What changed in Zscaler, Inc.'s 10-K — 2024 vs 2025
vs
Paragraph-level year-over-year comparison of Zscaler, Inc.'s 2024 and 2025 10-K annual filings, covering the Business, Risk Factors, Legal Proceedings, Cybersecurity, MD&A and Market Risk sections. Every new, removed and edited paragraph is highlighted side-by-side so you can see exactly what management changed in the 2025 report.
+481 added−455 removedSource: 10-K (2025-09-11) vs 10-K (2024-09-12)
Top changes in Zscaler, Inc.'s 2025 10-K
481 paragraphs added · 455 removed · 352 edited across 7 sections
- Item 1A. Risk Factors+195 / −184 · 165 edited
- Item 1. Business+148 / −126 · 77 edited
- Item 7. Management's Discussion & Analysis+119 / −122 · 93 edited
- Item 7A. Quantitative and Qualitative Disclosures About Market Risk+8 / −13 · 8 edited
- Item 5. Market for Registrant's Common Equity+5 / −5 · 4 edited
Item 1. Business
Business — how the company describes what it does
77 edited+71 added−49 removed49 unchanged
Item 1. Business
Business — how the company describes what it does
77 edited+71 added−49 removed49 unchanged
2024 filing
2025 filing
Biggest changeWhen a user's experience is suffering or an event is negatively impacting user experience, ZDX utilizes AI-enabled root cause analysis to allow an organization to isolate where in the network path an issue is occurring and whether it is caused by a user’s device, the WiFi connection, the local internet connection, a service provider in the path or the destination application itself.
Biggest changeZDX leverages advanced AI-enabled root cause analysis to proactively pinpoint issues in the network path, providing detailed insights into whether disruptions stem from a user’s device, WiFi connection, local internet, service provider or the destination application itself. It also leverages AI-driven automation to deliver end-to-end visibility into user experience, network performance and application health.
The primary use cases for our ZPA solution include: • remote workforce access to private applications without legacy VPN, providing zero trust from office to data center; • deliver user-to-application segmentation, thus eliminating the risk of lateral threat propagation enabled by legacy Firewall and VPN based security architecture; • providing non-employees with secure access to internal applications; • securely connecting business-to-business, or B2B, customers, service providers and supplier access to applications typically deployed as business to business portals in an extranet; • direct-to-cloud access to internally managed applications hosted in public cloud environments, such as Azure, AWS and GCP; and • access to applications following a merger or acquisition by providing named users with access to named applications, without the need to merge networks.
The primary use cases for our ZPA solution include: • remote workforce access to private applications without legacy VPN, providing Zero Trust from office to data center; • deliver user-to-application segmentation, thus eliminating the risk of lateral threat propagation enabled by legacy Firewall and VPN based security architecture; • providing non-employees with secure access to internal applications; • securely connecting B2B customers, service providers and supplier access to applications typically deployed as B2B portals in an extranet; • direct-to-cloud access to internally managed applications hosted in public cloud environments, such as Azure, AWS and GCP; and • access to applications following a merger or acquisition by providing named users with access to named applications, without the need to merge networks.
Experience Management - Zscaler Digital Experience ZDX is designed to measure end-to-end user experience across key business applications, providing an easy to understand digital experience score for each user, application and location within an enterprise. As users have become mobile and applications have moved to the cloud, traditional network performance monitoring tools have become increasingly irrelevant.
Zscaler Digital Experience ZDX is designed to measure end-to-end user experience across key business applications, providing an easy-to-understand digital experience score for each user, application and location within an enterprise. As users have become mobile and applications have moved to the cloud, traditional network performance monitoring tools have become increasingly irrelevant.
For allowed connections, our ZPA 7 Table of Contents solution also provides Web Application Firewall functionality, including OWASP Top 10 protections for threats, such as Structured Query Language injection and cross-site scripting, to block common attack vectors. • Reduce Attack Surface: Our architecture utilizes inside out connections that are outbound from users to the Zero Trust Exchange platform, which allows customers to deny all inbound connections.
For allowed connections, our ZPA solution also provides Web Application Firewall functionality, including OWASP Top 10 protections for threats, such as Structured Query Language injection and cross-site scripting, to block common attack vectors. 6 Table of Contents • Reduce Attack Surface: Our architecture utilizes inside out connections that are outbound from users to the Zero Trust Exchange platform, which allows customers to deny all inbound connections.
Enterprises can no longer collect performance metrics or indicators along the traditional network path as they could when they owned the network and applications ran in their own data centers.
Enterprises can no longer reliably collect performance metrics or indicators along the traditional network path as they could when they owned the network and applications ran in their own data centers.
Our customers operate in a variety of industries, including automotive, airlines and transportation, conglomerates, consumer goods and retail, energy, financial services, healthcare, insurance, manufacturing, media and communications, public sector and education, technology and telecommunications services. Approximately 50% of our revenue was from customers outside the United States for all periods presented.
Our customers operate in a variety of industries, including automotive, airlines and transportation, conglomerates, consumer goods and retail, energy, financial services, healthcare, insurance, manufacturing, media and communications, public sector and education, technology and telecommunications services. Approximately 49% of our revenue was from customers outside the United States for all periods presented.
The principal competitive factors in the markets in which we operate include: • delivering security from the cloud regardless of location of the user; • platform features, effectiveness and extensibility; • platform reliability, availability and scalability; • rapid development and delivery of new capabilities and services; • ability to integrate with other participants in the security and networking ecosystem; • price, total cost of ownership and network cost savings; • brand awareness, reputation and trust in the provider’s services; • strength of sales, marketing and channel partner relationships; and • quality of customer support.
The principal competitive factors in the markets in which we operate include: • delivering security from the cloud regardless of location of the user; • platform features, effectiveness and extensibility; • platform reliability, availability and scalability; • rapid development and delivery of new capabilities and services; • ability to integrate with other participants in the security and networking ecosystem; • price, total cost of ownership and network cost savings; • brand awareness, reputation and trust in the provider’s services; • strength of sales, marketing and channel partner relationships; and 16 Table of Contents • quality of customer support.
Our competitors and potential competitors include legacy on-premises appliance vendors and other vendors across a number of categories: • independent IT security vendors, which offer a broad mix of network and endpoint security products; • large networking and other vendors, which offer security appliances and/or incorporate security capabilities in their networking products and other services; • companies with point solutions that compete with some of the features of our cloud platform, such as proxy, firewall, CASB, sandboxing and advanced threat protection, data loss prevention, encryption, load balancing and VPN; and 13 Table of Contents • other providers of IT security services that offer, or may leverage related technologies to introduce, products that compete with or are alternatives to our cloud platform.
Our competitors and potential competitors include legacy on-premises appliance vendors and other vendors across a number of categories: • independent IT security vendors, which offer a broad mix of network and endpoint security products; • large networking and other vendors, which offer security appliances and/or incorporate security capabilities in their networking products and other services; • companies with point solutions that compete with some of the features of our cloud platform, such as proxy, firewall, CASB, sandboxing and advanced threat protection, AI security, data loss prevention, encryption, load balancing and VPN; and • other providers of IT security services that offer, or may leverage related technologies to introduce, products that compete with or are alternatives to our cloud platform.
Our Identity Protection capability provides continuous visibility into identity misconfigurations and at risk permissions by scanning common identity providers. Identity Protection augments this visibility with guidance in the form of scripts, commands and tutorials to remediate these issues and reduce customers’ internal attack surface.
Our Identity Protection capability provides continuous visibility into identity misconfigurations and at-risk permissions by scanning common identity providers. Identity Protection augments this visibility with guidance in the form of scripts, commands and tutorials to remediate identity risk and reduce customers’ internal attack surface.
In addition to base pay, employees may be eligible for annual bonuses that are tied to our financial performance and long-term equity incentives that vest subject to continued service. Certain employees may also need to achieve defined performance metrics for parts of their long-term incentives to vest.
In addition to base pay, employees may be eligible for performance based bonuses that are tied to our financial performance and long-term equity incentives that vest subject to continued service. Certain employees may also need to achieve defined performance metrics for parts of their long-term incentives to vest.
In addition to our internally developed technology, we also license software, including open source software, from third parties that we integrate into or bundle with our cloud platform. 14 Table of Contents Our industry is characterized by the existence of a large number of patents and frequent claims and related litigation based on allegations of patent infringement or other violations of intellectual property rights.
In addition to our internally developed technology, we also license software, including open source software, from third parties that we integrate into or bundle with our cloud platform. Our industry is characterized by the existence of a large number of patents and frequent claims and related litigation based on allegations of patent infringement or other violations of intellectual property rights.
Data is scanned in RAM only and then erased. Logs are continuously created in memory and forwarded to our logging module. • Zscaler Log Servers: Our technology is built into the Zscaler Enforcement Node to perform lossless compression of logs, enabling our platform to collect over 130 terabytes of unique raw log data every day.
Data is scanned in random-access memory only and then erased. Logs are continuously created in memory and forwarded to our logging module. • Zscaler Log Servers: Our technology is built into the Zscaler Enforcement Node to perform lossless compression of logs, enabling our platform to collect over 130 terabytes of unique raw log data every day.
We offer an employee stock purchase plan, which allows employees to contribute a percentage of their wages to purchase our stock at a discount. In addition to cash and equity compensation, we offer our employees a robust portfolio of benefits, such as health, wellbeing, parental leave and retirement programs, to meet their individual and family needs.
We offer an employee stock purchase plan, which allows employees to contribute a percentage of their wages to purchase our stock at a discount. In addition to cash and equity compensation, we offer our employees a robust portfolio of benefits, such as health, well-being, parental leave and retirement programs, to meet their individual and family needs.
We also became the first cloud-based SaaS security company to achieve StateRamp for state and local governments. Internationally, we are IRAP Protected and APRA in Australia, Cyber Essentials and G-Cloud in the UK, C5 in Germany, “in process” for ITSG-33 Prob B in Canada, ISMAP in Japan, MTCS in Singapore and, most recently, Spain Gov CPSTIC catalog listing and ENS-High.
Government portfolio. We also became the first cloud-based SaaS security company to achieve StateRamp for state and local governments. Internationally, we are IRAP Protected and APRA in Australia, Cyber Essentials and G-Cloud in the UK, C5 in Germany, ITSG-33 Prob B in Canada, ISMAP in Japan, MTCS in Singapore and, most recently, Spain Gov CPSTIC catalog listing and ENS-High.
Additionally, our Email DLP solutions secure corporate email traffic, including Microsoft Exchange and Gmail. • Unified SaaS Security: Our cloud access security broker, or CASB, SaaS security posture management and our SaaS supply chain security combine to discover and control known and unknown applications, identify SaaS misconfigurations, find and mitigate potentially risky third-party connections into those SaaS applications and scan data residing in those applications for threats and data protection violations.
Additionally, our Email DLP solutions secure corporate email traffic, including Microsoft Exchange and Gmail. • Unified SaaS Security: Our CASB, SaaS security posture management, or SSPM, and our SaaS supply chain security combine to discover and control known and unknown applications, identify SaaS misconfigurations, find and mitigate potentially risky third-party connections into those SaaS applications and scan data residing in those applications for threats and data protection violations.
Our Zero Trust SD-WAN solution eliminates lateral threat movement by connecting users and IoT/OT devices to applications through the Zscaler Zero Trust Exchange platform.
Our Zero Trust SD-WAN solution eliminates lateral threat movement by connecting users and IoT/OT devices to applications through our Zero Trust Exchange platform.
We have invested in establishing long-standing relationships with global telecommunications service providers and are expanding our network of global system integrators and regional telecommunications service providers and cloud-centric value-added resellers and public cloud marketplaces. 11 Table of Contents • Expansion and innovation of services.
We have invested in establishing long-standing relationships with global telecommunications service providers and are expanding our network of global system integrators and regional telecommunications service providers and cloud-centric value-added resellers and public cloud marketplaces. • Expansion and innovation of services.
ZPA enforces a global policy engine that manages access to internally managed applications regardless of location. If access is granted to a user, our ZPA solution connects the user’s device only to the authorized application without exposing the identity or location of the application. As a result, applications are not exposed to the internet, further limiting the external attack surface.
ZPA leverages a global policy engine that governs access to internally managed applications regardless of location. If access is granted to a user, our ZPA solution connects the user’s device only to the authorized application without exposing the identity or location of the application. As a result, applications are not exposed to the internet, further limiting the external attack surface.
We do not rely on batch reporting; we continuously update our dashboards and reporting and can stream logs to a third-party security information and event management, or SIEM, service as they arrive. Regardless of where users are located, customers can choose to have logs stored in the United States or the European Union/Switzerland.
We do not rely on batch reporting; we continuously update our dashboards and reporting and can stream logs to a third-party SIEM service as they arrive. Regardless of where users are located, customers can choose to have logs stored in the United States or the European Union/Switzerland.
The platform modules are split into the control plane (Zscaler Central Authority), the enforcement plane (Zscaler Enforcement Nodes) and the logging and statistics plane (Zscaler Log Servers) as described below: 10 Table of Contents • Zscaler Central Authority: The Zscaler Central Authority monitors our entire security cloud and provides a central location for software and database updates, policy and configuration settings and threat intelligence.
The platform modules are split into the control plane (Zscaler Central Authority), the enforcement plane (Zscaler Enforcement Nodes) and the logging and statistics plane (Zscaler Log Servers) as described below: • Zscaler Central Authority: The Zscaler Central Authority monitors our entire security cloud and provides a central location for software and database updates, policy and configuration settings and threat intelligence.
ZIA provides inline content inspection and firewall access controls across all ports and protocols to protect organizations and users from external threats, secure data while at rest and prevent data from leaking out to unauthorized sites. Policies follow the user to provide identical protection on any device, regardless of location; any policy changes are enforced for users worldwide.
ZIA provides inline content inspection and firewall access controls across all ports and protocols to protect organizations and users from external threats, secure data in motion and prevent data from leaking out to unauthorized sites. Policies follow the user to provide identical protection on any device, regardless of location; any policy changes are enforced for users worldwide.
The combination of Zero Trust SD-WAN with Zero Trust Device Segmentation extends the Zero Trust Exchange to protect east-west traffic in branch offices, campuses, factories and plants with critical OT infrastructure, eliminating the need for east-west firewalls, network access controls and traditional microsegmentation solutions, while simultaneously delivering operational simplicity.
The combination of Zero Trust SD-WAN with Zero Trust Device Segmentation extends the Zero Trust Exchange platform to protect east-west traffic in branch offices, campuses, factories and plants with critical OT infrastructure, eliminating the need for east-west firewalls, NACs and traditional microsegmentation solutions, while simultaneously delivering operational simplicity.
We continue to invest in research and development and acquire new technologies and products to add new and differentiated solutions to our existing product portfolio and to improve the overall functionality, reliability, availability and scalability of our cloud security platform. • Expansion into additional market segments. We are targeting the expansion of our immediate addressable market into additional market verticals.
We continue to invest in research and development and acquire new technologies and products to add new and differentiated solutions to our existing product portfolio and to improve the overall functionality, reliability, availability and scalability of our cloud security platform. • Expansion into additional market segments.
Once we detect a new threat to a user, we block it for all users. We call this the “cloud security effect.” • Sandbox: Our cloud sandbox enables enterprises to block zero-day exploits and advanced persistent threats by analyzing unknown files for malicious behavior, and it can scale to every user regardless of location.
We call this the “cloud security effect.” • Sandbox: Our cloud sandbox enables enterprises to block zero-day exploits and advanced persistent threats by analyzing unknown files for malicious behavior, and it can scale to every user regardless of location.
ZPA is designed around four key tenets that fundamentally change the way users access internal applications: • connect users to applications without bringing users on the network; • never expose applications to the internet; • segment access to applications without relying on the traditional approach of network segmentation; and • provide remote access over the internet without virtual private networks, or VPNs.
ZPA is designed around four key tenets that fundamentally change the way users access internal applications: • connect users to applications without bringing users on the network, preventing lateral movement; • never expose applications to the internet; • segment access to applications without relying on the traditional approach of network segmentation; and • provide remote access over the internet without VPNs.
ThreatLabZ, our internal team of security experts, researchers and network engineers, analyzes the global threat landscape, works to eliminate threats across our cloud platform and reports on emerging security issues. Research and development expense was $499.8 million, $349.7 million and $289.1 million for fiscal 2024, fiscal 2023 and fiscal 2022, respectively.
ThreatLabZ, our internal team of security experts, researchers and network engineers, analyzes the global threat landscape, works to eliminate threats across our cloud platform and reports on emerging security issues. Research and development expense was $672.5 million, $499.8 million and $350.8 million for fiscal 2025, fiscal 2024 and fiscal 2023, respectively.
Many of the largest enterprises and government agencies in the world rely on our solutions to help them accelerate their move to the cloud. We have over 8,650 customers across all major geographies, with an emphasis on larger organizations, and we currently count approximately 35% of the Forbes Global 2000 as customers.
Many of the largest enterprises and government agencies in the world rely on our solutions to help them accelerate their move to the cloud. We have over 9,400 customers across all major geographies, with an emphasis on larger organizations, and we currently count approximately 40% of the Forbes Global 2000 and over 45% of Fortune 500 companies as customers.
As of July 31, 2024, we had more than 580 issued patents and pending patent applications, including more than 260 issued patents in the United States and other countries. Our issued patents expire between 2028 and 2043 and cover various aspects of our cloud platform.
As of July 31, 2025, we had more than 725 issued patents and pending patent applications, including more than 325 issued patents in the United States and other countries. Our issued patents expire between 2028 and 2044 and cover various aspects of our cloud platform.
Compliance Since successful completion of an initial independent third-party assessment in 2014, our platform has received numerous industry standard and internationally recognized certifications upon successful completion of further independent third-party assessments, including ISO 27001, ISO 27701, ISO 27018, ISO 27017, SOC2, CSA-STAR, HIPAA and NIST 800-63C. We also built a leading U.S. and international government compliance portfolio.
Compliance Our platform has received numerous industry standard and internationally recognized certifications upon successful completion of further independent third-party assessments, including ISO 27001, ISO 27701, ISO 27018, ISO 27017, SOC2, SOC 3 CSA-STAR and HIPAA. We also built a leading U.S. and international government compliance portfolio.
Data Protection – Our data protection functionality enables enterprises to prevent unauthorized sharing or exfiltration of confidential information across users, devices, servers and workloads, thereby reducing business and compliance risks for our customers.
Data Security Everywhere Our data security functionality enables enterprises to prevent unauthorized sharing or exfiltration of confidential information by users, devices, servers, workloads and AI agents, thereby reducing business and compliance risks for our customers.
Our cloud native, multitenant architecture is distributed across more than 160 data centers globally which brings security and business policy close to users and devices in over 185 countries and provides fast, secure and reliable access. Each day, we block over 150 million threats and perform over 250,000 unique security updates.
Our cloud native, multitenant architecture is distributed across more than 160 public exchanges globally and thousands of private exchanges at the edge, which brings security and business policy close to users and devices in over 185 countries and provides fast, secure and reliable access. Each day, we block over 225 million threats and perform over 250,000 unique security updates.
We have experienced significant growth, with revenue increasing from $1,090.9 million in fiscal 2022 to $1,617.0 million in fiscal 2023 to $2,167.8 million in fiscal 2024, representing year-over-year revenue growth of 48% and 34%, respectively. We experienced net losses of $57.7 million, $202.3 million and $390.3 million in fiscal 2024, fiscal 2023 and fiscal 2022, respectively.
We have experienced significant growth, with revenue increasing from $1,617.0 million in fiscal 2023 to $2,167.8 million in fiscal 2024 to $2,673.1 million in fiscal 2025, representing year-over-year revenue growth of 34% and 23%, respectively. We experienced net losses of $41.5 million, $57.7 million and $202.3 million in fiscal 2025, fiscal 2024 and fiscal 2023, respectively.
Our cloud security platform provides full inline content inspection to assess and correlate the risk of the content to protect against sophisticated attacks, including ransomware and phishing. The cloud platform applies AI and ML across our over 500 billion daily transactions to quickly identify and block unknown threats and to identify and categorize unknown destinations.
Our inline cloud security platform assesses and correlates the risk of the content to protect against sophisticated attacks, including ransomware and phishing. The cloud platform applies AI and machine learning, or ML, across over 500 billion daily transactions to quickly identify and block unknown threats and to identify and categorize unknown destinations.
The program is designed to meet the health needs of our employees through connection and support with flexibility for local and targeted needs. We will continue to review and invest in programs to provide for the health, safety and wellbeing of our employees.
These programs are designed to meet the needs of our employees through connection and support, with flexibility for local and targeted approaches. We will continue to review and invest in programs to provide for the health, safety and well-being of our employees.
By doing transport layer security inspection at scale, we provide malware protection, data loss prevention and CASB functions that can be performed both inline and out-of-band, for specific sanctioned and unsanctioned applications.
By doing TLS inspection at scale, we provide malware protection, DLP and CASB functions that can be performed both inline and out-of-band, for specific sanctioned and unsanctioned applications.
We build the skills and capabilities of our senior leaders through intentional investment in their development and opportunities for them to network, collaborate and problem solve together. To supplement our internal resources, we partner with external development organizations and tools.
We build the skills and capabilities of our senior leaders through intentional investment in their development and opportunities for them to network, collaborate and problem solve together.
Key elements of our growth strategy include: • Continue to win new customers. We believe that we have a significant opportunity to expand our customer base, both in the United States and internationally. We have invested significantly in our sales and marketing organization to execute against this opportunity. • Expand in existing customers.
We believe that we have a significant opportunity to expand our customer base, both in the United States and internationally. We have invested significantly in our sales and marketing organization to execute against this opportunity. • Expansion in existing customers.
We provide inline monitoring of data flows between users and applications, workload to workload, API to 5 Table of Contents API and applications to LLMs, reducing the risk of inadvertently transmitting sensitive data and intellectual property.
We provide inline monitoring of data flows between users and applications, workload to workload, API to API and applications to LLMs with AI-powered auto data discovery, reducing the risk of inadvertently transmitting sensitive data and intellectual property.
We are authorized at the FedRAMP High level and Impact Level 5 with the DOD for ZPA. In addition, in the U.S. we are authorized at both the FedRAMP Moderate and high levels for ZIA and ZPA. We also hold ITAR, FIPS, CJIS and VPAT 508 in our U.S. Government portfolio.
We are authorized at the FedRAMP Moderate and High levels and Impact Level 5 with the DOD for ZPA. In addition, in the U.S. we are authorized at both the FedRAMP Moderate and High levels for ZIA, among others. We also hold CMMC Level 2 certification, ITAR, FIPS, CJIS 15 Table of Contents and VPAT 508 in our U.S.
Government Regulation Our business activities are subject to various federal, state, local and foreign laws, rules, and regulations. Compliance with these laws, rules and regulations has not had, and is not expected to have, a material effect on our capital expenditures, results of operations and competitive position as compared to prior periods.
Compliance with these laws, rules and regulations has not had, and is not expected to have, a material effect on our capital expenditures, results of operations and competitive position as compared to prior periods.
Our Workload Segmentation solution utilizes an innovative, AI-enabled approach that is simpler to deploy and operate than traditional segmentation solutions and improves the security of east-west communication by verifying the identity of the communicating application software, services and processes to achieve a zero trust environment.
Our agent-based offering solution utilizes an innovative, AI-enabled approach that is simpler to deploy and operate than traditional segmentation solutions, and improves the security of east-west communication by verifying the identity of the communicating application software, services and processes to achieve a Zero Trust environment. This reduces the attack surface, resulting in lower risk of application compromise and data breaches.
See “Risk Factors—Risks Related to Our Business—Claims by others that we infringe their proprietary technology or other rights, or other lawsuits asserted against us, could result in significant costs and substantially harm our business, financial condition, results of operations and prospects” for additional information.
See “Risk Factors—Risks Related to Our Business—Claims by others that we infringe their proprietary technology or other rights, or other lawsuits asserted against us, could result in significant costs and substantially harm our business, financial condition, results of operations and prospects” for additional information. 17 Table of Contents Government Regulation Our business activities are subject to various federal, state, local and foreign laws, rules and regulations.
Please note that this list may be updated from time to time. 17 Table of Contents The contents of any website referred to in this Form 10-K are not intended to be incorporated into this Annual Report on Form 10-K or in any other report or document we file. 18 Table of Contents
The contents of any website referred to in this Form 10-K are not intended to be incorporated into this Annual Report on Form 10-K or in any other report or document we file. 19 Table of Contents
Item 1. Business Overview We anticipate, secure and simplify the experience of doing business, transforming today and tomorrow. We were incorporated in 2007, during the early stages of cloud adoption and mobility, based on a vision that the internet would become the new corporate network, as the cloud became the new data center.
We were incorporated in 2007, during the early stages of cloud adoption and mobility, based on a vision that the internet would become the new corporate network, as the cloud became the new data center.
In addition to preventive capabilities, Identity Protection also provides high-fidelity detection for identity-based attacks like stolen credentials, multi-factor authentication bypasses and privilege escalation techniques that typically pass through existing defenses in cases of identity compromise. Our Technology and Architecture We are driven by technology and innovation.
In addition to preventive capabilities, Identity Protection also provides high-fidelity detection for identity-based attacks like stolen credentials, multi-factor authentication bypasses and privilege escalation techniques that typically pass through existing defenses in cases of identity compromise. Agentic IT Operations Zscaler is also extending Agentic Operations to IT through our ZDX product.
We recognize the need to create a flexible working environment that balances collaboration, innovation and connectivity with personal preferences for employees to do their best work. Our employee wellness program, Wellbeing at Z, supports employees across four pillars: physical, emotional, social and financial.
Health, Safety and Well-being The health and safety of our employees is our top priority. We recognize the need to create a flexible working environment that balances collaboration, innovation and connectivity with personal preferences for employees to do their best work. Our employee wellness programs support employees across four pillars: physical, emotional, social and financial.
We encourage our investors and others to review the information we make public in these locations as such information could be deemed to be material information.
We encourage our investors and others to review the information we make public in these locations as such information could be deemed to be material information. Please note that this list may be updated from time to time.
As of July 31, 2024, we had over 8,650 customers, including approximately 35% of the Forbes Global 2000. Many of our customers include major global enterprises that send virtually all of their internet traffic through our cloud security platform.
As of July 31, 2025, we had over 9,400 customers, including approximately 40% of the Forbes Global 2000 and over 45% of Fortune 500 companies. Many of our customers include major global enterprises that send virtually all of their internet traffic through our cloud security platform.
Additional advanced classification techniques including exact data match, index document match and ML-based Optical Character Recognition functionalities, further identity sensitive data and enable our customers to populate their own custom databases scaling to billions of unique fields, including structured and unstructured documents. • Data Loss Prevention: Our data loss prevention, or DLP, technology enables enterprises to alert and/or block transmission or sharing of sensitive data across exfiltration channels.
Additional advanced classification techniques, including exact data match, indexed document matching and ML-based optical character recognition, enable our customers to identify and secure sensitive data across billions of unique structured data fields. • Enterprise Data Loss Prevention: Our data loss prevention, or DLP, technology enables enterprises to alert and/or block transmission or sharing of sensitive data across exfiltration channels.
Our core cloud platform threat prevention services include: • Advanced Threat Protection: Our advanced threat protection functionality uses techniques including AI/ML, signatures and reputation to deliver real-time protection from malicious internet content like browser exploits, scripts, zero-pixel iFrames, malware and botnet callbacks. Over 250,000 unique security updates are performed every day to the Zscaler cloud to keep users protected.
Our core cloud platform threat prevention capabilities include: • Advanced Threat Protection: Our advanced threat protection functionality uses techniques including AI/ML, advanced heuristics, signatures and reputation to deliver real-time protection from malicious internet content like browser exploits, scripts, zero-pixel iFrames, malware and botnet callbacks.
Sales and Marketing Although we have a channel sales model, we use a joint sales approach in which our sales force develops relationships directly with our customers, and together with our channel account teams, works with our channel partners on account penetration, account coordination, sales and overall market development.
No end customer contributed more than 10% of our revenue in fiscal 2025, fiscal 2024 and fiscal 2023. 14 Table of Contents Sales and Marketing Although we have a channel sales model, we use a joint sales approach in which our sales force develops relationships directly with our customers, and together with our channel account teams, works with our channel partners on account penetration, account coordination, sales and overall market development.
Growth Strategies The growing use of the internet and the increasing adoption of the cloud and mobility are driving network and application transformation. As a provider of a fully integrated, multi-tenant cloud security solution, we enable our customers to accelerate this secure transformation to the cloud and believe we are uniquely positioned to maximize value as they undertake these transitions.
As a provider of a fully integrated, multi-tenant cloud security solution, we enable our customers to accelerate this secure transformation to the cloud and believe we are uniquely positioned to maximize value as they undertake these transitions. Key elements of our growth strategy include: • Continue to win new customers.
Our Zero Trust SD-WAN solution provides branches and data centers with fast, reliable access to the internet and private applications with our Direct-to-Cloud TM architecture that provides strong security and operational simplicity, with the ability to deploy locally by virtual machine or by purchasing a plug-and-play appliance.
Zero Trust Branch neutralizes that risk by eliminating implicit trust and lateral movement, stopping ransomware and malware spread. 8 Table of Contents Our Zero Trust Branch solution includes broad functionality, which we categorize by the following ideas: • Zero Trust SD-WAN: Our Zero Trust SD-WAN solution provides branches and data centers with fast, reliable access to the internet and private applications with our Direct-to-Cloud TM architecture that provides strong security and operational simplicity, with the ability to deploy locally by virtual machine or by purchasing a plug-and-play appliance.
Zscaler's cultural values are: 15 Table of Contents • Teamwork • Ownership • Passion • Innovation • Customer Obsession We build this culture through the feedback we receive from our employees through surveys as well as informal feedback channels throughout the year.
Zscaler's cultural values are: • Teamwork • Ownership • Passion • Innovation • Customer Obsession We build this culture through the feedback we receive from our employees through company-wide surveys as well as informal feedback channels throughout the year. We ultimately view and measure the success of our culture by our ability to sustain great business results.
ZIA enables the following capabilities: Cyberthreat Protection – Our threat prevention functionality enables protection against threats using a range of approaches and techniques. Our threat prevention capabilities provide multiple layers of protection to prevent sophisticated ransomware, phishing and zero-day cyberattacks. We provide functionality that traditionally has been offered by disparate, stand-alone products.
ZIA enables the following capabilities: Cyberthreat Capabilities – Our holistic, future-ready threat defense functionality enables protection against threats using a range of approaches and techniques. Our threat prevention capabilities provide multiple layers of protection to prevent sophisticated ransomware, phishing and zero-day cyber attacks.
We developed a highly scalable, multi-tenant, globally distributed cloud capable of providing inline inspection of internet and SasS traffic, securing access to private applications, protecting cloud applications, managing digital experience and scanning for exposures and misconfigurations. We designed a purpose-built three-tier architecture starting with our core operating system and adding layers of security and networking innovations over time.
Our Technology and Architecture We are driven by technology and innovation. We developed a highly scalable, multi-tenant, globally distributed cloud capable of providing inline inspection of internet and SasS traffic, securing access to private applications, protecting cloud applications, managing digital experience and scanning for exposures and misconfigurations.
Branch traffic can be securely forwarded directly to the Zero Trust Exchange, where ZIA or ZPA policies can be applied for full security inspection and access identity-based control of branch and data center communications. • Zero Trust Device Segmentation.
Branch traffic can be securely forwarded directly to the Zero Trust Exchange, where ZIA or ZPA policies can be applied for full security inspection and access identity-based control of branch and data center communications. • Zero Trust Device Segmentation: Our Zero Trust Device Segmentation solution provides agentless segmentation for enterprise IT and OT environments, creating a "network of one" where even devices on the same network can only communicate with each other if authorized.
Our ZPA solution includes broad functionality, which we categorize by the following areas: • Cyberthreat Protection and Data Protection: Our ZPA solution delivers the same cyberthreat protection and data protection functionality that is applied to internet traffic via our ZIA solution. • Secure Application Access: Since our ZPA solution delivers seamless connectivity to internally managed applications and assets whether they are in the cloud, enterprise data center or both, administrators can set global policies from a single console, enabling policy-driven access that is agnostic to the network the users are on.
Because our ZPA solution sits on the application layer and is name-based or domain-based, organizations can quickly and seamlessly identify their internally-managed applications and then easily provision appropriate policies. • Secure Application Access: Since our ZPA solution delivers seamless connectivity to internally managed applications and assets whether they are in the cloud, enterprise data center or both, administrators can set global policies from a single console, enabling policy-driven access that is agnostic to the network the users are on.
We expect we will continue to incur net losses for the foreseeable future. 4 Table of Contents Our Zero Trust Exchange Platform Our Zero Trust Exchange cloud security platform delivers our core products; Zscaler for Users, Zscaler for Workloads and Zscaler for IoT/OT, through the deployment of our comprehensive and integrated solutions, each built natively in the cloud to power digital transformation.
Zero Trust Everywhere Our Zero Trust Exchange cloud security platform delivers our core Zero Trust Everywhere products through the deployment of our comprehensive and integrated solutions, each built natively in the cloud to power digital transformation.
By creating seamless access to applications regardless of a user’s network, our ZPA solution eliminates the need for traditional remote access VPNs, reverse proxies and other similar products. • Application Discovery : Similar to CASB application discovery reports for internet hosted SaaS applications, our ZPA solution provides granular discovery of internally managed applications to aid in the creation and oversight of segmentation policies.
By creating seamless access to applications regardless of a user’s network, our ZPA solution eliminates the need for traditional remote access VPNs, reverse proxies and other similar products. • Application Segmentation: Our architecture provides capabilities that enable user and application level segmentation, a vast improvement over traditional network segmentation.
For example, we are expanding into U.S. federal government agencies as well as into government agencies outside the U.S. We are also targeting our expansion into new geographies in the Asia Pacific and Latin America regions. We sell to enterprises of all sizes.
We are targeting the expansion of our immediate addressable market into additional markets, segments and verticals. For example, we are targeting our expansion into new geographies in the Asia Pacific, Latin America and Middle East regions. We sell to enterprises of all sizes.
We partner with leading executive coaching organizations to offer focused development for key leaders, as well as targeted offerings on important topics. We offer tuition reimbursement for eligible employees to further enhance their career growth through higher education. Compensation and Benefits We provide competitive compensation and benefits packages to attract and retain our talent.
We offer tuition reimbursement for eligible employees to further enhance their career growth through higher education. 18 Table of Contents Compensation and Benefits We provide competitive compensation and benefits packages to attract and retain our talent.
Specifically, ensuring that our people and culture are aligned with this vision is critical to our success. In order to continue to innovate and to execute our business strategy, we must attract, develop and retain skilled employees, particularly in the areas of product development, engineering, sales and customer success.
In order to continue to innovate and to execute our business strategy, we must attract, develop and retain skilled employees, particularly in the areas of product development, engineering, sales and customer success. Our Culture Our culture is about creating an environment where our global workforce can contribute their best work to help our customers and our business succeed.
Secure Internet and SaaS Access - Zscaler Internet Access ZIA, provides users, workloads, IoT and OT devices secure access to externally managed applications, including SaaS applications and internet destinations regardless of device, location or network.
Zscaler delivers this functionality via the following core services: Zscaler Internet Access TM , or ZIA TM , Zscaler Private Access TM , or ZPA TM , and Zscaler Digital Experience TM , or ZDX TM . Zscaler Internet Access ZIA provides secure access to externally managed applications, including SaaS applications and internet destinations regardless of device, location or network.
We complement and interoperate with key technology and cloud vendors across major market segments, including identity and access management device and endpoint management, as well as SIEM for reporting and analytics. Many of these vendors, like us, were developed in the cloud and together provide a foundation for a modern access and security architecture.
Our platform is a critical integration point positioned in the data path providing secure access to the internet, cloud and internal applications. We complement and interoperate with key technology and cloud vendors across major market segments, including identity and access management device and endpoint management, as well as SIEM for reporting and analytics.
For more information on the potential impacts of government regulations affecting our business, see “Item 1A - Risk Factors.” Human Capital As of July 31, 2024, we had a total of 7,348 employees, including 4,595 employees located outside the United States, with the majority of non-U.S.-based employees located in India.
For more information on the potential impacts of government regulations affecting our business, see “Item 1A - Risk Factors.” Human Capital As of July 31, 2025, we had a total of 7,923 employees in locations around the world. We have not experienced any work stoppages and we consider our relations with our employees to be positive and collaborative.
The combination of cloud browser isolation and cloud sandbox enables administrators to perform content disarm and reconstruction to flatten, sanitize and securely deliver files free of active content.
The combination of cloud browser isolation and cloud sandbox enables administrators to perform content disarm and reconstruction to flatten, sanitize and securely deliver files free of active content. 5 Table of Contents Zscaler Private Access ZPA provides Zero Trust Network Access to secure access to internally managed applications, either hosted internally in data centers or hosted in private or public clouds.
Business policies can be defined with granular access control for specified cloud applications, such as the ability to upload or download files or post comments on videos based on different user or group identity. • Browser Isolation: With cloud browser isolation, users do not directly access active web content; instead, only a safe rendering of pixels is delivered to the user.
Business policies can be defined with granular access control for specified cloud applications, such as the ability to upload or download files or post comments on videos based on different user or group identity. 9 Table of Contents • Email Security: Our email security solution leverages advanced cloud-delivered protections to secure inbound and outbound email traffic against sophisticated threats, such as phishing, malware and ransomware.
Our cloud platform is protected by more than 580 issued and pending patents in the United States and other countries. Our cloud is distributed across more than 160 data centers on five continents and processes over 500 billion requests per day from users across over 185 countries. Our platform is designed to be resilient, redundant and high-performing.
Our cloud is distributed across more than 160 public exchanges globally and thousands of private exchanges at the edge, and processes over 500 billion requests per day from users across over 185 countries. Our platform is designed to be resilient, redundant and high-performing. It is built as software modules that run on standard x86 platforms without dependency on custom hardware.
Our deception solution augments our customers' ability to detect the presence of an adversary in their network by deploying decoys and lures. These decoys can be leveraged to disrupt the adversary by detecting their presence in the network and initiating mitigation using automatic orchestration via the Zscaler platform and other third party solutions.
These decoys disrupt adversaries by detecting their presence in the network and initiating mitigation using automatic orchestration via the Zscaler platform and other third-party solutions. Customers can quickly deploy these capabilities by leveraging a diverse library of built-in decoys including various types of applications, network components and IoT services.
In addition, we have a deeply integrated ecosystem of channel partners, with whom we engage in joint marketing activities. 12 Table of Contents Data Center Operations We operate our services across more than 160 data centers around the world, which are built to be highly resilient, have multiple levels of redundancy and provide failover to other data centers in our network.
Data Center Operations We have expanded the Zero Trust Exchange over 160 public exchanges and thousands of private exchanges at the edge, which are built to be highly resilient, have multiple levels of redundancy and provide failover to other data centers in our network.
We predicted that with rapid cloud adoption and increasing workforce mobility, traditional perimeter security approaches would prove to be inadequate in protecting users and data and result in poor user experience. We pioneered a cloud platform, the Zscaler Zero Trust Exchange TM platform, which represents a fundamental shift in the architectural design and approach to networking and security.
We correctly predicted that with rapid cloud adoption and increasing workforce mobility, traditional perimeter security approaches would fail to protect users and data, become prohibitively expensive and deliver poor user experience.
Our unified vulnerability management solution provides dynamic and customizable prioritization, streamlined reporting, zero-copy analytics and contextualized, risk-based assessment of a customer’s threat landscape.
Our exposure management platform includes: • Unified Vulnerability Management: Our unified vulnerability management solution provides dynamic and customizable prioritization, streamlined reporting, automated workflows for remediation and contextualized risk-based assessments of a customer’s risk landscape. This solution leverages our Data Fabric for Security to deliver actionable insights, prioritized risk analysis and operational efficiencies.
Users now expect to be able to seamlessly access applications and data, wherever they are hosted, from any device, anywhere in the world. We believe these trends are indicative of the broader digital transformation agenda, as businesses increasingly succeed or fail based on their IT outcomes.
Enterprises now rely on external software as a service, or SaaS, applications for critical business functions and have moved, or are moving, their internally managed applications to the public cloud infrastructure. As a result, users now expect to be able to seamlessly access applications and data, wherever they are hosted, from any device, anywhere in the world.
Our Zero Trust Networking solution includes broad functionality, which we categorize by the following ideas: • Workload Segmentation. Our Workload Segmentation solution secures application-to-application communications inside public clouds and data centers to stop lateral threat movement, preventing application compromise and reducing the risk of data breaches.
Zero Trust Cloud, deployed via Zero Trust Gateway, secures workload-to-internet and workload-to-workload traffic across multi-cloud environments, eliminating the need for traditional cloud firewalls, VPNs, express routes or direct connects. • Workload Microsegmentation: Our Workload Microsegmentation solution secures mission critical applications inside public clouds and data centers to stop lateral threat movement, preventing application compromise and reducing the risk of data breaches.
This enables our customers to significantly enhance and fully automate analytics and decision-making in real-time without the complexity of data aggregation and collection. • Identity Protection. Attackers commonly target users and identities as the point of entry and use that access to escalate privileges and move laterally.
This capability leverages advanced technologies including agentic workflows, AI-supported threat intelligence, expert analysis and automated runbooks to identify and address complex cybersecurity threats. • Identity Protection: Attackers commonly target users and identities as the point of entry and use that access to escalate privileges and move laterally.
None of our U.S.-based employees are represented by a labor union or covered by a collective bargaining agreement. We have not experienced any work stoppages and we consider our relations with our employees to be positive and collaborative. Zscaler's vision is to create a world in which the exchange of information is always secure and seamless.
Zscaler's vision is to create a world in which the exchange of information is always secure and seamless. Specifically, ensuring that our people and culture are aligned with this vision is critical to our success.
Removed
Enterprise applications are rapidly moving to the cloud to achieve greater IT agility, a faster pace of innovation and lower costs.
Added
Item 1. Business Overview We enable our customers to succeed in a digital world where technology decisions not only impact growth and competitiveness, but also directly impact enterprise risk.
Removed
Organizations are increasingly relying on internet destinations for a range of business activities, adopting new external software as a service, or SaaS, applications for critical business functions and moving their internally managed applications to the public cloud, infrastructure as a service, or IaaS, or platform as a service, or PaaS.
… 117 more changes not shown on this page.
Item 1A. Risk Factors
Risk Factors — what could go wrong, per management
165 edited+30 added−19 removed275 unchanged
Item 1A. Risk Factors
Risk Factors — what could go wrong, per management
165 edited+30 added−19 removed275 unchanged
2024 filing
2025 filing
Biggest changeIf we were not able to satisfy data protection, security, privacy and other government- and industry-specific requirements or regulations, our business, results of operations and financial condition could be harmed. The regulatory framework for privacy, data protection and security matters are rapidly evolving and are likely to remain volatile for the foreseeable future.
Biggest changeThese laws and regulations impose added costs on our business, and failure to comply with these or other applicable regulations and requirements could lead to claims for damages from our channel partners or customers, penalties, termination of contracts and loss of exclusive rights in our intellectual property. 45 Table of Contents If we were not able to satisfy data protection, security, privacy and other government- and industry-specific requirements or regulations, our business, results of operations and financial condition could be harmed.
Such laws and regulations may, among other things, require companies to implement privacy and security policies, permit customers to access, correct and delete information stored or maintained by such companies, inform individuals of security breaches that affect their information and, in some cases, obtain individuals’ consent to use information for certain purposes.
Such laws and regulations may, among other things, require companies to implement privacy and security policies, permit customers to access, correct and delete information stored or maintained by companies, inform individuals of security breaches that affect their information and, in some cases, obtain individuals’ consent to use information for certain purposes.
We expect that there will continue to be new proposed laws, regulations and industry standards concerning privacy, data protection, cybersecurity, information security and telecommunications services jurisdictions in which we operate or may operate, and we cannot yet determine the impact such future laws, regulations and standards may have on our business.
We expect that there will continue to be new proposed laws, regulations and industry standards concerning privacy, data protection, cybersecurity, information security and telecommunications services in the jurisdictions in which we operate or may operate, and we cannot yet determine the impact such future laws, regulations and standards may have on our business.
The U.S. export controls and trade and economic sanctions include restrictions or prohibitions on the sale or supply of certain products and services to U.S. embargoed or sanctioned countries and governments of these countries, as well as other persons and entities.
U.S. export controls and trade and economic sanctions include restrictions or prohibitions on the sale or supply of certain products and services to U.S. embargoed or sanctioned countries and governments of these countries, as well as other persons and entities.
Anti-corruption and anti-bribery laws, which have been enforced aggressively and are interpreted broadly, prohibit companies and their employees and agents from promising, authorizing, making or offering improper payments or other benefits to government officials and others in the private sector. We leverage third parties, including channel partners, to sell subscriptions to our platform and conduct our business abroad.
Anti-corruption and anti-bribery laws, which have been enforced aggressively and interpreted broadly, prohibit companies and their employees and agents from promising, authorizing, making or offering improper payments or other benefits to government officials and others in the private sector. We leverage third parties, including channel partners, to sell subscriptions to our platform and conduct our business abroad.
If we fail to timely detect defects or errors before deployment, or if our entire platform were to fail, customers and users could lose access to critical services and applications until such disruption is resolved or customers deploy our disaster recovery solution that allows them to bypass our cloud platform to access the internet.
If we fail to timely detect defects or errors before deployment, or if our entire platform were to fail, customers and users could lose access to critical services and applications until the disruption is resolved or customers deploy our disaster recovery solution that allows them to bypass our cloud platform to access the internet.
For example, the U.S. and other countries have implemented economic and other sanctions, as well as increased export controls in response to the current conflict between Russia and Ukraine. These measures have continued to increase. These export controls and sanctions and any additional restrictions may impact our ability to continue to operate in Russia and other affected regions.
For example, the U.S. and other countries have implemented economic and other sanctions, as well as increased export controls in response to the current conflict between Russia and Ukraine. These measures have continued to increase. These export controls and sanctions and any additional restrictions may impact our ability to operate in Russia and other affected regions.
To the extent that we or our channel partners are unsuccessful in hiring, training and retaining adequate support resources, our ability and the ability of our channel partners to provide adequate and timely support to our customers will be negatively impacted, and our customers’ satisfaction with our cloud platform could be adversely affected.
To the extent that we or our channel partners are unsuccessful in hiring, training, retaining or deploying adequate support resources, our ability and the ability of our channel partners to provide adequate and timely support to our customers will be negatively impacted, and our customers’ satisfaction with our cloud platform could be adversely affected.
Competition for these personnel in the San Francisco Bay Area, where our headquarters are located, and in other locations where we operate, is intense, especially for experienced sales professionals and for engineers experienced in designing and developing cloud applications, security software and AI and ML solutions.
Competition for these personnel in the San Francisco Bay Area, where our headquarters are located, and in other locations where we operate, is often intense, especially for experienced sales professionals and for engineers experienced in designing and developing cloud applications, security software and AI and ML solutions.
Any actual, perceived or purported security breaches or other security incidents that we suffer with regard to our platform, systems, networks or data, including any such actual, perceived or purported security breaches or security incidents 28 Table of Contents that result, or are believed to result, in actual, perceived or purported breaches of our customers’ networks or systems, could result in: • the expenditure of significant financial resources in efforts to analyze, correct, eliminate, remediate or work around errors or defects, to address and eliminate vulnerabilities and to address any applicable legal or contractual obligations relating to any actual, perceived or purported security breach or other security incident; • negative publicity and damage to our reputation, brand, and market position; • harm to our relationships with, and a loss of, existing or potential customers or channel partners; • delayed or lost sales and harm to our financial condition and results of operations; • a delay in attaining, or the failure to attain, market acceptance; and • legal claims and demands (including for stolen assets or information, repair of system damages and compensation to customers, customers of customers and business partners), litigation (including stockholder claims), regulatory inquiries or investigations and other liability.
Any actual, perceived or purported security breaches or other security incidents that we suffer with regard to our platform, systems, networks or data, including any such actual, perceived or purported security breaches or security incidents that result, or are believed to result, in actual, perceived or purported breaches of our customers’ networks or systems, could result in: • the expenditure of significant financial resources in efforts to analyze, correct, eliminate, remediate or work around errors or defects, to address and eliminate vulnerabilities and to address any applicable legal or contractual obligations relating to any actual, perceived or purported security breach or other security incident; • negative publicity and damage to our reputation, brand, and market position; • harm to our relationships with, and a loss of, existing or potential customers or channel partners; • delayed or lost sales and harm to our financial condition and results of operations; • a delay in attaining, or the failure to attain, market acceptance; and • legal claims and demands (including for stolen assets or information, repair of system damages and compensation to customers, customers of customers and business partners), litigation (including stockholder claims), regulatory inquiries or investigations and other liability.
Moreover, we compete with many established network and security vendors who are aggressively competing against us with their legacy appliance-based solutions and have also introduced cloud-based services that purport to have functionality similar to our cloud platform.
We compete with many established network and security vendors who are aggressively competing against us with their legacy appliance-based solutions and have also introduced cloud-based services that purport to have functionality similar to our cloud platform.
Responding to any infringement or noncompliance claim by an open source vendor, regardless of its validity, or discovering open source software code in our platform could harm our business, operating results and financial condition by, among other things: • resulting in time-consuming and costly litigation; • diverting management’s time and attention from developing our business; • requiring us to pay monetary damages or enter into royalty and licensing agreements that we would not normally find acceptable; • causing delays in the deployment of our platform or service offerings to our customers; • requiring us to stop offering certain services on or features of our platform; • requiring us to redesign certain components of our platform using alternative non-infringing or non-open source technology, which could require significant effort and expense; 39 Table of Contents • requiring us to disclose our software source code and the detailed program commands for our software; and • requiring us to satisfy indemnification obligations to our customers.
Responding to any infringement or noncompliance claim by an open source vendor, regardless of its validity, or discovering open source software code in our platform could harm our business, operating results and financial condition by, among other things: • resulting in time-consuming and costly litigation; • diverting management’s time and attention from developing our business; • requiring us to pay monetary damages or enter into royalty and licensing agreements that we would not normally find acceptable; • causing delays in the deployment of our platform or service offerings to our customers; • requiring us to stop offering certain services on or features of our platform; • requiring us to redesign certain components of our platform using alternative non-infringing or non-open source technology, which could require significant effort and expense; • requiring us to disclose our software source code and the detailed program commands for our software; and • requiring us to satisfy indemnification obligations to our customers.
Any real or perceived flaws in our cloud platform or any real, perceived or purported security breaches or other security incidents of our customers could result in: 37 Table of Contents • a loss of existing or potential customers or channel partners; • delayed or lost sales and harm to our financial condition and results of operations; • a delay in attaining, or the failure to attain, market acceptance; • the expenditure of significant financial resources in efforts to analyze, correct, eliminate, remediate or work around errors or defects, to address and eliminate vulnerabilities and to address any applicable legal or contractual obligations relating to any actual, perceived or purported security breach or incident; • negative publicity and damage to our reputation and brand; and • legal claims and demands (including for stolen assets or information, repair of system damages, and compensation to customers and business partners), litigation, regulatory inquiries or investigations and other liability.
Any real or perceived flaws in our cloud platform or any real, perceived or purported security breaches or other security incidents of our customers could result in: • a loss of existing or potential customers or channel partners; • delayed or lost sales and harm to our financial condition and results of operations; • a delay in attaining, or the failure to attain, market acceptance; • the expenditure of significant financial resources in efforts to analyze, correct, eliminate, remediate or work around errors or defects, to address and eliminate vulnerabilities and to address any applicable legal or contractual obligations relating to any actual, perceived or purported security breach or incident; • negative publicity and damage to our reputation and brand; and • legal claims and demands (including for stolen assets or information, repair of system damages, and compensation to customers and business partners), litigation, regulatory inquiries or investigations and other liability.
We are experiencing increased competition as other established and emerging companies enter the cloud-based security solutions market and introduce new products, services and technologies to address evolving customer requirements.
We are also experiencing increased competition as other established and emerging companies enter the cloud-based security solutions market and introduce new products, services and technologies to address evolving customer requirements.
Any such change, however, may affect our revenue in future periods. Additionally, subscriptions that are invoiced annually in advance or multi-year in advance contribute significantly to our short-term and long-term deferred revenue.
Any change, however, may affect our revenue in future periods. Additionally, subscriptions that are invoiced annually in advance or multi-year in advance contribute significantly to our short-term and long-term deferred revenue.
The U.S. federal government, and various state and foreign governments, have adopted or proposed laws and regulations on the collection, distribution, use, storage and other processing of information relating to individuals.
The U.S. federal government, and various state and foreign governments, have adopted or proposed laws and regulations on the collection, distribution, use, storage, transfer and other processing of information relating to individuals.
In connection with the pricing of the Notes, we entered into privately negotiated capped call transactions with certain of the initial purchasers and/or their respective affiliates and other financial institutions, or the Option Counterparties.
In connection with the pricing of the 2028 Notes, we entered into privately negotiated capped call transactions with certain of the initial purchasers and/or their respective affiliates and other financial institutions, or the Option Counterparties.
Our business depends, in part, on sales to the public sector and significant changes in the contracting or fiscal policies of such public sector organizations could have an adverse effect on our business and operating results.
Our business depends, in part, on sales to the public sector and significant changes in the contracting or fiscal policies of public sector organizations could have an adverse effect on our business and operating results.
Consequently, we may be subject to service disruptions as well as a lack of adequate support for our data center operations due to reasons that are outside of our direct control.
Consequently, we may be subject to service disruptions as well as a lack of adequate support for our data center operations due to reasons that are outside of our control.
In connection with these types of transactions, we may: • issue additional equity securities that would dilute our stockholders; 35 Table of Contents • use cash that we may need in the future to operate our business; • incur debt on terms unfavorable to us or that we are unable to repay; • incur large charges or substantial liabilities; • encounter difficulties integrating diverse business cultures; • experience delays in extending our internal control over financial reporting to new acquisitions or investments; • experience delays in our quarterly close process and related filings with the SEC; and • become subject to adverse tax consequences, substantial depreciation or deferred compensation charges.
In connection with these types of transactions, we may: • issue additional equity securities that would dilute our stockholders; • use cash that we may need in the future to operate our business; • incur debt on terms unfavorable to us or that we are unable to repay; • incur large charges or substantial liabilities; • encounter difficulties integrating diverse business cultures; • experience delays in extending our internal control over financial reporting to new acquisitions or investments; • experience delays in our quarterly close process and related filings with the SEC; and • become subject to adverse tax consequences, substantial depreciation or deferred compensation charges.
The requirements of these rules and regulations will increase our legal, accounting and financial compliance costs; make some activities more difficult, time-consuming and costly; and place significant strain on our personnel, systems and resources. The Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting.
The requirements of these rules and regulations will impose significant legal, accounting and financial compliance costs; make some activities more difficult, time-consuming and costly; and place significant strain on our personnel, systems and resources. The Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting.
These provisions may prohibit large stockholders, in particular those owning 15% or more of our outstanding voting stock, from merging or combining with us for a certain period of time. 48 Table of Contents The market price of our common stock may be volatile, and you could lose all or part of your investment.
These provisions may prohibit large stockholders, in particular those owning 15% or more of our outstanding voting stock, from merging or combining with us for a certain period of time. 50 Table of Contents The market price of our common stock may be volatile, and you could lose all or part of your investment.
We may not be able to hire such resources fast enough to keep up with demand, particularly if the sales of our platform exceed our internal forecasts. We may also not be successful in our efforts to fully onboard new hires and provide adequate training to our employees, many of whom continue to work remotely.
We may not be able to hire or deploy such resources fast enough to keep up with demand, particularly if the sales of our platform exceed our internal forecasts. We may also not be successful in our efforts to fully onboard new hires and provide adequate training to our employees, many of whom continue to work remotely.
Large enterprises and government entities in particular often undertake a significant evaluation process that further lengthens the sales cycle. In addition, the impact of macroeconomic conditions could materially and adversely affect our business, operating results and financial condition by reducing sales, lengthening sales cycles and lowering prices for our services.
Large enterprises and government entities in particular often undertake a significant evaluation process that further lengthens the sales cycle. In addition, the impact of macroeconomic or geopolitical conditions could materially and adversely affect our business, operating results and financial condition by reducing sales, lengthening sales cycles and lowering prices for our services.
These international operations will require significant management attention and financial resources and are subject to substantial risks, including: • political, economic and social uncertainty or international conflict, such as the current conflicts between Russia and Ukraine and in the Middle East; • unexpected costs for the localization of our services, including translation into foreign languages and adaptation for local practices and regulatory requirements; • greater difficulty in enforcing contracts and accounts receivable collection, and longer collection periods; • reduced or uncertain protection for intellectual property rights in some countries; • greater risk of unexpected changes in regulatory practices, tariffs and tax laws and treaties; • greater risk of a failure of foreign employees, partners, distributors and resellers to comply with both U.S. and foreign laws, including antitrust regulations, anti-bribery laws, export and import control laws, trade and economic sanctions and any applicable trade regulations ensuring fair trade practices; 34 Table of Contents • requirements to comply with foreign privacy, data protection, cybersecurity and information security laws and regulations and the risks and costs of noncompliance; • increased expenses incurred in establishing and maintaining office space and equipment for our international operations; • difficulties in complying with regulations relating to AI and ML; • greater difficulty in identifying, attracting and retaining local qualified personnel, and the costs and expenses associated with such activities; • differing employment practices and labor relations issues; • difficulties in managing and staffing international offices and increased travel, infrastructure and legal compliance costs associated with multiple international locations; • fluctuations in exchange rates between the U.S. dollar and foreign currencies in markets where we do business, including the British Pound, Indian Rupee and Euro, and related impact on sales cycles; and • the impact of natural disasters and public health pandemics and epidemics on customers, partners, suppliers, employees, travel and the global economy.
These international operations will require significant management attention and financial resources and are subject to substantial risks, including: • political, economic and social uncertainty or international conflict, such as the current conflicts between Russia and Ukraine and in the Middle East; • unexpected costs for the localization of our services, including translation into foreign languages and adaptation for local practices and regulatory requirements; • greater difficulty in enforcing contracts and accounts receivable collection, and longer collection periods; • reduced or uncertain protection for intellectual property rights in some countries; • greater risk of unexpected changes in regulatory practices or enforcement policies, trade regulations including tariffs and tax laws and treaties; • greater risk of a failure of foreign employees, partners, distributors and resellers to comply with both U.S. and foreign laws, including antitrust regulations, anti-bribery laws, export and import control laws, trade and economic sanctions and applicable trade laws and regulations; • requirements to comply with foreign privacy, data protection, cybersecurity and information security laws and regulations and the risks and costs of noncompliance; • increased expenses incurred in establishing and maintaining office space and equipment for our international operations; • difficulties in complying with regulations relating to AI and ML; • greater difficulty in identifying, attracting and retaining local qualified personnel, and the costs and expenses associated with such activities; • differing employment practices and labor relations issues; • difficulties in managing and staffing international offices and increased travel, infrastructure and legal compliance costs associated with multiple international locations; • fluctuations in exchange rates between the U.S. dollar and foreign currencies in markets where we do business, including the British Pound, Indian Rupee and Euro, and related impact on sales cycles; and • the impact of natural disasters and public health pandemics and epidemics on customers, partners, suppliers, employees, travel and the global economy.
Any change in export or import regulations, economic sanctions or related laws, shift in the enforcement or scope of existing regulations or change in the countries, governments, persons or technologies targeted by such regulations could decrease our ability to sell subscriptions to our platform or provide software to existing customers or potential new customers with international operations.
Any change or threatened change in export or import regulations, tariffs, economic sanctions or related laws, shift in the enforcement or scope of existing regulations or change in the countries, governments, persons or technologies targeted by such regulations could decrease our ability to sell subscriptions to our platform or provide software to existing customers or potential new customers with international operations.
Because litigation is inherently unpredictable, we cannot assure you that the results of any of these actions will not have a material adverse effect on our business, financial condition, results of operations and prospects. 56 Table of Contents Item 1B. Unresolved Staff Comments None.
Because litigation is inherently unpredictable, we cannot assure you that the results of any of these actions will not have a material adverse effect on our business, financial condition, results of operations and prospects. 57 Table of Contents Item 1B. Unresolved Staff Comments None.
As a result, these stockholders, acting together, will have significant control over most matters that require approval by our stockholders, including the election of directors and approval of significant corporate transactions. Corporate action might be 47 Table of Contents taken even if other stockholders oppose them.
As a result, these stockholders, acting together, will have significant control over most matters that require approval by our stockholders, including the election of directors and approval of significant corporate transactions. Corporate action might be 49 Table of Contents taken even if other stockholders oppose them.
As a result, in the event that it is determined that we have in the past experienced an ownership change, or if we experience one or more ownership changes in the future as a result of subsequent shifts in our stock ownership, our ability to use our pre-change net operating loss carry-forwards and other pre-change tax attributes to offset U.S. federal taxable liability may be subject to limitations, which could potentially result in increased future tax liability to us.
As a result, in the event that it is determined that we have in the past experienced an ownership change, or if we experience one or more ownership changes in the future as a result of subsequent shifts in our stock ownership, our ability to use our pre-change net operating loss carryforwards and other pre-change tax attributes to offset U.S. federal taxable liability may be subject to limitations, which could potentially result in increased future tax liability to us.
In addition, the technology industry has experienced component shortages, delivery delays and price increases in the past, and we may experience shortages, delays or materially increased costs, including as a result of natural disasters, acts of war or international conflicts, epidemics or global pandemics, increased demand in the industry or if our suppliers do not have sufficient rights to supply the components in all jurisdictions in which we may host our services.
In addition, the technology industry has experienced component shortages, delivery delays, price increases and service interruptions in the past, and we may experience shortages, delays, materially increased costs or service interruptions in the future, including as a result of natural disasters, acts of war or international conflicts, epidemics or global pandemics, increased demand in the industry or if our suppliers do not have sufficient rights to supply the components in all jurisdictions in which we may host our services.
If our efforts to expand our relationship with our existing customers are not successful, our business may materially suffer. We have experienced rapid revenue and other growth in recent periods, which may not be indicative of our future performance. We have experienced rapid growth in revenue, operations and employee headcount in recent periods.
If our efforts to expand our relationships with our existing customers are not successful, our business may materially suffer. We have experienced rapid revenue and other growth in recent periods, which may not be indicative of our future performance. We have experienced rapid growth in revenue, operations and employee headcount in recent periods.
The rapid evolution of AI and ML requires the application of resources to develop, test and maintain our products and services to help ensure that AI and ML are implemented responsibly in order to benefit our business, while also minimizing any unintended or harmful impact.
The rapid evolution of AI and ML requires the application of resources to develop, test and maintain our products and services to help ensure that AI and ML are implemented responsibly to benefit our business, while also minimizing any unintended or harmful impact.
Our competitors and potential competitors include: • independent IT security vendors, which offer a broad mix of network and endpoint security products; 24 Table of Contents • large networking and other vendors, which offer security appliances and/or incorporate security capabilities in their networking products and other services; • companies with point solutions that compete with some of the features of our cloud platform, such as proxy, firewall, CASB, sandboxing and advanced threat protection, data loss prevention, encryption, load balancing and VPN; and • other providers of IT security services that offer, or may leverage related technologies to introduce, products that compete with or are alternatives to our cloud platform.
Our competitors and potential competitors include: • independent IT security vendors, which offer a broad mix of network and endpoint security products; • large networking and other vendors, which offer security appliances and/or incorporate security capabilities in their networking products and other services; • companies with point solutions that compete with some of the features of our cloud platform, such as proxy, firewall, CASB, sandboxing and advanced threat protection, AI security, data loss prevention, encryption, load balancing and VPN; and • other providers of IT security services that offer, or may leverage related technologies to introduce, products that compete with or are alternatives to our cloud platform.
Significant assumptions and estimates used in preparing the consolidated financial statements include those related to determination of revenue recognition, deferred revenue, deferred contract acquisition costs, capitalized internal-use software, valuation of acquired intangible assets, period of benefit generated from our deferred contract acquisition costs, allowance for doubtful accounts, valuation of common stock options and stock-based awards, useful lives of property and equipment, useful lives of acquired intangible assets, recoverability of goodwill, valuation of deferred tax assets and liabilities, loss contingencies related to litigation, fair value of the Notes and the discount rate used for operating leases.
Significant assumptions and estimates used in preparing the consolidated financial statements include those related to determination of revenue recognition, deferred revenue, deferred contract acquisition costs, capitalized internal-use software, valuation of acquired intangible assets, period of benefit generated from our deferred contract acquisition costs, allowance for doubtful accounts, valuation of common stock options and stock-based awards, 56 Table of Contents useful lives of property and equipment, useful lives of acquired intangible assets, recoverability of goodwill, valuation of deferred tax assets and liabilities, loss contingencies related to litigation, fair value of the 2028 Notes and the discount rate used for operating leases.
We can provide no assurance as to the financial stability or viability of the Option Counterparties. 52 Table of Contents General Risks Our business is subject to the risks of earthquakes, fire, floods and other natural catastrophic events, and to interruption by man-made problems such as power disruptions, computer viruses, acts of war, international conflicts, terrorism, and security breaches or incidents.
We can provide no assurance as to the financial stability or viability of the Option Counterparties. General Risks Our business is subject to the risks of earthquakes, fire, floods and other natural catastrophic events, and to interruption by man-made problems such as power disruptions, computer viruses, acts of war, international conflicts, terrorism and security breaches or incidents.
Further, our vendors and service providers may also be the targets of cyberattacks, and their systems and networks may be, or may have been, breached or contain exploitable defects or bugs that could result in a breach of or disruption to their or our systems and networks.
Further, our vendors and service providers have been, and may in the future be, the targets of cyberattacks, and their systems and networks have been, and may in the future be, breached or may contain exploitable defects or bugs that could result in a breach of or disruption to their or our systems and networks.
Our success will depend in part on our ability to manage this growth effectively, which will require that we continue to improve our administrative, operational, financial and management systems and controls by, among other things: • effectively attracting, retaining, training and integrating, including collaborating with, a large number of new employees; • further improving our key business applications, processes and IT infrastructure, including our data centers, to support our business needs; • enhancing our information and communication systems to ensure that our employees and offices around the world are well coordinated and can effectively communicate with each other and our growing base of channel partners, customers and users; and • appropriately documenting and testing our IT systems and business processes.
Our success will depend in part on our ability to manage this growth effectively, which will require that we continue to improve our administrative, operational, financial and management systems and controls by, among other things: • effectively attracting, retaining, training and integrating, including collaborating with, a large number of new employees; • further improving our key business applications, processes and IT infrastructure, including through the use of AI, to support our business needs; • enhancing our information and communication systems to ensure that our employees and offices around the world are well coordinated and can effectively communicate with each other and our growing base of channel partners, customers and users; and • appropriately documenting and testing our IT systems and business processes.
As a result of challenging macroeconomic conditions, we have experienced and may experience in the future increased scrutiny and a longer approval process for initial purchases by new customers, particularly for larger transactions.
As a result of challenging or uncertain macroeconomic conditions, we have experienced and may experience in the future increased scrutiny and a longer approval process for initial purchases by new customers, particularly for larger transactions.
Our data centers may also be subject to national or local administrative actions, changes in government regulations, including, for example, the impact of global economic and other sanctions like those levied in response to the current conflict between Russia and Ukraine, changes to legal or permitting requirements and 27 Table of Contents litigation to stop, limit or delay operations.
Our data centers may also be subject to national or local administrative actions, changes in government regulations, including, for example, the impact of global economic and other sanctions like those levied in response to the current conflict between Russia and Ukraine, changes to legal or permitting requirements and litigation to stop, limit or delay operations.
The use of 45 Table of Contents these hedging activities may not be successful in effectively mitigating the potentially adverse impact on our financial statements due to unfavorable movements in foreign currency exchange rates.
The use of 47 Table of Contents these hedging activities may not be successful in effectively mitigating the potentially adverse impact on our financial statements due to unfavorable movements in foreign currency exchange rates.
These risks include: • competition from companies that traditionally target larger enterprises and that may have pre-existing relationships or purchase commitments from such customers; • increased purchasing power and leverage held by larger customers in negotiating contractual arrangements with us; • more stringent requirements in our support obligations; and • longer sales cycles and the associated risk that substantial time and resources may be spent on a potential customer that elects not to purchase our solutions.
These risks include: • competition from companies that traditionally target larger enterprises and that may have pre-existing relationships or purchase commitments from such customers; • increased purchasing power and leverage held by larger customers in negotiating contractual arrangements with us; 32 Table of Contents • more stringent requirements in our support obligations; and • longer sales cycles and the associated risk that substantial time and resources may be spent on a potential customer that elects not to purchase our solutions.
If we fail to meet or exceed such expectations for 23 Table of Contents these or any other reasons, the market price of our common stock could fall substantially, and we could face costly lawsuits, including securities class action suits. Our business and growth depend in part on the success of our relationships with our channel partners.
If we fail to meet or exceed such expectations for these or any other reasons, the market price of our common stock could fall substantially, and we could face costly lawsuits, including securities class action suits. Our business and growth depend in part on the success of our relationships with our channel partners.
Chaudhry; 49 Table of Contents • general economic conditions and slow or negative growth of our markets; and • other events or factors, including those resulting from war, incidents of terrorism, global pandemics or responses to these events.
Chaudhry; 51 Table of Contents • general economic conditions and slow or negative growth of our markets; and • other events or factors, including those resulting from war, incidents of terrorism, global pandemics or responses to these events.
This could have an adverse 42 Table of Contents effect on our consolidated financial condition and results of operations. For example, if our customers were to reduce their IT budgets or workforces in response to deteriorating economic conditions, they may not purchase or renew subscriptions for our services or may renew for fewer users or less expensive services.
This could have an adverse effect on our consolidated financial condition and results of operations. For example, if our customers were to reduce their IT budgets or workforces in response to deteriorating economic conditions, they may not purchase or renew subscriptions for our services or may renew for fewer users or less expensive services.
If new technologies emerge that deliver competitive products and services at lower prices, more efficiently, more conveniently or more securely, these technologies could adversely impact our ability to compete effectively. Any delay or failure in the introduction of enhancements could materially harm our business, results of operations and financial condition.
If new technologies, including AI-enabled technologies, emerge that deliver competitive products and services at lower prices, more efficiently, more conveniently or more securely, these technologies could adversely impact our ability to compete effectively. Any delay or failure in the introduction of enhancements could materially harm our business, results of operations and financial condition.
We are subject to counterparty default risks. We have numerous arrangements with financial institutions that include cash and investment deposits, and non-collateralized interest rate swap contracts and foreign currency forward contracts.
We are subject to counterparty default risks. We have numerous arrangements with financial institutions that include cash and investment deposits, capped call contracts and non-collateralized interest rate swap contracts and foreign currency forward contracts.
If this happens, our cloud platform could be targeted by attacks specifically designed to disrupt our business and create the perception that our cloud platform is not capable of providing superior security, which, in turn, could have a serious impact on our reputation as a provider of security solutions.
If this happens, our cloud platform could be targeted by attacks specifically designed to disrupt our business and create the perception that our cloud platform is not capable of providing superior security, which, in 38 Table of Contents turn, could have a serious impact on our reputation as a provider of security solutions.
For example, many foreign countries have compulsory licensing laws under which a patent owner must grant licenses to third parties. In addition, many countries limit the enforceability of patents against certain third parties, including government agencies or government contractors. In these countries, patents may provide limited or no benefit.
For example, many foreign countries have compulsory licensing laws under which a patent owner must grant licenses to third parties. In addition, many countries limit the enforceability of patents 43 Table of Contents against certain third parties, including government agencies or government contractors. In these countries, patents may provide limited or no benefit.
A significant natural disaster, such as an earthquake, fire, flood or public health emergency, occurring at our headquarters, in India, where we have a significant facility, or where a key channel partner or data center is located could adversely affect our business, results of operations and financial condition.
A significant natural disaster, such as an earthquake, fire, flood or public health emergency, occurring at our headquarters, in India, where we have significant facilities, or where a key channel partner, vendor or data center is located could adversely affect our business, results of operations and financial condition.
As we continue to develop and grow our business globally, our success will depend, in large part, on our ability to anticipate and effectively manage these risks. The expansion of our existing international operations and entry into additional international markets will require significant management attention and financial resources.
As we continue to develop and grow our business globally, our success will depend, in large part, on our ability to anticipate and effectively manage these risks. The expansion of our existing international operations and entry into additional 36 Table of Contents international markets will require significant management attention and financial resources.
Similarly, if we are unable to license necessary technology from third parties 38 Table of Contents now or in the future, we may be forced to acquire or develop alternative technology, which we may be unable to do in a commercially feasible manner or at all, and we may be required to use alternative technology of lower quality or performance standards.
Similarly, if we are unable to license necessary technology from third parties now or in the future, we may be forced to acquire or develop alternative technology, which we may be unable to do in a commercially feasible manner or at all, and we may be required to use alternative technology of lower quality or performance standards.
However, we could be unsuccessful in advancing non-infringement and/or invalidity arguments in our defense. In the United States, issued patents 40 Table of Contents enjoy a presumption of validity, and the party challenging the validity of a patent claim must present clear and convincing evidence of invalidity, which is a high burden of proof.
However, we could be unsuccessful in advancing non-infringement and/or invalidity arguments in our defense. In the United States, issued patents enjoy a presumption of validity, and the party challenging the validity of a patent claim must present clear and convincing evidence of invalidity, which is a high burden of proof.
Therefore, we continue to be substantially dependent on our sales force to obtain new customers. Increasing our customer base and achieving broader market acceptance of our cloud platform will depend, to a significant extent, on our ability to expand and further invest in our sales and marketing operations and activities.
Therefore, we continue 31 Table of Contents to be substantially dependent on our sales force to obtain new customers. Increasing our customer base and achieving broader market acceptance of our cloud platform will depend, to a significant extent, on our ability to expand and further invest in our sales and marketing operations and activities.
Accordingly, the effect of downturns or upturns in new sales and potential changes in our rate of renewals may not be fully reflected in our results of 31 Table of Contents operations until future periods. We may also be unable to reduce our cost structure in line with a significant deterioration in sales or renewals.
Accordingly, the effect of downturns or upturns in new sales and potential changes in our rate of renewals may not be fully reflected in our results of operations until future periods. We may also be unable to reduce our cost structure in line with a significant deterioration in sales or renewals.
Any investigations, actions or sanctions could materially harm our reputation, business, results of operations and financial condition. 53 Table of Contents If we fail to maintain an effective system of internal controls, our ability to produce timely and accurate financial statements or comply with applicable regulations could be impaired.
Any investigations, actions or sanctions could materially harm our reputation, business, results of operations and financial condition. If we fail to maintain an effective system of internal controls, our ability to produce timely and accurate financial statements or comply with applicable regulations could be impaired.
Moreover, our channel partners' operations may be negatively impacted by events including pandemics, international conflicts, inflation and other events affecting the global economy in general. For example, these events could increase credit risk of end customers and create uncertainty in credit markets.
Moreover, our channel partners' operations may be negatively impacted by events including pandemics, international conflicts, trade regulations including tariffs, inflation and other events affecting the global economy in general. For example, these events could increase credit risk of end customers and create uncertainty in credit markets.
We have developed our disclosure controls, internal control over financial reporting and other procedures to ensure information required to be disclosed by us in the reports that we will file with the SEC is recorded, processed, summarized and reported within the time periods specified in SEC rules and forms, and information required to be disclosed in reports under the Exchange Act is accumulated and communicated to our principal executive and financial officers.
We have developed our disclosure controls, internal control over financial reporting and other procedures to ensure information required to be disclosed by us in the reports that we will file with the SEC is 55 Table of Contents recorded, processed, summarized and reported within the time periods specified in SEC rules and forms, and information required to be disclosed in reports under the Exchange Act is accumulated and communicated to our principal executive and financial officers.
We may not achieve anticipated revenue growth from expanding our sales force if we are unable to hire, develop and retain talented sales personnel, if our new sales personnel are 30 Table of Contents unable to achieve desired productivity levels in a reasonable period of time, or if our sales and marketing programs are not effective.
We may not achieve anticipated revenue growth from expanding our sales force if we are unable to hire, develop and retain talented sales personnel, if our new sales personnel are unable to achieve desired productivity levels in a reasonable period of time, or if our sales and marketing programs are not effective.
For example, sales through our top five channel partners and their affiliates, in aggregate, represented 25% of our revenue for fiscal 2024, 26% of our revenue for fiscal 2023 and 28% of our revenue for fiscal 2022.
For example, sales through our top five channel partners and their affiliates, in aggregate, represented 28% of our revenue for fiscal 2025, 25% of our revenue for fiscal 2024 and 26% of our revenue for fiscal 2023.
Further, once identified, we may be unable to remediate or otherwise respond to a breach or other incident in a timely manner. Actual, perceived or purported security breaches of our cloud platform could result in actual, perceived or purported breaches of our customers’ networks and systems.
Further, once identified, we may be unable to remediate or otherwise respond to a breach or other incident in a timely manner. Actual, 29 Table of Contents perceived or purported security breaches of our cloud platform could result in actual, perceived or purported breaches of our customers’ networks and systems.
Our California research and development tax credits may be carried forward indefinitely. Foreign tax credits will begin to expire in the fiscal year ending 2029.
Our California research and development tax credits may be carried forward indefinitely. Foreign tax credits will begin to expire in the fiscal year ending 2033.
The principal factors and uncertainties that make investing in our common stock risky include, among others: • we have a history of annual net losses and may not be able to achieve or sustain profitability in the future; • if organizations do not adopt our cloud platform, our ability to grow our business and operating results may be adversely affected; • if we are unable to attract new customers or our customers do not renew their subscriptions for our services and add additional users and services to their subscriptions, our future results of operations could be harmed; • we face intense and increasing competition and could lose market share to our competitors; • we have experienced rapid revenue and other growth in recent periods, which may not be indicative of our future performance; • our operating results may fluctuate significantly, which could make our future results difficult to predict and could cause our operating results to fall below expectations; • if the delivery of our services to our customers is interrupted or delayed for any reason, our business would suffer; • the actual or perceived failure of our cloud platform to block malware or prevent a security breach or incident could harm our reputation and adversely impact our business; • our business and growth depend in part on the success of our relationships with our channel partners; • if our cloud platform or internal networks, systems or data are or are perceived to have been breached, our solution may be perceived as insecure, our reputation may be damaged and our financial results may be negatively impacted; • we rely on our key technical, sales and management personnel to grow our business, and the loss of one or more key employees or the inability to attract and retain qualified personnel could harm our business; • claims by others that we infringe their proprietary technology or other rights, or other lawsuits asserted against us, could result in significant costs and substantially harm our business; • if we are unable to effectively manage certain risks and challenges related to our India operations, our business could be harmed; • servicing our debt may require a significant amount of cash, and we may not have sufficient cash flow from our business or the ability to raise funds to pay our substantial debt; and 19 Table of Contents • the impact of global economic disruptions, including as a result of geopolitical uncertainty and instability, inflation, global health crises such as the COVID-19 pandemic, and governmental responses thereto, remains uncertain and may have a material adverse impact on our business.
The principal factors and uncertainties that make investing in our common stock risky include, among others: • we have a history of annual net losses and may not be able to achieve or sustain profitability in the future; • if organizations do not adopt our cloud platform, our ability to grow our business and operating results may be adversely affected; • if we are unable to attract new customers or our customers do not renew their subscriptions for our services and add additional users and services to their subscriptions, our future results of operations could be harmed; • we face intense and increasing competition and could lose market share to our competitors; • we have experienced rapid revenue and other growth in recent periods, which may not be indicative of our future performance; • our operating results may fluctuate significantly, which could make our future results difficult to predict and could cause our operating results to fall below expectations; • if the delivery of our services to our customers is interrupted or delayed for any reason, our business would suffer; • the actual or perceived failure of our cloud platform to block malware or prevent a security breach or incident could harm our reputation and adversely impact our business; • our business and growth depend in part on the success of our relationships with our channel partners; • if our cloud platform or internal networks, systems or data are or are perceived to have been breached, our solution may be perceived as insecure, our reputation may be damaged and our financial results may be negatively impacted; • we rely on our key technical, sales and management personnel to grow our business, and the loss of one or more key employees or the inability to attract and retain qualified personnel could harm our business; • claims by others that we infringe their proprietary technology or other rights, or other lawsuits asserted against us, could result in significant costs and substantially harm our business; • if we are unable to effectively manage certain risks and challenges related to our India operations, our business could be harmed; • servicing our debt may require a significant amount of cash, and we may not have sufficient cash flow from our business or the ability to raise funds to pay our substantial debt; and 20 Table of Contents • the impact of global economic disruptions and changing macroeconomic and geopolitical conditions remains uncertain and may have a material adverse impact on our business.
Any such penalties, disruptions or limitations in our or our channel partners' ability to do business with the public sector could have a material adverse effect on our business, operating results, financial condition and prospects. Our international operations expose us to significant risks, and failure to manage those risks could materially and adversely impact our business.
Any such penalties, disruptions or limitations in our or our channel partners' ability to do business with the public sector could have a material adverse effect on our business, operating results, financial condition and prospects. 35 Table of Contents Our international operations expose us to significant risks, and failure to manage those risks could materially and adversely impact our business.
The impact of economic conditions, including the ongoing effects of inflation, high interest rates and regional or global recessions could materially and adversely affect our business, operating results and financial condition in a number of ways, including by reducing sales, lengthening sales cycles and requiring us to lower prices for our services.
The impact of economic conditions, including the ongoing effects of inflation, high interest rates, regional or global recessions and changing trade regulations including tariffs could materially and adversely affect our business, operating results and financial condition in a number of ways, including by reducing sales, lengthening sales cycles and requiring us to lower prices for our services.
The following factors, many of which are beyond our control, can affect the delivery and availability of our services and the performance of our cloud: • the development and maintenance of the infrastructure of the internet; • the performance and availability of third-party telecommunications services with the necessary speed, data capacity and security for providing reliable internet access and services; • decisions by the owners and operators of the data centers where our cloud infrastructure is deployed or by global telecommunications service provider partners who provide us with network bandwidth to terminate our contracts, discontinue services to us, shut down operations or facilities, increase prices, change service levels, limit bandwidth, declare bankruptcy or prioritize the traffic of other parties; • the occurrence of earthquakes, floods, fires, pandemics, power loss, system failures, physical or electronic break-ins, acts of war, international conflicts (such as the current conflicts between Russia and Ukraine and in the Middle East) or terrorism, human error or interference (including by disgruntled employees, former employees or contractors) and other catastrophic events; • cyberattacks, including denial of service attacks, targeted at us, our data centers, our global telecommunications service provider partners or the infrastructure of the internet; • government action to limit access to the internet; • failure by us to maintain and update our cloud infrastructure to meet our traffic capacity requirements; • errors, defects or performance problems in our software, including those potentially introduced by our software updates and third-party software incorporated in our software, which we use to operate our cloud platform; • improper classification of websites by our vendors who provide us with lists of malicious websites; • improper deployment or configuration of our services by our customers; 26 Table of Contents • the failure of our redundancy systems, in the event of a service disruption at one of our data centers, to provide failover to other data centers in our data center network; and • the failure of our disaster recovery and business continuity arrangements.
The following factors, many of which are beyond our control, can affect the delivery and availability of our services and the performance of our cloud: • the development and maintenance of the infrastructure of the internet; • the performance and availability of third-party telecommunications services with the necessary speed, data capacity and security for providing reliable internet access and services; • decisions by the owners and operators of the data centers where our cloud infrastructure is deployed or by global telecommunications service provider partners who provide us with network bandwidth to terminate our contracts, 27 Table of Contents discontinue services to us, shut down operations or facilities, increase prices, change service levels, limit bandwidth, declare bankruptcy or prioritize the traffic of other parties; • the occurrence of earthquakes, floods, fires, pandemics, power loss, system failures, physical or electronic break-ins, acts of war, international conflicts (such as the current conflicts between Russia and Ukraine and in the Middle East) or terrorism, human error or interference (including by disgruntled or negligent, current or former employees or contractors) and other catastrophic events; • cyberattacks, including denial of service attacks, targeted at us, our data centers, our global telecommunications service provider partners or the infrastructure of the internet; • government action to limit access to the internet; • failure by us to maintain and update our cloud infrastructure to meet our traffic capacity requirements; • errors, defects or performance problems in our software, including those potentially introduced by our software updates and third-party software incorporated in our software, which we use to operate our cloud platform; • improper classification of websites by our vendors who provide us with lists of malicious websites; • improper deployment or configuration of our services by our customers; • the failure of our redundancy systems, in the event of a service disruption at one of our data centers, to provide failover to other data centers in our data center network; • the failure of our disaster recovery and business continuity arrangements; and • the potential implementation of export controls, tariffs or retaliatory measures on the sales of our products in countries where our customers or potential customers are located.
These policy changes have provided a benefit to us as a result of the increased interest income we earn on our cash and investments, but a reduction of interest rates in the future would reduce this income.
These policy changes have provided a benefit to us as a 44 Table of Contents result of the increased interest income we earn on our cash and investments, but a reduction of interest rates in the future would reduce this income.
In addition, computer malware, viruses and computer hacking, fraudulent use attempts and phishing attacks have become more prevalent in our industry, and may become more frequent and effective through the use of AI, and our internal systems may be victimized by such attacks.
In addition, computer malware, viruses and computer hacking, fraudulent use attempts and phishing attacks have become more prevalent in our industry and may become more frequent and effective through the use of AI. As a result, our internal systems may be victimized by such attacks.
Moreover, as our services are adopted by an increasing number of enterprises, it is possible that the individuals and organizations behind cyber threats will focus on finding ways to defeat our services.
Moreover, as our services are adopted by an increasing number of enterprises, it is possible that the individuals and organizations behind cyber threats will focus on finding ways to defeat our services or to target our systems.
Further, many organizations have invested substantial personnel and financial resources to design and operate their appliance-based networks and have established deep relationships with appliance vendors. As a result, these organizations may prefer to purchase from their existing suppliers rather than add or switch to a new supplier.
Further, many organizations have invested substantial personnel and financial resources to design and operate their appliance-based networks and have established deep relationships with appliance 26 Table of Contents vendors. As a result, these organizations may prefer to purchase from their existing suppliers rather than add or switch to a new supplier.
We may also issue our shares of common stock or securities convertible into shares of our common stock from time to time in connection with a financing, acquisition, investments or otherwise. Any such issuance could result in substantial dilution to our existing stockholders and cause the market price of our common stock to decline.
We may also issue our shares of common stock or securities convertible into shares of our common stock from time to time in connection with a financing, acquisition, investments or otherwise. Any such issuance could result in substantial dilution to our existing stockholders, cause the market price of our common stock to decline and dilute your voting power.
The capped call transactions are expected generally to reduce the potential dilution upon conversion of the Notes and/or offset any cash payments we are required to make in excess of the principal amount of converted Notes, as the case may be, with such reduction and/or offset subject to a cap.
The capped call transactions are expected generally to reduce the potential dilution to our common stock upon conversion of the 2028 Notes and/or offset any cash payments we are required to make in excess of the principal amount of converted 2028 Notes, as the case may be, with such reduction and/or offset subject to a cap.
We have filed for patents in the United States and in certain non-U.S. jurisdictions, but such 41 Table of Contents protections may not be available in all countries in which we operate or in which we seek to enforce our intellectual property rights, or may be difficult to enforce in practice.
We have filed for patents in the United States and in certain non-U.S. jurisdictions, but such protections may not be available in all countries in which we operate or in which we seek to enforce our intellectual property rights, or may be difficult to enforce in practice.
In addition, the stock prices of many companies in the technology industry have declined significantly after those companies have failed to meet, or significantly exceed, the financial guidance publicly announced by the companies or the expectations of analysts.
In addition, the stock prices of many companies in the technology industry have declined significantly after 52 Table of Contents those companies have failed to meet, or significantly exceed, the financial guidance publicly announced by the companies or the expectations of analysts.
In addition, we believe that our corporate culture has been a contributor to our success, which we believe fosters innovation, teamwork and an emphasis on customer-focused results. We also believe that our culture creates an environment that drives and perpetuates our strategy and cost-effective distribution approach.
In addition, we believe that our corporate culture has been a contributor to our success, which we believe fosters innovation, teamwork and an emphasis on customer-focused results. We also believe that our culture creates an environment 23 Table of Contents that drives and perpetuates our strategy and cost-effective distribution approach.
For example, advancements in technology, such as AI and ML, are changing the way our industry identifies and responds to cyber threats, and businesses that are slow to adopt or fail to adopt these new technologies may face a competitive disadvantage.
For example, advancements in technology, such as AI and ML, are changing the way our industry identifies and responds to cyber threats, and businesses that are slow to adopt or fail to adopt these new 28 Table of Contents technologies may face a competitive disadvantage.
Historically, we have derived a significant portion of our revenue from outside the United States. We derived approximately 50%, 50% and 51% of our revenue from our international customers in fiscal 2024, fiscal 2023 and fiscal 2022, respectively. As of July 31, 2024, approximately 63% of our full-time employees were located outside of the United States.
Historically, we have derived a significant portion of our revenue from outside the United States. We derived approximately 49%, 50% and 50% of our revenue from our international customers in fiscal 2025, fiscal 2024 and fiscal 2023, respectively. As of July 31, 2025, approximately 63% of our full-time employees were located outside of the United States.
As of July 31, 2024, 37% of our global work force is based in India and is comprised mostly of R&D, finance and operations professionals. Wage costs in India for skilled professionals are currently lower than in the United States for comparably skilled professionals.
As of July 31, 2025, 37% of our global work force is based in India and is comprised mostly of R&D, finance and operations professionals. 37 Table of Contents Wage costs in India for skilled professionals are currently lower than in the United States for comparably skilled professionals.
In addition, changes in our platform, or changes in export, sanctions and import laws and regulations, could delay the introduction and sale of subscriptions to our platform in international markets, prevent users in certain countries from accessing our services or, in some cases, prevent the provision of our services to certain countries, governments, persons or entities altogether.
In addition, changes in our platform; export, sanctions and import laws and regulations or tariffs and other trade regulations could delay the introduction of our products and reduce the sale of subscriptions to our platform in international markets, prevent users in certain countries from accessing our services or, in some cases, prevent the provision of our services to certain countries, governments, persons or entities altogether.
Sales to government entities are subject to substantial risks, including the following: • selling to government agencies can be highly competitive, expensive and time-consuming, often involving significantly longer procurement cycles than commercial sales, and significant upfront time and expense without any assurance that such efforts will generate a sale; • U.S. or other government requirements relating to the formation, administration and performance of contracts with the public sector affect how we and our channel partners do business with governmental agencies; 33 Table of Contents • U.S. or other government certification requirements applicable to our cloud platform, including the Federal Risk and Authorization Management Program (FedRAMP), are often difficult and costly to obtain and maintain and failure to do so will restrict our ability to sell to government customers; • government demand and payment for our services may be impacted by public sector budgetary cycles and annual funding authorizations, including the impacts of possible government shutdowns, and government sales are inherently at risk of securing funding; • sales to the U.S. and other governments are subject to procurement regulations, which impose heightened compliance obligations on us and our channel partners; • governments routinely investigate and audit government contractors’ administrative processes and compliance with procurement regulations and any unfavorable investigation or audit could result in fines, civil or criminal liability, further investigations, damage to our reputation and debarment from further government business; and • government customers procuring commercial items get the benefit of more favorable terms and conditions by operation of law, regardless of agreed upon contractual terms.
Sales to government entities are subject to substantial risks, including the following: • selling to government agencies can be highly competitive, expensive and time-consuming, often involving significantly longer procurement cycles than commercial sales, and significant upfront time and expense without any assurance that such efforts will generate a sale; • U.S. or other government requirements relating to the formation, administration and performance of contracts with the public sector affect how we and our channel partners do business with governmental agencies; • U.S. or other government certification requirements applicable to our cloud platform, including the Federal Risk and Authorization Management Program (FedRAMP), are often difficult and costly to obtain and maintain and failure to do so will restrict our ability to sell to government customers; • government demand and payment for our services may be impacted by public sector budgetary cycles and annual funding authorizations (including the impacts of possible government shutdowns and changes in governmental administrations) and government sales are inherently at risk of securing funding; • sales to the U.S. and other governments are subject to procurement regulations, which impose heightened compliance obligations on us and our channel partners; • governments routinely investigate and audit government contractors’ administrative processes and compliance with procurement regulations and any unfavorable investigation or audit could result in fines, civil or criminal liability, further investigations, damage to our reputation and debarment from further government business; • government customers procuring commercial items get the benefit of more favorable terms and conditions by operation of law, regardless of agreed upon contractual terms; and • changes in government policy positions, including tariffs and other trade regulations, or the threat of such changes; spending priorities or reductions in government employees or programs, which result in a reduction of government spending in general or on technology and cybersecurity products in particular.
We rely on a limited number of suppliers for certain components of the equipment we use to operate our cloud platform, and any disruption in the availability of these components could delay our ability to expand or increase the capacity of our global data center network or replace defective equipment in our existing data centers.
We rely on a limited number of suppliers for certain components of our cloud platform and the systems we use to operate our business and provide services to our customers, and any disruption in the availability of these components could delay our ability to expand or increase the capacity of our global data center network, replace defective equipment in our existing data centers or otherwise operate our business and provide services to our customers.
… 134 more changes not shown on this page.
Item 1C. Cybersecurity
Cybersecurity — threats and controls disclosure
3 edited+0 added−0 removed14 unchanged
Item 1C. Cybersecurity
Cybersecurity — threats and controls disclosure
3 edited+0 added−0 removed14 unchanged
2024 filing
2025 filing
Biggest changeOur internal security committee has the primary responsibility for assessing, monitoring and managing our cybersecurity risks, including the prevention, detection, mitigation and remediation of cybersecurity incidents. The personnel comprising our internal security committee are certified and experienced cybersecurity professionals and information security managers with many years of experience across a variety of technology sub-specialties.
Biggest changeOur internal security committee has the primary responsibility for assessing, monitoring and managing our cybersecurity risks, including the prevention, detection, mitigation and remediation of cybersecurity incidents. The technical personnel comprising our internal security committee are experienced cybersecurity professionals and information security managers with many years of experience across a variety of technology sub-specialties.
These efforts can include internal briefings from our security and technical personnel, as well as external reports and threat intelligence from governmental, public and private sources, including external consultants and reports produced by security tools deployed in our technical environment. 57 Table of Contents Our incident response plan includes processes and procedures for assessing potential internal and external threats, activation and notification, crisis management and post-incident analysis designed to safeguard the confidentiality, availability and integrity of our platform and assets.
These efforts can include internal briefings from our security and technical personnel, as well as external reports and threat intelligence from governmental, public and private sources, including external consultants and reports produced by security tools deployed in our technical environment. 58 Table of Contents Our incident response plan includes processes and procedures for assessing potential internal and external threats, activation and notification, crisis management and post-incident analysis designed to safeguard the confidentiality, availability and integrity of our platform and assets.
Our approach includes procedures to appropriately inform management, the audit committee of the board of directors and the full board of directors, as applicable, about cybersecurity threats and incidents. In fiscal 2024, we did not identify any cybersecurity incidents that materially affected, or are reasonably likely to materially affect, our business, results of operations or financial condition.
Our approach includes procedures to appropriately inform management, the audit committee of the board of directors and the full board of directors, as applicable, about cybersecurity threats and incidents. In fiscal 2025, we did not identify any cybersecurity incidents that materially affected, or are reasonably likely to materially affect, our business, results of operations or financial condition.
Item 2. Properties
Properties — owned and leased real estate
2 edited+1 added−0 removed1 unchanged
Item 2. Properties
Properties — owned and leased real estate
2 edited+1 added−0 removed1 unchanged
2024 filing
2025 filing
Biggest changeWe lease all of our facilities and do not own any real property. If necessary, we expect to add facilities as we grow our employee base and expand geographically.
Biggest changeWe also maintain offices elsewhere in the United States, as well as multiple locations internationally, including in Asia, Europe and the Middle East. We lease all of our facilities and do not own any real property. If necessary, we expect to add facilities as we grow our employee base and expand geographically.
Item 2. Properties Our corporate headquarters are located in San Jose, California, where we currently lease approximately 172,000 square feet of space under a sublease agreement that expires in 2026 . We also maintain offices elsewhere in the United States, as well as multiple locations internationally, including in Asia, Europe and the Middle East.
Item 2. Properties Our corporate headquarters are located in San Jose, California, where we currently lease approximately 172,000 square feet of space under a sublease agreement that expires in 2026 . Effective April 29, 2025, we entered into a lease agreement, or the lease, for our new headquarters.
Added
The property subject to the lease is located in Santa Clara, California, and consists of approximately 301,000 square feet of rentable space. The lease term begins on September 1, 2026, and ends on April 30, 2032, with an option for early access in January 2026 to facilitate tenant improvements.
Item 5. Market for Registrant's Common Equity
Market for Common Equity — stock, dividends, buybacks
4 edited+1 added−1 removed5 unchanged
Item 5. Market for Registrant's Common Equity
Market for Common Equity — stock, dividends, buybacks
4 edited+1 added−1 removed5 unchanged
2024 filing
2025 filing
Biggest changeSecurities Authorized for Issuance under Equity Compensation Plans The information required by this item with respect to our equity compensation plans is incorporated by reference to our Proxy Statement for the 2024 Annual Meeting of Stockholders to be filed with the Securities and Exchange Commission within 120 days of the fiscal year ended July 31, 2024.
Biggest changeSecurities Authorized for Issuance under Equity Compensation Plans The information required by this item with respect to our equity compensation plans is incorporated by reference to our Proxy Statement for the 2025 Annual Meeting of Stockholders to be filed with the Securities and Exchange Commission within 120 days of the fiscal year ended July 31, 2025.
All values assume a $100 initial 59 Table of Contents investment and data for the Standard & Poor's 500 Index and Standard & Poor Information Technology Index assume reinvestment of dividends. The comparisons are based on historical data and are not indicative of, nor intended to forecast, the future performance of our common stock.
All values assume a $100 initial 60 Table of Contents investment and data for the Standard & Poor's 500 Index and Standard & Poor Information Technology Index assume reinvestment of dividends. The comparisons are based on historical data and are not indicative of, nor intended to forecast, the future performance of our common stock.
This performance graph compares the cumulative total return to our stockholders to the Standard & Poor's 500 Index and Standard & Poor Information Technology Index for the five years ended July 31, 2024.
This performance graph compares the cumulative total return to our stockholders to the Standard & Poor's 500 Index and Standard & Poor Information Technology Index for the five years ended July 31, 2025.
Holders of Record As of July 31, 2024, we had 51 holders of record of our common stock. The actual number of stockholders is greater than this number of record holders and includes stockholders who are beneficial owners but whose shares are held in street name by brokers and other nominees.
Holders of Record As of July 31, 2025, we had 47 holders of record of our common stock. The actual number of stockholders is greater than this number of record holders and includes stockholders who are beneficial owners but whose shares are held in street name by brokers and other nominees.
Removed
Company/Index July 31, 2019 (*) July 31, 2020 July 31, 2021 July 31, 2022 July 31, 2023 July 31, 2024 Zscaler, Inc. $ 100.00 $ 154.09 $ 279.95 $ 184.00 $ 190.32 $ 212.83 S&P 500 Index $ 100.00 $ 111.96 $ 152.76 $ 145.67 $ 164.63 $ 201.10 S&P 500 Information Technology Index $ 100.00 $ 138.91 $ 194.51 $ 183.79 $ 233.14 $ 315.19 _____ (*) Base period. 60 Table of Contents Item 6.
Added
Company/Index July 31, 2020 (*) July 31, 2021 July 31, 2022 July 31, 2023 July 31, 2024 July 31, 2025 Zscaler, Inc. $ 100.00 $ 181.68 $ 119.41 $ 123.51 $ 138.12 $ 219.92 S&P 500 Index $ 100.00 $ 136.45 $ 130.12 $ 147.05 $ 179.62 $ 208.96 S&P 500 Information Technology Index $ 100.00 $ 140.03 $ 132.31 $ 167.84 $ 226.91 $ 280.58 _____ (*) Base period. 61 Table of Contents
Item 7. Management's Discussion & Analysis
Management's Discussion & Analysis (MD&A) — revenue / margin commentary
93 edited+26 added−29 removed78 unchanged
Item 7. Management's Discussion & Analysis
Management's Discussion & Analysis (MD&A) — revenue / margin commentary
93 edited+26 added−29 removed78 unchanged
2024 filing
2025 filing
Biggest changeWe expect to maintain this full valuation allowance for the foreseeable future as it is more likely than not that some or all of those deferred tax assets may not be realized based on our history of losses. 70 Table of Contents Results of Operations The following tables set forth our results of operations for the periods presented in dollars and as a percentage of our revenue: Year Ended July 31, 2024 2023 2022 (in thousands) Revenue $ 2,167,771 $ 1,616,952 $ 1,090,946 Cost of revenue (1)(2) 477,129 362,832 242,282 Gross profit 1,690,642 1,254,120 848,664 Operating expenses: Sales and marketing (1)(2) 1,100,239 953,864 735,219 Research and development (1)(2) 499,828 349,735 289,139 General and administrative (1) 212,052 177,544 151,735 Restructuring and other charges (1) — 7,600 — Total operating expenses 1,812,119 1,488,743 1,176,093 Loss from operations (121,477) (234,623) (327,429) Interest income 109,130 60,462 4,586 Interest expense (3)(5) (13,132) (6,541) (56,579) Other expense, net (3,750) (1,862) (4,208) Loss before income taxes (29,229) (182,564) (383,630) Provision for income taxes (4) 28,477 19,771 6,648 Net loss $ (57,706) $ (202,335) $ (390,278) (1) Includes stock-based compensation expense and related payroll taxes as follows: Cost of revenue $ 52,766 $ 40,297 $ 25,292 Sales and marketing 230,597 222,280 202,211 Research and development 186,107 121,151 123,422 General and administrative 79,630 73,051 79,095 Restructuring and other charges — 1,036 — Total $ 549,100 $ 457,815 $ 430,020 (2) Includes amortization expense of acquired intangible assets as follows: Cost of revenue $ 12,879 $ 9,574 $ 7,975 Sales and marketing 1,232 773 704 Research and development 513 713 331 Total $ 14,624 $ 11,060 $ 9,010 (3) Includes amortization of debt discount and issuance costs $ 3,914 $ 3,894 $ 55,141 (4) Includes tax benefit associated with the business acquisitions $ (1,864) $ — $ — (5) Effective August 1, 2022, we adopted ASU 2020-06 using the modified retrospective method under which prior period amounts have not been adjusted.
Biggest changeResults of Operations The following tables set forth our results of operations for the periods presented in dollars and as a percentage of our revenue: Year Ended July 31, 2025 2024 2023 (in thousands) Revenue $ 2,673,115 $ 2,167,771 $ 1,616,952 Cost of revenue (1)(2)(3) 618,178 477,129 362,832 Gross profit 2,054,937 1,690,642 1,254,120 Operating expenses: Sales and marketing (1)(2)(3) 1,259,158 1,100,239 959,102 Research and development (1)(2)(3) 672,485 499,828 350,786 General and administrative (1)(3)(4) 251,754 212,052 178,855 Total operating expenses 2,183,397 1,812,119 1,488,743 Loss from operations (128,460) (121,477) (234,623) Interest income 125,364 109,130 60,462 Interest expense (5) (9,522) (13,132) (6,541) Other expense, net (5,673) (3,750) (1,862) Loss before income taxes (18,291) (29,229) (182,564) Provision for income taxes 23,187 28,477 19,771 Net loss $ (41,478) $ (57,706) $ (202,335) (1) Includes stock-based compensation expense and related payroll taxes: Cost of revenue $ 70,998 $ 52,766 $ 40,297 Sales and marketing 259,562 230,597 223,096 Research and development 257,663 186,107 121,359 General and administrative 97,311 79,630 73,063 Total $ 685,534 $ 549,100 $ 457,815 71 Table of Contents (2) Includes amortization expense of acquired intangible assets: Cost of revenue $ 14,975 $ 12,879 $ 9,574 Sales and marketing 1,700 1,232 773 Research and development 145 513 713 Total $ 16,820 $ 14,624 $ 11,060 (3) Includes restructuring and other charges, excluding stock-based compensation expense: Cost of revenue $ 138 $ — $ — Sales and marketing — — 4,422 Research and development 4,783 — 843 General and administrative — — 1,299 Total $ 4,921 $ — $ 6,564 (4) Includes acquisition-related expenses $ 1,316 $ — $ — (5) Includes amortization of debt issuance costs $ 4,293 $ 3,914 $ 3,894 72 Table of Contents The following table sets forth our results of operations for the periods presented as a percentage of our revenue: Year Ended July 31, 2025 2024 2023 Revenue 100% 100% 100% Cost of revenue 23 22 22 Gross margin 77 78 78 Operating expenses Sales and marketing 47 51 60 Research and development 25 23 22 General and administrative 10 10 11 Total operating expenses 82 84 93 Operating margin (5) (6) (15) Interest income 5 6 4 Interest expense (1) (1) — Other expense, net — — — Loss before income taxes (1) (1) (11) Provision for income taxes 1 2 1 Net loss (2)% (3)% (12)% 73 Table of Contents Comparison of Fiscal 2025 and Fiscal 2024 Revenue Year Ended July 31, Change 2025 2024 $ % (in thousands) Revenue $ 2,673,115 $ 2,167,771 $ 505,344 23 % Revenue increased by $505.3 million , or 23% , in fiscal 2025, compared to fiscal 2024.
In the United States, we have recorded deferred tax assets for which we provide a full valuation allowance, which includes net operating loss carryforwards and research and development tax credits.
In the United States, we have recorded deferred tax assets for which we provide a full valuation allowance, which includes net operating loss and research and development tax credits carryforwards.
Investing Activities Net cash used in investing activities during fiscal 2024 of $683.2 million was primarily attributable to the purchases of short-term investments of $1,291.0 million, $374.7 million, net of cash acquired for business acquisitions, capital expenditures of $194.9 million to support the growth and expansion of our cloud platform, and $2.0 million for purchases of strategic investments.
Net cash used in investing activities during fiscal 2024 of $683.2 million was primarily attributable to the purchases of short-term investments of $1,291.0 million, business acquisitions, net of cash acquired, of $374.7 million, capital expenditures of $194.9 million to support the growth and expansion of our cloud platform, and $2.0 million for purchases of strategic investments.
Financing Activities Net cash provided by financing activities of $64.2 million during fiscal 2024 was primarily attributable to $52.0 million in proceeds from the issuance of common stock under the ESPP and $12.2 million in proceeds from the exercise of stock options.
Net cash provided by financing activities of $64.2 million during fiscal 2024 was primarily attributable to $52.0 million in proceeds from the issuance of common stock under the ESPP and $12.2 million in proceeds from the exercise of stock options.
Subscriptions that are invoiced annually in advance or multi-year in advance represent a significant portion of our short-term and long-term deferred revenue in comparison to invoices issued quarterly in advance or monthly in advance. Accordingly, we cannot predict the mix of invoicing schedules in any given period.
Subscriptions that are invoiced annually in advance or multi-year in advance represent a significant portion of our short-term and long-term deferred revenue in comparison to invoices issued quarterly in advance or monthly in advance. We cannot predict the mix of invoicing schedules in any given period.
In connection with the Notes, we entered into the Capped Call transactions which are expected to reduce the potential dilution of our common stock upon any conversion of the Notes and/or offset any cash payments we could be required to make in excess of the principal amount of converted Notes.
In connection with the 2028 Notes, we entered into the capped call transactions which are expected to reduce the potential dilution of our common stock upon any conversion of the 2028 Notes and/or offset any cash payments we could be required to make in excess of the principal amount of the converted notes.
We believe that our existing cash, cash equivalents and short-term investments will be sufficient to fund our working capital, capital expenditure, and convertible senior notes repayment requirements for at least the next 12 months from the issuance of our financial statements.
We believe that our existing cash, cash equivalents and short-term investments will be sufficient to fund our working capital, capital expenditure and convertible senior notes repayment requirements for at least the next 12 months from the date of issuance of our financial statements.
Our dollar-based net retention rate may fluctuate due to a number of factors, including the performance of our cloud platform, our success in selling bigger deals, including deals for all employees with our higher-end bundles, selling multiple-pillars from the start of our contract with new customers, faster upsells within a year, the timing and the rate of ARR expansion of our existing 64 Table of Contents customers, potential changes in our rate of renewals and other risk factors described elsewhere in this Annual Report on Form 10-K.
Our dollar-based net retention rate may fluctuate due to a number of factors, including the performance of our cloud platform, our success in selling bigger deals, including deals for all employees with our higher-end bundles, selling multiple-pillars from the start of our contract with new customers, faster upsells within a year, the timing and the rate of ARR expansion of our existing 65 Table of Contents customers, potential changes in our rate of renewals and other risk factors described elsewhere in this Annual Report on Form 10-K.
We generally experience seasonality in terms of when we enter into agreements with our customers. We typically enter into a higher percentage of agreements with new customers, as well as renewal agreements with existing customers, in the second half of our fiscal year.
We generally experience seasonality in terms of when we enter into agreements with our customers. We typically enter into a higher percentage of agreements with new customers, as well as renewal agreements with existing customers, in our second half of our fiscal year.
We leverage our land-and-expand model with the goal of generating incremental revenue, often within the term of the initial subscription, by increasing sales to our existing customers in one of three ways: • expanding deployment of our cloud platform to cover additional users; • upgrading to more advanced capabilities for their current purchases; and • selling a subscription to a new solution or product, for example selling a ZPA subscription to a ZIA customer or a ZIA subscription to a ZPA customer.
We leverage our land-and-expand model with the goal of generating incremental revenue, often within the term of the initial subscription, by increasing sales to our existing customers in one of three ways: • expanding deployment of our cloud platform to cover additional users; • upgrading to more advanced capabilities; and • selling a subscription to a new solution or product, for example selling a ZPA subscription to a ZIA customer or a ZIA subscription to a ZPA customer.
The amount recognized in our sales and marketing expenses reflects the amortization of expenses previously deferred as attributable to each period presented in this Annual Report on Form 10-K, as described below under "Critical Accounting Policies and Estimates." We intend to continue to make significant investments in our sales and marketing organization to drive additional revenue, further penetrate the market and expand our global customer base.
The amount recognized in our sales and marketing expenses reflects the amortization of expenses previously deferred as attributable to each period presented in this Annual Report on Form 10-K, as described below under "Critical Accounting Policies and Estimates." 69 Table of Contents We intend to continue to make significant investments in our sales and marketing organization to drive additional revenue, further penetrate the market and expand our global customer base.
Non-cash charges primarily consisted of $527.7 million for stock-based compensation expense, $130.1 million for amortization of deferred contract acquisition costs, $66.3 million for depreciation and amortization expense, $49.4 million for non-cash operating lease costs, $14.6 million for amortization expense of acquired intangible assets and $3.9 million for amortization of debt discount and issuance costs, partially offset by amortization (accretion) of investments purchased at a premium (discount) of $19.1 million and $5.6 million for deferred income taxes.
Non-cash charges primarily consisted of $527.7 million for stock-based compensation expense, $130.1 million for amortization of deferred contract acquisition costs, $66.3 million for depreciation and 80 Table of Contents amortization expense, $49.4 million for non-cash operating lease costs, $14.6 million for amortization expense of acquired intangible assets and $3.9 million for amortization of debt issuance costs, partially offset by amortization (accretion) of investments purchased at a premium (discount) of $19.1 million and $5.6 million for deferred income taxes.
We believe that most organizations have yet to fully make these investments. As our cloud platform enables organizations to securely embrace digital transformation, we believe that the imperative for organizations to securely move to the cloud will increase demand for our cloud platform and broaden our customer base.
We believe that most organizations have yet to fully make these investments. Because our cloud platform enables organizations to securely embrace digital transformation, we believe that the imperative for organizations to securely move to the cloud will increase demand for our cloud platform and broaden our customer base.
Contracts that contain multiple performance obligations require an allocation of the transaction price to each performance obligation based on a relative standalone selling price, or SSP. 5) Recognize revenue when or as we satisfy a performance obligation Revenue is recognized at the time the related performance obligation is satisfied by transferring the promised service to a customer.
Contracts that contain multiple performance obligations require an allocation of the transaction price to each performance obligation based on a relative standalone selling price ("SSP"). 82 Table of Contents 5) Recognize revenue when or as we satisfy a performance obligation Revenue is recognized at the time the related performance obligation is satisfied by transferring the promised service to a customer.
We determine SSP based on our overall pricing objectives, taking into consideration the type of subscription and support services and professional and other services, the geographical region of the customer and the number of users. 81 Table of Contents Variable Consideration Revenue from sales is recorded at the net sales price, which is the transaction price, and includes estimates of variable consideration.
We determine SSP based on our overall pricing objectives, taking into consideration the type of subscription and support services and professional and other services, the geographical region of the customer and the number of users. Variable Consideration Revenue from sales is recorded at the net sales price, which is the transaction price, and includes estimates of variable consideration.
We intend to continue (i) investing in our research and development organization and our development efforts to offer new solutions on our cloud platform and (ii) dedicating resources to update and upgrade our existing solutions.
We intend to continue (i) investing in our research and development organization and our development efforts to offer new solutions on our cloud platform and (ii) dedicating resources to update and upgrade our existing solutions, including upgrades to our cloud platform.
Cost of Revenue Cost of revenue includes expenses related to operating our cloud platform in data centers, depreciation of our data center equipment, amortization of our capitalized internal-use software, amortization of intangible assets acquired through our business acquisitions and allocated overhead expenses (i.e., facilities, IT, depreciation expense and amortization expense).
Cost of Revenue Cost of revenue includes expenses related to operating our cloud platform in data centers, including public cloud providers, depreciation of our data center equipment, amortization of our capitalized internal-use software, amortization of intangible assets acquired through our business acquisitions and allocated overhead expenses (i.e., facilities, IT, depreciation expense and amortization expense).
Interest Expense Interest expense consists primarily of amortization of debt issuance costs, recognition of contractual interest expense related to the Notes, and gains and losses related to changes in the fair value of interest rate swaps .
Interest Expense Interest expense consists primarily of amortization of debt issuance costs, recognition of contractual interest expense related to the 2025 and 2028 Notes, and gains and losses related to changes in the fair value of interest rate swaps.
Our performance obligations consist of (i) our subscription and support services and (ii) professional and other services. 80 Table of Contents 3) Determine the transaction price The transaction price is determined based on the consideration to which we expect to be entitled in exchange for transferring services to the customer.
Our performance obligations consist of (i) our subscription and support services and (ii) professional and other services. 3) Determine the transaction price The transaction price is determined based on the consideration to which we expect to be entitled in exchange for transferring services to the customer.
Costs to Obtain and Fulfill a Contract We capitalize sales commissions and associated payroll taxes paid to sales personnel that are incremental to the acquisition of channel partner and direct customer contracts. These costs are recorded as deferred contract acquisition costs on the consolidated balance sheets.
Costs to Obtain and Fulfill a Contract We capitalize sales commissions and associated payroll taxes paid to sales personnel that are incremental to the acquisition of customer contracts. These costs are recorded as deferred contract acquisition costs on the consolidated balance sheets.
We capitalize our sales commissions and associated payroll taxes that are incremental to the acquisition of channel partner and direct customer contracts and recognize them as expenses over the estimated period of benefit.
We capitalize our sales commissions and associated payroll taxes that are incremental to the acquisition of customer contracts and recognize them as expenses over the estimated period of benefit.
Non-GAAP Gross Profit and Non-GAAP Gross Margin We define non-GAAP gross profit as GAAP gross profit excluding stock-based compensation expense and related payroll taxes and amortization expense of acquired intangible assets. We define non-GAAP gross margin as non-GAAP gross profit as a percentage of revenue.
Non-GAAP Gross Profit and Non-GAAP Gross Margin We define non-GAAP gross profit as GAAP gross profit excluding stock-based compensation expense and related payroll taxes, amortization expense of acquired intangible assets and restructuring and other charges. We define non-GAAP gross margin as non-GAAP gross profit as a percentage of revenue.
As of July 31, 2024, we had approximately 35% of the Forbes Global 2000 as customers. Our ability to continue to grow these numbers will increase our future opportunities for renewals and follow-on sales.
As of July 31, 2025, we had approximately 40% of the Forbes Global 2000 as customers. Our ability to continue to grow these numbers will increase our future opportunities for renewals and follow-on sales.
Our fiscal year ended July 31, 2024, July 31, 2023 and July 31, 2022 are referred to as fiscal 2024, fiscal 2023 and fiscal 2022, respectively.
Our fiscal year ended July 31, 2025, July 31, 2024 and July 31, 2023 are referred to as fiscal 2025, fiscal 2024 and fiscal 2023, respectively.
Our actual results could vary as a result of, and our future capital requirements, both near-term and long-term, will depend on, many factors, including our growth rate, the timing and extent of spending to support our research and development efforts, the expansion of sales and marketing and international operating activities, the timing of new introductions of solutions or features, and the continuing market acceptance of our services, the impact of macroeconomic conditions, such as high inflation and recessionary environments, and the impact of global crises to our and our customers', vendors' and partners' businesses.
Our actual results could vary as a result of, and our future capital requirements, both near-term and long-term, will depend on, many factors, including our growth rate, the timing and extent of spending to support our research and development efforts, the expansion of sales and marketing and international operating activities, the timing of new introductions of solutions or features, and the continuing market acceptance of our services, the impact of macroeconomic and geopolitical conditions to our and our customers', vendors' and partners' businesses.
Personnel expenses are the most significant component of operating expenses and consist of salaries, benefits, bonuses, stock-based compensation expense and, with respect to sales and marketing expenses, sales commissions that are recognized as expenses over the period of benefit.
Operating Expenses Our operating expenses consist of sales and marketing expenses, research and development expenses and general and administrative expenses. Personnel expenses are the most significant component of operating expenses and consist of salaries, benefits, bonuses, stock-based compensation expense and, with respect to sales and marketing expenses, sales commissions that are recognized as expenses over the period of benefit.
As calculated billings continues to grow in absolute terms, we expect our calculated billings growth rate to trend down over time. We also expect that calculated billings will be affected by seasonality in terms of when we enter into agreements with customers; and the mix of billings in each reporting period .
As calculated billings continues to grow in absolute terms, we expect our calculated billings growth rate to trend down over time. We also expect that calculated billings will be affected by seasonality in terms of when we enter into agreements with customers and the mix of billings, in particular the mix of multi-year in advance billings.
Such amounts are recognized as revenue over the contractual period. We receive payments from customers based upon contractual billing schedules; accounts receivable are recorded when the right to consideration becomes unconditional. Payment terms on invoiced amounts are typically 30 days.
We receive payments from customers based upon contractual billing schedules; accounts receivable are recorded when the right to consideration becomes unconditional. Payment terms on invoiced amounts are typically 30 days.
Operating expenses also include overhead expenses for facilities, IT, depreciation expense and amortization expense. 68 Table of Contents Sales and Marketing Sales and marketing expenses consist primarily of employee compensation and related expenses, including salaries, bonuses and benefits for our sales and marketing employees, sales commissions that are recognized as expenses over the period of benefit, stock-based compensation expense, marketing programs, travel and entertainment expenses, expenses for conferences and events, amortization of intangible assets acquired through our business acquisitions and allocated overhead expenses.
Sales and Marketing Sales and marketing expenses consist primarily of employee compensation and related expenses, including salaries, bonuses and benefits for our sales and marketing employees, sales commissions that are recognized as expenses over the period of benefit, stock-based compensation expense, marketing programs, travel and entertainment expenses, expenses for conferences and events, amortization of intangible assets acquired through our business acquisitions and allocated overhead expenses.
Year Ended July 31, 2024 2023 2022 (in thousands) Revenue $ 2,167,771 $ 1,616,952 $ 1,090,946 Add: Total deferred revenue, end of period 1,894,974 1,439,676 1,021,123 Less: Total deferred revenue, beginning of period (1,439,676) (1,021,123) (630,601) Calculated billings $ 2,623,069 $ 2,035,505 $ 1,481,468 Components of Results of Operations Revenue We generate revenue primarily from sales of subscriptions to access our cloud platform, together with related support services.
Year Ended July 31, 2025 2024 2023 (in thousands) Revenue $ 2,673,115 $ 2,167,771 $ 1,616,952 Add: Total deferred revenue, end of period 2,468,026 1,894,974 1,439,676 Less: Total deferred revenue, beginning of period (1,894,974) (1,439,676) (1,021,123) Calculated billings $ 3,246,167 $ 2,623,069 $ 2,035,505 Components of Results of Operations Revenue We generate revenue primarily from sales of subscriptions to access our cloud platform, together with related support services.
However, the growing dependence on the internet has increased exposure to malicious or compromised websites, and sophisticated hackers are exploiting the gaps left by legacy network security appliances. To securely access the internet and transform their networks, organizations must also make fundamental changes in their network and security architectures.
However, the dependence on the internet, expanding digital transformation and growing AI usage have increased exposure to malicious or compromised websites, and sophisticated hackers are exploiting the gaps left by legacy network security appliances. To securely access the internet, transform their networks and expand their AI adoption, organizations must also make fundamental changes in their network and security architectures.
For fiscal 2024, fiscal 2023 and fiscal 2022, our revenue was $2,167.8 million, $1,617.0 million and $1,090.9 million, respectively. We have incurred net losses in all annual periods since our inception. For fiscal 2024, fiscal 2023 and fiscal 2022, our net loss was $57.7 million, $202.3 million and $390.3 million, respectively.
For fiscal 2025, fiscal 2024 and fiscal 2023, our revenue was $2,673.1 million, $2,167.8 million and $1,617.0 million, respectively. We have incurred net losses in all annual periods since our inception. For fiscal 2025, fiscal 2024 and fiscal 2023, our net loss was $41.5 million, $57.7 million and $202.3 million, respectively.
New Customer Acquisition We believe that our ability to increase the number of customers, and more significantly customers in the Forbes Global 2000, on our cloud platform is an indicator of our market penetration and our future business opportunities. As of July 31, 2024, 2023 and 2022, we had over 8,650, 7,700 and 6,700 customers, respectively, across all major geographies.
New Customer Acquisition We believe that our ability to increase the number of customers, and more significantly large enterprises, on our cloud platform is an indicator of our market penetration and our future business opportunities. As of July 31, 2025, 2024 and 2023, we had over 9,400, 8,650 and 7,700 customers, respectively, across all major geographies.
Net cash inflows were partially offset by cash outflows resulting from an increase of $158.5 million in deferred contract acquisition costs, as our sales commission payments increased due to the addition of new customers and expansion of our existing customer subscriptions, an increase of $143.3 million in accounts receivable primarily due to timing of billings and collections, a decrease of $27.7 million in operating lease liabilities primarily due to lease payments and an increase of $10.3 million in prepaid expenses, other current and noncurrent assets.
Net cash inflows were partially offset by cash outflows resulting from an increase of $230.5 million in deferred contract acquisition costs, as our sales commission payments increased due to the addition of new customers and expansion of our existing customer subscriptions, an increase of $256.0 million in accounts receivable primarily due to timing of billings and collections, a decrease of $62.0 million in operating lease liabilities primarily due to lease payments, an increase of $41.6 million in prepaid expenses, other current and noncurrent assets and an increase of $5.2 million in accrued expenses, other current and noncurrent liabilities.
We typically invoice our customers annually in advance, and to a lesser extent quarterly in advance, monthly in advance or multi-year in advance. Calculated billings increased $587.6 million, or 29%, in fiscal 2024 over fiscal 2023, and $554.0 million, or 37%, in fiscal 2023 over fiscal 2022.
We typically invoice our customers annually in advance, and to a lesser extent quarterly in advance, monthly in advance or multi-year in advance. Calculated billings increased $623.1 million, or 24%, in fiscal 2025 over fiscal 2024, and $587.6 million, or 29%, in fiscal 2024 over fiscal 2023.
Calculated billings represents our total revenue plus the change in deferred revenue in a period. Calculated billings in any particular period aims to reflect amounts invoiced for subscriptions to access our cloud platform, together with related support services for our new and existing customers.
As a result, calculated billings will no longer be reported beginning in fiscal 2026. Calculated billings represents our total revenue plus the change in deferred revenue in a period. Calculated billings in any particular period aims to reflect amounts invoiced for subscriptions to access our cloud platform, together with related support services for our new and existing customers.
As of July 31, 2024, we had deferred revenue of $1,895.0 million, of which $1,643.9 million was recorded as a current liability and is expected to be recorded as revenue in the next 12 months, provided all other revenue recognition criteria have been met.
As of July 31, 2025, we had deferred revenue of $2,468.0 million, of which $2,054.4 million was recorded as a current liability and is expected to be recorded as revenue in the next 12 months, provided all other revenue recognition criteria have been met.
The change was driven primarily by the expanded use of our cloud platform by existing and new customers, which led to an increase of $70.2 million for data center and equipment-related costs for hosting and operating our cloud platform.
The overall increase in cost of revenue was driven primarily by the expanded use of our cloud platform by existing and new customers, which led to an increase of $76.1 million for data center and equipment-related costs for hosting and operating our cloud platform.
Our cash equivalents and investments consist of highly liquid investments in money market funds, U.S. treasury securities, U.S. government agency securities, certificates of deposit and corporate debt securities. In June 2020, we completed the private offering of the Notes with an aggregate principal amount of $1,150.0 million.
Our cash equivalents and investments consist of highly liquid investments in money market funds, U.S. treasury securities, U.S. government agency securities, certificates of deposit and corporate debt securities. In July 2025, we completed the private offering of the Convertible Senior Notes due 2028 (the “2028 Notes”) with an aggregate principal amount of $1,725.0 million.
The following table summarizes our cash flows for the periods presented: Year Ended July 31, 2024 2023 2022 (in thousands) Net cash provided by operating activities $ 779,846 $ 462,343 $ 321,912 Net cash provided by (used in) investing activities $ (683,180) $ (259,337) $ 374,063 Net cash provided by financing activities $ 64,208 $ 45,990 $ 41,337 Operating Activities Net cash provided by operating activities during fiscal 2024 was $779.8 million, which resulted from a net loss of $57.7 million, adjusted for non-cash charges of $771.5 million and net cash inflows of $66.1 million from changes in operating assets and liabilities.
The following table summarizes our cash flows for the periods presented: Year Ended July 31, 2025 2024 2023 (in thousands) Net cash provided by operating activities $ 972,453 $ 779,846 $ 462,343 Net cash used in investing activities $ (427,022) $ (683,180) $ (259,337) Net cash provided by financing activities $ 420,512 $ 64,208 $ 45,990 Operating Activities Net cash provided by operating activities during fiscal 2025 was $972.5 million, which resulted from a net loss of $41.5 million, adjusted for non-cash charges of $987.2 million and net cash inflows of $26.7 million from changes in operating assets and liabilities.
For the trailing 12 months ended July 31, 2024 and 2023, the dollar-based net retention rate was 115% and 121%, respectively.
For the trailing 12 months ended July 31, 2025 and 2024, the dollar-based net retention rate was 114% and 116%, respectively.
Accordingly, we cannot predict the mix of invoicing schedules in any given period. 77 Table of Contents As of July 31, 2024, we did not have any relationships with unconsolidated organizations or financial partnerships, such as structured finance or special purpose entities, which would have been established for the purpose of facilitating off-balance sheet arrangements or other contractually narrow or limited purposes.
As of July 31, 2025, we did not have any relationships with unconsolidated organizations or financial partnerships, such as structured finance or special purpose entities, which would have been established for the purpose of facilitating off-balance sheet arrangements or other contractually narrow or limited purposes.
Year Ended July 31, 2024 2023 2022 (in thousands) GAAP gross profit $ 1,690,642 $ 1,254,120 $ 848,664 Add: Stock-based compensation expense and related payroll taxes 52,766 40,297 25,292 Amortization expense of acquired intangible assets 12,879 9,574 7,975 Non-GAAP gross profit $ 1,756,287 $ 1,303,991 $ 881,931 GAAP gross margin 78 % 78 % 78 % Non-GAAP gross margin 81 % 81 % 81 % Non-GAAP Income from Operations and Non-GAAP Operating Margin We define non-GAAP income from operations as GAAP loss from operations excluding stock-based compensation expense and related payroll taxes, amortization expense of acquired intangible assets, and restructuring and other charges.
Year Ended July 31, 2025 2024 2023 (in thousands) GAAP gross profit $ 2,054,937 $ 1,690,642 $ 1,254,120 Add: Stock-based compensation expense and related payroll taxes 70,998 52,766 40,297 Amortization expense of acquired intangible assets 14,975 12,879 9,574 Restructuring and other charges 138 — — Non-GAAP gross profit $ 2,141,048 $ 1,756,287 $ 1,303,991 GAAP gross margin 77 % 78 % 78 % Non-GAAP gross margin 80 % 81 % 81 % Non-GAAP Income from Operations and Non-GAAP Operating Margin We define non-GAAP income from operations as GAAP loss from operations excluding stock-based compensation expense and related payroll taxes, amortization expense of acquired intangible assets, restructuring and other charges and acquisition-related expenses.
The change was driven primarily by higher interest rates and our increased balance of cash equivalents and short-term investments. Interest Expense Year Ended July 31, Change 2024 2023 $ % (in thousands) Interest expense $ (13,132) $ (6,541) $ (6,591) 101 % Interest expense increased by $6.6 million for fiscal 2024, compared to fiscal 2023.
The change was driven primarily by our increased balance of cash equivalents and short-term investments. Interest Expense Year Ended July 31, Change 2025 2024 $ % (in thousands) Interest expense $ (9,522) $ (13,132) $ 3,610 (27) % Interest expense decreased by $3.6 million for fiscal 2025, compared to fiscal 2024.
We continue to see customer scrutiny of and elongated approval processes for transactions, particularly larger deals, as customers continue to scrutinize purchasing decisions and are requiring multiple approvals for large expenditures in response to the uncertain economic environment.
Impact of Macroeconomic Conditions Changes in macroeconomic and geopolitical conditions can cause uncertainty in our business. We continue to see customer scrutiny of and elongated approval processes for transactions, particularly larger deals, as customers continue to carefully consider purchasing decisions and are requiring multiple approvals for large expenditures in response to the uncertain economic environment.
For further information refer to Note 1, Business and Summary of Significant Accounting Policies of our consolidated financial statements included elsewhere in this Annual Report on Form 10-K.
Recently Issued Accounting Pronouncements Refer to Note 1, Business and Summary of Significant Accounting Policies, to the consolidated financial statements included elsewhere in this Annual Report on Form 10-K for more information regarding recently issued accounting pronouncements. 84 Table of Contents
Payroll contributions accrued as of July 31, 2024 will be used to purchase shares at the end of the current ESPP purchase period ending on December 16, 2024.
Payroll contributions accrued as of July 31, 2025 will be used to purchase shares at the end of the current ESPP purchase period ending on December 15, 2025. Payroll contributions ultimately used to purchase shares are reclassified to stockholders' equity on the purchase date.
We generate revenue primarily from sales of subscriptions to access our cloud platform, together with related support services. We also generate an immaterial amount of revenue from professional and other services, which consist primarily of fees associated with mapping, implementation, network design and training. Our subscription pricing is primarily calculated on a per-user basis.
We also generate an immaterial amount of revenue from professional and other services, which consist primarily of fees associated with mapping, implementation, network design and training. Our subscription pricing is primarily calculated on a per-user basis. We recognize subscription and support revenue ratably over the life of the contract, which is generally one to three years.
The change in revenue was driven primarily by an increase in users and sales of additional subscriptions to existing customers, which contributed $471.8 million in additional revenue. The remainder of the increase was primarily attributable to the addition of new customers, as we increased our customer bas e by 12% f rom fiscal 2023 to fiscal 2024 .
The change in revenue was driven primarily by an increase in users and sales of additional subscriptions to existing customers, which contributed $434.0 million in additional revenue. The remainder of the increase was primarily attributable to the addition of new customers, as we increased our customer base b y 9% from fiscal 2024 to fiscal 2025 .
Consequently, increases or decreases in new sales or renewals in any one period may not be immediately reflected as revenue for that period. Accordingly, the effect of downturns in sales and market acceptance of our platform, and potential changes in our rate of renewals, may not be fully reflected in our results of operations until future periods.
Accordingly, the effect of downturns in sales and market acceptance of our platform, and potential changes in our rate of renewals, may not be fully reflected in our results of operations until future periods.
Net cash provided by operating activities during fiscal 2022 was $321.9 million, which resulted from a net loss of $390.3 million, adjusted for non-cash charges of $614.7 million and net cash inflows of $97.5 million from changes in operating assets and liabilities.
Net cash provided by operating activities during fiscal 2024 was $779.8 million, which resulted from a net loss of $57.7 million, adjusted for non-cash charges of $771.5 million and net cash inflows of $66.1 million from changes in operating assets and liabilities.
Subscriptions that are invoiced annually in advance or multi-year in advance contribute significantly to our short-term and long-term deferred revenue in comparison to our invoices issued quarterly in advance or monthly in advance.
Subscriptions that are invoiced annually in advance or multi-year in advance contribute significantly to our short-term and long-term deferred revenue in comparison to our invoices issued quarterly in advance or monthly in advance. We strategically enter into agreements for multi-year in advance billings with our customers to achieve our and/or our customers’ business objectives.
Our actual results could differ from these estimates. We refer to accounting estimates of this type as critical accounting policies and estimates, which we discuss below. We have identified certain accounting policies that are significant to the preparation of our financial statements. These accounting policies are important for an understanding of our financial condition and results of operations.
We have identified certain accounting policies that are significant to the preparation of our financial statements. These accounting policies are important for an understanding of our financial condition and results of operations.
The change was driven primarily by an increase of $98.3 million in employee-related expenses, inclusive of an increase of $31.1 million in sales commissions expense and an increase of $3.5 million in stock-based compensation expense.
The change was primarily driven by an increase of $116.4 million in employee-related expenses, inclusive of an increase of $33.7 million in sales commissions expense, and an increase of $29.5 million in stock-based compensation expense. The increase in employee-related expenses was primarily due to an increase in headcount.
General and Administrative Expenses Year Ended July 31, Change 2024 2023 $ % (in thousands) General and administrative expenses $ 212,052 $ 177,544 $ 34,508 19 % General and administrative expenses increased by $34.5 million, or 19%, for fiscal 2024, compared to fiscal 2023.
General and Administrative Expenses Year Ended July 31, Change 2025 2024 $ % (in thousands) General and administrative expenses $ 251,754 $ 212,052 $ 39,702 19 % General and administrative expenses increased by $39.7 million, or 19%, for fiscal 2025, compared to fiscal 2024.
If we are unable to raise additional capital when desired, or if we cannot expand our operations or otherwise capitalize on our business opportunities because we lack sufficient capital, our business, operating results and financial condition would be adversely affected.
If we are unable to raise additional capital when desired, or if we cannot expand our operations or otherwise capitalize on our business opportunities because we lack sufficient capital, our business, operating results and financial condition would be adversely affected. 79 Table of Contents We typically invoice our customers annually in advance, and to a lesser extent quarterly in advance, monthly in advance or multi-year in advance.
Net cash inflows from changes in operating assets and liabilities were primarily the result of an increase of $418.6 million in deferred revenue from advance invoicing in accordance with our subscription contracts, an increase of $26.8 million in accrued expenses, other current and noncurrent liabilities and an increase of $24.5 million in accrued compensation.
Net cash inflows from changes in operating assets and liabilities were primarily the result of an increase of $573.1 million in deferred revenue from advance invoicing in accordance with our subscription contracts, an increase of $21.0 million in accrued compensation and an increase of $17.5 million in accounts payable.
Net cash provided by financing activities of $46.0 million during fiscal 2023 was primarily attributable to $42.3 million in proceeds from issuance of common stock under the ESPP and $3.9 million in proceeds from the exercise of stock options.
Financing Activities Net cash provided by financing activities of $420.5 million during fiscal 2025 was primarily attributable to $1,725.0 million from proceeds from issuance of the 2028 convertible senior notes, $63.6 million in proceeds from the issuance of common stock under the ESPP and $3.6 million in proceeds from the exercise of stock options.
Payroll contributions ultimately used to purchase shares are reclassified to stockholders' equity on the purchase date. 66 Table of Contents Year Ended July 31, 2024 2023 2022 (in thousands) Net cash provided by operating activities $ 779,846 $ 462,343 $ 321,912 Less: Purchases of property, equipment and other assets (144,588) (97,197) (69,296) Capitalized internal-use software (50,308) (31,527) (21,284) Free cash flow $ 584,950 $ 333,619 $ 231,332 As a percentage of revenue: Net cash provided by operating activities 36 % 29 % 30 % Less: Purchases of property, equipment and other assets (7) (6) (7) Capitalized internal-use software (2) (2) (2) Free cash flow margin 27 % 21 % 21 % Calculated Billings Calculated billings is a non-GAAP financial measure that we believe is a key metric to measure our periodic performance.
Year Ended July 31, 2025 2024 2023 (in thousands) Net cash provided by operating activities $ 972,453 $ 779,846 $ 462,343 Less: Purchases of property, equipment and other assets (164,252) (144,588) (97,197) Capitalized internal-use software (81,508) (50,308) (31,527) Free cash flow $ 726,693 $ 584,950 $ 333,619 As a percentage of revenue: Net cash provided by operating activities 36 % 36 % 29 % Less: Purchases of property, equipment and other assets (6) (7) (6) Capitalized internal-use software (3) (2) (2) Free cash flow margin 27 % 27 % 21 % Calculated Billings Calculated billings is a non-GAAP financial measure that we reported as a key metric to measure our periodic performance through July 31, 2025.
The preparation of these financial statements requires us to make estimates and assumptions that affect the reported amounts of assets, liabilities, revenue and expenses, as well as related disclosures. We evaluate our estimates and assumptions on an ongoing basis. Our estimates are based on historical experience and various other assumptions that we believe to be reasonable under the circumstances.
Critical Accounting Policies and Estimates Our financial statements are prepared in accordance with GAAP. The preparation of these financial statements requires us to make estimates and assumptions that affect the reported amounts of assets, liabilities, revenue and expenses, as well as related disclosures. We evaluate our estimates and assumptions on an ongoing basis.
These macroeconomic conditions may impact the future demand for subscriptions of our cloud platform. 62 Table of Contents Certain Factors Affecting Our Performance Increased Internet Traffic and Adoption of Cloud-Based Software and Security The adoption of cloud applications and infrastructure, explosion of internet traffic volumes and shift to mobile-first computing generally, and the pace at which enterprises adopt the internet as their corporate network in particular, impact our ability to drive market adoption of our cloud platform.
The adoption of cloud applications and infrastructure, explosion of internet traffic volumes and shift to mobile-first computing generally, and the pace at which enterprises adopt the internet as their corporate network in particular, impact our ability to drive market adoption of our cloud platform.
The total net proceeds from the offering, after deducting initial purchase discount and issuance costs, was $1,130.5 million.
The total net proceeds from the offering, after deducting initial purchase discount and issuance costs, was $1,700.0 million. The 2028 Notes mature on July 15, 2028.
Additionally, our employee-related expenses increased by $44.4 million , inclusive of an increase of $11.7 million in stock-based compensation expense, driven primarily by an increase in headcount in our customer support and cloud operations organizations. The remainder of the increase was primarily attributable to increased expenses of $2.0 million in facility and IT services.
Additionally, our employee-related expenses increased by $49.4 million, inclusive of an increase of $17.3 million in stock-based compensation expense, driven primarily by an increase in headcount in our customer support and cloud operations organizations.
Cost of Revenue and Gross Margin Year Ended July 31, Change 2024 2023 $ % (in thousands) Cost of revenue $ 477,129 $ 362,832 $ 114,297 32 % Gross margin 78 % 78 % Cost of revenue increased by $114.3 million, or 32%, in fiscal 2024, compared to fiscal 2023.
Cost of Revenue and Gross Margin Year Ended July 31, Change 2025 2024 $ % (in thousands) Cost of revenue $ 618,178 $ 477,129 $ 141,049 30 % Gross margin 77 % 78 % Cost of revenue increased by $141.0 million, or 30%, in fiscal 2025, compared to fiscal 2024.
Net cash provided by investing activities during fiscal 2022 of $374.1 million was primarily attributable to the proceeds from the maturities of short-term investments of $1,334.9 million These activities were partially offset by purchases of short-term investments of $844.9 million, capital expenditures of $90.6 million to support the growth and expansion of our cloud platform and $25.3 million, net of cash acquired for business acquisitions.
Investing Activities Net cash used in investing activities during fiscal 2025 of $427.0 million was primarily attributable to the purchases of short-term investments of $1,280.6 million, capital expenditures of $245.8 million to support the growth and expansion of our cloud platform. These activities were partially offset by proceeds from the maturities and sales of short-term investments of $1,101.0 million.
In particular, litigation-related expenses related 69 Table of Contents to significant litigation claims may result in significant fluctuations from period to period, as they are inherently subject to change and difficult to estimate.
In particular, litigation-related expenses related to significant litigation claims may result in significant fluctuations from period to period, as they are inherently subject to change and difficult to estimate. Interest Income Interest income consists primarily of income earned on our cash equivalents and short-term investments.
Subscription and related support services accounted for approximately 97% of our revenue for all periods presented. Our contracts with our customers do not at any time provide the customer with the right to take possession of the software that runs our cloud platform. Our customers may also purchase professional services, such as mapping, implementation, network design and training.
Subscription and related support services accounted for approximately 98%, 97% and 97% of our revenue for each of fiscal 2025, fiscal 2024 and fiscal 2023, respectively. Our contracts with our customers do not at any time provide the customer with the right to take possession of the software that runs our cloud platform.
Government agencies and some of the largest enterprises in the world rely on us to support their digital transformation, including approximately 35% of the Forbes Global 2000 as of July 31, 2024. We operate our business as one reportable segment. Our revenue has experienced significant growth in recent periods.
As of July 31, 2025, we had expanded our operations to over 9,400 customers across major industries, with users in over 185 countries. Government agencies and some of the largest enterprises in the world rely on us to support their secure digital transformation. We operate our business as one reportable segment. Our revenue has experienced significant growth in recent periods.
For further information, refer to Note 15, Income Taxes, of the consolidated financial statements included elsewhere in this Annual Report on form 10-K.
The change was primarily driven by the release of the valuation allowance against our United Kingdom ("U.K.") deferred tax assets. For further information, refer to Note 15, Income Taxes, of the consolidated financial statements included elsewhere in this Annual Report on form 10-K.
If our services do not meet certain service level commitments, our customers are entitled to receive service credits, and in certain cases, refunds, each representing a form of variable consideration. We have not historically experienced any significant incidents affecting the defined levels of reliability and performance as required by our subscription contracts.
If our services do not meet certain service level commitments, our customers are entitled to receive service credits, and in certain cases, refunds, each representing a form of variable consideration.
Non-cash charges primarily consisted of $444.8 million for stock-based compensation expense, $98.7 million for amortization of deferred contract acquisition costs, $55.8 million for depreciation and amortization expense, $32.2 million for non-cash operating lease costs, $11.1 million for amortization expense of acquired intangible assets and $3.9 million for amortization of debt discount and issuance costs, partially offset by amortization (accretion) of investments purchased at a premium (discount) of $6.6 million and $3.3 million for net unrealized gains on hedging transactions.
Non-cash charges primarily consisted of $661.4 million for stock-based compensation expense, $166.3 million for amortization of deferred contract acquisition costs, $104.4 million for depreciation and amortization expense, $63.0 million for non-cash operating lease costs, $16.8 million for amortization expense of acquired intangible assets and $4.3 million for amortization of debt issuance costs, partially offset by $14.4 million for deferred income taxes and accretion of investments purchased at a discount of $15.9 million.
Deferred revenue consists of the unearned portion of billed fees for our subscriptions, which is subsequently recognized as revenue in accordance with our revenue recognition policy.
Therefore, a substantial source of our cash is from such prepayments, which are included on our consolidated balance sheets as a contract liability. Deferred revenue consists of the unearned portion of billed fees for our subscriptions, which is subsequently recognized as revenue in accordance with our revenue recognition policy.
We 67 Table of Contents recognize revenue ratably over the life of the contract. Amounts that have been invoiced are recorded in deferred revenue, or they are recorded in revenue if the revenue recognition criteria have been met.
We typically invoice our customers annually in advance, and to a lesser extent quarterly in advance, monthly in advance or multi-year in advance. We recognize revenue ratably over the life of the contract. Amounts that have been invoiced are recorded in deferred revenue, or they are recorded in revenue if the revenue recognition criteria have been met.
For additional information, refer to Note 10, Convertible Senior Notes, Note 11, Operating Leases and Note 12, Commitments and Contingencies, of the consolidated financial statements included elsewhere in this Annual Report on Form 10-K. Critical Accounting Policies and Estimates Our financial statements are prepared in accordance with GAAP.
Contractual Obligations and Commitments Our principal commitments consist of obligations under our 2028 Notes, real estate arrangements, co-location and bandwidth arrangements and non-cancelable purchase obligations. For additional information, refer to Note 10, Convertible Senior Notes, Note 11, Operating Leases, and Note 12, Commitments and Contingencies, of the consolidated financial statements included elsewhere in this Annual Report on Form 10-K.
Our effective tax rate of (97.4)% and (10.9)% in fiscal 2024 and fiscal 2023, respectively, differs from the applicable U.S. statutory federal income tax rate due to our valuation allowance against our U.S. federal, state, and U.K. deferred tax assets as well as our foreign income being taxed at different rates than the U.S. statutory rate. 75 Table of Contents Comparison of Fiscal 2023 and Fiscal 2022 For a discussion of our results of operations for the year ended July 31, 2023 as compared to the year ended July 31, 2022, refer to Part II, Item 7, Management’s Discussion and Analysis of Financial Condition and Results of Operations, of our Annual Report on Form 10-K filed with the SEC on September 14, 2023. 76 Table of Contents Liquidity and Capital Resources As of July 31, 2024, our principal sources of liquidity were cash, cash equivalents and short-term investments totaling $2,409.7 million, which were held for working capital and general corporate purposes.
We will continue to evaluate the impact of OBBBA, but currently we do not expect it to have a material impact on our consolidated financial statements in fiscal 2026 due to our valuation allowance. 77 Table of Contents Comparison of Fiscal 2024 and Fiscal 2023 For a discussion of our results of operations for the year ended July 31, 2024 as compared to the year ended July 31, 2023, refer to Part II, Item 7, Management’s Discussion and Analysis of Financial Condition and Results of Operations, of our Annual Report on Form 10-K filed with the SEC on September 12, 2024. 78 Table of Contents Liquidity and Capital Resources As of July 31, 2025, our principal sources of liquidity were cash, cash equivalents and short-term investments totaling $3,572.4 million, which were held for working capital and general corporate purposes.
The change was driven primarily by fair value hedge adjustments related to our Notes. Other Expense, Net Year Ended July 31, Change 2024 2023 $ % (in thousands) Other expense, net $ (3,750) $ (1,862) $ (1,888) 101 % Other expense, net increased by $1.9 million for fiscal 2024, compared to fiscal 2023.
Other Expense, Net Year Ended July 31, Change 2025 2024 $ % (in thousands) Other expense, net $ (5,673) $ (3,750) $ (1,923) 51 % Other expense, net increased by $1.9 million for fiscal 2025, compared to fiscal 2024. The change was driven primarily by fluctuations in foreign currency transactions gains and losses.
Overall, the transaction price is reduced to reflect our estimate of the amount of consideration to which we are entitled based on the terms of the contract. Estimated rebates and other credits were not material during the periods presented. Contract Balances Contract liabilities consist of deferred revenue and include payments received in advance of performance under the contract.
Estimated rebates and other credits were not material during the periods presented. Contract Balances Contract liabilities consist of deferred revenue and include payments received in advance of performance under the contract. Such amounts are recognized as revenue over the contractual period.
Accordingly, any estimated refunds related to these agreements in the consolidated financial statements were not material during the periods presented. We provide rebates and other credits within our contracts with certain customers which are estimated based on the most likely amounts expected to be earned or claimed on the related sales transaction.
We provide rebates and other credits within our contracts with certain customers which are estimated based on the most likely amounts expected to be earned or claimed on the related sales transaction. Overall, the transaction price is reduced to reflect our estimate of the amount of consideration to which we are entitled based on the terms of the contract.
We define non-GAAP operating margin as non-GAA P income from operations as a percentage of revenue. 65 Table of Contents Year Ended July 31, 2024 2023 2022 (in thousands) GAAP loss from operations $ (121,477) $ (234,623) $ (327,429) Add: Stock-based compensation expense and related payroll taxes 549,100 457,815 430,020 Amortization expense of acquired intangible assets 14,624 11,060 9,010 Restructuring and other charges (1) — 6,564 — Non-GAAP income from operations $ 442,247 $ 240,816 $ 111,601 GAAP operating margin (6) % (15) % (30) % Non-GAAP operating margin 20 % 15 % 10 % (1) In connection with a restructuring plan announced in March 2023, we incurred stock-based compensation expense of approximately $1.0 million, which is included in stock-based compensation expense and related payroll taxes.
We define non-GAAP operating margin as non-GAA P income from operations as a percentage of revenue. 66 Table of Contents Year Ended July 31, 2025 2024 2023 (in thousands) GAAP loss from operations $ (128,460) $ (121,477) $ (234,623) Add: Stock-based compensation expense and related payroll taxes 685,534 549,100 457,815 Amortization expense of acquired intangible assets 16,820 14,624 11,060 Restructuring and other charges 4,921 — 6,564 Acquisition-related expenses 1,316 — — Non-GAAP income from operations $ 580,131 $ 442,247 $ 240,816 GAAP operating margin (5) % (6) % (15) % Non-GAAP operating margin 22 % 20 % 15 % Free Cash Flow and Free Cash Flow Margin Free cash flow is a non-GAAP financial measure that we calculate as net cash provided by operating activities less purchases of property, equipment and other assets and capitalized internal-use software.
The change was driven primarily by an increase of $145.9 million in employee-related expenses, inclusive of an increase of $62.6 million in stock-based compensation expense, primarily due to an increase in headcount.
The overall increase was primarily due to an increase of $34.2 million in employee-related expenses, inclusive of an increase of $17.5 million in stock-based compensation expense, primarily due to an increase in headcount and accelerated vesting of awards related to executive transitions.
… 68 more changes not shown on this page.
Item 7A. Quantitative and Qualitative Disclosures About Market Risk
Market Risk — interest-rate, FX, commodity exposure
8 edited+0 added−5 removed5 unchanged
Item 7A. Quantitative and Qualitative Disclosures About Market Risk
Market Risk — interest-rate, FX, commodity exposure
8 edited+0 added−5 removed5 unchanged
2024 filing
2025 filing
Biggest changeThe Notes have a fixed annual interest rate of 0.125%, accordingly, we do not have economic interest rate exposure on the Notes. However, the fair value of the Notes is exposed to interest rate risk. Generally, the fair value of the Notes will increase as interest rates fall and decrease as interest rates rise.
Biggest changeThe capped calls transactions are expected generally to offset the potential dilution to our common stock as a result of any conversion of the 2028 Notes. The 2028 Notes have a 0.0% interest rate, we do not have economic interest rate exposure on the 2028 Notes. However, the fair value of the 2028 Notes is exposed to interest rate risk.
A portion of our operating expenses are incurred outside the United States, denominated in foreign currencies and subject to fluctuations due to changes in foreign currency exchange rates, particularly changes in the British Pound, Indian Rupee, Euro, Japanese Yen, Canadian Dollar and Australian Dollar.
A portion of our operating expenses are incurred outside the United States, denominated in foreign currencies and subject to fluctuations due to changes in foreign currency exchange rates, particularly changes in the British Pound, Indian Rupee, Euro, Israeli Shekel, Canadian Dollar, Australian Dollar and Japanese Yen.
We also use foreign currency forward contracts to mitigate variability in gains and losses generated from the remeasurement of certain monetary assets and liabilities denominated in foreign currencies. 84 Table of Contents
We also use foreign currency forward contracts to mitigate variability in gains and losses generated from the remeasurement of certain monetary assets and liabilities denominated in foreign currencies. 85 Table of Contents
Item 7A. Quantitative and Qualitative Disclosures about Market Risk We have operations in the United States and internationally, and we are exposed to market risk in the ordinary course of our business. Interest Rate Risk As of July 31, 2024, we had cash, cash equivalents and short-term investments totaling $2,409.7 million, which were held for working capital purposes.
Item 7A. Quantitative and Qualitative Disclosures about Market Risk We have operations in the United States and internationally, and we are exposed to market risk in the ordinary course of our business. Interest Rate Risk As of July 31, 2025, we had cash, cash equivalents and short-term investments totaling $3,572.4 million, which were held for working capital purposes.
As of July 31, 2024, the effect of a hypothetical 100 basis point change in interest rates would have changed the fair value of our investments in available-for-sale securities by $10.0 million.
As of July 31, 2025, the effect of a hypothetical 100 basis point change in interest rates would have changed the fair value of our investments in available-for-sale securities by $13.9 million.
Foreign Currency Risk The vast majority of our sales contracts are denominated in U.S. dollars, with a small number of contracts denominated in foreign currencies.
For further information refer to Note 10, Convertible Senior Notes, to the consolidated financial statements included elsewhere in this Annual Report on Form 10-K. Foreign Currency Risk The vast majority of our sales contracts are denominated in U.S. dollars, with a small number of contracts denominated in foreign currencies.
Through July 31, 2022, we carried the Notes at face value less unamortized debt discount and debt issuance costs on our consolidated balance sheet. Effective August 1, 2022, upon adoption of ASU 2020-06, we carry the Notes at face value less debt issuance costs on our consolidated balance sheet.
Generally, the fair value of the 2028 Notes will increase as interest rates fall and decrease as interest rates rise. As of July 31, 2025, we carried the 2028 Notes at face value less unamortized debt issuance costs on our consolidated balance sheet.
In connection with the issuance of the Notes, we entered into privately negotiated capped call transactions with certain counterparties (the "Capped Calls"). The Capped Calls are expected generally to offset the potential dilution to our common stock as a result of any conversion of the Notes.
Convertible Senior Notes In July 2025, we issued our 2028 Notes with an aggregate principal amount of $1,725.0 million. In connection with the issuance of the 2028 Notes, we entered into privately negotiated capped call transactions with certain counterparties.
Removed
We also use interest rate swaps to economically convert certain of our fixed interest rate Notes to floating interest rates, in order to match the floating rate nature of a portion of our cash, cash equivalents, and short-term investments.
Removed
These interest rate swaps are designated as fair value hedges, and changes in fair value of the interest rate swaps offset the changes in fair market value of the Notes due to benchmark interest rate movements.
Removed
Gains or losses related to our fair value hedges are included within interest expense in the consolidated statement of operations in the period of change together with the offsetting loss or gain on the hedged item attributed to risk being hedged. Convertible Senior Notes In June 2020, we issued our Notes with an aggregate principal amount of $1,150.0 million.
Removed
For further information refer to Note 1, Business and Summary of Significant Accounting Policies of our consolidated financial statements included elsewhere in this Annual Report on Form 10-K. We present the fair value for required disclosure purposes only. In addition, the fair value of the Notes also fluctuates when the market price of our common stock fluctuates.
Removed
The fair value was determined based on the quoted bid price of the Notes in an over-the-counter market on the last trading 83 Table of Contents day of the reporting period. For further information refer to Note 10, Convertible Senior Notes, to the consolidated financial statements included elsewhere in this Annual Report on Form 10-K.