10q10k10q10k.net

What changed in Tenable Holdings, Inc.'s 10-K2023 vs 2024

vs

Paragraph-level year-over-year comparison of Tenable Holdings, Inc.'s 2023 and 2024 10-K annual filings, covering the Business, Risk Factors, Legal Proceedings, Cybersecurity, MD&A and Market Risk sections. Every new, removed and edited paragraph is highlighted side-by-side so you can see exactly what management changed in the 2024 report.

+355 added342 removedSource: 10-K (2025-02-24) vs 10-K (2024-02-28)

Top changes in Tenable Holdings, Inc.'s 2024 10-K

355 paragraphs added · 342 removed · 275 edited across 7 sections

Item 1. Business

Business — how the company describes what it does

42 edited+16 added13 removed37 unchanged
Biggest changeWe see three distinct real-world challenges facing cybersecurity professionals that can be addressed with an exposure management program: Security programs today are reactive when they should be proactive; The attack surface isn’t siloed, but security programs often are; and There’s more data available than ever before, yet it’s difficult for security professionals to prioritize and apply the information in meaningful ways.
Biggest changeWe believe an exposure management program can solve three distinct real-world challenges facing cybersecurity professionals and their organizations: The attack surface isn’t siloed, but security programs often are; There’s more data than ever, yet it’s difficult for security professionals to analyze cyber risk context and insights to identify true exposures; and Security professionals and business leaders lack a common risk language to align and mobilize responses.
Our competitors include: vulnerability management and assessment vendors, including Qualys and Rapid7; diversified security software and services vendors; endpoint security vendors with vulnerability assessment capabilities, including CrowdStrike; public cloud vendors and companies, such as Palo Alto Networks and Wiz, that offer solutions for cloud security (private, public and hybrid cloud); and providers of point solutions that compete with some of the features present in our solutions.
Our competitors include: vulnerability management and assessment vendors, including Qualys and Rapid7; diversified security software and services vendors; endpoint security vendors with vulnerability assessment capabilities, including CrowdStrike; public cloud vendors and other companies, such as Palo Alto Networks and Wiz, that offer solutions for cloud security (private, public and hybrid cloud); and providers of point solutions that compete with some of the features present in our solutions.
We aim to incentivize our employees by aligning a portion of their compensation with the overall success of our business. In addition to base salary, our total rewards packages include annual bonuses, equity awards, an employee stock purchase plan, retirement plans, and health and wellness benefits.
We incentivize our employees by aligning a portion of their compensation with the overall success of our business. In addition to base salary, our total rewards packages include annual bonuses, equity awards, an employee stock purchase plan, retirement plans, and health and wellness benefits.
Our customers are located in over 170 countries and include organizations of all sizes and span a wide range of industries, including manufacturing, energy and industrials; technology, media and telecommunications; banking, insurance and finance; government, education and non-profit; healthcare; and retail and consumer. At December 31, 2023, we had approximately 44,000 customers.
Our customers are located in over 170 countries and include organizations of all sizes and span a wide range of industries, including manufacturing, energy and industrials; technology, media and telecommunications; banking, insurance and finance; government, education and non-profit; healthcare; and retail and consumer. At December 31, 2024, we had approximately 44,000 customers.
To accomplish these objectives, we intend to: Continue to acquire new enterprise platform customers. We believe there is a substantial opportunity to increase adoption of our enterprise platform offerings. We have experienced growth in new enterprise platform customers due to improved product capabilities and investments in sales and marketing.
To accomplish these objectives, we intend to: Continue to acquire new enterprise platform customers. We believe there is a substantial opportunity to increase adoption of our enterprise platform offerings. We have experienced growth in new enterprise platform customers due to expanded product capabilities and investments in sales and marketing.
At December 31, 2023 our customers included approximately 65% of the Fortune 500 and approximately 50% of the Global 2000 and large government agencies. In 2023, 2022 and 2021, no single customer represented more than 2% of our revenue.
At December 31, 2024 our customers included approximately 65% of the Fortune 500 and approximately 50% of the Global 2000 and large government agencies. In 2024, 2023 and 2022, no single customer represented more than 2% of our revenue.
We believe we have a significant opportunity to expand our relationships with our existing customers by targeting additional teams, business units or geographies, pursuing broad enterprise deployments and generally expanding our coverage of their network-connected assets and cross-selling new applications and solutions. Invest in our technology platform .
We believe we have a significant opportunity to expand our relationships with our existing customers by targeting additional teams, business units or geographies, pursuing 7 Table of Contents broad enterprise deployments and generally expanding our coverage of their network-connected assets and cross-selling new applications and solutions. Invest in our technology platform .
In order to be effective, an exposure management platform must extend beyond traditional vulnerability management, which concentrates on the discovery and remediation of publicly disclosed Common Vulnerabilities and Exposures, or CVEs.
To be effective, an exposure management platform must extend beyond traditional vulnerability management, which concentrates on the discovery and remediation of publicly disclosed Common Vulnerabilities and Exposures, or CVEs.
Our health and wellness benefits include medical and life insurance, paid time off, family leave, and employee 10 Table of Contents assistance programs. We are committed to a structured hybrid workplace strategy which both allows flexibility and recognizes the value of in-person collaboration and community.
Our health and wellness benefits include medical and life insurance, paid time off, family leave, and employee assistance programs. We are committed to a structured hybrid workplace strategy which both allows flexibility and recognizes the value of in-person collaboration and community.
We execute marketing programs targeted at new customer acquisition, customer retention and cross-selling and up-selling of products across our platform. Research and Development We continue to invest substantial resources in research and development to enhance our platform offerings by developing new features, functionality, and applications.
We execute marketing programs targeted at new customer acquisition, customer retention and cross-selling and up-selling of products across our platform. 8 Table of Contents Research and Development We continue to invest substantial resources in research and development to enhance our platform offerings by developing new features, functionality, and applications.
These laws prohibit or restrict the export of our products and services to certain countries, regions, governments, entities or persons subject to trade restrictions. For more information on the potential impacts of government regulations affecting our business, see “Risk Factors” included under Part I, Item 1A.
These laws prohibit or restrict the export of our products and services to certain countries, regions, governments, entities or persons subject to trade restrictions. For more information on the potential impacts of government regulations affecting our business, see Risk Factors included under Part I, Item 1A.
We strive to be a career destination where employees from all backgrounds are welcome and empowered, are treated with fairness and respect, can make a difference, and have the opportunity to grow. Compensation, Benefits and Talent Development We provide robust compensation and benefits packages to attract and retain our employees.
We strive to 10 Table of Contents be a career destination where employees from all backgrounds are welcome and empowered, are treated with fairness and respect, can make a difference, and have the opportunity to grow. Compensation, Benefits and Talent Development We provide robust compensation and benefits packages to attract and retain our employees.
As we collect more data and ingest more data from third-party sources, we believe our data set will become even more valuable over time, which will allow us to continue to develop new analytical products and capabilities to our existing product suite over time. 7 Table of Contents Explore acquisition opportunities .
As we collect more data and ingest more data from third-party sources, we believe our data set will become even more valuable over time, which will allow us to continue to develop new analytical products and capabilities to our existing product suite over time. Explore acquisition opportunities .
Despite our efforts to protect our trade secrets and proprietary rights through intellectual property rights, licenses and confidentiality and invention assignment agreements, unauthorized parties may still attempt to copy, reverse engineer, misappropriate or otherwise obtain and use 9 Table of Contents our software and technology.
Despite our efforts to protect our trade secrets and proprietary rights through intellectual property rights, licenses and confidentiality and invention assignment agreements, unauthorized parties may still attempt to copy, reverse engineer, misappropriate or otherwise obtain and use our software and technology.
In addition, we have taken the following actions to enable environmental stewardship: Implemented recycling in our offices; Offer biodegradable to-go boxes to reduce food waste; Have a strict policy for disposing of hardware; and Transitioned to a travel portal that provides detail on our carbon footprint.
In addition, we have taken the following actions to enable environmental stewardship: Implemented recycling in our offices; Offer biodegradable to-go boxes to reduce food waste; 11 Table of Contents Have a strict policy for disposing of hardware; and Use a travel portal that provides detail on our carbon footprint.
We have not experienced any work stoppages, and we consider our relations with our employees to be good. We believe in upholding a core set of values for our entire global workforce: One Tenable : We work together and we win together.
We have not experienced any work stoppages, and we consider our relations with our employees to be good. We uphold a core set of values for our entire global workforce: One Tenable: We work together and we win together.
Human Capital At December 31, 2023, we had 1,999 employees, including 898 employees located outside of the United States. None of our U.S. employees are represented by a labor union or covered by a collective bargaining agreement. Certain international employees are subject to collective bargaining agreements in connection with local labor laws.
Human Capital At December 31, 2024, we had 1,872 employees, including 854 employees located outside of the United States. None of our U.S. employees are represented by a labor union or covered by a collective bargaining agreement. Certain international employees are subject to collective bargaining agreements in connection with local labor laws.
We are focused on building demand across all segments with a specific emphasis on our enterprise customers and delivering tailored marketing programs for security executives, functional managers, security practitioners, managed service providers and consultants. Our marketing efforts are also designed to create a broad community and establish the Tenable brand as a trusted resource of credible educational information.
We are focused on building demand across all segments with a specific emphasis on our enterprise customers and delivering tailored marketing programs for security executives, functional managers, security practitioners, managed service providers and consultants. Our marketing efforts are also designed to establish the Tenable brand as a thought leader and trusted resource of credible educational information and original research.
We rely on a combination of trade secrets, copyrights, patents and trademarks, as well as contractual protections, to establish and protect our intellectual property rights and protect our proprietary technology. At December 31, 2023, we had 38 issued patents and 21 patent applications pending in the United States.
We rely on a combination of trade secrets, copyrights, patents and trademarks, as well as contractual protections, to establish and protect our intellectual property rights and protect our proprietary technology. At December 31, 2024, we had 47 issued patents and 22 patent applications pending in the United States.
Our issued patents expire between 2027 and 2042 and cover our network scanning, monitoring and analysis technologies and additional features of our platform offerings. At December 31, 2023, we had 20 registered trademarks in the United States. We view our copyrights, trade secrets and know-how as a significant component of our intellectual property assets.
Our issued patents expire between 2027 and 2042 and cover our network scanning, monitoring and analysis technologies and 9 Table of Contents additional features of our platform offerings. At December 31, 2024, we had 18 registered trademarks in the United States. We view our copyrights, trade secrets and know-how as a significant component of our intellectual property assets.
At December 31, 2023 and 2022, we had backlog of $23.4 million and $14.7 million, respectively. We expect the majority of the backlog at December 31, 2023 to be invoiced within the following 12 months. Competition The market for cybersecurity solutions is fragmented, intensely competitive and constantly evolving.
At December 31, 2024 and 2023, we had backlog of $33.2 million and $23.4 million, respectively. We expect the majority of the backlog at December 31, 2024 to be invoiced within the following 12 months. Competition The market for cybersecurity solutions is fragmented, intensely competitive and constantly evolving.
For most organizations, the modern attack surface includes: Complex and dynamic multi-cloud environments, which organizations are rapidly adopting even as they face a shortage of cloud security expertise; Identity and access management systems used to control machine identities, APIs and user privileges, which are vulnerable to misconfigurations that can open up attack pathways within an organization; An assortment of operational technology, or OT such as industrial control systems, or ICS, and supervisory control and data acquisition, or SCADA, systems which is increasingly internet-facing and is often linked to existing IT systems; Personal devices, including mobile phones and tablets, internet of things, or IoT, devices and other types of “shadow IT” used by employees, often without the knowledge of the IT and security teams; and Virtual machines, microservices, open-source code repositories, containers and other tools used by DevOps teams.
For most organizations, the modern attack surface has expanded to include: Complex and dynamic multi-cloud environments, which organizations are rapidly adopting even as they face a shortage of cloud security expertise; Artificial intelligence, or AI, including AI agents, which are programs that autonomously complete tasks to meet established goals; Identity and access management systems used to control machine identities, application programming interfaces, or APIs, and user privileges, which are vulnerable to misconfigurations that can open up attack pathways within an organization; An assortment of operational technology, or OT such as industrial control systems, or ICS, and supervisory control and data acquisition, or SCADA, systems which is increasingly internet-facing and is often linked to existing IT systems; Personal devices, including mobile phones and tablets, internet of things, or IoT, devices and other types of “shadow IT” used by employees, often without the knowledge of the IT and security teams; and Virtual machines, microservices, open-source code repositories, containers and other tools used by DevOps teams.
Such obligations may include, without limitation, the Federal Trade Commission Act, the California Consumer Privacy Act of 2018, or the CCPA, the Colorado Privacy Act, Virginia’s Consumer Data Protection Act, the Connecticut Privacy Act, the Utah Consumer Privacy Act, the European Union’s General Data Protection Regulation 2016/679, or EU GDPR, the EU GDPR as it forms part of the United Kingdom law by virtue of section 3 of the European Union (Withdrawal) Act of 2018, or UK GDPR, and the ePrivacy Directive.
Such obligations may include, without limitation, the Federal Trade Commission Act, the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020, or, collectively, the CCPA, the Colorado Privacy Act, Virginia’s Consumer Data Protection Act, the Connecticut Privacy Act, the Utah Consumer Privacy Act and similar U.S. state comprehensive privacy laws, the European Union’s General Data Protection Regulation 2016/679, or EU GDPR, the EU GDPR as it forms part of the United Kingdom law by virtue of section 3 of the European Union (Withdrawal) Act of 2018, or UK GDPR, and the ePrivacy Directive.
Our Board and management team recognize that we have a role to play in environmental stewardship. We believe that environmentally responsible operating practices are important to generating value for our stockholders, being a good partner with our customers and being a good employer to our employees.
Environmental Stewardship We care deeply about the places where we live and work. Our Board and management team recognize that we have a role to play in environmental stewardship. We believe that environmentally responsible operating practices are important to generating value for our stockholders, being a good partner with our customers and being a good employer to our employees.
We believe this capability is critical to help security executives effectively translate technical information and communicate cybersecurity risk to a non-technical audience, including the C-suite and the board of directors, to enable them to make better strategic decisions on where to focus investment to maximize cybersecurity risk reduction. Tenable Attack Surface Management : our External Attack Surface Management solution continuously maps the internet, enabling security teams to discover connections to internet-facing assets so they can assess the cybersecurity posture of their entire external attack surface. Tenable Security Center : our on-premises Vulnerability Management offering that provides a risk-based view of an organization’s IT, security and compliance posture so organizations can quickly identify, investigate and prioritize their assets and vulnerabilities based on risk assessment and predictive analytics, and provide insightful remediation guidance. 6 Table of Contents Tenable OT Security : our Operational Technology Security solution that provides threat detection, asset tracking, vulnerability management, and configuration control capabilities to protect OT environments, including industrial networks.
We believe this capability is critical to help security executives effectively translate technical information and communicate cybersecurity risk to a non-technical audience, including the C-suite and the board of directors, to enable them to make better strategic decisions on where to focus investment to maximize cybersecurity risk reduction. 6 Table of Contents Tenable Attack Surface Management : Our solution continuously maps the internet to deliver comprehensive visibility into internet-facing assets, even those security teams don't know about, so they can assess the cybersecurity posture of their entire external attack surface for a more complete picture of where they may be exposed. Tenable Security Center : Our on-premises vulnerability management offering that provides a risk-based view of an organization’s IT, security and compliance posture so organizations can quickly identify, investigate and prioritize their assets and vulnerabilities based on risk assessment and predictive analytics, and provide insightful remediation guidance. Tenable OT Security : Our unified security solution for converged OT/IoT environments provides threat detection, asset tracking, vulnerability management, and configuration control capabilities to protect OT environments, including industrial networks.
Tenable Cloud Security provides cloud security teams the tools they need to apply security and compliance policies, prioritize security gaps and remediate risks that matter most across multi-cloud environments. Tenable Identity Exposure : our solution to secure Active Directory environments by enabling users to find and fix existing weaknesses before they are exploited and detect and respond to ongoing attacks in real time without the need to deploy agents or use privileged accounts. Tenable Web App Scanning : our easy-to-use, comprehensive and automated Vulnerability Scanning for modern web applications, which allows organizations to quickly configure and manage web app scans, enabling them to identify vulnerabilities and prioritize remediation. Tenable Lumin Exposure View : our measurement tool, which leverages our expansive knowledge base of assets and vulnerabilities coupled with data science insights, to help our customers objectively score, trend and benchmark cyber risk across their organizations, including by business unit or geography, for comparison and best practices.
Users can find and fix existing weaknesses before they are exploited and detect and respond to ongoing attacks in real time without the need to deploy agents or use privileged accounts. Tenable Web App Scanning : Our easy-to-use, comprehensive and automated Vulnerability Scanning for modern web applications, which allows organizations to quickly configure and manage web app scans, enabling them to identify vulnerabilities and prioritize remediation. Tenable Lumin Exposure View : Our measurement tool, which leverages our expansive knowledge base of assets and vulnerabilities coupled with data science insights, to help our customers objectively score, trend and benchmark cyber risk across their organizations, including by business unit or geography, for comparison and best practices.
The platform must include information about configuration issues, vulnerabilities and attack paths across a spectrum of assets and technologies including cloud configurations and deployments, identity solutions, such as Active Directory; and web applications. With these considerations in mind, we launched Tenable One in October 2022.
The platform must include information about configuration issues, vulnerabilities and attack paths across a spectrum of assets and technologies including cloud configurations and deployments, identity solutions, such as Active Directory, and web applications.
Our channel partners include distributors, value-added resellers, system integrators and managed security service providers. Our marketing efforts focus on cultivating brand awareness and leveraging our track record of innovation in exposure management to expand into new markets.
Our channel partners include distributors, value-added resellers, system integrators and managed security service providers. Our marketing initiatives cultivate brand awareness and leverage our track record of innovation in exposure management to expand into new markets, such as cloud security.
All of the above products, now available in Tenable One, continue to be offered as standalone solutions. In addition, our Nessus product line is one of the most widely deployed vulnerability assessment solutions in the cybersecurity industry and underpins our enterprise platform. Since the introduction of Nessus in 1998, we have built and nurtured an extensive community of Nessus users.
Our Nessus Solutions Our Nessus product line is one of the most widely deployed vulnerability assessment solutions in the cybersecurity industry and underpins our enterprise platform. Since the introduction of Nessus in 1998, we have built and nurtured an extensive community of Nessus users.
Our Tenable Research Team has developed AI-based research tools to help improve efficiency and effectiveness in processes such as reverse engineering, code debugging, web app security and visibility into cloud-based tools.
Our Tenable Research team has developed AI-based research tools to help improve efficiency and effectiveness in processes such as reverse engineering, code debugging, web app security and visibility into cloud-based tools. Frequent updates from Tenable Research ensure the latest vulnerability checks, zero-day research, and configuration benchmarks are available within our exposure management solutions.
Our key human capital objectives are to attract, retain, engage, reward and develop our highly talented existing and future employees, while cultivating a diverse and inclusive workforce and culture to achieve exceptional business results.
We speak candidly and always do the right thing. What We Do Matters: The work that we do makes a difference in this world. Our key human capital objectives are to attract, retain, engage, reward and develop our highly talented existing and future employees, while cultivating an inclusive workforce and culture to achieve exceptional business results.
Tenable and our employees have donated time and money to important environmental causes, such as healthy waterways and other clean-up efforts, recycling, carbon footprint mitigation and protection of threatened wildlife.
Tenable and our employees have donated time and money to important environmental causes, such as healthy waterways and other clean-up efforts, recycling, carbon footprint mitigation and protection of threatened wildlife. Financial Information and Segments See Note 1 and Note 13 to our consolidated financial statements in this Annual Report on Form 10-K for segment and geographical information.
The platform combines the broad, industry leading, vulnerability coverage, spanning IT assets, cloud resources, containers, web apps and identity systems. Tenable One builds on the speed and breadth of vulnerability coverage from our research team of cybersecurity and data science experts, or Tenable Research, and adds aggregated exposure view analytics, guidance on mitigating attack pathways and a centralized asset inventory.
Tenable One builds on the speed and breadth of vulnerability coverage from our research team of cybersecurity and data science experts, or Tenable Research, and adds aggregated exposure view analytics, guidance on mitigating attack pathways, centralized asset inventory and patch management that correlates vulnerabilities with remediation actions.
The SEC’s website https://www.sec.gov contains reports, proxy and information statements, and other information regarding issuers that file electronically with the SEC. The contents of any website referred to in this Form 10-K are not intended to be incorporated into this Annual Report on Form 10-K or in any other report or document we file with the SEC.
These channels be may updated from time to time on our investor relations website. The contents of any website referred to in this Form 10-K are not intended to be incorporated into this Annual Report on Form 10-K or in any other report or document we file with the SEC.
Frequent updates from Tenable Research ensure the latest vulnerability checks, zero-day research, and configuration benchmarks are available within our exposure management solutions. 8 Table of Contents We believe ongoing and timely development of new products and features is imperative to maintaining our competitive position. We continue to invest in development of our solutions across our global research and development team.
We believe ongoing and timely development of new products and features is imperative to maintaining our competitive position. We continue to invest in development of our solutions across our global research and development team.
Tenable Holdings, Inc. was incorporated in Delaware in October 2015. In November 2015, Tenable Network Security, Inc. was merged into a wholly owned subsidiary and in 2017 was renamed as Tenable, Inc. Our principal executive offices are located at 6100 Merriweather Drive, Columbia, Maryland 21044. Our telephone number is (410) 872-0555. Our website address is www.tenable.com.
Our principal executive offices are located at 6100 Merriweather Drive, Columbia, Maryland 21044. Our telephone number is (410) 872-0555. Our website address is www.tenable.com.
AI and ML improves vulnerability prioritization and the ability to accurately gauge the risk posed by identities and entitlements across cloud and on-premise environments. Tenable One incorporates these Tenable products: Tenable Vulnerability Management : our cloud-delivered software-as-a-service, or SaaS, vulnerability management offering that provides organizations with a risk-based view of traditional and modern attack surfaces.
Tenable One integrates the following products and tools: Tenable Vulnerability Management : Our cloud-delivered software-as-a-service, or SaaS, vulnerability management offering provides organizations with a risk-based view of traditional and modern attack surfaces. Tenable Vulnerability Management empowers organizations to know, expose and close their critical vulnerabilities.
The complexity of the modern attack surface is a key driver behind the growing need for exposure management programs. Security teams are overwhelmed with the constant influx of data from the array of point solutions they are using to manage cloud assets, interconnected vulnerabilities, web applications, and identity systems.
Security teams are overwhelmed by the constant influx of data from the array of point solutions they are using to manage cloud assets, interconnected vulnerabilities, web applications, and identity systems. They are also challenged with effectively analyzing all that data to make informed decisions about which exposures represent the greatest risk to the organization.
Successfully implemented, an exposure management platform allows organizations to: Gain comprehensive visibility across the modern attack surface; Anticipate threats and prioritize efforts to prevent attacks; and Communicate cyber risk to make better decisions.
Successfully implemented, an exposure management platform allows organizations to: Gain comprehensive visibility across the modern attack surface; Bring cyber risk context and insights from across the attack surface together as one; and 5 Table of Contents Take swift action to eradicate priority cyber exposures and reduce business risk.
Tenable One leverages artificial intelligence, or AI, and machine learning, or ML, to rapidly analyze and interpret vast data sets, deliver rapid prioritization of exposures and assets and the likelihood of exploit, deliver recommendations, and automates routine tasks and streamlines workflows.
It leverages AI, and machine learning, or ML, rapidly analyzing and interpreting vast data sets to pinpoint priority weaknesses and high-risk attack paths, deliver recommendations and automate routine tasks.
The rapid adoption of these and other digital technologies is expanding the modern attack surface.
This rapid digital transformation is dramatically expanding the modern attack surface and introducing new exposures cyber risks capable of causing liability, loss and irreparable harm.
Financial Information and Segments See Note 1 and Note 13 to our consolidated financial statements in this Annual Report on Form 10-K for segment and geographical information. 11 Table of Contents Corporate Information Tenable Network Security, Inc., our predecessor, was incorporated under the laws of the State of Delaware in 2002.
Corporate Information Tenable Network Security, Inc., our predecessor, was incorporated under the laws of the State of Delaware in 2002. Tenable Holdings, Inc. was incorporated in Delaware in October 2015. In November 2015, Tenable Network Security, Inc. was merged into a wholly owned subsidiary and in 2017 was renamed as Tenable, Inc.
Removed
Item 1. Business Overview We are a leading provider of exposure management solutions. Exposure management is an effective discipline for measuring, comparing and reducing cybersecurity risk in today's complex IT environments. 4 Table of Contents Organizations around the globe are accelerating their adoption of public and private cloud infrastructure, introducing internet-facing applications and embracing new identity management systems.
Added
Item 1. Business Overview We are a leading provider of exposure management solutions. Exposure management is the evolution of vulnerability management, advancing risk assessment and prioritization across the entire attack surface – from IT infrastructure to cloud environments to critical infrastructure.
Removed
They are also challenged with effectively analyzing all that data to make informed, proactive decisions about which exposures represent the greatest risk to the organization. The combination of all these factors presents cybersecurity teams with obstacles that reach beyond the scope of existing point tools.
Added
Tenable unifies security visibility, insight and action across this attack surface, equipping modern organizations to expose and close the cybersecurity gaps that erode business value, reputation and trust. Organizations are increasingly accelerating their adoption of public and private cloud infrastructure, implementing internet-facing applications and embracing new identity management systems.
Removed
Tenable One unifies a variety of data sources into a single exposure view to help organizations gain visibility, prioritize efforts and communicate cyber risks.
Added
The complexity of the modern attack surface is a key driver behind the growing need for exposure management programs. Scattered products and siloed views have left organizations struggling to hold back threats across a fragmented attack surface.
Removed
Building on our existing products, Tenable One is designed to take advantage of the integrations that already exist with our partners and form the foundation of an exposure management program, alongside the other tools, such as endpoint detection and response, or EDR, and firewalls, and required business processes.
Added
Existing point tools cannot adequately address the central challenge of modern security: a deeply divided approach to seeing and reducing cyber risk.
Removed
In 2023, 2022 and 2021 our total revenue was $798.7 million, $683.2 million and $541.1 million, respectively, representing year-over-year growth rates of 17% from 2022 to 2023 and 26% from 2021 to 2022. Our net loss was $78.3 5 Table of Contents million, $92.2 million and $46.7 million in 2023, 2022 and 2021, respectively.
Added
Our Enterprise Platform Offerings Tenable One is an AI-powered exposure management platform that gives enterprises a single, unified view of risk across all types of assets and attack pathways. The platform combines broad, industry-leading vulnerability coverage, spanning IT assets, cloud resources, containers, web apps and identity systems.
Removed
Our cash flows from operating activities were $149.9 million, $131.2 million and $96.8 million in 2023, 2022 and 2021, respectively. Our Solutions With Tenable One, organizations can translate technical data about assets, vulnerabilities and threats into clear business insights and actionable intelligence for security executives and practitioners.
Added
The solution is designed to find hidden vulnerabilities with continuous, always-on asset discovery and assessment of known and unknown assets–even highly dynamic cloud or remote workforce assets–in an environment.
Removed
Tenable Vulnerability Management is designed with views, workflows and dashboards to deliver a complete and continuous view of all assets, both known and previously unknown, and any associated vulnerabilities, internal and regulatory compliance violations, misconfigurations and other cybersecurity issues, prioritize these issues for remediation based on risk assessment and predictive analytics, and provide insightful remediation guidance. • Tenable Cloud Security : Built on innovative cloud-native application protection platform (CNAPP) technology, and leading cloud infrastructure entitlement management (CIEM) acquired with Ermetic in October 2023, Tenable Cloud Security enables security teams to continuously assess the security posture of their cloud environments by maintaining a current view of cloud assets and identities to minimize exposure and enforce a least privilege approach at scale.
Added
Tenable Vulnerability Management also identifies which vulnerabilities to fix first with automated prioritization that combines vulnerability data, threat intelligence and data science. • Tenable Cloud Security : Our cloud security solution that helps organizations reduce risk by rapidly exposing and closing priority security gaps caused by misconfigurations, risky entitlements and vulnerabilities in one powerful cloud native application protection platform (CNAPP).
Removed
We speak candidly and we always do the right thing. • What We Do Matters : The work that we do makes a difference in the world.
Added
From development to runtime, Tenable Cloud Security continuously analyzes cloud resources to find the most important risks, spot unknown threats and toxic combinations of security issues and deliver actionable insights within minutes.
Removed
Diversity and Inclusion We seek to cultivate a diverse and inclusive workforce and environment to achieve exceptional business results. When we value and celebrate differences, we drive more innovation and grow closer to our customers, partners, and communities.
Added
Our cloud infrastructure entitlement management (CIEM) gives users control over access entitlements so they can eradicate exposures caused by human and service identities in the cloud and achieve least-privilege access to cloud resources and data at scale.
Removed
We strive to be a career destination where employees from all backgrounds are welcomed, treated with fairness and respect, empowered to make a difference, and provided opportunities to grow.
Added
Data security posture management (DSPM) and AI security posture management (AI-SPM) capabilities enable users to automatically discover, classify and analyze sensitive data risk and protect AI workloads with flexible, agentless scanning. • Tenable Identity Exposure : Our solution offers end-to-end protection from identity-based threats by unifying identities across Active Directory, hybrid and Entra ID.
Removed
We undertake numerous efforts to increase diversity in our employee population and to foster a culture of fairness and belonging through a number of measures in our recruiting, engagement, retention, and outreach practices.
Added
Engagement and Inclusion Engagement and inclusion at Tenable is a catalyst for cultivating a workplace where every individual's unique strengths contribute to a culture of innovation, belonging and community impact. Our engagement and inclusion mission aligns all initiatives with our Workforce Diversity, Workplace Inclusion and Community Impact pillars to enhance our overall employee value proposition.
Removed
Our dedicated Diversity & Inclusion Council and Employee Resource Groups – along with our committed leaders and managers – strive to attract and hire employees who bring broad diversity of background, thought and style into the company and foster a sense of inclusion to make them want to stay.
Added
It emphasizes that an inclusive culture fosters employee engagement, fuels innovation and yields outstanding business results. We strive to be a career destination where employees from all backgrounds, regardless of race, gender, ethnicity, sexual orientation or disability, can do their best work.
Removed
To support these initiatives, we build partnerships within our communities to support organizations and events that strive for greater representation of women and underrepresented minorities in cybersecurity, hold inclusion training and offer targeted development opportunities to assist with career advancement. Environmental Stewardship We care deeply about the places where we live and work.
Added
Our engagement and inclusion mission pillars include: • Workforce Diversity: Attract, retain, and develop talent through strategic partnerships with diversity organizations, targeted branding and inclusive engagement and development opportunities for all employees. • Workplace Inclusion: Cultivate an inclusive workplace where all employees feel they belong and are given the support they need to thrive. • Community Impact: Increase our commitment to supporting the next generation of STEM talent in underrepresented communities.
Added
The SEC’s website https://www.sec.gov contains reports, proxy and information statements, and other information regarding issuers that file electronically with the SEC. Investors and others should note that we may announce material business and financial information to our investors using our investor relations website (https://investors.tenable.com), our filings with the SEC, our website, webcasts, press releases, and conference calls.
Added
We use these mediums, including our website, to communicate with investors and the general public about our company, our products, and other issues, and for complying with our disclosure obligations under Regulation FD. It is possible that the information that we make available on our website may be deemed to be material information.
Added
We therefore encourage investors and others interested in our company to review the information that we make available on our website, in addition to following our SEC filings, our webcasts, press releases, and conference calls. The information we post through these channels is not a part of this Annual Report on Form 10-K.

Item 1A. Risk Factors

Risk Factors — what could go wrong, per management

136 edited+51 added13 removed297 unchanged
Biggest changeFactors that could cause fluctuations in the market price of our common stock include the following: actual or anticipated changes or fluctuations in our operating results; the financial projections we may provide to the public, any changes in these projections or our failure to meet these projections; announcements by us or our competitors of new products or new or terminated significant contracts, commercial relationships or capital commitments; industry or financial analyst or investor reaction to our press releases, other public announcements and filings with the SEC; rumors and market speculation involving us or other companies in our industry; price and volume fluctuations in the overall stock market from time to time; changes in operating performance and stock market valuations of other technology companies generally, or those in our industry in particular; failure to comply with the terms of the Credit Agreement; sales of shares of our common stock by us or our stockholders; failure of industry or financial analysts to maintain coverage of us, changes in financial estimates by any analysts who follow our company, or our failure to meet these estimates or the expectations of investors; actual or anticipated developments in our business or our competitors’ businesses or the competitive landscape generally; litigation involving us, our industry or both, or investigations by regulators into our operations or those of our competitors; developments or disputes concerning our intellectual property rights or our solutions, or third-party proprietary rights; announced or completed acquisitions of businesses or technologies by us or our competitors; new or proposed laws or regulations or new interpretations of existing laws or regulations applicable to our business, including proposed changes to the U.S. corporate income tax rate and capital gains tax rates; any major changes in our management or our Board of Directors; general economic conditions and slow or negative growth of our markets; and other events or factors, including those resulting from public health crises such as pandemics or similar outbreaks, war, incidents of terrorism or responses to these events. 36 Table of Contents Recently, the stock markets have experienced extreme price and volume fluctuations that have affected and continue to affect the market prices of equity securities of many companies, high rates of inflation and interest rates, disruptions in access to bank deposits or lending commitments due to bank failures and uncertainty about economic stability and concerns about an economic recession in the United States or other major markets, the ongoing military conflict between Ukraine and Russia, the ongoing conflict in the Middle East, increasing tensions between China and Taiwan and macroeconomic conditions.
Biggest changeFactors that could cause fluctuations in the market price of our common stock include the following: actual or anticipated changes or fluctuations in our operating results; the financial projections we may provide to the public, any changes in these projections or our failure to meet these projections; 38 Table of Contents announcements by us or our competitors of new products or new or terminated significant contracts, commercial relationships or capital commitments; industry or financial analyst or investor reaction to our press releases, other public announcements and filings with the SEC; rumors and market speculation involving us or other companies in our industry; price and volume fluctuations in the overall stock market from time to time; changes in operating performance and stock market valuations of other technology companies generally, or those in our industry in particular; failure to comply with the terms of the Credit Agreement; sales of shares of our common stock by us or our stockholders; failure of industry or financial analysts to maintain coverage of us, changes in financial estimates by any analysts who follow our company, or our failure to meet these estimates or the expectations of investors; actual or anticipated developments in our business or our competitors’ businesses or the competitive landscape generally; litigation involving us, our industry or both, or investigations by regulators into our operations or those of our competitors; developments or disputes concerning our intellectual property rights or our solutions, or third-party proprietary rights; announced or completed acquisitions of businesses or technologies by us or our competitors; new or proposed laws or regulations or new interpretations of existing laws or regulations applicable to our business, including changes to the U.S. corporate income tax rate and capital gains tax rates; any major changes in our management or our Board of Directors; general economic conditions and slow or negative growth of our markets; and other events or factors, including those resulting from public health crises such as pandemics or similar outbreaks, war, incidents of terrorism or responses to these events.
If we do not continue to innovate and offer solutions that address the dynamic cybersecurity landscape, we may not remain competitive. We may not be able to sustain our revenue growth rate in the future. We may not be able to scale our business quickly enough to meet our customers’ growing needs. Our brand, reputation and ability to attract, retain and serve our customers are dependent in part upon the reliability and accuracy of our data, solutions, infrastructure and those of third parties upon which we rely.
If we do not continue to innovate and offer solutions that address the dynamic cybersecurity landscape, we may not remain competitive. We may not be able to sustain our revenue growth rate in the future. We may not be able to continue to scale our business quickly enough to meet our customers’ growing needs. Our brand, reputation and ability to attract, retain and serve our customers are dependent in part upon the reliability and accuracy of our data, solutions, infrastructure and those of third parties upon which we rely.
Any decline in our customer renewals, terminations or failure to convince our customers to expand their use of subscription offerings would harm our business, results of operations, and financial condition. We rely on third parties to maintain and operate certain elements of our network infrastructure. We are subject to stringent and changing laws, regulations, rules, contractual obligations, policies, and other obligations related to data privacy and security.
Any decline in our customer renewals, terminations or failure to convince our customers to expand their use of our subscription offerings would harm our business, results of operations, and financial condition. We rely on third parties to maintain and operate certain elements of our network infrastructure. We are subject to stringent and changing laws, regulations, rules, contractual obligations, policies, and other obligations related to data privacy and security.
Any decline in our customer renewals, terminations or failure to convince our customers to expand their use of subscription offerings would harm our business, results of operations, and financial condition. Our subscription offerings are term-based and a majority of our subscription contracts are for one year in duration.
Any decline in our customer renewals, terminations or failure to convince our customers to expand their use of our subscription offerings would harm our business, results of operations, and financial condition. Our subscription offerings are term-based and a majority of our subscription contracts are for one year in duration.
Our revenue and results of operations have historically varied from period to period, and we expect that they will continue to do so as a result of a number of factors, many of which are outside of our control, including: the level of demand for our solutions; the introduction of new products and product enhancements by existing competitors or new entrants into our market, and changes in pricing for solutions offered by us or our competitors; the rate of renewal of subscriptions, and extent of expansion of assets under such subscriptions, with existing customers; the mix of customers licensing our products on a subscription basis as compared to a perpetual license; large customers failing to renew their subscriptions; the size, timing and terms of our subscription agreements with new customers; our ability to interoperate our solutions with our customers’ network and security infrastructure, including remote devices; the timing and growth of our business, in particular through our hiring of new employees and international expansion; network outages, security breaches, technical difficulties or interruptions with our solutions (including security breaches by our service providers or vendors); changes in the growth rate of the markets in which we compete; the length of the license term, amount prepaid and other material terms of subscriptions to our solutions sold during a period; customers delaying purchasing decisions in anticipation of new developments or enhancements by us or our competitors or otherwise; changes in customers’ budgets; seasonal variations related to sales and marketing and other activities, such as expenses related to our customers; our ability to increase, retain and incentivize the channel partners that market and sell our solutions; our ability to integrate our solutions with our ecosystem partners’ technology; our ability to integrate any future acquisitions of businesses; our brand and reputation; the timing of our adoption of new or revised accounting pronouncements applicable to public companies and the impact on our results of operations; our ability to control costs, including our operating expenses, such as personnel costs, third-party cloud infrastructure costs and facilities costs; 19 Table of Contents our ability to hire, train and maintain our direct sales force; unforeseen litigation and intellectual property infringement; fluctuations in our effective tax rate; general economic and political conditions, both domestically and internationally, as well as economic conditions specifically affecting industries in which our customers operate; and other events or factors, including those resulting from public health crises such as pandemics or similar outbreaks, war, incidents of terrorism or responses to these events, or an economic recession in the United States or other major markets.
Our revenue and results of operations have historically varied from period to period, and we expect that they will continue to do so as a result of a number of factors, many of which are outside of our control, including: the level of demand for our solutions; the introduction of new products and product enhancements by existing competitors or new entrants into our market, and changes in pricing for solutions offered by us or our competitors; the rate of renewal of subscriptions, and extent of expansion of assets under such subscriptions, with existing customers; the mix of customers licensing our products on a subscription basis as compared to a perpetual license; large customers failing to renew their subscriptions; the size, timing and terms of our subscription agreements with new customers; our ability to interoperate our solutions with our customers’ network and security infrastructure, including remote devices; the timing and growth of our business, in particular through our hiring of new employees and international expansion; network outages, security breaches, technical difficulties or interruptions with our solutions (including security breaches by our service providers or vendors); changes in the growth rate of the markets in which we compete; the length of the license term, amount prepaid and other material terms of subscriptions to our solutions sold during a period; customers delaying purchasing decisions in anticipation of new developments or enhancements by us or our competitors or otherwise; changes in customers’ budgets; seasonal variations related to sales and marketing and other activities, such as expenses related to our customers; our ability to increase, retain and incentivize the channel partners that market and sell our solutions; our ability to integrate our solutions with our ecosystem partners’ technology; our ability to integrate any future acquisitions of businesses; our brand and reputation; the timing of our adoption of new or revised accounting pronouncements applicable to public companies and the impact on our results of operations; our ability to control costs, including our operating expenses, such as personnel costs, third-party cloud infrastructure costs and facilities costs; our ability to hire, train and maintain our direct sales force; unforeseen litigation and intellectual property infringement; fluctuations in our effective tax rate; general economic and political conditions, both domestically and internationally, as well as economic conditions specifically affecting industries in which our customers operate; and 21 Table of Contents other events or factors, including those resulting from public health crises such as pandemics or similar outbreaks, war, incidents of terrorism or responses to these events, or an economic recession in the United States or other major markets.
If our channel partners choose to place greater emphasis on products of their own or those offered by our competitors or a result of an acquisition, competitive factors or other reasons do not continue to market and sell our solutions in an effective manner or at all, our ability to grow our business and sell our solutions, particularly in key international markets, may be adversely affected.
If our channel partners choose to place greater emphasis on products of their own or those offered by our competitors or as a result of an acquisition, competitive factors or other reasons do not continue to market and sell our solutions in an effective manner or at all, our ability to grow our business and sell our solutions, particularly in key international markets, may be adversely affected.
Acquisitions involve many risks, including the following: 28 Table of Contents an acquisition may negatively affect our financial results because it may require us to incur charges or assume substantial debt or other liabilities, may cause adverse tax consequences or unfavorable accounting treatment, may expose us to claims and disputes by third parties, including intellectual property claims and disputes, or may not generate sufficient financial return to offset additional costs and expenses related to the acquisition; we may encounter difficulties or unforeseen expenditures in integrating the business, technologies, products, personnel or operations of any company that we acquire, particularly if key personnel of the acquired company decide not to work for us; an acquisition may disrupt our ongoing business, divert resources, increase our expenses and distract our management; an acquisition may result in a delay or reduction of customer purchases for both us and the company acquired due to customer uncertainty about continuity and effectiveness of service from either company; we may encounter difficulties in, or may be unable to, successfully sell any acquired solutions; an acquisition may involve the entry into geographic or business markets in which we have little or no prior experience or where competitors have stronger market positions; our use of cash to pay for an acquisition would limit other potential uses for our cash; the issuance of additional stock in connection with an acquisition could result in substantial dilution to our existing stockholders; and if we incur debt to fund such acquisition, such debt may subject us to material restrictions on our ability to conduct our business as well as financial maintenance covenants.
Acquisitions involve many risks, including the following: an acquisition may negatively affect our financial results because it may require us to incur charges or assume substantial debt or other liabilities, may cause adverse tax consequences or unfavorable accounting treatment, may expose us to claims and disputes by third parties, including intellectual property claims and disputes, or may not generate sufficient financial return to offset additional costs and expenses related to the acquisition; we may encounter difficulties or unforeseen expenditures in integrating the business, technologies, products, personnel or operations of any company that we acquire, particularly if key personnel of the acquired company decide not to work for us; an acquisition may disrupt our ongoing business, divert resources, increase our expenses and distract our management; an acquisition may result in a delay or reduction of customer purchases for both us and the company acquired due to customer uncertainty about continuity and effectiveness of service from either company; we may encounter difficulties in, or may be unable to, successfully sell any acquired solutions; an acquisition may involve the entry into geographic or business markets in which we have little or no prior experience or where competitors have stronger market positions; our use of cash to pay for an acquisition would limit other potential uses for our cash; the issuance of additional stock in connection with an acquisition could result in substantial dilution to our existing stockholders; and if we incur debt to fund such acquisition, such debt may subject us to material restrictions on our ability to conduct our business as well as financial maintenance covenants.
Some defects may cause our solutions to be vulnerable to attacks, cause them to fail to detect vulnerabilities, or temporarily interrupt customers’ networking traffic or operational technology environments, any of which may damage our customers’ business and could hurt our reputation. As a result of any of the risks associated with our SaaS business, we may experience adverse consequences.
Some defects may cause our solutions to be vulnerable to attacks, cause them to fail to detect vulnerabilities, or temporarily interrupt customers’ networking traffic or operational technology environments, any of which may damage our customers’ business and could hurt our reputation. As a result of any of the risks associated with our SaaS business, we may experience material adverse consequences.
We are required, pursuant to Section 404 of the Sarbanes-Oxley Act, or Section 404, to furnish a report by management on, among other things, the effectiveness of our internal control over financial reporting on an annual basis. This assessment includes disclosure of any material weaknesses identified by our management in our internal control over financial reporting.
We are required, pursuant to Section 404 of the Sarbanes-Oxley Act to furnish a report by management on, among other things, the effectiveness of our internal control over financial reporting on an annual basis. This assessment includes disclosure of any material weaknesses identified by our management in our internal control over financial reporting.
For example, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020, CPRA or collectively, the CCPA, imposes obligations on covered businesses to provide specific disclosures in privacy notices and honor requests of California residents to exercise certain rights related to their personal data.
For example, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020, or collectively, the CCPA, imposes obligations on covered businesses to provide specific disclosures in privacy notices and honor requests of California residents to exercise certain rights related to their personal data.
If our information technology systems or data, or those of third parties upon which we rely, are or were compromised, or if our solutions fail to detect vulnerabilities or incorrectly detect vulnerabilities, or if they contain undetected errors or defects, we could experience adverse consequences.
If our information technology systems or data, or those of third parties upon which we rely, are or were compromised or disrupted, or if our solutions fail to detect vulnerabilities or incorrectly detect vulnerabilities, or if they contain undetected errors or defects, we could experience adverse consequences.
Furthermore, future or past business transactions, such as acquisitions or integrations, could expose us to additional cybersecurity risks and vulnerabilities, as our systems could be negatively affected by vulnerabilities present in acquired or integrated entities' systems and technologies.
Future or past business transactions, such as acquisitions or integrations, could expose us to additional cybersecurity risks and vulnerabilities, as our systems could be negatively affected by vulnerabilities present in acquired or integrated entities' systems and technologies.
Our current international operations and future initiatives will involve a variety of risks, including: increased management, infrastructure and legal costs associated with having international operations; reliance on channel partners; trade and foreign exchange restrictions, including potential changes in trade relations arising from policy initiatives; volatility of foreign exchange rates; economic or political instability in foreign markets, including instability related to the United Kingdom’s recent exit from the European Union and the corresponding impact on its ongoing legal, political, and economic relationship with the European Union and heightened levels of inflation; 26 Table of Contents greater difficulty in enforcing contracts, accounts receivable collection and longer collection periods; changes in regulatory requirements, including, but not limited to data privacy, data protection and data security regulations; difficulties and costs of staffing, managing and potentially reorganizing foreign operations, including increased employee recruitment, training and retention costs related to global employment turnover trends and inflationary pressures in the labor market; the uncertainty and limitation of protection for intellectual property rights in some countries; costs of compliance with foreign laws and regulations and the risks and costs of non-compliance with such laws and regulations; differing labor regulations in foreign jurisdictions where labor laws are generally more advantageous to employees, including deemed hourly wage and overtime regulations in these locations; costs of compliance with U.S. laws and regulations for foreign operations, including the FCPA, import and export control laws, tariffs, trade barriers, economic sanctions and other regulatory or contractual limitations on our ability to sell or provide our solutions in certain foreign markets, and the risks and costs of non-compliance; requirements to comply with foreign privacy, data protection and information security laws and regulations and the risks and costs of noncompliance; heightened risks of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of, and irregularities in, financial statements; the potential for political unrest, public health crises such as pandemics or similar outbreaks, acts of terrorism, hostilities or war, including the conflict between Ukraine and Russia, the ongoing conflict in the Middle East and increasing tensions between China and Taiwan; management communication and integration problems resulting from cultural differences and geographic dispersion; costs associated with language localization of our solutions; and costs of compliance with multiple and possibly overlapping tax structures and regimes.
Our current international operations and future initiatives will involve a variety of risks, including: increased management, infrastructure and legal costs associated with having international operations; reliance on channel partners; trade and foreign exchange restrictions, including potential changes in trade relations arising from policy initiatives; volatility of foreign exchange rates; economic or political instability in foreign markets, including instability related to the United Kingdom’s recent exit from the European Union and the corresponding impact on its ongoing legal, political, and economic relationship with the European Union and heightened levels of inflation; greater difficulty in enforcing contracts, accounts receivable collection and longer collection periods; changes in regulatory requirements, including, but not limited to data privacy, data protection and data security regulations; difficulties and costs of staffing, managing and potentially reorganizing foreign operations, including increased employee recruitment, training and retention costs related to global employment turnover trends and inflationary pressures in the labor market; the uncertainty and limitation of protection for intellectual property rights in some countries; costs of compliance with foreign laws and regulations and the risks and costs of non-compliance with such laws and regulations; differing labor regulations in foreign jurisdictions where labor laws are generally more advantageous to employees, including deemed hourly wage and overtime regulations in these locations; costs of compliance with U.S. laws and regulations for foreign operations, including the FCPA, import and export control laws, tariffs imposed by the United States or other governments on our solutions, trade barriers, economic sanctions and other regulatory or contractual limitations on our ability to sell or provide our solutions in certain foreign markets, and the risks and costs of non-compliance; requirements to comply with foreign privacy, data protection and information security laws and regulations and the risks and costs of noncompliance; heightened risks of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of, and irregularities in, financial statements; the potential for political unrest, public health crises such as pandemics or similar outbreaks, acts of terrorism, hostilities or war, including the conflict between Ukraine and Russia, the ongoing conflict in the Middle East and increasing tensions between China and Taiwan; management communication and integration problems resulting from cultural differences and geographic dispersion; costs associated with language localization of our solutions; and costs of compliance with multiple and possibly overlapping tax structures and regimes.
If we, our customers, or a third party upon which we rely, experience a security incident or other interruption, or are perceived to have experienced a security incident or other interruption, we may experience adverse consequences, such as government enforcement actions (for example, investigations, fines, penalties, audits, and inspections); additional reporting obligations and/or oversight; restrictions on processing information (including personal data); litigation (including class claims); indemnification obligations; negative publicity; reputational harm; monetary fund diversions; interruptions of our operations (including availability of data); financial loss (including by issuing credits to our customers); diversion of management attention; and other similar harm.
If we, our customers, or a third party upon which we rely, experience or cause a security incident or other interruption, or are perceived to have experienced or caused a security incident or other interruption, we may experience material adverse consequences, such as government enforcement actions (for example, investigations, fines, penalties, audits, and inspections); additional reporting obligations and/or oversight; restrictions on processing information (including personal data); litigation (including class claims); indemnification obligations; negative publicity; reputational harm; monetary fund diversions; interruptions of our operations (including availability of data); financial loss (including by issuing credits to our customers); diversion of management attention; and other similar harm.
Our Credit Agreement imposes various covenants that limit our ability and/or our restricted subsidiaries’ ability to, among other things: pay dividends or distributions, repurchase equity, prepay, redeem or repurchase certain debt, and make certain investments; incur additional debt and issue certain preferred stock; provide guarantees in respect of obligations of other persons; incur liens on assets; engage in certain asset sales, including capital stock of our subsidiaries; merge, consolidate with, or sell all or substantially all our assets to another person; enter into transactions with affiliates; enter into agreements that restrict distributions from our subsidiaries; 30 Table of Contents designate subsidiaries as unrestricted subsidiaries; and prohibit certain restrictions on the ability of restricted subsidiaries to pay dividends or make other payments to us.
Our Credit Agreement imposes various covenants that limit our ability and/or our restricted subsidiaries’ ability to, among other things: pay dividends or distributions, repurchase equity, prepay, redeem or repurchase certain debt, and make certain investments; incur additional debt and issue certain preferred stock; provide guarantees in respect of obligations of other persons; incur liens on assets; engage in certain asset sales, including capital stock of our subsidiaries; merge, consolidate with, or sell all or substantially all our assets to another person; enter into transactions with affiliates; enter into agreements that restrict distributions from our subsidiaries; designate subsidiaries as unrestricted subsidiaries; and prohibit certain restrictions on the ability of restricted subsidiaries to pay dividends or make other payments to us.
These threats include but are not limited to: social-engineering attacks (including through deep fakes, which may be increasingly more difficult to identify as fake, and phishing attacks); credential harvesting; malicious code (such as viruses and worms); malware (including as a result of advanced persistent threat intrusions); denial-of-service attacks, credential stuffing; personnel misconduct or error; ransomware attacks; supply-chain attacks; software bugs; server malfunctions; software or hardware failures; loss of data or other information technology assets; adware; telecommunications failures; attacks enhanced or facilitated by artificial intelligence and other similar threats.
These threats include but are not limited to: social-engineering attacks (including through deep fakes, which may be increasingly more difficult to identify as fake, and phishing attacks); credential harvesting; malicious code (such as viruses and worms); malware (including as a result of advanced persistent threat intrusions); denial-of-service attacks, credential stuffing; insider threats (including due to personnel misconduct, error or malicious activity); ransomware attacks; supply-chain attacks; software bugs; server malfunctions; software or hardware failures; loss of data or other information technology assets; adware; telecommunications failures; attacks enhanced or facilitated by artificial intelligence and other similar threats.
Our new offerings or enhancements and changes to our existing offerings could fail to attain sufficient market acceptance for many reasons, including: failure to predict market demand accurately, including changes in demand as a result of macroeconomic trends, in terms of functionality and to supply offerings that meets this demand in a timely fashion; defects, errors or failures; negative publicity about their performance or effectiveness; delays in releasing our new offerings or enhancements to our existing offerings to the market; introduction or anticipated introduction of competing products by our competitors; poor business conditions for our customers, including as a result of difficult macroeconomic conditions, causing them to delay or forgo IT purchases; and reluctance of customers to purchase cloud-based offerings.
Our new offerings or enhancements and changes to our existing offerings could fail to attain sufficient market acceptance for many reasons, including: failure to predict market demand accurately, including changes in demand as a result of macroeconomic trends, in terms of functionality and to supply offerings that meets this demand in a timely fashion; 27 Table of Contents defects, errors or failures; negative publicity about their performance or effectiveness; delays in releasing our new offerings or enhancements to our existing offerings to the market; introduction or anticipated introduction of competing products by our competitors; poor business conditions for our customers, including as a result of difficult macroeconomic conditions, causing them to delay or forgo IT purchases; and reluctance of customers to purchase cloud-based offerings.
Any success that we may experience in the future will depend in large part on our ability to, among other things: maintain and expand our customer base; 14 Table of Contents increase revenue from existing customers through increased or broader use of our offerings within their organizations; improve the performance and capabilities of our offerings through research and development or the integration of acquired products and capabilities; continue to develop and expand our enterprise platform; maintain or increase the rate at which customers purchase and renew subscriptions to our enterprise platform offerings; continue to successfully expand our business domestically and internationally; and successfully compete with other companies.
Any success that we may experience in the future will depend in large part on our ability to, among other things: maintain and expand our customer base; increase revenue from existing customers through increased or broader use of our offerings within their organizations; improve the performance and capabilities of our offerings through research and development or the integration of acquired products and capabilities; continue to develop and expand our enterprise platform; maintain or increase the rate at which customers purchase and renew subscriptions to our enterprise platform offerings; continue to successfully expand our business domestically and internationally; and successfully compete with other companies.
Our current loan agreement includes, and we expect that any future agreements governing our indebtedness will include, restrictive covenants relating to our capital raising activities and other financial and operational matters, which may make it more difficult for us to obtain additional capital and to pursue business opportunities, including potential acquisitions.
Our current Credit Agreement includes, and we expect that any future agreements governing our indebtedness will include, restrictive covenants relating to our capital raising activities and other financial and operational matters, which may make it more difficult for us to obtain additional capital and to pursue business opportunities, including potential acquisitions.
Additionally, these rules require disclosures describing the processes used to identify, assess and manage cybersecurity risks, management's role in assessing and managing material risks from cybersecurity threats and the board of directors' role in overseeing cybersecurity risks. Unstable market and economic conditions may have material adverse consequences on our business, financial condition and share price.
These rules also require disclosures describing the processes used to identify, assess and manage cybersecurity risks, management's role in assessing and managing material risks from cybersecurity threats and the board of directors' role in overseeing cybersecurity risks. Unstable market and economic conditions may have material adverse consequences on our business, financial condition and share price.
Subsequent statutory or regulatory changes in respect of the utilization of NOLs for federal, state or foreign purposes, such as suspensions on the use of NOLs or limitations on the deductibility of NOLs carried forward, or other unforeseen reasons, may result in our existing NOLs expiring or otherwise being unavailable to offset future income tax liabilities.
Subsequent statutory or regulatory changes in respect of the utilization of NOLs and other tax assets for federal, state or foreign purposes, such as suspensions on the use of NOLs or limitations on the deductibility of NOLs carried forward, or other unforeseen reasons, may result in our existing NOLs expiring or otherwise being unavailable to offset future income tax liabilities.
If we are unable to conclude that our internal control over financial reporting is effective, or if our independent registered public accounting firm determines we have a material weakness or significant deficiency in our internal control over financial reporting, we could lose investor confidence in the accuracy and completeness of our financial reports, the market price of our common stock could decline, and we could be subject to sanctions or investigations by the Nasdaq, the SEC or other regulatory authorities.
If we are unable to conclude that our internal control over financial reporting is effective, or if our independent registered public accounting firm determines we have a material weakness or significant deficiency in our internal control over financial reporting, we could lose investor 44 Table of Contents confidence in the accuracy and completeness of our financial reports, the market price of our common stock could decline, and we could be subject to sanctions or investigations by the Nasdaq, the SEC or other regulatory authorities.
These proposals are based on two “pillars”, involving the allocation of taxing rights in respect of certain multinational enterprises above a fixed profit margin to the jurisdictions in which they carry on business (subject to certain revenue threshold rules which we do not currently meet but expect to meet in the future), referred to as the Pillar One proposal, and imposing a minimum effective tax rate on certain multinational enterprises, referred to as the Pillar Two proposal.
These proposals are based on two “pillars”, involving the allocation of taxing rights in respect of certain multinational enterprises above a fixed profit margin to the jurisdictions in which they carry on business (subject to certain revenue threshold rules which we do not currently meet but may meet in the future), referred to as Pillar One, and imposing a minimum effective tax rate on certain multinational enterprises, referred to as Pillar Two.
If the equity and credit markets deteriorate, including as a result of political unrest or war, it may make any necessary debt or equity financing more difficult to obtain in a timely manner or on favorable terms, more costly or more dilutive. 32 Table of Contents Increased inflation rates can adversely affect us by increasing our costs, including labor and employee benefit costs.
If the equity and credit markets deteriorate, including as a result of political unrest or war, it may make any necessary debt or equity financing more difficult to obtain in a timely manner or on favorable terms, more costly or more dilutive. Increased inflation rates can adversely affect us by increasing our costs, including labor and employee benefit costs.
If we or other software companies with cloud-based offerings experience security incidents, breaches of customer data, disruptions in service delivery or other problems, the market for cloud-based solutions as a whole may be negatively impacted, which in turn would negatively impact our revenue and our growth prospects. Our sales cycle is long and unpredictable.
If we or other software companies with cloud-based offerings experience security incidents, breaches of 22 Table of Contents customer data, disruptions in service delivery or other problems, the market for cloud-based solutions as a whole may be negatively impacted, which in turn would negatively impact our revenue and our growth prospects. Our sales cycle is long and unpredictable.
Noncompliance with these laws could subject us to whistleblower complaints, investigations, sanctions, settlements, prosecution, other enforcement actions, disgorgement of profits, significant fines, damages, other civil and criminal penalties or injunctions, suspension 39 Table of Contents and/or debarment from contracting with certain persons, the loss of export privileges, reputational harm, adverse media coverage, and other collateral consequences.
Noncompliance with these laws could subject us to whistleblower complaints, investigations, sanctions, settlements, prosecution, other enforcement actions, disgorgement of profits, significant fines, damages, other civil and criminal penalties or injunctions, suspension and/or debarment from contracting with certain persons, the loss of export privileges, reputational harm, adverse media coverage, and other collateral consequences.
To alleviate the financial, operational and reputational impact of a ransomware attack, it may be necessary to make extortion payments, but we may be unable to do so if, for example, applicable laws prohibit such payments.
To alleviate the financial, operational and reputational impact of a ransomware attack, it may be prudent to make extortion payments, but we may be unable to do so if, for example, applicable laws prohibit such payments.
In addition, our Credit Agreement contains restrictive covenants that prohibit us, subject to certain exceptions, from paying dividends on our common stock. 37 Table of Contents We cannot guarantee that our share repurchase program will be fully consummated or that it will enhance stockholder value, and any share repurchases we make could affect the price of our common stock.
In addition, our Credit Agreement contains restrictive covenants that prohibit us, subject to certain exceptions, from paying dividends on our common stock. We cannot guarantee that our share repurchase program will be fully consummated or that it will enhance stockholder value, and any share repurchases we make could affect the price of our common stock.
Our competitors include: vulnerability management and assessment vendors, including Qualys and Rapid7; 13 Table of Contents diversified security software and services vendors; endpoint security vendors with nascent vulnerability assessment capabilities, including CrowdStrike; public cloud vendors and companies, such as Palo Alto Networks and Wiz, that offer solutions for cloud security (private, public and hybrid cloud); and providers of point solutions that compete with some of the features present in our solutions.
Our competitors include: vulnerability management and assessment vendors, including Qualys and Rapid7; diversified security software and services vendors; endpoint security vendors with nascent vulnerability assessment capabilities, including CrowdStrike; public cloud vendors and companies, such as Palo Alto Networks and Wiz, that offer solutions for cloud security (private, public and hybrid cloud); and providers of point solutions that compete with some of the features present in our solutions.
For example, in July 2023, the SEC adopted rules requiring the disclosure of information about a material cybersecurity incident on Form 8-K within four business days of determining that the incident is material, unless the US Attorney General concludes that such a disclosure would pose a substantial risk to national security or public safety.
In addition, in July 2023, the SEC adopted rules requiring the disclosure of information about a material cybersecurity incident on Form 8-K within four business days of determining that the incident is material, unless the US Attorney General concludes that such a disclosure would pose a substantial risk to national security or public safety.
The issuance of additional regulatory or accounting guidance related to existing or future tax laws, or changes to tax laws or regulations proposed or implemented by the current or a future U.S. presidential administration, Congress, or taxing authorities in other jurisdictions, including jurisdictions outside of the 40 Table of Contents United States, could materially affect our tax obligations and effective tax rate.
The issuance of additional regulatory or accounting guidance related to existing or future tax laws, or changes to tax laws or regulations proposed or implemented by the current or a future U.S. presidential administration, Congress, or taxing authorities in other jurisdictions, including jurisdictions outside of the United States, could materially affect our tax obligations and effective tax rate.
If any of the following risks or others not specified below materialize, our business, financial condition and results of operations could be materially and adversely affected. Selected Risks Affecting Our Business Our business is subject to a number of risks of which you should be aware before making a decision to invest in our common stock.
If any of 12 Table of Contents the following risks or others not specified below materialize, our business, financial condition and results of operations could be materially and adversely affected. Selected Risks Affecting Our Business Our business is subject to a number of risks of which you should be aware before making a decision to invest in our common stock.
Further, the accounting rules and regulations are continually changing in ways that could impact our financial statements. 31 Table of Contents The preparation of financial statements in conformity with generally accepted accounting principles in the United States, or U.S. GAAP, requires management to make estimates and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes.
Further, the accounting rules and regulations are continually changing in ways that could impact our financial statements. The preparation of financial statements in conformity with generally accepted accounting principles in the United States, or U.S. GAAP, requires management to make estimates and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes.
Even if such an incident is unrelated to our security practices, it could result in our incurring significant economic and operational costs in investigating, remediating, and implementing additional measures to further protect our customers from their own vulnerabilities. The reliability and continuous availability of our solutions is critical to our success.
Even if such an incident is unrelated to our security practices, it could result in our incurring significant economic and operational costs in investigating, remediating, and implementing additional measures to further protect our customers from their own vulnerabilities. 19 Table of Contents The reliability and continuous availability of our solutions is critical to our success.
Any change in export or import laws and regulations or economic or trade sanctions, shift in the enforcement or scope of existing laws and regulations, or change in the countries, governments, persons or technologies targeted by such laws and regulations could also result in decreased use of our products, or in our decreased ability to export or sell our products to existing or potential customers.
Any 42 Table of Contents change in export or import laws and regulations or economic or trade sanctions, shift in the enforcement or scope of existing laws and regulations, or change in the countries, governments, persons or technologies targeted by such laws and regulations could also result in decreased use of our products, or in our decreased ability to export or sell our products to existing or potential customers.
These provisions include: a classified Board of Directors with three-year staggered terms, which could delay the ability of stockholders to change the membership of a majority of our Board of Directors; the ability of our Board of Directors to issue shares of preferred stock and to determine the price and other terms of those shares, including preferences and voting rights, without stockholder approval, which could be used to significantly dilute the ownership of a hostile acquirer; the exclusive right of our Board of Directors to elect a director to fill a vacancy created by the expansion of our Board of Directors or the resignation, death or removal of a director, which prevents stockholders from being able to fill vacancies on our Board of Directors; a prohibition on stockholder action by written consent, which forces stockholder action to be taken at an annual or special meeting of our stockholders; the requirement that a special meeting of stockholders may be called only by the chairperson of our Board of Directors, Chief Executive Officer or president (in the absence of a chief executive officer) or a majority vote of our Board of Directors, which could delay the ability of our stockholders to force consideration of a proposal or to take action, including the removal of directors; the requirement for the affirmative vote of holders of at least 66 2/3% of the voting power of all of the then outstanding shares of the voting stock, voting together as a single class, to amend the provisions of our amended and restated certificate of incorporation relating to the issuance of preferred stock and management of our business or our amended and restated bylaws, which may inhibit the ability of an acquirer to affect such amendments to facilitate an unsolicited takeover attempt; the ability of our Board of Directors, by majority vote, to amend our amended and restated bylaws, which may allow our Board of Directors to take additional actions to prevent an unsolicited takeover and inhibit the ability of an acquirer to amend our amended and restated bylaws to facilitate an unsolicited takeover attempt; and advance notice procedures with which stockholders must comply to nominate candidates to our Board of Directors or to propose matters to be acted upon at a stockholders’ meeting, which may discourage or deter a potential acquirer from conducting a solicitation of proxies to elect the acquirer’s own slate of directors or otherwise attempting to obtain control of us. 38 Table of Contents These provisions may prohibit large stockholders, in particular those owning 15% or more of our outstanding voting stock, from merging or combining with us for a certain period of time.
These provisions include: 40 Table of Contents a classified Board of Directors with three-year staggered terms, which could delay the ability of stockholders to change the membership of a majority of our Board of Directors; the ability of our Board of Directors to issue shares of preferred stock and to determine the price and other terms of those shares, including preferences and voting rights, without stockholder approval, which could be used to significantly dilute the ownership of a hostile acquirer; the exclusive right of our Board of Directors to elect a director to fill a vacancy created by the expansion of our Board of Directors or the resignation, death or removal of a director, which prevents stockholders from being able to fill vacancies on our Board of Directors; a prohibition on stockholder action by written consent, which forces stockholder action to be taken at an annual or special meeting of our stockholders; the requirement that a special meeting of stockholders may be called only by the chairperson of our Board of Directors, Chief Executive Officer or president (in the absence of a chief executive officer) or a majority vote of our Board of Directors, which could delay the ability of our stockholders to force consideration of a proposal or to take action, including the removal of directors; the requirement for the affirmative vote of holders of at least 66 2/3% of the voting power of all of the then outstanding shares of the voting stock, voting together as a single class, to amend the provisions of our amended and restated certificate of incorporation relating to the issuance of preferred stock and management of our business or our amended and restated bylaws, which may inhibit the ability of an acquirer to affect such amendments to facilitate an unsolicited takeover attempt; the ability of our Board of Directors, by majority vote, to amend our amended and restated bylaws, which may allow our Board of Directors to take additional actions to prevent an unsolicited takeover and inhibit the ability of an acquirer to amend our amended and restated bylaws to facilitate an unsolicited takeover attempt; and advance notice procedures with which stockholders must comply to nominate candidates to our Board of Directors or to propose matters to be acted upon at a stockholders’ meeting, which may discourage or deter a potential acquirer from conducting a solicitation of proxies to elect the acquirer’s own slate of directors or otherwise attempting to obtain control of us.
If our partners choose to place greater emphasis on products of their own or those offered by our competitors or do not effectively market and sell our product, our ability to grow our business and sell software and professional services may be adversely affected.
If our partners choose to 30 Table of Contents place greater emphasis on products of their own or those offered by our competitors or do not effectively market and sell our product, our ability to grow our business and sell software and professional services may be adversely affected.
While we have experienced significant revenue growth in recent periods, we are not certain whether or when we will obtain a high enough volume of sales of our offerings to sustain or increase our growth or achieve or maintain profitability in the future.
While we have experienced significant revenue growth in recent periods, we are not certain whether or when we will obtain a high enough volume of sales of our offerings to sustain or increase our growth or achieve or maintain profitability 13 Table of Contents in the future.
Historically, some of our customers have elected not to renew their subscriptions with us for a variety of reasons, including as a result of changes in their strategic IT priorities, budgets, costs and, in some instances, due to competing solutions.
Historically, some of our customers have elected not to renew their 15 Table of Contents subscriptions with us for a variety of reasons, including as a result of changes in their strategic IT priorities, budgets, costs and, in some instances, due to competing solutions.
The companies in which we invest are early stage private companies focused on cybersecurity innovation, and such companies may still be developing technologies or products with limited cash to support the development, marketing and sales of their technologies or products.
Investments in private companies are inherently risky. The companies in which we invest are early stage private companies focused on cybersecurity innovation, and such companies may still be developing technologies or products with limited cash to support the development, marketing and sales of their technologies or products.
We cannot assure that our expansion efforts into international markets will be successful in creating further demand for our solutions and professional services outside of the United States or in effectively selling our solutions and professional services in the international markets that we enter.
We cannot assure that our expansion efforts into international markets will be successful in creating further demand for our solutions and professional services outside of the United States or in effectively selling our solutions and professional services in the 28 Table of Contents international markets that we enter.
We may not be able to refinance our debt, or any refinancing of our debt could be at higher interest rates and may require us to comply with more restrictive covenants that could further restrict our business operations.
We may not be able to refinance our debt, or any refinancing of our debt could be at higher interest rates and may require us to comply with more restrictive covenants that could further restrict our business 32 Table of Contents operations.
Some elements of this complex system are operated by third parties that we do not control and that could require significant time to replace. We expect this dependence on third parties to continue. For example, Tenable One is hosted on Amazon Web Services, or AWS, which provides us with computing and storage capacity.
Some elements of this complex system are operated by third parties that we do not control and that could require significant time to replace. We expect this dependence on third parties to continue. For example, Tenable One is hosted on AWS which provides us with computing and storage capacity.
To the extent we are not able to obtain or maintain a facility security clearance, we may not be able to bid on or win new classified contracts, and existing contracts requiring a facility security clearance could be terminated. 33 Table of Contents Any failure to protect our proprietary technology and intellectual property rights could substantially harm our business and operating results.
To the extent we are not able to obtain or maintain a facility security clearance, we may not be able to bid on or win new classified contracts, and existing contracts requiring a facility security clearance could be terminated. Any failure to protect our proprietary technology and intellectual property rights could substantially harm our business and operating results.
While the Delaware courts have determined that such choice of forum provisions are facially valid, a stockholder may nevertheless seek to bring a claim in a venue other than those designated in the exclusive forum provisions.
While the Delaware courts have determined that such choice of forum provisions are facially valid, a stockholder may nevertheless seek to bring a claim in a venue other than those designated in the exclusive forum 41 Table of Contents provisions.
In addition, as a result of an amendment to our Credit Agreement, certain of the variable rate indebtedness extended to us uses the Secured Overnight Financing Rate, or SOFR, as a benchmark for establishing the interest rate.
In addition, as a result of an amendment to our Credit Agreement, certain of the variable rate 33 Table of Contents indebtedness extended to us uses the Secured Overnight Financing Rate, or SOFR, as a benchmark for establishing the interest rate.
In particular, the European Economic Area, or EEA, and the United Kingdom, or UK, have significantly restricted the transfer of personal data to the United States and other countries whose privacy laws it believes are inadequate. Other jurisdictions may adopt similarly stringent interpretations of their data localization and cross-border data transfer laws.
In particular, the European Economic Area, or EEA, and the United Kingdom, or UK, have significantly restricted the transfer of personal data to the United States and other countries whose privacy laws it believes are inadequate. Other jurisdictions may adopt or have already adopted similarly stringent data localization and cross-border data transfer laws.
In addition to data privacy and security laws, we are contractually subject to industry standards adopted by industry groups and may become subject to such obligations in the future. Furthermore, we are bound by other contractual obligations relating to data privacy and security, and our efforts to comply with such obligations may not be successful.
In addition to data privacy and security laws, we are contractually subject to industry standards adopted by industry groups and may become subject to such obligations in the future. Furthermore, we are bound by other contractual 24 Table of Contents obligations relating to data privacy and security, and our efforts to comply with such obligations may not be successful.
Because our agreements with certain third-party service providers, such as Amazon Web Services, or AWS, limit their liability for damages, we may not be able to recover a material portion of our liabilities to our customers and third parties arising from issues with such third-party service providers, such as AWS, in the event of an incident affecting the third parties’ systems.
Because our agreements with certain third-party service providers, such as AWS and Snowflake, limit their liability for damages, we may not be able to recover a material portion of our liabilities to our customers and third parties arising from issues with such third-party service providers, such as AWS and Snowflake, in the event of an incident affecting the third parties’ systems.
We market and sell our solutions and professional services throughout the world and have personnel in many parts of the world. International operations generated 45% and 44% of our revenue in 2023 and 2022, respectively. Our growth strategy is dependent, in part, on our continued international expansion.
We market and sell our solutions and professional services throughout the world and have personnel in many parts of the world. International operations generated 46% and 45% of our revenue in 2024 and 2023, respectively. Our growth strategy is dependent, in part, on our continued international expansion.
We must be able to interoperate and provide our security offerings to customers with highly complex and customized networks, including remote devices, which requires careful planning and execution between our customers, our customer support teams and our channel partners.
We must be able to interoperate and provide our security offerings to customers with highly complex and customized networks, including remote devices, which requires 16 Table of Contents careful planning and execution between our customers, our customer support teams and our channel partners.
The global economy, including credit and financial markets, has recently experienced extreme volatility and disruptions, including severely diminished liquidity and credit availability, declines in consumer confidence, declines in economic growth, increases in unemployment rates, increases in inflation rates, higher interest rates and uncertainty about economic stability.
The global economy, including credit and financial markets, recently experienced extreme volatility and disruptions, including severely diminished liquidity and credit availability, declines in consumer confidence, declines in economic growth, increases in unemployment rates, inflation, interest rate fluctuations and uncertainty about economic stability.
These claims could also subject us to making substantial payments for legal fees, settlement payments, and other costs or damages, potentially including treble damages if we are found to have willfully infringed patents or copyrights.
These claims could also subject us to making substantial payments for legal fees, settlement payments, and other costs or damages, potentially including treble 37 Table of Contents damages if we are found to have willfully infringed patents or copyrights.
We have registrations and/or pending applications for additional trademarks in the United States; however, we cannot assure you that any future trademark registrations will be issued for pending or future applications or that any registered trademarks will be enforceable or provide adequate protection of our proprietary rights.
We have registrations and/or pending applications for additional trademarks; however, we cannot assure you that any future trademark registrations will be issued for pending or future applications or that any registered trademarks will be enforceable or provide adequate protection of our proprietary rights.
This also makes it difficult for us to rapidly 15 Table of Contents increase our revenue growth through additional sales in any period, as revenue from new customers generally will be recognized over the term of the applicable agreement. We may not be able to scale our business quickly enough to meet our customers’ growing needs.
This also makes it difficult for us to rapidly increase our revenue growth through additional sales in any period, as revenue from new customers generally will be recognized over the term of the applicable agreement. We may not be able to continue scaling our business quickly enough to meet our customers’ growing needs.
Security incidents and attendant consequences may cause customers to stop using our solutions (including by not renewing their purchases of our solutions), deter new customers from using our solutions, and negatively impact our ability to grow and operate our business.
Security incidents or other disruptions and attendant material consequences may cause customers to stop using our solutions (including by not renewing their purchases of our solutions), deter new customers from using our solutions, and negatively impact our ability to grow and operate our business.
Section 382 of the Internal Revenue Code imposes limitations on a company’s ability to use its NOLs to offset its taxable income if one or more stockholders or groups of stockholders that each own at least 5% of the company’s stock increase their aggregate ownership (by value) by more than 50 percentage points over their lowest ownership percentages within a rolling three-year period.
Section 382 and 383 of the Internal Revenue Code impose limitations on a company’s ability to use its NOLs and other tax assets to offset its taxable income if one or more stockholders or groups of stockholders that each own at least 5% of the company’s stock increase their aggregate ownership (by value) by more than 50 percentage points over their lowest ownership percentages within a rolling three-year period.
Developing new solutions and product enhancements is uncertain, expensive and time-consuming, and there is no assurance that such activities will result in significant cost savings, revenue or other expected benefits.
Developing new solutions and product enhancements is uncertain, 14 Table of Contents expensive and time-consuming, and there is no assurance that such activities will result in significant cost savings, revenue or other expected benefits.
We have an internal data privacy function that oversees and supervises our compliance with European and UK data protection regulations but, despite our efforts, we may fail, or be perceived to have failed, to comply.
We have an internal data privacy function that oversees and supervises our compliance with data privacy laws, including EU and UK data protection regulations but, despite our efforts, we may fail, or be perceived to have failed, to comply.
If interest rates continue to increase, the debt service obligations on such indebtedness will continue to increase even if the amount borrowed remains the same, and our net income and cash flows, including cash available for servicing our indebtedness, will correspondingly decrease.
If interest rates increase, the debt service obligations on such indebtedness would increase even if the amount borrowed remains the same, and our net income and cash flows, including cash available for servicing our indebtedness, would correspondingly decrease.
If our cash flows and capital resources are insufficient to fund our debt service obligations, or to repay the term loan when it matures, we may have to undertake alternative financing plans, such as refinancing or restructuring our debt, selling assets or operations, reducing or delaying capital investments, or seeking to raise additional capital.
If our cash flows and capital resources are insufficient to fund our debt service obligations, or to repay our outstanding senior secured credit facility, or Term Loan, when it matures, we may have to undertake alternative financing plans, such as refinancing or restructuring our debt, selling assets or operations, reducing or delaying capital investments, or seeking to raise additional capital.
Any patents we have obtained or may obtain in the future may be found to be invalid or unenforceable in light of recent and future changes in the law. We have registered the “Tenable,” “Nessus,” “Tenable.io” and "Lumin" trademarks and our Tenable logo in the United States and certain other countries.
Any patents we have obtained or may obtain in the future may be found to be invalid or unenforceable in light of recent and future changes in the law. We have registered the “Tenable” and “Nessus,” and our Tenable logo in the United States and certain other countries.
Moreover, while we may be entitled to damages from other third-party service providers if they fail to satisfy their privacy or security-related obligations to us, any award may be insufficient to cover our damages, or we may be unable to recover such reward.
Moreover, while we may be entitled to damages from third-party service providers if they fail to satisfy their privacy or security-related obligations to us or if they cause a disruption in our infrastructure, any award may be insufficient to cover our damages, or we may be unable to recover such reward.
Risks Related to Our Business and Industry We have a history of losses and may not achieve or maintain profitability in the future. We have historically incurred net losses, including net losses of $78.3 million, $92.2 million and $46.7 million in 2023, 2022 and 2021, respectively. At December 31, 2023, we had an accumulated deficit of $825.0 million.
Risks Related to Our Business and Industry We have a history of losses and may not achieve or maintain profitability in the future. We have historically incurred net losses, including net losses of $36.3 million, $78.3 million and $92.2 million in 2024, 2023 and 2022, respectively. At December 31, 2024, we had an accumulated deficit of $861.3 million.
Furthermore, the Organization for Economic Co-operation and Development, or OECD, is leading work on proposals, commonly referred to as “BEPS 2.0”, which, if and to the extent implemented, would make important changes to the international tax system.
Furthermore, the Organization for Economic Co-operation and Development, or OECD, is leading work on proposals, commonly referred to as “BEPS 2.0”, which, to the extent enacted, will make changes to the international tax system.
For these reasons, we may not be able to utilize a material portion of our NOLs, even if we achieve profitability.
For these reasons, we may not be able to utilize a material portion of our NOLs and other tax assets, even if we achieve profitability.
We rely on third party service providers and technologies to operate critical business systems, including processing confidential and sensitive information, including, without limitation, cloud-based infrastructure, data center facilities, encryption and authentication technology, employee email and other functions. We also rely on third-party service providers to provide other products, services, or otherwise operate our business.
We rely on third-party service providers and technologies to operate critical business systems, including processing confidential and sensitive information, including, without limitation, cloud-based infrastructure, data center facilities, encryption and authentication technology, employee email and other functions.
The increased prevalence of remote work and use of remote devices has increased risks to our information technology systems and data, as more of our employees utilize network connections, computers and devices outside of our premises or network, including working at home, while in transit and in public locations.
Remote work and use of remote devices has increased risks to our information technology systems and data, as more of our personnel utilize network connections, computers and devices outside of our premises or network, including 17 Table of Contents working at home, while in transit and in public locations.
Ingram Micro, Inc., a distributor, accounted for 36%, 38% and 39% of our revenue in 2023, 2022 and 2021, respectively, and 32% of our accounts receivable at December 31, 2023 and 36% at December 31, 2022.
Ingram Micro, Inc., a distributor, accounted for 34%, 36% and 38% of our revenue in 2024, 2023 and 2022, respectively, and 29% of our accounts receivable at December 31, 2024 and 32% at December 31, 2023.
It is possible that our customers and potential customers would hold us accountable for any security incident affecting our third-party service providers’ infrastructure. We may incur significant liability from those customers and from other third parties with respect to any such incident.
It is possible that our customers and potential customers would hold us accountable for any security incident affecting our third-party service providers’ or partners' infrastructure or other interruption caused by our third-party service providers or partners that impacts our infrastructure. We may incur significant liability from those customers and from other third parties with respect to any such incident.
For all of these reasons, we may not be able to compete successfully against our current or future competitors. We may not be able to sustain our revenue growth rate in the future. From 2022 to 2023, our revenue grew from $683.2 million to $798.7 million, representing year over year growth of 17%.
For all of these reasons, we may not be able to compete successfully against our current or future competitors. We may not be able to sustain our revenue growth rate in the future. From 2023 to 2024, our revenue grew from $798.7 million to $900.0 million, representing year over year growth of 13%.
In addition to computer “hackers,” threat actors, personnel (such as through theft or misuse), "hacktivists," organized criminal 16 Table of Contents threat actors, sophisticated nation-states and nation-state-supported actors now engage and are expected to continue to engage in cyber-attacks.
In addition to computer “hackers,” threat actors, personnel (such as through theft or misuse, or other insider threat listed below), "hacktivists," organized criminal threat actors, sophisticated nation-states and nation-state-supported actors now engage and are expected to continue to engage in cyber-attacks.
We use a two-tiered, indirect fulfillment model whereby we sell our products and services to our distributors, which in turn sell to our resellers, which then sell to our end users, which we call customers.
We typically use a two-tiered, channel model whereby we sell our products and services to our distributors, who in turn sell to our resellers, who then sell to our end users, who we call customers.
At December 31, 2023 we had U.S. federal, state and foreign net operating loss carryforwards, or NOLs, of $372.5 million, $246.6 million, and $469.3 million, respectively, available to offset future taxable income, some of which will begin to expire in 2030.
At December 31, 2024 we had U.S. federal, state and foreign net operating loss carryforwards, or NOLs, of $353.9 million, $239.3 million, and $468.6 million, respectively, available to offset future taxable income, some of which will begin to expire in 2030.
In the past few years, numerous U.S. states—including California, Virginia, Colorado, Connecticut, and Utah—have enacted comprehensive privacy laws that impose certain obligations on covered businesses, including providing specific disclosures in privacy notices and affording residents with certain rights concerning their personal data.
Numerous U.S. states have enacted comprehensive privacy laws that impose certain obligations on covered businesses, including providing specific disclosures in privacy notices and affording residents with certain rights concerning their personal data.
We have experienced, and may in the future experience, disruptions, outages and other performance problems due to a variety of factors, including infrastructure changes, deliberate or 17 Table of Contents unintentional human or software errors, capacity constraints, fraud or security incidents.
We have experienced, and may in the future experience, disruptions, outages, other performance problems and security threats due to a variety of factors, including infrastructure changes, deliberate or unintentional human actions (including by third parties), software defects and configuration errors, capacity constraints, fraud or security incidents.
At December 31, 2023, we had 38 issued patents and 21 patent applications pending in the United States relating to our technology.
At December 31, 2024, we had 47 issued patents and 22 patent applications pending in the United States relating to our technology.
In 2023, 2022 and 2021, we derived 93%, 92% and 92%, respectively, of our revenue from subscriptions and perpetual licenses sold through channel partners, and the percentage of revenue derived from channel partners may continue to increase in future periods.
In 2024, 2023 and 2022, we derived 94%, 93% and 92%, respectively, of our revenue from sales through channel partners, and the percentage of revenue derived from channel partners may continue to increase in future periods.
Our business, financial condition and results of operations could be materially adversely affected by the recent conflict in the Middle East and subsequent hostilities in the region, as well as any negative impact on the regional or global economies and capital markets resulting therefrom or from the ongoing conflict between Ukraine and Russia and any other geopolitical tensions.
Our business, financial condition and results of operations could be materially adversely affected by the recent conflict in the Middle East and subsequent hostilities in the region, as well as any negative impact on the regional or global economies and capital markets resulting therefrom or from the ongoing conflict between Ukraine and Russia and any other geopolitical tensions. 35 Table of Contents U.S. and global markets have experienced volatility and disruption following the escalation of geopolitical tensions, including the conflict in the Middle East, the ongoing conflict between Ukraine and Russia and increasing tensions between China and Taiwan.
On November 27, 2023, we announced that our Board of Directors authorized a share repurchase program of up to $100 million of shares of our outstanding common stock.
On November 27, 2023, we announced that our Board of Directors authorized a share repurchase program of up to $100 million of shares of our outstanding common stock. In October 2024, our Board of Directors increased the repurchase authorization by $200 million.

120 more changes not shown on this page.

Item 1C. Cybersecurity

Cybersecurity — threats and controls disclosure

9 edited+1 added0 removed13 unchanged
Biggest changeOur CSO is also responsible for implementing and overseeing processes for regularly monitoring our information systems and data, including the conducting of periodic audits of certain systems to identify potential vulnerabilities. The CSO reports directly to the Chief Executive Officer and provides regular updates to our Chief Financial Officer, and CLO, on certain cybersecurity risks and incidents.
Biggest changeOur CSO is also responsible for implementing and overseeing processes for regularly monitoring our information systems and data, including the conducting of periodic audits of certain systems to identify potential vulnerabilities.
We have implemented and maintain various information security processes designed to identify, assess and manage material risks from cybersecurity threats to our critical computer networks, third-party hosted services, communications systems, hardware and software, our critical data (including without limitation intellectual property, confidential information that is proprietary, strategic or competitive, customer vulnerability data, and information systems data), and exposure management solutions.
We have implemented and maintain various information security processes designed to identify, assess and manage material risks from cybersecurity threats to our critical computer networks, third-party hosted services, communications systems, hardware and software, critical data (including without limitation intellectual property, confidential information that is proprietary, strategic or competitive, customer vulnerability data, and information systems data), and exposure management solutions.
This includes maintaining an incident response plan, vulnerability management policy, and disaster recovery and business continuity plan, conducting risk assessments for certain environments, implementing security standards and certifications for certain products and systems, encrypting data in transit and at rest, controlling data access in certain environments, using multiple network controls in certain environments, segregating data, monitoring systems, performing regular security assessments for certain systems, training employees, maintaining cybersecurity insurance, maintaining dedicated cybersecurity staff, and conducting internal and external penetration tests.
This includes maintaining an incident response plan, vulnerability management policy, and disaster recovery and business continuity plans, conducting risk assessments for certain environments, implementing certain security standards and certifications for certain products and systems, encrypting certain data in transit and at rest, controlling data access in certain environments, using multiple security controls in certain environments, segregating certain data, monitoring certain systems, performing regular security assessments for certain systems, training employees, maintaining cybersecurity insurance, maintaining dedicated cybersecurity staff, and conducting internal and external penetration tests.
These methods include conducting vulnerability assessments and threat assessments in certain environments for internal and external threats, 42 Table of Contents scanning certain threat environments, analyzing certain reports of threats and actors, conducting internal audits for certain systems, evaluating our and our industry’s risk profile, coordinating with law enforcement concerning select threats, and engaging with third-party service providers to conduct external audits, and threat assessments for certain systems, provide intelligence feeds, and conduct red/blue team testing and tabletop incident response exercises.
These methods include conducting vulnerability assessments and threat assessments in certain environments for internal and external threats, scanning certain threat environments, analyzing certain reports of threats and actors, conducting internal audits for certain systems, evaluating our and our industry’s risk profile, coordinating with law enforcement concerning select threats, and engaging with third-party service providers to conduct external audits, threat assessments for certain systems, provide intelligence feeds, and conduct red/blue team testing and tabletop incident response exercises.
Our Information Security function is overseen by our Chief Security Officer, or CSO, and is supported by our Chief Information Officer, Product Engineering Team Lead, Chief Legal Officer, or CLO, and Head of Global Privacy.
Our Information Security function is overseen by our Chief Security Officer, or CSO, and is supported by our Chief Information Officer, Chief Product Officer and Product Engineering Team Leads, Chief Legal Officer, or CLO, and Head of Global Privacy.
We evaluate the risks associated with third parties before engagement and maintain ongoing monitoring of such third parties designed to ensure compliance with our security standards. This includes security questionnaires and assessments, as well as external attack surface management.
We evaluate the risks associated with third parties before engagement and maintain ongoing monitoring of such third parties designed to ensure compliance with our security standards. This includes security questionnaires and 45 Table of Contents assessments, as well as external attack surface management.
Our CSO oversees and maintains our information security management framework and is responsible for defining and 43 Table of Contents implementing our information security strategy, hiring appropriate personnel, communicating key cybersecurity priorities to relevant personnel, and managing cybersecurity budgets and cybersecurity processes.
Our CSO oversees and maintains our information security management framework and is responsible for defining and implementing our information security strategy, hiring appropriate personnel, communicating key cybersecurity priorities to relevant personnel, and managing cybersecurity budgets and cybersecurity processes.
By partnering with these specialized providers, we can leverage their insights and expertise to implement cybersecurity strategies and processes that are designed to align with industry best practices. Our collaboration with third parties includes cybersecurity audits, threat assessments, and consultation on security enhancements. We have established processes designed to manage the cybersecurity risks associated with working with third-party service providers.
By partnering with these specialized providers, we can leverage their insights and expertise to continue to refine our cybersecurity strategies and processes. We have established processes designed to manage the cybersecurity risks associated with working with third-party service providers.
Our CSO has over 25 years of experience in cybersecurity, including serving as a chief security and strategy officer at another company and founding a cybersecurity operational technology threat intelligence and solutions platform.
Our CSO has over 25 years of experience in cybersecurity, including serving as a chief security and strategy officer at another company as well as serving over 20 years conducting offensive and defensive cyber operations within the intelligence community and US Cyber Command.
Added
The CSO reports directly to our Co-Chief Executive Officer and Chief Operating Officer and provides regular updates to our Co-Chief Executive Officer and Chief Financial Officer and CLO on certain cybersecurity risks and incidents.

Item 3. Legal Proceedings

Legal Proceedings — active lawsuits and investigations

2 edited+0 added0 removed1 unchanged
Biggest changeThe results of any current or future litigation cannot be predicted with certainty, and regardless of the outcome, litigation can have an adverse impact on us because of defense and settlement costs, diversion of management resources and other factors.
Biggest changeThe results of any current or future litigation cannot be predicted with certainty, and regardless of the outcome, litigation can have an adverse impact on us because of defense and settlement costs, diversion of management resources and other factors. Item 4. Mine Safety Disclosures Not applicable. 47 Table of Contents PART II
We have received, and may in the future continue to receive, claims from third parties asserting, among other things, infringement of their intellectual property rights. Future litigation may be necessary to defend ourselves, our partners and our customers by determining the scope, enforceability and validity of third-party proprietary rights, or to establish our proprietary rights.
We have received, and may in the future continue to receive, claims from third parties asserting, among other things, infringement of their intellectual property rights. Future litigation may be necessary to defend ourselves, our partners and our customers by 46 Table of Contents determining the scope, enforceability and validity of third-party proprietary rights, or to establish our proprietary rights.

Item 5. Market for Registrant's Common Equity

Market for Common Equity — stock, dividends, buybacks

3 edited+1 added6 removed4 unchanged
Biggest changeThe shares are subject to forfeiture if these employees do not continue to provide services for the specified vesting period. 45 Table of Contents Issuer Purchases of Equity Securities A summary of stock repurchases during the three months ended December 31, 2023 is presented below: (in thousands, except for per share data) Shares Purchased Average Price Paid Per Share Total Number of Shares Purchased as Part of Publicly Announced Plan (1) Approximate Dollar Value of Shares that May Yet Be Purchased Under Plan (1) Shares purchased October 1, 2023 to October 31, 2023 $ $ Shares purchased November 1, 2023 to November 30, 2023 24 $ 41.09 24 $ 99,001 Shares purchased December 1, 2023 to December 31, 2023 332 $ 41.98 332 $ 85,066 356 $ 41.92 (1) On November 27, 2023, we announced that our Board of Directors authorized the repurchase of up to $100 million of our common stock.
Biggest changeIssuer Purchases of Equity Securities A summary of stock repurchases during the three months ended December 31, 2024 is presented below: (in thousands, except for per share data) Shares Purchased Average Price Paid Per Share Total Number of Shares Purchased as Part of Publicly Announced Plan (1) Approximate Dollar Value of Shares that May Yet Be Purchased Under Plan (1) Shares purchased October 1, 2024 to October 31, 2024 $ $ 235,075 Shares purchased November 1, 2024 to November 30, 2024 728 41.19 728 205,088 Shares purchased December 1, 2024 to December 31, 2024 474 42.19 474 185,089 1,202 $ 41.59 (1) In November 2023, our Board of Directors authorized the repurchase of up to $100 million of our common stock.
Item 5. Market for Registrant's Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities Market Information for Common Stock Our common stock trades on the Nasdaq Global Select Market under the ticker symbol "TENB." Holders of Record At December 31, 2023, we had 22 holders of record.
Item 5. Market for Registrant's Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities Market Information for Common Stock Our common stock trades on the Nasdaq Global Select Market under the ticker symbol "TENB." Holders of Record At December 31, 2024, we had 19 holders of record.
Repurchases under the share repurchase program may be made in the open market, in privately negotiated transactions, or in such other manner as determined by us, including through repurchase plans complying with the rules and regulations of the Securities and Exchange Commission. The authorization has no expiration date. 46 Table of Contents
In October 2024, our Board of Directors increased the repurchase authorization by $200 million. Repurchases under the share repurchase program may be made in the open market, in privately negotiated transactions, or in such other manner as determined by us, including through repurchase plans complying with the rules and regulations of the Securities and Exchange Commission.
Removed
Unregistered Sales of Equity Securities On October 2, 2023, in connection with our acquisition of Ermetic, we issued 311,160 shares of restricted common stock to certain key Ermetic employees.
Added
The authorization has no expiration date. Item 6. Reserved 48 Table of Contents
Removed
These shares have not been registered under the Securities Act of 1933, as amended, or the securities laws of any state of the United States in reliance upon certain exemptions from registration under said acts and may not be offered or sold absent to registration or pursuant to an exemption therefrom.
Removed
The foregoing did not involve any underwriters, underwriting discounts or commissions, or any public offering. The sales were exempt from registration under the Securities Act in reliance on Section 4(a)(2) of the Securities Act (and Regulation D or Regulation S promulgated thereunder) as transactions by an issuer not involving any public offering.
Removed
The recipients of the securities represented their intentions to acquire the securities for investment only and not with a view to, or for sale in connection with, any distribution thereof, and appropriate legends were placed on the share certificates issued.
Removed
The shares are deemed restricted securities, and unless so registered, may not be offered or sold in the United States except pursuant to an exemption from the registration requirements of the Securities Act. All recipients had adequate access, through their relationships with us, to information about us. The sales of these securities were made without any general solicitation or advertising.
Removed
The shares issued were subject to vesting agreements and were unvested as of their issuance.

Item 7. Management's Discussion & Analysis

Management's Discussion & Analysis (MD&A) — revenue / margin commentary

77 edited+11 added34 removed69 unchanged
Biggest changeInvesting Activities From 2022 to 2023, net cash used in investing activities increased by $84.6 million, primarily due to an increase in cash paid for acquisitions of $176.5 million, partially offset by a $71.6 million net increase in sales of short-term investments, $10.0 million in cash paid for other investments in 2022, a $7.7 million decrease in purchases of property and equipment and a $2.7 million decrease in capitalized software development costs. 65 Table of Contents From 2021 to 2022, net cash used in investing activities decreased by $263.6 million, primarily due to a decrease in cash paid for acquisitions of $191.7 million and a net decrease in cash paid for short-term investments of $89.4 million in 2022, partially offset by an increase in capitalized software development costs of $7.1 million, an increase in purchases of property and equipment of $5.5 million and an increase in cash paid for other investments of $5.0 million.
Biggest changeInvesting Activities From 2023 to 2024, net cash used in investing activities decreased by $171.2 million, primarily due to a decrease in cash paid for acquisitions of $214.1 million, a $3.5 million increase in proceeds from our investments in private companies and a $0.6 million decrease in capitalized software development costs, partially offset by a $43.3 million net decrease in sales of short-term investments, a $2.5 million increase in purchases of property and equipment, and a $1.3 million increase in cash paid for other investments. 62 Table of Contents From 2022 to 2023, net cash used in investing activities increased by $84.6 million, primarily due to an increase in cash paid for acquisitions of $176.5 million, partially offset by a $71.6 million net increase in sales of short-term investments, $10.0 million in cash paid for other investments in 2022, a $7.7 million decrease in purchases of property and equipment and a $2.7 million decrease in capitalized software development costs.
Calculated current billings in any one period may be impacted by the timing and amount of new sales transactions, the timing and amount of renewal transactions, including early renewals, the mix of the amount of subscriptions and perpetual licenses, the timing of billing professional services, as well as the timing and amount of multi-year prepaid contracts, all of which could favorably or unfavorably impact quarter-to-quarter and year-over-year comparisons.
Calculated current billings in any one period may be impacted by the timing and amount of new sales transactions, the timing and amount of renewal transactions, including early renewals, the mix of the amount of subscriptions and perpetual licenses and the timing of billing professional services, as well as the timing and amount of multi-year prepaid contracts, all of which could favorably or unfavorably impact quarter-to-quarter and year-over-year comparisons.
Interest Income, Interest Expense and Other Expense, Net Interest income consists of income earned on cash and cash equivalents and short-term investments. Interest expense consists primarily of interest expense in connection with our senior secured term loan facility, or Term Loan, unused commitment fees on our senior secured revolving credit facility, or Revolving Credit Facility, and letter of credit fees.
Interest Income, Interest Expense and Other Expense, Net Interest income consists of income earned on cash and cash equivalents and short-term investments. Interest expense consists primarily of interest expense in connection with our Term Loan, unused commitment fees on our senior secured revolving credit facility, or Revolving Credit Facility, and letter of credit fees.
Financing Activities From 2022 to 2023, net cash provided by financing activities decreased by $22.1 million, primarily due to the repurchase of common stock under our stock repurchase program of $14.9 million and an $8.2 million decrease in proceeds from the exercise of stock options, partially offset by a $1.4 million increase in proceeds from stock issued in connection with our employee stock purchase program.
From 2022 to 2023, net cash provided by financing activities decreased by $22.1 million, primarily due to the repurchase of common stock under our stock repurchase program of $14.9 million and an $8.2 million decrease in proceeds from the exercise of stock options, partially offset by a $1.4 million increase in proceeds from stock issued in connection with our employee stock purchase program.
Sales commissions on contract renewals are capitalized and amortized ratably over the contract term, with the exception of contracts with renewal periods that are one year or less, in which case the incremental costs are expensed as incurred.
Sales commissions on contract renewals are capitalized and amortized ratably over the contract term, with the exception of contracts with renewal periods that are one year or less, in which case the incremental costs are expensed as incurred.
We expect our sales and marketing expense to increase in absolute dollars annually and to be our largest operating expense category for the foreseeable future. However, as our revenue increases, we expect our sales and marketing expense to decrease as a percentage of our revenue over the long term.
We expect our sales and marketing expense to increase in absolute dollars annually and to be our largest operating expense category for the foreseeable future. However, as our revenue increases, we expect our sales and marketing expense to decrease as a percentage of our revenue in 2025 and over the long term.
We believe free cash flow is an important liquidity measure of the cash (if any) that is available, after purchases of property and equipment and capitalized software development costs, for investment in our business and to make acquisitions. We believe that free cash flow is useful as a liquidity measure because it measures our ability to generate or use cash.
We believe free cash flow is an important liquidity measure of the cash (if any) that is available, after purchases of property and equipment and capitalized software development costs, for investment in our business and to make acquisitions. We believe that free cash flow is useful as a liquidity measure because it measures our ability to generate cash.
Gross profit, or revenue less cost of revenue, and gross margin, or gross profit as a percentage of revenue, have been and will continue to be affected by various factors, including the timing of our acquisition of new customers and our 55 Table of Contents renewals of and follow-on sales to existing customers, the costs associated with operating our cloud-based platform, the extent to which we expand our customer support team and the extent to which we can increase the efficiency of our technology and infrastructure through technological improvements.
Gross profit, or revenue less cost of revenue, and gross margin, or gross profit as a percentage of revenue, have been and will continue to be affected by various factors, including the timing of our acquisition of new customers and our renewals of and follow-on sales to existing customers, the costs associated with operating our cloud-based platform, the extent to which we expand our customer support team and the extent to which we can increase the efficiency of our technology and infrastructure through technological improvements.
The following table presents our dollar-based net expansion rate: December 31, (in thousands) 2023 2022 2021 Dollar-based net expansion rate 111 % 117 % 117 % 52 Table of Contents Non-GAAP Income from Operations and Non-GAAP Operating Margin We use non-GAAP income from operations along with non-GAAP operating margin as key indicators of our financial performance.
The following table presents our dollar-based net expansion rate: 52 Table of Contents December 31, (in thousands) 2024 2023 2022 Dollar-based net expansion rate 108 % 111 % 117 % Non-GAAP Income from Operations and Non-GAAP Operating Margin We use non-GAAP income from operations along with non-GAAP operating margin as key indicators of our financial performance.
The assumptions used to estimate the fair value of the option awards reflect our best estimates. If any of the assumptions change significantly, stock-based compensation for future awards may differ significantly compared with the awards granted previously. The assumptions and estimates are as follows: Fair Value of Common Stock. See “Valuations” discussion below. Expected Term.
The assumptions used to estimate the fair value of the option awards reflect our best estimates. If any of the assumptions change significantly, stock-based compensation for future awards may differ significantly compared with the awards granted previously. The assumptions and estimates are as follows: Fair Value of Common Stock. See Valuations below. Expected Term.
(5) The tax impact of acquisitions in 2023 includes the deferred tax benefits of the Alsid acquisition and a reversal of deferred tax expense related to indefinite-lived intangible assets.
(5) The tax impact of acquisitions in 2024 includes the deferred tax benefits of the 2021 Alsid acquisition. The tax impact of acquisitions in 2023 includes the deferred tax benefits of the Alsid acquisition and a reversal of deferred tax expense related to indefinite-lived intangible assets.
At December 31, 2023, we were in compliance with the covenants and at December 31, 2023, we had $0.2 million of standby letters of credit outstanding under the Revolving Credit Facility.
At December 31, 2024, we were in compliance with the covenants and had $0.2 million of standby letters of credit outstanding under the Revolving Credit Facility.
December 31, 2023 2022 2021 Number of customers with $100,000 and greater in annual contract value at end of period 1,721 1,420 1,095 Dollar-Based Net Expansion Rate Our dollar-based net expansion rate reflects both our customer retention and ability to drive additional sales to our existing customers.
December 31, 2024 2023 2022 Number of customers with $100,000 and greater in annual contract value at end of period 1,988 1,721 1,420 Dollar-Based Net Expansion Rate Our dollar-based net expansion rate reflects both our customer retention and ability to drive additional sales to our existing customers.
Prior to our IPO, we did not raise any primary institutional capital, and the proceeds of our Series A and Series B redeemable convertible preferred stock financings were used to repurchase shares of capital stock from former stockholders. We have generated significant operating losses, as reflected by our accumulated deficit of $825.0 million at December 31, 2023.
Prior to our IPO, we did not raise any primary institutional capital, and the proceeds of our Series A and Series B redeemable convertible preferred stock financings were used to repurchase shares of capital stock from former stockholders. We have generated significant operating losses as reflected by our accumulated deficit of $861.3 million at December 31, 2024.
The fair value of the 2018 ESPP purchase rights were estimated on the offering or modification dates based on the following assumptions: Year Ended December 31, 2023 2022 2021 Expected term (in years) 0.5 2.0 0.5 2.0 0.5 2.0 Expected volatility 46.9% 58.1% 42.8% 61.0% 37.2% 59.4% Risk-free interest rate 4.8% 5.4% 0.1% 3.4% 0.1% 0.2% Expected dividend yield 68 Table of Contents Business Combinations We account for business combinations by recognizing the fair value of acquired assets and liabilities.
The fair value of the 2018 ESPP purchase rights were estimated on the offering or modification dates based on the following assumptions: Year Ended December 31, 2024 2023 2022 Expected term (in years) 0.5 2.0 0.5 2.0 0.5 2.0 Expected volatility 31.9% 51.4% 46.9% 58.1% 42.8% 61.0% Risk-free interest rate 3.8% 5.1% 4.8% 5.4% 0.1% 3.4% Expected dividend yield Business Combinations We account for business combinations by recognizing the fair value of acquired assets and liabilities.
We generally determine the fair value of acquired technology using the multi-period excess earnings method, a form of the income approach. Estimates in valuing identifiable intangible assets include, but are not limited to, projected revenue growth rates, obsolescence projections and an appropriate discount rate.
We generally determine the fair value of acquired technology using the multi-period excess earnings method, a form of the income approach. However, in certain situations we may use the cost approach. Estimates in valuing identifiable intangible assets include, but are not limited to, projected revenue growth rates, obsolescence projections and an appropriate discount rate.
The Term Loan bears interest at a rate of 2.75% per annum over SOFR, subject to a 0.50% floor, plus a credit spread adjustment depending on the interest period. From January to December 2023, interest rates on our Term Loan have been between 7.16% and 8.21%.
The Term Loan bears interest at a rate of 2.75% per annum over SOFR, subject to a 0.50% floor, plus a credit spread adjustment depending on the interest period. From January to December 2024, interest rates on our Term Loan have been between 7.44% and 8.22%.
This estimate may change over time. Professional services and other revenue is primarily comprised of advisory services and training related to the deployment and optimization of our products. These services do not result in significant customization of our products. Professional services and other revenue is recognized as the services are performed.
Professional services and other revenue is primarily comprised of advisory services and training related to the deployment and optimization of our products. These services do not result in significant customization of our products. Professional services and other revenue is recognized as the services are performed.
We may be subject to mandatory Term Loan prepayments related to the excess cash provisions in the Credit Agreement if our first lien net leverage ratio (as defined in the Credit Agreement) exceeds 3.5, and at December 31, 2023, our first lien net leverage ratio was 1.28.
We may be subject to mandatory Term Loan prepayments related to the excess cash provisions in the Credit Agreement if our first lien net leverage ratio (as defined in the Credit Agreement) exceeds 3.5. At December 31, 2024, our first lien net leverage ratio was 0.86.
(6) The tax impact of the intra-entity transfers is related to current tax expense based on the applicable Israeli tax rates resulting from our internal restructuring of Cymptom in 2022 and Indegy in 2021.
(6) The tax impact of the intra-entity transfer in 2024 is additional tax incurred related to the 2021 internal restructuring of Indegy. The tax impact of the intra-entity transfer in 2022 is related to current tax expense based on the applicable Israeli tax rates resulting from our internal restructuring of Cymptom.
At December 31, 2023, we had other non-cancellable purchase obligations of $26.1 million due in the next twelve months and $22.1 million due thereafter. Additionally, we had $8.3 million of unrecognized tax benefits and $1.4 million of asset retirement obligations, the timing of payments for which is uncertain.
At December 31, 2024, we had other non-cancellable purchase obligations of $24.5 million due in the next twelve months and $10.5 million due thereafter. Additionally, we had $8.5 million of unrecognized tax benefits and $1.4 million of asset retirement obligations, the timing of payments for which is uncertain.
Because of these and other limitations, you should consider calculated current billings along with revenue and our other GAAP financial results. 50 Table of Contents The following table presents a reconciliation of revenue, the most directly comparable financial measure calculated in accordance with GAAP, to calculated current billings: Year Ended December 31, (in thousands) 2023 2022 2021 Revenue $ 798,710 $ 683,191 $ 541,130 Deferred revenue (current), end of period 580,779 502,115 407,498 Deferred revenue (current), beginning of period (1) (506,192) (408,443) (331,462) Calculated current billings $ 873,297 $ 776,863 $ 617,166 _______________ (1) Deferred revenue (current), beginning of period for 2023, 2022 and 2021 includes $4.1 million, $0.9 million and $2.6 million, respectively, related to acquired deferred revenue.
Because of these and other limitations, you should consider calculated current billings along with revenue and our other GAAP financial results. 50 Table of Contents The following table presents a reconciliation of revenue, the most directly comparable financial measure calculated in accordance with GAAP, to calculated current billings: Year Ended December 31, (in thousands) 2024 2023 2022 Revenue $ 900,021 $ 798,710 $ 683,191 Deferred revenue (current), end of period 650,372 580,779 502,115 Deferred revenue (current), beginning of period (1) (580,887) (506,192) (408,443) Calculated current billings $ 969,506 $ 873,297 $ 776,863 _______________ (1) Deferred revenue (current), beginning of period for 2024, 2023 and 2022 includes $0.1 million, $4.1 million and $0.9 million, respectively, related to acquired deferred revenue.
The following table presents a reconciliation of loss from operations, the most directly comparable financial measure calculated in accordance with GAAP, to non-GAAP income from operations, and operating margin, the most directly comparable financial measure calculated in accordance with GAAP, to non-GAAP operating margin: Year Ended December 31, (dollars in thousands) 2023 2022 2021 Loss from operations $ (52,160) $ (67,815) $ (41,768) Stock-based compensation 145,327 120,633 79,405 Acquisition-related expenses 9,472 2,642 6,901 Restructuring 4,499 Costs related to intra-entity asset transfer (1) 838 Amortization of acquired intangible assets 13,859 11,372 6,447 Non-GAAP income from operations $ 120,997 $ 67,670 $ 50,985 Operating margin (7) % (10) % (8) % Non-GAAP operating margin 15 % 10 % 9 % ________________ (1) The costs related to the intra-entity asset transfer resulted from our internal restructuring of Cymptom.
The following table presents a reconciliation of loss from operations, the most directly comparable financial measure calculated in accordance with GAAP, to non-GAAP income from operations, and operating margin, the most directly comparable financial measure calculated in accordance with GAAP, to non-GAAP operating margin: Year Ended December 31, (dollars in thousands) 2024 2023 2022 Loss from operations $ (6,856) $ (52,160) $ (67,815) Stock-based compensation 163,515 145,327 120,633 Acquisition-related expenses 1,932 9,472 2,642 Restructuring 6,070 4,499 Costs related to intra-entity asset transfer (1) 838 Amortization of acquired intangible assets 19,457 13,859 11,372 Non-GAAP income from operations $ 184,118 $ 120,997 $ 67,670 Operating margin (1) % (7) % (10) % Non-GAAP operating margin 20 % 15 % 10 % ________________ (1) The costs related to the intra-entity asset transfer resulted from our internal restructuring of Cymptom.
We believe that these non-GAAP measures provide important information because they facilitate comparisons of our core operating results over multiple periods. 53 Table of Contents The following table presents a reconciliation of net loss and net loss per share, the most comparable financial measures calculated in accordance with GAAP, to non-GAAP net income and non-GAAP earnings per share: Year Ended December 31, (in thousands, except for per share amounts) 2023 2022 2021 Net loss $ (78,284) $ (92,222) $ (46,677) Stock-based compensation 145,327 120,633 79,405 Tax impact of stock-based compensation (1) 2,017 2,103 617 Acquisition-related expenses (2) 9,472 2,642 6,901 Restructuring (2) 4,499 Costs related to intra-entity asset transfer (3) 838 Amortization of acquired intangible assets (4) 13,859 11,372 6,447 Tax impact of acquisitions (5) 265 (3,703) (10,560) Tax impact of intra-entity asset transfers (6) 2,652 2,808 Non-GAAP net income $ 97,155 $ 44,315 $ 38,941 Net loss per share, diluted $ (0.68) $ (0.83) $ (0.44) Stock-based compensation 1.25 1.08 0.75 Tax impact of stock-based compensation (1) 0.02 0.02 0.01 Acquisition-related expenses (2) 0.08 0.02 0.06 Restructuring (2) 0.04 Costs related to intra-entity asset transfer (3) 0.01 Amortization of acquired intangible assets (4) 0.11 0.10 0.06 Tax impact of acquisitions (5) (0.03) (0.10) Tax impact of intra-entity asset transfers (6) 0.03 0.03 Adjustment to diluted earnings per share (7) (0.02) (0.02) (0.03) Non-GAAP earnings per share, diluted $ 0.80 $ 0.38 $ 0.34 Weighted-average shares used to compute GAAP net loss per share, diluted 115,408 111,321 106,387 Weighted-average shares used to compute non-GAAP earnings per share, diluted 120,714 117,534 114,825 ________________ (1) The tax impact of stock-based compensation is based on the tax treatment for the applicable tax jurisdictions.
We believe that these non-GAAP measures provide important information because they facilitate comparisons of our core operating results over multiple periods. 53 Table of Contents The following table presents a reconciliation of net loss and net loss per share, the most comparable financial measures calculated in accordance with GAAP, to non-GAAP net income and non-GAAP earnings per share: Year Ended December 31, (in thousands, except for per share amounts) 2024 2023 2022 Net loss $ (36,301) $ (78,284) $ (92,222) Stock-based compensation 163,515 145,327 120,633 Tax impact of stock-based compensation (1) 2,845 2,017 2,103 Acquisition-related expenses (2) 1,932 9,472 2,642 Restructuring (2) 6,070 4,499 Costs related to intra-entity asset transfer (3) 838 Amortization of acquired intangible assets (4) 19,457 13,859 11,372 Tax impact of acquisitions (5) (161) 265 (3,703) Tax impact of intra-entity asset transfers (6) 1,232 2,652 Non-GAAP net income $ 158,589 $ 97,155 $ 44,315 Net loss per share, diluted $ (0.31) $ (0.68) $ (0.83) Stock-based compensation 1.38 1.25 1.08 Tax impact of stock-based compensation (1) 0.03 0.02 0.02 Acquisition-related expenses (2) 0.02 0.08 0.02 Restructuring (2) 0.05 0.04 Costs related to intra-entity asset transfer (3) 0.01 Amortization of acquired intangible assets (4) 0.16 0.11 0.10 Tax impact of acquisitions (5) (0.03) Tax impact of intra-entity asset transfers (6) 0.01 0.03 Adjustment to diluted earnings per share (7) (0.05) (0.02) (0.02) Non-GAAP earnings per share, diluted $ 1.29 $ 0.80 $ 0.38 Weighted-average shares used to compute GAAP net loss per share, diluted 118,789 115,408 111,321 Weighted-average shares used to compute non-GAAP earnings per share, diluted 123,370 120,714 117,534 ________________ (1) The tax impact of stock-based compensation is based on the tax treatment for the applicable tax jurisdictions.
At December 31, 2023, we had deferred revenue of $750.5 million, of which $580.8 million was recorded as a current liability and is expected to be recognized as revenue in the next 12 months, provided all other revenue recognition criteria are met.
At December 31, 2024, we had deferred revenue of $833.2 million, of which $650.4 million was recorded as a current liability and is expected to be recognized as revenue in the next 12 months, provided all other revenue recognition criteria are met.
Cash Flows The following table summarizes our cash flows for the periods presented: Year Ended December 31, (in thousands) 2023 2022 2021 Net cash provided by operating activities $ 149,855 $ 131,151 $ 96,765 Net cash used in investing activities (212,615) (128,039) (391,590) Net cash provided by financing activities 1,251 23,318 397,646 Effect of exchange rate changes on cash and cash equivalents and restricted cash (2,225) (3,835) (3,013) Net (decrease) increase in cash and cash equivalents and restricted cash $ (63,734) $ 22,595 $ 99,808 Operating Activities Our largest source of cash provided by operating activities is cash collections from sales of our products and services, as we typically invoice our customers in advance.
Cash Flows The following table summarizes our cash flows for the periods presented: Year Ended December 31, (in thousands) 2024 2023 2022 Net cash provided by operating activities $ 217,476 $ 149,855 $ 131,151 Net cash used in investing activities (41,431) (212,615) (128,039) Net cash (used in) provided by financing activities (79,401) 1,251 23,318 Effect of exchange rate changes on cash and cash equivalents and restricted cash (5,129) (2,225) (3,835) Net increase (decrease) in cash and cash equivalents and restricted cash $ 91,515 $ (63,734) $ 22,595 Operating Activities Our largest source of cash provided by operating activities is cash collections from sales of our products and services, as we typically invoice our customers in advance.
Research and Development Year Ended December 31, Change (dollars in thousands) 2023 2022 ($) (%) Research and development $ 153,163 $ 143,560 $ 9,603 7 % The increase in research and development expense of $9.6 million was primarily due to: a $9.6 million increase in personnel costs, largely associated with an increase in headcount, including a $5.7 million increase in stock-based compensation and a $1.4 million decrease in capitalized software development costs; a $4.8 million increase in third-party cloud infrastructure costs; a $1.0 million increase in allocated overhead expenses; a $0.5 million increase in travel and meeting costs; and 59 Table of Contents a $0.4 million increase in depreciation expense; partially offset by a $4.3 million decrease in costs for independent contractors; and a $2.3 million increase in tax credits.
Research and Development Year Ended December 31, Change (dollars in thousands) 2024 2023 ($) (%) Research and development $ 181,624 $ 153,163 $ 28,461 19 % The increase in research and development expense of $28.5 million was primarily due to: a $21.3 million increase in personnel costs, largely associated with an increase in headcount, including a $10.4 million increase in stock-based compensation; a $2.9 million increase in allocated overhead expenses; a $1.7 million increase in third-party cloud infrastructure costs; a $0.8 million decrease in tax credits; a $0.6 million increase in travel and meeting costs; and 59 Table of Contents a $0.5 million increase in software subscriptions.
Our principal uses of cash in recent periods have been funding our operations, expansion of our sales and marketing and research and development activities, investments in infrastructure, including the build-out of our new headquarters, and acquiring complementary businesses and technology. We paid $243.3 million and $66.8 million to acquire businesses in 2023 and 2022, respectively.
Our principal uses of cash in recent periods have been funding our operations, expansion of our sales and marketing and research and development activities, investments in infrastructure, acquiring complementary businesses and technology and repurchasing shares of our common stock. We paid $29.2 million, $243.3 million and $66.8 million to acquire businesses in 2024, 2023 and 2022, respectively.
In recognizing revenue, we apply the following steps: Identify the contract with a customer Identify the performance obligations in the contract Determine the transaction price Allocate the transaction price to the performance obligations in the contract Recognize revenue when or as performance obligations are satisfied In situations where we enter into a contractual arrangement that includes non-standard terms and conditions, such as acceptance provisions and options to purchase additional products and services, as well as contract modifications, we apply judgment in identifying and assessing the impact on revenue recognition. 66 Table of Contents We generate revenue from subscription arrangements for our software and cloud-based solutions, perpetual licenses, maintenance associated with perpetual licenses and professional services and other revenue.
In recognizing revenue, we apply the following steps: Identify the contract with a customer Identify the performance obligations in the contract Determine the transaction price Allocate the transaction price to the performance obligations in the contract Recognize revenue when or as performance obligations are satisfied In situations where we enter into a contractual arrangement that includes non-standard terms and conditions, such as acceptance provisions and options to purchase additional products and services, as well as contract modifications, we apply judgment in identifying and assessing the impact on revenue recognition.
We expect our gross profit to increase in absolute dollars but our gross margin may fluctuate from period to period depending on the interplay of all of these factors, particularly as it relates to cloud infrastructure costs, as we expect revenue from our cloud-based subscriptions to increase as a percentage of revenue.
We expect our gross profit to increase in absolute dollars but our gross margin may fluctuate from period to period depending on the interplay of all of these factors, particularly as it relates to cloud infrastructure costs, as we expect revenue from our cloud-based subscriptions to increase as a percentage of revenue. 55 Table of Contents Operating Expenses Our operating expenses consist of sales and marketing, research and development, general and administrative and restructuring expenses.
We sell and market our products and services through our field sales force that works closely with our channel partners, which includes a network of distributors and resellers, in developing sales opportunities.
We sell and market our products and services through our field sales force that works closely with our channel network of distributors, resellers and managed security service providers (MSSPs), in developing sales opportunities.
Provision for Income Taxes Year Ended December 31, Change (dollars in thousands) 2023 2022 ($) (%) Provision for income taxes $ 10,883 $ 6,933 $ 3,950 (57) % In 2023, the provision for income taxes included: $5.8 million of income taxes in foreign jurisdictions in which we conduct business; $5.3 million of discrete expenses primarily related to withholding taxes on sales to customers; partially offset by $0.2 million of deferred tax benefits related to the Alsid acquisition.
In 2023, the provision for income taxes included: $5.8 million of income taxes in foreign jurisdictions in which we conduct business; and $5.3 million of discrete expenses primarily related to withholding taxes on sales to customers; partially offset by $0.2 million of deferred tax benefits related to the Alsid acquisition.
Liquidity and Capital Resources At December 31, 2023, we had $237.1 million of cash and cash equivalents, which consisted of bank deposits and money market funds, and $236.8 million of short-term investments, which consisted of commercial paper, asset backed securities, certificates of deposit, U.S. Treasury and agency obligations, and corporate and supranational bonds.
Liquidity and Capital Resources At December 31, 2024, we had $328.6 million of cash and cash equivalents, which consisted of bank deposits and money market funds, and $248.5 million of short-term investments, which consisted of commercial paper, asset backed securities, U.S. Treasury and agency obligations and corporate and Yankee bonds.
When the critical utility of our software does not depend on ongoing updates, we recognize revenue attributable to the license at the time of delivery and the revenue attributable to the maintenance and support ratably over the contract period. Our perpetual licenses are generally sold with one or more years of maintenance, which includes ongoing software updates.
When the critical utility of our software does not depend on ongoing updates, we recognize revenue attributable to the license at the time of delivery and the revenue attributable to the maintenance and support ratably over the contract period.
Cost of Revenue, Gross Profit and Gross Margin Cost of revenue includes personnel costs related to our technical support group that provides assistance to customers, including salaries, benefits, bonuses, payroll taxes, stock-based compensation and any severance.
We expect longer purchasing and approval phases of our sales cycle to continue in 2025. Cost of Revenue, Gross Profit and Gross Margin Cost of revenue includes personnel costs related to our technical support group that provides assistance to customers, including salaries, benefits, bonuses, payroll taxes, stock-based compensation and any ordinary course severance.
Our estimate of fair value is based upon assumptions we believe to be reasonable, but which are inherently uncertain and, as a result, actual results may differ from estimates. During the measurement period, we may make adjustments to the fair value of assets acquired and liabilities assumed, with offsetting adjustments to goodwill.
Our estimate of fair value is based upon assumptions we believe to be reasonable, but which are inherently uncertain and, as a result, actual results may differ from estimates.
Even though we generated positive cash flows from operations and free cash flow in 2023, 2022 and 2021, we may not be able to sustain these cash flows.
We expect to continue incurring operating losses in the near term. Even though we generated positive cash flows from operations and free cash flow in 2024, 2023 and 2022, we may not be able to sustain these cash flows.
If we are unable to raise additional capital when desired, or if we cannot expand our operations or otherwise capitalize on our business opportunities because we lack sufficient capital, our business, operating results and financial condition would be adversely affected. 64 Table of Contents Stock Repurchase Plan In November 2023, our Board of Directors authorized the repurchase of up to $100 million of our common stock.
If we are unable to raise additional 61 Table of Contents capital when desired, or if we cannot expand our operations or otherwise capitalize on our business opportunities because we lack sufficient capital, our business, operating results and financial condition would be adversely affected.
Contractual Obligations We have certain contractual obligations for future payments. See Note 7 to our Consolidated Financial Statements in this Annual Report on Form 10-K for our required operating lease payments and Note 9 for our required payments to Microsoft and Amazon Web Services for cloud services.
Contractual Obligations We have certain contractual obligations for future payments. See Note 7 to our consolidated financial statements for our required operating lease payments and Note 9 for our required payments to Microsoft and AWS for cloud services.
Operating Expenses Sales and Marketing Year Ended December 31, Change (dollars in thousands) 2023 2022 ($) (%) Sales and marketing $ 393,450 $ 349,430 $ 44,020 13 % The increase in sales and marketing expense of $44.0 million was primarily due to: a $22.9 million increase in personnel costs, related to an increase in headcount, including an $11.9 million increase in stock-based compensation; a $9.8 million increase in expenses for demand generation programs, including advertising, sponsorships, and brand awareness efforts; a $9.3 million increase in selling expenses, including travel and meeting costs and software subscription costs; a $1.6 million increase in allocated overhead expenses; and a $0.3 million increase in depreciation expense.
Operating Expenses Sales and Marketing Year Ended December 31, Change (dollars in thousands) 2024 2023 ($) (%) Sales and marketing $ 395,385 $ 393,450 $ 1,935 % The increase in sales and marketing expense of $1.9 million was primarily due to: a $4.7 million increase in sales commissions; a $2.8 million increase in allocated overhead expenses; a $2.2 million increase in expenses for demand generation programs, including advertising, sponsorships, and brand awareness efforts; and a $0.2 million increase in selling expenses, including travel and meeting costs and software subscription costs; partially offset by a $7.6 million decrease in personnel costs, net of a $1.4 million increase in stock-based compensation; and a $0.4 million decrease in depreciation expense.
Term Loan and Revolving Credit Facility In July 2021, we entered into a credit agreement, or the Credit Agreement, which is comprised of a $375.0 million Term Loan and a $50.0 million Revolving Credit Facility, with a $15.0 million letter of credit sublimit. On June 1, 2023, we began using SOFR for the base interest rate instead of LIBOR.
Term Loan and Revolving Credit Facility In July 2021, we entered into a credit agreement, or the Credit Agreement, which is comprised of a $375.0 million Term Loan and a $50.0 million Revolving Credit Facility, with a $15.0 million letter of credit sublimit.
Stock-Based Compensation Stock-based compensation expense related to stock options, restricted stock, restricted stock units, or RSUs, and purchase rights issued under our 2018 Employee Stock Purchase Plan, or the 2018 ESPP, is calculated based on the fair value of the awards granted and is recognized on a straight-line basis over the requisite service period, which is generally two to four years.
While we believe that the estimates we have made are reasonable and appropriate, different assumptions and estimates could materially impact our reported financial results. 64 Table of Contents Stock-Based Compensation Stock-based compensation expense related to stock options, restricted stock, restricted stock units, or RSUs, and purchase rights issued under our 2018 Employee Stock Purchase Plan, or the 2018 ESPP, is calculated based on the fair value of the awards granted and is recognized on a straight-line basis over the requisite service period, which is generally two to four years.
Revenue for sales through our channel network, which is fixed, is recorded net of any distributor or reseller margin. 67 Table of Contents Deferred Commissions Sales commissions, including related incremental fringe benefit costs, are considered to be incremental costs of obtaining a contract, and therefore are deferred over an estimated period of benefit, which ranges between three and four years for subscription arrangements and five years for perpetual license arrangements.
Deferred Commissions Sales commissions, including related incremental fringe benefit costs, are considered to be incremental costs of obtaining a contract, and therefore are deferred over an estimated period of benefit, which ranges between three and four years for subscription arrangements and five years for perpetual license arrangements.
International revenue increased $59.9 million, or 20%. 58 Table of Contents Cost of Revenue, Gross Profit and Gross Margin Year Ended December 31, Change (dollars in thousands) 2023 2022 ($) (%) Cost of revenue $ 183,577 $ 154,789 $ 28,788 19 % Gross profit 615,133 528,402 86,731 16 % Gross margin 77 % 77 % The increase in cost of revenue of $28.8 million was primarily due to: a $12.2 million increase in personnel costs, primarily due to support for cloud-based products and an increase in headcount, including a $2.9 million increase in stock-based compensation; a $10.3 million increase in third-party cloud infrastructure costs; a $2.5 million increase in the amortization of acquired intangible assets; a $1.8 million increase in depreciation and amortization; a $0.7 million increase in allocated overhead expenses; a $0.5 million increase in subscription costs; and a $0.3 million increase in professional fees.
International revenue increased $57.3 million, or 16%. 58 Table of Contents Cost of Revenue, Gross Profit and Gross Margin Year Ended December 31, Change (dollars in thousands) 2024 2023 ($) (%) Cost of revenue $ 199,668 $ 183,577 $ 16,091 9 % Gross profit 700,353 615,133 85,220 14 % Gross margin 78 % 77 % The increase in cost of revenue of $16.1 million was primarily due to: a $5.6 million increase in amortization of acquired intangible assets; a $3.5 million increase in third-party cloud infrastructure costs; a $2.2 million increase in professional fees; a $1.7 million increase in personnel costs, including a $1.4 million increase in stock-based compensation; a $1.1 million increase in depreciation and amortization; a $0.8 million increase in allocated overhead expenses; and a $0.8 million increase in subscription costs.
We expect our general and administrative expense to continue to increase in absolute dollars and decrease as a percentage of our revenue over the long term, although our general and administrative expense may fluctuate from period to period due to the timing and extent of these expenses. 56 Table of Contents Restructuring Restructuring expenses consist of non-ordinary course severance, employee related benefits and other charges to reorganize business operations.
We expect our general and administrative expense to continue to increase in absolute dollars and decrease as a percentage of our revenue over the long term, although our general and administrative expense may fluctuate from period to period due to the timing and extent of these expenses.
As we intend to continue to reinvest the earnings of foreign subsidiaries indefinitely, we have not provided for a U.S. income tax liability and foreign withholding taxes on undistributed foreign earnings of foreign subsidiaries.
As we intend to continue to reinvest the earnings of foreign subsidiaries indefinitely, we have not provided for a U.S. income tax liability and foreign withholding taxes on undistributed foreign earnings of foreign subsidiaries. Recently Issued Accounting Pronouncements See Note 1 to our consolidated financial statements for more information regarding recently issued accounting pronouncements.
We expect to maintain this full valuation allowance for the foreseeable future as it is more likely than not that some or all of those deferred tax assets may not be realized based on our history of losses. 57 Table of Contents Results of Operations The following tables set forth our consolidated results of operations for the periods presented: Year Ended December 31, (in thousands) 2023 2022 2021 Revenue $ 798,710 $ 683,191 $ 541,130 Cost of revenue (1) 183,577 154,789 106,396 Gross profit 615,133 528,402 434,734 Operating expenses: Sales and marketing (1) 393,450 349,430 270,158 Research and development (1) 153,163 143,560 116,432 General and administrative (1) 116,181 103,227 89,912 Restructuring 4,499 Total operating expenses 667,293 596,217 476,502 Loss from operations (52,160) (67,815) (41,768) Interest income 24,700 6,284 606 Interest expense (31,339) (19,001) (7,502) Other expense, net (8,602) (4,757) (1,965) Loss before income taxes (67,401) (85,289) (50,629) Provision (benefit) for income taxes 10,883 6,933 (3,952) Net loss $ (78,284) $ (92,222) $ (46,677) _______________ (1) Includes stock-based compensation expense as follows: Year Ended December 31, (in thousands) 2023 2022 2021 Cost of revenue $ 11,247 $ 8,369 $ 4,446 Sales and marketing 61,322 49,383 29,410 Research and development 37,225 31,499 20,593 General and administrative 35,533 31,382 24,956 Total stock-based compensation expense $ 145,327 $ 120,633 $ 79,405 Comparison of 2023 and 2022 Revenue Year Ended December 31, Change (dollars in thousands) 2023 2022 ($) (%) Subscription revenue $ 725,013 $ 612,510 $ 112,503 18 % Perpetual license and maintenance revenue 48,729 50,699 (1,970) (4) % Professional services and other revenue 24,968 19,982 4,986 25 % Revenue $ 798,710 $ 683,191 $ 115,519 17 % The increase in revenue of $115.5 million included $125.9 million from existing customers as of January 1, 2023 net of a decrease from new customers of $10.4 million as compared to the prior year.
We expect to maintain this full valuation allowance for the foreseeable future as it is more likely than not that some or all of those deferred tax assets may not be realized based on our history of losses. 57 Table of Contents Results of Operations The following tables set forth our consolidated results of operations for the periods presented: Year Ended December 31, (in thousands) 2024 2023 2022 Revenue $ 900,021 $ 798,710 $ 683,191 Cost of revenue (1) 199,668 183,577 154,789 Gross profit 700,353 615,133 528,402 Operating expenses: Sales and marketing (1) 395,385 393,450 349,430 Research and development (1) 181,624 153,163 143,560 General and administrative (1) 124,130 116,181 103,227 Restructuring 6,070 4,499 Total operating expenses 707,209 667,293 596,217 Loss from operations (6,856) (52,160) (67,815) Interest income 23,325 24,700 6,284 Interest expense (31,920) (31,339) (19,001) Other expense, net (3,435) (8,602) (4,757) Loss before income taxes (18,886) (67,401) (85,289) Provision for income taxes 17,415 10,883 6,933 Net loss $ (36,301) $ (78,284) $ (92,222) _______________ (1) Includes stock-based compensation expense as follows: Year Ended December 31, (in thousands) 2024 2023 2022 Cost of revenue $ 12,677 $ 11,247 $ 8,369 Sales and marketing 62,727 61,322 49,383 Research and development 47,656 37,225 31,499 General and administrative 40,455 35,533 31,382 Total stock-based compensation expense $ 163,515 $ 145,327 $ 120,633 Comparison of 2024 and 2023 Revenue Year Ended December 31, Change (dollars in thousands) 2024 2023 ($) (%) Subscription revenue $ 824,659 $ 725,013 $ 99,646 14 % Perpetual license and maintenance revenue 47,774 48,729 (955) (2) % Professional services and other revenue 27,588 24,968 2,620 10 % Revenue $ 900,021 $ 798,710 $ 101,311 13 % The increase in revenue of $101.3 million included $101.1 million from existing customers as of January 1, 2024 and $0.2 million from new customers.
Operating expenses also include depreciation and amortization as well as allocated overhead costs, including IT and facilities costs. Sales and Marketing Sales and marketing expense consists of personnel costs, sales commissions, marketing programs, travel and entertainment, expenses for conferences, meetings and events and allocated overhead costs.
Sales and Marketing Sales and marketing expense consists of personnel costs, sales commissions, marketing programs, travel and entertainment, expenses for conferences, meetings and events and allocated overhead costs.
Any adjustments made after the measurement period will be reflected in the consolidated statements of operations. Acquisition-related costs are expensed as incurred. Goodwill The excess purchase consideration over the fair value of acquired assets and liabilities is recorded as goodwill.
During the measurement period, we may make adjustments to the fair value of assets acquired and liabilities assumed, with offsetting adjustments to goodwill. 65 Table of Contents Any adjustments made after the measurement period will be reflected in the consolidated statements of operations. Acquisition-related costs are expensed as incurred.
General and Administrative Year Ended December 31, Change (dollars in thousands) 2023 2022 ($) (%) General and administrative $ 116,181 $ 103,227 $ 12,954 13 % The increase in general and administrative expense of $13.0 million was primarily due to: a $5.6 million increase in personnel costs, largely associated with an increase in headcount, including a $4.2 million increase in stock-based compensation; a $3.5 million increase in acquisition-related expenses; a $2.1 million increase in professional fees; a $1.1 million increase in indirect taxes such as VAT, GST and other; a $0.9 million increase in bank charges; and a $0.5 million increase in travel and meeting costs; partially offset by a $0.8 million decrease in costs related to intra-entity asset transfers.
General and Administrative Year Ended December 31, Change (dollars in thousands) 2024 2023 ($) (%) General and administrative $ 124,130 $ 116,181 $ 7,949 7 % The increase in general and administrative expense of $7.9 million was primarily due to: an $8.6 million increase in personnel costs, largely associated with an increase in headcount, including a $4.9 million increase in stock-based compensation; a $5.1 million increase in professional fees; and a $0.9 million increase in software subscriptions; partially offset by a $4.2 million decrease in acquisition-related expenses; and a $2.6 million decrease in allocated overhead expenses.
Deferred tax assets and liabilities are measured using the tax rates that are expected to apply to taxable income for the years in which those tax assets and liabilities are expected to be realized or settled.
We have elected to treat taxes related to Global Intangible Low Taxed Income, or GILTI, as a period cost. Deferred tax assets and liabilities are measured using the tax rates that are expected to apply to taxable income for the years in which those tax assets and liabilities are expected to be realized or settled.
The Revolving Credit Facility bears interest at a rate, depending on first lien net leverage, ranging from 2.00% to 2.50% over SOFR and matures on July 7, 2026.
The Revolving Credit Facility bears interest at a rate, depending on first lien net leverage, ranging from 2.00% to 2.50% over SOFR and matures on July 7, 2026. We pay a commitment fee during the term ranging from 0.25% to 0.375% per annum of the average daily undrawn portion of our Revolving Credit Facility.
Perpetual License and Maintenance Revenue Our perpetual licenses are generally sold with one or more years of maintenance, which include ongoing software updates and the ongoing ability to identify the latest cybersecurity vulnerabilities.
Perpetual License and Maintenance Revenue Our perpetual licenses are generally sold with one or more years of maintenance that include ongoing software updates to identify the latest cybersecurity vulnerabilities, which provide critical utility to the software. We recognize perpetual license revenue over a five-year estimated economic life of the expected customer contract.
New enterprise platform customers represent new customer logos during the periods presented and do not include customer conversions from Tenable Nessus Expert to enterprise platforms. (2) The number of new enterprise platform customers added in 2023 and 2021 include 104 and 95 legacy customers, respectively, of companies we acquired.
New enterprise platform customers represent new customer logos during the periods presented and do not include customer conversions from Tenable Nessus Expert to enterprise platforms.
The following table presents a reconciliation of net cash provided by operating activities, the most directly comparable financial measure calculated in accordance with GAAP, to free cash flow: Year Ended December 31, (in thousands) 2023 2022 2021 Net cash provided by operating activities $ 149,855 $ 131,151 $ 96,765 Purchases of property and equipment (1,704) (9,359) (3,887) Capitalized software development costs (7,052) (9,789) (2,674) Free cash flow (1) $ 141,099 $ 112,003 $ 90,204 _______________ (1) Free cash flow for the periods presented was impacted by: Year Ended December 31, (in thousands) 2023 2022 2021 Cash paid for interest and other financing costs $ 34,323 $ 16,047 $ 4,978 Employee stock purchase plan activity 1,077 837 (283) Acquisition-related expenses (9,336) (2,655) (6,464) Costs related to intra-entity asset transfers (838) Tax payment on intra-entity asset transfers (2,697) (2,808) Capital expenditures related to new headquarters (928) Free cash flow in 2022 was benefited by approximately $8 million from prepayments of software subscription costs, insurance and rent made in prior quarters. 51 Table of Contents Customer Metrics We believe that our customer base provides a significant opportunity to expand sales of our enterprise platform offerings.
The following table presents a reconciliation of net cash provided by operating activities, the most directly comparable financial measure calculated in accordance with GAAP, to free cash flow: Year Ended December 31, (in thousands) 2024 2023 2022 Net cash provided by operating activities $ 217,476 $ 149,855 $ 131,151 Purchases of property and equipment (4,247) (1,704) (9,359) Capitalized software development costs (6,451) (7,052) (9,789) Free cash flow $ 206,778 $ 141,099 $ 112,003 Free cash flow for the periods presented was impacted by: Year Ended December 31, (in thousands) 2024 2023 2022 Cash paid for interest and other financing costs (1) $ (30,977) $ (34,323) $ (16,047) Employee stock purchase plan activity (1,016) 1,077 837 Acquisition-related expenses (1,496) (9,336) (2,655) Restructuring (5,911) Costs related to intra-entity asset transfers (838) Tax payment on intra-entity asset transfers (1) (1,232) (2,697) 51 Table of Contents _______________ (1) Th e tax payment on intra-entity asset transfer in 2024 includes $0.3 million of interest that is included in cash paid for interest and other financing costs.
All of these products are also offered as standalone solutions, alongside Nessus. Our platform offerings are primarily sold on a subscription basis with a one-year term. Our subscription terms are generally not longer than three years. These offerings are typically prepaid in advance. To a lesser extent, we recognize revenue ratably from perpetual licenses and from the related ongoing maintenance.
Our products, including Nessus are also offered on a standalone basis. Our platform offerings are primarily sold on a subscription basis with a one-year term. Our subscription terms are generally not longer than three years. These offerings are typically prepaid in advance.
These services do not result in significant customization of our products. Professional services and other revenue is recognized as the services are performed. Contracts with Multiple Performance Obligations In cases where our contracts with customers contain multiple performance obligations, the contract transaction price is allocated on a relative standalone selling price basis.
Contracts with Multiple Performance Obligations In cases where our contracts with customers contain multiple performance obligations, the contract transaction price is allocated on a relative standalone selling price basis. We typically determine standalone selling price based on observable selling prices of our products and services.
Tenable One builds on the speed and breadth of vulnerability coverage from Tenable Research and adds aggregated exposure view analytics, guidance on mitigating attack pathways and a centralized asset inventory. Tenable One incorporates Tenable Vulnerability Management, Tenable Web App Scanning, Tenable Lumin, Tenable Cloud Security, Tenable Identity Exposure, Tenable Attack Surface Management, Tenable Security Center and Tenable OT Security.
Tenable One builds on the speed and breadth of vulnerability coverage from our research team of cybersecurity and data science experts, or Tenable Research, and adds aggregated exposure view analytics, guidance on mitigating attack pathways and a centralized asset inventory.
We have recorded deferred tax assets for which a full valuation allowance has been provided, including net operating loss carryforwards and tax credits.
Provision for Income Taxes Provision for income taxes consists of income taxes in all jurisdictions in which we conduct business and the related withholding taxes on sales with customers. We have recorded deferred tax assets for which a full valuation allowance has been provided, including net operating loss carryforwards and tax credits.
Sales through our channel partner network of distributors and resellers are generally discounted as compared to the price that we would sell to an end user.
We have not historically experienced significant incidents affecting the ability to meet these service level commitments and any estimated refunds related to these agreements have not been material. Sales through our channel partner network of distributors and resellers are generally discounted as compared to the price that we would sell to an end user.
Operating Expenses Our operating expenses consist of sales and marketing, research and development, general and administrative expenses and restructuring expenses. Personnel costs are the most significant component of operating expenses and consist of salaries, benefits, bonuses, payroll taxes, stock-based compensation and ordinary course severance.
Personnel costs are the most significant component of operating expenses and consist of salaries, benefits, bonuses, payroll taxes, stock-based compensation and ordinary course severance. Operating expenses also include depreciation and amortization as well as allocated overhead costs, including IT and facilities costs.
We perform our annual impairment assessment on October 1, or more frequently, when events or circumstances indicate impairment may have occurred.
Goodwill The excess purchase consideration over the fair value of acquired assets and liabilities is recorded as goodwill. We perform our annual impairment assessment on October 1, or more frequently, when events or circumstances indicate impairment may have occurred.
Subscription Revenue Our subscription arrangements generally have annual or multi-year contractual terms and allow customers to use our software or cloud solutions.
We generate revenue from subscription arrangements for our software and cloud-based solutions, perpetual licenses, maintenance associated with perpetual licenses and professional services and other revenue. 63 Table of Contents Subscription Revenue Our subscription arrangements generally have annual or multi-year contractual terms and allow customers to use our software or cloud solutions.
Provision (Benefit) for Income Taxes Year Ended December 31, Change (dollars in thousands) 2022 2021 ($) (%) Provision (benefit) for income taxes $ 6,933 $ (3,952) $ 10,885 (275) % In 2022, the provision for income taxes included: $4.8 million of income taxes in foreign jurisdictions in which we conduct business; $3.9 million of discrete expenses primarily related to withholding taxes on sales to customers; and $2.7 million of current expense from the restructuring of our research and development operations in Israel; partially offset by a $2.5 million benefit from releasing a valuation allowance related to the Bit Discovery acquisition; $1.2 million of deferred tax benefits related to the Alsid acquisition; and $0.8 million of discrete benefits.
Provision for Income Taxes Year Ended December 31, Change (dollars in thousands) 2024 2023 ($) (%) Provision for income taxes $ 17,415 $ 10,883 $ 6,532 60 % In 2024, the provision for income taxes included: $6.9 million of discrete expenses primarily related to withholding taxes on sales to customers; 60 Table of Contents $6.2 million of income taxes in foreign jurisdictions in which we conduct business; $3.3 million related to Base Erosion and Anti-Abuse Tax, or BEAT; and $1.2 million of additional tax incurred related to the 2021 restructuring of Indegy; partially offset by $0.2 million of deferred tax benefits related to the Alsid acquisition.
The following tables summarize key components of our customer base: Year Ended December 31, 2023 2022 2021 Number of new enterprise platform customers added in period (1)(2) 1,788 2,078 1,882 _______________ (1) We define an enterprise platform customer as a customer that has licensed Tenable One, Tenable Venerability Management, Tenable Cloud Security, Tenable Identity Exposure, Tenable OT Security or Tenable Security Center for an annual amount of $5,000 or greater.
We define an enterprise platform customer as a customer that has licensed Tenable One, Tenable Vulnerability Management, Tenable Cloud Security, Tenable Identity Exposure, Tenable OT Security or Tenable Security Center for an annual amount of $5,000 or greater.
The $12.3 million increase in interest expense was primarily due 60 Table of Contents to an increase in the variable rate of our Term Loan. The $3.8 million increase in other expense, net was primarily due to $5.6 million of impairment losses on our SAFE investments partially offset by a decrease in foreign exchange losses.
The $5.2 million decrease in other expense, net was primarily due to $5.6 million of impairment losses on our simple agreements for future equity, or SAFE, investments in 2023 and a $1.5 million gain on the conversion of a SAFE investment to an investment in preferred stock in 2024, partially offset by a $1.9 million increase in foreign exchange losses.
Our subscription arrangements generally have annual or multi-year contractual terms to use our software or cloud-based solutions, including ongoing software updates during the contractual period.
We begin to recognize revenue when control of our software or services is transferred to the customer, which for sales made through our channel network is typically concurrent with the transfer to the end user. Our subscription arrangements generally have annual or multi-year contractual terms to use our software or cloud-based solutions, including ongoing software updates during the contractual period.
Interest Income, Interest Expense and Other Expense, Net Year Ended December 31, Change (dollars in thousands) 2023 2022 ($) (%) Interest income $ 24,700 $ 6,284 $ 18,416 293 % Interest expense (31,339) (19,001) (12,338) 65 % Other expense, net (8,602) (4,757) (3,845) 81 % The $18.4 million increase in interest income was due to a higher interest rate on an increased average amount of cash and cash equivalents and short-term investments.
Interest Income, Interest Expense and Other Expense, Net Year Ended December 31, Change (dollars in thousands) 2024 2023 ($) (%) Interest income $ 23,325 $ 24,700 $ (1,375) (6) % Interest expense (31,920) (31,339) (581) 2 % Other expense, net (3,435) (8,602) 5,167 (60) % The $1.4 million decrease in interest income was primarily due to lower interest rates on our cash and cash equivalents and short-term investments.
Our cash flows from operating activities were $149.9 million, $131.2 million and $96.8 million in 2023, 2022 and 2021, respectively. 49 Table of Contents Financial Highlights Below are our key financial results: Year Ended December 31, (in thousands, except per share data) 2023 2022 2021 Revenue $ 798,710 $ 683,191 $ 541,130 Loss from operations (52,160) (67,815) (41,768) Net loss (78,284) (92,222) (46,677) Net loss per share, basic and diluted (0.68) (0.83) (0.44) Net cash provided by operating activities 149,855 131,151 96,765 Purchases of property and equipment (1,704) (9,359) (3,887) Capitalized software development costs (7,052) (9,789) (2,674) Key Operating and Financial Metrics To supplement our consolidated financial statements, which are prepared and presented in accordance with GAAP, we use and monitor the following operating and financial metrics, which include non-GAAP financial measures, to understand and evaluate our core operating and financial performance.
We typically use a two-tiered channel model whereby we sell our enterprise platform offerings to our distributors, who in turn sell to our resellers, who then sell to end users, who we call customers. 49 Table of Contents Financial Highlights Below are our key financial results: Year Ended December 31, (in thousands, except per share data) 2024 2023 2022 Revenue $ 900,021 $ 798,710 $ 683,191 Loss from operations (6,856) (52,160) (67,815) Net loss (36,301) (78,284) (92,222) Net loss per share, basic and diluted (0.31) (0.68) (0.83) Net cash provided by operating activities 217,476 149,855 131,151 Purchases of property and equipment (4,247) (1,704) (9,359) Capitalized software development costs (6,451) (7,052) (9,789) Recurring revenue, which includes revenue from subscription arrangements for software (both recognized ratably over the subscription term and upon delivery) and cloud-based solutions and maintenance associated with perpetual licenses, represented 96% of revenue in 2024 and 95% of revenue in 2023 and 2022.
While we believe that the estimates we have made are reasonable and appropriate, different assumptions and estimates could materially impact our reported financial results.
We have estimated the five-year economic life of perpetual license contracts based on historical contract attrition, expected renewal periods, the lifecycle of the our technology and other factors. While we believe that the estimates we have made are reasonable and appropriate, different assumptions and estimates could impact our financial results.
We may in the future enter into arrangements to acquire or invest in other complementary businesses, services and technologies, including intellectual property rights. We expect to continue incurring operating losses in the near term.
In February 2025, we acquired Vulcan Cyber Ltd., or Vulcan Cyber, for approximately $148 million in cash and $2 million of restricted stock units (RSUs) that vest over a future period. We expect to enter into arrangements to acquire or invest in other complementary businesses, services and technologies, including intellectual property rights, in the future.
We typically determine standalone selling price based on observable selling prices of our products and services. Variable Consideration We record revenue from sales at the net sales price, which is the transaction price, including estimates of variable consideration when applicable.
Variable Consideration We record revenue from sales at the net sales price, which is the transaction price, including estimates of variable consideration when applicable. Certain of our customers may be entitled to receive credits and in certain circumstances, refunds, if service level commitments are not met.
Other expense, net consists primarily of foreign currency remeasurement and transaction gains and losses and impairment losses related to our non-marketable simple agreements for future equity ("SAFE") investments. Provision (Benefit) for Income Taxes Provision (benefit) for income taxes consists of income taxes in all foreign jurisdictions in which we conduct business and the related withholding taxes on sales with customers.
Other expense, net consists primarily of foreign currency remeasurement and transaction gains and losses and any realized and unrealized gains and losses, including impairment losses and gains related to our non-marketable investments.
While we believe that the estimates we have made are reasonable and appropriate, different assumptions and estimates could materially impact our reported financial results. Professional Services and Other Revenue Professional services and other revenue is primarily comprised of advisory services and training related to the deployment and optimization of our products.
Professional Services and Other Revenue Professional services and other revenue is primarily comprised of advisory services and training related to the deployment and optimization of our products. These services do not result in significant customization of our products. Professional services and other revenue is recognized as the services are performed.
The $11.5 million increase in interest expense was primarily related to interest expense for our Term Loan entered into in July 2021. The $2.8 million increase in other expense, net was primarily due to an increase in foreign exchange losses.
The $0.6 million increase in interest expense was primarily due to an increase in the variable rate of our Term Loan.
Restructuring Year Ended December 31, Change (dollars in thousands) 2023 2022 ($) (%) Restructuring $ 4,499 $ $ 4,499 100 % The $4.5 million in restructuring includes non-ordinary course severance and employee related benefits related to the optimization of our go-to-market efforts, including reducing our reliance on sales specialists and streamlining layers of management.
Restructuring Year Ended December 31, Change (dollars in thousands) 2024 2023 ($) (%) Restructuring $ 6,070 $ 4,499 $ 1,571 35 % The increase in restructuring of $1.6 million was due to a $4.5 million non-cash impairment of leasehold improvements and furniture and fixtures that was recorded in connection with the sublease of a portion of our headquarters in 2024, net of a decrease of $2.9 million in non-ordinary course severance and employee-related benefits.
From 2021 to 2022, net cash provided by financing activities decreased by $374.3 million, primarily due to the net proceeds from the issuance of our Credit Facility in 2021 of $365.7 million, a decrease of $6.5 million in the proceeds from the exercise of stock options and $3.8 million of principal payments made on our Term Loan in 2022, partially offset by a $1.1 million increase in proceeds from stock issued in connection with our employee stock purchase plan.
Financing Activities From 2023 to 2024, net cash used in financing activities increased by $80.7 million, primarily due to an $85.0 million increase in the repurchase of common stock under our stock repurchase program partially offset by a $4.6 million increase in proceeds from the exercise of stock options.
Removed
Exposure management is an effective discipline for managing, measuring and comparing cybersecurity risk in today's complex IT environments. Our Tenable One Exposure Management Platform, or Tenable One, unifies a variety of data sources into a single exposure view to help organizations gain visibility, prioritize efforts and communicate cyber risks.
Added
Exposure management i s the evolution of vulnerability management, advancing risk assessment and prioritization across the entire attack surface – from IT infrastructure to cloud environments to critical infrastructure. Tenable unifies security visibility, insight and action across this attack surface, equipping modern organizations to expose and close the cybersecurity gaps that erode business value, reputation and trust.
Removed
Building on our existing products, Tenable One is designed to take advantage of the integrations that already exist with our partners and form the foundation of an exposure management program, alongside the other tools, such as endpoint detection and response and firewalls, and required business processes.

42 more changes not shown on this page.

Item 7A. Quantitative and Qualitative Disclosures About Market Risk

Market Risk — interest-rate, FX, commodity exposure

6 edited+0 added1 removed5 unchanged
Biggest changeFrom January to December 2023, interest rates on our Term Loan have been between 7.16% and 8.21%. A one percentage point increase in the rate would increase 2024 interest expense by $2.7 million.
Biggest changeFrom January to December 2024, interest rates on our Term Loan have been between 7.44% and 8.22%. In February 2025, our Term Loan had an interest rate of 7.18%. A one percentage point increase in the rate would not have had a material impact on our financial statements.
Further strengthening of the U.S. dollar compared to other currencies could result in lower international sales as our products would seem more expensive and could result in lower international operating costs as the U.S. dollar is the functional currency for all of our international subsidiaries.
Strengthening of the U.S. dollar compared to other currencies could result in lower international sales as our products would seem more expensive and could result in lower international operating costs as the U.S. dollar is the functional currency for all of our international subsidiaries.
A portion of our operating expenses are incurred outside the United States, denominated in foreign currencies and subject to fluctuations due to changes in foreign currency exchange rates, particularly changes in the Euro, British Pound, Australian dollar, Israeli New Shekel and Indian Rupee.
A portion of our operating expenses are incurred outside the United States, denominated in foreign currencies and subject to fluctuations due to changes in foreign currency exchange rates, particularly changes in the Euro, British Pound, Australian dollar, Israeli New Shekel, Indian Rupee and Brazilian Real.
Inflation Risk While we do not believe that inflation has had a material effect on our business, results of operations, or financial condition through December 31, 2023, our costs, specifically employee-related and third-party cloud infrastructure costs, may become subject to significant inflationary pressures, and our inability or failure to fully offset such higher costs could harm our business, results of operations, or financial condition. 70 Table of Contents
Inflation Risk While we do not believe that inflation has had a material effect on our business, results of operations, or financial condition through December 31, 2024, our costs, specifically employee-related and third-party cloud infrastructure costs, may become subject to significant inflationary pressures, and our inability or failure to fully offset such higher costs could harm our business, results of operations, or financial condition. 67 Table of Contents
Item 7A. Quantitative and Qualitative Disclosures about Market Risk We are exposed to market risks in the ordinary course of our business, including interest rate, foreign currency exchange and inflation risks. Interest Rate Risk At December 31, 2023, we had $237.1 million of cash and cash equivalents, which consisted of cash deposits and money market funds.
Item 7A. Quantitative and Qualitative Disclosures about Market Risk We are exposed to market risks in the ordinary course of our business, including interest rate, foreign currency exchange and inflation risks. Interest Rate Risk At December 31, 2024, we had $328.6 million of cash and cash equivalents, which consisted of cash deposits and money market funds.
We also had $236.8 million of short-term investments, which consisted of commercial paper, asset backed securities, certificates of deposit, U.S. treasury and agency securities and corporate and supranational bonds. Our investments are carried at their fair market values with cumulative unrealized gains or losses recorded as a component of accumulated other comprehensive income (loss) within stockholders' equity.
We also had $248.5 million of short-term investments, which consisted of commercial paper, asset backed securities, U.S. treasury and agency securities and corporate and Yankee bonds. Our investments are carried at 66 Table of Contents their fair market values with cumulative unrealized gains or losses recorded as a component of accumulated other comprehensive (loss) income within stockholders' equity.
Removed
In 2023, the U.S. dollar strengthened compared to other currencies, which likely negatively impacted our international sales growth and lowered certain international operating expenses.

Other TENB 10-K year-over-year comparisons