CISO Global, Inc. - Annual Report: 2022 (Form 10-K)
UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
WASHINGTON, D.C. 20549
FORM 10-K
(Mark One)
☒ ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
For the fiscal year ended December 31, 2022
or
☐ TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
For the transition period from __________________________ to __________________________
Commission file number 001-41227
CERBERUS CYBER SENTINEL CORPORATION
(Exact name of registrant as specified in its charter)
Delaware | 83-4210278 | |
State or Other Jurisdiction | (I.R.S. Employer | |
of Incorporation or Organization | Identification No.) |
6900 E. Camelback Road, Suite 240, Scottsdale, AZ 85251
(Address of Principal Executive Offices) (Zip Code)
Registrant’s telephone number, including area code: (480) 389-3444
Securities registered pursuant to Section 12(b) of the Act:
Title of each class | Trading Symbol(s) | Name of each exchange on which registered | ||
Common Stock, $0.00001 par value | CISO | The Nasdaq Stock Market LLC |
Securities registered pursuant to Section 12(g) of the Act: Common Stock, par value $0.00001
Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes ☐ No ☒
Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act. Yes ☐ No ☒
Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes ☒ No ☐
Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§ 232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). Yes ☒ No ☐
Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer” “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.
Large accelerated filer | ☐ | Accelerated filer | ☐ |
Non-accelerated filer | ☒ | Smaller reporting company | ☒ |
Emerging growth company | ☒ |
If an emerging growth company, indicate by checkmark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐
Indicate by check mark whether the Registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report. ☐
If securities are registered pursuant to Section 12(b) of the Act, indicate by check mark whether the financial statements of the registrant included in the filing reflect the correction of an error to previously issued financial statements. ☐
Indicate by check mark whether any of those error corrections are restatements that required a recovery analysis of incentive-based compensation received by any of the registrant’s executive officers during the relevant recovery period pursuant to §240.10D-1(b). ☐
Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Act). Yes ☐ No ☒
The aggregate market value of the common stock held by non-affiliates of the registrant as of the last business day of the registrant’s most recently completed second fiscal quarter (June 30, 2022) was $164,755,296, computed by reference to the price at which the common stock was last sold ($3.60 per share).
The registrant had shares of common stock outstanding as of March 27, 2023.
CERBERUS CYBER SENTINEL CORPORATION
2022 FORM 10-K ANNUAL REPORT
TABLE OF CONTENTS
-2- |
FORWARD-LOOKING STATEMENTS
The information contained in this report should be read in conjunction with the financial statements and related notes contained elsewhere in this Annual Report on Form 10-K. Certain statements made in this report are “forward-looking statements” within the meaning of Section 27A of the Securities Act of 1933, as amended (the “Securities Act”), and Section 21E of the Securities Exchange Act of 1934, as amended (the “Exchange Act”). These statements are based upon beliefs of, and information currently available to, us as of the date hereof, as well as estimates and assumptions made by us. Readers are cautioned not to place undue reliance on these forward-looking statements, which are only predictions and speak only as of the date hereof. When used herein, the words “anticipate,” “believe,” “estimate,” “expect,” “forecast,” “future,” “intend,” “plan,” “predict,” “project,” “target,” “potential,” “will,” “would,” “could,” “should,” “continue” or the negative of these terms and similar expressions identify forward-looking statements. Such statements reflect our current view with respect to future events and are subject to risks, uncertainties, assumptions, and other factors, including the risks relating to our business, industry, and our operations and results of operations. Should one or more of these risks or uncertainties materialize, or should the underlying assumptions prove incorrect, actual results may differ significantly from those anticipated, believed, estimated, expected, intended, or planned.
Although we believe that the expectations reflected in the forward-looking statements are reasonable, we cannot guarantee future results, levels of activity, performance, or achievements. Except as required by applicable law, including the securities laws of the United States, we do not intend to update any of the forward-looking statements to conform these statements to actual results.
Forward-looking statements made in this Annual Report on Form 10-K include statements about:
● | our ability to achieve and sustain profitability of our existing lines of business and through our wholly owned subsidiaries; |
● | our ability to raise sufficient capital to continue to acquire cybersecurity companies; |
● | our ability to attract and retain qualified cybersecurity talent; |
● | our ability to identify potential acquisition targets within predetermined parameters; |
● | our ability to successfully execute acquisitions, integrate the acquired businesses, and create synergies as a global cybersecurity consolidator; |
● | our ability to attract and retain qualified key technology or management personnel and to expand our management team; |
● | the accuracy of estimates regarding expenses, future revenue, capital requirements, profitability, and needs for additional financing; |
● | our dependence on establishing and maintaining a strong brand; |
● | the occurrence of service interruptions and security or privacy breaches and related remediation efforts and fines; |
● | system failures or capacity constraints; |
● | our ability to efficiently acquire customers and maintain high client retention rates; |
● | the impact of fluctuations in foreign currency exchange rates on our business and our ability to effectively manage the exposure to such fluctuations; |
● | our ability to maintain our relationships with our partners; |
● | adverse consequences of our substantial level of indebtedness and our ability to repay our debt; |
● | our ability to maintain, protect and enhance our intellectual property; |
● | our ability to maintain or improve our market shares; |
● | business interruptions resulting from geo-political actions, including war, terrorism, and disease outbreaks (such as COVID-19, the war in Ukraine, and geopolitical tensions involving China); |
● | sufficiency of cash and cash equivalents to meet our needs for at least the next 12 months; |
● | our ability to grow internationally; |
● | beliefs and objectives for future operations; |
● | our ability to stay in compliance with laws and regulations currently applicable to, or which may become applicable to our business both in the United States and internationally; |
● | economic and industry trends or trend analysis; |
● | anticipated income tax rates, tax estimates and tax standards; |
● | expectations regarding the impact of inflation, action taken by central banks to counter inflation, rising interest rates, and changes in foreign exchange rates on our business and financial results; |
● | the future trading price of our common stock; |
● | our ability to maintain an effective system of internal controls and accurately report our financial results and remediate material weaknesses; |
● | our expectation regarding the outcome of any regulator investigation or litigation; |
● | the potential impact of shareholder activism on our business and operations; |
● | our ability to navigate through the increasingly complex cybersecurity regulatory environment; and any other statements regarding our future operations, financial condition, growth prospects and business strategies. |
These statements are only predictions and involve known and unknown risks, uncertainties and other factors, including the risks in the section entitled “Risk Factors” set forth in this Annual Report on Form 10-K for the year ended December 31, 2022, any of which may cause our or our industry’s actual results, levels of activity, performance, or achievements to be materially different from any future results, levels of activity, performance, or achievements expressed or implied by these forward-looking statements. These risks may cause our or our industry’s actual results, levels of activity, or performance to be materially different from any future results, levels of activity, or performance expressed or implied by these forward-looking statements.
Our financial statements are prepared in accordance with accounting principles generally accepted in the United States. These accounting principles require us to make certain estimates, judgments, and assumptions. We believe that the estimates, judgments, and assumptions upon which we rely are reasonable based upon information available to us at the time that these estimates, judgments, and assumptions are made. These estimates, judgments, and assumptions can affect the reported amounts of assets and liabilities as of the date of the financial statements as well as the reported amounts of revenue and expenses during the periods presented. Our financial statements would be affected to the extent there are material differences between these estimates and actual results. The following discussion should be read in conjunction with our financial statements and notes thereto appearing elsewhere in this report.
-3- |
PART I
ITEM 1. BUSINESS
Unless otherwise indicated or the context requires otherwise, the terms “we,” “us,” “our,” and “our company” refer to Cerberus Cyber Sentinel Corporation, a Delaware corporation, and our wholly owned subsidiaries. Unless otherwise specified, all dollar amounts are expressed in United States dollars.
Our Business
General
We are a cybersecurity and compliance company comprised of highly trained and seasoned security professionals who work with clients to enhance or create a better cyber posture in their organization. Cybersecurity, also known as computer security or information technology security, is the protection of computer systems and networks from information disclosure, theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide. The cybersecurity industry has a supply and demand issue wherein there is more demand for cybersecurity services than there are expert and seasoned compliance and cybersecurity professionals available in the market. We seek to identify, attract, and retain highly skilled cyber and compliance teams and bring them together to provide holistic cyber services. We accomplish this through acquisitions, direct hiring, and incentivizing employees with stock options to help retain them. On an ongoing basis, we seek to identify cyber talent that is culturally aligned and that offers operating leverage through both existing customer revenue and relationships. We have invested in enterprise solutions and executive talent to integrate our different organizations into an ecosystem that works together to provide complete and holistic cybersecurity through cross pollination of solutions. The ecosystem is intended to provide additional revenue opportunities and drive overall recurring revenue.
We emphasize to clients the critical nature of having their work force create a continuously aware security culture. Once engaged, we strive to become the trusted advisors for customers’ cybersecurity and compliance needs by providing tailored security solutions based upon their organizational needs. We do not focus on selling cybersecurity products; we are product-agnostic so that we can provide solutions that fit the customer’s security needs, financial realities, and future strategy. Our approach is to evaluate the client’s organization holistically, identify compliance requirements, and secure the infrastructure while helping to create a culture of security.
We provide a full range of cybersecurity consulting and related services, encompassing all three pillars of compliance, cybersecurity, and culture. Our services include compliance services, secured managed services, security operations center (“SOC”) services, virtual Chief Information Security Officer (“vCISO”) services, incident response, certified forensics, technical assessments, and cybersecurity training. We believe that culture is the foundation of every successful cybersecurity and compliance program. To deliver that outcome, we developed our unique offering of MCCP+ (“Managed Compliance & Cybersecurity Provider + Culture”), which is the only holistic solution that provides all three of these pillars under one roof from a dedicated team of subject matter experts. In contrast to the majority of cybersecurity firms that are focused on a specific technology or service, we seek to differentiate ourselves by remaining technology agnostic, focusing on accumulating highly sought-after topic experts. We continually seek to identify and acquire cybersecurity talent to expand our service scope and geographical coverage to provide the best possible service for our clients. We believe that bringing together a world-class team of technological experts with multi-faceted expertise in the critical aspects of cybersecurity is key to providing technology agnostic solutions to our clients in a business environment that has suffered from a chronic lack of highly skilled professionals, thereby setting us apart from competitors and in-house security teams. Our goal is to create a culture of security and to help quantify, define, and capture a return on investment from information technology and cybersecurity spending. Our brand rallies around the battle cry: “Cyber security is a Culture, not a Product.”
Offering this set of cybersecurity services allows us to capture more revenue with greater efficiency, facilitating greater profitability and stronger customer retention. The benefit to our customers is that they receive an efficient engagement from a single provider that covers a wide range of their needs. This means their challenges are addressed more thoroughly and problems are resolved more rapidly when compared to working with multiple vendors. This leads to the best possible outcome, which enables our customers to commit to us for the long term.
We believe that our business model is differentiated from other companies in the industry in that our employees are not consultants; they are dedicated partners available on a recurring monthly contract. Due to the numerous challenges in hiring experienced cybersecurity and compliance professionals, assimilating our team of industry and subject matter experts into our clients’ teams is the ideal solution.
We are technology agnostic. Whereas, most cybersecurity firms are locked into working with a single technology, we seek to differentiate ourselves by remaining technology agnostic. This approach enables us to work with any business, no matter what systems or tools they use. For our customers, the benefit is equally valuable as they are able to choose the best tools and technology for their business needs without affecting their relationship with us.
-4- |
We believe that building a world-class technology team with industry-specific and subject-matter expertise is the key to providing cutting-edge solutions to our clients. We will continue to identify and acquire cybersecurity talent to expand our scope of services and geographical footprint to fortify our capability to deliver excellence to our customers. Furthermore, our goal is to stay a step ahead of threat actors and regulatory obligations to keep our customers safe and compliant.
The Cybersecurity Challenge
As the world has become increasingly connected through the Internet and the Internet of Things (“IoT”), cyberattacks have prevailed and evolved, in different forms, causing uncontainable threats to the integrity and privacy of enterprise and personal data and resulted in significant economic losses globally. The McKinsey Global Institute has estimated that approximately 127 new IoT devices connect to the Internet every second. A report published by Cybersecurity Ventures stated that damages from global cybercrime is predicted to hit $10.5 trillion annually by 2025. Cybersecurity Ventures estimated that a business fell victim to a ransomware attack every 11 seconds in 2021, up from every 14 seconds in 2019. As a result, ransomware is one of the fastest growing types of cybercrime. Moreover, an Accenture survey reported that 68% of business leaders feel their cybersecurity risks are increasing. Cybersecurity Ventures has also predicted that worldwide global cybersecurity spending will exceed $1.75 trillion cumulatively from the fiscal years 2021 to 2025. The New York Times reported that in 2021 there would be 3.5 million unfilled job openings in the cybersecurity field. Two years later, despite widespread university and government investments into education programs and recruitment efforts, the rates are roughly the same. Continued efforts to bridge the workforce and skills gaps simply can’t keep up with the ongoing increase in demand.
In response to the increasing economic damage caused by heightened cybersecurity risks, regulatory bodies have pushed the implementation of new cybersecurity legislations, and cyber insurance companies have increased minimum cybersecurity underwriting requirements, as well as premium costs. We believe that we are well positioned in a fast-growing industry to provide businesses with a wide scope of cybersecurity services and with significant opportunities for growth.
Service Offering
We currently offer two major types of services to clients including security managed services and professional services.
Security Managed Services
Our security managed services include cybersecurity and compliance solutions. Through our consultative approach, we evaluate the cybersecurity posture and ecosystem of our clients to expose risks, optimize resources and implement best-fit solutions that are tailored to the business and address their unique challenges.
We offer multiple services in the security managed services portfolio, including the following:
● | Compliance: Our compliance practice ensures the customers are implementing the right controls, properly prioritizing risks, and investing in the appropriate remediation in order to comply and adhere to applicable industry standards and guidelines, and manage continuous monitoring over time. We provide the combination of integrated processes and systems, experienced staff, and innovative technology to help our customers meet those goals. Our seasoned experts possess the stringent industry certifications and accreditations that indicate their depth of knowledge in security compliance regulations, frameworks, and controls. As an authorized Federal Risk and Authorization Management Program (“FedRAMP”) vendor, we bring an insider’s perspective to the process in the following standards: |
-5- |
○ | FedRAMP: provides standardization to cloud security for Cloud Service Providers. | |
○ | FISMA 2014: codifies the Department of Homeland Security’s role in administering the implementation of information security policies for federal Executive Branch civilian agencies, overseeing agencies’ compliance with those policies, and assisting the U.S. Office of Management and Budget in developing those policies. | |
○ | ISO 17021 and ISO 27001: international standard providing certification bodies with a set of requirements that will enable them to ensure that their management system certification process is carried out in a competent, consistent, and impartial manner. | |
○ | Health Insurance Portability and Accountability Act (“HIPAA”) and Technology for Economic and Clinical Health Act of 2009: laws regulated by the Department of Health and Human Services to secure the privacy and confidentiality of protected health information. | |
○ | PCI: a standard administered by the Payment Card Industry Security Standards Council. | |
○ | Cybersecurity Framework: a set of cybersecurity activities, desired outcomes, and applicable informative references common across critical infrastructure sectors. | |
○ | The National Institute of Standards and Technology (“NIST”): formally known as a National Bureau of Standards, NIST is a federal agency that promotes and maintains measurement standards while encouraging and assisting industry and science to develop and use these standards. | |
○ | Cybersecurity Maturity Model Certification: intended to serve as a verification mechanism to ensure that defense industrial base companies implement appropriate cybersecurity practices and processes to protect federal contract information and controlled unclassified information within their unclassified networks. | |
○ | General Data Protection Regulation: intended to standardize data protection law across the single market and give people in a growing digital economy greater control over how their personal information is used. | |
○ | Service Organization 2: an auditing procedure that focuses on a business’ non- financial reporting controls related to security, availability, processing, integrity, confidentiality, and privacy of a system. | |
○ | Health Information Trust Alliance comprehensive security framework: developed in collaboration with healthcare, technology, and information security leaders to create, access, store, and exchange sensitive and/or regulated data. |
● | Secured Managed Services: Our team has extensive experience in identifying and remediating security issues in a holistic fashion to quickly affect change on an organizational scale. We partner with our clients to address the items that are identified through the course of routine network hygiene or from a security review, penetration test, or incident response. Our remediation services resolve vulnerabilities that may introduce risk and lead to adverse outcomes if not addressed. Examples of issues that we remediate include rearchitecting computer networks to minimize attack surface, implementing high security password requirements and multi-factor authentication, applying missing security patches that expose an organization to security attack, or correcting misconfigurations that can lead to unauthorized access such. Our services provide customers with a mature methodology for the heavy lifting needed to ensure that implementing solutions to minimize security risk are done efficiently and effectively. |
● | SOC Managed Services: We offer SOC-as-a-service, which is a subscription-based service that provides 24x7x365 coverage and overwatch including threat monitoring, alerting, validation, and proactive threat hunting to defend against cyber threats. |
● | vCISO Service: Organizations are in need of a cybersecurity program to reduce cyber risk to the business, but many do not have the capital resources or knowledge base to hire a Chief Information Security Officer to lead the effort. We offer this to companies on an ongoing managed service basis as a resource to augment their management team. vCISO services include road mapping the future state for the client and providing our knowledgeable expertise to help them achieve their security needs. |
-6- |
Professional Services
Our professional services include an extensive portfolio of tailored advisory solutions. Our in-depth and uniquely acquired industry expertise allows us to act as a trusted advisor of our clients to help them lower their risk profile, minimize cost impact, and meet regulatory compliance demands. We specialize in:
● | Incident Response and Forensics: We focus on identification, investigation, and remediation of cyberattacks. |
● | Technical Assessments: We specialize in advanced cybersecurity assessments that highlight the skills and experience of our team’s top-tier talent. Our customers love us because we routinely identify issues that no one else does due to our emphasis on real-world manual testing techniques and custom exploit development to uncover new avenues of attack. Our approach to penetration testing services strikes the perfect equilibrium between cost, time, and results. The team of highly skilled testers utilize the same tools and techniques a malicious cybercriminal would use to try to gain unauthorized access to highly guarded corporate systems and data to evaluate technical controls and quantify business risks in a meaningful way. This level of analysis provides business leaders the knowledge required to not only understand the impact a successful attack might have on their business operations, but also can validate the effectiveness of existing security controls and justify additional security related investment. |
● | Training: We provide security awareness training that can build a cyber vigilant culture by equipping users with the tools and techniques required to spot a potential cyberattack in the early stages. This targets the root cause for 75% of cyber breach events by starting with a culture of security-first forward thinking. |
● | Other Cybersecurity Services: |
◌ | Cyber Vigilance: Bringing the culture of cybersecurity to an organization is a critical first step of building any resilience to cyber threats. Through our consulting service, we dive into both the cultural and technical aspects of cybersecurity within the organization, providing meaningful recommendations to rapidly improve cybersecurity posture. We help our clients build effective policies and best practices, design or enhance a cybersecurity system, and train the executive management team to foster a top-down culture of cybersecurity in order to facilitate diligent implementation of cybersecurity awareness. | |
◌ | Gap and Risk Assessment: We combine decades of security expertise and in-depth knowledge of how cyberattackers operate to deliver a thorough security risk gap analysis that identifies real world threats and issues guidance for protection. We first familiarize ourselves with the customer’s environment, business model, operations, and business drivers to best determine a customer’s cybersecurity posture in an ever evolving threat landscape. We then use our advanced threat intelligence, data breach experience, and analytics to accurately assess the customers unique cybersecurity risk based on their “as is” state. We then operate with a holistic mindset, considering every link in the cybersecurity chain from people, processes, and technology, to determine their ideal “to be” state, aligned with their business goals, compliance requirements, and risk tolerance. Finally, we collaboratively devise and develop a strategic cybersecurity plan that takes into account critical priorities to effectively reduce cybersecurity risk by closing the gap between their “as is” and “to be” states. This comprehensive awareness of internal systems and policies provides our customers with a clear understanding of their overall risk as well as the strategies and tools they need to protect their most valuable assets: their data and brand reputation. |
-7- |
Growth Strategy
Cybersecurity service and consulting firms operate on various forms of business models. We do not focus on selling products; we promote a cybersecurity culture. Our growth strategy focuses on external acquisition and internal scalability to drive that culture within our customers’ organizations. Therefore, our revenue streams mainly come from security managed service and professional service fees. As the cybersecurity market grows over the years, we continue to see an increasing number of players entering the market with different sets of qualifications. However, organizations facing cybersecurity issues also usually lack the expertise to identify the right service provider or do not have the capital resources to hire a qualified CISO. We believe that this is where our growth opportunity lies since the lack of expertise leads to information asymmetry, which causes additional noise in the cybersecurity marketplace and exposes organizations to greater risks if found issues are not mitigated with the right group of experts. Furthermore, the industry is in need of highly qualified technology professionals in the cybersecurity field. A limited pool of talent results in increasing compensation and cost to retain such talent, which in turn compromises companies’ bottom line profitability and then increases the need to work externally with a partner such as our company. According to a Cybersecurity Jobs Report released in 2017 by Herjavec Group, unfilled cybersecurity positions were to be approximately 3.5 million by 2021. It has been our intention to capitalize on this gap as our growth opportunity.
Our external acquisition strategy targets engineer-owned cybersecurity firms in the top U.S. and international markets with existing revenue in the range of $2 million to $25 million and profit margin of at least 15% to 25%, although there could be opportunities beyond the larger end of this range. We expect each acquisition to be strategic and accretive, and we expect to obtain direct access to a pool of ready-to-deploy and seasoned cybersecurity talent and enhanced access to a larger client base geographically.
Our internal scalability strategy will focus on exploring and materializing synergies with the acquired targets. With strategic acquisitions, on the topline, we expect to provide a broadened service offering, which translates into more diverse revenue streams and a larger client base. We also anticipate that we will be able to broaden our geographical sales coverage and reduce client acquisition costs. We also intend to synergize best practices across the platform, which will enhance client experience and client loyalty. On the bottom line, we plan to centralize general and administrative support functions in one location, which will significantly improve net margin for all the service lines. This will allow our management to focus on sales initiatives and achieve internal operations scalability in a relatively short period of time. We estimate that with a typical acquisition, we will realize annual savings on centralized operations, generate additional revenue from upselling to existing clients, and add revenue from new clients. In the long term, we expect to become a pure-play cybersecurity consolidator in the United States.
Our Corporate and Acquisition History
We were formed on March 5, 2019 as a Delaware corporation. Our principal offices are located at 6900 East Camelback Road, Suite 240, Scottsdale, Arizona 85251.
On October 2, 2019, we filed a registration statement on Form 10-12G with the Securities and Exchange Commission (“SEC”) to effect registration of our common stock, par value $0.00001 per share, under the Exchange Act. The registration statement became effective on December 1, 2019.
-8- |
We have substantially expanded our business in recent years through a number of acquisitions. The following table sets for certain information regarding such acquisitions:
Acquired Company, Location |
Type of Acquisition |
Date |
Services Provided by Acquired Company | |||
GenResults, LLC (“GenResults”) Arizona(1) |
Stock | April 12, 2019 | Cybersecurity services. | |||
VCAB Six Corporation (“VCAB”) Texas |
Merger | April 12, 2019 | N/A(2) | |||
TalaTek, LLC (“TalaTek”) Virginia |
Merger | October 1, 2019 | Integrated risk management services, including risk assessments, IT audits, cybersecurity services, and managed compliance services. | |||
Technologyville, Inc. Illinois |
Stock | May 25, 2020 | Managed IT services. | |||
Clear Skies Security, LLC Georgia |
Stock | August 1, 2020 | Security assessment and penetration testing. | |||
Alpine Security, LLC Missouri |
Merger | December 16, 2020 | Integrated risk management services. | |||
Catapult Acquisition Corporation (“VelocIT”) New Jersey |
Merger | August 12, 2021 | Integrated risk management services. | |||
Atlantic Technology Systems, Inc., and Atlantic Technology Enterprises, Inc. (collectively, “Atlantic”) New Jersey |
Stock | October 1, 2021 | Integrated risk management services. | |||
RED74 LLC (“RED74”) New Jersey |
Merger | November 9, 2021 | Integrated risk management services. | |||
Ocean Point Equities, Inc. (“Arkavia”) Santiago, Chile |
Stock | December 1, 2021 | Cybersecurity services. | |||
True Digital Security, Inc. (“True Digital”) New York Florida Oklahoma |
Stock | January 19, 2022 | Cybersecurity and compliance. | |||
Creatrix, Inc. Tennessee Maryland |
Stock | June 1, 2022 | Identity management, systems integration and software engineering, biometrics, vetting, credentialing, and case management. | |||
CyberViking, LLC Georgia Oregon |
Stock | July 1, 2022 | Application security services, incident response, threat hunting, and creation and management of security operation centers. | |||
Servicios Informaticos CUATROi, S.P.A., Comercializadora CUATROi S.P.A., CUATROi Peru, S.A.C., and CUATROi S.A.S. Santiago, Chile Bogota, Columbia, and Lima, Peru |
Stock | August 25, 2022 | Managed services and cybersecurity. | |||
NLT Networks, S.P.A., NLT Technologias, Limitada, NLT Servicios Profesionales, S.P.A., and White and Blue Solutions, LLC Providencia, Chile Florida |
Stock | September 1, 2022 | Security solutions and managed services. | |||
RAN Security Buenos Aires, Argentina Chile, Peru, Bolivia, and Paraguay |
Stock | Expected 2023(3) | Secured managed services. |
(1) | Prior to our acquisition of GenResults, GenResults was wholly owned by an entity affiliated with David G. Jemmett, our Chief Executive Officer and a director of our company. Due to the companies being under common control, we accounted for the acquisition as a reorganization. | |
(2) | At the time of the VCAB Merger, VCAB was subject to a bankruptcy proceeding and had minimal assets, no equity owners, and no liabilities, except for approximately 1,500 holders of Class 5 Allowed General Unsecured Claims and a holder of allowed administrative expenses (collectively the “Claim Holders”). Pursuant to the terms of the VCAB Merger, and in accordance with the bankruptcy plan, we issued an aggregate of 2,000,000 shares of our common stock (the “Plan Shares”) to the Claim Holders as full settlement and satisfaction of their respective claims. As provided in the bankruptcy plan, the Plan Shares were issued pursuant to Section 1145 of the United States Bankruptcy Code. We entered into the VCAB Merger to increase our stockholder base to, among other things, assist us in satisfying the listing standards of a national securities exchange. | |
(3) | On January10, 2023, we entered into a definitive agreement for the acquisition of RAN Security, which is expected to close later in the year, subject to the satisfaction of customary closing conditions, including applicable regulatory approvals. |
-9- |
Customers
Our recent acquisitions have resulted in expansion of our customer base and increased usage within existing customers. None of our customers individually accounted for more than 10.0% of our consolidated revenue for the year ended December 31, 2022, nor are we dependent upon a few major customers. One of our customers accounted for an aggregate of 20.4% of our consolidated revenue for the year ended December 31, 2021.
Competition
The cybersecurity market is highly fragmented. In the top quartile, the market is dominated by several major global players, including IBM Corporation, Cisco Systems, AVG Technologies, Broadcom, and Dell. The rest of the market is highly competitive without dominant players. According to MarketsandMarkets.com, North America is expected to continue its hold as the largest market size in the cybersecurity market through the year 2023. A report from Statista forecasted the cybersecurity market to grow to $345.4 billion by 2026. An increasing awareness of cyber threats has led to a rising investment in cybersecurity infrastructure worldwide.
We face direct competition from all small-to-medium-sized cybersecurity service providers nationwide given the broad service scope we currently provide. Many competitors provide cloud-based services, which means our competition is not restricted by regions. It is critical for our executive management team to identify and attract strategic acquisition targets in order to strengthen our competitive advantage as a cybersecurity consolidator, which we believe brings higher service quality, more diverse service scope, and broader geographical coverage at a lower cost.
Intellectual Property
We intend to take appropriate steps to protect our intellectual property. We have registered the trademark “Cyber security is a culture, not a product,” which has been approved with a registration date of October 29, 2019.
We have non-disclosure, confidentiality, and license agreements with employees, contractors, customers and other third parties, which limit access to and use of our proprietary information. Though we rely in part upon these legal and contractual protections, as well as various procedural safeguards, we believe the skill and ingenuity of our employees, and the functionality and frequent enhancements to our solutions are more important to maintaining our competitive position in the marketplace.
Government Regulation
We are not aware of any specific regulations that govern cybersecurity firms or the areas in which we operate. While there are a few federal cybersecurity regulations, they govern industries that we serve and exist to focus on specific industries.
Three of the main cybersecurity regulations are HIPAA, the 1999 Gramm-Leach-Bliley Act, and the 2002 Homeland Security Act, which included the Federal Information Security Management Act (“FISMA”). The three regulations mandate that healthcare organizations, financial institutions, and federal agencies, respectively, should protect their systems and information. FISMA, which applies to every government agency, requires the development and implementation of mandatory policies, principles, standards, and guidelines on information security. However, the regulations do not address numerous computer related industries, such as Internet Service Providers and software companies. Furthermore, the regulations do not specify what cybersecurity measures must be implemented and require only a “reasonable” level of security.
-10- |
In addition, the National Cybersecurity Division is another regulatory body that is a division of the Office of Cybersecurity & Communications within the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.
Human Capital Management
We believe that our future success will depend, in part, on our continued ability to attract, hire, and retain qualified personnel. In particular, we depend on the skills, experience, and performance of our senior management and engineering and technical personnel. We compete for qualified personnel with other cyber security companies and industry experts.
We provide competitive compensation and benefits programs to help meet the needs of our employees. In addition to salaries, these programs (which vary by country/region and employment classification) include incentive compensation plan, pension, healthcare and insurance benefits, paid time off, family leave, and on-site services, among others. We also use targeted equity-based grants with vesting conditions to facilitate retention of personnel, particularly for our key employees.
The success of our business is fundamentally connected to the well-being of our people. Accordingly, we are committed to the health and safety of our employees. In response to the COVID-19 pandemic, we implemented significant changes that we determined were in the best interest of our employees, as well as the communities in which we operate, and which comply with government regulations. This includes having employees work from home, while implementing additional safety measures for employees continuing critical on-site work.
Environmental, Social, and Governance Efforts
Environmental Commitment
We are committed to protecting the environment and attempt to mitigate any negative impact of our operations. We monitor resource use, improve efficiency, and at the same time reduce our emissions and waste.
Social Responsibility
We are a trusted cybersecurity expert providing safe, efficient, and sustainable services to our existing and new communities. Our success is the direct result of the dedication and strength of our team and promotes equity, diversity, integrity, inclusion, reliability and accountability. We believe that a combination of diverse team members and an inclusive culture contributes to our success. Each member is a valued part of our team bringing a diverse perspective to help grow business and achieve our goals. Our tradition of serving employees, customers, and investors is at the core of our culture. For third-party vendor selection and oversight, we have standard operating procedures that apply to employees and subcontractors who, on our behalf, oversee and conduct technical protocols.
Employees
As of December 31, 2022, we had 449 employees, of which 443 were full-time. In addition, we utilize independent contractors for projects of short duration or where specialized knowledge or experience is needed for a complex project. We are not dependent on any independent contractor, and we believe adequate replacements would be available in the event any such independent contractor becomes unavailable to us. We believe our relations with our employees is good.
-11- |
Available Information
Our Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, our proxy and information statements and all amendments to those reports will be available free of charge through our website at www.ciso.inc as soon as practicable after such material is electronically filed with, or furnished to, the SEC. Except as otherwise stated in these documents, the information contained on our website or available by hyperlink from our website is not incorporated by reference into this report or any other documents we file, with or furnish to, the SEC.
Implications of Being an Emerging Growth Company
We qualify as an “emerging growth company” as the term is used in The Jumpstart Our Business Startups Act of 2012 (the “JOBS Act”), and therefore, we may take advantage of certain exemptions from various public company reporting requirements, including:
● | a requirement to only have two years of audited financial statements and only two years of related selected financial data and management’s discussion and analysis; | |
● | exemption from the auditor attestation requirement on the effectiveness of our internal controls over financial reporting; | |
● | reduced disclosure obligations regarding executive compensation; and | |
● | exemptions from the requirements of holding a nonbinding advisory stockholder vote on executive compensation and any golden parachute payments. |
We may take advantage of these provisions for up to five years or such earlier time that we are no longer an emerging growth company. We would cease to be an emerging growth company if we have more than $1.07 billion in annual revenue, issue more than $1.0 billion of non-convertible debt over a three-year period, or become a large accelerated filer. So long as we remain an emerging growth company, we may choose to take advantage of some, but not all, of the available benefits of the JOBS Act. We have taken advantage of some of the reduced reporting requirements in our filings. Accordingly, the information contained herein may be different than the information you receive from other public companies in which you hold stock. In addition, the JOBS Act provides that an emerging growth company can delay adopting new or revised accounting standards until such time as those standards apply to private companies. We have elected to avail ourselves of this exemption from new or revised accounting standards and, therefore, we will not be subject to the same new or revised accounting standards as other public companies that are not emerging growth companies.
ITEM 1A. RISK FACTORS
An investment in our common stock involves a number of very significant risks. Readers of this Annual Report on Form 10-K should carefully consider the following risks and uncertainties in addition to other information in this Annual Report on Form 10-K in evaluating our company and its business before purchasing shares of our common stock. Our business, operating results and financial condition could be seriously harmed due to any of the following risks. An investor in our common stock could lose all or part of their investment due to any, or a combination of these risks.
Risk Factor Summary
Risks Related to Our Business and Industry
● | We will need to raise capital in order to realize our business plan and growth strategy, the failure of which could adversely impact our operations. | |
● | We incurred significant operating losses during the years ended December 31, 2022 and December 31, 2021, and we have limited cash flow. Unless we increase revenue and cash flow or raise additional capital, we may be unable to take advantage of any acquisition opportunities that arise or expand our business, all of which could adversely impact us. | |
● | We will need to grow the size and capabilities of our organization, and we may experience difficulties in managing this growth. |
-12- |
● | We depend on key personnel who would be difficult to replace, and our business plans will likely be harmed if we lose their services or cannot hire additional qualified personnel. | |
● | We operate in an industry that is experiencing a shortage of qualified compliance and cybersecurity professionals. If we are unable to recruit and retain key management and technical and sales personnel, our business would be negatively affected. | |
● | We depend on independent contractors to provide certain services for which we do not have the expertise internally. Any compromise in the service quality may delay our business processes and cause economic loss. | |
● | We have recently acquired multiple businesses. Our growth strategy is driven by successful acquisitions and integration of additional businesses that provide comparable or complementary services. Our ability to grow is limited if we fail to identify and consummate acquisitions. | |
● | We intend to grow our client base significantly through acquisitions of other service providers. If we fail to retain existing clients and attract new clients through acquisitions, we may never achieve profitability. | |
● | Our business strategy may impose limitations in our ability to accurately forecast future revenue and operating results. | |
● | Our future results may be affected by various legal and regulatory proceedings and legal compliance risks, including those involving intellectual property, governmental regulations, the U.S. Foreign Corrupt Practices Act, and other anti-bribery, anti-corruption, or other matters. | |
● | We are subject to risks from operating internationally. | |
● | Our operations in certain emerging markets expose us to political, economic and regulatory risks. | |
● | Adverse economic conditions in the United States and international economies may adversely impact our business operating units. | |
● | Breaches of network or information technology security could have an adverse effect on our business. | |
● | If we fail to meet our service level obligations under our service level agreements, we may be subject to certain penalties and could lose clients. | |
● | The nature of our business involves significant risks and uncertainties that may not be covered by insurance or indemnification. | |
● | We indemnify our officers and directors against liability to us and our security holders, and such indemnification could increase our operating costs. | |
● | Our industry is highly competitive, and there is no assurance that we will compete successfully. | |
● | Our success depends on our ability to protect our intellectual property and our proprietary technologies. | |
● | Increasingly complex cybersecurity regulations and standards may have significant impact on our business, and it may require us to substantially invest in our development capabilities to meet compliance requirements and may negatively impact our ability to offer certain services and remain profitable. | |
● | We may become subject to disputes, including litigation, that could negatively impact our business, profitability, and financial condition. | |
● | If we incur additional debt, we will be subject to restrictive covenants and debt service obligations that could negatively impact our operations. | |
● | The requirements of being a public company, including compliance with the reporting requirements of the Exchange Act and the requirements of the Sarbanes-Oxley Act and Nasdaq, may strain our resources, increase our costs and divert management’s attention, and we may be unable to comply with these requirements in a timely or cost-effective manner. | |
● | The preparation of our financial statements involves use of estimates, judgments, and assumptions, and our financial statements may be materially affected if our estimates prove to be inaccurate. | |
● | The auditor’s opinion on our audited financial statements for the year ended December 31, 2022, included in this annual report on Form 10-K, contain an explanatory paragraph relating to our ability to continue as a going concern. | |
Risks Related to Our Common Stock | ||
● | The market price of our common stock is volatile and may fluctuate in a way that is disproportionate to our operating performance. | |
● | Future sales of shares of our common stock by existing stockholders could depress the market price of our common stock. | |
● | Provisions in our certificate of incorporation, our by-laws and Delaware law might discourage, delay, or prevent a change in control of our company or changes in our management and, therefore, depress the trading price of our common stock. | |
● | FINRA sales practice requirements may limit a stockholder’s ability to buy and sell our stock. | |
● | If we issue additional shares in the future, it will result in the dilution of our existing stockholders. | |
● | Our directors and executive officers beneficially own a substantial majority of our outstanding capital stock and will have the ability to control our affairs. | |
● | We are eligible to be treated as an “emerging growth company,” as defined in the JOBS Act, and we cannot be certain if the reduced disclosure requirements applicable to emerging growth companies will make our common stock less attractive to investors. |
-13- |
● | Our failure to meet the continued listing requirements of Nasdaq could result in a delisting of our common stock. | |
● | We do not intend to pay dividends on our common stock. | |
● | Our business could be negatively impacted by shareholder activism. | |
● | Our share price may be volatile, and you may be unable to sell your shares. |
Risks Related to Our Business and Industry
We will need to raise capital in order to realize our business plan and growth strategy, the failure of which could adversely impact our operations.
Our growth strategy is based upon increasing the number of our clients and our consolidated revenue by making successful acquisitions and integrating businesses that provide comparable or complementary cyber security services. As of December 31, 2022, our business was not profitable. Without adequate funding, a significant increase in revenue, and continued successful integration of our acquired targets, we may not be able to achieve profitability in the existing lines of business and attract further capital. As of March 27, 2023, we had available cash resources of approximately $4,254,000.
We expect to continue to finance our operations with available net operating cash flows and will need to raise additional capital in the future by issuing equity or other forms of securities, which could have significant dilutive impact on the ownership interest of existing stockholders. Furthermore, any newly issued securities could have rights, preferences, and privileges senior to those of our existing common stock.
We may have difficulty obtaining additional funds as and when needed, and we may have to accept terms that would adversely affect our stockholders. In addition, any adverse conditions in the credit and equity markets may adversely affect our ability to raise funds when needed. Any failure to achieve adequate funding will delay our acquisition efforts and could lead to abandonment of one or more of our acquisition initiatives, as well as prevent us from responding to competitive pressures or take advantage of unanticipated acquisition opportunities. Any additional equity financing will likely be dilutive to stockholders, and certain types of equity financing, if available, may involve restrictive covenants or other provisions that would limit how we conduct our business or finance our operations.
We incurred significant operating losses during the years ended December 31, 2022 and December 31, 2021, and we have limited cash flow. Unless we increase revenue and cash flow or raise additional capital, we may be unable to take advantage of any acquisition opportunities that arise or expand our business, all of which could adversely impact us.
We are unable to predict if and when we will be able to generate significant positive cash flow or achieve profitability. Our plan regarding these matters is to strengthen our revenue and continue improving operational efficiencies across the business. There can be no assurances that we will be successful in increasing revenue, improving operational efficiencies or that financing will be available or, if available, that such financing will be available under favorable terms. In the event that we are unable to generate adequate revenue to cover expenses and cannot obtain additional financing, we may need to cut back or curtail our expansion plans.
We will need to grow the size and capabilities of our organization, and we may experience difficulties in managing this growth.
As our acquisition strategies develop, we must carefully integrate managerial, operational, sales, marketing, financial, and other personnel in the expanded organization and manage costs. Future growth will impose significant added responsibilities on members of management, including the following:
● | identifying, integrating, managing, and motivating qualified employees, particularly strong sales force and cybersecurity talent; |
● | executing post-acquisition integration effectively, and managing integration costs; and |
● | improving our operational, financial, and management controls, reporting systems, and procedures. |
-14- |
Our future financial performance and our ability to commercialize our strategic acquisitions will depend, in part, on our ability to effectively manage any future growth. Our management may also have to divert a disproportionate amount of its attention away from day-to-day activities in order to devote a substantial amount of time to managing these growth activities. This lack of long-term experience working together may adversely impact our senior management team’s ability to effectively manage our business and growth.
We depend on key personnel who would be difficult to replace, and our business plans will likely be harmed if we lose their services or cannot hire additional qualified personnel.
Our success depends substantially on the efforts and abilities of our senior management and executive officers. We currently do not maintain key man insurance for any of our senior management or key personnel. The competition for qualified management and key personnel is intense. The loss of services of one or more of our key employees, or the inability to hire, train, and retain key personnel, especially executive managers with cybersecurity industry knowledge, could delay the execution of new acquisitions and launch of new service programs, disrupt our business, and interfere with our ability to execute our business plan.
We operate in an industry that is experiencing a shortage of qualified compliance and cybersecurity professionals. If we are unable to recruit and retain key management and technical and sales personnel, our business would be negatively affected.
To execute our growth strategy, we must continue to attract and retain highly skilled compliance and cybersecurity experts. Competition for these employees is intense, especially for compliance experts and cybersecurity professionals, as there is a global shortage of these professionals who can provide the technical and strategic skills required for us to deliver high levels of services to our clients and potential clients. We may not be successful in attracting and retaining qualified employees. We have from time-to-time experienced, and we expect to continue to experience, difficulty in hiring and retaining highly skilled employees with appropriate qualifications. Many of the companies with which we compete for these highly skilled employees have greater resources than we have. In addition, in making employment decisions, particularly in the high- technology industry, job candidates often consider the value of the stock options, restricted stock grants, or other stock-based compensation they are to receive in connection with their employment. Declines in the value of our stock could adversely affect our ability to attract or retain key employees and result in increased employee compensation expenses. If we fail to attract new personnel or fail to retain and motivate our current personnel, our business and future growth prospects could be severely harmed.
We depend on independent contractors to provide certain services for which we do not have the expertise internally. Any compromise in the service quality may delay our business processes and cause economic loss.
We currently rely, and for the foreseeable future will continue to rely, in substantial part on certain independent organizations, advisors, and consultants to provide certain services. There can be no assurance that the services of these independent organizations, advisors, and consultants will continue to be available to us on a timely basis when needed, or that we can find qualified replacements. In addition, if we are unable to effectively manage our outsourced activities or if the quality or accuracy of the services provided by consultants is compromised for any reason, some of our business activities may be delayed or terminated, and we may not be able to mitigate negative impacts or otherwise advance our business. There can be no assurance that we will be able to manage our existing consultants or find other competent outside contractors and consultants on economically reasonable terms, if at all. If we are not able to effectively expand our organization by hiring new employees and expanding our groups of consultants and contractors, we may not be able to successfully implement the tasks necessary to further expand and, accordingly, may not achieve our business goals.
We have recently acquired multiple businesses. Our growth strategy is driven by successful acquisitions and integration of additional businesses that provide comparable or complementary services. Our ability to grow is limited if we fail to identify and consummate acquisitions.
We have completed the acquisition of certain complementary businesses, and we intend to consider additional potential strategic transactions, which could involve acquisitions of businesses or assets, joint ventures, or investments in businesses or technologies that expand, complement, or otherwise relate to our business. We may also consider, from time to time, opportunities to engage in joint ventures or other business collaborations with third parties. Should our relationships fail to materialize into significant agreements, or should we fail to work efficiently with these companies, we may lose sales and marketing opportunities and our business, results of operations, and financial condition could be adversely affected.
-15- |
Any business acquisition creates risks such as, among others: (i) the need to integrate and manage the businesses acquired with our own business; (ii) additional demands on our resources, systems, procedures, and controls; (iii) disruption of our ongoing business; and (iv) diversion of management’s attention from other business concerns. Moreover, these transactions could involve: (a) substantial investment of funds or financings by issuance of debt or equity securities; (b) substantial investment with respect to technology transfers and operational integration; and (c) the acquisition or disposition of lines of businesses. Also, such activities could result in one-time charges and expenses and have the potential to either dilute the interests of our existing stockholders or result in the issuance of, or assumption of debt. Such acquisitions, investments, joint ventures, or other business collaborations may involve significant commitments of financial and other resources. Any such activities may not be successful in generating revenue, income, or other returns, and any resources we committed to such activities will not be available to us for other purposes. Moreover, if we are unable to access the capital markets on acceptable terms or at all, we may not be able to consummate acquisitions, or may have to do so on the basis of a less than optimal capital structure. Our inability to take advantage of growth opportunities or address risks associated with acquisitions or investments in businesses may negatively affect our operating results.
Additionally, any impairment of goodwill or other intangible assets acquired in an acquisition or in an investment, or charges to earnings associated with any acquisition or investment activity, may materially reduce our earnings. Future acquisitions or joint ventures may not result in their anticipated benefits and we may not be able to properly integrate acquired technologies or businesses with our existing operations or successfully combine personnel and cultures. Failure to do so could deprive us of the intended benefits of those acquisitions.
We intend to grow our client base significantly through acquisitions of other service providers. If we fail to retain existing clients and attract new clients through acquisitions, we may never achieve profitability.
Through acquisition of other service providers, we will inherit an increasingly larger client base, which creates cross-selling and up-selling opportunities. We need high-quality service and exemplary client management to retain and grow our client base. We also plan to launch sales and marketing efforts, including trade show appearances, sales demos, and advertising campaigns in various forms to promote our brand name. If our marketing efforts do not materialize, we may lose existing clients or fail to obtain new clients. Our inability to grow sales as we expand in operations may result in continuing losses, and we may not be profitable for an extended period of time. In addition, even if we are able to make future acquisitions, we will incur additional costs to consummate them, which may result in a shortage in our capital resources. We may also incur difficulties in integrating new businesses with our current operations.
Our business strategy may impose limitations in our ability to accurately forecast future revenue and operating results.
Our operating results are dependent on a variety of factors, including purchasing patterns of our clients, competitive pricing, debt servicing, and general economic trends. Our revenue and operating results may fluctuate if our sales targets are not met, new service offerings receive poor client response, or client acquisition costs increase due to competition. In addition to these factors, our acquisition strategy may impose additional risks to the predictability of our operating results. Revenue streams may be volatile due to the uncertainty in identifying attractive acquisition candidates and our ability to consummate new acquisitions. Unexpected expenses may be incurred during due diligence and post-acquisition. Management intends to manage risk carefully with the acquisitions; however, there can be no assurance that we will be able to identity and consummate acquisitions that improve our results of operations.
-16- |
Our future results may be affected by various legal and regulatory proceedings and legal compliance risks, including those involving intellectual property, governmental regulations, the U.S. Foreign Corrupt Practices Act, and other anti-bribery, anti-corruption, or other matters.
We may be subject to various legal and regulatory proceedings, and are subject to certain legal compliance risks in the areas of intellectual property, governmental regulation, U.S. Foreign Corrupt Practices Act, and related anti-bribery and anti-corruption regulations. The outcome of any such legal proceedings may differ from our expectations because the outcomes of litigation, including regulatory matters, are often difficult to reliably predict. Various factors or developments can lead us to change current estimates of liabilities and related insurance requirements where applicable, or make such estimates for matters previously not susceptible of reasonable estimates, such as a significant judicial ruling or judgment, a significant settlement, significant regulatory developments, or changes in applicable law. A future adverse ruling, settlement, or unfavorable development could result in future charges that could have a material adverse effect on our results of operations or cash flows in any particular period.
We are subject to risks from operating internationally.
We operate internationally, and our growth strategy depends in part on our ability to expand our operations in foreign markets, including by way of acquisitions. International operations and business expansion plans are subject to numerous risks, including the following:
● | the burden of complying with complex and changing foreign regulatory, tax, accounting and legal requirements; |
● | political and economic instability, civil unrest, acts of terrorism, force majeure, war, or other armed conflict, including the current military conflict between Russia and the Ukraine; |
● | changes in U.S. and other national government trade policies affecting the markets for our services; |
● | changes in regulatory practices, tariffs and taxes; |
● | the need to develop superior products or services, thereby gaining greater market acceptance and expanding their product and service offerings more efficiently or rapidly; |
● | Potential non-compliance with a wide variety of laws and regulations, including anti-corruption, export control and anti-boycott laws and similar non-U.S. laws and regulations |
● | increased sovereign risk, such as defaults by or deterioration in the economies and credit ratings of governments, particularly in emerging markets; |
● | logistical and communication challenges; |
● | the interpretation of contractual provisions governed by foreign laws in the event of a contract dispute; and |
● | currency exchange rate fluctuations, devaluations and other conversion restrictions. |
Any of these factors could have a material adverse effect on our reputation, financial condition, results of operations and stock price.
Our operations in certain emerging markets expose us to political, economic and regulatory risks.
Our growth strategy depends in part on our ability to expand our operations in emerging markets, including, among others, countries in South America, and Europe. However, some emerging markets have greater political, economic and currency volatility and greater vulnerability to infrastructure and labor disruptions than more established markets. In many countries, particularly those with emerging economies, engaging in business practices prohibited by laws and regulations with extraterritorial reach, such as the Foreign Corrupt Practices Act of 1977 and the U.K. Bribery Act, or local anti-bribery laws may be more common. These laws generally prohibit companies and their employees, contractors or agents from making improper payments to government officials, including in connection with obtaining permits or engaging in other actions necessary to do business. Failure to comply with these laws could subject us to civil and criminal penalties that could materially and adversely affect our reputation, financial condition, results of operations and stock price. Failure to manage political, economic and regulatory risks in emerging markets could adversely affect our sales, financial condition, results of operations, cash flows and stock price.
-17- |
Adverse economic conditions in the United States and international economies may adversely impact our business operating units.
General macro-economic conditions, such as a rise in interest rates, inflation in the cost of goods and services including labor, a recession or an economic slowdown in the United States or internationally, including as a result of continuing uncertainty from the COVID-19 pandemic or the Russia-Ukraine military conflict, could adversely affect demand for our services and make it difficult to accurately forecast and plan our future business activities. U.S. and global markets have recently been experiencing volatility and disruption due to new interest rate and inflation increases as well as the continued escalation of geopolitical tensions. For example, inflation in the United States began to rise in the second half of 2021 and have remained at high levels through 2022. Although our business has not yet been materially negatively impacted by such inflationary pressures, we cannot be certain that neither we nor our customers will be materially impacted by continued pressures. Additionally, on February 24, 2022, Russian troops engaged in a full-scale military invasion of Ukraine. Although the length and impact of the ongoing military conflict is highly unpredictable, it could lead to market disruptions, including significant volatility in commodity prices, credit and capital markets, as well as supply chain interruptions. This military conflict has led to sanctions and other penalties being levied by the United States and European Union, and other countries against Russia, and other potential sanctions and penalties have also been proposed and/or threatened. Russian military actions and the resulting sanctions could adversely affect the global economy and financial markets and lead to instability and lack of liquidity in capital markets, potentially making it more difficult for us to obtain additional funds. We do not have employees or facilities in Russia or Ukraine, nor do we have customers and contractors in these locations. Our business has not yet been materially negatively impacted by this military conflict to date. However, we cannot be certain that this will not impact our position in the credit market or our ability to acquire cybersecurity businesses in the short and long term.
To the extent conditions in the domestic and global economy change, our business could be harmed as current and potential customers may reduce or postpone spending or choose not to purchase or renew our services, which they may consider discretionary. If our customers face decreased consumer demand, increased regulatory burdens, or more limited access to international markets, we may face a decline in the demand for our services and our operating results could be adversely impacted.
Uncertain and adverse economic conditions may also lead to a decline in the ability of our customers to use or access credit, which could adversely affect our business. In addition, changing economic conditions may also adversely affect third parties with which we have entered into relationships and upon which we depend in order to grow our business. As a result, we may be unable to continue to grow in the event of future economic slowdowns.
Breaches of network or information technology security could have an adverse effect on our business.
Cyber-attacks or other breaches of network or IT security may cause equipment failures or disrupt the systems and operations of us and our clients. The potential liabilities associated with these events could exceed the insurance coverage we or our clients maintain, if any. An inability to operate as a result of such events, even for a limited period of time, may result in significant expenses or loss of market share to other competitors in the market we serve. In addition, a failure to protect our, or our client’s, enterprises, networks, privacy of customer, and employee confidential data against breaches of network or IT security could result in damage to our reputation. To date, we have not been subject to cyber-attacks or other cyber incidents which, individually or in the aggregate, resulted in a material adverse effect on our business, operating results, or financial condition.
Security threats to our own IT infrastructure may affect our clients indirectly. A party who is able to compromise the security measures on our networks or the security of our infrastructure could misappropriate our proprietary information or the personal information of our clients, cause interruptions or malfunctions in our operations or our clients’ operations, or damage our computers or systems and those of our clients. As security is a primary competitive factor in our industry, such a compromise could be particularly harmful to our brand and reputation. We may be required to expend significant resources to protect against such threats or to alleviate problems caused by breaches in security. As techniques used to breach security change frequently, and are generally not recognized until launched against a target, we may not be able to implement security measures in a timely manner or, if and when implemented, we may not be able to determine the extent to which these measures could be circumvented. If we are unable to protect sensitive information, our clients or governmental authorities could question the adequacy of our threat mitigation and detection processes and procedures. Any breaches that may occur could expose us to increased risk of lawsuits, regulatory penalties, loss of existing or potential customers, harm to our reputation, and increases in our security costs, which may not be fully insured or indemnified by other means. Additionally, breaches of our, or our clients’, systems could similarly result in a loss of confidence in our services or damage to our brand and reputation. Occurrence of any of these events could have a material adverse effect on our business, financial condition, operating results, or prospects.
-18- |
Because our services are aimed at protecting clients from, and limiting the impact of, critical business interruptions and losses related to cyber-attacks, if our client’s experience losses related to cyber-attacks that result in lost profits or other indirect or consequential damages to our clients, our clients may expose us to lawsuits. Our service agreements with our clients typically contain provisions limiting our liability. However, we cannot provide assurances that a court would enforce any contractual limitations on our liability. The outcome of any such lawsuit would depend on the specific facts of the case and any legal and policy considerations that we may not be able to mitigate. In such cases, we could be liable for substantial damage awards that may exceed our liability insurance coverage by unknown but significant amounts, which could materially impair our financial condition.
If we fail to meet our service level obligations under our service level agreements, we may be subject to certain penalties and could lose clients.
We have service level agreements with many of our managed services clients under which we guarantee specified levels of service availability. These arrangements require us to estimate the level of service we will provide. If we fail to meet our service level obligations under these agreements, we may be subject to penalties, which could result in higher than expected costs, and we may lose clients, which could lead to decreased revenue and decreased gross and operating margins. If we fail to meet our service level obligations under these agreements, our reputation may suffer as a result.
The nature of our business involves significant risks and uncertainties that may not be covered by insurance or indemnification.
We provide services in circumstances where insurance or indemnification may be not available to us. Our existing insurance coverages may not be sufficient or additional insurance may not be available to protect us against operational risks and other uncertainties that we face. Liabilities or claims arising from our services in excess of any indemnity or insurance coverage (or for which indemnity or insurance coverage is not available or is not obtained) could harm our financial condition, cash flows, and operating results. Any claim, even if fully covered or insured, could negatively affect our reputation in the marketplace and make it more difficult for us to compete effectively. The defense of such claims may be costly and time-consuming and could divert the attention of management.
We indemnify our officers and directors against liability to us and our security holders, and such indemnification could increase our operating costs.
Our certificate of incorporation and bylaws allow us to indemnify our officers and directors against claims associated with carrying out the duties of their offices. Our bylaws also allow us to reimburse them for the costs of certain legal defenses. Insofar as indemnification for liabilities arising under the Securities Act may be permitted to our officers, directors, or control persons, the SEC has advised that such indemnification is against public policy and is therefore unenforceable.
Our industry is highly competitive, and there is no assurance that we will compete successfully.
Our current and potential competitors vary by size, service offerings, and geographic location. Competitors include technology companies, consulting companies, telecommunication companies, technology resellers, hardware and software companies, and others. Many of our competitors have entrenched relationships in particular industries or have gained a reputation for expertise in a specific sector of the cybersecurity market, including services, software, and hardware. Primary competitive factors in our market include security, reliability and functionality; customer service and technical expertise; reputation and brand recognition; financial strength; breadth of products and services offered; price; and scalability. Many of our current and potential competitors have substantially greater financial, technical, and marketing resources; more diversified product and service offerings; larger customer bases; longer operating histories; greater brand recognition; and more established relationships in the industry than we do. As a result, some of these competitors may be able to:
● | adapt more rapidly to new or emerging technologies and changes in customer requirements; |
● | develop superior products or services, thereby gaining greater market acceptance and expanding their product and service offerings more efficiently or rapidly; |
● | bundle products and services that we may not offer or in a manner that provides our competitors with a price advantage; |
● | take advantage of acquisitions and other opportunities more readily; |
-19- |
● | maintain a lower cost basis; |
● | adopt more aggressive pricing policies and devote greater resources to the promotion, marketing, and sales of their products and services; and |
● | devote greater resources to the research and development of their products and services. |
Many of these companies have significantly greater financial, technical, marketing, and other resources than we do and may be better positioned to acquire, offer, and service complementary products and technologies. These companies and alliances resulting from possible combinations may create more compelling product and service offerings; be able to offer greater pricing flexibility than we can; or engage in business practices that make it more difficult for us to compete effectively, including on the basis of sales and marketing programs (such as providing greater incentives to our channel partners to sell a competitor’s product), technology, or product functionality. Competition could result in, among other things, a substantial loss of customers, reduction in revenue, or increase in expenses, which could materially adversely affect our business, financial condition, results of operations, or prospects.
Our success depends on our ability to protect our intellectual property and our proprietary technologies.
We rely on trade secrets to protect intellectual property, proprietary technology, and processes, which we have or may develop in the future. There can be no assurances that secrecy obligations will be honored or that others will not independently develop similar or superior technology. The protection of intellectual property and/or proprietary technology through claims of trade secret status has been the subject of increasing claims and litigation by various companies both in order to protect proprietary rights as well as for competitive reasons even where proprietary claims are unsubstantiated. The prosecution of proprietary claims or the defense of such claims is costly and uncertain given the uncertainty and rapid development of the principles of law pertaining to this area. We may also be subject to claims by other parties regarding the use of intellectual property, technology information, and data, which may be deemed proprietary to others.
Increasingly complex cybersecurity regulations and standards may have significant impact on our business, and it may require us to substantially invest in our development capabilities to meet compliance requirements and may negatively impact our ability to offer certain services and remain profitable.
Federal and state legislatures continue to advance policy proposals in recent years to address cyber threats directed at governments and private businesses. As threats continue to evolve and expand and as the pace of new technologies accelerates, legislatures are making cybersecurity measures a high priority. At the federal and state level, hundreds of bills or resolutions have been introduced and considered that deal significantly with cybersecurity. These proposals are at multiple stages of development and may shape out new standards concerning different areas. Our business expansion strategy focuses on accretive acquisitions of other cybersecurity service providers in the top thirty U.S. markets to achieve greater service coverage. The complex regulatory environment in each state may require us to dedicate additional resource to ensure our service scope and service quality are in compliance with the standards enacted in each state we operate business in. We may incur additional legal and compliance costs, and our service scope may be restrained due to compliance requirements. This will cause a delay in our service launch and negatively impact our operating results. We may also face litigations if we fail to respond accordingly to these regulatory measures in certain states.
We may become subject to disputes, including litigation, that could negatively impact our business, profitability, and financial condition.
We may become subject to disputes with third parties from time to time. Any such dispute could result in litigation between us and the other parties. Whether or not any dispute actually proceeds to litigation, we may be required to devote significant management time and attention and financial resources to its resolution (through litigation, settlement, or otherwise), which would detract from our management’s ability to focus on our business. Any such resolution could involve the payment of damages or expenses by us, which may be significant. In addition, any such resolution could involve our agreement with terms that restrict the operation of our business.
-20- |
If we incur additional debt, we will be subject to restrictive covenants and debt service obligations that could negatively impact our operations.
If we incur additional debt for operations or acquisitions, a portion of our cash flow will have to be dedicated to the payment of principal and interest on such indebtedness. Typical loan agreements also might contain restrictive covenants, which may impair our operating flexibility. Such loan agreements would also provide for default under certain circumstances, such as failure to meet certain financial covenants. A default under a loan agreement could result in the loan becoming immediately due and payable and, if unpaid, a judgment in favor of such lender which would be senior to the rights of our stockholders. A judgment creditor would have the right to foreclose on any of our assets resulting in a material adverse effect on our business, operating results, or financial condition.
The requirements of being a public company, including compliance with the reporting requirements of the Exchange Act and the requirements of the Sarbanes-Oxley Act and Nasdaq, may strain our resources, increase our costs, and divert management’s attention, and we may be unable to comply with these requirements in a timely or cost-effective manner.
As a public company, we are subject to the reporting requirements of the Exchange Act, and the corporate governance standards of the Sarbanes-Oxley Act and Nasdaq. We have a limited operating history as a public company, and these requirements may place a strain on our management, systems, and resources. In addition, we have incurred, and expect to continue to incur, significant legal, accounting, insurance, and other expenses. The Exchange Act requires us to file annual, quarterly, and current reports with respect to our business and financial condition within specified time periods and to prepare a proxy statement with respect to our annual meeting of stockholders. The Sarbanes-Oxley Act requires that we maintain effective disclosure controls and procedures and internal control over financial reporting. Nasdaq requires that we comply with various corporate governance requirements. To maintain and improve the effectiveness of our disclosure controls and procedures and internal control over financial reporting and comply with the Exchange Act and Nasdaq requirements, significant resources and management oversight are required. This may divert management’s attention from other business concerns and lead to significant costs associated with compliance, which could have a material adverse effect on us and the market price of our common stock.
The expenses incurred by public companies generally for reporting and corporate governance purposes have been increasing. We expect these rules and regulations to continue to increase our legal and financial compliance costs and to make some activities more time-consuming and costly. These laws and regulations could also make it more difficult or costly for us to obtain certain types of insurance, including director and officer liability insurance, and we may be forced to accept reduced policy limits and coverage or incur substantially higher costs to obtain the same or similar coverage. These laws and regulations could also make it more difficult for us to attract and retain qualified persons to serve on our Board of Directors or its committees or as our executive officers. Advocacy efforts by stockholders and third parties may also prompt even more changes in governance and reporting requirements. We cannot predict or estimate the amount of additional costs we may incur or the timing of these costs. Furthermore, if we are unable to satisfy our obligations as a public company, we could be subject to delisting of our common stock, fines, sanctions, and other regulatory action and potentially civil litigation.
The preparation of our financial statements involves use of estimates, judgments, and assumptions, and our financial statements may be materially affected if our estimates prove to be inaccurate.
Financial statements prepared in accordance with accounting principles generally accepted in the United States require the use of estimates, judgments, and assumptions that affect the reported amounts. Different estimates, judgments, and assumptions reasonably could be used that would have a material effect on the financial statements, and changes in these estimates, judgments, and assumptions are likely to occur from period to period in the future. These estimates, judgments, and assumptions are inherently uncertain, and, if they prove to be wrong, then we face the risk that charges to income will be required.
The auditor’s opinion on our audited financial statements for the year ended December 31, 2022, included in this annual report on Form 10-K, contain an explanatory paragraph relating to our ability to continue as a going concern.
The auditor’s opinion on our audited financial statements for the year ended December 31, 2022 includes an explanatory paragraph stating that our losses and negative cash flows from operations and uncertainty in generating sufficient cash to meet our operating obligations raise substantial doubt about our ability to continue as a going concern. While we are pursuing a variety of funding sources and transactions that could raise capital, there can be no assurances that we will be successful in these efforts or will be able to resolve our liquidity issues or eliminate our operating losses. If we are unable to obtain sufficient funding, we would need to significantly reduce our operating plans and curtail some or all of our strategic plans. Accordingly, our business, prospects, financial condition, and results of operations will be materially and adversely affected, and we may be unable to continue as a going concern. If we are unable to continue as a going concern, we may have to liquidate our assets and may receive less than the value at which those assets are carried on our audited consolidated financial statements, and it is likely that investors will lose all or a part of their investment. If we seek additional financing to fund our business activities in the future and there remains substantial doubt about our ability to continue as a going concern, investors or other financing sources may be unwilling to provide additional funding on commercially reasonable terms or at all.
Risks Related to our Common Stock
The market price of our common stock is volatile and may fluctuate in a way that is disproportionate to our operating performance.
Our stock price may experience substantial volatility as a result of a number of factors, including, among others:
● | sales or potential sales of substantial amounts of our common stock; |
● | announcements about us or about our competitors or new product introductions; |
● | the loss or unanticipated underperformance of our global distribution channels; |
● | litigation and other developments relating to our patents or other proprietary rights or those of our competitors; |
● | conditions in the cybersecurity and IT services industries; |
● | governmental regulation and legislation; |
● | variations in our anticipated or actual operating results; |
● | changes in securities analysts’ estimates of our performance, or our failure to meet analysts’ expectations; |
● | foreign currency values and fluctuations; and |
● | overall political and economic conditions. |
Many of these factors are beyond our control. In addition to recent events, the stock markets have historically experienced substantial price and volume fluctuations. These fluctuations often have been unrelated or disproportionate to the operating performance of these companies. These broad market and industry factors could reduce the market price of our common stock, regardless of our actual operating performance.
Future sales of shares of our common stock by existing stockholders could depress the market price of our common stock.
We had an aggregate of 146,395,807 issued and outstanding shares of common stock as of December 31, 2022. Approximately 29,696,079 shares were in street name. The remainder of the outstanding shares may be sold, subject to certain volume limitations, pursuant to Rule 144 or other available exemptions. Also, in the future, we may issue additional securities in connection with financings and acquisitions. The amount of our common stock issued in connection with an investment or acquisition could constitute a material portion of our then outstanding stock. Due to these factors, sales of a substantial number of shares of our common stock in the public market could occur at any time. These sales, or the perception in the market that the holders of a large number of shares intend to sell shares, could reduce the market price of our common stock.
-21- |
Provisions in our certificate of incorporation, our by-laws, and Delaware law might discourage, delay, or prevent a change in control of our company or changes in our management and, therefore, depress the trading price of our common stock.
Provisions of our amended and restated certificate of incorporation, our amended and restated by-laws, and Delaware law may have the effect of deterring unsolicited takeovers or delaying or preventing a change in control of our company or changes in our management, including transactions in which our stockholders might otherwise receive a premium for their shares over then current market prices. In addition, these provisions may limit the ability of stockholders to approve transactions that they may deem to be in their best interests. These provisions include the ability of our Board of Directors to designate the terms of and issue new series of preferred stock without stockholder approval, which could include the right to approve an acquisition or other change in our control or could be used to institute a rights plan, also known as a poison pill, that would work to dilute the stock ownership of a potential hostile acquirer, likely preventing acquisitions that have not been approved by our Board of Directors.
The existence of the forgoing provisions and anti-takeover measures could limit the price that investors might be willing to pay in the future for shares of our common stock. They could also deter potential acquirers of our company, thereby reducing the likelihood that an investor in our company could receive a premium for their common stock in an acquisition.
Our Board of Directors is expressly authorized to make, alter, or repeal our by-laws by majority vote, while such action by stockholders would require a super majority vote.
These anti-takeover provisions and other provisions under Delaware law could discourage, delay, or prevent a transaction involving a change in control of our company, including actions that our stockholders may deem advantageous, or negatively affect the trading price of our stock. These provisions could also discourage proxy contests and make it more difficult for stockholders to elect directors of their choosing and cause us to take other corporate actions they desire.
FINRA sales practice requirements may limit a stockholder’s ability to buy and sell our stock.
The Financial Industry Regulatory Authority, Inc. (“FINRA”) has adopted rules that require that, in recommending an investment to a client, a broker-dealer must have reasonable grounds for believing that the investment is suitable for that customer. Prior to recommending speculative low-priced securities to their non-institutional customers, broker-dealers must make reasonable efforts to obtain information about the customer’s financial status, tax status, investment objectives, and other information. Under interpretations of these rules, FINRA believes that there is a high probability that speculative low-priced securities will not be suitable for certain customers. FINRA requirements will likely make it more difficult for broker-dealers to recommend that their customers buy our common stock, which may have the effect of reducing the level of trading activity in the shares, resulting in fewer broker-dealers may be willing to make a market in our shares, potentially reducing a stockholder’s ability to resell shares of our common stock.
If we issue additional shares in the future, it will result in the dilution of our existing stockholders.
Our amended and restated certificate of incorporation authorizes the issuance of up to 300,000,000 shares of our common stock and up to 50,000,000 shares of preferred stock. Our Board of Directors may choose to issue some or all of such shares to acquire one or more companies and to fund our overhead and general operating requirements. The issuance of any such shares will reduce the book value per share and may contribute to a reduction in the market price of the outstanding shares of our common stock. If we issue any such additional shares, such issuance will reduce the proportionate ownership and voting power of all current stockholders. Further, such issuance may result in a change of control of our company.
Our directors and executive officers beneficially own a substantial majority of our outstanding capital stock and will have the ability to control our affairs.
Our current directors and executive officers beneficially own approximately 60.75% of our outstanding capital stock. By virtue of these holdings, they effectively control the election of the members of our Board of Directors, our management, and our affairs and may prevent us from consummating corporate transactions such as mergers, consolidations, or the sale of all or substantially all of our assets that may be favorable from our standpoint or that of our other stockholders.
-22- |
We are eligible to be treated as an “emerging growth company,” as defined in the JOBS Act, and we cannot be certain if the reduced disclosure requirements applicable to emerging growth companies will make our common stock less attractive to investors.
We are an “emerging growth company,” as defined in the JOBS Act. For as long as we continue to be an emerging growth company, we may take advantage of exemptions from various reporting and other requirements that are applicable to other public companies that are not emerging growth companies, including (i) not being required to comply with the auditor attestation requirements of Section 404(b) of the Sarbanes-Oxley Act, (ii) reduced disclosure obligations regarding executive compensation in our periodic reports and proxy statements, and (iii) exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved. We could be an emerging growth company for up to five years, although circumstances could cause us to lose that status earlier.
In addition, Section 107 of the JOBS Act provides that an emerging growth company can take advantage of the extended transition period provided in Section 7(a)(2)(B) of the Securities Act for complying with new or revised accounting standards that have different effective dates for public and private companies until those standards apply to private companies. We have elected to take advantage of the extended transition period for complying with the revised accounting standards. As a result, our financial statements may not be comparable to companies that comply with effective dates generally applicable to public companies.
Investors may find our common stock less attractive because we may rely on these exemptions, reduced reporting requirements, and extended transition periods. If investors find our common stock less attractive as a result of any of the foregoing, there may be a less active trading market for our common stock and our stock price may be more volatile or may decrease.
Our failure to meet the continued listing requirements of Nasdaq could result in a delisting of our common stock.
If we fail to satisfy the continued listing requirements of Nasdaq, such as the corporate governance requirements or the minimum closing bid price requirement, Nasdaq may take steps to delist our common stock. On March 29, 2023, we received a letter from the listing qualifications staff of Nasdaq providing notification that the bid price for our common stock had closed below $1.00 per share for the previous 30 consecutive business days and our common stock no longer met the minimum bid price requirement for continued listing under Nasdaq Listing Rule 5550(a)(2). In accordance with Nasdaq Listing Rule 5810(c)(3)(A), we have an initial period of 180 calendar days to regain compliance. To regain compliance, the closing bid price of our common stock has to be $1.00 per share or more for a minimum of 10 consecutive business days at any time before the expiration of the initial compliance period. In the event that we are unable to regain compliance with Rule 5550(a)(2) during the initial compliance period, Nasdaq rules provide that we may be eligible for an additional 180 calendar day compliance period. To qualify, we need to meet the continued listing requirement for market value of publicly held shares and all other initial listing standards for the Nasdaq Capital Market, with the exception of the minimum bid price requirement, and to provide written notice of our intention to cure the deficiency during the second compliance period, by effecting a reverse stock split, if necessary.
The liquidity of the shares of our common stock may be affected adversely by a reverse stock split undertaken to address such compliance failure, given the reduced number of shares that are outstanding following a reverse stock split. In addition, reverse stock splits may increase the number of stockholders who own odd lots (less than 100 shares) of our common stock, creating the potential for such stockholders to experience an increase in the cost of selling their shares and greater difficulty effecting such sales.
In the event that we are unable to establish compliance, or again become non-compliant, with Rule 5550(a)(2) and cannot re-establish compliance within the require timeframe, our common stock could be delisted from Nasdaq, which could have a material adverse effect on our financial condition and which would cause the value of our common stock to decline. If our common stock is not eligible for listing or quotation on another market or exchange, trading of our common stock could be conducted in the over-the-counter market or on an electronic bulletin board established for unlisted securities such as the Pink Sheets or the OTC Bulletin Board. In such event, it would become more difficult to dispose of, or obtain accurate price quotations for, our common stock, and there would likely be a reduction in our coverage by security analysts and the news media, which could cause the price of our common stock to decline further. In addition, it may be difficult for us to raise additional capital if we are not listed on a national securities exchange.
We do not intend to pay dividends on our common stock.
We have never paid any cash dividends, and currently do not intend to pay any dividends for the foreseeable future. We intend to retain any future earnings to the extent necessary to develop and expand our business. Payment of cash dividends, if any, will depend, among other factors, on our earnings, capital requirements, and the general operating and financial condition, and will be subject to legal limitations on the payment of dividends out of paid-in capital. Because we do not intend to declare dividends, any gain on an investment in our company will need to come through an increase in the stock price. This may never happen, and investors may lose all of their investment.
Our business could be negatively impacted by shareholder activism.
In recent years, shareholder activists have become involved in numerous public companies. Shareholder activists frequently propose to involve themselves in the governance, strategic direction, and operations of companies. Shareholder activists have also become increasingly concerned with companies’ efforts with respect to environmental, sustainability and governance standards. Responding to actions by activist shareholders, such as requests for special meetings, potential nominations of candidates for election to our Board of Directors, requests to pursue a strategic combination or other transaction, or other special requests may disrupt our business and divert the attention of management and employees. In addition, any perceived uncertainties as to our future direction resulting from such a situation could result in the loss of potential business opportunities, be exploited by our competitors, cause concern to our current or potential customers, and make it more difficult to attract and retain qualified personnel and business partners, all of which could negatively impact our business. Shareholder activism could result in substantial costs. In addition, actions of activist shareholders may cause significant fluctuations in our stock price based on temporary or speculative market perceptions or other factors that do not necessarily reflect the underlying fundamentals of our business.
-23- |
Our share price may be volatile, and you may be unable to sell your shares.
The trading price of our common stock is likely to be highly volatile and these fluctuations could cause you to lose all or part of your investment in our common stock. Since shares of our common stock were sold in our initial public offering (IPO) in January 2021 at a price of $5.00 per share, the reported high and low sales prices of our common stock have ranged from $0.22 to $10.78 per share through March 27, 2023. Factors that may cause the market price of our common stock to fluctuate include:
● | price and volume fluctuations in the overall stock market from time to time; |
● | significant volatility in the market price and trading volume of technology companies in general, and of companies in our industry; |
● | actual or anticipated changes in our results of operations or fluctuations in our operating results; |
● | whether our operating results meet the expectations of securities analysts or investors; |
● | failure of securities analysts to initiate or maintain coverage of our company, changes in financial estimates or ratings by any securities analysts who follow our company, or our failure to meet the estimates or the expectations of investors; |
● | announcements of new products or technologies, commercial relationships, acquisitions, or other events by us or our competitors; |
● | actual or anticipated developments in our competitors’ businesses or the competitive landscape generally; |
● | actual or perceived privacy or data security incidents; |
● | litigation involving us, our industry or both; |
● | regulatory developments in the U.S., foreign countries, or both; |
● | general economic conditions and trends; |
● | the commencement or termination of any share repurchase program; |
● | new laws or regulations or new interpretations of existing laws or regulations applicable to our business; |
● | the availability of our services, security breaches or perceived security breaches, and vulnerabilities; |
● | changes in accounting standards, policies, guidelines, interpretations, or principles; |
● | actions instituted by activist shareholders or others; |
● | major catastrophic events, including those resulting from war, incidents of terrorism, outbreaks of pandemic diseases, such as COVID-19, or responses to these events; |
● | sales of large blocks of our stock; or |
● | departures of key personnel. |
In addition, if the market for technology stocks or the stock market in general experiences a loss of investor confidence, the trading price of our common stock could decline for reasons unrelated to our business, operating results or financial condition. The trading price of our common stock might also decline in reaction to events affecting other companies in our industry even if these events do not directly affect us.
In the past, following periods of volatility in the market price of a company’s securities, securities class action litigation has often been brought against that company. If our stock price is volatile, we may become the target of securities litigation, which could result in substantial costs and a diversion of management’s attention and resources.
ITEM 1B. UNRESOLVED STAFF COMMENTS
None.
ITEM 2. PROPERTIES
Our corporate headquarters is located in Scottsdale, Arizona where we currently lease approximately 3,300 square feet of office space. We own office space in Santiago, Chile, which is primarily used for our secured managed services and administration in Latin America. We lease additional offices, none of which we believe to be material to our operations, located throughout the United States and Chile for our service delivery and administrative personnel.
We believe our existing facilities are sufficient for our current needs. Although we have recently closed or consolidated certain of our facilities, in the future, we may need to add new facilities or expand our existing facilities to meet our evolving business needs.
ITEM 3. LEGAL PROCEEDINGS
We are currently not a party to any material legal proceedings.
ITEM 4. MINE SAFETY DISCLOSURES
Not applicable.
-24- |
PART II
ITEM 5. MARKET FOR REGISTRANT’S COMMON EQUITY, RELATED STOCKHOLDER MATTERS AND ISSUER PURCHASES OF EQUITY SECURITIES
Market Information
Until January 13, 2022, our common stock was traded under OTC Market Group’s OTCQB. Since January 13, 2022, our common stock has been listed for trading on The Nasdaq Stock Market LLC under the symbol “CISO.”
As of December 31, 2022, there were 752 holders of record of our common stock, and the last reported sale price of our common stock on The Nasdaq Stock Market LLC on March 27, 2023 was $0.2972. A significant number of shares of our common stock are held in either nominee name or street name brokerage accounts, and consequently, we are unable to determine the total number of beneficial owners of our common stock.
Dividend Policy
To date, we have paid no dividends on our common stock and do not expect to pay cash dividends in the foreseeable future. We plan to retain all earnings to provide funds for the operations of our company. In the future, our Board of Directors will decide whether to declare and pay dividends based upon our earnings, financial condition, capital requirements, and other factors that our Board of Directors may consider relevant. We are not under any contractual restriction as to present or future ability to pay dividends.
Unregistered Sales of Equity Securities
In 2022, we issued to Smile on Friday’s an aggregate amount of 398,000 shares of our common stock in exchange for providing marketing and investor relations services.
In April 2022, we issued 186,000 shares of our common stock to 1st PMG Capital Corporation in exchange for brokerage and advisory services provided in connection with our acquisition of Arkavia.
In May and September 2022, we issued 62,000 and 98,256 shares of our common stock, respectively to HFG Capital Investments, LLC in exchange for providing advisory services to us related to our acquisitions of Arkavia, CUATROi, and NLT Secure.
In September 2022, we issued 165,563 shares of our common stock to Hybrid Financial in exchange for providing investor relations services over a period of one-year.
ITEM 6. [RESERVED]
ITEM 7. MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS
The following Management’s Discussion and Analysis of Financial Condition and Results of Operations should be read in conjunction with our consolidated financial statements and the related notes contained elsewhere in this Annual Report and is intended to provide information necessary to understand our audited consolidated financial statements for the year ended December 31, 2022 compared to the year ended December 31, 2021 and highlight certain other information which will enhance a reader’s understanding of our financial condition, changes in financial condition, and results of operations. In particular, the discussion is intended to provide an analysis of significant trends and material changes in our financial position and the operating results of our business during the year ended December 31, 2022 compared to the year ended December 31, 2021. These historical consolidated financial statements may not be indicative of our future performance. This Management’s Discussion and Analysis of Financial Condition and Results of Operations contains numerous forward-looking statements, all of which are based on our current expectations and could be affected by the uncertainties and risks described throughout this filing, particularly in “Item 1A. Risk Factors.”
-25- |
Our Business
We are a cybersecurity and compliance company comprised of highly trained and seasoned security professionals who work with clients to enhance or create a better cyber posture in their organization. Cybersecurity, also known as computer security or information technology security, is the protection of computer systems and networks from information disclosure, theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide. The cybersecurity industry has a supply and demand issue wherein there is more demand for cybersecurity services than there are expert and seasoned compliance and cybersecurity professionals available in the market. We seek to identify, attract, and retain highly skilled cyber and compliance teams and bring them together to provide holistic cyber services. We accomplish this through acquisitions, direct hiring, and incentivizing employees with stock options to help retain them. On an ongoing basis, we seek to identify cyber talent that is culturally aligned and that offers operating leverage through both existing customer revenue and relationships. We have invested in enterprise solutions and executive talent to integrate our different organizations into an ecosystem that works together to provide complete and holistic cybersecurity through cross pollination of solutions. The ecosystem is intended to provide additional revenue opportunities and drive overall recurring revenue.
We provide a full range of cybersecurity consulting and related services, encompassing all three pillars of compliance, cybersecurity, and culture. Our services include secured managed services, compliance services, security operations center (“SOC”) services, virtual Chief Information Security Officer (“vCISO”) services, incident response, certified forensics, technical assessments, and cybersecurity training. We believe that culture is the foundation of every successful cybersecurity and compliance program. To deliver that outcome, we developed our unique offering of MCCP+ (“Managed Compliance & Cybersecurity Provider + Culture”), which is the only holistic solution that provides all three of these pillars under one roof from a dedicated team of subject matter experts. In contrast to the majority of cybersecurity firms that are focused on a specific technology or service, we seek to differentiate ourselves by remaining technology agnostic, focusing on accumulating highly sought-after topic experts. We continually seek to identify and acquire cybersecurity talent to expand our service scope and geographical coverage to provide the best possible service for our clients. We believe that bringing together a world-class team of technological experts with multi-faceted expertise in the critical aspects of cybersecurity is key to providing technology agnostic solutions to our clients in a business environment that has suffered from a chronic lack of highly skilled professionals, thereby setting us apart from competitors and in-house security teams. Our goal is to create a culture of security and to help quantify, define, and capture a return on investment from information technology and cybersecurity spending. Our brand rallies around the battle cry: “Cyber security is a Culture, not a Product.”
Financial Highlights
Our operating results for the year ended December 31, 2022 included the following:
● | Total revenue increased by $31.4 million to $46.5 million for the year ended December 31, 2022, as compared to the year ended December 31, 2021. |
● | Total gross profit increased by $0.9 million to $2.7 million for the year ended December 31, 2022, as compared to the year ended December 31, 2021. |
-26- |
Results of Operations
Comparison of the Year Ended December 31, 2022, to the Year Ended December 31, 2021
Our financial results for the year ended December 31, 2022 are summarized as follows in comparison to the year ended December 31, 2021:
For the Year Ended | ||||||||||||
December 31, 2022 | December 31, 2021 | Variance | ||||||||||
Revenue: | ||||||||||||
Security managed services | $ | 40,920,420 | $ | 11,797,719 | $ | 29,122,701 | ||||||
Professional services | 5,629,197 | 3,344,840 | 2,284,357 | |||||||||
Total revenue | 46,549,617 | 15,142,559 | 31,407,058 | |||||||||
Cost of revenue: | ||||||||||||
Security managed services | 15,431,523 | 3,089,599 | 12,341,924 | |||||||||
Professional services | 844,287 | 515,171 | 329,116 | |||||||||
Cost of payroll | 20,036,182 | 7,596,972 | 12,439,210 | |||||||||
Stock based compensation | 7,512,304 | 2,132,554 | 5,379,750 | |||||||||
Total cost of revenue | 43,824,296 | 13,334,296 | 30,490,000 | |||||||||
Total gross profit | 2,725,321 | 1,808,263 | 917,058 | |||||||||
Operating expenses: | ||||||||||||
Professional fees | 2,067,603 | 1,189,319 | 878,284 | |||||||||
Advertising and marketing | 804,218 | 435,016 | 369,202 | |||||||||
Selling, general and administrative | 23,106,451 | 9,809,200 | 13,297,251 | |||||||||
Stock-based compensation | 9,885,191 | 8,076,688 | 1,808,503 | |||||||||
Impairment of goodwill | - | 22,078,064 | (22,078,064 | ) | ||||||||
Total operating expenses | 35,863,463 | 41,588,287 | (5,724,824 | ) | ||||||||
Loss from operations | (33,138,142 | ) | (39,780,024 | ) | 6,641,882 | |||||||
Other income (expense): | ||||||||||||
Other income (expense) | 43,332 | (39,063 | ) | 82,395 | ||||||||
Interest expense, net | (680,921 | ) | (307,363 | ) | (373,558 | ) | ||||||
PPP loan forgiveness | - | 980,800 | (980,800 | ) | ||||||||
Total other income (expense) | (637,589 | ) | 634,374 | (1,271,963 | ) | |||||||
Loss before income taxes | $ | (33,775,731 | ) | $ | (39,145,650 | ) | $ | 5,369,919 |
Revenue
Security managed services revenue increased by $29,122,701, or 247%, for the year ended December 31, 2022, as compared to the year ended December 31, 2021, primarily due to revenue acquired through our completion of five acquisitions over the last 12 months and new and existing customer revenue growth.
Professional services revenue increased by $2,284,357, or 68%, for the year ended December 31, 2022, as compared to the year ended December 31, 2021, primarily due to revenue acquired through our completion of five acquisitions over the last 12 months.
-27- |
Expenses
Cost of Revenue
Security managed services cost of revenue increased by $12,341,924, or 399%, for the year ended December 31, 2022, as compared to the year ended December 31, 2021, due primarily to our completion of five acquisitions over the last 12 months, which increased our revenues from hardware and software sales and their related costs.
Professional services cost of revenue increased by $329,116, or 64%, for the year ended December 31, 2022, as compared to the year ended December 31, 2021, due to our increase in revenue from professional services from acquisitions completed over the last 12 months.
Cost of payroll increased by $12,439,210, or 164%, for the year ended December 31, 2022, as compared to the year ended December 31, 2021, due to headcount added primarily through our completion of five acquisitions over the last 12 months.
Stock-based compensation increased by $5,379,750, or 252%, for the year ended December 31, 2022, as compared to the year ended December 31, 2021, due to an increase of stock options awarded to our growing base of revenue generating employees.
Operating Expenses
Professional fees increased by $878,284, or 74%, for the year ended December 31, 2022, as compared to the year ended December 31, 2021, due to an increase in accounting, legal and other professional fees incurred related to our periodic SEC filings and our efforts to raise additional capital.
Advertising and marketing expenses increased by $369,202, or 85%, for the year ended December 31, 2022, as compared to December 31, 2021, due to our current marketing campaign initiatives to stimulate organic revenue growth, and an increased effort to utilize more internal resources for advertising and marketing activities.
Selling, general, and administrative expenses increased $13,297,251, or 136%, for the year ended December 31, 2022, as compared to the year ended December 31, 2021, primarily due to head count added through the completion of five acquisitions over the last 12 months.
Stock-based compensation expenses increased by $1,808,503, or 22%, for the year ended December 31, 2022, as compared to the year ended December 31, 2021, due to an increase in stock options awarded to employees through the completion of five acquisitions of the last 12 months and shares issued to consultants for marketing services provided.
Impairment of goodwill decreased by $22,078,064, or 100%, for the year ended December 31, 2022, as compared to the year ended December 31, 2021, due to impairment recognized in our goodwill in 2021 whereas impairment was not present in 2022.
Other Income (Expense)
Interest expense, net increased by $373,558, or 122%, during the year ended December 31, 2022, as compared to the year ended December 31, 2021, due to an increase in our debt assumed through acquisition during 2022 and obtaining $6,000,000 of short-term loans to fund operating capital.
Working Capital
Our working capital as of December 31, 2022, as compared to our working capital as of December 31, 2021, is summarized as follows:
As of | ||||||||
December 31, 2022 | December 31, 2021 | |||||||
Current assets | $ | 14,398,795 | $ | 9,807,301 | ||||
Current liabilities | 23,213,039 | 5,141,561 | ||||||
Working capital (deficit)/surplus | $ | (8,814,244 | ) | $ | 4,665,740 |
-28- |
The increase in current assets is primarily due to a decrease in cash and cash equivalents of $891,872, offset by an increase in accounts receivable, prepaid cost of revenue and prepaid expenses and other current assets of $3,021,495, $2,622,428, and $775,924, respectively. The increase in current liabilities is primarily due to the increase in accounts payable and accrued expense, deferred revenue, and loans and convertible notes payable of $5,601,271, $4,419,316 and $8,595,632, respectively.
Cash Flows
Our cash flows for the year ended December 31, 2022, as compared to our cash flows for the year ended December 31, 2021, can be summarized as follows:
Year Ended December 31, | ||||||||
2022 | 2021 | |||||||
Net cash used in operating activities | $ | (10,681,007 | ) | $ | (7,385,129 | ) | ||
Net cash (used in)/provided by investing activities | (6,048,944 | ) | 2,050,057 | |||||
Net cash provided by financing activities | 15,777,909 | 2,863,077 | ||||||
Effect of exchange rates on cash and cash equivalents | 60,170 | - | ||||||
Decrease in cash | $ | (891,872 | ) | $ | (2,471,995 | ) |
Operating Activities
Net cash used in operating activities was $10,681,007 for the year ended December 31, 2022 and was primarily due to cash used to fund a net loss of $33,775,182, adjusted for non-cash expenses in the aggregate of $20,752,668 and additional cash increases from changes in the levels of operating assets and liabilities in the aggregate of $2,341,507, primarily as a result of an increase in accounts payable and other deferred revenue. Net cash used in operating activities was $7,385,129 for the year ended December 31, 2021 and was primarily due to cash used to fund a net loss of $39,145,650, adjusted for non-cash expenses in the aggregate of $33,853,661, partially offset by cash generated by changes in the levels of operating assets and liabilities in the aggregate of $2,093,140, primarily as a result of an increase in accounts receivable and other current assets.
Investing Activities
Net cash used in investing activities of $6,048,944 for the year ended December 31, 2022, was primarily due cash paid as part of the acquisition of True Digital. Net cash provided by investing activities of $2,050,057 for the year ended December 31, 2021, was due to cash acquired in the acquisitions of VelocIT, Atlantic, RED74 and Arkavia.
Financing Activities
Net cash provided by financing activities for the year ended December 31, 2022 was $15,777,909, which was primarily due to cash received from the sale of our common stock, and net proceeds from loans and notes payable of $10,689,087 and $6,061,585, respectively, and offset by the payment of loans of $2,452,905. Net cash provided by financing activities for the year ended December 31, 2021 was $2,863,077, which was primarily due to cash received from the sale of our common stock, and proceeds from loans and notes payable of $3,250,000 and $1,863,474, respectively, and offset by payments on loans of $2,300,397.
Liquidity
The accompanying consolidated financial statements have been prepared on the basis that we will continue as a going concern, which contemplates realization of assets and satisfying liabilities in the normal course of business. At December 31, 2022, we had an accumulated deficit of $77,787,604 and working capital deficit of $8,814,244. For the year ended December 31, 2022, we had a loss from operations of $33,138,142 and negative cash flows from operations of $10,681,007. Although our company is showing positive revenue and gross profit trends, we expect to incur further losses through the end of 2023.
-29- |
To date, we have funded operations primarily through the sale of equity in public offerings, private placements, loan proceeds, and revenue generated by our services. During the year ended December 31, 2022, we received $10,689,087 from our public offerings of our common stock, $5,975,000 in net proceeds from our bridge loans, and $1,480,142 from the exercise of stock options. On June 27, 2022, our Registration Statement on Form S-3 was declared effective, and we may offer and sell from time to time, in one or more series, any of our securities, for total gross proceeds up to $300,000,000. As of December 31, 2022, we had $298,734,727 of available funding from our S-3 Registration Statement from which we may issue our securities to fund current and future operations.
Going Concern
The accompanying financial statements have been prepared on a going concern basis, which contemplates the realization of assets and satisfaction of liabilities in the normal course of business. For the year ended December 31, 2022, we incurred a net loss of $33,775,182, had negative cash flows from operations of $10,681,007, and working capital deficit of $8,814,244. These matters raise substantial doubt as to our ability to continue as a going concern.
Our existence is dependent upon our ability to develop profitable operations. We are devoting substantially all of our efforts to developing our business, reducing overhead costs, and raising capital, although there can be no assurance that our efforts will be successful. No assurance can be given that our actions will result in profitable operations or the resolution of liquidity problems. The accompanying consolidated financial statements do not include any adjustments that might result should we be unable to continue as a going concern.
In order to improve our liquidity, in addition to a planned reduction in overhead costs, we are actively pursuing additional debt and/or equity financing through discussions with investment bankers and private investors. There can be no assurance that we will be successful in our efforts to secure additional financing.
The financial statements do not include any adjustments relating to the recoverability of assets and the amount or classification of liabilities that might be necessary should we be unable to continue as a going concern.
-30- |
Recently Issued Accounting Pronouncements
See Note 3 to our consolidated financial statements for the years ended December 31, 2022 and 2021 included elsewhere in this Annual Report.
Critical Accounting Policies and Estimates
Use of Estimates
The preparation of financial statements in conformity with U.S. GAAP requires management to make estimates and assumptions that affect the reported amounts of assets and liabilities and disclosure of contingent liabilities at dates of the financial statements and the reported amounts of revenue and expenses during the periods. Our significant estimates and assumptions include the recoverability and useful lives of long-lived assets, stock-based compensation, and the valuation allowance related to our deferred tax assets. Certain of our estimates, including the carrying amount of intangible assets and goodwill, could be affected by external conditions, including those unique to us and general economic conditions. It is reasonably possible that these external factors could have an effect on our estimates and could cause actual results to differ from those estimates.
Fair Value Measurement
The fair value measurement guidance clarifies that fair value is an exit price, representing the amount that would be received to sell an asset or paid to transfer a liability in an orderly transaction between market participants. As such, fair value is a market-based measurement that should be determined based on assumptions that market participants would use in the valuation of an asset or liability. It establishes a fair value hierarchy that prioritizes the inputs to valuation techniques used to measure fair value. The hierarchy gives the highest priority to unadjusted quoted prices in active markets for identical assets or liabilities (Level 1 measurements) and the lowest priority to unobservable inputs (Level 3 measurements). The three levels of the fair value hierarchy under the fair value measurement guidance are described below:
Level 1 - Unadjusted quoted prices in active markets that are accessible at the measurement date for identical assets or liabilities;
Level 2 - Quoted prices in markets that are not active, or inputs that are observable, either directly or indirectly, for substantially the full term of the asset or liability; or
Level 3 - Prices or valuation techniques that require inputs that are both significant to the fair value measurement and unobservable (supported by little or no market activity).
Business Combination
We allocate the purchase price of an acquired business to the tangible and intangible assets acquired and liabilities assumed based upon their estimated fair values on the acquisition date. Any excess of the purchase price over the fair value of the net assets acquired is recorded as goodwill. The purchase price allocation process requires management to make significant estimates and assumptions, especially at the acquisition date with respect to intangible assets. Direct transaction costs associated with the business combination are expensed as incurred. The allocation of the consideration transferred in certain cases may be subject to revision based on the final determination of fair values during the measurement period, which may be up to one year from the acquisition date. We include the results of operations of the business that it has acquired in its consolidated results prospectively from the date of acquisition.
-31- |
If the business combination is achieved in stages, the acquisition date carrying value of the acquirer’s previously held equity interest in the acquiree is re-measured to fair value at the acquisition date; any gains or losses arising from such re-measurement are recognized in profit or loss.
Intangible Assets
Intangible assets are comprised of trademarks, customer bases, non-compete agreements and intellectual property with original estimated useful lives with a range of 2 to 15 years. Once placed into service, we amortize the cost of the intangible assets over their estimated useful lives on a straight-line basis.
Goodwill
Goodwill represents the excess of the purchase price of the acquired business over the estimated fair value of the identifiable net assets acquired. Goodwill is not amortized but is tested for impairment at least annually at year end, at the reporting unit level or more frequently if events or changes in circumstances indicate that the asset might be impaired. Goodwill is tested for impairment at the reporting level by first performing a qualitative assessment to determine whether it is more likely than not that the fair value of the reporting unit is less than its carrying value. If the reporting unit does not pass the qualitative assessment, then the reporting unit’s carrying value is compared to its fair value. The fair values of the reporting units are estimated using market and discounted cash flow approaches. Goodwill is considered impaired if the carrying value of the reporting unit exceeds its fair value. The discounted cash flow approach uses expected future operating results. Failure to achieve these expected results may cause a future impairment of goodwill at the reporting unit.
Impairment of Long-lived Assets
We will periodically evaluate the carrying value of long-lived assets to be held and used when events and circumstances warrant such a review and at least annually. The carrying value of a long-lived asset is considered impaired when the anticipated undiscounted cash flow from such asset is separately identifiable and is less than its carrying value. In that event, a loss is recognized based on the amount by which the carrying value exceeds the fair value of the long-lived asset. Fair value is determined primarily using the anticipated cash flows discounted at a rate commensurate with the risk involved. Losses on long-lived assets to be disposed of are determined in a similar manner, except that fair values are reduced for the cost to dispose.
Stock-Based Compensation
We measure the cost of services received in exchange for an award of equity instruments based on the fair value of the award. For employees and directors, the fair value of the award is measured on the grant date and for non-employees, the fair value of the award is generally re-measured on vesting dates and interim financial reporting dates until the service period is complete. Awards granted to directors are treated on the same basis as awards granted to employees.
Revenue Recognition
Our agreements with clients are primarily service contracts that range in duration from a few months to one year. We recognize revenue when control of these services is transferred to the client for an amount, referred to as the transaction price, which reflects the consideration to which we are expected to be entitled in exchange for those goods or services.
A contract with a client exists only when:
● | the parties to the contract have approved it and are committed to perform their respective obligations; | |
● | we can identify each party’s rights regarding the distinct services to be transferred (“performance obligations”); | |
● | we can determine the transaction price for the services to be transferred; and | |
● | the contract has commercial substance, and it is probable that we will collect the consideration to which it will be entitled in exchange for the goods or services that will be transferred to the client. |
-32- |
We do not adjust the promised amount of consideration for the effects of a significant financing component since we expect, at contract inception, that the period between the time of transfer of the promised goods or services to the client and the time the client pays for these goods or services to be generally one year or less. Our credit terms to clients generally average thirty days, although in some cases payments are required in 15 days.
We do not disclose the value of unsatisfied performance obligations for contracts with original expected duration of one year or less.
See Note 3 to our consolidated financial statements for the years ended December 31, 2022 and 2021 included elsewhere in this Annual Report for additional information regarding revenue recognition and deferred revenue.
Reimbursed Expenses
We include reimbursed expenses in revenue and costs of revenue as we are primarily responsible for fulfilling the promise to provide the specified service, including the integration of the related services into a combined output to the client, which are inseparable from the integrated service. These costs include such items as consumables, transportation and travel expenses, over which we have discretion in establishing prices.
Costs of Revenue
Costs of revenue include (i) compensation and benefits for billable employees and consultants directly involved with delivering services offerings and engagements; (ii) consumables used for the services; and (iii) other expenses directly related to service contracts such as professional services, meals and travel expenses.
Volatility in Stock-Based Compensation
The volatility is based on historical volatilities of companies in comparable stages as well as the historical volatility of companies in the industry and, by statistical analysis of the daily share-pricing model. The volatility of stock-based compensation at any point in time is based on historical volatility of similar companies in the industry for the last two to five years.
Off-Balance Sheet Arrangements
We have no off-balance sheet arrangements that have or are reasonably likely to have a material current or future effect on our financial condition, changes in financial condition, revenue or expenses, results of operations, liquidity, capital expenditures, or capital resources.
ITEM 7A. QUANTITATIVE AND QUALITATIVE DISCLOSURES ABOUT MARKET RISK
Because we are a smaller reporting company, we are not required to provide the information called for by this Item.
ITEM 8. FINANCIAL STATEMENTS AND SUPPLEMENTARY DATA
The information called for by Item 8 is included beginning on page F-1 contained in this Annual Report on Form 10-K.
ITEM 9. CHANGES IN AND DISAGREEMENTS WITH ACCOUNTANTS ON ACCOUNTING AND FINANCIAL DISCLOSURE
None.
-33- |
ITEM 9A. CONTROLS AND PROCEDURES
Evaluation of Disclosure Controls and Procedures
We maintain disclosure controls and procedures (as that term is defined in Rules 13a-15(e) and 15d-15(e) under the Exchange Act) that are designed to ensure that information required to be disclosed in our reports under the Exchange Act is recorded, processed, summarized, and reported within the time periods specified in the SEC’s rules and forms, and that such information is accumulated and communicated to our management, including Chief Executive Officer and Chief Financial Officer, as appropriate, to allow timely decisions regarding required disclosures. In designing disclosure controls and procedures, our management necessarily was required to apply its judgment in evaluating the cost-benefit relationship of possible disclosure controls and procedures. The design of any disclosure controls and procedures also is based in part upon certain assumptions about the likelihood of future events, and there can be no assurance that any design will succeed in achieving its stated goals under all potential future conditions. Any controls and procedures, no matter how well designed and operated, can provide only reasonable, not absolute, assurance of achieving the desired control objectives.
Our management, with the participation of our Chief Executive Officer and Chief Financial Officer, has evaluated the effectiveness of the design and operation of our disclosure controls and procedures as of the end of the period covered by this report. Based upon that evaluation and subject to the foregoing, our Chief Executive Officer and Chief Financial Officer concluded that, our disclosure controls and procedures were not effective due to the material weaknesses in internal control over financial reporting described below.
Management’s Report on Internal Control over Financial Reporting
Our management is responsible for establishing and maintaining adequate internal control over financial reporting. Our internal control over financial reporting is a process designed under the supervision of its principal executive and principal financial officers and effected by our Board of Directors, management and other personnel, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of its consolidated financial statements for external reporting purposes in accordance with U.S. generally accepted accounting principles.
Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. In addition, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions or that the degree of compliance with the policies or procedures may deteriorate.
Material Weakness in Internal Control over Financial Reporting
Our management assessed the effectiveness of our internal control over financial reporting as of December 31, 2022 based on the framework established in Internal Control—Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission. Based on this assessment, management has determined that our internal control over financial reporting as of December 31, 2022 was not effective.
A material weakness, as defined in the standards established by the Sarbanes-Oxley Act of 2002 (the “Sarbanes-Oxley Act”), is a deficiency, or a combination of deficiencies, in internal control over financial reporting such that there is a reasonable possibility that a material misstatement of our annual or interim financial statements will not be prevented or detected on a timely basis.
The ineffectiveness of our internal control over financial reporting was due to the following material weaknesses which are indicative of many small companies with small number of staff:
● | lack of risk assessment procedures on internal controls to detect financial reporting risks in a timely manner; and |
● | lack of documentation on policies and procedures that are critical to the accomplishment of financial reporting objectives. |
We will continue to monitor and evaluate the relevance of our risk-based approach and the effectiveness of our internal controls and procedures over financial reporting on an ongoing basis, and we are committed to taking further action and implementing additional enhancements or improvements, as necessary and in accordance with financial and budgetary considerations.
Management’s Plan to Remediate the Material Weakness
Our management plans to implement measures designed to ensure that control deficiencies contributing to the material weakness are remediated, such that these controls are designed, implemented, and operating effectively. The remediation actions planned include:
● | identify gaps in our skills base and the expertise of our staff required to meet the financial reporting requirements of a public company; and |
● | develop policies and procedures on internal control over financial reporting and monitor the effectiveness of operations on existing controls and procedures. |
Our management will continue to monitor and evaluate the relevance of our risk-based approach and the effectiveness of our internal controls and procedures over financial reporting on an ongoing basis and is committed to taking further action and implementing additional enhancements or improvements, as necessary and as funds allow.
This Annual Report on Form 10-K does not include an attestation report of our registered public accounting firm regarding internal control over financial reporting. Our management’s report was not subject to attestation by our registered public accounting firm pursuant to rules of the SEC that permit us to provide only management’s report in this Annual Report on Form 10-K, which may increase the risk that weaknesses or deficiencies in our internal control over financial reporting go undetected.
-34- |
Changes in Internal Control Over Financial Reporting
There have been no changes in our internal control over financial reporting (as defined in Rule 13a-15(f) and 15d-15(f) under the Exchange Act) during the quarter ended December 31, 2022 that have materially affected, or that are reasonably likely to materially affect, our internal control over financial reporting. During the year ended December 31, 2022, we have hired additional finance and accounting staff that we expect will positively impact our segregation of duties in the coming periods.
ITEM 9B. OTHER INFORMATION
Letter Agreement with Neil Stinchcombe
On March 27, 2023, we entered into a letter agreement with Neil Stinchcombe to resolve a dispute about certain payment terms of a convertible note previously issued to Mr. Stinchcombe, with an outstanding principal amount of $1,500,000. Pursuant to the terms of this agreement, we agreed to repay the principal amount of the note in three equal installment payments of $500,000, on each of March 31, April 28, and May 31, 2023, with accrued interest to be paid on May 31, 2023 at the note’s reflected interest rate of 5.0% per annum. If we fail to timely make any of the foregoing payments, the applicable interest rate will be increased to a default rate of 24% per annum.
Notice of Failure to Satisfy a Continued Listing Rule
On March 29, 2023, we received a letter from the listing qualifications staff (the “Staff”) of Nasdaq providing notification that the bid price for our common stock had closed below $1.00 per share for the previous 30 consecutive business days and our common stock no longer meets the minimum bid price requirement for continued listing under Nasdaq Listing Rule 5550(a)(2). In accordance with Nasdaq Listing Rule 5810(c)(3)(A), we have an initial period of 180 calendar days, or until September 25, 2023, to regain compliance. To regain compliance, the closing bid price of our common stock must be $1.00 per share or more for a minimum of 10 consecutive business days at any time before September 25, 2023.
If we do not regain compliance with Rule 5550(a)(2) by September 25, 2023, we may be eligible for an additional 180 calendar day compliance period. To qualify, we would need to meet the continued listing requirement for market value of publicly held shares and all other initial listing standards for the Nasdaq Capital Market, with the exception of the minimum bid price requirement, and would need to provide written notice of our intention to cure the deficiency during the second compliance period, by effecting a reverse stock split, if necessary. However, if it appears to the Staff that we will not be able to cure the deficiency, or if we are otherwise not eligible, Nasdaq would notify us that our securities would be subject to delisting. In the event of such notification, we may appeal the Staff’s determination to delist our securities, but there can be no assurance the Staff would grant our request for continued listing.
The Nasdaq notification has no immediate effect on the listing of our common stock on the Nasdaq Capital Market. We intend to actively monitor the bid price of our common stock and our minimum market value of listed securities and will consider options available to us to achieve compliance with the Nasdaq listing rules. There can be no assurance that we will be able to regain compliance with the minimum bid price requirement or will otherwise be in compliance with the other listing standards for the Nasdaq Capital Market.
Separation of David A. Bennett
On March 30, 2023, David A. Bennett, our Chief Operating Officer, separated from our company.
Appointment of Kyle J. Young
On March 30, 2023, our Board of Directors appointed Kyle J. Young as Interim Chief Operating Officer of our company. Mr. Young, age 40, has served as our Executive Vice President, Operations since January 2022 and previously served as our Vice President, Operations from February 2021 to January 2022. Mr. Young served in various roles at BeyondTrust Software, a U.S.-based cybersecurity vendor, from December 2007 to February 2022, most recently serving as its Vice President, Business and Sales Operations. Mr. Young holds a bachelor’s degree in Speech Communications & Rhetoric from the University of Illinois Urbana-Champaign.
On March 30, 2023, we entered into the Young Employment Agreement with Mr. Young. The Young Employment Agreement is evergreen and can be terminated by either party. Pursuant to the Young Employment Agreement, Mr. Young will receive an annual base salary of $200,000, which will be subject to review and adjustment in accordance with our policies. Mr. Young will be eligible to receive an annual bonus between 20% and 100% of his base salary, in the sole discretion of our Board of Directors. Mr. Young is also eligible to participate in our standard benefit plans.
There are no family relationships between Mr. Young and any of our directors or executive officers. There have been no transactions since the beginning of our last fiscal year, and no transactions are currently proposed, in which we were or are to be a participant and in which Mr. Young or any member of his immediate family had or will have any interest, that are required to be disclosed pursuant to Item 404(a) of Regulation S-K.
ITEM 9C. DISCLOSURE REGARDING FOREIGN JURISDICTIONS THAT PREVENT INSPECTIONS.
Not applicable.
-35- |
PART III
ITEM 10. DIRECTORS, EXECUTIVE OFFICERS AND CORPORATE GOVERNANCE
The following table sets forth certain information regarding our Directors and Executive Officers. The age of each Director and Executive Officer listed below is given as of March 31, 2023.
Name | Age | Position | ||
David G. Jemmett | 56 | Chief Executive Officer and Director | ||
Kyle J. Young | 40 | Interim Chief Operating Officer | ||
Debra L. Smith | 52 | Chief Financial Officer | ||
Ashley N. Devoto | 39 | President, Chief Information Security Officer and Director | ||
Stephen H. Scott, Jr. | 54 | Director | ||
Ret. General Robert C. Oaks (3) | 85 | Director | ||
R. Scott Holbrook (1) (2) (3) | 73 | Director | ||
Andrew K. McCain (1) (2) | 60 | Director | ||
Ernst M. (KiKi) VanDeWeghe, III (1) (2) (3) | 63 | Director |
(1) | Member of the Audit Committee |
(2) | Member of the Compensation Committee |
(3) | Member of the Governance and Nominating Committee |
Our Executive Officers
David G. Jemmett – Chief Executive Officer and Director
Mr. Jemmett has served as our Chief Executive Officer and a director of our company since our formation in March 2019. He also founded GenResults in June 2015, which we subsequently acquired in April 2019. From January 2014 to December 2014, Mr. Jemmett served as Chief Executive Officer of NantCloud, LLC, a provider of secure cloud-hosted applications for healthcare customers, and Chief Technology Officer of NantWorks, LLC, a parent company for the “Nant” family of companies. From 2005 to 2013, Mr. Jemmett served as founder and Chief Executive Officer of ClearDATA Networks Corporation, a HIPAA compliant hosting company specializing in healthcare. He has been a guest speaker on CBS, CNN, MSNBC and CSPAN, and has spoken before the U.S. Senate Subcommittee on Telecommunications and Internet Security regarding internet technologies in 1998.
We believe Mr. Jemmett is qualified to serve as a director of our company due to his extensive business background, his experience in the cybersecurity industry, and his significant equity ownership in our company.
Kyle J. Young – Interim Chief Operating Officer
Mr. Young has served as our Interim Chief Operating Officer since March 2023. Previously Mr. Young served as our Executive Vice President, Operations from January 2022 to March 2023 and as our Vice President, Operations from February 2021 to January 2022. Mr. Young served in various roles at BeyondTrust Software, a U.S.-based cybersecurity vendor, from December 2007 to February 2022, most recently serving as its Vice President, Business and Sales Operations. Mr. Young holds a bachelor’s degree in Speech Communications & Rhetoric from the University of Illinois Urbana-Champaign.
-36- |
Debra L. Smith – Chief Financial Officer
Ms. Smith has served as our Chief Financial Officer since June 2021. Ms. Smith served as our Executive Vice President of Finance and Accounting from February 2021 to June 2021. Prior to joining our company, Ms. Smith served as Executive Vice President of Finance at Arrivia Inc. from January 2020 to February 2021 and Controller and, subsequently, Chief Accounting Officer at BeyondTrust from October 2016 to January 2020. Ms. Smith received a Bachelor of Science degree in Accounting, Summa Cum Laude, from DeVry University and a Master’s degree in Counseling with Honors from Argosy University.
Ashley N. Devoto – President and Director
Ms. Devoto has served as our President since July 2022 and as our Chief Information Security Officer and as a director of our company since March 2022. Ms. Devoto has served in various roles at Booz Allen Hamilton, a U.S.-based government contractor, from June 2018 to March 2022, most recently serving as its Chief Information Security Officer. From April 2017 to June 2018, Ms. Devoto served as Business Information Security officer for Bank of America, a financial services company. Ms. Devoto has served in the U.S. Air Force Cyberspace Operations since March 2010, and she served as defensive cyber operations planner at 24th Air Force and NORAD/USNORTHCOM. Ms. Devoto continues to serve in a reserve capacity by leading strategic cyber force development initiatives in her current assignment at the Pentagon. Ms. Devoto holds a bachelor’s degree in Computer Engineering from Vanderbilt University and a master’s degree in Engineering Management from Southern Methodist University.
We believe Ms. Devoto is qualified for service as a director of our company due to her cybersecurity experience, as well as her extensive experience across military, financial services, and professional services organizations.
Our Directors
Stephen H. Scott, Jr. – Director
Mr. Scott has served as a founder and director of our company since April 2019. Mr. Scott has been a Partner with Advisor ID (formerly BRI Partners), a financial services technology firm, since 2016. Mr. Scott was Managing Director of Longboard Asset Management from 2016 to 2017. From 2009 to 2016, Mr. Scott was at Van Eck Global, where he served as the Co-Head of the Alternatives Committee and as portfolio manager. Mr. Scott has founded and managed several investment partnerships focused on both private and public investment strategies since 1995. Mr. Scott holds a Bachelor of Science from the University of Florida.
Mr. Scott is qualified for service as a director of our company due to his background in both the financial services and technology industries.
-37- |
Ret. General Robert C. Oaks – Director
Ret. General Oaks has served as a director of our company since May 2019. He is a retired U.S. Air Force general who served as commander in chief of the U.S. Air Forces in Europe, and commander, Allied Air Forces Central Europe, with headquarters at Ramstein Air Base, Germany. He retired as a four-star General and Commander and Chief of U.S. Air Forces Europe and NATO Central Europe in 1994 after serving 34 years. Following his retirement, Ret. General Oaks was employed at U.S. Airways as Senior Vice President from 1994 to 2000. In 2000, Oaks resigned from this position when he was called to serve the LDS Church, where he served until 2009, when he was released as a general authority. He earned a Bachelor of Science degree in Military Science from the U.S. Air Force Academy and a Master’s degree in Business Administration from Ohio State University prior to graduating from the Naval War College. Ret. General Oaks currently serves as the official Liaison for the Church of Jesus Christ to the U.S. Armed Forces.
We believe Ret. General Oaks is qualified for service as a director of our company due to his experience with national security issues, including cybersecurity, through his extensive military service.
R. Scott Holbrook – Director
Mr. Holbrook has served as a director of our company since May 2019. Since 2013, Mr. Holbrook has been a Principal at Mountain Summit Advisors, a specialty firm focused on mergers and acquisitions of primarily healthcare technology and services companies, and a strategic advisor to Health Catalyst, a company focused on data analytics and warehousing primarily in healthcare. He served as the Executive Vice President of Medicity, a population health management company with solutions for health information exchange, business intelligence, and provider and patient engagement, from 2002 to 2013. In 1998, Mr. Holbrook founded KLAS where he remains as a board member. He has served in executive positions at IHC, GTE, Sunquest Information Systems, Integrated Medical Networks and is a founder of Park City Solutions. Mr. Holbrook is a HIMSS Fellow. He holds a Master of Science from Utah State University and a Bachelor of Science from Brigham Young University.
We believe Mr. Holbrook is qualified for service as a director of our company as a result of his significant experience in the healthcare technology sector.
Andrew K. McCain – Director
Mr. McCain has served as a director of our company since May 2019. He has served as the President and Chief Operating Officer for Hensley Beverage Company since 2014. He is a board member of the Arizona Super Bowl Host Committee, the Arizona 2016 College Football Championship Local Organizing Committee, Chairman of Hensley Employee Foundation, and a Patrons Committee member of United Methodist Outreach Ministries’ New Day Centers. He is past Chairman of the Board of the Fiesta Bowl, past Chairman of the Anheuser-Busch National Wholesaler Advisory Panel, and past Chairman of the Greater Phoenix Chamber of Commerce. Mr. McCain received his Bachelor of Arts in Mathematics in 1984 and an MBA in 1986 from Vanderbilt University.
We believe Mr. McCain is qualified for service as a director of our company due to his significant business experience and leadership.
Ernst M. (Kiki) VanDeWeghe, III – Director
Mr. VanDeWeghe has served as a director of our company since May 2021. He has served as the Executive Vice President, Basketball Operations of the National Basketball Association since 2013. Prior to that, Mr. VanDeWeghe was the general manager of the Denver Nuggets and the New Jersey Nets and a head coach of the New Jersey Nets. Prior to that he played professionally for the Los Angeles Clippers, New York Knicks, Portland Trail Blazers, and the Denver Nuggets. Mr. VanDeWeghe attended UCLA where he received a degree in Economics.
We believe Mr. VanDeWeghe is qualified for service as a director of our company due to his business acumen and experience as an organizational leader.
-38- |
Board Constitution
Our Board of Directors currently consists of seven members. All directors hold office until the next annual meeting of stockholders. At each annual meeting of stockholders, the successors to directors whose terms then expire are elected to serve from the time of election and qualification until the next annual meeting following election.
Director Independence
Our Board of Directors is comprised of a majority of independent directors, as “independence,” is defined by the listing standards of The Nasdaq Stock Market and by the SEC. Our Board of Directors has concluded that each of Messrs. Oaks, Holbrook, McCain, and Mr. VanDeWeghe are “independent”, having concluded that any relationship between such director and our company, in its opinion, does not interfere with the exercise of independent judgment in carrying out the responsibilities of a director. Mr. Jemmett and Ms. Devoto are employee directors. Mr. Scott is considered independent as he has served as a founder and director of our company since April 2019. Sandra D. Morgan served on our Board of Directors in fiscal 2021 and resigned in March 2022. Ms. Morgan was an independent director.
Board Committees
Our Board of Directors has three standing committees: the Audit Committee, the Compensation Committee, and Governance and Nominating Committee.
Audit Committee
The Audit Committee of our Board of Directors was established in accordance with Rule 10A-3 promulgated under the Exchange Act. The current members of our Audit Committee are Messrs. McCain, Holbrook, and VanDeWeghe, with Mr. McCain serving as the chair. Ms. Morgan served on the Audit Committee during fiscal 2021 but resigned from our Board of Directors in March 2022. Mr. VanDeWeghe was appointed to the Audit Committee in March 2022 following Ms. Morgan’s resignation. Each member of the Audit Committee meets the independence and other requirements to serve on our Audit Committee under The Nasdaq Stock Market Rules and the rules of the SEC. In addition, our Board of Directors determined that each of Messrs. McCain and Holbrook is considered an “audit committee financial expert” as defined in the rules of the SEC.
The Audit Committee was formed in 2021. Our Board of Directors has adopted a written charter for the Audit Committee, a copy of which is posted in the Investor Resources and Corporate Governance section of our website at https://www.ciso.inc/investor-relations/charter-of-the-audit-committee. The principal functions of the Audit Committee are to oversee our accounting and financial reporting processes and the audits of our consolidated financial statements; oversee our relationship with our independent auditors, including selecting, evaluating, and setting the compensation of, and approving all audit and non-audit services to be performed by the independent auditors; and facilitate communication among our independent auditors and our financial and senior management.
Compensation Committee
We have a standing Compensation Committee of our Board of Directors. The members of our Compensation Committee are Messrs. Holbrook, VanDeWeghe, and McCain, with Mr. Holbrook serving as the chair. Each member of the Compensation Committee meets the independence and other requirements to serve on our Compensation Committee under The Nasdaq Stock Market Rules and the rules of the SEC.
The Compensation Committee was formed in 2021. Our Board of Directors has adopted a written charter for the Compensation Committee, a copy of which is posted in the Investor Resources and Corporate Governance section of our website at www.ciso.inc/investor-relations/charter-of-the-compensation-committee. The Compensation Committee has responsibilities relating to the performance evaluation and the compensation of our Chief Executive Officer; the compensation of our executive officers and directors; and our significant compensation arrangements, plans, policies, and programs, including our stock compensation plans. Certain of our executive officers, our outside counsel, and consultants may occasionally attend the meetings of the Compensation Committee. However, no officer of our company is present during discussions or deliberations regarding that officer’s own compensation.
-39- |
Governance and Nominating Committee
We have a standing Governance and Nominating Committee of our Board of Directors. The current members of our Governance and Nominating Committee are Messrs. Oaks, Holbrook and VanDeWeghe, with Mr. VanDeWeghe serving as the chair. Ms. Morgan serve on the Governance and Nominating Committee during fiscal 2021 but resigned from our Board of Directors in March 2022. Mr. VanDeWeghe was appointed to the Governance and Nominating Committee in March 2022 following Ms. Morgan’s resignation. Each of Messrs. Oaks, Holbrook and VanDeWeghe meets the independence and other requirements to serve on our Governance and Nominating Committee under The Nasdaq Stock Market Rules and the rules of the SEC.
The Governance and Nominating Committee was formed in 2021. Our Board of Directors has adopted a written charter for the Governance and Nominating Committee, a copy of which is posted in the Investor Resources and Corporate Governance section of our website at https://www.ciso.inc/investor-relations/charter-of-the-nominating-and-corporate-governance-committee. The Governance and Nominating Committee considers the performance of the members of our Board of Directors and nominees for director positions and evaluates and oversees corporate governance and related issues.
The goal of the Governance and Nominating Committee is to ensure that our directors possess a variety of perspectives and skills derived from high-quality business and professional experience. The Governance and Nominating Committee seeks to achieve a balance of knowledge, experience, and capability on our Board of Directors. To this end, the Governance and Nominating Committee seeks nominees with the highest professional and personal ethics and values, an understanding of our business and industry, diversity of business experience and expertise, a high level of education, broad-based business acumen, and the ability to think strategically. Although the Governance and Nominating Committee uses these and other criteria to evaluate potential nominees to our Board of Directors, it has no stated minimum criteria for such nominees. The Governance and Nominating Committee does not use different standards to evaluate nominees depending on whether they are proposed by our directors and management or by our stockholders. To date, we have not paid any third parties to assist us in this process.
Code of Ethics
We have adopted a Code of Ethics and Business Conduct (“Code of Ethics”) that sets forth various policies and procedures to promote ethical behavior and that applies to all our directors, officers and employees. The Code of Ethics is publicly available on our website at www.ciso.inc. Amendments to the Code of Ethics and any grant of a waiver from a provision of the Code of Ethics requiring disclosure under applicable SEC rules will be disclosed on our website.
Delinquent Section 16(a) Reports
Section 16(a) of the Exchange Act, requires officers and directors of our company and persons who beneficially own more than 10% of a registered class of our company’s equity securities to file initial statements of beneficial ownership of common stock (Form 3) and statements of changes in beneficial ownership of common stock (Forms 4 or 5) with the SEC. Officers, directors, and greater than 10% stockholders are required by SEC regulations to furnish us with copies of all such forms they file.
During fiscal 2022 and years prior, each of Ms. Smith and Devoto, and Messers. Jemmett, Bennett, Scott, Oaks, Holbrook, McCain, and VanDeWeghe failed to file all reports which were required to be filed pursuant to Section 16(a) of the Exchange Act.
-40- |
ITEM 11. EXECUTIVE COMPENSATION
The following table shows the total compensation paid or accrued during the years ended December 31, 2022 and 2021 to our Chief Executive Officer, our next three most highly compensated executive officers who were serving as executive officers on December 31, 2022 and one additional individual who served as an executive officer during the year ended December 31, 2022 but was not serving as an executive officer on December 31, 2022 (collectively our “named executive officers”).
Summary Compensation Table
Name and Principal Position | Year | Salary ($) | Bonus ($) | Stock Awards ($) | Option Awards ($) (1) | Non-Equity Incentive Plan Compensation ($) | Non-qualified Deferred Compensation Earnings ($) | All Other Compensation ($) | Total ($) | |||||||||||||||||||||||||||
David
G. Jemmett | 2022 | 250,000 | 116,651 | - | - | - | - | 225 | 366,876 | |||||||||||||||||||||||||||
Chief Executive Officer | 2021 | 250,000 | 90,213 | - | - | - | - | - | 340,213 | |||||||||||||||||||||||||||
Debra L. Smith | 2022 | 200,000 | 60,500 | - | 892,200 | - | - | 225 | 1,152,925 | |||||||||||||||||||||||||||
Chief Financial Officer (2) | 2021 | 183,333 | 55,000 | - | 532,611 | - | - | - | 770,944 | |||||||||||||||||||||||||||
Ashley N. Devoto | 2022 | 175,781 | 100,000 | - | 1,784,400 | - | - | 225 | 2,060,406 | |||||||||||||||||||||||||||
President(3) | 2021 | - | - | - | - | - | - | - | - | |||||||||||||||||||||||||||
David A. Bennett | 2022 | 208,426 | 150,000 | - | 3,568,800 | - | - | 225 | 3,927,451 | |||||||||||||||||||||||||||
Former Chief Operating Officer(4) | 2021 | - | - | - | - | - | - | - | - | |||||||||||||||||||||||||||
Bryce P.Hancock | 2022 | 37,500 | - | - | 3,489,562 | - | - | - | 3,527,062 | |||||||||||||||||||||||||||
Former President and Chief Operating Officer (5) | 2021 | 225,000 | - | - | - | - | - | - | 225,000 |
(1) | The amounts in this column reflect the fair value on the grant date of the option awards granted to the named executive officer, calculated in accordance with ASC Topic 718. Stock options were valued using the Black-Scholes model. The grant-date fair value does not necessarily reflect the value of shares which may be received in the future with respect to these awards. The grant-date fair value of the stock options in this column is a non-cash expense that reflects the fair value of the stock options on the grant date and therefore does not affect our cash balance. The fair value of the stock options will likely vary from the actual value the holder receives because the actual value depends on the number of options exercised and the market price of our common stock on the date of exercise. For a discussion of the assumptions made in the valuation of the stock options, see Note 10 to our consolidated financial statements included elsewhere in this Annual Report on Form 10-K for the year ended December 31, 2022. | |
(2) | Ms. Smith was appointed to serve as our Vice President of Finance on February 1, 2021 and as our Chief Financial Officer on June 18, 2021. | |
(3) | Ms. Devoto was appointed to serve as our Chief Information Security Officer on January 17, 2022 and as our President on August 8, 2022. | |
(4) | Mr. Bennett was appointed to serve as our Chief Operating Officer on February 22, 2022. Mr. Bennett separated from our company on March 30, 2023. | |
(5) | Mr. Hancock resigned on February 15, 2022. |
-41- |
Outstanding Equity Awards as of December 31, 2022
The following table summarizes the outstanding equity awards held by each named executive officer as of December 31, 2022.
Name | Grant Date | Number of Shares Underlying Unexercised Options (#) Exercisable | Number of Shares Underlying Unexercised Options (#) Unexercisable | Option Exercise Price ($) | Option Expiration Date | |||||||||||||||
David G. Jemmett | - | - | - | - | - | |||||||||||||||
Debra L. Smith | February 1, 2021 | (1) | 295,833 | 500,000 | 2.00 | February 1, 2026 | ||||||||||||||
December 31, 2021 | (2) | 1,250 | 5,000 | 5.00 | December 31, 2031 | |||||||||||||||
January 14, 2022 | (1)(5) | - | 500,000 | 3.02 | January 14, 2032 | |||||||||||||||
Ashley N. Devoto | January 17, 2022 | (2)(5) | - | 1,000,000 | 3.02 | January 17, 2032 | ||||||||||||||
David A. Bennett | February 28, 2022 | (2)(5) | - | 1,000,000 | 3.02 | February 28, 2032 | ||||||||||||||
February 28, 2022 | (3)(5) | - | 500,000 | 3.02 | February 28, 2032 | |||||||||||||||
February 28, 2022 | (4)(5) | - | 500,000 | 3.02 | February 28, 2032 | |||||||||||||||
Bryce P. Hancock | January 14, 2022 | - | - | 2.00 | February 28, 2022 | |||||||||||||||
December 15, 2020 | 1,075,000 | - | 2.00 | December 15, 2025 |
(1) | 30% of the shares underlying this option vested at the one-year anniversary from the grant date with the remainder vesting in 24 equal installments on the last day of each month thereafter. |
(2) | 25% of the shares underlying this option vested on the one-year anniversary of the grant date with the remainder vesting monthly over the subsequent 36-month period. |
(3) | 25% of the shares underlying this option vested on the eighteen-month anniversary of the grant date with the remainder vesting monthly over the subsequent 36-month period. |
(4) | 25% of the shares underlying this option vested on the two-year anniversary of the grant date with the remainder vesting monthly over the subsequent 36-month period. |
(5) | On August 22, 2022, we repriced these option grants to reflect an exercise price equal to the fair value of our common stock. Vesting provisions of these option grant remained on the same terms as the original option grant. |
Employment Agreements with our Named Executive Officers
David G. Jemmett
On September 30, 2019, we entered into an employment agreement with Mr. Jemmett to serve as our Chief Executive Officer (the “Jemmett Employment Agreement”). The Jemmett Employment Agreement is evergreen and can be terminated by either party. Pursuant to the Jemmett Employment Agreement, Mr. Jemmett earned an initial annual base salary of $225,000, which was increased to an annual base salary of $250,000 upon our common stock becoming quoted on the OTC Markets. Mr. Jemmett’s base salary may be increased in accordance with our normal compensation and performance review policies. He is entitled to receive a discretionary annual bonus of up to 100% of his annual base salary, at the discretion of our Board of Directors, based on performance and our objectives. Subject to approval by our Board of Directors, Mr. Jemmett is entitled to stock options under our 2019 Equity Incentive Plan. The stock options will vest at 33% on the one-year anniversary of the Jemmett Employment Agreement and the remaining 66% of the options will vest monthly over the next 12 months. As of December 31, 2021, our Board of Directors had not approved or granted any stock options to Mr. Jemmett. On July 31, 2021, a bonus of $90,213 was accrued for Mr. Jemmett and subsequently paid on February 15, 2022. Mr. Jemmett is also eligible to participate in our standard benefit plans.
-42- |
Debra L. Smith
On December 31, 2020, we entered into an employment agreement with Ms. Smith to serve as our Executive Vice President of Finance, effective as of February 1, 2021 (the “Smith Employment Agreement”). Pursuant to the Smith Employment Agreement, Ms. Smith earns an initial base annual salary of $200,000, with an increase upon our listing to a national exchange, subject to approval by our Board of Directors, a guaranteed bonus of $60,000 to be paid quarterly, and an additional $60,000 at the end of each fiscal year at the discretion of our Board of Directors. Ms. Smith is also eligible to participate in our standard benefit plans. On June 18, 2021, we appointed Ms. Smith to serve as Chief Financial Officer. The terms of the original Smith Employment Agreement remained in force.
Ashley N. Devoto
On December 23, 2021, we entered into an employment agreement with Ms. Devoto to serve as our Chief Information Security Officer (the “Devoto Employment Agreement”). The Devoto Employment Agreement is evergreen and can be terminated by either party. Pursuant to the Devoto Employment Agreement, Ms. Devoto earned an initial base annual salary of $225,000, with an increase upon our listing to a national exchange, subject to approval of our Board of Directors, a guaranteed bonus of equal to 20% of base annual salary, an annual bonus up to 100% of base annual salary at the discretion of our Board of Directors, and a sign-on bonus of $100,000. Ms. Devoto is also eligible to participate in our standard benefit plans. On August 8, 2022, we appointed Ms. Devoto to serve as President. The terms of the Devoto Employment Agreement remained in force.
David A. Bennett
On February 28, 2022, we entered into an employment agreement with Mr. Bennett to serve as our Chief Operating Officer (the “Bennett Employment Agreement”). The Bennett Employment Agreement was evergreen and could be terminated by either party. Pursuant to the Bennett Employment Agreement, Mr. Bennett received an initial base annual salary of $250,000, which could be increased at the discretion of our Board of Directors, an annual bonus up to 100% of base annual salary at the discretion of our Board of Directors, and a sign-on bonus of $150,000. Mr. Bennett was also eligible to participate in our standard benefit plans. Mr. Bennett separated from our company on March 30, 2023.
Bryce Hancock
On December 14, 2020, we entered into an employment agreement with Mr. Hancock to serve as our Chief Operating Officer (the “Hancock Employment Agreement”). The Hancock Employment Agreement was evergreen and could be terminated by either party. Pursuant to the Hancock Employment Agreement, Mr. Hancock earned an initial base annual salary of $225,000, which could be increased at the discretion of our Board of Directors. Mr. Hancock was also eligible to participate in our standard benefit plans. Mr. Hancock resigned on February 15, 2022.
-43- |
Director Compensation
The following table sets forth for each non-employee director certain information concerning their compensation for the year ended December 31, 2022:
Name (2) | Fees Earned or Paid in Cash ($) | Stock Awards ($) | Option Awards ($) (1) | Non-equity Incentive Plan Compensation ($) | Nonqualified Deferred Compensation Earnings ($) | All Other Compensation ($) | Total ($) | |||||||||||||||||||||
Stephen Scott(3) | - | - | - | - | - | 138,000 | 138,000 | |||||||||||||||||||||
Robert C. Oaks | - | - | - | - | - | - | - | |||||||||||||||||||||
Scott Holbrook | - | - | - | - | - | - | - | |||||||||||||||||||||
Andy McCain | - | - | - | - | - | - | - | |||||||||||||||||||||
Sandra Morgan(4) | - | - | - | - | - | - | - | |||||||||||||||||||||
Kiki VanDeWeghe | - | - | - | - | - | - | - |
Notes:
(1) | The amounts in this column reflect the fair value on the grant date of the option awards granted to the named executive, calculated in accordance with ASC Topic 718. Stock options were valued using the Black-Scholes model. The grant-date fair value does not necessarily reflect the value of shares which may be received in the future with respect to these awards. The grant-date fair value of the stock options in this column is a non-cash expense that reflects the fair value of the stock options on the grant date and therefore does not affect our cash balance. The fair value of the stock options will likely vary from the actual value the holder receives because the actual value depends on the number of options exercised and the market price of our common stock on the date of exercise. For a discussion of the assumptions made in the valuation of the stock options, see Note 10 to our consolidated financial statements, which are included elsewhere in this Annual Report on Form 10-K for the year ended December 31, 2022. |
(2) | All directors receive reimbursement for reasonable out-of-pocket expenses in attending Board meetings and for participating in our business. |
(3) | Mr. Scott receives payment of $11,500 per month under the terms of an independent consulting agreement to provide services relating to our strategic and business development, and sales and marketing. |
(4) | Ms. Morgan resigned on March 15, 2022. |
ITEM 12. SECURITY OWNERSHIP OF CERTAIN BENEFICIAL OWNERS AND MANAGEMENT AND RELATED STOCKHOLDER MATTERS
The following table sets forth certain information with respect to the beneficial ownership of our common stock as of March 27, 2023 for (a) the named executive officers, (b) each of our directors, (c) all of our current directors and executive officers as a group and (d) each stockholder known by us to own beneficially more than 5% of our common stock. Beneficial ownership is determined in accordance with the rules of the SEC and includes voting or investment power with respect to the securities. We deem shares of common stock that may be acquired by an individual or group within 60 days of March 27, 2023 pursuant to the exercise of options or warrants to be outstanding for the purpose of computing the percentage ownership of such individual or group but are not deemed to be outstanding for the purpose of computing the percentage ownership of any other person shown in the table. Except as indicated in footnotes to this table, we believe that the stockholders named in this table have sole voting and investment power with respect to all shares of common stock shown to be beneficially owned by them based on information provided to us by these stockholders. Percentage of ownership is based on 154,176,477 shares of common stock outstanding on March 27, 2023.
Security Ownership of Certain Beneficial Holders
Name and Address of Beneficial Owner (1) | Amount and Nature of Beneficial Ownership | Percent | ||||||
Jemmett Enterprises, LLC | 66,435,000 | (2) | 43.09 | % |
-44- |
Security Ownership of Directors and Executive Officers
Name and Address of Beneficial Owner (1) | Amount and Nature of Beneficial Ownership | Percent | ||||||
David G. Jemmett | 69,435,000 | (3) | 45.03 | % | ||||
Debra L. Smith | 549,582 | (4) | * | |||||
Ashley N. Devoto | 375,000 | (5) | * | |||||
Stephen H. Scott, Jr. | 18,050,000 | (6) | 11.71 | % | ||||
Ret. General Robert C. Oaks | 400,000 | (7) | * | |||||
R. Scott Holbrook | 400,000 | (7) | * | |||||
Andrew K. McCain | 7,941,667 | (8) | 5.00 | % | ||||
Kiki VanDeWeghe | 183,333 | (9) | * | |||||
David A. Bennett | 291,666 | (10) | * | |||||
Bryce Hancock | 1,075,000 | (11) | * | |||||
Directors & Executive Officers as a Group (9 persons) | 97,890,947 | (12) | 60.75 | % |
Notes:
* | Less than 1% of the outstanding shares of common stock.
|
(1) | Unless otherwise indicated, the address of record is c/o Cerberus Cyber Sentinel Corporation, 6900 E. Camelback Road, Suite 240, Scottsdale, Arizona 85251. |
(2) | Mr. Jemmett is the managing member of Jemmett Enterprises, LLC and has voting and dispositive power over such shares. |
(3) | Consists of (i) 66,435,000 shares held by Jemmett Enterprises, LLC, of which Mr. Jemmett is the managing member and has voting and dispositive power over such shares; (ii) 2,000,000 shares held by Xander LLC, of which Mr. Jemmett and his wife are the sole members and have voting and dispositive power over such shares; and (iii) 1,000,000 shares held by Dana Borgman Trust. |
(4) | Consists of 549,582 shares issuable upon exercise of options exercisable within 60 days after March 27, 2023. |
(5) | Consists of (i) 62,500 shares held directly by Ms. Devoto and (ii) 312,500 issuable upon exercise of options exercisable within 60 days after March 27, 2023. |
(6) | Consists of (i) 12,800,000 shares held directly by Mr. Scott; (ii) 5,000,000 shares beneficially held by TVMT LLC; and (iii) 250,000 shares beneficially held by JLS 401k Trust. |
(7) | Consists of 400,000 shares issuable upon the exercise of options exercisable within 60 days after March 27, 2023. |
-45- |
(8) | Consists of (i) 375,000 shares held indirectly as executor of the Andrew and Lucy McCain Family Trust, for which Mr. McCain has voting and dispositive power; (ii) 3,000,000 shares held by Hensley & Company, for which Mr. McCain has voting and dispositive power; (iii) 400,000 shares issuable upon the exercise of options exercisable within 60 days after March 27, 2023; and (iv) 4,166,667 shares issuable upon the conversion of a note payable held by Hensley & Company. |
(9) | Consists of 183,333 shares issuable upon the exercise of options exercisable within 60 days after March 27, 2023. |
(10) | Consists of 291,666 shares issuable upon exercise of options exercisable within 60 days after March 27, 2023. |
(11) | Consist of 1,075,000 shares issuable upon exercise of options exercisable within 60 days after March 27, 2023. |
(12) | Includes 2,801,780 shares issuable upon the exercise of options exercisable within 60 days after March 27, 2023 and 4,166,667 shares issuable upon conversion of a note payable. |
Securities Authorized for Issuance Under Existing Equity Compensation Plan
The following table summarizes certain information regarding our equity compensation plan as of December 31, 2022:
Plan Category | Number of Securities to be Issued Upon Exercise of Outstanding Options | Weighted-Average Exercise Price of Outstanding Options | Number of Securities Remaining Available for Future Issuance Under Equity Compensation Plans (Excluding Securities Reflected in Column (a)) | |||||||||
(a) | (b) | (c) | ||||||||||
Equity compensation plans approved by security holders (1) | 36,397,521 | $ | 2.45 | 20,213,408 | ||||||||
Equity compensation plans not approved by security holders | - | - | - | |||||||||
Total | 36,397,521 | $ | 2.45 | 20,213,408 |
(1) | Consists of the 2019 Equity Incentive Plan. The aggregate number of shares of common stock that may be issued pursuant to options granted under this Plan or Bonus Stock Awards under this Plan shall not exceed 60,000,000 shares. For a description of this plan, see Note 10 to our 2022 consolidated financial statements included in this Annual Report on Form 10-K for the year ended December 31, 2022. |
ITEM 13. CERTAIN RELATIONSHIPS AND RELATED TRANSACTIONS, AND DIRECTOR INDEPENDENCE
Transactions with Related Persons
Except as set out below, during the year ended December 31, 2022, there were no transactions, or currently proposed transactions, in which we were or are to be a participant and the amount involved exceeds the lesser of $120,000 or one percent of the average of our total assets at year-end for the last two completed fiscal years, and in which any of the following persons had or will have a direct or indirect material interest:
● | any director or executive officer of our company; |
● | any person who beneficially owns, directly or indirectly, shares carrying more than 5% of the voting rights attached to our outstanding shares of common stock; |
● | any promoters and control persons; and |
● | any member of the immediate family (including spouse, parents, children, siblings and in laws) of any of the foregoing persons. |
-46- |
Independent Consulting Agreement with Stephen Scott
In August 2020, we entered into an Independent Consulting Agreement with Stephen Scott, a director of our company, with respect to advisory and consulting services relating to our strategic and business development, and sales and marketing. Mr. Scott receives a consulting fee of $11,500 per month for such services. During the years ended December 31, 2022 and 2021, we paid consulting fees to Mr. Scott in the amount of $138,000.
Managed Services Agreement with Hensley Beverage Company
In July 2021, we entered into a 1-year Managed Services Agreement with Hensley Beverage Company, an entity affiliated with Mr. McCain, a director of our company, to provide secured managed services. We also may be engaged by Hensley Beverage Company from time to time to provide other related services outside the scope of the Managed Services Agreement. While the agreement provides for a term through December 31, 2021, the agreement will continue until terminated by either party. For the years ended December 31, 2022 and 2021, and, we received $850,445 and $466,597, respectively from Hensley Beverage Company for contracted services and had an outstanding receivable balance of $15,737 and $11,508 as of December 31, 2022 and 2021, respectively.
Convertible Note Payable with Hensley Beverage Company
On March 20, 2023, we entered into a Purchase Agreement (the “Purchase Agreement”) with Hensley & Company dba Hensley Beverage Company (the “Purchaser”), an entity affiliated with Mr. McCain, a director of our company, pursuant to which we issued and sold to the Purchaser a $5,000,000 10 Percent (10%) Unsecured Convertible Note (the “Note”) for gross proceeds of $5,000,000 in a private placement exempt from registration under Section 4(a)(2) of the Securities Act of 1933, as amended (the “Securities Act”), and Regulation D promulgated thereunder (the “Note Offering”). The Note, together with accrued and unpaid interest thereon, is due on March 20, 2025 (the “Maturity Date”). We may not prepay the Note prior to the Maturity Date without the consent of the Purchaser. The Note will bear interest at a rate of 10% per annum (based on a 360-day year), payable monthly. At any time prior to or on the Maturity Date and subject to certain beneficial ownership limitations, the Purchaser may convert all or any portion of the outstanding principal amount of the Note and all accrued and unpaid interest thereon into shares (the “Conversion Shares”) of our common stock, par value $0.00001 per share, at a conversion price of $1.20 per share (the “Conversion Price”). The Conversion Price is adjustable in the event of any stock split, reverse stock split, recapitalization, reorganization, or similar event. Upon the occurrence of an “Event of Default” (as defined in the Note and including the failure to make required payments when due after specified grace periods, certain breaches of the Purchase Agreement and certain specified insolvency events), the Purchaser would have the right to accelerate payments due under the Note, which from and after such acceleration would bear interest at a default rate of 24% per annum.
Director Independence
See “Directors, Executive Officers and Corporate Governance – Director Independence” and “Directors, Executive Officers and Corporate Governance – Board Committees” in Item 10 above.
ITEM 14. PRINCIPAL ACCOUNTANT FEES AND SERVICES
Our Audit Committee has appointed Semple, Marchal & Cooper, LLP (“SMC”) as our independent registered public accounting firm for the year ended December 31, 2022. The following table sets forth the fees billed to our company for professional services rendered by SMC for the years ended December 31, 2022 and 2021:
Services | 2022 | 2021 | ||||||
Audit fees (1) | $ | 369,481 | $ | 132,098 | ||||
Audit-related fees (2) | 104,663 | 3,440 | ||||||
Tax fees (3) | 50,213 | 2,690 | ||||||
All other fees | - | 102,817 | ||||||
Total fees | $ | 524,357 | $ | 241,045 |
(1) | Audit fees consisted of billing for professional services normally provided in connection with statutory and regulatory filings, including (i) fees associated with the audits of our financial statements for the years ended December 31, 2022 and 2021 and, (ii) fees associated with quarterly reviews for the quarters ended March 31, 2022 and 2021, June 30, 2022 and 2021, and September 30, 2022 and 2021. |
(2) | Audit related fees consisted of billings for professional services for reviews of our periodic filings under form 10-K and 10-Q and acquisition audits for the years ended December 31, 2022 and 2021. |
(3) | Tax fees consisted primarily of tax related advisory and preparation services. |
Pre-Approval Policies and Procedures
The charter of our Audit Committee provides that the authority and responsibilities of our Audit Committee include the pre-approval of all audit and permitted non-audit and tax services that may be provided by our independent auditors or other registered public accounting firms, and the establishment of policies and procedures for the Audit Committee’s pre-approval of permitted services by our independent auditors or other registered public accounting firms on an on-going basis.
For audit services, each year our independent auditor provides our Audit Committee with an engagement letter outlining the scope of the audit services proposed to be performed during the year, which must be formally accepted by our Audit Committee before the audit commences prior to engagement of an independent auditor for next year’s audit, management will submit an aggregate of services expected to be rendered during that year for each of three categories of services to our Audit Committee for approval.
-47- |
PART IV
ITEM 15. EXHIBITS AND FINANCIAL STATEMENT SCHEDULES
(a) | The following documents are filed as a part of the report: |
(1) | For a list of the financial statements included herein, see the index to the financial statements beginning on page F-1 of this Annual Report on Form 10-K, incorporated into this Item by reference. |
(2) | Financial statement schedules have been omitted because they are either not required or not applicable or the information is included in the consolidated financial statements or the notes thereto. |
(b) | Exhibits. |
-48- |
*Filed herewith.
**Certain exhibits, annexes, and/or schedules have been omitted from this filing pursuant to Item 601(b)(2) of Regulation S-K. We agree to furnish supplementally a copy of any omitted exhibit, annex, or schedule to the Securities and Exchange Commission upon request.
# Management contracts and compensatory plans and arrangements.
ITEM 16. FORM 10-K SUMMARY
Not applicable.
-49- |
SIGNATURES
Pursuant to the requirements of Section 13 or 15(d) of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned, thereunto duly authorized.
CERBERUS CYBER SENTINEL CORPORATION
By: | /s/ David G. Jemmett | |
Name: | David G. Jemmett | |
Title: | Chief Executive Officer (Principal Executive Officer) | |
Date: | March 31, 2023 |
Pursuant to the requirements of the Securities Exchange Act of 1934, this report has been signed below by the following persons on behalf of the registrant and in the capacities and on the dates indicated.
By: | /s/ David G. Jemmett | |
Name: | David G. Jemmett | |
Title: | Chief Executive Officer and Director (Principal Executive Officer) | |
Date: | March 31, 2023 | |
By: | /s/ Debra L. Smith | |
Name: | Debra L. Smith | |
Title: | Chief Financial Officer (Principal Financial Officer and Principal Accounting Officer) | |
Date: | March 31, 2023 | |
By: | /s/ Ashley N. Devoto | |
Name: | Ashley N. Devoto | |
Title: | President , Chief Information Security Officer and Director | |
Date: | March 31, 2023 | |
By: | /s/ Stephen H. Scott, Jr. | |
Name: | Stephen H. Scott, Jr. | |
Title: | Director | |
Date: | March 31, 2023 | |
By: | /s/ Robert C. Oaks | |
Name: | Ret. General Robert C. Oaks | |
Title: | Director | |
Date: | March 31, 2023 | |
By: | /s/ R. Scott Holbrook | |
Name: | R. Scott Holbrook | |
Title: | Director | |
Date: | March 31, 2023 | |
By: | /s/ Andrew K. McCain | |
Name: | Andrew K. McCain | |
Title: | Director | |
Date: | March 31, 2023 | |
By: | /s/ Ernest M. (Kiki) VanDeWeghe, III | |
Name: | Ernest M. (Kiki) VanDeWeghe, III | |
Title: | Director | |
Date: | March 31, 2023 |
-50- |
CERBERUS CYBER SENTINEL CORPORATION
CONSOLIDATED FINANCIAL STATEMENTS AS OF DECEMBER 31, 2022 AND 2021
TABLE OF CONTENTS
F-1 |
REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM
Board of Directors and Stockholders of
Cerberus Cyber Sentinel Corporation and Subsidiaries
Scottsdale, Arizona
Opinion on the Consolidated Financial Statements
We have audited the accompanying consolidated balance sheets of Cerberus Cyber Sentinel Corporation (the “Company”) as of December 31, 2022 and 2021, the related consolidated statements of operations, stockholders’ equity, and cash flows for the years then ended, and the related notes (collectively referred to as the “consolidated financial statements”). In our opinion, based on our audits and the report of the other auditors, the consolidated financial statements present fairly, in all material respects, the financial position of the Company at December 31, 2022 and 2021, and the results of its consolidated operations and its cash flows for the years then ended, in conformity with accounting principles generally accepted in the United States of America.
We did not audit the combined financial statements of the Company’s wholly-owned “South American Subsidiaries,” which include the consolidated balance sheets of Arkavia Networks SpA. and its wholly-owned subsidiaries Arkavia Networks Limitada and Arkavia Networks, as of December 31, 2022 and 2021, and the related consolidated statements of operations, stockholders’ equity, and cash flows for the year ended December 31, 2022, and for the period from December 1, 2021 (Acquisition) to December 31, 2021; the combined balance sheets of Servicios Informaticos CUATROi, S.P.A., Comercializadora CUATROi S.P.A., CUATROi Peru S.A.C., and CUATROi S.A.S. (entities under common ownership and management) as of December 31, 2022 and the related combined statements of operations, stockholders’ equity, and cash flows for the period ended August 26, 2022 (Acquisition) to December 31, 2022; and the combined balance sheets of NLT Networks, S.P.A., NLT Tecnologias, Limitada, NLT Servicios Profesionales, S.P.A. and White and Blue Solutions, LLC (entities under common ownership and management) as of December 31, 2022 and the related combined statements of operations, stockholders’ equity, and cash flows for the period ended September 1, 2022 (Acquisition) to December 31, 2022; and the related notes (collectively “combined financial statements”). The combined financial statements of the South American Subsidiaries reflect total assets of $39.5 million and $12.1 million at December 31, 2022 and 2021, respectively, and total revenues of $10.0 and $1.3 million for the periods then ended. Those statements were audited by another auditor whose report has been furnished to us, and our opinion, insofar as it relates to the amounts included for the South American Subsidiaries, is based solely on the report of the other auditors.
Going Concern Uncertainty
The accompanying consolidated financial statements have been prepared assuming that the Company will continue as a going concern. As discussed in Note 2 to the consolidated financial statements, the Company has suffered recurring losses from operations, negative cash flows from operations and has a net capital deficiency that raise substantial doubt about its ability to continue as a going concern. Management’s plans in regard to these matters are also described in Note 2. The consolidated financial statements do not include any adjustments that might result from the outcome of this uncertainty.
Basis for Opinion
These consolidated financial statements are the responsibility of the Company’s management. Our responsibility is to express an opinion on the Company’s consolidated financial statements based on our audits. We are a public accounting firm registered with the Public Company Accounting Oversight Board (United States) (“PCAOB”) and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.
We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the consolidated financial statements are free of material misstatement, whether due to error or fraud. The Company is not required to have, nor were we engaged to perform, an audit of its internal control over financial reporting. As part of our audits we are required to obtain an understanding of internal control over financial reporting but not for the purpose of expressing an opinion on the effectiveness of the Company’s internal control over financial reporting. Accordingly, we express no such opinion.
Our audits included performing procedures to assess the risks of material misstatement of the consolidated financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the consolidated financial statements. Our audits also included evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the consolidated financial statements. We believe that our audits provide a reasonable basis for our opinion.
/s/ Semple, Marchal & Cooper, LLP
Certified Public Accountants
We have served as the Company’s auditor since 2019.
Phoenix, Arizona
March 31, 2023
F-2 |
REPORT OF THE INDEPENDENT AUDITORS |
Board of Directors and Stockholders of
Cerberus Cyber Sentinel Corporation and Subsidiaries Scottsdale, Arizona
1/2
Report on the financial statements
We have audited the consolidated balance sheets of Arkavia Networks SpA. and its wholly-owned subsidiaries Arkavia Networks Limitada and Arkavia Networks (collectively “Arkavia”), as of December 31, 2022 and 2021, and the related consolidated statements of operations, stockholders’ equity, and cash flows for the year ended December 31, 2022, and for the period from December 1, 2021 (Acquisition) to December 31, 2021; the combined balance sheets of Servicios Informaticos CUATROi, S.P.A., Comercializadora CUATROi S.P.A., CUATROi Peru S.A.C., and CUATROi S.A.S. (entities under common ownership and management, collectively “CUATROi”) as of December 31, 2022 and the related combined statements of operations, stockholders’ equity, and cash flows for the period ended August 26, 2022 (Acquisition) to December 31, 2022; and the combined balance sheets of NLT Networks, S.P.A., NLT Tecnologias, Limitada, NLT Servicios Profesionales, S.P.A. and White and Blue Solutions, LLC (entities under common ownership and management, collectively “NLT”) as of December 31, 2022 and the related combined statements of operations, stockholders’ equity, and cash flows for the period ended September 1, 2022 (Acquisition) to December 31, 2022; and the related notes (collectively “combined financial statements”) (Arkavia, together with CUATROi and NLT, the “Company” ). In our opinion, such combined financial statements present fairly, in all material respects the combined financial position as December 31, 2022 and 2021, and the results of its combined operations and its cash flows for the periods then ended, in conformity with accounting principles generally accepted in the United States of America.
Basis for Opinion
These combined financial statements are the responsibility of the Company’s management. Our responsibility is to express an opinion on the combined financial statements based on our audits. We are a public accounting firm registered with the Public Company Accounting Oversight Board (United States) (“PCAOB”) and are required to be independent with respect to the Company with respect to the Company in accordance with U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.
We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the combined financial statements are free of material misstatement, whether due to error or fraud. The Company is not required to have, nor were we engaged to perform, an audit of its internal control over financial reporting. As part of our audits we are required to obtain an understanding of internal control over financial reporting but not for the purpose of expressing an opinion on the effectiveness of the Company’s internal control over financial reporting. Accordingly, we express no such opinion.
F-3 |
Board of Directors and Stockholders of Cerberus Cyber Sentinel Corporation and Subsidiaries Scottsdale, Arizona 2/2 |
Our audits include performing procedures to assess the risks of material misstatement of the combined financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such procedures include examining, on a test basis, evidence regarding the amounts and disclosures in the consolidated financial statements. Our audits also included evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the combined financial statements. We believe that our audits and the report of other auditors provide a reasonable basis for our opinion.
CLAUDIO SILVA MORALES | BAKER TILLY CHILE LTDA. |
Santiago, Chile, March 31, 2023
We have served as auditors since 2021.
Baker Tilly Chile Auditores Consultores Ltda., trading as Baker Tilly Chile is a member of the global network of Baker Tilly International Ltd., the members of which are separate and independent legal entities.
F-4 |
CERBERUS CYBER SENTINEL CORPORATION AND SUBSIDIARIES
CONSOLIDATED BALANCE SHEETS
December 31, | December 31, | |||||||
2022 | 2021 | |||||||
ASSETS | ||||||||
Current Assets: | ||||||||
Cash and cash equivalents | $ | 1,833,163 | $ | 2,725,035 | ||||
Accounts receivable, net | 7,862,297 | 4,840,802 | ||||||
Notes receivable, related party | 1,090,903 | |||||||
Inventory | 11,803 | 189,596 | ||||||
Prepaid cost of revenue | 2,634,667 | 12,239 | ||||||
Prepaid expenses and other current assets | 1,724,650 | 948,726 | ||||||
Contract asset | 332,215 | |||||||
Total Current Assets | 14,398,795 | 9,807,301 | ||||||
Property and equipment, net | 4,680,495 | 2,394,424 | ||||||
Right of use asset, net | 255,687 | 277,578 | ||||||
Intangible assets, net | 8,475,229 | 6,540,269 | ||||||
Goodwill | 76,664,017 | 16,792,535 | ||||||
Other assets | 22,592 | |||||||
Total Assets | $ | 104,496,815 | $ | 35,812,107 | ||||
LIABILITIES AND STOCKHOLDERS’ EQUITY | ||||||||
Current Liabilities: | ||||||||
Accounts payable and accrued expenses | $ | 8,310,337 | $ | 2,709,066 | ||||
Deferred revenue | 4,472,140 | 52,824 | ||||||
Settlement liability | 470,000 | |||||||
Lease liability | 121,731 | 196,472 | ||||||
Loans payable | 7,758,831 | 213,199 | ||||||
Convertible notes payable | 2,550,000 | 1,500,000 | ||||||
Total Current Liabilities | 23,213,039 | 5,141,561 | ||||||
Long-term Liabilities: | ||||||||
Loans payable, net of current portion | 4,243,802 | 5,284,301 | ||||||
Lease liability, net of current portion | 159,205 | 88,040 | ||||||
Deferred tax liability | 435,678 | |||||||
Total Liabilities | 28,051,724 | 10,513,902 | ||||||
Commitments and Contingencies | ||||||||
Stockholders’ Equity: | ||||||||
Common stock, $ | par value; shares authorized; and issued and outstanding at December 31, 2022 and 20211,464 | 1,258 | ||||||
Preferred stock, $ | par value; shares authorized; shares issued and outstanding on December 31, 2022 and December 31, 2021||||||||
Additional paid-in capital | 153,168,984 | 69,309,369 | ||||||
Accumulated translation adjustment | 1,062,247 | |||||||
Accumulated deficit | (77,787,604 | ) | (44,012,422 | ) | ||||
Total Stockholders’ Equity | 76,445,091 | 25,298,205 | ||||||
Total Liabilities and Stockholders’ Equity | $ | 104,496,815 | $ | 35,812,107 |
The accompanying footnotes are an integral part of these condensed consolidated financial statements.
F-5 |
CERBERUS CYBER SENTINEL CORPORATION AND SUBSIDIARIES
CONSOLIDATED STATEMENTS OF OPERATIONS AND COMPREHENSIVE LOSS
Year Ended | ||||||||
December 31, 2022 | December 31, 2021 | |||||||
Revenue: | ||||||||
Security managed services | $ | 40,920,420 | $ | 11,797,719 | ||||
Professional services | 5,629,197 | 3,344,840 | ||||||
Total revenue | 46,549,617 | 15,142,559 | ||||||
Cost of revenue: | ||||||||
Security managed services | 15,431,523 | 3,089,599 | ||||||
Professional services | 844,287 | 515,171 | ||||||
Cost of payroll | 20,036,182 | 7,596,972 | ||||||
Stock based compensation | 7,512,304 | 2,132,554 | ||||||
Total cost of revenue | 43,824,296 | 13,334,296 | ||||||
Total gross profit | 2,725,321 | 1,808,263 | ||||||
Operating expenses: | ||||||||
Professional fees | 2,067,603 | 1,189,319 | ||||||
Advertising and marketing | 804,218 | 435,016 | ||||||
Selling, general and administrative | 23,106,451 | 9,809,200 | ||||||
Stock based compensation | 9,885,191 | 8,076,688 | ||||||
Impairment of goodwill | 22,078,064 | |||||||
Total operating expenses | 35,863,463 | 41,588,287 | ||||||
Loss from operations | (33,138,142 | ) | (39,780,024 | ) | ||||
Other income (expense): | ||||||||
Other income | 43,332 | (39,063 | ) | |||||
Interest expense, net | (680,921 | ) | (307,363 | ) | ||||
PPP loan forgiveness | 980,800 | |||||||
Total other income (expense) | (637,589 | ) | 634,374 | |||||
Loss before income taxes | (33,775,731 | ) | (39,145,650 | ) | ||||
Benefit from income taxes | (549 | ) | ||||||
Net loss | (33,775,182 | ) | (39,145,650 | ) | ||||
Foreign currency translation adjustment | 1,062,247 | |||||||
Comprehensive loss | $ | (32,712,935 | ) | $ | (39,145,650 | ) | ||
Net loss per common share - basic and diluted | $ | (0.24 | ) | $ | (0.33 | ) | ||
Weighted average shares outstanding - basic | 139,133,308 | 118,906,765 | ||||||
Weighted average shares outstanding - diluted | 139,133,308 | 118,906,765 |
The accompanying footnotes are an integral part of these condensed consolidated financial statements.
F-6 |
CERBERUS CYBER SENTINEL CORPORATION AND SUBSIDIARIES
CONSOLIDATED STATEMENTS OF CHANGES IN STOCKHOLDERS’ EQUITY
Accumulated | ||||||||||||||||||||||||||||||||
Additional | Other | |||||||||||||||||||||||||||||||
Common Stock | Preferred Stock | Paid-in | Comprehensive | Accumulated | ||||||||||||||||||||||||||||
Shares | Amount | Shares | Amount | Capital | Gain/(Loss) | Deficit | Total | |||||||||||||||||||||||||
Balance at January 1, 2022 | 125,852,971 | $ | 1,258 | $ | 69,309,369 | $ | $ | (44,012,422 | ) | $ | 25,298,205 | |||||||||||||||||||||
Stock based compensation - stock options | - | - | 15,464,587 | 15,464,587 | ||||||||||||||||||||||||||||
Stock based compensation - common stock | 909,819 | 9 | - | 2,266,225 | 2,266,234 | |||||||||||||||||||||||||||
Stock issued for cash | 352,474 | 4 | - | 1,167,285 | 1,167,289 | |||||||||||||||||||||||||||
Exercise of options | 2,689,071 | 27 | - | 1,480,115 | 1,480,142 | |||||||||||||||||||||||||||
Stock issued for cash in public offering | 2,060,000 | 21 | - | 9,521,777 | 9,521,798 | |||||||||||||||||||||||||||
Stock issued for True Digital acquisition | 8,229,000 | 82 | - | 34,726,298 | 34,726,380 | |||||||||||||||||||||||||||
Stock issued for VelocIT acquisition | 256,678 | 3 | - | (3 | ) | |||||||||||||||||||||||||||
Stock issued for Red74 acquisition | 34,000 | - | ||||||||||||||||||||||||||||||
Stock issued for Creatrix acquisition | 600,000 | 6 | - | 3,629,994 | 3,630,000 | |||||||||||||||||||||||||||
Stock issued for CyberViking acquisition | 499,000 | 5 | - | 1,836,315 | 1,836,320 | |||||||||||||||||||||||||||
Stock issued for CUATROi acquisition | 2,166,922 | 22 | - | 6,847,452 | 6,847,474 | |||||||||||||||||||||||||||
Stock issued for NLT acquisition | 2,745,872 | 27 | - | 6,919,570 | 6,919,597 | |||||||||||||||||||||||||||
Foreign currency translation | - | - | 1,062,247 | 1,062,247 | ||||||||||||||||||||||||||||
Net loss | - | - | (33,775,182 | ) | (33,775,182 | ) | ||||||||||||||||||||||||||
Balance at December 31, 2022 | 146,395,807 | $ | 1,464 | $ | $ | 153,168,984 | $ | 1,062,247 | $ | (77,787,604 | ) | $ | 76,445,091 | |||||||||||||||||||
Balance at January 1, 2021 | 116,104,971 | $ | 1,161 | $ | 12,607,074 | $ | (4,866,772 | ) | $ | 7,741,463 | ||||||||||||||||||||||
Stock based compensation - stock options | - | - | 7,802,096 | 7,802,096 | ||||||||||||||||||||||||||||
Stock based compensation - common stock | 392,900 | 4 | - | 2,407,142 | 2,407,146 | |||||||||||||||||||||||||||
Exercise of stock options | 100,000 | 1 | - | 49,999 | 50,000 | |||||||||||||||||||||||||||
Stock issued for conversion of convertible debt | 1,500,000 | 15 | - | 2,999,985 | 3,000,000 | |||||||||||||||||||||||||||
Stock issued for cash | 1,625,000 | 16 | - | 3,249,984 | 3,250,000 | |||||||||||||||||||||||||||
Stock issued for VelocIT acquisition | 2,310,100 | 23 | - | 13,603,924 | 13,603,947 | |||||||||||||||||||||||||||
Stock issued for Atlantic acquisition | 200,000 | 2 | - | 1,049,998 | 1,050,000 | |||||||||||||||||||||||||||
Stock issued for Red74 acquisition | 306,000 | 3 | - | 2,107,997 | 2,108,000 | |||||||||||||||||||||||||||
Stock issued for Arkavia acquisition | 2,914,000 | 29 | - | 14,569,971 | 14,570,000 | |||||||||||||||||||||||||||
Stock issued for settlement agreement | 400,000 | 4 | - | 1,999,996 | 2,000,000 | |||||||||||||||||||||||||||
Replacement options issued in VelocIT acquisition | - | - | 6,861,203 | 6,861,203 | ||||||||||||||||||||||||||||
Net loss | - | - | (39,145,650 | ) | (39,145,650 | ) | ||||||||||||||||||||||||||
Balance at December 31, 2021 | 125,852,971 | $ | 1,258 | $ | $ | 69,309,369 | $ | $ | (44,012,422 | ) | $ | 25,298,205 |
The accompanying footnotes are an integral part of these condensed consolidated financial statements.
F-7 |
CERBERUS CYBER SENTINEL CORPORATION AND SUBSIDIARIES
CONSOLIDATED STATEMENTS OF CASH FLOWS
December 31, 2022 | December 31, 2021 | |||||||
Cash flows from operating activities: | ||||||||
Net loss | $ | (33,775,182 | ) | $ | (39,145,650 | ) | ||
Adjustments to reconcile net loss to net cash used in operating activities: | ||||||||
Stock based compensation - stock options | 15,464,587 | 7,802,096 | ||||||
Stock based compensation - common stock | 1,932,908 | 2,407,146 | ||||||
Depreciation and amortization | 3,071,917 | 294,858 | ||||||
Right of use amortization | 247,474 | 123,378 | ||||||
Non-cash interest expense | 60,651 | 73,391 | ||||||
Forgiveness of PPP Loan | (980,800 | ) | ||||||
Settlement liability | 2,000,000 | |||||||
Other | (24,869 | ) | 55,528 | |||||
Impairment of goodwill | 22,078,064 | |||||||
Changes in operating assets and liabilities: | ||||||||
Accounts receivable, net | (979,898 | ) | (2,358,896 | ) | ||||
Inventory | 173,156 | 497,893 | ||||||
Contract assets | (166,908 | ) | ||||||
Prepaids and other current assets | (2,625,108 | ) | (229,813 | ) | ||||
Accounts payable and accrued expenses | 4,237,986 | (405,915 | ) | |||||
Lease liability | (206,870 | ) | (111,749 | ) | ||||
Settlement liability | (470,000 | ) | 470,000 | |||||
Deferred revenue | 2,379,149 | 45,340 | ||||||
Net cash used in operating activities | (10,681,007 | ) | (7,385,129 | ) | ||||
Cash flows from investing activities: | ||||||||
Purchases of property and equipment | (512,247 | ) | ||||||
Cash (paid)/acquired in acquisitions, net | (5,536,697 | ) | 2,050,057 | |||||
Net cash (used in)/provided by investing activities | (6,048,944 | ) | 2,050,057 | |||||
Cash flows from financing activities: | ||||||||
Proceeds from sale of common stock | 10,689,087 | 3,250,000 | ||||||
Proceeds from stock option exercise | 1,480,142 | 50,000 | ||||||
Proceeds from loan payable | 5,000,000 | 9,110 | ||||||
Proceeds from notes payable, related party | 133,018 | |||||||
Proceeds from convertible note payable | 1,000,000 | 1,500,000 | ||||||
Proceeds from line of credit | 86,585 | 221,346 | ||||||
Payment on line of credit | (369,829 | ) | (224,346 | ) | ||||
Payment on loans payable | (2,083,076 | ) | (1,859,820 | ) | ||||
Payment on notes payable, related party | (216,231 | ) | ||||||
Payment of debt issuance cost | (25,000 | ) | ||||||
Net cash provided by financing activities | 15,777,909 | 2,863,077 | ||||||
Effect of exchange rates on cash and cash equivalents | 60,170 | |||||||
Net increase in cash and cash equivalents | (891,872 | ) | (2,471,995 | ) | ||||
Cash and cash equivalents - beginning of the period | 2,725,035 | 5,197,030 | ||||||
Cash and cash equivalents - end of the period | $ | 1,833,163 | $ | 2,725,035 | ||||
Supplemental cash flow information: | ||||||||
Cash paid for: | ||||||||
Interest | $ | 512,374 | $ | 91,490 | ||||
Income taxes | $ | $ | ||||||
Non-cash investing and financing activities: | ||||||||
Right of use asset and lease liability recorded upon adoption of ASC 842 | $ | 476,986 | $ | 387,530 | ||||
Forgiveness of PPP Loan | $ | $ | 980,800 | |||||
Common stock issued in VelocIT acquisition | $ | $ | 13,603,947 | |||||
Common stock issued in Atlantic acquisition | $ | $ | 1,050,000 | |||||
Common stock issued in RED 74 acquisition | $ | $ | 2,108,000 | |||||
Common stock issued in Arkavia acquisition | $ | $ | 14,570,000 | |||||
Options issued for VelocIT acquisition | $ | $ | 6,861,203 | |||||
Common stock issued in True Digital acquisition | $ | 34,726,380 | $ | |||||
Common stock issued in Creatrix acquisition | $ | 3,630,000 | $ | |||||
Common stock issued in CyberViking acquisition | $ | 1,836,320 | $ | |||||
Common stock issued in CUATROi acquisition | $ | 6,847,474 | $ | |||||
Common stock issued in NLT Secure acquisition | $ | 6,919,597 | $ |
The accompanying footnotes are an integral part of these condensed consolidated financial statements.
F-8 |
CERBERUS CYBER SENTINEL CORPORATION AND SUBSIDIARIES
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
NOTE 1 – NATURE OF THE ORGANIZATION AND BUSINESS
Unless otherwise indicated or the context requires otherwise, the terms ““we,” “us,” “our,” and “our company” refer to Cerberus Cyber Sentinel Corporation, a Delaware corporation (“Cerberus”), and our wholly owned subsidiaries. Unless otherwise specified, all dollar amounts are expressed in United States dollars.
Nature of the Business
We are a cybersecurity and compliance company comprised of highly trained and seasoned security professionals who work with clients to enhance or create a better cyber posture in their organization. We provide a full range of cybersecurity consulting and related services, encompassing all three pillars of compliance, cybersecurity, and culture. Our services include secured managed services, compliance services, security operations center (“SOC”) services, virtual Chief Information Security Officer (“vCISO”) services, incident response, certified forensics, technical assessments, and cybersecurity training. We believe that culture is the foundation of every successful cybersecurity and compliance program. To deliver that outcome, we developed our unique offering of MCCP+ (“Managed Compliance & Cybersecurity Provider + Culture”), which is the only holistic solution that provides all three of these pillars under one roof from a dedicated team of subject matter experts. In contrast to the majority of cybersecurity firms that are focused on a specific technology or service, we seek to differentiate ourselves by remaining technology agnostic, focusing on accumulating highly sought-after topic experts. We continually seek to identify and acquire cybersecurity talent to expand our service scope and geographical coverage to provide the best possible service for our clients. We believe that bringing together a world-class team of technological experts with multi-faceted expertise in the critical aspects of cybersecurity is key to providing technology agnostic solutions to our clients in a business environment that has suffered from a chronic lack of highly skilled professionals, thereby setting us apart from competitors and in-house security teams. Our goal is to create a culture of security and to help quantify, define, and capture a return on investment from information technology and cybersecurity spending. Our brand rallies around the battle cry: “Cyber security is a Culture, not a Product.”
NOTE 2 – LIQUIDITY AND GOING CONCERN CONSIDERATIONS
The accompanying financial statements have been prepared on a going concern basis, which contemplates the realization of assets and satisfaction of liabilities in the normal course of business. For the year ended December 31, 2022, we incurred a net loss of $33,775,182, had negative cash flows from operations of $10,681,007, and working capital deficit of $8,814,244. These matters raise substantial doubt as to our ability to continue as a going concern.
Our existence is dependent upon our ability to develop profitable operations. We are devoting substantially all of our efforts to developing our business, reducing overhead costs, and raising capital, although there can be no assurance that the our efforts will be successful. No assurance can be given that our actions will result in profitable operations or the resolution of liquidity problems. The accompanying consolidated financial statements do not include any adjustments that might result should we be unable to continue as a going concern.
In order to improve our liquidity, in addition to a planned reduction in overhead costs, we are actively pursuing additional debt and/or equity financing through discussions with investment bankers and private investors. There can be no assurance that we will be successful in our efforts to secure additional financing.
The financial statements do not include any adjustments relating to the recoverability of assets and the amount or classification of liabilities that might be necessary should we be unable to continue as a going concern.
NOTE 3 – SUMMARY OF SIGNIFICANT ACCOUNTING POLICIES
Basis of Presentation
The accompanying consolidated financial statements have been prepared in accordance with accounting principles generally accepted in the United States of America (“GAAP”). The summary of significant accounting policies presented below is designed to assist in understanding our consolidated financial statements. Such consolidated financial statements and accompanying notes are the representations of our management, who is responsible for their integrity and objectivity.
F-9 |
Consolidation
The consolidated financial statements include the accounts of our company and our wholly owned subsidiaries. All significant intercompany accounts and transactions have been eliminated in consolidation.
Prior Period Reclassifications
Reclassification of certain immaterial prior period amounts have been made to conform to the current period presentation.
Use of Estimates
Preparing financial statements in conformity with GAAP requires management to make estimates and assumptions that affect the reported amounts of assets and liabilities and disclosure of contingent assets and liabilities at the date of the financial statements and the reported amounts of revenue and expenses during the reporting period. Actual results could differ from those estimates.
We believe the following critical accounting policies affect our more significant judgments and estimates used in the preparation of the accompanying consolidated financial statements. Significant estimates include the allowance for doubtful accounts, the carrying value of intangible assets and goodwill, deferred tax asset and valuation allowance, the estimated fair value of assets acquired, liabilities assumed and stock issued in business combinations, and assumptions used in the Black-Scholes-Merton pricing model, such as expected volatility, risk-free interest rate, share price, and expected dividend rate.
Revenue
Our revenues are derived from two major types of services to clients: security managed services and professional services. With respect to Security Managed Services, we provide culture education and enablement, tools and technology provisioning, data and privacy monitoring, regulations and compliance monitoring, remote infrastructure administration, and cybersecurity services including, but not limited to, antivirus and patch management. With respect to Professional Services, we provide cybersecurity consulting, compliance auditing, vulnerability assessment and penetration testing, and disaster recovery and data backup solutions.
Our managed services offerings typically are paid in advance of providing services. We have determined that our contracts do not include a significant financing component. Payments received in advance of our performance are initially recorded as deferred revenue and then recognized as revenue on a straight-line basis over the term of the contract. Revenue is recognized net of allowances for applicable transaction-based taxes collected from customers.
Our revenue is categorized and disaggregated as reflected in our consolidated statements of operations and comprehensive loss, as follows:
Security Managed Services
We have four distinct revenue streams under security managed services: compliance, secured managed services, SOC managed services, and vCISO. We derive revenue from compliance by ensuring our customers are implementing the right controls, properly prioritizing risks, and investing in the appropriate remediation, so our customers can achieve compliance, adhere to industry standards and guidelines, and manage continuous monitoring over time. We derive revenue from secured managed services through security focused end-to-end network and device management solutions for companies that want to outsource their administration needs to a team of senior engineers who provide modern strategy, insights, and support. We derive revenue from SOC managed services by offering SOC-as-a-service, which is a subscription-based service that manages and monitors clients’ logs, devices, clouds, network, and assets for possible cyber threats. We derive revenue from vCISO when corporations are in need of cybersecurity services, but many do not have the capital resources or knowledge base to hire a Chief Information Security Officer. We offer this service to companies on an ongoing managed service basis as a resource to augment their management team. vCISO services include road mapping the future state for the client and providing our knowledgeable expertise to help them achieve their security needs.
F-10 |
Performance Obligations
Our contract transaction price is allocated to each distinct performance obligation and recognized as revenue when, or as, the performance obligation is satisfied. We have determined the performance obligations for the following services:
Compliance: We have determined that services provided under compliance contains a single performance obligation. We recognize revenue as earned based on time and material.
Secured Managed Services: We consider these services to be one performance obligation, although they may include various parts (e.g., support desk, vulnerability identification and patching, firewall management, etc. (referred to generally as the “parts”)). These parts are not viewed as being distinct, but rather a collection of interrelated parts that are combined to fill a functional need over a period of time (managed IT service). As such, the parts are not viewed as distinct as the parts are not separable in the contract. We bill the client on a monthly basis under the annual contract, and revenue is recognized as earned ratably over the contract term.
SOC Managed Services: We have determined that SOC managed services is viewed by our company as one performance obligation, although it may include various parts (e.g., architecture, design, security, etc. (referred to generally as the “parts”)). This position is based on the fact that these various parts are not viewed as being distinct. Revenue is recognized as earned ratably over the contract term.
vCISO: We have determined that vCISO managed services is viewed by our company as one performance obligation, although it may include various parts (e.g., strategy, advisory, and oversight (referred to generally as the “parts”)). This position is based on the fact that these various parts are not viewed as being distinct. Revenue is recognized as earned based on time and materials.
Professional Services
We have four distinct revenue streams under professional services: technical assessments, incident response and forensics, training, and other cybersecurity services. We derive revenue from technical assessments by utilizing the same tools and techniques a malicious cybercriminal would use to try to gain unauthorized access to highly guarded corporate systems and data to evaluate technical controls and quantify business risks in a meaningful way. We derive revenue from incident response and forensics by providing our customers with certified experts experienced in locating and neutralizing threat actors who have breached their environments. Our team is able to identify and contain a cyberattack quickly, implement patches or configuration changes to prevent re-infection, perform forensic analysis to determine root cause, and provide a plan of attack for improvements that will prevent a similar attack from succeeding in the future. We derive revenue from training by offering cybersecurity awareness training required under most compliance frameworks, and recommended as a best practice under National Institute of Standards and Technology standards, to help reduce the risk of a successful cyber-attack. We derive revenue from other cybersecurity services for hardware and software for customers IT infrastructure along with occasional staffing services.
Performance Obligations
Our contract transaction price is allocated to each distinct performance obligation and recognized as revenue when, or as, the performance obligation is satisfied. We have determined the performance obligations for the following services:
Technical Assessments: We have determined that a technical assessment is viewed by our company as one performance obligation. Revenue is recognized at a point in time when the result of the assessment is turned over to the customer.
Incident Response and Forensics: We consider these services to be one performance obligation, although they may include various parts (e.g., determine the source, cause, and prevention of recurrence etc. (referred to generally as the “parts”)). These parts are not viewed as being distinct. We recognize revenue as earned based on time and material.
F-11 |
Training: We have determined that services provided under compliance contains a single performance obligation. We recognize revenue as earned based on time and material.
Other Cybersecurity Services: We have determined that services provided under other cyber security is comprised of hardware and software sales and contains a single performance obligation. We recognize revenue upon delivery of equipment to the client. The staffing services offered contains a single performance obligation based on time and materials and revenue is recognized as invoices are approved and generated.
Cash and Cash Equivalents
We consider all highly liquid investments with original maturities of three months or less at the time of purchase to be cash equivalents.
Accounts Receivable
Accounts receivable are generally unsecured and reported at their outstanding unpaid principal balances, net of allowances for doubtful accounts. We provide for allowances for doubtful receivables based on our estimate of uncollectible amounts considering age, collection history, and any other factors considered appropriate. Payments are generally due within 30 days of invoice. We write off accounts receivable against the allowance for doubtful accounts when a balance is determined to be uncollectible. As of December 31, 2022 and 2021, our allowance for doubtful accounts was $270,011 and $77,811, respectively.
Prepaid cost of revenue
Prepaid cost of revenue represents amounts charged by our vendors for licenses that we resell to our customers. These amounts are amortized to cost of revenue over the same period revenue is recognized for the related contract with our customers.
Property and Equipment
Property and equipment are recorded at cost. Depreciation is computed using the straight-line method over the estimated useful lives of the related assets, generally between and years. Expenditures that enhance the useful lives of the assets are capitalized and depreciated.
Maintenance and repairs are charged to expense as incurred. At the time of retirement or other disposition of property and equipment, the cost and accumulated depreciation will be removed from the accounts and the resulting gain or loss, if any, will be reflected in operations.
Impairment of Long-Lived Assets
We review long-lived assets, including finite-lived intangible assets, for impairment whenever events or changes in circumstances indicate that the carrying amount of such assets may not be recoverable. Recoverability of these assets is determined by comparing the forecasted undiscounted net cash flows of the operation to which the assets relate to the carrying amount. Fair value is determined based on discounted cash flows or appraised values, depending on the nature of the assets. impairment was recorded for the year ended December 31, 2022.
Intangible Assets
We record our intangible assets at estimated fair value in accordance with Accounting Standards Code (“ASC”) 350, Intangibles – Goodwill and Other. Finite lived intangible assets are amortized over their estimated useful life using the straight-line method, which is determined by identifying the period over which the cash flows from the asset are expected to be generated.
F-12 |
Goodwill
Goodwill represents the excess of the purchase price of the acquired business over the estimated fair value of the identifiable net assets acquired. Goodwill is not amortized but is tested for impairment at least during the fourth quarter, at the reporting unit level or more frequently if events or changes in circumstances indicate that the asset might be impaired. Goodwill is tested for impairment at the reporting unit level by first performing a qualitative assessment to determine whether it is more likely than not that the fair value of the reporting unit is less than its carrying value. If the reporting unit does not pass the qualitative assessment, then the reporting unit’s carrying value is compared to its fair value. The fair values of the reporting units are estimated using market and discounted cash flow approaches. Goodwill is considered impaired if the carrying value of the reporting unit exceeds its fair value. The discounted cash flow approach uses expected future operating results. Failure to achieve these expected results may cause a future impairment of goodwill at the reporting unit level.
Advertising and Marketing Costs
We expense advertising and marketing costs as they are incurred. Advertising and marketing expenses were $804,218 and $435,016 for the years ended December 31, 2022 and 2021, respectively, and are recorded in operating expenses on the consolidated statements of operations.
Fair Value Measurements
As defined in ASC 820, Fair Value Measurements and Disclosures, fair value is the price that would be received to sell an asset or paid to transfer a liability in an orderly transaction between market participants at the measurement date (exit price). We utilize market data or assumptions that market participants would use in pricing the asset or liability, including assumptions about risk and the risks inherent in the inputs to the valuation technique. These inputs can be readily observable, market corroborated, or generally unobservable. ASC 820 establishes a fair value hierarchy that prioritizes the inputs used to measure fair value. The hierarchy gives the highest priority to unadjusted quoted prices in active markets for identical assets or liabilities (Level 1 measurement) and the lowest priority to unobservable inputs (Level 3 measurement). This fair value measurement framework applies at both initial and subsequent measurement.
Level 1: | Quoted prices are available in active markets for identical assets or liabilities as of the reporting date. Active markets are those in which transactions for the asset or liability occur in sufficient frequency and volume to provide pricing information on an ongoing basis. |
Level 2: | Pricing inputs are other than quoted prices in active markets included in Level 1, which are either directly or indirectly observable as of the reported date. Level 2 includes those financial instruments that are valued using models or other valuation methodologies. These models are primarily industry-standard models that consider various assumptions, including quoted forward prices for commodities, time value, volatility factors, and current market and contractual prices for the underlying instruments, as well as other relevant economic measures. Substantially all of these assumptions are observable in the marketplace throughout the full term of the instrument, can be derived from observable data, or are supported by observable levels at which transactions are executed in the marketplace. |
Level 3: | Pricing inputs include significant inputs that are generally less observable from objective sources. These inputs may be used with internally developed methodologies that result in management’s best estimate of fair value. The significant unobservable inputs used in the fair value measurement for nonrecurring fair value measurements of long-lived assets include pricing models, discounted cash flow methodologies and similar techniques. |
Fair Value of Financial Instruments
The carrying value of cash, accounts receivable, accounts payable and accrued expenses, and other current liabilities approximate their fair values using Level 3 inputs, based on the short-term maturity of these instruments. The carrying amount of loans and of notes payable approximate the estimated fair value for this financial instrument as management believes that such debt and interest payable on the notes approximates our incremental borrowing rate. The long-lived assets (i.e., goodwill and intangible assets) were valued utilizing Level 3 inputs. Significant unobservable inputs used in fair value measurement of the intangible assets include projected revenue, gross profit and operating expenses, income tax rates, discount rates, royalty rates, and attrition rates.
F-13 |
Net loss per common share is computed by dividing the net loss by the weighted average number of common shares outstanding during the period. All outstanding options are considered potentially outstanding common stock. The dilutive effect, if any, of stock options is calculated using the treasury stock method. All outstanding convertible notes are considered common stock at the beginning of the period or at the time of issuance, if later, pursuant to the if-converted method. Since the effect of common stock equivalents is anti-dilutive with respect to losses, the options and shares issuable upon conversion have been excluded from our computation of net loss per common share for the years ended December 31, 2022 and 2021.
December 31, 2022 | December 31, 2021 | |||||||
Stock options | 36,397,521 | 31,372,148 | ||||||
Warrant | 144,200 | |||||||
Convertible debt | 430,718 | 300,000 | ||||||
Total | 36,972,439 | 31,672,148 |
Stock-Based Compensation
We apply the provisions of ASC 718, Compensation - Stock Compensation, which requires the measurement and recognition of compensation expense for all stock-based awards made to employees and nonemployees, in the statements of operations.
For stock options issued to employees and members of our Board of Directors for their services, we estimate the grant date fair value of each option using the Black-Scholes-Merton option pricing model. The use of the Black-Scholes-Merton option pricing model requires management to make assumptions with respect to the expected term of the option, the expected volatility of the common stock consistent with the expected life of the option, risk-free interest rates and expected dividend yields of the common stock. For awards subject to service-based vesting conditions, including those with a graded vesting schedule, we recognize stock-based compensation expense equal to the grant date fair value of stock options on a straight-line basis over the requisite service period, which is generally the vesting term. Forfeitures are recorded as they are incurred. Due to our company’s limited history and lack of public market for its common stock, we used the average of historical share prices of similar companies within our industry to calculate volatility for use in the Black-Scholes-Merton option pricing model.
Stock-based awards are accounted for using the fair value method. Grant date fair values for stock options are determined using the Black-Scholes-Merton option pricing model and a single option award approach.
We issued shares of our stock to vendors and nonemployee for services provided. We recognize the accounting grant date fair value of the stock award as compensation expense over the required service period of each award. Shares issued for services are measured based on the fair market value of the underlying common stock on their respective accounting grant dates.
Foreign Currency
Our functional and reporting currency is the U.S. dollar. For certain of our foreign subsidiaries whose functional currency is other than the U.S. dollar, we translate revenue and expense transactions at average exchange rates. We translate assets and liabilities at period-end exchange rates and include foreign currency translation gains and losses as a component of accumulated other comprehensive income.
F-14 |
Leases
Leases in which our company is the lessee are comprised of corporate offices and property and equipment. All of the leases are classified as operating leases. We lease multiple office spaces with a remaining weighted average term of 2.34 years.
Right-of-use (“ROU”) assets include any prepaid lease payments and exclude any lease incentives and initial direct costs incurred. Lease expense for minimum lease payments is recognized on a straight-line basis over the lease term. The lease terms may include options to extend or terminate the lease if it is reasonably certain that we will exercise that option.
In accordance with ASC 842, Leases, we recognized a ROU asset and corresponding lease liability on our consolidated balance sheet for long-term office leases and a vehicle operating lease agreement. See Note 14 – Leases for further discussion, including the impact on our consolidated financial statements and related disclosures.
Income Taxes
Deferred tax assets and liabilities are recognized for the future tax consequences attributable to differences between the consolidated financial statement carrying amounts of existing assets and liabilities and their respective tax bases. Deferred tax assets, including tax loss and credit carry forwards, and liabilities are measured using enacted tax rates expected to apply to taxable income in the years in which those temporary differences are expected to be recovered or settled. The effect on deferred tax assets and liabilities of a change in tax rates is recognized in income in the period that includes the enactment date.
We utilize ASC 740, Income Taxes, which requires the recognition of deferred tax assets and liabilities for the expected future tax consequences of events that have been included in the consolidated financial statements or tax returns. We account for income taxes using the asset and liability method to compute the differences between the tax basis of assets and liabilities and the related financial amounts, using currently enacted tax rates. A valuation allowance is recorded when it is “more likely than not” that a deferred tax asset will not be realized. At December 31, 2022 and 2021, our net deferred tax asset has been fully reserved.
For uncertain tax positions that meet a “more likely than not” threshold, we recognize the benefit of uncertain tax positions in the consolidated financial statements. Our practice is to recognize interest and penalties, if any, related to uncertain tax positions in income tax expense in the consolidated statements of operations when a determination is made that such expense is likely.
Emerging Growth Company Status
We are an emerging growth company, as defined in the Jumpstart Our Business Startups Act of 2012 (the “JOBS Act”). Under the JOBS Act, emerging growth companies can delay adopting new or revised accounting standards issued subsequent to the enactment of the JOBS Act until those standards apply to private companies. We have elected to use this extended transition period for complying with new or revised accounting standards that have different effective dates for public and private companies until the earlier of the date that it is (i) no longer an emerging growth company or (ii) affirmatively and irrevocably opts out of the extended transition period provided in the JOBS Act. As a result, these consolidated financial statements may not be comparable to companies that comply with the new or revised accounting pronouncements as of public company effective dates. The JOBS Act does not preclude an emerging growth company from early adopting new or revised accounting standards. We expect to use the extended transition period for any new or revised accounting standards during the period which we remain an emerging growth company.
F-15 |
Recently Issued Accounting Standards
In May 2021, the Financial Accounting Standards Board issued ASU No. 2021-04, Earnings Per Share (Topic 260), Debt — Modifications and Extinguishments (Subtopic 470-50), Compensation — Stock Compensation (Topic 718), and Derivatives and Hedging — Contracts in Entity’s Own Equity (Subtopic 815-40): Issuer’s Accounting for Certain Modifications or Exchanges of Freestanding Equity-Classified Written Call Options (a consensus of the Emerging Issues Task Force). The ASU requires issuers to account for modifications or exchanges of freestanding equity-classified written call options that remain equity classified after the modification or exchange based on the economic substance of the modification or exchange. Under the ASU, an issuer determines the accounting for the modification or exchange based on whether the transaction was done to issue equity, to issue or modify debt, or for other reasons. The ASU is applied prospectively and is effective for us for fiscal years beginning after December 15, 2021, and interim periods within those fiscal years. Early adoption is permitted. The adoption of this standard did not have a material impact on our consolidated financial statements.
In October 2021, the FASB issued ASU No. 2021-08, Business Combinations (Topic 805): Accounting for Contract Assets and Contract Liabilities from Contracts with Customers. The new guidance requires contract assets and contract liabilities acquired in a business combination to be recognized in accordance with ASC Topic 606 as if the acquirer had originated the contracts. The ASU is applied prospectively and is effective for us for fiscal years beginning after December 15, 2022, and interim periods within those fiscal years. Early adoption is permitted. We are currently evaluating the impact that adopting this standard will have on our consolidated financial statements.
NOTE 4 – ACQUISITIONS
2021 Acquisitions
Catapult Acquisition Corporation
On July 26, 2021, we entered into an agreement and plan of merger with VelocIT, pursuant to which VelocIT became a wholly owned subsidiary of our company. All issued and outstanding shares of common stock of VelocIT were converted into the right to receive an aggregate of up to 256,678 shares of our common stock. In addition, we issued replacement options to various VelocIT employees to purchase an aggregate of shares of our common stock with a fair value of $6,861,203 which was included in the purchase price of the transaction. The transaction closed on August 12, 2021. shares of common stock, subject to a holdback of
The following table summarizes the allocation of the purchase price to the fair values of the assets acquired and the liabilities assumed as of the transaction date:
Consideration paid | $ | 20,465,150 | ||
Tangible assets acquired: | ||||
Cash | 270,397 | |||
Accounts receivable | 649,810 | |||
Prepaid expenses | 26,282 | |||
Property and equipment | 24,862 | |||
IT assets | 10,780 | |||
Total tangible assets | 982,131 | |||
Intangible assets acquired: | ||||
Tradename - trademarks | 542,800 | |||
Intellectual property | 355,000 | |||
Non-competes | 59,100 | |||
Total intangible assets | 956,900 | |||
Assumed liabilities: | ||||
Accounts payable | 351,190 | |||
Accrued expenses | 192,034 | |||
Loans payable | 549,507 | |||
SBA loan payoff | 1,056,960 | |||
Total assumed liabilities | 2,149,691 | |||
Net liabilities acquired | 210,660 | |||
Goodwill (a) | $ | 20,675,810 |
(a) | Goodwill is not deductible for tax purposes. |
F-16 |
Atlantic Technology Systems, Inc. Acquisition
On October 1, 2021, we entered into a stock purchase agreement with ATS, ATE, James Montagne as the sole shareholder of ATS, and James Montagne and Miriam Montagne, as the sole shareholders of ATE (the “Shareholders”). Pursuant to the agreement, we purchased from the Shareholders all of the outstanding shares of ATE and ATS. The aggregate purchase price for the shares was 75,000 in cash. Furthermore, the Shareholders shall receive an additional shares of our common stock based upon Atlantic achieving certain revenue and earnings thresholds and an additional $150,000 in cash upon our listing to a national exchange. At December 31, 2021, we noted that Atlantic would not achieve the certain revenue and earnings threshold for additional compensation and, therefore, was not included in the transaction price. shares of our common stock and $
The following table summarizes the allocation of the purchase price to the fair values of the assets acquired and the liabilities assumed as of the transaction date:
Consideration paid | $ | 1,260,000 | ||
Tangible assets acquired: | ||||
Cash | 30,612 | |||
Accounts receivable | 20,778 | |||
Prepaid expenses | 4,311 | |||
Inventory | 15,425 | |||
Property and equipment | 54,023 | |||
Total tangible assets | 125,149 | |||
Intangible assets acquired: | ||||
Tradename - trademarks | 115,500 | |||
Intellectual property | 29,000 | |||
Non-competes | 18,800 | |||
Total intangible assets | 163,300 | |||
Assumed liabilities: | ||||
Accounts payable | 4,314 | |||
Accrued expenses | 3,212 | |||
Total assumed liabilities | 7,526 | |||
Net assets acquired | 280,923 | |||
Goodwill (a) | $ | 979,077 |
(a) | Goodwill is not deductible for tax purposes. |
RED74 LLC Acquisition
On October 8, 2021, we entered into a merger agreement with RED74 and Ticato Holdings, Inc., a New Jersey corporation (“Ticato”), and Tim Coleman, as sole shareholder of Ticato. Tim Coleman and Ticato were the sole shareholders of RED74. Pursuant to the agreement, the merger became effective at such time as a certificate of merger was accepted by the Secretary of State of New Jersey, or November 9, 2021 (the “Effective Time”). All shares of RED74 issued and outstanding immediately prior to the Effective Time were converted into the right to receive an aggregate of 50,000 in cash.. shares of our common stock and $
F-17 |
RED74 provides secured managed services and key IT security management expertise to small-to-mid-market businesses in New Jersey. RED74 focuses primarily on clients within two industry verticals: financial services and distribution/warehouse management. RED74 offers strategic solutions that address the specific needs of these smaller enterprises made possible by their experienced and personable staff and industry-leading technology processes. Its experienced staff members are well-versed in either partial or total secured managed solutions for businesses. RED74 has a single office location in Pennington, New Jersey and supports clients in New Jersey, Manhattan, and Eastern Pennsylvania.
The following table summarizes the allocation of the purchase price to the fair values of the assets acquired and the liabilities assumed as of the transaction date:
Consideration paid | $ | 2,158,000 | ||
Tangible assets acquired: | ||||
Cash | 115,855 | |||
Accounts receivable | 115,612 | |||
Other assets | 81,844 | |||
Property and equipment | 1,539 | |||
Total tangible assets | 314,850 | |||
Intangible assets acquired: | ||||
Tradename - trademarks | 328,900 | |||
Intellectual property | 70,000 | |||
Customer base | 279,000 | |||
Non-competes | 42,500 | |||
Total intangible assets | 720,400 | |||
Assumed liabilities: | ||||
Accounts payable | 36,119 | |||
Accrued expenses | 12,249 | |||
Total assumed liabilities | 48,368 | |||
Net assets acquired | 986,882 | |||
Goodwill (a) | $ | 1,171,118 |
(a) | Goodwill is not deductible for tax purposes. |
Ocean Point Equities, Inc. (Arkavia) Acquisition
On December 1, 2021, we entered into a stock purchase agreement with Arkavia and all of the owners of Arkavia, pursuant to which we acquired all of the issued and outstanding equity securities of Arkavia (the “Arkavia Acquisition”). Under the terms of the Arkavia Acquisition, all of the issued and outstanding equity securities of Arkavia were exchanged for an aggregate of 2,914,000 shares of our common stock.
Arkavia, a cybersecurity services company headquartered in Santiago, Chile, is oriented to solve problems with the best technological alternatives and their recognized IT Engineering services. Founded in 2010, Arkavia provides consulting, delivery, managed security service provider, and network monitoring services to a diversified client base throughout South America. With years of experience backed by multiple certifications of its specialists, Arkavia’s customers include multiple leading brands in the market in each important business segment.
F-18 |
The following table summarizes the allocation of the purchase price to the fair values of the assets acquired and the liabilities assumed as of the transaction date:
Consideration paid | $ | 14,570,000 | ||
Tangible assets acquired: | ||||
Cash | 1,753,193 | |||
Accounts receivable | 744,400 | |||
Inventory | 1,210,442 | |||
Prepaids | 465,791 | |||
Other receivables | 1,067,477 | |||
Property and equipment | 1,424,760 | |||
Total tangible assets | 6,666,063 | |||
Intangible assets acquired: | ||||
Tradename - trademarks | 811,100 | |||
Intellectual property | 460,000 | |||
Customer base | 987,000 | |||
Non-competes | 313,000 | |||
Total intangible assets | 2,571,100 | |||
Assumed liabilities: | ||||
Accounts payable | 1,125,396 | |||
Accrued liabilities | 460,496 | |||
Other | 98,268 | |||
Long-term debt | 5,156,228 | |||
Total assumed liabilities | 6,840,388 | |||
Net assets acquired | 2,396,775 | |||
Goodwill (a) | $ | 12,173,225 |
(a) | Goodwill is not deductible for tax purposes. |
2022 Acquisitions
True Digital Security, Inc. Acquisition
On January 5, 2022, we entered into the True Digital Stock Purchase Agreement with certain stockholders of True Digital and the True Digital Merger Agreement with True Digital and certain of its other stockholders. On January 19, 2022, the transactions contemplated by the True Digital Stock Purchase Agreement and the True Digital Merger Agreement were consummated, with True Digital becoming a wholly owned subsidiary of our company (the “True Digital Acquisition”). True Digital’s outstanding common stock was exchanged for $6,153,000 in cash and shares of our common stock.
F-19 |
The following table summarizes the allocation of the purchase price to the fair values of the assets acquired and the liabilities assumed as of the transaction date:
Consideration | $ | 40,879,380 | ||
Tangible assets acquired: | ||||
Cash | 485,232 | |||
Accounts receivable | 1,404,386 | |||
Contract assets | 131,342 | |||
Prepaid expenses and other current assets | 196,825 | |||
Property and equipment | 906,006 | |||
Other assets | 17,505 | |||
Total tangible assets | 3,141,296 | |||
Intangible assets acquired: | ||||
Tradename - trademarks | 1,744,200 | |||
Intellectual property | 1,137,000 | |||
Non-competes | 124,900 | |||
Total intangible assets | 3,006,100 | |||
Assumed liabilities: | ||||
Accounts payable and accrued expenses | 1,283,003 | |||
Deferred revenue | 1,956,600 | |||
Line of credit | 283,244 | |||
Loans payable | 181,741 | |||
Loans payable - shareholder | 543,581 | |||
Total assumed liabilities | 4,248,169 | |||
Net assets acquired | 1,899,227 | |||
Goodwill (a) | $ | 38,980,153 |
(a) | Goodwill and intangibles are not deductible for tax purposes. |
Creatrix, Inc. Acquisition
On June 1, 2022, we entered into a stock purchase agreement with the stockholders of Creatrix, pursuant to which Creatrix became our wholly owned subsidiary. We anticipate that this will expand our professional services offerings and capabilities. Creatrix offers recognized expertise in identity management as wells as systems integration and software engineering and specializes in biometrics, vetting, credentialing, and case management.
The following table summarizes the allocation of the purchase price to the fair values of the assets acquired and the liabilities assumed as of the transaction date:
Consideration paid | $ | 3,630,000 | ||
Tangible assets acquired: | ||||
Cash | 3,572 | |||
Accounts receivable | 125,908 | |||
Contract assets | 33,965 | |||
Prepaid expenses and other current assets | 3,597 | |||
Total tangible assets | 167,042 | |||
Assumed liabilities: | ||||
Accounts payable and accrued expenses | 48,001 | |||
Loans payable | 56,687 | |||
Total assumed liabilities | 104,688 | |||
Net assets acquired | 62,354 | |||
Goodwill (a) | $ | 3,567,646 |
(a) | Goodwill is not deductible for tax purposes. |
F-20 |
CyberViking, LLC Acquisition
On July 1, 2022, we entered into a stock purchase agreement with the interest holders of CyberViking and its interest holders, pursuant to which we acquired all of the issued and outstanding units of CyberViking, with CyberViking becoming a wholly owned subsidiary of our company. We anticipate that this will expand our professional services offerings and capabilities. CyberViking specializes in application security services, incident response, and threat hunting as well as the creation and management of security operation centers.
We did not acquire assets nor assume liabilities in our purchase of CyberViking, as a result the $1,836,320 of consideration paid is recognized as goodwill. The goodwill is not deductible for tax purposes.
CUATROi Acquisition
On August 25, 2022, we entered into a stock purchase agreement with CUATROi and its partners, pursuant to which CUATROi became our wholly owned subsidiary. We anticipate that this will expand our professional services offerings and capabilities. CUATROi is a cloud, managed services provider and cybersecurity company with offices in South America.
The aggregate purchase price was allocated to the tangible and intangible assets acquired and liabilities assumed based on their estimated fair values as of the acquisition date, with the excess recorded to goodwill. During the measurement period, which will not exceed one year from closing, we will continue to obtain information to assist us in finalizing the acquisition date fair values. Any qualifying changes to our preliminary estimates will be recorded as adjustments to the respective assets and liabilities, with any residual amounts allocated to goodwill.
The following table summarizes the allocation of the purchase price to the fair values of the assets acquired and the liabilities assumed as of the transaction date:
Consideration paid | $ | 6,847,474 | ||
Tangible assets acquired: | ||||
Cash | 77,804 | |||
Accounts receivable | 478,210 | |||
Prepaid expenses and other current assets | 51,464 | |||
Property and equipment | 434,816 | |||
Total tangible assets | 1,042,294 | |||
Intangible assets acquired: | ||||
Customer base | 1,240,000 | |||
Total intangible assets | 1,240,000 | |||
Assumed liabilities: | ||||
Accounts payable and accrued expenses | 242,830 | |||
Loans payable | 850,199 | |||
Total assumed liabilities | 1,093,029 | |||
Net assets acquired | 1,189,265 | |||
Goodwill (a) | $ | 5,658,209 |
(a) | Goodwill and intangibles are not deductible for tax purposes. |
NLT Secure Acquisition
On September 1, 2022, we entered into a stock purchase agreement with NLT Secure and its interest holders, pursuant to which we acquired all of the issued and outstanding units of NLT Secure becoming a wholly owned subsidiary of our company. We anticipate that this will expand our professional services offerings and capabilities. NLT Secure provides a broad range of security solutions and managed services to organizations throughout South America.
F-21 |
The aggregate purchase price was allocated to the tangible and intangible assets acquired and liabilities assumed based on their estimate fair values as of the acquisition date, with the excess recorded to goodwill. During the measurement period, which will not exceed one year from closing, we will continue to obtain information to assist us in finalizing the acquisition date fair values. Any qualifying changes to our preliminary estimates will be recorded as adjustments to the respective assets and liabilities, with any residual amounts allocated to goodwill.
The following table summarizes the allocation of the purchase price to the fair values of the assets acquired and the liabilities assumed as of the transaction date:
Consideration paid | $ | 6,919,597 | ||
Tangible assets acquired: | ||||
Cash | 48,858 | |||
Accounts receivable | 66,972 | |||
Prepaid expenses and other current assets | 154,300 | |||
Property and equipment | 1,071,401 | |||
Total tangible assets | 1,341,531 | |||
Assumed liabilities: | ||||
Accounts payable and accrued expenses | 791,228 | |||
Loans payable | 1,778,591 | |||
Total assumed liabilities | 2,569,819 | |||
Net liabilities assumed | 1,228,288 | |||
Goodwill (a) | $ | 8,147,885 |
(a) | Goodwill is not deductible for tax purposes. |
Pro forma financial information is not presented because the acquisitions were not material to our financial statements, individually or in the aggregate.
NOTE 5 – PREPAID EXPENSES AND OTHER CURRENT ASSETS
Prepaid expenses and other current assets consisted of:
December 31, 2022 | December 31, 2021 | |||||||
Prepaid expenses | $ | 987,651 | $ | 441,259 | ||||
Prepaid taxes | 572,645 | 231,014 | ||||||
Prepaid insurance | 164,354 | 46,751 | ||||||
Deferred interest | 229,702 | |||||||
Total prepaid expenses and other current assets | $ | 1,724,650 | $ | 948,726 |
NOTE 6 – PROPERTY AND EQUIPMENT
Property and equipment consisted of the following:
December 31, 2022 | December 31, 2021 | |||||||
Computer equipment | $ | 1,264,713 | $ | 495,235 | ||||
Building | 1,776,040 | 1,047,020 | ||||||
Leasehold improvements | 541,647 | 109,626 | ||||||
Vehicle | 28,229 | 63,052 | ||||||
Furniture and fixtures | 151,142 | 33,358 | ||||||
Software | 1,667,283 | 748,599 | ||||||
5,429,054 | 2,496,890 | |||||||
Less: accumulated depreciation | (748,559 | ) | (102,466 | ) | ||||
Property and equipment, net | $ | 4,680,495 | $ | 2,394,424 |
Total depreciation expense was $736,181 and $87,993 for the years ended December 31, 2022 and 2021, respectively.
F-22 |
NOTE 7 – INTANGIBLE ASSETS AND GOODWILL
At December 31, 2021, we determined it was more-likely-than-not that the carrying value of goodwill in our reporting units was impaired as of December 31, 2021. The fair value estimates for all reporting units were based on a blended analysis of the present value of future cash flows and the market value approach. The significant estimates used in the discounted cash flows model included our weighted average cost of capital, projected cash flows, and the long-term rate of growth. The significant estimates used in the market approach model included identifying public companies engaged in businesses that are considered comparable to those of the reporting unit and assessing comparable revenue and earnings multiples in estimating the fair value of the reporting unit. The excess of the reporting unit’s carrying value over the estimate of the fair value was recorded as goodwill impairment of $22,078,064. There was no impairment recognized as of and during the year ended December 31, 2022.
The following table summarizes the changes in goodwill during the years ended December 31, 2022 and 2021, respectively:
Balance December 31, 2020 | $ | 4,101,369 | ||
Acquisition of goodwill | 34,999,230 | |||
Impairment | (22,078,064 | ) | ||
Reclassification based on valuation report(1) | (230,000 | ) | ||
Balance December 31, 2021 | 16,792,535 | |||
Acquisition of goodwill | 58,190,213 | |||
Foreign currency translation adjustment | 1,237,153 | |||
Other | 444,116 | |||
Ending balance, December 31, 2022 | $ | 76,664,017 |
(1) | During the year ended December 31, 2022, we completed a valuation for the December 16, 2021 acquisition of Alpine. As such, the purchase price allocation disclosed in our Annual Report in Form 10-K for December 31, 2021, filed on March 31, 2022, changed and, therefore, goodwill changed. |
Intangible assets, net are summarized as follows:
December 31, 2022 | ||||||||||||
Gross Carrying Amount | Accumulated Amortization | Net Carrying Amount | ||||||||||
Tradenames – trademarks | $ | 4,744,409 | $ | (1,167,476 | ) | $ | 3,576,933 | |||||
Customer base | 2,949,143 | (449,565 | ) | 2,499,578 | ||||||||
Non-compete agreements | 796,583 | (436,611 | ) | 359,972 | ||||||||
Intellectual property/technology | 2,659,391 | (620,645 | ) | 2,038,746 | ||||||||
$ | 11,149,526 | $ | (2,674,297 | ) | $ | 8,475,229 |
F-23 |
December 31, 2021 | ||||||||||||
Gross Carrying Amount | Accumulated Amortization | Net Carrying Amount | ||||||||||
Tradenames – trademarks | $ | 3,010,100 | $ | $ | 3,010,100 | |||||||
Customer base | 1,650,000 | (57,261 | ) | 1,592,739 | ||||||||
Non-compete agreements | 675,500 | (154,653 | ) | 520,847 | ||||||||
Intellectual property/technology | 1,528,000 | (111,417 | ) | 1,416,583 | ||||||||
$ | 6,863,600 | $ | (323,331 | ) | $ | 6,540,269 |
During the third quarter of 2022, as the result of rebranding and expected future marketing of our products and services, we made the decision to phase out certain indefinite-lived tradenames from acquired subsidiaries. We believe the phase-out and integration of the rebranding and marketing will be completed no later than June 30, 2024, and expect to recognize $1,211,800 of amortization expense from tradenames previously held as indefinite-lived.
Amortization expense of identifiable intangible assets was $2,338,273 and $206,862, for the years ended December 31, 2022 and 2021, respectively. As of December 31, 2022, the weighted-average remaining amortization period for intangible assets was 3.84 years.
Based on the balance of intangibles assets at December 31, 2022, expected future amortization expense is as follows:
2023 | $ | 2,687,120 | ||
2024 | 1,947,787 | |||
2025 | 1,758,851 | |||
2026 | 1,656,636 | |||
2027 | 424,835 | |||
$ | 8,475,229 |
NOTE 8 – ACCOUNTS PAYABLE AND ACCRUED EXPENSES
Accounts payable and accrued expenses consisted of the following amounts:
December 31, 2022 | December 31, 2021 | |||||||
Accounts payable | $ | 5,267,492 | $ | 1,700,260 | ||||
Accrued payroll | 1,274,919 | 482,588 | ||||||
Accrued expenses | 1,296,382 | 513,718 | ||||||
Accrued commissions | 305,768 | |||||||
Accrued interest | 165,776 | 12,500 | ||||||
Total accounts payable and accrued expenses | $ | 8,310,337 | $ | 2,709,066 |
Note 9 - RELATED PARTY TRANSACTIONS
Independent Consulting Agreement with Stephen Scott
In August 2020, we entered into an Independent Consulting Agreement with Stephen Scott, a Director of our company, with respect to advisory and consulting services relating to our strategic and business development, and sales and marketing. Mr. Scott receives a consulting fee of $11,500 per month for such services. During the years ended December 31, 2022 and 2021, we paid consulting fees to Mr. Scott in the amount of $138,000 each year.
Convertible Note Payable – Related Party
On December 23, 2020, we issued an unsecured convertible note to Hensley & Company in the principal amount of $3,000,000 bearing an interest rate at 6.00% per annum payable at maturity with a maturity date of December 31, 2021, with a conversion price of $2.00 per share. On December 31, 2021, Hensley & Company converted the principal amount of $3,000,000 for shares of our common stock at a conversion price of $2.00 per share.
F-24 |
Managed Services Agreement with Hensley Beverage Company – Related Party
In July 2021, we entered into a 1-year Managed Services Agreement with Hensley Beverage Company to provide secured managed services. We also may be engaged by Hensley Beverage Company from time to time to provide other related services outside the scope of the Managed Services Agreement. While the agreement provides for a term through December 31, 2021, the agreement will continue until terminated by either party. For the years ended December 31, 2022 and 2021, we received $850,445 and $466,597, respectively from Hensley Beverage Company for contracted services and had an outstanding receivable balance of $15,737 and $11,508 as of December 31, 2022 and 2021, respectively.
Note Receivable – Related Party
Arkavia provided cash infusions to a related party to fund a wholly owned subsidiary in Peru for start-up and operational costs. The subsidiary is incorporated and as such, the assets, liabilities and operation results are included in the condensed consolidated financial statements. At December 31, 2022, no amount remains outstanding.
Note 10 - STOCKHOLDERS’ EQUITY
Our amended and restated certificate of incorporation authorized the issuance of up to shares of common stock and shares of undesignated preferred stock, each having a par value of $ per share. Shares of common stock have both economic and voting rights.
Equity Transactions
During the years ended December 31, 2022 and 2021, we issued an aggregate of 10,689,087 and $3,250,000, respectively. and shares of common stock to investors for cash proceeds of $
During the years ended December 31, 2022 and 2021, we issued an aggregate of and shares of common stock, respectively, to consultants and vendors for services rendered.
On December 31, 2021, we issued shares of common stock pursuant to the conversion of a convertible note with Hensley & Company.
On January 18, 2022, we issued a warrant to the underwriter of our Form S-1 to purchase an aggregate 5.00 per share. shares of our common stock. The warrant is exercisable for a period of from the date of issuance at an exercise price of $
The follow table summarizes warrant activity:
Shares | Weighted Average Exercise Price | Weighted Average Remaining Contractual Life (in years) | Aggregate Intrinsic Value | |||||||||||||
Outstanding at January 1, 2022 | $ | - | $ | |||||||||||||
Granted | 144,200 | 5.00 | - | - | ||||||||||||
Exercised | - | - | ||||||||||||||
Expired or cancelled | - | - | ||||||||||||||
Outstanding at December 31, 2022 | 144,200 | 5.00 | ||||||||||||||
Exercisable at December 31, 2022 | 144,200 | $ | 5.00 | $ |
F-25 |
Note 11 – STOCK-BASED COMPENSATION
2019 Equity Incentive Plan
Our Board of Directors approved our 2019 Equity Incentive Plan (the “2019 Plan”) in June 2019, and our stockholders holding a majority of the outstanding shares of our common stock approved and adopted the 2019 Plan. On October 17, 2022, the maximum number of shares of our common stock that may be issued under our 2019 Plan was increased to shares. As of December 31, 2022, there were shares of common stock available for issue as future awards under the 2019 Plan.
Options
We granted options for the purchase of and shares of common stock during the year ended December 31, 2022 and 2021, respectively.
For the Year Ended | For the Year Ended | |||||
December 31, 2022 | December 31, 2021 | |||||
Risk free interest rate | % - | % | % - | % | ||
Contractual term (years) | – | – | ||||
Expected volatility | % - | % | % - | % | ||
Expected dividend yield | % | % |
Shares | Weighted Average Exercise Price | Weighted Average Remaining Contractual Life (in years) | Aggregate Intrinsic Value | |||||||||||||
Outstanding at January 1, 2021 | 24,573,700 | $ | 0.86 | - | $ | - | ||||||||||
Granted | 11,091,691 | 3.60 | - | - | ||||||||||||
Exercised | (100,000 | ) | 0.50 | - | - | |||||||||||
Expired or cancelled | (4,193,243 | ) | 0.83 | - | - | |||||||||||
Outstanding at December 31, 2021 | 31,372,148 | 1.84 | - | - | ||||||||||||
Granted | 17,457,613 | 3.51 | - | - | ||||||||||||
Exercised | (2,689,071 | ) | 0.55 | - | - | |||||||||||
Expired or cancelled | (9,743,169 | ) | 3.03 | - | - | |||||||||||
Outstanding at December 31, 2022 | 36,397,521 | $ | 2.45 | $ | 41,440,378 | |||||||||||
Exercisable at December 31, 2022 | 19,829,580 | $ | 1.41 | $ | 37,818,420 |
The aggregate intrinsic value for stock options outstanding and exercisable is defined as the positive difference between the fair market value of our common stock and the exercise price of the stock options.
Total compensation expense related to the options was $ and $ for the years ended December 31, 2022 and 2021, respectively. As of December 31, 2022, there was future compensation expense of $ with a weighted average recognition period of years related to the options.
F-26 |
NOTE 12 – COMMITMENTS AND CONTINGENCIES
Maxim Settlement Agreement
On October 27, 2020, we entered into an advisory agreement (the “Advisory Agreement”) with Maxim Group LLC (“Maxim”), pursuant to which the parties agreed to certain compensation obligations in the form of our common stock, cash and future rights. Certain disputes arose between the parties regarding the duties and obligations pursuant to the Advisory Agreement, resulting in the parties agreeing to enter into a settlement and release agreement on January 13, 2022. As a result, we recorded a settlement liability at December 31, 2021 of $470,000 on the statement of operations and issued shares of our common stock to Maxim pursuant to the settlement. The settlement liability was paid in January 2022.
Legal Claims
There are no material pending legal proceedings in which we or any of our subsidiaries is a party or in which any of our directors, officers or affiliates, any owner of record or beneficially of more than 5% of any class of our voting securities, or security holder is a party adverse to us or has a material interest adverse to us.
Indirect Taxes
We are subject to indirect taxation in some, but not all, of the various states and foreign jurisdictions in which we conduct business. Laws and regulations attempting to subject commerce conducted over the Internet to various indirect taxes are becoming more prevalent, both in the United States and internationally, and may impose additional burdens on us in the future. Increased regulation could negatively affect our business directly, as well as the business of our customers. Taxing authorities may impose indirect taxes on the Internet-related revenue we generated based on regulations currently being applied to similar, but not directly comparable industries. There are many transactions and calculations where the ultimate indirect tax determination is uncertain. In addition, domestic and international indirect taxation laws are complex and subject to change. We may be audited in the future, which could result in changes to our indirect tax estimates. We continually evaluate those jurisdictions in which nexus exists, and believe we maintain adequate indirect tax accruals.
As of December 31, 2022 and 2021, our accrual for estimated indirect tax liabilities was $409,187 and $99,088, respectively, reflecting our best estimate of the potential liability based on an analysis of our business activities, revenues subject to indirect taxes, and applicable regulations. Although we believe our indirect tax estimates and associated liabilities are reasonable, the final determination of indirect tax audits, litigation, or settlements could be materially different than the amounts established for indirect tax contingencies.
NOTE 13 – LOANS PAYABLE, CONVERTIBLE NOTE PAYABLE AND LINES OF CREDIT
Loans Payable
Loans payable was as follows:
Interest Rate | Maturities | December 31, 2022 | December 31, 2021 | |||||||||||
Term loans (US dollar denominated) | 5.00% – 7.50 | % | 2023 - 2027 | $ | 5,461,520 | $ | 478,712 | |||||||
Term loans (Chilean peso denominated) | 3.48% - 19.20 | % | 2023 - 2031 | 6,541,113 | 5,018,788 | |||||||||
12,002,633 | 5,497,500 | |||||||||||||
Less current portion | (7,758,831 | ) | (213,199 | ) | ||||||||||
Long term loans payable | $ | 4,243,802 | $ | 5,284,301 |
F-27 |
Bridge Loan
We entered into a bridge loan with Bell Bank (the “Bell Bank Note”), secured by substantially all of our assets, in the principal amount of $5,000,000 bearing an interest rate of 4.00% per annum payable monthly with a maturity date of December 14, 2022. The bridge loans are guaranteed by our assets. In December 2022, we extend the maturity of the bridge loan to March 14, 2023. The applicable interest rate on the loan extension is 7.50%, the prime rate at the time of the extension. We recorded interest expense of $114,167 for the year-ended December 31, 2022, and had accrued interest of $4,167 as of December 31, 2022. The effective interest of this loan was 4.22%.
Term Loans
Various subsidiaries in the United States are borrowers under certain term loans. These term loans require monthly principal and interest payments. The term loans are secured by various assets owned by our subsidiaries. We recorded aggregate interest expense of these term loans of $50,754 and $297,487 for the years ended December 31, 2022 and 2021, respectively. Accrued interest for the loans was $13,435 and as of December 31, 2022 and 2021, respectively. The aggregate effective interest rate of the terms loans was 10.80%.
Our Latin America subsidiaries are the borrowers under certain term loans denominated in Chilean Pesos. These term loans require monthly principal and interest payments. The loans are secured by various assets owned by our subsidiaries. We recorded aggregate interest expense on these term loans of $318,055 and $14,825 for the years ended December 31, 2022 and 2021, respectively. Accrued interest for the loans was as of December 31, 2022 and 2021, respectively. The aggregate effective interest rate of these term loans was 10.90%.
Convertible Notes Payable
On December 23, 2020, we issued to Hensley & Company an unsecured convertible note payable in the principal amount of $3,000,000. The convertible note bore interest at 6.00% per annum, with an effective interest rate of 8.50% per annum, payable at maturity with a maturity date of December 31, 2021. Amounts due under the note were convertible into shares of our common stock at any time at the option of the Holder, at a conversion price of $2.00 per share. The issuance of the note resulted in a discount from the beneficial conversion feature totaling $75,000. Interest expense on the note was and $255,891 for the years ended December 31, 2022 and 2021, respectively.
On December 31, 2021, Hensley & Company converted the principal amount of $3,000,000 for shares of our common stock.
On October 27, 2021, we issued to Neil Stinchcombe, a convertible note in the principal amount of $1,500,000 bearing an interest rate of 5.00% per annum payable at maturity with a maturity date of January 27, 2022, with a conversion price of $5.00 per share. On March 10, 2022, we entered into Amendment #1 to the note pursuant to which the maturity date was extended to October 27, 2022. On March 27, 2023, we entered into a letter agreement with Neil Stinchcombe to resolve certain payment terms of his convertible note. We agreed to repay the principal amount of the note in three equal installment payments of $500,000 on each of March 31, April 28 and May 31, 2023, with accrued interest to be paid on May 31, 2023 at the note’s reflected interest rate of 5.00% per annum. If we fail to make any of the foregoing payments, the applicable interest rate will be increased to a default rate of 24.00% per annum. The outstanding principal of this note was $1,500,000 at December 31, 2022 and 2021. We recorded interest expense of $106,507 and $12,500 during the years ended December 31, 2022 and 2021, respectively. At December 31, 2022 and 2021, we recorded accrued interest of $119,007 and $12,500, respectively, with respect to this note.
In June 2022, we issued an unsecured convertible note payable in the principal amount of $1,000,000 and if repaid in cash, is payable at 105% of the principal amount. The convertible note bears interest at 5.00% per annum, with an effective interest rate of 13.57% per annum, payable at maturity with a maturity date in June 2023. Amounts due under the note could be converted into shares of our common stock at any time at the option of the Holder, at a conversion price of $7.83 per share. We recorded interest expense on the note of $79,167 for the year ended December 31, 2022 and accrued interest as of December 31, 2022 was $29,167.
Future minimum payments under the above debt instruments following the year ended December 31, 2021, are as follows:
2023 | $ | 10,308,831 | ||
2024 | 1,703,598 | |||
2025 | 1,081,333 | |||
2026 | 552,311 | |||
2027 | 303,338 | |||
Thereafter | 603,222 | |||
14,552,633 | ||||
Less: current | (10,308,831 | ) | ||
$ | 4,243,802 |
F-28 |
NOTE 14 – LEASES
During the years ended December 31, 2022 and 2021, we recognized additional ROU assets and lease liabilities of $226,942 and $387,543, respectively. We elected to not recognize ROU assets and lease liabilities arising from short-term office leases, leases with initial terms of twelve months or less (deemed immaterial) on the consolidated balance sheets.
When measuring lease liabilities for leases that were classified as operating leases, we discounted lease payments using its estimated incremental borrowing rate. The incremental borrowing rate applied was 6.00%. As of December 31, 2022, our leases had a remaining weighted average term of 2.34 years.
The following table presents net lease cost and other supplemental lease information:
Year Ended December 31, 2022 | Year Ended December 31, 2021 | |||||||
Lease cost | ||||||||
Operating lease cost (cost resulting from lease payments) | $ | 259,033 | $ | 130,289 | ||||
Short term lease cost | 66,658 | 59,306 | ||||||
Net lease cost | $ | 325,691 | $ | 189,595 | ||||
Operating lease – operating cash flows (fixed payments) | $ | 259,003 | $ | 130,289 | ||||
Operating lease – operating cash flows (liability reduction) | $ | 233,425 | $ | 118,252 | ||||
Non-current leases – right of use assets | $ | 255,687 | $ | 277,578 | ||||
Current liabilities – operating lease liabilities | $ | 121,731 | $ | 196,472 | ||||
Non-current liabilities – operating lease liabilities | $ | 159,205 | $ | 88,040 |
Future minimum payments under non-cancelable leases for operating leases for the remaining terms of the leases following the year ended December 31, 2022, are as follows:
Fiscal Year | Operating Leases | |||
2023 | $ | 120,268 | ||
2024 | 106,639 | |||
2025 | 73,435 | |||
Total future minimum lease payments | 300,342 | |||
Amount representing interest | (17,768 | ) | ||
Present value of net future minimum lease payments | $ | 282,574 |
NOTE 15 – INCOME TAXES
For the years ended December 31, 2022, and 2021, the income tax benefit consisted of the following:
Year Ended December 31, | ||||||||
2022 | 2021 | |||||||
Current: | ||||||||
Federal | $ | $ | ||||||
Foreign | 1,432 | |||||||
State | 6,869 | |||||||
Total current income taxes | $ | 8,301 | $ | |||||
Deferred | ||||||||
Federal | $ | (95,018 | ) | $ | ||||
Foreign | 100,466 | |||||||
State | (14,298 | ) | ||||||
Total deferred income taxes | $ | (8,850 | ) | $ | ||||
Total | $ | (549 | ) | $ |
A reconciliation of the statutory federal income tax benefit to actual tax benefit for the years ended December 31, 2022 and 2021 is as follows:
Year Ended December 31, | ||||||||
2022 | 2021 | |||||||
Computed tax benefit at statutory rate | 21.00 | % | (21.00 | %) | ||||
State income taxes, net of federal tax effect | 0.03 | % | (4.00 | %) | ||||
Effect of rates different than statutory | 0.17 | % | ||||||
Stock-based compensation | (5.10 | %) | ||||||
Change in valuation allowance | (9.12 | %) | 25.00 | % | ||||
Return to provision adjustments | (6.39 | %) | ||||||
Other, net | (0.59 | %) | ||||||
Effective tax rate | 0.00 | % | 0.00 | % |
F-29 |
The tax effects of temporary differences that give rise to significant portions of the deferred tax assets and liabilities were as follows as of December 31, 2022 and 2021:
Year Ended December 31, | ||||||||
2022 | 2021 | |||||||
Deferred tax assets: | ||||||||
Property and equipment | $ | 69,252 | $ | 391,900 | ||||
Allowance for doubtful accounts | 143,804 | 19,700 | ||||||
Net operating loss carryforwards | 1,452,734 | 1,035,400 | ||||||
Stock-based compensation | 4,303,860 | 2,791,900 | ||||||
Accounts payable and accrued liabilities | 3,191 | 657,700 | ||||||
Right of use assets | 78,419 | |||||||
Goodwill impairment | 5,587,000 | |||||||
Other | 194,374 | |||||||
Total deferred tax assets | $ | 6,245,634 | $ | 10,483,600 | ||||
Valuation allowance | (4,381,644 | ) | (8,937,487 | ) | ||||
Net deferred income taxes | $ | 1,863,990 | $ | 1,546,113 | ||||
Deferred tax liabilities | ||||||||
Intangible assets | $ | (2,041,418 | ) | $ | ||||
Prepaid expenses | (193,500 | ) | ||||||
Amortization | (1,546,113 | ) | ||||||
Lease liability | (64,750 | ) | ||||||
Total deferred tax liabilities | $ | (2,299,668 | ) | $ | (1,546,113 | ) | ||
Net deferred tax liabilities | $ | (435,678 | ) | $ | ||||
Net deferred tax liability by jurisdiction | ||||||||
Domestic | $ | $ | ||||||
Chile | (435,678 | ) | ||||||
Peru | ||||||||
Colombia | ||||||||
Total | $ | (435,678 | ) | $ |
We account for deferred taxes under ASC 740, Income Taxes, which requires a reduction of the carrying amounts of deferred tax assets by a valuation allowance if, based on available evidence, it is more likely than not that such assets will not be realized. Accordingly, the need to establish valuation allowances for deferred tax assets is assessed periodically based on the ASC 740 more-likely-than-not realization threshold criterion. This assessment considers matters such as future reversals of existing taxable temporary differences, projected future taxable income, tax-planning strategies, legislative developments, and results of recent operations. The evaluation of the recoverability of the deferred tax assets requires that we weigh all positive and negative evidence to reach a conclusion that it is more likely than not that all or some portion of the deferred tax assets will not be realized. The weight given to the evidence is commensurate with the extent to which it can be objectively verified.
We have provided a valuation allowance for our net deferred tax assets at December 31, 2022 and 2021, due to the uncertainty surrounding the future realization of such assets and the cumulative losses we have generated. Therefore, no benefit has been recognized in the financial statements for the net operating loss carryforwards and other deferred tax assets. During the years ended December 31, 2022 and 2021, respectively, the valuation allowance decreased by $4,555,842 and increased by $9,180,200, respectively.
As of December 31, 2022, we had approximately $21,511,055 of consolidated federal net operating loss carryforwards and $25,595,104 of apportioned state net operating loss carryforwards available to offset future taxable income, respectively. If unused, the federal and state net operating loss carryforwards will begin to expire in 2032. Additionally, we had $3,584,038 of Chile net operating loss carryforwards and $916,601 of Peru net operating loss carryforwards. An indefinite carryforward of losses is allowed in Chile. The net operating loss carryforward in Peru will begin to expire in 2026.
Utilization of net operating loss carryforwards and credits may be subject to a substantial annual limitation due to the ownership change limitations provided by the Internal Revenue Code of 1986, as amended (IRC), and similar state provisions. We have not performed a detailed analysis to determine whether an ownership change under Section 382 of the IRC has occurred or will occur. We will perform an analysis as soon as is practicable to determine the extent of limitations, especially in regard to our subsidiaries. It is possible that additional limitations may arise in future years, even after an analysis is completed, due to future changes in the ownership of our Company.
We file federal and state income tax returns in jurisdictions with varying statutes of limitations. With few exceptions, we are no longer subject to federal or state income tax examinations by tax authorities for tax years prior to 2019 and 2018, respectively. We believe our income tax filing positions and deductions are more likely than not to be sustained on audit. Therefore, no liabilities for uncertain tax positions have been recorded.
As of the date of this filing, we have not filed our 2022 federal and state income tax returns. We expect to file these documents as soon as practicable.
NOTE 16 – CONCENTRATION OF CREDIT RISK AND SIGNIFICANT CUSTOMERS
Cash Deposits
Our financial instruments exposed to concentrations of credit risk consist primarily of cash and cash equivalents. Although we deposit cash with multiple banks, these deposits, including those held in foreign branches of global banks, may exceed the amount of insurance provided on such deposits. These deposits may generally be redeemed upon demand and bear minimal risk.
F-30 |
Revenue
No single customer represented over 10% of our total revenue for the year ended December 31, 2022.
One client accounted for 20% of revenue for the year ended December 31, 2021.
NOTE 17 – GEOGRAPHIC INFORMATION
Revenue by geography is based on the customer’s billing address and was as follows:
2022 | 2021 | |||||||
U.S. | $ | 36,559,841 | $ | 13,823,871 | ||||
Chile | 9,634,082 | 1,318,688 | ||||||
All other countries | 355,694 | |||||||
$ | 46,549,617 | $ | 15,142,559 |
No other international country represented more than 10% of revenue in any period presented.
Property and equipment, net by geography was as follows:
2022 | 2021 | |||||||
U.S. | $ | 1,198,057 | $ | 95,069 | ||||
Chile | 3,480,911 | 2,299,355 | ||||||
All other countries | 1,527 | |||||||
$ | 4,680,495 | $ | 2,394,424 |
No other international country represented more than 10% of property and equipment, net in any period presented.
NOTE 18 – ACCUMULATED OTHER COMPREHENSIVE LOSS
The following table presents AOCI activity in equity:
Foreign Currency Translation Adjustments | Total AOCI | |||||||
Balance as of December 31, 2021 | $ | $ | ||||||
Other comprehensive income | ||||||||
Amounts reclassified from AOCI | 1,062,247 | 1,062,247 | ||||||
Balance as of December 31, 2022 | $ | 1,062,247 | $ | 1,062,247 |
NOTE 19 – SUBSEQUENT EVENTS
Acquisition
On January 10, 2023, we entered into a definitive agreement to acquire RAN Security, a cybersecurity company with headquarters in Buenos Aires, Argentina and officers in Chile, Peru, Bolivia, and Paraguay. Under the terms of the agreements, RAN Security will become a wholly owned subsidiary. The transaction is expected to close later in the year, subject to satisfaction of customary closing conditions, including applicable regulatory approvals.
Loan Payable and Convertible Note
The Bell Bank Note was originally due and payable on December 14, 2022, which was extended to March 14, 2023 (as so extended, the “Bell Bank Maturity Date”). We did not repay the Bell Bank Note on or prior to the Bell Bank Maturity Date, which resulted in an event of default under the terms thereof. As a result, the interest rate applicable to amounts due under the Bell Bank Note increased from 4.00% to 7.50% per annum.
On March 15, 2023, we entered into a Cash Advance Agreement (“Cash Advance Agreement”) with Cedar Advance, LLC, pursuant to which we received gross proceeds of $2,000,000 and paid $87,500 in upfront fees. The terms of the Cash Advance Agreement calls for us to remit weekly payments of $99,398 until such time as we have repaid $2,870,000. The estimated effective interest rate is 155.11%. The Cash Advance Agreement is secured by the accounts receivables of Cerberus, TalaTek, and True Digital.
F-31 |
We intend to use the proceeds from the Cash Advance Agreement for general corporate purposes, which may include working capital, capital expenditures, and repayment of debt.
On March 20, 2023, we entered into a Purchase Agreement (the “Purchase Agreement”) with Hensley & Company dba Hensley Beverage Company (the “Purchaser”), a related party, pursuant to which we issued and sold to the Purchaser a $5,000,000 10 Percent (10%) Unsecured Convertible Note (the “Note”) for gross proceeds of $5,000,000 in a private placement exempt from registration under Section 4(a)(2) of the Securities Act of 1933, as amended (the “Securities Act”), and Regulation D promulgated thereunder (the “Note Offering”). The Note, together with accrued and unpaid interest thereon, is due on March 20, 2025 (the “Maturity Date”). We may not prepay the Note prior to the Maturity Date without the consent of the Purchaser. The Note will bear interest at a rate of 10% per annum (based on a 360-day year), payable monthly. At any time prior to or on the Maturity Date and subject to certain beneficial ownership limitations, the Purchaser may convert all or any portion of the outstanding principal amount of the Note and all accrued and unpaid interest thereon into shares of our common stock, par value $ per share, at a conversion price of $1.20 per share (the “Conversion Price”). The Conversion Price is adjustable in the event of any stock split, reverse stock split, recapitalization, reorganization, or similar event. Upon the occurrence of an “Event of Default” (as defined in the Note and including the failure to make required payments when due after specified grace periods, certain breaches of the Purchase Agreement and certain specified insolvency events), the Purchaser would have the right to accelerate payments due under the Note, which from and after such acceleration would bear interest at a default rate of 24% per annum.
We used the proceeds from the Note Offering and our existing cash resources to repay in full the $5,000,000 4% promissory note issued and sold to Bell Bank in June 2022, plus $35,417 of accrued and unpaid interest.
On March 27, 2023, we entered into a letter agreement with Neil Stinchcombe to resolve a dispute about certain payment terms of a convertible note previously issued to Mr. Stinchcombe, with an outstanding principal amount of $1,500,000. Pursuant to the terms of this agreement, we agreed to repay the principal amount of the note in three equal installment payments of $500,000, on each of March 31, April 28 and May 31, 2023, with accrued interest to be paid on May 31, 2023 at the note’s reflected interest rate of 5.0% per annum. If we fail to timely make any of the foregoing payments, the applicable interest rate will be increased to a default rate of 24% per annum.
On March 29, 2023, we received a letter from the listing qualifications staff of Nasdaq providing notification that the bid price for our common stock had closed below $
per share for the previous 30 consecutive business days and our common stock no longer met the minimum bid price requirement for continued listing under Nasdaq Listing Rule 5550(a)(2). In accordance with Nasdaq Listing Rule 5810(c)(3)(A), we have an initial period of 180 calendar days to regain compliance. To regain compliance, the closing bid price of our common stock has to be $ per share or more for a minimum of 10 consecutive business days at any time before the expiration of the initial compliance period. In the event that we are unable to regain compliance with Rule 5550(a)(2) during the initial compliance period, Nasdaq rules provide that we may be eligible for an additional 180 calendar day compliance period. To qualify, we need to meet the continued listing requirement for market value of publicly held shares and all other initial listing standards for the Nasdaq Capital Market, with the exception of the minimum bid price requirement, and to provide written notice of our intention to cure the deficiency during the second compliance period, by effecting a reverse stock split, if necessary.
F-32 |