigants affected by certain data breaches to recover significant statutory damages.

Our new offerings or enhancements and changes to our existing offerings could fail to attain sufficient market acceptance for many reasons, including: • failure to predict market demand accurately, including changes in demand as a result of macroeconomic trends, in terms of functionality and to supply offerings that meets this demand in a timely fashion; 27 Table of Contents • defects, errors or failures; • negative publicity about their performance or effectiveness; • delays in releasing our new offerings or enhancements to our existing offerings to the market; • introduction or anticipated introduction of competing products by our competitors; • poor business conditions for our customers, including as a result of difficult macroeconomic conditions, causing them to delay or forgo IT purchases; and • reluctance of customers to purchase cloud-based offerings.

Our new offerings or enhancements and changes to our existing offerings could fail to attain sufficient market acceptance for many reasons, including: • failure to predict market demand accurately, including changes in demand as a result of macroeconomic trends, in terms of functionality and to supply offerings that meet this demand in a timely fashion; • defects, errors or failures; • negative publicity about their performance or effectiveness; • delays in releasing our new offerings or enhancements to our existing offerings to the market; • introduction or anticipated introduction of competing products by our competitors; • poor business conditions for our customers, including as a result of difficult macroeconomic conditions, causing them to delay or forgo IT purchases; and 29 Table of Contents • reluctance of customers to purchase cloud-based offerings.

If we are unable to conclude that our internal control over financial reporting is effective, or if our independent registered public accounting firm determines we have a material weakness or significant deficiency in our internal control over financial reporting, we could lose investor 44 Table of Contents confidence in the accuracy and completeness of our financial reports, the market price of our common stock could decline, and we could be subject to sanctions or investigations by the Nasdaq, the SEC or other regulatory authorities.

If we are unable to conclude that our internal control over financial reporting is effective, or if our independent registered public accounting firm determines we have a material weakness or significant deficiency in our internal control over financial reporting, we could lose investor confidence in the accuracy and completeness of our financial reports, the market price of our common stock could decline, and we could be subject to sanctions or investigations by the Nasdaq, the SEC or other regulatory authorities.

In addition, new EU and UK regulations or legislative actions regarding data privacy and security (together with applicable industry standards) may be proposed or enacted, such as the EU's Digital Operational Resilience Act and its second Network and Information Security Directive, which may increase our costs of doing business, and non-compliance with such laws and regulations, as applicable to us, may lead to significant administrative fines.

Similar rules may apply under state and foreign tax laws. Based upon an analysis at December 31, 2024, we do not expect these limitations to materially impair our ability to use our NOLs and other tax assets prior to expiration.

Similar rules may apply under state and foreign tax laws. Based upon an analysis at December 31, 2025, we do not expect these limitations to materially impair our ability to use our NOLs and other tax assets prior to expiration.

If we fail to maintain compatibility of our cloud platform and our other solutions with our customers’ network and security infrastructures, including for remote devices, our customers may not be able to fully utilize our solutions, and we may, among other consequences, lose or fail to increase our market share and experience reduced demand for our services, which would materially harm our business, operating results and financial condition.

If we fail to maintain compatibility of our cloud platform and our other solutions with our customers’ network and security infrastructures, including for remote devices, our customers may not be able to fully 16 Table of Contents utilize our solutions, and we may, among other consequences, lose or fail to increase our market share and experience reduced demand for our services, which would materially harm our business, operating results and financial condition.

Our failure to comply with any of the covenants could result in a default under the Credit Agreement, which could permit the administrative agent or the lenders to cause the administrative agent to declare all or part of any of our outstanding senior secured term loans or revolving loans to be immediately due and payable or to exercise any remedies provided to the administrative agent, including, proceeding against the collateral granted to secure our obligations under the Credit Agreement.

Our failure to comply with any of the covenants could result in a default under the Credit Agreement, which could permit the administrative agent or the lenders to cause the administrative agent to declare all or part of any of our outstanding senior secured term loans or revolving loans to be immediately due and payable or to exercise any remedies 34 Table of Contents provided to the administrative agent, including, proceeding against the collateral granted to secure our obligations under the Credit Agreement.

In addition, our failure to recruit additional channel partners, or any reduction or delay in their sales of our solutions and professional services, including as 25 Table of Contents a result of economic uncertainty, legal or regulatory actions, such as government investigations or law enforcement activities, impacting their business, or conflicts between channel sales and our direct sales and marketing activities may harm our results of operations.

In addition, our failure to recruit additional channel partners, or any reduction or delay in their sales of our solutions and professional services, including as a result of economic uncertainty, legal or regulatory actions, such as government investigations or law enforcement activities, impacting their business, or conflicts between channel sales and our direct sales and marketing activities may harm our results of operations.

If we do not succeed in attracting well-qualified employees, retaining and motivating existing employees or maintaining our corporate culture in a hybrid or remote work environment, our business would be adversely affected.

We also rely on third-party service providers to provide other products, services, or otherwise, to operate our business and elements of our infrastructure, including endpoints. Our ability to monitor these third parties' information security practices is limited, and these third parties may not have adequate information security measures in place.

We also rely on third-party service providers to provide other products, services, or otherwise, to operate our business and elements of our infrastructure, including endpoints. Our ability to monitor these third parties' information security practices is limited, and these third 17 Table of Contents parties may not have adequate information security measures in place.

Even if such an incident is unrelated to our security practices, it could result in our incurring significant economic and operational costs in investigating, remediating, and implementing additional measures to further protect our customers from their own vulnerabilities. 19 Table of Contents The reliability and continuous availability of our solutions is critical to our success.

Even if such an incident is unrelated to our security practices, it could result in our incurring significant economic and operational costs in investigating, remediating, and implementing additional measures to further protect our customers from their own vulnerabilities. The reliability and continuous availability of our solutions is critical to our success.

If we do not help our customers quickly resolve issues and provide effective ongoing support, our ability to sell new software to existing and new customers would suffer and our reputation with existing or potential customers would be harmed. Our growth depends in part on the success of our strategic relationships with third parties.

If we do not help our customers quickly resolve issues and provide effective ongoing support, our ability to sell new software to existing and new customers would suffer and our reputation with existing or potential customers would be harmed. 31 Table of Contents Our growth depends in part on the success of our strategic relationships with third parties.

If we do not continue to innovate and offer solutions that address the dynamic cybersecurity landscape, we may not remain competitive. The market for cybersecurity solutions is fragmented, intensely competitive and constantly evolving. We compete with a range of established and emerging cybersecurity software and services vendors, as well as homegrown solutions.

We face intense competition. If we do not continue to innovate and offer solutions that address the dynamic cybersecurity landscape, we may not remain competitive. The market for cybersecurity solutions is fragmented, intensely competitive and constantly evolving. We compete with a range of established and emerging cybersecurity software and services vendors, as well as homegrown solutions.

For example, we have been the target of unsuccessful phishing attempts in the past and we expect 18 Table of Contents such attempts will continue in the future. A security incident or other interruption could disrupt our ability (and that of third parties upon whom we rely) to provide our solutions.

For example, we have been the target of unsuccessful phishing attempts in the past and we expect such attempts will continue in the future. A security incident or other interruption could disrupt our ability (and that of third parties upon whom we rely) to provide our solutions.

Any determination to pay dividends in the future will be at the discretion of our Board of Directors. Accordingly, investors must rely on sales of their common stock after price appreciation, which may never occur, as the only way to realize any future gains on their investments.

Any determination to pay dividends in the future will be at the 41 Table of Contents discretion of our Board of Directors. Accordingly, investors must rely on sales of their common stock after price appreciation, which may never occur, as the only way to realize any future gains on their investments.

Additionally, we may encounter unforeseen operating expenses, difficulties, complications, delays and other unknown factors that may result in losses in future periods. If our revenue growth does not meet our expectations in future periods, our financial performance may be harmed, and we may not achieve or maintain profitability in the future. We face intense competition.

Any 42 Table of Contents change in export or import laws and regulations or economic or trade sanctions, shift in the enforcement or scope of existing laws and regulations, or change in the countries, governments, persons or technologies targeted by such laws and regulations could also result in decreased use of our products, or in our decreased ability to export or sell our products to existing or potential customers.

Any change in export or import laws and regulations or economic or trade sanctions, shift in the enforcement or scope of existing laws and regulations, or change in the countries, governments, persons or technologies targeted by such laws and regulations could also result in decreased use of our products, or in our decreased ability to export or sell our products to existing or potential customers.

If our partners choose to 30 Table of Contents place greater emphasis on products of their own or those offered by our competitors or do not effectively market and sell our product, our ability to grow our business and sell software and professional services may be adversely affected.

If our partners choose to place greater emphasis on products of their own or those offered by our competitors or do not effectively market and sell our product, our ability to grow our business and sell software and professional services may be adversely affected.

While we have experienced significant revenue growth in recent periods, we are not certain whether or when we will obtain a high enough volume of sales of our offerings to sustain or increase our growth or achieve or maintain profitability 13 Table of Contents in the future.

Remote work and use of remote devices has increased risks to our information technology systems and data, as more of our personnel utilize network connections, computers and devices outside of our premises or network, including 17 Table of Contents working at home, while in transit and in public locations.

Remote work and use of remote devices has increased risks to our information technology systems and data, as more of our personnel utilize network connections, computers and devices outside of our premises or network, including working at home, while in transit and in public locations.

Historically, some of our customers have elected not to renew their 15 Table of Contents subscriptions with us for a variety of reasons, including as a result of changes in their strategic IT priorities, budgets, costs and, in some instances, due to competing solutions.

Historically, some of our customers have elected not to renew their subscriptions with us for a variety of reasons, including as a result of changes in their strategic IT priorities, budgets, costs and, in some instances, due to competing solutions.

The timing of sales of our offerings is difficult to forecast because of the length and unpredictability of our sales cycle, particularly with large enterprises and with respect to certain of our solutions.

Our sales cycle is long and unpredictable. The timing of sales of our offerings is difficult to forecast because of the length and unpredictability of our sales cycle, particularly with large enterprises and with respect to certain of our solutions.

The global economy, including credit and financial markets, recently experienced extreme volatility and disruptions, including severely diminished liquidity and credit availability, declines in consumer confidence, declines in economic growth, increases in unemployment rates, inflation, interest rate fluctuations and uncertainty about economic stability.

If our customers do not maintain or renew their subscriptions or renew on less favorable terms, or if we are unable to expand our customers’ use of our software, our business, results of operations, and financial condition may be harmed.

Use and distribution of open source software may entail greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or other contractual protections regarding infringement claims or the quality of the code.

We cannot assure that our expansion efforts into international markets will be successful in creating further demand for our solutions and professional services outside of the United States or in effectively selling our solutions and professional services in the 28 Table of Contents international markets that we enter.

We may not be able to refinance our debt, or any refinancing of our debt could be at higher interest rates and may require us to comply with more restrictive covenants that could further restrict our business 32 Table of Contents operations.

While the Delaware courts have determined that such choice of forum provisions are facially valid, a stockholder may nevertheless seek to bring a claim in a venue other than those designated in the exclusive forum 41 Table of Contents provisions.

In addition, as a result of an amendment to our Credit Agreement, certain of the variable rate 33 Table of Contents indebtedness extended to us uses the Secured Overnight Financing Rate, or SOFR, as a benchmark for establishing the interest rate.

In addition, as a result of an amendment to our Credit Agreement, certain of the variable rate indebtedness extended to us uses the Secured Overnight Financing Rate, or SOFR, as a benchmark for establishing the interest rate.

For example, our agreement with Ingram Micro allows Ingram Micro to terminate the agreement in their discretion upon 30 days’ written notice to us.

For example, our agreement with Ingram Micro allows Ingram Micro to terminate the agreement at their discretion upon 30 days’ written notice to us.

For example, AI algorithms use machine learning and predictive analytics which may be insufficient or of 20 Table of Contents poor quality and reflect inherent biases and could lead to flawed, biased, and inaccurate results.

For example, AI algorithms use machine learning and predictive analytics which may be insufficient or of poor quality and reflect inherent biases and could lead to flawed, biased, and inaccurate results.

In addition to data privacy and security laws, we are contractually subject to industry standards adopted by industry groups and may become subject to such obligations in the future. Furthermore, we are bound by other contractual 24 Table of Contents obligations relating to data privacy and security, and our efforts to comply with such obligations may not be successful.

In addition to data privacy and security laws, we are contractually subject to industry standards adopted by industry groups and may become subject to such obligations in the future. Furthermore, we are bound by other contractual obligations relating to data privacy and security, and our efforts to comply with such obligations may not be successful.

In 2024, 2023 and 2022, we derived 94%, 93% and 92%, respectively, of our revenue from sales through channel partners, and the percentage of revenue derived from channel partners may continue to increase in future periods.

In 2025, 2024 and 2023, we derived 94%, 94% and 93%, respectively, of our revenue from sales through channel partners, and the percentage of revenue derived from channel partners may continue to increase in future periods.

We sell our solutions primarily to IT departments that are managing a growing set of user and compliance demands, which has increased the complexity of customer requirements to be met and confirmed during the sales cycle and prolonged our sales cycle.

We sell our solutions primarily to IT departments that are managing a growing set of user and compliance demands, including with respect to AI, which has increased the complexity of customer requirements to be met and confirmed during the sales cycle and prolonged our sales cycle.

Further, as a U.S. government contractor, we are subject to an increased risk of investigations, criminal prosecution, civil fraud, whistleblower lawsuits and other legal actions and liabilities as compared to solely private sector commercial companies.

Further, as a U.S. government contractor, 28 Table of Contents we are subject to an increased risk of investigations, criminal prosecution, civil fraud claims, whistleblower lawsuits and other legal actions and liabilities as compared to solely private sector commercial companies.

Such changes to existing standards or requirements or changes in their interpretation may have an adverse effect on our reputation, business, financial position and profit, or cause an adverse deviation from our revenue and operating profit target, which may negatively impact our financial results.

Such 35 Table of Contents changes to existing standards or requirements or changes in their interpretation may have an adverse effect on our reputation, business, financial position and profit, or cause an adverse deviation from our revenue and operating profit target, which may negatively impact our financial results.

We market and sell our solutions and professional services throughout the world and have personnel in many parts of the world. International operations generated 46% and 45% of our revenue in 2024 and 2023, respectively. Our growth strategy is dependent, in part, on our continued international expansion.

We market and sell our solutions and professional services throughout the world and have personnel in many parts of the world. International operations generated 47% and 46% of our revenue in 2025 and 2024, respectively. Our growth strategy is dependent, in part, on our continued international expansion.

We must be able to interoperate and provide our security offerings to customers with highly complex and customized networks, including remote devices, which requires 16 Table of Contents careful planning and execution between our customers, our customer support teams and our channel partners.

We must be able to interoperate and provide our security offerings to customers with highly complex and customized networks, including remote devices, which requires careful planning and execution between our customers, our customer support teams and our channel partners.

These claims could also subject us to making substantial payments for legal fees, settlement payments, and other costs or damages, potentially including treble 37 Table of Contents damages if we are found to have willfully infringed patents or copyrights.

These claims could also subject us to making substantial payments for legal fees, settlement payments, and other costs or damages, potentially including treble damages if we are found to have willfully infringed patents or copyrights.

We sell directly and indirectly, via third-party representatives, to both private and government sectors in the United States and in other jurisdictions. Our employees and third-party representatives interact with these customers, which may include government officials.

We sell directly and indirectly, via third-party representatives, to both private and government sectors in the United States and in 43 Table of Contents other jurisdictions. Our employees and third-party representatives interact with these customers, which may include government officials.

Developing new solutions and product enhancements is uncertain, 14 Table of Contents expensive and time-consuming, and there is no assurance that such activities will result in significant cost savings, revenue or other expected benefits.

Developing new solutions and product enhancements is uncertain, expensive and time-consuming, and there is no assurance that such activities will result in significant cost savings, revenue or other expected benefits.

If we or the third parties upon which we rely fail, or are perceived to have failed, to address or comply with applicable data privacy and security obligations, we could face significant consequences.

If we or the third parties upon which we rely fail, or are perceived to have failed, to address or comply with applicable data privacy and security obligations, we 26 Table of Contents could face significant consequences.

Selling licenses to these entities can be highly competitive, expensive and time-consuming, often requiring significant upfront time and expense without any assurance that we will successfully complete a sale.

Selling licenses to these entities can be highly competitive, expensive and time-consuming, often requiring significant upfront time and expense without 27 Table of Contents any assurance that we will successfully complete a sale.

The technologies underpinning these features are in the early stages of commercial use and exist in an emerging regulatory environment, which presents regulatory, litigation, ethical, reputational, operational and financial risks.

The technologies underpinning these features are in the early stages of commercial use and exist in an emerging regulatory environment with heightened regulatory scrutiny, which presents regulatory, litigation, ethical, safety, reputational, operational and financial risks.

If we do not continue to innovate and offer solutions that address the dynamic cybersecurity landscape, we may not remain competitive. • We may not be able to sustain our revenue growth rate in the future. • We may not be able to continue to scale our business quickly enough to meet our customers’ growing needs. • Our brand, reputation and ability to attract, retain and serve our customers are dependent in part upon the reliability and accuracy of our data, solutions, infrastructure and those of third parties upon which we rely.

If we do not continue to innovate and offer solutions that address the dynamic cybersecurity landscape, we may not remain competitive. • We may not be able to sustain our revenue growth rate in the future. • Our brand, reputation and ability to attract, retain and serve our customers are dependent in part upon the reliability and accuracy of our data, solutions, infrastructure and those of third parties upon which we rely.

We also expect our costs to increase in future periods, which could negatively affect our future operating results if our revenue does not increase at a greater rate.

We also expect our costs to increase in future periods, which could negatively affect our future operating 13 Table of Contents results if our revenue does not increase at a greater rate.

With the introduction of new technologies and market entrants, we expect the competitive environment to remain intense going forward.

With the introduction of new technologies and market entrants, we expect the competitive environment to remain intense going 14 Table of Contents forward.

Risks Related to Our Business and Industry We have a history of losses and may not achieve or maintain profitability in the future. We have historically incurred net losses, including net losses of $36.3 million, $78.3 million and $92.2 million in 2024, 2023 and 2022, respectively. At December 31, 2024, we had an accumulated deficit of $861.3 million.

Risks Related to Our Business and Industry We have a history of losses and may not achieve or maintain profitability in the future. We have historically incurred net losses, including net losses of $36.1 million, $36.3 million and $78.3 million in 2025, 2024 and 2023, respectively. At December 31, 2025, we had an accumulated deficit of $897.5 million.

At December 31, 2024, we had 47 issued patents and 22 patent applications pending in the United States relating to our technology.

At December 31, 2025, we had 53 issued patents and 22 patent applications pending in the United States relating to our technology.

Any unforeseen liability that is greater than these warranty and indemnity limitations could have a negative impact on our financial condition. 31 Table of Contents In addition, Vulcan Cyber, Eureka and Ermetic and other companies we have acquired principally operate in Israel and the Regional conflict in the Middle East may also have the effect of heightening the risks identified above.

Any unforeseen liability that is greater than these warranty and indemnity limitations could have a negative impact on our financial condition. In addition, companies we have recently acquired principally operate in Israel and the regional conflict in the Middle East may also have the effect of heightening the risks identified above.

AI in our products and services may be difficult to deploy successfully due to operational issues inherent to the nature of such technologies, including the development, maintenance and operation of deep learning datasets.

AI in our products and services may be complex to deploy successfully due to operational issues inherent to the nature of such technologies, including the availability, development, maintenance and operation of deep learning datasets and third-party dependencies.

Governments have passed and are likely to pass additional laws regulating generative AI. Our use of this technology could result in additional compliance costs, regulatory investigations and actions, and lawsuits. If we are unable to use generative AI, it could make our business less efficient and result in competitive disadvantages.

Our use of this technology could result in additional compliance costs, regulatory investigations and actions, and lawsuits. If we are unable to use generative AI, it could make our business less efficient and result in competitive disadvantages.

For all of these reasons, we may not be able to compete successfully against our current or future competitors. We may not be able to sustain our revenue growth rate in the future. From 2023 to 2024, our revenue grew from $798.7 million to $900.0 million, representing year over year growth of 13%.

For all of these reasons, we may not be able to compete successfully against our current or future competitors. We may not be able to sustain our revenue growth rate in the future. From 2024 to 2025, our revenue grew from $900.0 million to $999.4 million, representing year over year growth of 11%.

The share repurchase program could affect the price of our common stock, increase volatility, and diminish our cash reserves, and we may fail to realize the anticipated long-term stockholder value. Additionally, the Inflation Reduction Act of 2022, enacted on August 16, 2022, imposes a one-percent non-deductible excise tax on repurchases of stock that are made by U.S. publicly traded corporations.

The share repurchase program could affect the price of our common stock, increase volatility, and diminish our cash reserves, and we may fail to realize the anticipated long-term stockholder value. Additionally, there is a one-percent non-deductible excise tax on net repurchases of stock that are made by U.S. publicly traded corporations.

Certain foreign jurisdictions have annual limitations on the use of NOLs. In addition, under the provisions of the Internal Revenue Code of 1986, as amended, or the Internal Revenue Code, changes in our ownership may limit the amount of pre-change NOLs that can be utilized annually in the future to offset taxable income.

In addition, under the provisions of the Internal Revenue Code of 1986, as amended, or the Internal Revenue Code, changes in our ownership may limit the amount of pre-change NOLs that can be utilized annually in the future to offset taxable income.

We expect that seasonality will continue to affect our operating results in the future and may reduce our ability to predict cash flow and optimize the timing of our operating expenses. We must maintain and enhance our brand.

We expect that seasonality will continue to affect 22 Table of Contents our operating results in the future and may reduce our ability to predict cash flow and optimize the timing of our operating expenses.

For example, in recent years the high rates of inflation, high interest rates and concerns about an economic recession in the United States or other major markets resulted in widespread unemployment, economic slowdown and extreme volatility in the capital markets. In 2022 and 2023, the Federal Reserve raised interest rates multiple times in response to concerns about inflation.

Interruptions in our systems or the third-party systems on which we rely, particularly AWS, whether due to system failures, computer viruses or cyber threats, physical or electronic break-ins or other factors, could affect the security or availability of our solutions, network infrastructure and website.

For example, Tenable One is hosted on AWS which provides us with computing and storage capacity. Interruptions in our systems or the third-party systems on which we rely, particularly AWS, whether due to system failures, computer viruses or cyber threats, physical or electronic break-ins or other factors, could affect the security or availability of our solutions, network infrastructure and website.

We cannot be sure that the expansion and improvements to our infrastructure and systems will be fully or effectively implemented on a timely basis, if at all. These efforts may reduce revenue and our margins and adversely impact our financial results. Catastrophic events may disrupt our business. Our corporate headquarters are located in Columbia, Maryland.

Following an acquisition, we may be subject to unforeseen liabilities arising from an acquired company’s past or present operations and these liabilities may be greater than the warranty and indemnity limitations that we negotiate.

In addition, we may only be able to conduct limited due diligence on an acquired company’s operations. Following an acquisition, we may be subject to unforeseen liabilities arising from an acquired company’s past or present operations and these liabilities may be greater than the warranty and indemnity limitations that we negotiate.

Catastrophic events may disrupt our business. Our corporate headquarters are located in Columbia, Maryland. The area around Washington, D.C. could be subject to terrorist attacks. Additionally, we rely on our network and third-party infrastructure and enterprise applications, internal technology systems and our website for our development, marketing, operational support, hosted services and sales activities.

The area around Washington, D.C. could be subject to terrorist attacks. Additionally, we rely on our network and third-party infrastructure and enterprise applications, internal technology systems and our website for our development, marketing, operational support, hosted services and sales activities.

We may be subject to intellectual property rights claims by third parties, which are extremely costly to defend, could require us to pay significant damages and could limit our ability to use certain technologies.

Our failure to secure, protect and enforce our intellectual property rights could seriously adversely affect our brand and adversely impact our business. We may be subject to intellectual property rights claims by third parties, which are extremely costly to defend, could require us to pay significant damages and could limit our ability to use certain technologies.

On November 27, 2023, we announced that our Board of Directors authorized a share repurchase program of up to $100 million of shares of our outstanding common stock. In October 2024, our Board of Directors increased the repurchase authorization by $200 million.

On November 27, 2023, we announced that our Board of Directors authorized a share repurchase program of up to $100 million of shares of our outstanding common stock.

We are monitoring minimum revenue threshold requirements and developments and evaluating the potential impacts of these rules, including on our effective tax rates and considering our eligibility to qualify for the available safe harbor rules.

We are monitoring developments and evaluating the potential impacts of these rules, including on our effective tax rates and considering our eligibility to qualify for the available safe harbor rules (including under the proposed "side-by-side" arrangement).

… 145 more changes not shown on this page.

Item 1C. Cybersecurity

Cybersecurity — threats and controls disclosure

13 edited+0 added−1 removed9 unchanged

2024 filing

2025 filing

Biggest changeThe Cybersecurity Committee consists of directors with cybersecurity and other expertise including risk management, technology and finance. The Cybersecurity Committee assists the Audit Committee and the Board in overseeing Tenable’s overall process of risk assessment and enterprise risk management. Our CSO is responsible for implementing and maintaining our cybersecurity risk assessment and management processes.

Biggest changeThe Cybersecurity Committee consists of directors with cybersecurity and other expertise including risk management, technology and finance. Our CSO is responsible for implementing and maintaining our cybersecurity risk assessment and management processes.

These methods include conducting vulnerability assessments and threat assessments in certain environments for internal and external threats, scanning certain threat environments, analyzing certain reports of threats and actors, conducting internal audits for certain systems, evaluating our and our industry’s risk profile, coordinating with law enforcement concerning select threats, and engaging with third-party service providers to conduct external audits, threat assessments for certain systems, provide intelligence feeds, and conduct red/blue team testing and tabletop incident response exercises.

These methods include conducting vulnerability assessments and threat assessments in certain environments for internal and external threats, scanning certain environments, analyzing certain reports of threats and actors, conducting internal audits for certain systems, evaluating our and our industry’s risk profile, coordinating with law enforcement concerning select threats, and engaging with third-party service providers to conduct external audits, threat assessments for certain systems, provide intelligence feeds, and conduct red/blue team testing and tabletop incident response exercises.

Our senior management evaluates material risks from cybersecurity threats against our overall business objectives and reports to the Cybersecurity Risk Management Committee, or Cybersecurity Committee, of the Board of Directors, or Board.

See Risk Factors in this Annual Report on Form 10-K for a description of the risks from cybersecurity threats that may materially affect us and how they may do so. Governance Our Board addresses cybersecurity risk management as part of its general oversight function.

See Risk Factors in this Annual Report on Form 10-K for a description of the risks from cybersecurity threats that may materially affect us and how they may do so. Governance Our Board of Directors addresses cybersecurity risk management as part of its general oversight function.

This includes maintaining an incident response plan, vulnerability management policy, and disaster recovery and business continuity plans, conducting risk assessments for certain environments, implementing certain security standards and certifications for certain products and systems, encrypting certain data in transit and at rest, controlling data access in certain environments, using multiple security controls in certain environments, segregating certain data, monitoring certain systems, performing regular security assessments for certain systems, training employees, maintaining cybersecurity insurance, maintaining dedicated cybersecurity staff, and conducting internal and external penetration tests.

This includes maintaining an incident response plan, exposure management policy, and disaster recovery and business continuity plans, conducting risk assessments for certain environments, implementing certain security standards and certifications for certain products and systems, encrypting certain data in transit and at rest, controlling data access in certain environments, using multiple security controls in certain environments, segregating certain data, monitoring certain systems, performing regular security assessments for certain systems, training employees, maintaining cybersecurity insurance, maintaining dedicated cybersecurity staff, and conducting internal and external penetration tests.

Our incident response plan is designed to escalate certain cybersecurity incidents to members of management depending on the circumstances, including reporting to the Cybersecurity Committee and the Board for certain cybersecurity incidents.

Our CSO has over 25 years of experience in cybersecurity, including serving as a chief security and strategy officer at another company as well as serving over 20 years conducting offensive and defensive cyber operations within the intelligence community and US Cyber Command.

We evaluate the risks associated with third parties before engagement and maintain ongoing monitoring of such third parties designed to ensure compliance with our security standards. This includes security questionnaires and 45 Table of Contents assessments, as well as external attack surface management.

We evaluate the risks associated with third parties before engagement and maintain ongoing monitoring of such third parties designed to ensure compliance with our security standards. This includes security questionnaires and assessments, as well as external attack surface management.

Item 1C. Cybersecurity Tenable recognizes the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data and our exposure management solutions.

Item 1C. Cybersecurity We recognize the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data and our exposure management solutions.

Our Information Security function is overseen by our Chief Security Officer, or CSO, and is supported by our Chief Information Officer, Chief Product Officer and Product Engineering Team Leads, Chief Legal Officer, or CLO, and Head of Global Privacy.

Our CSO is also responsible for implementing and overseeing processes for regularly monitoring our information systems and data, including the conducting of periodic audits of certain systems to identify potential vulnerabilities.

The Cybersecurity Committee is tasked with assisting the Board in fulfilling its oversight responsibility for our cybersecurity risk management processes, including oversight and mitigation of risks from cybersecurity threats. The Cybersecurity Committee bears the primary responsibility for oversight of the management of risks related to the Company’s information technology use and protection, cybersecurity, and product security.

The Cybersecurity Committee assists with fulfilling this oversight responsibility for our cybersecurity risk management processes, including oversight and mitigation of risks from cybersecurity threats. The Cybersecurity Committee bears the primary responsibility for oversight of the management of risks related to the use and protection of information technology, cybersecurity, and product security.

In the event of a cybersecurity incident, the CSO initiates our incident response plan that includes actions designed to mitigate the impact and long-term strategies for remediation and prevention of future incidents.

Vintz, and provides regular updates to our executive team, Cybersecurity Committee and Board of Directors on certain cybersecurity risks and incidents. In the event of a cybersecurity incident, the CSO initiates our incident response plan that includes actions designed to mitigate the impact and long-term strategies for remediation and prevention of future incidents.

Removed

The CSO reports directly to our Co-Chief Executive Officer and Chief Operating Officer and provides regular updates to our Co-Chief Executive Officer and Chief Financial Officer and CLO on certain cybersecurity risks and incidents.

Item 2. Properties

Properties — owned and leased real estate

1 edited+0 added−0 removed1 unchanged

2024 filing

2025 filing

Biggest changeItem 2. Properties Our corporate headquarters in Columbia, Maryland consist of approximately 160,000 square feet under a lease that expires in February 2032. We maintain additional offices in multiple locations internationally in Europe and the Middle East, Asia Pacific and South America.

Biggest changeItem 2. Properties Our corporate headquarters in Columbia, Maryland consist of approximately 160,000 square feet under a lease that expires in February 2032. We maintain additional offices in North America, Europe and the Middle East, Asia Pacific and South America.

Item 3. Legal Proceedings

Legal Proceedings — active lawsuits and investigations

2 edited+0 added−0 removed1 unchanged

2024 filing

2025 filing

Biggest changeWe have received, and may in the future continue to receive, claims from third parties asserting, among other things, infringement of their intellectual property rights. Future litigation may be necessary to defend ourselves, our partners and our customers by 46 Table of Contents determining the scope, enforceability and validity of third-party proprietary rights, or to establish our proprietary rights.

Biggest changeWe have received, and may in the future continue to receive, claims from third parties asserting, among other things, infringement of their intellectual property rights. Future litigation may be necessary to defend ourselves, our partners and our customers by determining the scope, enforceability and validity of third-party proprietary rights, or to establish our proprietary rights.

The results of any current or future litigation cannot be predicted with certainty, and regardless of the outcome, litigation can have an adverse impact on us because of defense and settlement costs, diversion of management resources and other factors. Item 4. Mine Safety Disclosures Not applicable. 47 Table of Contents PART II

Item 5. Market for Registrant's Common Equity

Market for Common Equity — stock, dividends, buybacks

3 edited+7 added−1 removed4 unchanged

2024 filing

2025 filing

Biggest changeIssuer Purchases of Equity Securities A summary of stock repurchases during the three months ended December 31, 2024 is presented below: (in thousands, except for per share data) Shares Purchased Average Price Paid Per Share Total Number of Shares Purchased as Part of Publicly Announced Plan (1) Approximate Dollar Value of Shares that May Yet Be Purchased Under Plan (1) Shares purchased October 1, 2024 to October 31, 2024 — $ — — $ 235,075 Shares purchased November 1, 2024 to November 30, 2024 728 41.19 728 205,088 Shares purchased December 1, 2024 to December 31, 2024 474 42.19 474 185,089 1,202 $ 41.59 (1) In November 2023, our Board of Directors authorized the repurchase of up to $100 million of our common stock.

Biggest changeThe shares are subject to forfeiture if these employees do not continue to provide services for the specified vesting period. 49 Table of Contents Issuer Purchases of Equity Securities A summary of share repurchases during the three months ended December 31, 2025 is presented below: (in thousands, except for per share data) Shares Purchased Average Price Paid Per Share Total Number of Shares Purchased as Part of Publicly Announced Plan (1) Approximate Dollar Value of Shares that May Yet Be Purchased Under Plan (1) Shares purchased October 1, 2025 to October 31, 2025 775 $ 29.58 775 $ 227,183 Shares purchased November 1, 2025 to November 30, 2025 705 26.93 705 208,190 Shares purchased December 1, 2025 to December 31, 2025 802 25.67 802 187,621 2,282 $ 27.39 _______________ (1) In November 2023, our Board of Directors authorized the repurchase of up to $100 million of our common stock.

Item 5. Market for Registrant's Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities Market Information for Common Stock Our common stock trades on the Nasdaq Global Select Market under the ticker symbol "TENB." Holders of Record At December 31, 2024, we had 19 holders of record.

In October 2024, our Board of Directors increased the repurchase authorization by $200 million. Repurchases under the share repurchase program may be made in the open market, in privately negotiated transactions, or in such other manner as determined by us, including through repurchase plans complying with the rules and regulations of the Securities and Exchange Commission.

Repurchases under the share repurchase program may be made in the open market, in privately negotiated transactions, or in such other manner as determined by us, including through repurchase plans complying with the rules and regulations of the Securities and Exchange Commission. Item 6. Reserved 50 Table of Contents

Removed

The authorization has no expiration date. Item 6. Reserved 48 Table of Contents

Added

Unregistered Issuances of Equity Securities On June 17, 2025, in connection with our acquisition of Apex Security, Inc., or Apex, we issued 187,304 shares of restricted common stock to certain key Apex employees.

Added

These shares have not been registered under the Securities Act or the securities laws of any state of the United States in reliance upon certain exemptions from registration under said acts and may not be offered or sold absent to registration or pursuant to an exemption therefrom.

Added

The foregoing did not involve any underwriters, underwriting discounts or commissions, or any public offering. The sales were exempt from registration under the Securities Act in reliance on Section 4(a)(2) of the Securities Act (and Regulation D or Regulation S promulgated thereunder) as transactions by an issuer not involving any public offering.

Added

The recipients of the securities represented their intentions to acquire the securities for investment only and not with a view to, or for sale in connection with, any distribution thereof, and appropriate legends were placed on the share certificates issued.

Added

The shares are deemed restricted securities, and unless so registered, may not be offered or sold in the United States except pursuant to an exemption from the registration requirements of the Securities Act. All recipients had adequate access, through their relationships with us, to information about us. The sales of these securities were made without any general solicitation or advertising.

Added

The shares issued were subject to vesting agreements and were unvested as of their issuance.

Added

In October 2024, July 2025 and January 2026, our Board of Directors increased the repurchase authorization by $200 million, $250 million and $150 million , respectively, bringing the total authorized amount to $700 million. The authorization has no expiration date.

Item 7. Management's Discussion & Analysis

Management's Discussion & Analysis (MD&A) — revenue / margin commentary

61 edited+13 added−38 removed58 unchanged

2024 filing

2025 filing

Biggest changeWe expect to maintain this full valuation allowance for the foreseeable future as it is more likely than not that some or all of those deferred tax assets may not be realized based on our history of losses. 57 Table of Contents Results of Operations The following tables set forth our consolidated results of operations for the periods presented: Year Ended December 31, (in thousands) 2024 2023 2022 Revenue $ 900,021 $ 798,710 $ 683,191 Cost of revenue (1) 199,668 183,577 154,789 Gross profit 700,353 615,133 528,402 Operating expenses: Sales and marketing (1) 395,385 393,450 349,430 Research and development (1) 181,624 153,163 143,560 General and administrative (1) 124,130 116,181 103,227 Restructuring 6,070 4,499 — Total operating expenses 707,209 667,293 596,217 Loss from operations (6,856) (52,160) (67,815) Interest income 23,325 24,700 6,284 Interest expense (31,920) (31,339) (19,001) Other expense, net (3,435) (8,602) (4,757) Loss before income taxes (18,886) (67,401) (85,289) Provision for income taxes 17,415 10,883 6,933 Net loss $ (36,301) $ (78,284) $ (92,222) _______________ (1) Includes stock-based compensation expense as follows: Year Ended December 31, (in thousands) 2024 2023 2022 Cost of revenue $ 12,677 $ 11,247 $ 8,369 Sales and marketing 62,727 61,322 49,383 Research and development 47,656 37,225 31,499 General and administrative 40,455 35,533 31,382 Total stock-based compensation expense $ 163,515 $ 145,327 $ 120,633 Comparison of 2024 and 2023 Revenue Year Ended December 31, Change (dollars in thousands) 2024 2023 ($) (%) Subscription revenue $ 824,659 $ 725,013 $ 99,646 14 % Perpetual license and maintenance revenue 47,774 48,729 (955) (2) % Professional services and other revenue 27,588 24,968 2,620 10 % Revenue $ 900,021 $ 798,710 $ 101,311 13 % The increase in revenue of $101.3 million included $101.1 million from existing customers as of January 1, 2024 and $0.2 million from new customers.

Biggest changeWe will continue to evaluate the realization of deferred tax assets to determine changes to valuation allowance in future periods. 56 Table of Contents Results of Operations The following tables set forth our consolidated results of operations for the periods presented: Year Ended December 31, (in thousands) 2025 2024 2023 Revenue $ 999,405 $ 900,021 $ 798,710 Cost of revenue (1) 218,937 199,668 183,577 Gross profit 780,468 700,353 615,133 Operating expenses: Sales and marketing (1) 416,949 395,385 393,450 Research and development (1) 223,669 181,624 153,163 General and administrative (1) 145,905 124,130 116,181 Restructuring 3,113 6,070 4,499 Total operating expenses 789,636 707,209 667,293 Loss from operations (9,168) (6,856) (52,160) Interest income 15,992 23,325 24,700 Interest expense (28,419) (31,920) (31,339) Other expense, net (1,338) (3,435) (8,602) Loss before income taxes (22,933) (18,886) (67,401) Provision for income taxes 13,185 17,415 10,883 Net loss $ (36,118) $ (36,301) $ (78,284) _______________ (1) Includes stock-based compensation expense as follows: Year Ended December 31, (in thousands) 2025 2024 2023 Cost of revenue $ 13,714 $ 12,677 $ 11,247 Sales and marketing 68,801 62,727 61,322 Research and development 56,542 47,656 37,225 General and administrative (2) 52,756 40,455 35,533 Total stock-based compensation expense $ 191,813 $ 163,515 $ 145,327 _______________ (2) Stock-based compensation expense in 2025 includes $14.6 million of expense related to the accelerated vesting of equity awards for our former Chairman and Chief Executive Officer. 57 Table of Contents Comparison of 2025 and 2024 Revenue Year Ended December 31, Change (dollars in thousands) 2025 2024 ($) (%) Subscription revenue $ 919,573 $ 824,659 $ 94,914 12 % Perpetual license and maintenance revenue 44,661 47,774 (3,113) (7) % Professional services and other revenue 35,171 27,588 7,583 27 % Revenue $ 999,405 $ 900,021 $ 99,384 11 % The increase in revenue of $99.4 million included $95.7 million from existing customers as of January 1, 2025 and $3.7 million from new customers.

Interest Income, Interest Expense and Other Expense, Net Interest income consists of income earned on cash and cash equivalents and short-term investments. Interest expense consists primarily of interest expense in connection with our Term Loan, unused commitment fees on our senior secured revolving credit facility, or Revolving Credit Facility, and letter of credit fees.

Interest Income, Interest Expense and Other Income (Expense), Net Interest income consists of income earned on cash and cash equivalents and short-term investments. Interest expense consists primarily of interest expense in connection with our Term Loan, unused commitment fees on our senior secured revolving credit facility, or Revolving Credit Facility, and letter of credit fees.

We have estimated the five-year economic life of perpetual license contracts based on historical contract attrition, expected renewal periods, the lifecycle of the our technology and other factors. While we believe that the estimates we have made are reasonable and appropriate, different assumptions and estimates could impact our financial results.

We have estimated the five-year economic life of perpetual license contracts based on historical contract attrition, expected renewal periods, the lifecycle of our technology and other factors. While we believe that the estimates we have made are reasonable and appropriate, different assumptions and estimates could impact our financial results.

Sales commissions on contract renewals are capitalized and amortized ratably over the contract term, with the exception of contracts with renewal periods that are one year or less, in which case the incremental costs are expensed as incurred.

Sales commissions on professional services arrangements are expensed as incurred as the contractual periods of these arrangements are generally less than one year. We intend to continue to make investments in our sales and marketing teams to increase revenue, further penetrate the market and expand our global customer base.

Sales commissions on professional services arrangements are expensed as incurred as the contractual periods of these arrangements are generally less than one year. We intend to continue to make investments in sales and marketing to increase revenue, further penetrate the market and expand our global customer base.

Provision for Income Taxes Provision for income taxes consists of income taxes in all jurisdictions in which we conduct business and the related withholding taxes on sales with customers. We have recorded deferred tax assets for which a full valuation allowance has been provided, including net operating loss carryforwards and tax credits.

Provision for Income Taxes Provision for income taxes consists of income taxes in all jurisdictions in which we conduct business and the related withholding taxes on sales with customers. We have recorded deferred tax assets for which a valuation allowance has been provided, including net operating loss carryforwards and tax credits.

Furthermore, such forward-looking statements speak only as of the date of this report. Except as required by law, we undertake no obligation to update any forward-looking statements to reflect events or circumstances after the date of such statements. Overview We are a leading provider of exposure management solutions.

Furthermore, such forward-looking statements speak only as of the date of this report. Except as required by law, we undertake no obligation to update any forward-looking statements to reflect events or circumstances after the date of such statements. Overview We are the leading provider of exposure management solutions.

Key Operating and Financial Metrics To supplement our consolidated financial statements, which are prepared and presented in accordance with GAAP, we use and monitor the following operating and financial metrics, which include non-GAAP financial measures, to understand and evaluate our core operating and financial performance.

Operating and Financial Metrics To supplement our consolidated financial statements, which are prepared and presented in accordance with GAAP, we use and monitor the following operating and financial metrics, which include non-GAAP financial measures, to understand and evaluate our core operating and financial performance.

We expect our gross profit to increase in absolute dollars but our gross margin may fluctuate from period to period depending on the interplay of all of these factors, particularly as it relates to cloud infrastructure costs, as we expect revenue from our cloud-based subscriptions to increase as a percentage of revenue. 55 Table of Contents Operating Expenses Our operating expenses consist of sales and marketing, research and development, general and administrative and restructuring expenses.

We expect our gross profit to increase in absolute dollars but our gross margin may fluctuate from period to period depending on the interplay of all of these factors, particularly as it relates to cloud infrastructure costs, as we expect revenue from our cloud-based subscriptions to increase as a percentage of revenue. 54 Table of Contents Operating Expenses Our operating expenses consist of sales and marketing, research and development, general and administrative and restructuring expenses.

This Form 10-K contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, or the Securities Act and Section 21E of the Securities Exchange Act of 1934, as amended, or the Exchange Act.

This Form 10-K contains forward-looking statements within the meaning of Section 27A of the Securities Act and Section 21E of the Securities Exchange Act of 1934, as amended, or the Exchange Act.

Personnel costs are the most significant component of operating expenses and consist of salaries, benefits, bonuses, payroll taxes, stock-based compensation and ordinary course severance. Operating expenses also include depreciation and amortization as well as allocated overhead costs, including IT and facilities costs.

Personnel costs are the most significant component of operating expenses and consist of salaries, benefits, bonuses, payroll taxes, stock-based compensation and ordinary course severance. Operating expenses also include depreciation and amortization, allocated overhead costs, including IT and facilities costs, as well as acquisition-related expenses.

We expect our sales and marketing expense to increase in absolute dollars annually and to be our largest operating expense category for the foreseeable future. However, as our revenue increases, we expect our sales and marketing expense to decrease as a percentage of our revenue in 2025 and over the long term.

We generally determine the fair value of acquired technology using the multi-period excess earnings method, a form of the income approach. However, in certain situations we may use the cost approach. Estimates in valuing identifiable intangible assets include, but are not limited to, projected revenue growth rates, obsolescence projections and an appropriate discount rate.

We generally determine the fair value of acquired technology using the multi-period excess earnings method, a form of the 63 Table of Contents income approach. However, in certain situations we may use the cost approach. Estimates in valuing identifiable intangible assets include, but are not limited to, projected revenue growth rates, obsolescence projections and an appropriate discount rate.

At December 31, 2024, we were in compliance with the covenants and had $0.2 million of standby letters of credit outstanding under the Revolving Credit Facility.

At December 31, 2025, we were in compliance with the covenants and had $0.2 million of standby letters of credit outstanding under the Revolving Credit Facility.

When the critical utility of our software does not depend on ongoing updates, we recognize revenue attributable to the license at the time of delivery and the revenue attributable to the maintenance and support ratably over the contract period.

When the critical utility of our 62 Table of Contents software does not depend on ongoing updates, we recognize revenue attributable to the license at the time of delivery and the revenue attributable to the maintenance and support ratably over the contract period.

Sales and Marketing Sales and marketing expense consists of personnel costs, sales commissions, marketing programs, travel and entertainment, expenses for conferences, meetings and events and allocated overhead costs.

A valuation allowance is provided if it is more likely than not that some or all of the deferred tax assets will not be realized. We have valuation allowances in all jurisdictions against deferred tax assets net of deferred tax liabilities that will reverse and provide a source of taxable income.

We may be subject to mandatory Term Loan prepayments related to the excess cash provisions in the Credit Agreement if our first lien net leverage ratio (as defined in the Credit Agreement) exceeds 3.5. At December 31, 2024, our first lien net leverage ratio was 0.86.

We generate revenue from subscription arrangements for our software and cloud-based solutions, perpetual licenses, maintenance associated with perpetual licenses and professional services and other revenue. 63 Table of Contents Subscription Revenue Our subscription arrangements generally have annual or multi-year contractual terms and allow customers to use our software or cloud solutions.

We generate revenue from subscription arrangements for our software and cloud-based solutions, perpetual licenses, maintenance associated with perpetual licenses and professional services and other revenue. Subscription Revenue Our subscription arrangements generally have annual or multi-year contractual terms and allow customers to use our software or cloud solutions.

Our principal uses of cash in recent periods have been funding our operations, expansion of our sales and marketing and research and development activities, investments in infrastructure, acquiring complementary businesses and technology and repurchasing shares of our common stock. We paid $29.2 million, $243.3 million and $66.8 million to acquire businesses in 2024, 2023 and 2022, respectively.

Our principal uses of cash in recent periods have been funding our operations, expansion of our sales and marketing and research and development activities, investments in infrastructure, acquiring complementary businesses and technology and repurchasing shares of our common stock. We paid $196.2 million, $29.2 million and $243.3 million to acquire businesses in 2025, 2024 and 2023, respectively.

December 31, 2024 2023 2022 Number of customers with $100,000 and greater in annual contract value at end of period 1,988 1,721 1,420 Dollar-Based Net Expansion Rate Our dollar-based net expansion rate reflects both our customer retention and ability to drive additional sales to our existing customers.

December 31, 2025 2024 2023 Number of customers with $100,000 and greater in annual contract value at end of period 2,161 1,988 1,721 Dollar-Based Net Expansion Rate Our dollar-based net expansion rate reflects both our customer retention and ability to drive additional sales to our existing customers.

Research and Development Research and development expense consists of personnel costs, software used to develop our products, travel and entertainment, consulting and professional fees for third-party development resources as well as allocated overhead. Our research and development expense supports our efforts to continue to add capabilities to our existing products and enable the continued detection of new network vulnerabilities.

Research and Development Research and development expense consists of personnel costs, software used to develop our products, travel and entertainment, consulting and professional fees for third-party development resources, allocated overhead and acquisition-related expenses. Our research and development expense supports our efforts to continue to add capabilities to our existing products and enable the continued detection of new network vulnerabilities.

The following tables summarize key components of our customer base: Year Ended December 31, 2024 2023 2022 Number of new enterprise platform customers added in period (1) 1,689 1,788 2,078 _______________ (1) The number of new enterprise platform customers added in 2023 includes 104 legacy customers of Ermetic, Ltd. ("Ermetic").

The following tables summarize key components of our customer base: Year Ended December 31, 2025 2024 2023 Number of new enterprise platform customers added in period (1) 1,667 1,689 1,788 _______________ (1) The number of new enterprise platform customers added in 2023 includes 104 legacy customers of Ermetic, Ltd. ("Ermetic").

We expect our research and development expense to continue to increase annually in absolute dollars for the foreseeable future as we continue to invest in research and development efforts to enhance the functionality of our cloud-based platform.

Comparison of 2023 and 2022 For a discussion of our consolidated results for 2023 compared to 2022, see our Annual Report on Form 10-K filed with the SEC on February 28, 2024.

Comparison of 2024 and 2023 For a discussion of our consolidated results for 2024 compared to 2023, see our Annual Report on Form 10-K filed with the SEC on February 21, 2025.

The excess purchase consideration over the fair value of acquired assets and liabilities is recorded as goodwill. When determining the fair value of assets acquired and liabilities assumed, a non-recurring Level 3 fair value measurement, we make estimates and assumptions, especially with respect to intangible assets such as identified acquired technology and trade names.

When determining the fair value of assets acquired and liabilities assumed, a non-recurring Level 3 fair value measurement, we make estimates and assumptions, especially with respect to intangible assets such as identified acquired technology and trade names.

Liquidity and Capital Resources At December 31, 2024, we had $328.6 million of cash and cash equivalents, which consisted of bank deposits and money market funds, and $248.5 million of short-term investments, which consisted of commercial paper, asset backed securities, U.S. Treasury and agency obligations and corporate and Yankee bonds.

Liquidity and Capital Resources At December 31, 2025, we had $187.8 million of cash and cash equivalents, which consisted of bank deposits and money market funds, and $214.4 million of short-term investments, which consisted of commercial paper, asset backed securities, U.S. Treasury and agency obligations and corporate and Yankee bonds.

At December 31, 2024, we had deferred revenue of $833.2 million, of which $650.4 million was recorded as a current liability and is expected to be recognized as revenue in the next 12 months, provided all other revenue recognition criteria are met.

At December 31, 2025, we had deferred revenue of $899.3 million, of which $706.9 million was recorded as a current liability and is expected to be recognized as revenue in the next 12 months, provided all other revenue recognition criteria are met.

Cash Flows The following table summarizes our cash flows for the periods presented: Year Ended December 31, (in thousands) 2024 2023 2022 Net cash provided by operating activities $ 217,476 $ 149,855 $ 131,151 Net cash used in investing activities (41,431) (212,615) (128,039) Net cash (used in) provided by financing activities (79,401) 1,251 23,318 Effect of exchange rate changes on cash and cash equivalents and restricted cash (5,129) (2,225) (3,835) Net increase (decrease) in cash and cash equivalents and restricted cash $ 91,515 $ (63,734) $ 22,595 Operating Activities Our largest source of cash provided by operating activities is cash collections from sales of our products and services, as we typically invoice our customers in advance.

Cash Flows The following table summarizes our cash flows for the periods presented: Year Ended December 31, (in thousands) 2025 2024 2023 Net cash provided by operating activities $ 266,750 $ 217,476 $ 149,855 Net cash used in investing activities (174,578) (41,431) (212,615) Net cash (used in) provided by financing activities (234,095) (79,401) 1,251 Effect of exchange rate changes on cash and cash equivalents and restricted cash 1,038 (5,129) (2,225) Net (decrease) increase in cash and cash equivalents and restricted cash $ (140,885) $ 91,515 $ (63,734) Operating Activities Our largest source of cash provided by operating activities is cash collections from sales of our products and services, as we typically invoice our customers in advance.

Provision for Income Taxes Year Ended December 31, Change (dollars in thousands) 2024 2023 ($) (%) Provision for income taxes $ 17,415 $ 10,883 $ 6,532 60 % In 2024, the provision for income taxes included: • $6.9 million of discrete expenses primarily related to withholding taxes on sales to customers; 60 Table of Contents • $6.2 million of income taxes in foreign jurisdictions in which we conduct business; • $3.3 million related to Base Erosion and Anti-Abuse Tax, or BEAT; and • $1.2 million of additional tax incurred related to the 2021 restructuring of Indegy; partially offset by • $0.2 million of deferred tax benefits related to the Alsid acquisition.

In 2024, the provision for income taxes included: • $6.9 million of discrete expenses primarily related to withholding taxes on sales to customers; • $6.2 million of income taxes in foreign jurisdictions in which we conduct business; • $3.3 million related to Base Erosion and Anti-Abuse Tax, or BEAT; and • $1.2 million of additional tax incurred related to the 2021 restructuring of Indegy; partially offset by • $0.2 million of deferred tax benefits related to the Alsid acquisition.

Other expense, net consists primarily of foreign currency remeasurement and transaction gains and losses and any realized and unrealized gains and losses, including impairment losses and gains related to our non-marketable investments.

Other income (expense), net consists primarily of foreign currency remeasurement and transaction gains and losses and any realized and unrealized gains and losses, including impairment losses and gains related to our investments in privately held securities.

We expect longer purchasing and approval phases of our sales cycle to continue in 2025. Cost of Revenue, Gross Profit and Gross Margin Cost of revenue includes personnel costs related to our technical support group that provides assistance to customers, including salaries, benefits, bonuses, payroll taxes, stock-based compensation and any ordinary course severance.

Cost of Revenue, Gross Profit and Gross Margin Cost of revenue includes personnel costs related to our technical support group that provides assistance to customers, including salaries, benefits, bonuses, payroll taxes, stock-based compensation and any ordinary course severance.

Financing Activities From 2023 to 2024, net cash used in financing activities increased by $80.7 million, primarily due to an $85.0 million increase in the repurchase of common stock under our stock repurchase program partially offset by a $4.6 million increase in proceeds from the exercise of stock options.

From 2023 to 2024, net cash provided by financing activities decreased by $80.7 million, primarily due to an $85.0 million increase in the repurchase of common stock under our share repurchase program, partially offset by a $4.6 million increase in proceeds from the exercise of stock options. Contractual Obligations We have certain contractual obligations for future payments.

The Term Loan bears interest at a rate of 2.75% per annum over SOFR, subject to a 0.50% floor, plus a credit spread adjustment depending on the interest period. From January to December 2024, interest rates on our Term Loan have been between 7.44% and 8.22%.

The Term Loan bears interest at a rate of 2.75% per annum over SOFR, subject to a 0.50% floor, plus a credit spread adjustment depending on the interest period. In 2025, interest rates on our Term Loan were between 6.78% and 7.22%.

We expect general and administrative expenses in Q1 2025 to increase sequentially, primarily due to termination benefits, including cash compensation and accelerated equity award vesting, related to the passing of our Chairman and Chief Executive Officer. 56 Table of Contents Restructuring Restructuring expenses consist of non-ordinary course severance, employee related benefits and other charges to reorganize business operations.

In 2025, our general and administrative expense included $15.5 million of termination benefits, including cash compensation and accelerated equity award vesting, related to the passing of our former Chairman and Chief Executive Officer. Restructuring Restructuring expenses consist of non-ordinary course severance, employee related benefits and other charges to reorganize business operations.

Our estimate of fair value is based upon assumptions we believe to be reasonable, but which are inherently uncertain and, as a result, actual results may differ from estimates.

Our estimate of fair value is based upon assumptions we believe to be reasonable, but which are inherently uncertain and, as a result, actual results may differ from estimates. During the measurement period, we may make adjustments to the fair value of assets acquired and liabilities assumed, with offsetting adjustments to goodwill.

We expect to continue incurring operating losses in the near term. Even though we generated positive cash flows from operations and free cash flow in 2024, 2023 and 2022, we may not be able to sustain these cash flows.

Even though we generated positive cash flows from operations and free cash flow in 2025, 2024 and 2023, we may not be able to sustain these cash flows.

Operating Expenses Sales and Marketing Year Ended December 31, Change (dollars in thousands) 2024 2023 ($) (%) Sales and marketing $ 395,385 $ 393,450 $ 1,935 — % The increase in sales and marketing expense of $1.9 million was primarily due to: • a $4.7 million increase in sales commissions; • a $2.8 million increase in allocated overhead expenses; • a $2.2 million increase in expenses for demand generation programs, including advertising, sponsorships, and brand awareness efforts; and • a $0.2 million increase in selling expenses, including travel and meeting costs and software subscription costs; partially offset by • a $7.6 million decrease in personnel costs, net of a $1.4 million increase in stock-based compensation; and • a $0.4 million decrease in depreciation expense.

Operating Expenses Sales and Marketing Year Ended December 31, Change (dollars in thousands) 2025 2024 ($) (%) Sales and marketing $ 416,949 $ 395,385 $ 21,564 5 % The increase in sales and marketing expense of $21.6 million was primarily due to: • a $10.3 million increase in personnel costs, including a $6.1 million increase in stock-based compensation; • a $4.5 million increase in sales commissions; • a $4.2 million increase in expenses for demand generation programs, including advertising, sponsorships, and brand awareness efforts; and • a $3.1 million increase in selling expenses, including travel and meeting costs and software subscription costs.

The $5.2 million decrease in other expense, net was primarily due to $5.6 million of impairment losses on our simple agreements for future equity, or SAFE, investments in 2023 and a $1.5 million gain on the conversion of a SAFE investment to an investment in preferred stock in 2024, partially offset by a $1.9 million increase in foreign exchange losses.

The $2.1 million decrease in other expense, net was primarily due to a $3.4 million decrease in foreign exchange losses partially offset by a $1.5 million gain on the conversion of one of our simple agreements for future equity, or SAFE, investments in the prior year.

If we are unable to raise additional 61 Table of Contents capital when desired, or if we cannot expand our operations or otherwise capitalize on our business opportunities because we lack sufficient capital, our business, operating results and financial condition would be adversely affected.

If we are unable to raise additional capital when desired, or if we cannot expand our operations or otherwise capitalize on our business opportunities because we lack sufficient capital, our business, operating results and financial condition would be adversely affected. 60 Table of Contents Share Repurchase Program In November 2023, our Board of Directors authorized the repurchase of up to $100 million of our common stock.

We typically use a two-tiered channel model whereby we sell our enterprise platform offerings to our distributors, who in turn sell to our resellers, who then sell to end users, who we call customers. 49 Table of Contents Financial Highlights Below are our key financial results: Year Ended December 31, (in thousands, except per share data) 2024 2023 2022 Revenue $ 900,021 $ 798,710 $ 683,191 Loss from operations (6,856) (52,160) (67,815) Net loss (36,301) (78,284) (92,222) Net loss per share, basic and diluted (0.31) (0.68) (0.83) Net cash provided by operating activities 217,476 149,855 131,151 Purchases of property and equipment (4,247) (1,704) (9,359) Capitalized software development costs (6,451) (7,052) (9,789) Recurring revenue, which includes revenue from subscription arrangements for software (both recognized ratably over the subscription term and upon delivery) and cloud-based solutions and maintenance associated with perpetual licenses, represented 96% of revenue in 2024 and 95% of revenue in 2023 and 2022.

Financial Highlights Below are our key financial results: Year Ended December 31, (in thousands, except per share data) 2025 2024 2023 Revenue $ 999,405 $ 900,021 $ 798,710 Loss from operations (9,168) (6,856) (52,160) Net loss (36,118) (36,301) (78,284) Net loss per share, basic and diluted (0.30) (0.31) (0.68) Net cash provided by operating activities 266,750 217,476 149,855 Purchases of property and equipment (12,102) (4,247) (1,704) Capitalized software development costs (4,474) (6,451) (7,052) 51 Table of Contents Recurring revenue, which includes revenue from subscription arrangements for software (both recognized ratably over the subscription term and upon delivery) and cloud-based solutions and maintenance associated with perpetual licenses, represented 96% of revenue in 2025 and 2024 and 95% of revenue in 2023.

The $0.6 million increase in interest expense was primarily due to an increase in the variable rate of our Term Loan.

The $3.5 million decrease in interest expense was primarily due to a decrease in the variable rate of our Term Loan.

The increase in customer agreements in the third quarter is primarily attributable to U.S. government and related agencies, and the increase in the fourth quarter is primarily attributable to large enterprise account buying patterns typical in the software industry. The ratable nature of our subscription revenue makes this seasonality less apparent in our overall financial results.

During the measurement period, we may make adjustments to the fair value of assets acquired and liabilities assumed, with offsetting adjustments to goodwill. 65 Table of Contents Any adjustments made after the measurement period will be reflected in the consolidated statements of operations. Acquisition-related costs are expensed as incurred.

Any adjustments made after the measurement period will be reflected in the consolidated statements of operations. Acquisition-related costs are expensed as incurred. Goodwill The excess purchase consideration over the fair value of acquired assets and liabilities is recorded as goodwill.

Restructuring Year Ended December 31, Change (dollars in thousands) 2024 2023 ($) (%) Restructuring $ 6,070 $ 4,499 $ 1,571 35 % The increase in restructuring of $1.6 million was due to a $4.5 million non-cash impairment of leasehold improvements and furniture and fixtures that was recorded in connection with the sublease of a portion of our headquarters in 2024, net of a decrease of $2.9 million in non-ordinary course severance and employee-related benefits.

In 2024, restructuring included a $4.5 million non-cash impairment of leasehold improvements and furniture and fixtures that was recorded in connection with the sublease of a portion of our headquarters and $1.6 million in non-ordinary course severance and employee-related benefits.

We sell and market our products and services through our field sales force that works closely with our channel network of distributors, resellers and managed security service providers (MSSPs), in developing sales opportunities.

These subscriptions are typically invoiced in advance at the beginning of the term, however multi-year subscriptions are increasingly being invoiced annually in installments. We sell and market our products and services through our field sales force that works closely with our channel network of distributors, resellers and managed security service providers (MSSPs), in developing sales opportunities.

International revenue increased $57.3 million, or 16%. 58 Table of Contents Cost of Revenue, Gross Profit and Gross Margin Year Ended December 31, Change (dollars in thousands) 2024 2023 ($) (%) Cost of revenue $ 199,668 $ 183,577 $ 16,091 9 % Gross profit 700,353 615,133 85,220 14 % Gross margin 78 % 77 % The increase in cost of revenue of $16.1 million was primarily due to: • a $5.6 million increase in amortization of acquired intangible assets; • a $3.5 million increase in third-party cloud infrastructure costs; • a $2.2 million increase in professional fees; • a $1.7 million increase in personnel costs, including a $1.4 million increase in stock-based compensation; • a $1.1 million increase in depreciation and amortization; • a $0.8 million increase in allocated overhead expenses; and • a $0.8 million increase in subscription costs.

Cost of Revenue, Gross Profit and Gross Margin Year Ended December 31, Change (dollars in thousands) 2025 2024 ($) (%) Cost of revenue $ 218,937 $ 199,668 $ 19,269 10 % Gross profit 780,468 700,353 80,115 11 % Gross margin 78 % 78 % The increase in cost of revenue of $19.3 million was primarily due to: • a $6.5 million increase in amortization of acquired intangible assets; • a $4.0 million increase in third-party cloud infrastructure costs; • a $3.9 million increase in personnel costs, including a $1.0 million increase in stock-based compensation; and • a $2.4 million increase in depreciation and amortization.

We believe that calculated current billings, which excludes deferred revenue for periods beyond twelve months in a customer’s contractual term, more closely correlates with annual contract value. Variability in total billings, depending on the timing of large multi-year contracts and the preference for annual billing versus multi-year upfront billing, may distort growth in one period over another.

Calculated Current Billings Calculated current billings consists of revenue recognized in a period plus the change in current deferred revenue in the corresponding period. Variability in total billings, depending on the timing of large multi-year contracts and the preference for annual billing versus multi-year upfront billing, may distort growth in one period over another.

Interest Income, Interest Expense and Other Expense, Net Year Ended December 31, Change (dollars in thousands) 2024 2023 ($) (%) Interest income $ 23,325 $ 24,700 $ (1,375) (6) % Interest expense (31,920) (31,339) (581) 2 % Other expense, net (3,435) (8,602) 5,167 (60) % The $1.4 million decrease in interest income was primarily due to lower interest rates on our cash and cash equivalents and short-term investments.

Interest Income, Interest Expense and Other Expense, Net Year Ended December 31, Change (dollars in thousands) 2025 2024 ($) (%) Interest income $ 15,992 $ 23,325 $ (7,333) (31) % Interest expense (28,419) (31,920) 3,501 (11) % Other expense, net (1,338) (3,435) 2,097 (61) % The $7.3 million decrease in interest income was primarily due to a decrease in cash and cash equivalents and short-term investments as well as lower interest rates on our cash and cash equivalents and short-term investments.

Research and Development Year Ended December 31, Change (dollars in thousands) 2024 2023 ($) (%) Research and development $ 181,624 $ 153,163 $ 28,461 19 % The increase in research and development expense of $28.5 million was primarily due to: • a $21.3 million increase in personnel costs, largely associated with an increase in headcount, including a $10.4 million increase in stock-based compensation; • a $2.9 million increase in allocated overhead expenses; • a $1.7 million increase in third-party cloud infrastructure costs; • a $0.8 million decrease in tax credits; • a $0.6 million increase in travel and meeting costs; and 59 Table of Contents • a $0.5 million increase in software subscriptions.

Research and Development Year Ended December 31, Change (dollars in thousands) 2025 2024 ($) (%) Research and development $ 223,669 $ 181,624 $ 42,045 23 % 58 Table of Contents The increase in research and development expense of $42.0 million was primarily due to: • a $34.9 million increase in personnel costs, largely associated with an increase in headcount, including an $8.9 million increase in stock-based compensation; and • a $3.0 million increase in allocated overhead expenses.

Because of these and other limitations, you should consider calculated current billings along with revenue and our other GAAP financial results. 50 Table of Contents The following table presents a reconciliation of revenue, the most directly comparable financial measure calculated in accordance with GAAP, to calculated current billings: Year Ended December 31, (in thousands) 2024 2023 2022 Revenue $ 900,021 $ 798,710 $ 683,191 Deferred revenue (current), end of period 650,372 580,779 502,115 Deferred revenue (current), beginning of period (1) (580,887) (506,192) (408,443) Calculated current billings $ 969,506 $ 873,297 $ 776,863 _______________ (1) Deferred revenue (current), beginning of period for 2024, 2023 and 2022 includes $0.1 million, $4.1 million and $0.9 million, respectively, related to acquired deferred revenue.

The following table presents calculated current billings, including a reconciliation of revenue, the most directly comparable financial measure calculated in accordance with GAAP: Year Ended December 31, (in thousands) 2025 2024 2023 Revenue $ 999,405 $ 900,021 $ 798,710 Deferred revenue (current), end of period 706,866 650,372 580,779 Deferred revenue (current), beginning of period (1) (657,035) (580,887) (506,192) Calculated current billings $ 1,049,236 $ 969,506 $ 873,297 _______________ (1) Deferred revenue (current), beginning of period for 2025, 2024 and 2023 includes $6.7 million, $0.1 million and $4.1 million, respectively, related to acquired deferred revenue. 52 Table of Contents Customer Metrics We believe that our customer base provides a significant opportunity to expand sales of our enterprise platform offerings.

Investing Activities From 2023 to 2024, net cash used in investing activities decreased by $171.2 million, primarily due to a decrease in cash paid for acquisitions of $214.1 million, a $3.5 million increase in proceeds from our investments in private companies and a $0.6 million decrease in capitalized software development costs, partially offset by a $43.3 million net decrease in sales of short-term investments, a $2.5 million increase in purchases of property and equipment, and a $1.3 million increase in cash paid for other investments. 62 Table of Contents From 2022 to 2023, net cash used in investing activities increased by $84.6 million, primarily due to an increase in cash paid for acquisitions of $176.5 million, partially offset by a $71.6 million net increase in sales of short-term investments, $10.0 million in cash paid for other investments in 2022, a $7.7 million decrease in purchases of property and equipment and a $2.7 million decrease in capitalized software development costs.

From 2023 to 2024, net cash used in investing activities decreased by $171.2 million, primarily due to a decrease in cash paid for acquisitions of $214.1 million, partially offset by a $43.3 million net decrease in sales of short-term investments. 61 Table of Contents Financing Activities From 2024 to 2025, net cash used in financing activities increased by $154.7 million, primarily due to a $147.5 million increase in the repurchase of common stock under our share repurchase program.

Goodwill The excess purchase consideration over the fair value of acquired assets and liabilities is recorded as goodwill. We perform our annual impairment assessment on October 1, or more frequently, when events or circumstances indicate impairment may have occurred.

We perform our annual impairment assessment on October 1, or more frequently, when events or circumstances indicate impairment may have occurred.

Stock Repurchase Plan In November 2023, our Board of Directors authorized the repurchase of up to $100 million of our common stock. In October 2024, our Board of Directors increased the repurchase authorization by $200 million. Since the inception of the repurchase program and through December 31, 2024, we have purchased a total of 2.7 million shares for $114.9 million.

In October 2024, July 2025 and January 2026, our Board of Directors increased the repurchase authorization by $200 million, $250 million and $150 million, respectively. Since the inception of the share repurchase program and through December 31, 2025, we have purchased a total of 10.6 million shares for $362.4 million.

Exposure management i s the evolution of vulnerability management, advancing risk assessment and prioritization across the entire attack surface – from IT infrastructure to cloud environments to critical infrastructure. Tenable unifies security visibility, insight and action across this attack surface, equipping modern organizations to expose and close the cybersecurity gaps that erode business value, reputation and trust.

Tenable unifies security visibility, insight and action across this attack surface, equipping modern organizations to quickly identify and close the cybersecurity gaps that erode business value, reputation and trust. Tenable One, our AI-powered exposure management platform, gives enterprises a single, unified view of risk across all types of assets and attack pathways.

We use calculated current billings to measure and monitor our ability to provide our business with the working capital generated by upfront payments from our customers. Calculated current billings consists of revenue recognized in a period plus the change in current deferred revenue in the corresponding period.

Because of these and other limitations, you should consider calculated current billings along with revenue and our other GAAP financial results. Historically we have used calculated current billings as a key metric to measure our periodic performance and to measure and monitor our ability to provide our business with the working capital generated by upfront payments from our customers.

Contractual Obligations We have certain contractual obligations for future payments. See Note 7 to our consolidated financial statements for our required operating lease payments and Note 9 for our required payments to Microsoft and AWS for cloud services.

See Note 7 to our consolidated financial statements for our required operating lease payments and Note 9 to our consolidated financial statements for our required payments to Microsoft and AWS for cloud services. At December 31, 2025, we had other non-cancellable purchase obligations of $25.8 million due in the next twelve months and $7.9 million due thereafter.

In 2023, the provision for income taxes included: • $5.8 million of income taxes in foreign jurisdictions in which we conduct business; and • $5.3 million of discrete expenses primarily related to withholding taxes on sales to customers; partially offset by • $0.2 million of deferred tax benefits related to the Alsid acquisition.

Provision for Income Taxes Year Ended December 31, Change (dollars in thousands) 2025 2024 ($) (%) Provision for income taxes $ 13,185 $ 17,415 $ (4,230) (24) % 59 Table of Contents In 2025, the provision for income taxes included: • $7.0 million of discrete expenses primarily related to withholding taxes on sales to customers; and • $6.2 million of income taxes in foreign jurisdictions in which we conduct business.

(7) An adjustment to reconcile GAAP net loss per share, which excludes potentially dilutive shares, to non-GAAP earnings per share, which includes potentially dilutive shares. 54 Table of Contents Components of Our Results of Operations Revenue We generate revenue from subscription arrangements for our software and cloud-based solutions, perpetual licenses, maintenance associated with perpetual licenses and professional services.

The following table presents our dollar-based net expansion rate: December 31, (in thousands) 2025 2024 2023 Dollar-based net expansion rate 106 % 108 % 111 % 53 Table of Contents Components of Our Results of Operations Revenue We generate revenue from subscription arrangements for our software and cloud-based solutions, perpetual licenses, maintenance associated with perpetual licenses and professional services.

General and Administrative Year Ended December 31, Change (dollars in thousands) 2024 2023 ($) (%) General and administrative $ 124,130 $ 116,181 $ 7,949 7 % The increase in general and administrative expense of $7.9 million was primarily due to: • an $8.6 million increase in personnel costs, largely associated with an increase in headcount, including a $4.9 million increase in stock-based compensation; • a $5.1 million increase in professional fees; and • a $0.9 million increase in software subscriptions; partially offset by • a $4.2 million decrease in acquisition-related expenses; and • a $2.6 million decrease in allocated overhead expenses.

General and Administrative Year Ended December 31, Change (dollars in thousands) 2025 2024 ($) (%) General and administrative $ 145,905 $ 124,130 $ 21,775 18 % The increase in general and administrative expense of $21.8 million was primarily due to: • a $17.0 million increase in personnel costs, including $15.5 million in termination benefits including cash compensation and accelerated equity award vesting related to the passing of our former Chairman and Chief Executive Officer; and • a $2.3 million increase in acquisition-related expenses.

In February 2025, we acquired Vulcan Cyber Ltd., or Vulcan Cyber, for approximately $148 million in cash and $2 million of restricted stock units (RSUs) that vest over a future period. We expect to enter into arrangements to acquire or invest in other complementary businesses, services and technologies, including intellectual property rights, in the future.

See Note 6 to our consolidated financial statements for details about recent acquisitions. We expect to enter into arrangements to acquire or invest in other complementary businesses, services and technologies, including intellectual property rights, in the future. We expect to continue incurring operating losses in the near term.

Removed

Tenable One is an AI-powered exposure management platform that gives enterprises a single, unified view of risk across all types of assets and attack pathways. The platform combines broad, industry-leading vulnerability coverage, spanning IT assets, cloud resources, containers, web apps and identity systems.

Added

Exposure management i s an increasingly critical category that extends foundational vulnerability management capabilities to advance risk assessment and prioritization across the entire attack surface – from IT infrastructure and cloud environments to critical infrastructure and AI.

Removed

Added

The platform combines broad, industry-leading vulnerability coverage, spanning IT assets, cloud resources, containers, web apps, identity systems, third-party connectors and AI-related assets and workloads. Our solutions are primarily sold on a subscription basis with a one-year term, but are increasingly being sold with longer contractual durations. Our subscription terms are generally not longer than three years.

Removed

It leverages AI, and machine learning, or ML, rapidly analyzing and interpreting vast data sets to pinpoint priority weaknesses and high-risk attack paths, deliver recommendations and automate routine tasks. Tenable One integrates Tenable Vulnerability Management, Tenable Cloud Security, Tenable Identity Exposure, Tenable Web App Scanning, Tenable Lumin Exposure View, Tenable Attack Surface Management, Tenable Security Center and Tenable OT Security.

Added

Removed

Our products, including Nessus are also offered on a standalone basis. Our platform offerings are primarily sold on a subscription basis with a one-year term. Our subscription terms are generally not longer than three years. These offerings are typically prepaid in advance.

Added

Recently, however, the shift to annual installment billing for larger multi-year transactions is reducing our overall billing duration. We believe this shift creates a negative distortion in calculated current billings that fails to accurately represent the growth of our business and as such we have transitioned away from relying on calculated current billings to monitor performance of our business.

Removed

Calculated Current Billings We use the non-GAAP measure of calculated current billings, which we believe is a key metric to measure our periodic performance. Given that most of our customers pay in advance, we typically recognize a majority of the related revenue ratably over time.

Added

We have included calculated current billings for comparative purposes.

Removed

Free Cash Flow We use the non-GAAP measure of free cash flow, which we define as GAAP net cash flows from operating activities reduced by purchases of property and equipment and capitalized software development costs.

Added

We anticipate that these historical trends may be impacted by current macroeconomic conditions and U.S. policy decisions related to the funding of government agencies and the imposition of tariffs which may lengthen purchasing and approval phases of our sales cycle in 2026. The ratable nature of our subscription revenue makes this seasonality less apparent in our overall financial results.

Removed

We believe free cash flow is an important liquidity measure of the cash (if any) that is available, after purchases of property and equipment and capitalized software development costs, for investment in our business and to make acquisitions. We believe that free cash flow is useful as a liquidity measure because it measures our ability to generate cash.

Added

In the three months ended December 31, 2025, we recorded $3.1 million of restructuring 55 Table of Contents expense for non-ordinary course severance and employee-related benefits. We expect to record approximately $5.0 million in restructuring expense in the year ended December 31, 2026.

Removed

Our use of free cash flow has limitations as an analytical tool and you should not consider it in isolation or as a substitute for an analysis of our results under GAAP. First, free cash flow is not a substitute for net cash flows from operating activities.

Added

We expect to maintain this valuation allowance for the foreseeable future as it is more likely than not that some or all of those deferred tax assets may not be realized based on our history of losses. The valuation allowance is subject to change based on our ability to generate future taxable income.

Removed

Second, other companies may calculate free cash flow or similarly titled non-GAAP financial measures differently or may use other measures to evaluate their performance, all of which could reduce the usefulness of free cash flow as a tool for comparison.

Added

U.S. revenue increased $40.9 million, or 8%. International revenue increased $58.5 million, or 14%.

Removed

Additionally, the utility of free cash flow is further limited as it does not reflect our future contractual commitments and does not represent the total increase or decrease in our cash balance for a given period.

… 32 more changes not shown on this page.

Item 7A. Quantitative and Qualitative Disclosures About Market Risk

Market Risk — interest-rate, FX, commodity exposure

5 edited+0 added−0 removed6 unchanged

2024 filing

2025 filing

Biggest changeFrom January to December 2024, interest rates on our Term Loan have been between 7.44% and 8.22%. In February 2025, our Term Loan had an interest rate of 7.18%. A one percentage point increase in the rate would not have had a material impact on our financial statements.

Biggest changeIn 2025, interest rates on our Term Loan were between 6.78% and 7.22%. In January and February 2026, our Term Loan has an interest rate of 6.58% and 6.54%, respectively. A one percentage point increase in the rate would not have had a material impact on our financial statements.

A portion of our operating expenses are incurred outside the United States, denominated in foreign currencies and subject to fluctuations due to changes in foreign currency exchange rates, particularly changes in the Euro, British Pound, Australian dollar, Israeli New Shekel, Indian Rupee and Brazilian Real.

Inflation Risk While we do not believe that inflation has had a material effect on our business, results of operations, or financial condition through December 31, 2024, our costs, specifically employee-related and third-party cloud infrastructure costs, may become subject to significant inflationary pressures, and our inability or failure to fully offset such higher costs could harm our business, results of operations, or financial condition. 67 Table of Contents

Inflation Risk While we do not believe that inflation has had a material effect on our business, results of operations, or financial condition through December 31, 2025, our costs, specifically employee-related and third-party cloud infrastructure costs, may become subject to significant inflationary pressures, and our inability or failure to fully offset such higher costs could harm our business, results of operations, or financial condition. 65 Table of Contents

We also had $248.5 million of short-term investments, which consisted of commercial paper, asset backed securities, U.S. treasury and agency securities and corporate and Yankee bonds. Our investments are carried at 66 Table of Contents their fair market values with cumulative unrealized gains or losses recorded as a component of accumulated other comprehensive (loss) income within stockholders' equity.

We also had $214.4 million of short-term investments, which consisted of commercial paper, asset backed securities, U.S. treasury and agency securities and corporate and Yankee bonds. Our investments are carried at their fair market values with cumulative unrealized gains or losses recorded as a component of accumulated other comprehensive (loss) income within stockholders' equity.

Item 7A. Quantitative and Qualitative Disclosures about Market Risk We are exposed to market risks in the ordinary course of our business, including interest rate, foreign currency exchange and inflation risks. Interest Rate Risk At December 31, 2024, we had $328.6 million of cash and cash equivalents, which consisted of cash deposits and money market funds.

Item 7A. Quantitative and Qualitative Disclosures about Market Risk We are exposed to market risks in the ordinary course of our business, including interest rate, foreign currency exchange and inflation risks. 64 Table of Contents Interest Rate Risk At December 31, 2025, we had $187.8 million of cash and cash equivalents, which consisted of cash deposits and money market funds.

Top changes in Tenable Holdings, Inc.'s 2025 10-K

Item 1. Business

Item 1A. Risk Factors

Item 1C. Cybersecurity

Item 2. Properties

Item 3. Legal Proceedings

Item 5. Market for Registrant's Common Equity

Item 7. Management's Discussion & Analysis

Item 7A. Quantitative and Qualitative Disclosures About Market Risk

Other TENB 10-K year-over-year comparisons