Risk Factors - GWRE

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Item 1A.Risk Factors

A description of the risks and uncertainties associated with our business is set forth below. You should carefully consider such risks and uncertainties, together with the other information contained in this Annual Report on Form 10-K, and in our other public filings. The risks and uncertainties described below are not the only ones we face. Additional risks and uncertainties may also become important factors that adversely affect our business. If any of such risks and uncertainties actually occurs, our business, results of operations, or financial condition could differ materially from the plans, projections and other forward-looking statements included in the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and elsewhere in this Annual Report on Form 10-K and in our other public filings. In addition, if any of the following risks and uncertainties, or if any other risks and uncertainties, actually occurs, our business, results of operations, or financial condition could be harmed substantially, which could cause the market price of our stock to decline, perhaps significantly. In addition, if any of the following risks and uncertainties, or if any other risks and uncertainties, actually occurs, our business, financial condition or results of operations could be harmed substantially, which could cause the market price of our stock to decline, perhaps significantly.

Risks Related to our Business and Industry

We may experience significant quarterly and annual fluctuations in our results of operations due to a number of factors.

Our quarterly and annual results of operations may fluctuate significantly due to a variety of factors, many of which are outside of our control. This variability may lead to volatility in our stock price as investors and research analysts respond to quarterly fluctuations. In addition, comparing our results of operations on a period-to-period basis, particularly on a sequential quarterly basis, may not be meaningful. You should not rely on our past results as an indication of our future performance.

Factors that may affect our results of operations include:

•the impact of economic downturns and related market volatility caused by economic volatility, inflation, bank failures and associated financial instability and crises, or other national and worldwide events on our business and the businesses of our customers, partners, and vendors;

•our ability to attract new domestic and international customers and renew existing customers;

•seasonal buying patterns of our potential customers and our ability to sell additional software and services to existing customers;

•the proportion and timing of subscription sales as opposed to term software licenses, and the variations in revenue recognition between these contract types;

•changes in contract durations of term software licenses and renewals or modifications of customer contracts;

•increases in costs related to cloud operations, cybersecurity, product development, and services;

•our ability to develop and achieve market adoption of cloud-based services, including the impact of our customers transitioning from term software licenses to subscription services;

•erosion in services margins or significant fluctuations in services revenue caused by changing customer demand, negotiated professional services billing rates, investments in customer implementation and migration projects, or fixed fee contracts;

•our ability to enter into contracts on favorable terms, including terms related to price, payment timing, service levels, acceptance, and product delivery, especially with customers and prospects that possess substantial negotiating leverage and procurement expertise;

•the incurrence of penalties or having to renegotiate contract terms for failing to meet certain contractual obligations, including service levels, product development cycles and functionality, and implementation times and objectives;

•security and privacy concerns related to employee data, customer data, and systems that are accessed or otherwise used by our hybrid workforce and customers;

•employee retention, the ability to hire and onboard appropriate personnel, and the timing of hiring personnel and employee related expenses;

•our ability to realize expected benefits from our acquisitions and other strategic business transactions;

•reductions in our customers’ budgets for information technology purchases and delays in their purchasing decisions;

---

Table of Contents

•the impact of a recession or any other adverse global economic condition on our business, including public health crises, such as epidemics and pandemics, geographic and political conflicts, trade tariffs, trade agreements, and other uncertainties that may cause a delay in entering into, a failure to enter into, or cancel significant customer agreements or the fulfillment of professional service arrangements;

•adverse litigation judgments, dispute-related settlement payments, or litigation-related costs;

•future accounting pronouncements, changes in accounting rules, new tax laws or regulations, or tax interpretations and our related accounting policies, interpretations, and controls;

•fluctuations in foreign currency exchange rates; and

•the effects of inflation or deflation in the economies in which we operate, and their impact on interest rates, collection timeframes, and our revenue given the multi-year term of most customer agreements.

The foregoing factors are difficult to forecast, and these, as well as other factors, could materially adversely affect our quarterly and annual results of operations. Further, due to multi-year term licenses and multi-year term license renewals, increased cloud-based subscription services, timing of and billing rates for professional services engagements, and other ongoing changes to our business, it is challenging to forecast our quarterly and annual results.

We believe our ability to adjust spending quickly enough to compensate for a potential revenue shortfall is limited and our inability to do so could magnify the adverse impact of a potential revenue shortfall on our results of operations. If we fail to achieve our quarterly forecasts, if our forecasts fall below the expectations of investors or research analysts, or if our actual results fail to meet the expectations of investors or research analysts, our stock price may decline.

If we do not receive customer or market acceptance of our business model focused on delivering cloud-based offerings on a subscription basis, or if we fail to meet stipulated service levels with our subscription services, our results of operations could be harmed.If we fail to successfully manage our transition to a business model focused on delivering cloud-based offerings on a subscription basis or fail to meet stipulated service levels with our subscription services, our results of operations could be harmed.

To address demand trends in the P&C insurance industry, we offer customers the use of our software products through a cloud-based offering sold on a subscription basis in addition to our self-managed offering. Our subscription business model has required a considerable investment of technical, operational, financial, legal, and sales resources. This change to our business model requires a considerable investment of technical, operational, financial, legal, and sales resources. Our software and cloud services involve the storage and transmission of customer data, including in some cases, personal data, and security breaches could result in the loss of this information, which in turn could result in litigation, breach of contract claims, indemnity obligations, harm to our reputation, and other liabilities for us. Our cloud offerings will continue to be the focus of existing resources, require us to hire additional resources, and increase costs, especially in cost of subscription and support revenue, cost of services revenue, and research and development, in any given period. Our transition to cloud offerings will continue to be the focus of existing resources, require us to hire additional resources, and increase costs, especially in cost of subscription and support revenue, cost of services revenue, and research and development, in any given period. We may not be able to efficiently scale such investments to meet customer demand and expectations, which may impact our long-term growth and results of operations. Further, the increase in some costs associated with our cloud services, such as the cost of third-party infrastructure in which we rely to host our subscription services, may be difficult to predict over time. Further, the increase in some costs associated with our cloud services, such as the cost of third-party infrastructure in which we rely to host our subscription services, may be difficult to predict over time, especially in light of our limited experience with the costs of delivering cloud-based versions of our applications. Furthermore, we may assume greater responsibilities for implementation of subscription services due to our operating and maintaining the cloud environment for our customers. As a result, we may face risks associated with new and complex implementations or migrations, the cost of which may differ from original estimates. Our subscription contracts also contain penalty clauses, for matters such as failing to meet stipulated service levels or other contractual provisions. Our subscription contracts also contain penalty clauses, for matters such as failing to meet stipulated service levels or other contractual provisions, which represent new risks we are not accustomed to managing. Should these penalties be triggered, our results of operations may be adversely affected. These penalties and costs could take the form of monetary credits for current or future service engagements, reduced fees for additional services or products or upon renewal of existing agreements, and a customer’s renegotiation or refusal to pay its contractually obligated subscription or service fees.

Revenue under our cloud-based subscription model is generally recognized ratably over the term of the contract. Ratable revenue recognition results in lower revenue than we otherwise would have recognized in the initial period of the customer agreement under term license agreements. The transition to ratable revenue recognition will result in lower revenue than we otherwise would have recognized in the initial period of the customer agreement under term license agreements. This effect on recognized revenue may be magnified in any fiscal year due to the concentration of our orders in the fourth fiscal quarter. Additionally, the timing of our customers’ decision to transition from self-managed licenses to cloud-based subscription services could negatively affect our ability to forecast the timing and amount of our revenue in any period. Additionally, the change in our business model and the timing of our customers’ decision to transition from self-managed licenses to cloud-based subscription services could negatively affect our ability to forecast the timing and amount of our revenue in any period.

Acceptance of our cloud-based solutions may not develop as anticipated and could be affected by a variety of factors, including, but not limited to, cost, security, reliability, performance, customer preference, perceived value associated with such offerings, public concerns regarding privacy, and the enactment of restrictive laws or regulations. If the market for our cloud-based solutions generally does not evolve as expected, it could result in reduced customer purchases, reduced renewal rates, and decreased revenue, any of which will adversely affect our business, results of operations, or financial condition. Further, for any of our existing customers that have not yet transitioned to our cloud-based offering, any perceived negative impacts or

---

Table of Contents

incremental costs associated with the transition, or an accelerated transition schedule, may lead to customer dissatisfaction and provide our competitors with an opportunity to acquire these customers.

We are continually updating our existing products and developing new products in an effort to offer customers greater choices on how they utilize our software. We are continually updating our existing services and products and developing new services and products in an effort to offer customers greater choices on how they utilize our software. As our business practices in this area develop and evolve over time, we may be required to revise our current subscription agreements, which may result in revised terms and conditions that impact how we recognize revenue and the costs and risks associated with these offerings. Whether our product development efforts or business model will prove successful and accomplish our business objectives is subject to numerous uncertainties and risks, including, but not limited to, customer demand, our ability to further develop, manage, and scale infrastructure, our ability to include functionality and usability in such offerings that address customer requirements, our customers’ ability to successfully migrate to and implement our subscription services, tax and accounting implications, and our costs. Whether our product development efforts or business model transition will prove successful and accomplish our business objectives is subject to numerous uncertainties and risks, including, but not limited to, customer demand, our ability to further develop, manage, and scale infrastructure, our ability to include functionality and usability in such offerings that address customer requirements, our customers’ ability to successfully migrate to and implement our subscription services, tax and accounting implications, and our costs.

In addition, the metrics we and our investors use to evaluate our business model may evolve over the course of time as significant trends emerge.In addition, the metrics we and our investors use to gauge the status of our business model transition may evolve over the course of the transition as significant trends emerge. It may be difficult, therefore, to accurately determine the impact on our business on a contemporaneous basis, or to clearly communicate the appropriate metrics to our investors. It may be difficult, therefore, to accurately determine the impact of this transition on our business on a contemporaneous basis, or to clearly communicate the appropriate metrics to our investors. If we are unable to sell our cloud offerings in light of the foregoing risks and uncertainties, our reputation could suffer and our results of operations could be harmed, which may cause our stock price to decline.

We have relied and expect to continue to rely on orders from a relatively small number of customers in the P&C insurance industry for a substantial portion of our revenue and ARR, and the loss of any of these customers would significantly harm our business, results of operations, and financial condition.

Our revenue and ARR are dependent on orders from customers in the P&C insurance industry, which may be adversely affected by worldwide economic, environmental, public health, and political conditions. A relatively small number of customers have historically accounted for a significant portion of our revenue. The composition of our individual top customers has and will vary from year to year. In fiscal years 2023 and 2024, our ten largest customers accounted for 23% and 22% of our revenue, respectively. In fiscal years 2022 and 2023, our ten largest customers in each fiscal year accounted for 23% of our revenue. Additionally, our ten largest customers based on ARR accounted for 22% of total ARR at July 31, 2024. Customers for these metrics are calculated at the parent corporation level, while our total customer count is based on entities that have placed orders for our services or products. While we expect this reliance to decrease over time as our revenue, customer base, and subscription services as a percentage of revenue grows, we expect that we will continue to depend upon a relatively small number of customers for a significant portion of our revenue and ARR for the foreseeable future. As a result, if we fail to successfully sell our products to one or more of these anticipated customers in any particular period or fail to identify additional potential customers or such customers purchase fewer of our products or professional services, defer or cancel orders, fail to renew their license or subscription agreements or otherwise terminate or reduce their relationship with us, our business, results of operations, and financial condition would be harmed. As a result, if we fail to successfully sell our services and products to one or more of these anticipated customers in any particular period or fail to identify additional potential customers or such customers purchase fewer of our services or products, defer or cancel orders, fail to renew their license or subscription agreements or otherwise terminate or reduce their relationship with us, our business, results of operations, and financial condition would be harmed. Additionally, if one or more of these anticipated customers enters into or transitions to a subscription agreement in any particular period, or if we fail to achieve the required performance or acceptance criteria for one or more of this relatively small number of customers, our quarterly and annual results of operations may fluctuate significantly.

Our sales and implementation cycles are lengthy and variable, depend upon factors outside our control, and could cause us to expend significant time and resources prior to generating revenue.

The typical sales cycle for our products is lengthy and unpredictable, requires pre-purchase evaluation by a significant number of employees in our customers’ organizations, often involves a significant operational decision by our customers, and could be affected by factors outside of our control.The typical sales cycle for our services and products is lengthy and unpredictable, requires pre-purchase evaluation by a significant number of employees in our customers’ organizations, often involves a significant operational decision by our customers, and could be affected by factors outside of our control. Our sales efforts involve educating our customers about the use and benefits of our products, including the technical capabilities of our products, the potential cost savings achievable by organizations deploying our products, and the benefits and risks associated with cloud-based services. Our sales efforts involve educating our customers about the use and benefits of our services and products, including the technical capabilities of our services and products, the potential cost savings achievable by organizations deploying our services and products, and the benefits and risks associated with cloud-based services. Customers typically undertake a significant evaluation process, which frequently involves not only our products, but also those of our competitors. Customers typically undertake a significant evaluation process, which frequently involves not only our services and products, but also those of our competitors. We spend substantial time, effort, and money in our sales efforts without any assurance that our efforts will produce sales, and our customers have significant negotiating power during the sales process which may result in a lengthy sales cycle and significant contractual complexity. Additionally, we may be unable to predict the size and terms of the initial contract until very late in the sales cycle, which affects our ability to accurately forecast revenue and ARR. In addition, if we commit to include specific features in our base product offering at the request of a customer or group of customers, we may be unable to recognize revenue until the specific features have been delivered with our products. In addition, we sometimes commit to include specific functions in our base service and product offering at the request of a customer or group of customers and are unable to recognize revenue until the specific functions have been added to our services and products. Providing this additional functionality may be time consuming and may involve factors that are outside of our control. Customers may also insist that we commit to certain time frames in which systems built around our products will be operational or that once implemented our products will be able to meet certain operational requirements. Customers may also insist that we commit to certain time frames in which systems built around our services and products will be operational or that once implemented our services and products will be able to meet certain operational requirements. Our ability to meet such timeframes and requirements may involve factors that are outside of our control, and failure to meet such timeframes and requirements could result in us incurring penalties and costs and/or making additional resource commitments, which would adversely affect our business and results of operations.

---

Table of Contents

The implementation and testing of our products by our customers typically lasts six to 24 months or longer and unexpected implementation delays and difficulties can occur. Implementing our products typically involves integration with our customers’ and third parties’ systems and creating or updating the digital experience, as well as adding customer and third-party data to our platform. Implementing our services and products typically involves integration with our customers’ and third parties’ systems and creating or updating the digital experience, as well as adding customer and third-party data to our platform. This process can be complex, time consuming, and expensive for our customers and can result in delays in the implementation and deployment of our products. Failing to meet the expectations of our customers during the implementation of our products could result in a loss of customers and negative publicity about us and our products. Failing to meet the expectations of our customers during the implementation of our services and products could result in a loss of customers and negative publicity about us and our services and products. Such failure could result from deficiencies in our product capabilities, performance issues, or inadequate service engagements by us, our SI partners, or our customers’ employees, the latter two of which are beyond our direct control. The consequences of such failure could include, and have included, monetary credits for current or future service engagements, reduced fees for additional products or upon renewal of existing products, potential reversals of previously recognized revenue, renegotiating existing customers’ contractual terms, and a customer’s refusal to pay their contractually obligated license, subscription, support, or service fees. The consequences of such failure could include, and have included, monetary credits for current or future service engagements, reduced fees for additional services or products sales or upon renewals of existing services and products, potential reversals of previously recognized revenue, renegotiating existing customer’s contractual terms, and a customer’s refusal to pay their contractually-obligated license, support, or service fees. In addition, time-consuming and delayed implementations may also increase the amount of services personnel we must allocate to the implementation for it to be successful, thereby increasing our costs and adversely affecting our business, results of operations, and financial condition.

Furthermore, our sales and implementation cycles could be interrupted or affected by other factors outside of our control. We have had, and may in the future have, restrictions on travel, which are in accordance with recommendations by the U.S. government, The Centers for Disease Control and Prevention, and other equivalent agencies in the locations in which we operate, and our customers, SI partners, and prospects have likewise enacted their own preventative policies and travel restrictions. Widespread restrictions on travel and in-person meetings have affected and could, in the future, affect services delivery, delay implementations, and interrupt sales activity. We cannot predict the duration or the extent of adverse impacts from pandemics and other global events on our business, results of operations, and financial condition.

We face intense competition in our market, which could negatively impact our business, results of operations, and financial condition and cause our market share to decline.

The market for our products is intensely competitive.The market for our software and services is intensely competitive. The competitors we face in any sale opportunity may change depending on, among other things, the line of business purchasing the software, the application or service being sold, the geography in which the customer is operating, and the size of the insurance carrier to which we are selling. For example, we are more likely to face competition from small independent firms when addressing the needs of small insurers. These competitors may compete on the basis of price, the time and cost required for implementation, custom development, or unique product features or functions. Outside of the United States, we are more likely to compete against vendors that may differentiate themselves based on local advantages in language, market knowledge, and pre-built content applicable to that jurisdiction. We also compete with vendors of horizontal software products that may be customized to address needs of the P&C insurance industry.

Additionally, many of our prospective customers operate firmly entrenched legacy systems, some of which have been in operation for decades. Our implementation cycles may be lengthy, variable, and require the investment of significant time and expense by our customers. These expenses and associated operating risks attendant on any significant process re-engineering and new technology implementation, may cause customers to prefer maintaining legacy systems. Also, maintaining these legacy systems may be so time consuming and costly for our potential customers that they do not have adequate resources to devote to the purchase and implementation of our products. We also compete against technology consulting firms that either helped create such legacy systems or may own, in full or in part, subsidiaries that develop software and systems for the P&C insurance industry.

As we expand our product portfolio, we may begin to compete with software and service providers we have not competed against previously. Such potential competitors offer data and analytics tools that may, in time, become more competitive with our offerings.

If our competitors’ products, services, or technologies become more accepted than our solutions, if they are successful in bringing their products or services to market earlier than we are, if their products or services are more technologically capable than ours (including, without limitation, as a result of new or better use of evolving AI technologies, such as generative AI), or if customers replace our solutions with custom-built software, then our revenue could be adversely affected.

---

Table of Contents

We expect the intensity of competition to remain high in the future, as the amount of capital invested in current and potential competitors, including insurtech companies, has increased significantly in recent years. As a result, our competitors or potential competitors may develop improved product or sales capabilities, or even a technology breakthrough that disrupts our market. Table of ContentsAs a result, our competitors or potential competitors may develop improved product or sales capabilities, or even a technology breakthrough that disrupts our market. Continuing intense competition could result in increased pricing pressure, increased sales and marketing expenses, and greater investments in research and development, each of which could negatively impact our profitability. In addition, the failure to increase, or the loss of, market share would harm our business, results of operations, financial condition, and/or future prospects. Our larger current and potential competitors may be able to devote greater resources to the development, promotion, and sale of their services and products than we can devote to ours, which could allow them to respond more quickly than we can to new technologies and changes in customer needs, thus leading to their wider market acceptance. We may not be able to compete effectively and competitive pressures may prevent us from acquiring and maintaining the customer base necessary for us to increase our revenue and profitability.

In addition, the insurance industry is evolving rapidly, and we anticipate the market for cloud-based solutions will become increasingly competitive. If our current and potential customers move a greater proportion of their data and computational needs to the cloud, new competitors may emerge that offer services either comparable or better suited than ours to address the demand for such cloud-based solutions, which could reduce demand for our offerings. To compete effectively we will likely be required to increase our investment in research and development, as well as the personnel and third-party services required to improve reliability and security and lower the cost of delivery of our cloud-based solutions. New competitors are able to develop cloud-based solutions without the cost of maintaining or migrating existing solutions and satisfying existing customer requirements, which may allow them to introduce new services and products more quickly and on more efficient technologies than us. This may increase our costs more than we anticipate and may adversely impact our results of operations.

Our current and potential competitors may also establish cooperative relationships among themselves or with third parties to further enhance their resources and offerings. Current or potential competitors may be acquired by other vendors or third parties with greater available resources. As a result of such acquisitions, our current or potential competitors might be more able than we are to adapt quickly to new technologies and customer needs, to devote greater resources to the promotion or sale of their products, to initiate or withstand substantial price competition, or to take advantage of emerging opportunities by developing and expanding their product offerings more quickly than we can. As a result of such acquisitions, our current or potential competitors might be more able than we are to adapt quickly to new technologies and customer needs, to devote greater resources to the promotion or sale of their services and products, to initiate or withstand substantial price competition, or to take advantage of emerging opportunities by developing and expanding their product and service offerings more quickly than we can. Additionally, they may hold larger portfolios of patents and other intellectual property rights as a result of such relationships or acquisitions. If we are unable to compete effectively with these evolving competitors for market share, our business, results of operations, and financial condition could be materially and adversely affected.

Failure to manage our expanding operations effectively could harm our business.

We have experienced consistent growth and expect to continue to expand our operations, including the number of employees and the locations and scope of our international operations. In particular, we have been expanding and plan to continue to expand our operations in India. Additionally, we operate a hybrid work environment in which a large portion of our workforce works either in-person on a part-time basis or remotely on a permanent basis, which brings challenges to managing our business and workforce. Additionally, we have transitioned to a hybrid work environment in which a large portion of our workforce works either in-person on a part-time basis or remotely on a permanent basis, which brings new challenges to managing our business and workforce. This expansion and hybrid work environment has placed, and will continue to place, a significant strain on our operational and financial resources and our personnel. This expansion and changing work environment has placed, and will continue to place, a significant strain on our operational and financial resources and our personnel. To manage our anticipated future operational expansion effectively, we must continue to maintain and may need to enhance our information technology and cybersecurity infrastructure and financial and accounting systems and controls, and manage expanded operations and employees in geographically distributed locations. Our growth could require significant capital expenditures and may divert financial resources from other projects, such as the development of new, enhanced, or more secure products or investments in cloud operations. If we increase the size of our organization without experiencing an increase in sales of our products, we will experience reductions in our gross and operating margins and net income. If we increase the size of our organization without experiencing an increase in sales of our services and products, we will experience reductions in our gross and operating margins and net income. If we are unable to effectively manage our expanding operations or hybrid work environment, our expenses may increase more than expected, our revenue could decline or grow more slowly than expected, and we may be unable to implement our business strategy.

Our large customers have substantial negotiating leverage, which may require that we agree to terms and conditions that result in increased cost of sales, decreased revenue, and lower average selling prices and gross margins, all of which could harm our results of operations.

Some of our customers include the world’s largest P&C insurers. These customers have significant bargaining power when negotiating new licenses or subscriptions or renewals of existing agreements, and have the ability to buy similar products from other vendors or develop such systems internally. These customers have and may continue to seek advantageous pricing and other commercial and performance terms that may require us to develop additional features in the products we sell to them or add complexity to our customer agreements. These customers may also delay making payments under existing agreements, or at renewal, in an attempt to obtain more favorable terms from us. We have been required to, and may again be required to, reduce the average selling price and ARR of our products, along with agreeing to steeper ramps that delay reaching fully

---

Table of Contents

ramped ARR, in response to these pressures. If we are unable to avoid reducing our average selling prices or ARR, our results of operations could be harmed.

Issues in the development and use of AI, combined with an uncertain regulatory environment, may result in reputational harm, liability, or other adverse consequences to our business operations.

We use, and are continuously incorporating, machine learning and AI technologies in our offerings and business, and we are making investments in expanding our AI capabilities in our products, professional services, and tools, including the ongoing deployment and improvement of existing machine learning and AI technologies, as well as developing new product features using generative and other AI technologies.We use machine learning and AI technologies in our offerings and business, and we are making investments in expanding our AI capabilities in our products, services, and tools, including ongoing deployment and improvement of existing machine learning and AI technologies, as well as developing new product features using generative AI technologies. AI technologies are complex, and generative AI technologies, in particular, are rapidly evolving. AI technologies are complex and generative AI technologies, in particular, are rapidly evolving. We face significant competition from other companies as well as an evolving regulatory landscape in relation to these technologies. We face significant competition from other companies as well as an evolving regulatory landscape in relation to these technologies. The introduction of AI technologies, including generative AI, into new or existing products may result in new or enhanced governmental or regulatory scrutiny, litigation, confidentiality or security risks, privacy concerns, ethical challenges, or other complications that could adversely affect our business, reputation, or financial results.

The complexity of our products that incorporate machine learning and AI technologies could result in unforeseen delays or expenses, or undetected defects, bugs, or security vulnerabilities, which may harm the market acceptance of new products, damage our reputation with current or prospective customers, cause significant remediation expenses, and may harm our business, results of operations, and financial condition. Our products may contain defects when they are first introduced or as new versions or enhancements are released, or their release may be delayed due to unforeseen difficulties during development. Additionally, our products may have undiscovered vulnerabilities that could be exploited by hackers or other malicious actors, potentially exposing our customers to adverse consequences.

The intellectual property ownership and license rights, including without limitation, copyright, surrounding AI technologies generally, and generative AI technologies specifically, has not been fully addressed by competent legal tribunals or applicable laws or regulations. The intellectual property ownership and license rights, including without limitation copyright, surrounding AI technologies generally, and generative AI technologies specifically, has not been fully addressed by competent legal tribunals or applicable laws or regulations. Further, the use or adoption of third-party AI technologies, including generative AI technologies, into our products may result in exposure to claims of copyright infringement or other intellectual property-related causes of action. Further, the use or adoption of third-party AI technologies, including generative AI technologies, into our products and services may result in exposure to claims of copyright infringement or other intellectual property-related causes of action.

The uncertainty around new and emerging AI technologies, such as generative AI, may require additional investment in the development and maintenance of proprietary datasets and machine learning models, development of new approaches and processes to provide attribution or remuneration to creators of training data, and development of appropriate protections and safeguards for handling the use of customer data with such technologies, which may be costly and could impact our expenses if we decide to expand AI technologies, including generative AI, into our product offerings.Uncertainty around new and emerging AI technologies, such as generative AI, may require additional investment in the development and maintenance of proprietary datasets and machine learning models, development of new approaches and processes to provide attribution or remuneration to creators of training data, and development of appropriate protections and safeguards for handling the use of customer data with such technologies, which may be costly and could impact our expenses if we decide to expand AI technologies, including generative AI, into our product offerings. AI technologies, including without limitation generative AI, may create content that appears facially correct but is factually inaccurate or flawed. Our customers, employees, or others may rely on or use such factually incorrect or flawed content to their detriment, which may expose us to brand or reputational harm, competitive harm, and/or legal liability. Our customers or others may rely on or use such factually incorrect or flawed content to their detriment, which may expose us to brand or reputational harm, competitive harm, and/or legal liability. In all events, the development, marketing and use of AI technologies, including, in particular, generative AI, presents emerging ethical and social issues, and if we enable or offer solutions that draw scrutiny or controversy due to their perceived or actual impact on customers or on society as a whole, we may experience brand or reputational harm, competitive harm, additional costs, and/or legal liability. If our AI development, deployment, content labeling or governance is ineffective or inadequate, it may result in incidents that impair the public acceptance of AI solutions or cause harm to individuals, customers or society, or result in our offerings not working as intended or producing unexpected outcomes.

Further, the development of next-generation solutions that utilize new and advanced features, including AI and machine learning, involves making predictions regarding the willingness of the market to adopt such technologies over legacy solutions. We may be required to commit significant resources to developing new products before knowing whether such investment will result in products that the market will accept.

We may fail to set the optimal pricing and packaging of our products, which could negatively impact our growth strategy and ability to effectively compete in the market.

We may face challenges in selling our solutions to insurers that have internally developed their own proprietary software solutions, and we face competition from emerging and established vendors. As a result, these companies may offer lower prices, additional products or services, or other incentives that may impact our ability to maintain our prices.

The market for our products is constantly evolving, and our pricing and packaging decisions are made based on the best information available at the time, but may change significantly in the future from our expectations. We are continually analyzing and refining our pricing and packaging models to adapt to this dynamic environment. For example, we may need to change our pricing in future periods in response to market demands, the inflation and interest rate environment or increased

---

Table of Contents

costs. Our contracts are often multi-year in duration and our inability to foresee changing events could impact the profitability of certain contracts. Further, as competitors introduce new products that compete with ours or reduce their prices, we may be unable to attract new customers or retain existing customers based on our historical pricing. As we expand internationally, we also must determine the appropriate price to enable us to compete effectively in each market. In addition, if our mix or bundle of products sold changes, then we may need to, or choose to, revise our pricing. As a result, we may be required or choose to reduce our prices or change our pricing model, which could harm our business, results of operations, and financial condition. In addition, we cannot predict whether our current or prospective customers, or the market in general, will accept these changes. If these adjustments do not gain acceptance, our business and operational results could be adversely affected. Failure to identify an optimal pricing and packaging strategy may harm our business and operational outcomes. Should customers reject our new or modified pricing plans, we may face increasing challenges in attracting new customers and retaining existing ones, particularly if we apply new pricing models to current customer subscriptions.

Our business depends on customers renewing and expanding their license, support, and subscription contracts for our products. A decline in our customer renewals and expansions could harm our future results of operations.

Our customers have no obligation to renew their term licenses or subscriptions after their contract period expires, and these licenses and subscriptions, if renewed, may be done so on less favorable terms. Moreover, under certain circumstances, our customers have the right to cancel their licenses or subscriptions before they expire. We may not accurately predict future trends in customer renewals. Our customers’ renewal rates may fluctuate or decline because of several factors, including their satisfaction or dissatisfaction with our products, the prices of our products, the prices of products offered by our competitors, reduction in our customers’ business including their DWP, reductions in our customers’ spending levels due to the macroeconomic environment or other factors, or the sale of their operations to a buyer that is not a current customer. Our customers’ renewal rates may fluctuate or decline because of several factors, including their satisfaction or dissatisfaction with our services and products, the prices of our services and products, the prices of services and products offered by our competitors, reduction in our customers’ business including their DWP, reductions in our customers’ spending levels due to the macroeconomic environment or other factors, or the sale of their operations to a buyer that is not a current customer.

Also, in some cases, our customers have a right to exercise a perpetual buyout of their term licenses at the end of the initial contract term, which if exercised would eliminate future term license revenue. If our customers do not renew their term licenses or subscriptions for our solutions or renew on less favorable terms, our revenue may decline or grow more slowly than expected and our profitability may be harmed.

Seasonal sales patterns may cause significant fluctuations in our results of operations and cash flows and may prevent us from achieving our quarterly or annual forecasts, which may cause our stock price to decline.

We generally see increased new orders in our fourth fiscal quarter, which is the quarter ending July 31, due to efforts by our sales team to achieve annual incentives. As a result, a significantly higher percentage of our annual license revenue and cash receipts have historically been recognized in our fourth fiscal quarter. Since a substantial majority of our license revenue has annual renewals after the initial term of the contract, we expect to continue to experience this seasonality effect in subsequent years. Because of the upfront nature of revenue recognition for new multi-year term licenses and multi-year term license renewals, any quarter in which a significant agreement of this nature is signed, renewed, cancelled, or not renewed when scheduled to do so may be impacted.

We currently anticipate that sales of, and revenue from, subscription services will continue to increase in the future. Subscriptions are recognized ratably over the term of the agreement after provisioning of the service. Over time, this may reduce the impact of our historic revenue seasonality, but in the near term the introduction of proportionally more subscription services into our revenue stream, together with their delayed and ratable recognition, will likely impact quarter-over-quarter and year-over-year revenue growth comparisons. Cash flow expectations and comparisons will most likely remain concentrated in the fourth fiscal quarter and could also be impacted because of the ramped nature of the annual installments of these multi-year subscription services arrangements. Additionally, ARR, which reflects the annualized recurring value of active customer contracts at the end of a reporting period, will be impacted by the seasonality of new sales orders, even if the revenue is recognized ratably.

Our quarterly growth in revenue or ARR also may not coincide with new orders or cash flows in a given quarter, which could mask the impact of seasonal variations. This mismatch is primarily due to the following reasons:

•our subscription arrangements are recognized ratably and only a portion, if any, of the revenue from an order is recognized in the same fiscal period of the order;

•subscription arrangements generally have ramped invoicing schedules over the initial term, which affects ARR and cash flows, but revenue is recognized ratably over the initial term;

•our term license agreements and multi-year term license renewals generally have annual billing arrangements even though revenue is recognized upfront for the entire committed term;

•as customers enter into a subscription agreement to migrate from an existing term license agreement or as we invest in certain cloud implementations to assist our customers with their migration to our cloud services, the

---

Table of Contents

timing of revenue recognition may be impacted by the allocation of revenue between different performance obligations;

•we may enter into agreements with future product delivery requirements, specified terms for product upgrades or functionality, acceptance terms, early termination rights, or unconditional return rights, which may require us to delay revenue recognition for a period of time; and

•revenue recognition may not occur in the period when the order is placed due to certain revenue recognition criteria not being met, such as delivery of the software or providing access to the subscription services.

Additionally, seasonal patterns may be affected by the timing of particularly large transactions and the number of renewals in a given quarter. Seasonal and other variations may cause significant fluctuations in our revenue, ARR, results of operations and cash flows, may make it challenging for an investor to predict our performance on a quarterly basis, and may prevent us from achieving our quarterly or annual forecasts or meeting or exceeding the expectations of research analysts or investors, which in turn may cause our stock price to decline.

If we are unable to develop, introduce, and market new and enhanced versions of our products, we may be put at a competitive disadvantage.If we are unable to develop, introduce, and market new and enhanced versions of our services and products, we may be put at a competitive disadvantage.

Our success depends on our continued ability to develop, introduce, and market new and enhanced versions of our products to meet evolving customer requirements. Because our products are complex and require rigorous testing, new features, new functionality, and updates to our existing products can take significant time and resources to develop and bring to market. Because some of our services and products are complex and require rigorous testing, new features, new functionality, and updates to our existing products and services can take significant time and resources to develop and bring to market. As we expand internationally, our products must be modified and adapted to comply with regulations and other requirements of the countries in which our customers do business. Additionally, market conditions may dictate that we change the delivery method of our products or the technology platform underlying our existing products or that new products be developed on different technology platforms, potentially adding material time and expense to our development cycles. Additionally, market conditions may dictate that we change the delivery method of our services and products or the technology platform underlying our existing services and products or that new services and products be developed on different technology platforms, potentially adding material time and expense to our development cycles. The nature of these development cycles may cause us to experience delays between the time we incur expenses associated with research and development and the time we generate revenue, if any, from such expenses.

If we fail to develop new products, enhance our existing products, or manage our products in the cloud, our business could be adversely affected, especially if our competitors are able to introduce products with enhanced functionality in the cloud.If we fail to develop new services and products, enhance our existing services and products, or migrate our products to the cloud, our business could be adversely affected, especially if our competitors are able to introduce services and products with enhanced functionality in the cloud. It is critical to our success for us to anticipate changes in technology, industry standards and regulations, and customer requirements and to successfully introduce new, enhanced, and competitive products to meet our customers’ and prospective customers’ needs on a timely basis. We have invested and intend to increase investments in research and development and cloud operations to meet these challenges. Revenue may not be sufficient to support the future product development that is required for us to remain competitive. If we fail to develop products in a timely manner that are competitive in technology and price or develop products that fail to meet customer demands, our market share will decline and our business and results of operations could be harmed. If we fail to develop services and products in a timely manner that are competitive in technology and price or develop services and products that fail to meet customer demands, our market share will decline and our business and results of operations could be harmed. If our development efforts do not develop services, products or features that our customers find valuable, then we might incur impairment charges related to our capitalized software development costs.

---

Table of Contents

We operate a hybrid in-person and remote workforce, which will subject us to certain operational challenges and risks and potential harm to our business.

We operate a hybrid work environment in which a significant portion of our workforce works either in-person on a part-time basis or remotely on a permanent basis.We have transitioned to a hybrid work environment in which a significant portion of our workforce works either in-person on a part-time basis or remotely on a permanent basis. As a result, we are subject to the challenges and risks of having a remote and hybrid workforce. For example, certain security systems in homes or other remote workplaces may be less secure than those used in our offices, which may subject us to increased security risks, including cybersecurity-related events, and expose us to risks of data or financial loss and associated disruptions to our business operations. Members of our workforce who work remotely may not have access to technology that is as robust as that in our offices, which could cause the networks, information systems, applications, and other tools available to those remote workers to be more limited or less reliable than in our offices. We may also be exposed to risks associated with the locations of remote workers, including compliance with local laws and regulations or exposure to compromised internet infrastructure. Allowing members of our workforce to work remotely may create intellectual property risk if employees create intellectual property on our behalf while residing in a jurisdiction with unenforced or uncertain intellectual property laws. Further, if employees fail to inform us of changes in their work location, we may be exposed to additional risks without our knowledge. Hybrid in-person as well as remote working may also subject us to other operational challenges and risks. For example, hybrid working arrangements may adversely affect our ability to recruit and retain personnel who prefer a fully remote or fully in-person work environment. For example, our shift to hybrid working may adversely affect our ability to recruit and retain personnel who prefer a fully remote or fully in-person work environment. Operating our business with both remote and in-person workers, or workers who work in flexible locations and on flexible schedules, could have a negative impact on our corporate culture, decrease the ability of our workforce to collaborate and communicate effectively, decrease innovation and productivity, or negatively affect workforce morale and retention rates. In addition, we expect to incur costs related to a hybrid workforce including, among other things, facilitating permanent remote work for a portion of our workforce and updating our offices to offer more collaborative workspaces. In addition, we expect to incur costs related to the transition to a hybrid workforce to, among other things, facilitate permanent remote work for a portion of our workforce and update our offices to offer more collaborative workspaces. If we are unable to effectively operate a hybrid workforce, manage the cybersecurity and other risks of remote work, and maintain our corporate culture and workforce morale, our business could be harmed or otherwise negatively impacted. If we are unable to effectively transition to a hybrid workforce, manage the cybersecurity and other risks of remote work, and maintain our corporate culture and workforce morale, our business could be harmed or otherwise negatively impacted.

Real or perceived errors or failures in our products and professional services, including implementation and cloud support services, may affect our reputation, cause us to lose customers, and reduce sales and renewal rates, which may harm our business and results of operations and subject us to liability for breach of warranty claims.Real or perceived errors or failures in our services and products, including implementation services, may affect our reputation, cause us to lose customers, and reduce sales and renewal rates, which may harm our business and results of operations and subject us to liability for breach of warranty claims.

Because we offer complex products, undetected errors or failures may exist or occur, especially when products are first introduced or when new versions or updates are released.Because we offer complex services and products, undetected errors or failures may exist or occur, especially when services and products are first introduced or when new versions or updates are released. Our products are often installed and used in large-scale computing environments with different operating systems, system management software, and equipment and networking configurations, which may cause errors or failures in our products or may expose undetected errors, failures, or bugs in our products. Our services and products are often installed and used in large-scale computing environments with different operating systems, system management software, and equipment and networking configurations, which may cause errors or failures in our services and products or may expose undetected errors, failures, or bugs in our services and products. Despite testing by us, we may not identify all errors, failures, or bugs in new products or releases until after commencement of commercial sales or installation. Despite testing by us, we may not identify all errors, failures, or bugs in new services and products or releases until after commencement of commercial sales or installation. In the past, we have discovered software errors, failures, and bugs in some of our offerings after their introduction. While we have implemented, and continually improve, a breadth of industry standard technology controls designed to ensure system stability and availability, we may introduce errors, design flaws, software bugs, and other issues into the environment, and fail to remediate them in a timely manner, which may cause serious or prolonged service interruptions to our customers. Additionally, our Guidewire cloud offerings rely on third-party services including, but not limited to, AWS and Okta. Additionally, our Guidewire Cloud offerings rely on third-party hosting services, primarily AWS. Any material disruption, failure or slowdown in these services or the systems of third parties who we depend upon could cause outages or delays in our products, which could harm our reputation and adversely affect our results of operations.

We provide our customers with upfront estimates regarding the duration, resources, and costs associated with the migration and implementation of our products. Failure to meet these upfront estimates and the expectations of our customers could result from our product capabilities or professional service engagements performed by us, our SI partners, or our customers’ employees, the latter two of which are beyond our direct control. Failure to meet these upfront estimates and the expectations of our customers could result from our product capabilities or service engagements performed by us, our SI partners, or our customers’ employees, the latter two of which are beyond our direct control. The consequences could include, and have included, monetary credits for current or future service engagements, reduced fees for additional products or upon renewal of existing products, renegotiation or modification of existing contracts that could potentially result in reversals of previously recognized revenue, or a customer’s refusal to pay its contractually obligated fees. The consequences could include, and have included, monetary credits for current or future service engagements, reduced fees for additional services or product sales or upon renewals of existing licenses or services, renegotiation or modification of existing contracts that could potentially result in reversals of previously recognized revenue, or a customer’s refusal to pay its contractually-obligated fees. In addition, time-consuming or difficult migrations and implementations may also increase the amount of services personnel we must allocate to the project, potentially without commensurate compensation, thereby increasing our costs, lowering our services margin, and adversely affecting our business, results of operations, and financial condition.

The license, subscription, and support of our products creates the risk of significant liability claims against us.The license, subscription, and support of our services and products creates the risk of significant liability claims against us. Our license and subscription agreements with our customers contain provisions designed to limit our exposure to potential liability claims. It is possible, however, that the limitation of liability provisions contained in such agreements may not be enforced as a result of international, federal, state, and local laws or ordinances or unfavorable judicial decisions. Breach of warranty or damage liability, or injunctive relief resulting from such claims, could harm our results of operations and financial condition.

---

Table of Contents

Our ability to sell our products is highly dependent on the quality of our professional services and technical support services and the support of our SI partners, and the failure of us or our SI partners to offer high-quality professional services or technical support services could damage our reputation and adversely affect our ability to sell our products to new customers and renew agreements with our existing customers.

If we or our SI partners do not effectively assist our customers in deploying our products, successfully help our customers quickly resolve post-deployment issues, assist our customers in migrating from self-managed licenses to subscription services, and provide effective ongoing support, our ability to renew existing agreements and sell additional products to existing customers would be adversely affected and our reputation with potential customers could be damaged.If we or our SI partners do not effectively assist our customers in deploying our services and products, successfully help our customers quickly resolve post-deployment issues, assist our customers in migrating from self-managed licenses to subscription services, and provide effective ongoing support, our ability to renew existing agreements and sell additional services and products to existing customers would be adversely affected and our reputation with potential customers could be damaged. Once our products are deployed and integrated with our customers’ existing information technology environment, our customers may depend on our technical support services and/or the support of SI partners or internal resources to resolve any issues relating to our products. Once our services and products are deployed and integrated with our customers’ existing information technology environment, our customers may depend on our technical support services and/or the support of SI partners or internal resources to resolve any issues relating to our services and products. High-quality support is critical for the continued successful marketing and sale of our products. In addition, as we continue to expand our operations internationally, our support organization will face additional challenges, including those associated with delivering support, training, and documentation in multiple languages. Many enterprise customers require higher levels of support than smaller customers. If we fail to meet the requirements of our larger customers, it may be more difficult to sell additional products to these customers or to transition existing license customers to subscription services, a key strategy for the growth of our revenue and profitability. If we fail to meet the requirements of our larger customers, it may be more difficult to sell additional services and products to these customers or to transition existing license customers to subscription services, a key strategy for the growth of our revenue and profitability. In addition, as we further expand our cloud-based products, our professional services, cloud operations and support organizations will face new challenges, including hiring, training, and integrating a large number of new personnel with experience in delivering high-quality services and support for cloud-based offerings. In addition, as we further expand our cloud-based services and products, our professional services, cloud operations and support organizations will face new challenges, including hiring, training, and integrating a large number of new personnel with experience in delivering high-quality services and support for cloud-based offerings. Further, as we continue to rely on SIs to provide deployment, migration, and on-going services, our ability to ensure a high level of quality in addressing customer issues and providing a maintainable and efficient cloud environment could be diminished as we may be unable to control the quality or timeliness of the implementation of our products by our SI partners. Our failure to maintain high-quality implementation and support services, or to ensure that SIs provide the same, could have a material adverse effect on our business, results of operations, financial condition, and growth prospects.

The use of AI by our workforce may present risks to our business.

Our workforce is exposed to and uses AI technologies for certain tasks related to our business. We have guidelines and policies specifically directed at the use of AI tools in the workplace. Nevertheless, the use of these AI tools, whether authorized or unauthorized, by our workforce, poses potential risks relating to the protection of data, including cybersecurity risk, exposure of our proprietary confidential information to unauthorized recipients, and the misuse of our or third-party intellectual property. Use of AI technology by our workforce, even when used consistently with our guidelines, may result in allegations or claims against us related to violation of third-party intellectual property rights, unauthorized access to or use of proprietary information, or failure to comply with open source software requirements. In addition, our employees may use AI tools for various design and engineering tasks, such as writing code and building content, and these AI technology tools may produce facially correct but factually inaccurate or flawed responses that could lead to errors in our decision-making, solution development, or other business activities, which could have a negative impact on our business, operating results and financial condition. Our ability to mitigate these risks will depend on our continued effective training, monitoring and enforcement of appropriate policies, guidelines and procedures governing the use of AI technology, and compliance by our workforce.

Revenue mix, as well as declines in our subscription and support gross margin or our services gross margin, could adversely affect our overall gross margin and profitability.

Our subscription and support revenue was 56% and 48% of total revenue for fiscal years 2024 and 2023, respectively.Our subscription and support revenue was 48% and 42% of total revenue for fiscal years 2023 and 2022, respectively. Our subscription and support revenue produces lower gross margins than our license revenue. The gross margin of our subscription and support revenue was 63% and 51% for fiscal years 2024 and 2023, respectively, while the gross margin for license revenue was 98% and 98% for fiscal years 2024 and 2023, respectively. We expect that subscription revenue will continue to increase as a percentage of total revenue as we contract with new cloud customers and existing customers migrate from term licenses to subscription services. As our cloud transition continues, we expect that subscription revenue will continue to increase as a percentage of total revenue as we contract with new cloud customers and existing customers migrate from term licenses to subscription services. Additionally, we are incurring expenses to operate our cloud services and manage our cloud operations which may not result in an improvement of our subscription and support gross margin. Additionally, we are incurring significant expenses to develop our cloud services and scale our cloud operations which may not result in an improvement of our subscription and support gross margin. These trends, along with other factors, some of which may be beyond our control, may adversely affect our overall gross and operating margins. These other factors include the percentage of new customers that enter into subscription services agreements as compared to term license agreements, the revenue impact of allocating total contract consideration between license revenue and subscription and support revenue when existing customers transition from term license to subscription services agreements, investments in certain cloud implementations to assist our customers with their migration to our cloud services, continued growth and efficiency of our cloud operations and technical support teams, and the impact on the global economy as a result of economic volatility, inflation, or other global events and disasters.

Further, our services revenue was 18% and 23% of total revenue for fiscal years 2024 and 2023, respectively. Further, our services revenue was 23% and 26% of total revenue for fiscal years 2023 and 2022, respectively. Our services revenue produces lower gross margin than either our license revenue or our subscription and support revenue. The gross margin

---

Table of Contents

of our services revenue was negative in both fiscal years 2024 and 2023. If we experience an increase in the percentage of total revenue represented by services revenue, due to acquisitions or other factors, such increase could reduce our overall gross and operating margins. Fluctuation in our services revenue can result from several factors, some of which may be beyond our control, including change in customer demand for our services team’s involvement in the implementation of and migration to new products, the rates we charge or discounts we offer for our services, our ability to bill our customers for all time incurred to complete a project, the extent and quality of implementations and migrations provided by our SI partners, the extent to which we subcontract services to those SI partners, and the impact on the global economy as a result of economic volatility, inflation, or other global events and disasters. Fluctuation in our services revenue can result from several factors, some of which may be beyond our control, including the pace of our customers’ migration from term license to subscription services as we continue our cloud transition, change in customer demand for our services team’s involvement in the implementation of new services and products, the rates we charge or discounts we offer for our services, our ability to bill our customers for all time incurred to complete a project, the extent and quality of implementations and migrations provided by our SI partners, and the impact on the global economy as a result of economic volatility, inflation, or other global events and disasters. Additionally, the failure to improve, or the erosion of, our services margin, whether due to discounts related to encouraging customers to enter into cloud agreements or otherwise, particularly in combination with any increase in services revenue, could adversely affect our overall gross and operating margins. Additionally, the failure to improve, or the erosion of, our services margin, whether due to discounts related to encouraging clients to accelerate their cloud transition or otherwise, particularly in combination with any increase in services revenue, could adversely affect our overall gross and operating margins. Our services margin may erode if we hire and train additional services personnel to support cloud-based services or markets prior to having customer engagements, if we make investments in customer migrations from self-managed term licenses to subscription services, if we enter into fixed fee services arrangements, if our services personnel are underutilized, if we subcontract out services without an adequate markup, or if we require additional personnel on unexpectedly difficult projects to ensure customer success, perhaps without receiving commensurate compensation. Our services margin may erode if we hire and train additional services personnel to support cloud-based services or markets prior to having customer engagements, if we make investments in customer migrations from self-managed term licenses to subscription services, if we enter into fixed fee services arrangements, if our services personnel are underutilized, or if we require additional personnel on unexpectedly difficult projects to ensure customer success, perhaps without receiving commensurate compensation.

Failure of any of our established products to satisfy customer demands or to maintain market acceptance could harm our business, results of operations, financial condition, and growth prospects.Failure of any of our established services or products to satisfy customer demands or to maintain market acceptance could harm our business, results of operations, financial condition, and growth prospects.

We derive a significant majority of our revenue and cash flows from our established product offerings, including Guidewire InsuranceSuite Cloud, Guidewire InsuranceNow, Guidewire InsuranceSuite for self-managed installations, and our digital and data products. We expect to continue to derive a substantial portion of our revenue from these sources. As such, continued market acceptance of these products is critical to our growth and success. As such, continued market acceptance of these services and products is critical to our growth and success. Demand for our products is affected by a number of factors, some of which are beyond our control, including the successful implementation of our products, the timing of development and release of product upgrades, enhancements, and new products by us and our competitors, the cost and effort to migrate from self-managed products to subscription services, the ease of integrating our software to third-party software and services, technological advances that reduce the appeal of our products, changes in the regulations that our customers must comply with in the jurisdictions in which they operate, and the growth or contraction in the worldwide market for technological solutions for the P&C insurance industry. If we are unable to continue to meet customer demands, to achieve and maintain a technological advantage over competitors, or to maintain market acceptance of our products, our business, results of operations, financial condition and growth prospects may be adversely affected. If we are unable to continue to meet customer demands, to achieve and maintain a technological advantage over competitors, or to maintain market acceptance of our services and products, our business, results of operations, financial condition and growth prospects may be adversely affected.

If we are unable to continue the successful development of our global direct sales force and the expansion of our relationships with our strategic partners, sales of our products will suffer and our growth could be slower than we project.

We believe that our future growth will depend on the continued recruiting, retention, and training of our global direct sales force and their ability to obtain new customers, both large and small P&C insurers, and to manage our existing customer base. New hires require significant training and may, in some cases, take more than a year before becoming productive, if at all. If we are unable to hire and develop sufficient numbers of productive global direct sales personnel, sales of our products will suffer and our growth will be impeded. If we are unable to hire and develop sufficient numbers of productive global direct sales personnel, sales of our services and products will suffer and our growth will be impeded.

Our SI partners help us reach additional customers. We believe our future growth also will depend on the retention and expansion of successful relationships with SI partners, including with SI partners that will focus on products we may acquire in the future. Our growth in revenue, particularly in international markets, will be influenced by the development and maintenance of relationships with SI partners, including regional and local SI partners. Although we have established relationships with some of the leading SI partners, our products may compete directly against products that such leading SI partners support or market. Although we have established relationships with some of the leading SI partners, our services and products may compete directly against services and products that such leading SI partners support or market. Additionally, we are unable to control the quantity or quality of resources that our SI partners commit to migrating or implementing our products, the quality or timeliness of such migrations and implementations, or the effects of global events on our SI partners. Additionally, we are unable to control the quantity or quality of resources that our SI partners commit to migrating or implementing our services and products, the quality or timeliness of such migrations and implementations, or the effects of pandemics and other global events on our SI partners. If our partners do not commit sufficient or qualified resources to these activities, our customers will be less satisfied, be less supportive with references, or may require the investment of our resources at discounted rates. These, and other failures by our partners to successfully implement our products, would have an adverse effect on our business and our results of operations could fail to grow in line with our projections. These, and other failures by our partners to successfully implement our services and products, would have an adverse effect on our business and our results of operations could fail to grow in line with our projections.

---

Table of Contents

Our international sales and operations subject us to additional risks that can adversely affect our business, results of operations, and financial condition.

We sell our products to customers located outside the United States, and we are continuing to expand our international operations as part of our growth strategy.We sell our services and products to customers located outside the United States, and we are continuing to expand our international operations as part of our growth strategy. In fiscal years 2024, 2023, and 2022, $347.9 million, $331.5 million, and $296.2 million of our revenue, respectively, was from customers outside of the United States. In fiscal years 2023, 2022, and 2021, $331.5 million, $296.2 million, and $271.1 million of our revenue, respectively, was from customers outside of the United States. Our current international operations and our plans to expand our international operations subject us to a variety of risks, including:

•increased management, travel, infrastructure, legal, and compliance costs associated with having multiple international operations;

•unique terms and conditions in contract negotiations imposed by customers in foreign countries;

•longer payment cycles and difficulties in enforcing contracts and collecting accounts receivable;

•the need to localize our contracts and our products for international customers;

•lack of familiarity with and unexpected changes in foreign regulatory requirements;

•increased exposure to fluctuations in currency exchange rates, especially on revenue and ARR;

•highly inflationary international economies and related governments;

•geographic and political conflicts, such as the wars between Israel and Hamas and between Russia and Ukraine and the escalating tensions in the South China Sea;

•the burdens and costs of complying with a wide variety of foreign laws and legal standards, including without limitation any new or evolving laws and regulations relating to the use of data in AI, generative AI, machine learning technologies, climate-related disclosures, and the General Data Protection Regulation in the European Union (“EU”) and the U.K.;

•compliance with the U.S. Foreign Corrupt Practices Act of 1977, as amended, the U.K. Bribery Act of 2010 and other anti-corruption regulations, particularly in emerging market countries;

•compliance by international staff with accounting practices generally accepted in the United States, including adherence to our accounting policies and internal controls;

•import and export license requirements, tariffs, taxes and other trade barriers;

•increased financial accounting, tax and reporting burdens and complexities;

•weaker protection of intellectual property rights in some countries;

•multiple and possibly overlapping tax regimes, including certain Organization for Economic Cooperation and Development (“OECD”) proposals, including the implementation of the global minimum tax under the Pillar Two model rules;

•government sanctions that may interfere with our ability to sell into particular countries, such as Russia;

•disruption to our operations caused by public health crises, such as epidemics and pandemics; and

•political, social, and economic instability abroad, terrorist attacks, and security concerns in general.

As we increase the number of products we offer, increase the number of countries in which we operate, and incorporate new technologies and capabilities into our products (including, without limitation, the use of AI, generative AI and machine learning technologies), the complexity of adjusting our offerings to comply with legal and regulatory changes will increase.

As we continue to expand our business globally, our success will depend, in large part, on our ability to anticipate and effectively manage these and other risks associated with our international operations. Any of these risks could harm our international operations and reduce our international sales, adversely affecting our business, results of operations, financial condition and growth prospects.

We may expand through acquisitions or partnerships with other companies, which may divert our management’s attention and result in unexpected operating and technology integration difficulties, increased costs, and dilution to our stockholders.Table of ContentsWe may expand through acquisitions or partnerships with other companies, which may divert our management’s attention and result in unexpected operating and technology integration difficulties, increased costs, and dilution to our stockholders.

Our business strategy includes the potential acquisition of shares or assets of companies with software, cloud-based services, technologies, or businesses complementary to ours. Our strategy also includes alliances with such companies. For example, we have made several acquisitions in the past, including most recently in August 2021, we acquired HazardHub, Inc., a leading insurtech provider of property risk insights. Acquisitions and alliances, such as our strategic partnerships with One

---

Table of Contents

Inc. and Smart Communications, may result in unforeseen operating difficulties and expenditures, be dilutive to earnings, and may not result in the benefits anticipated by such corporate activity. In particular, we may fail to assimilate or integrate the businesses, technologies, services, products, personnel, or operations of the acquired companies, retain key personnel necessary to favorably execute the combined companies’ business plan, or retain existing customers or sell acquired products to new customers. Acquisitions and alliances may also disrupt our ongoing business, divert our resources, and require significant management attention that would otherwise be available for ongoing development of our current business. In addition, we may be required to make additional capital investments or undertake remediation efforts to ensure the success of our acquisitions, which may reduce the benefits of such acquisitions. We also may be required to use a substantial amount of our cash or issue debt or equity securities to complete an acquisition or realize the potential of an alliance, which could deplete our cash reserves and/or dilute our existing stockholders. Following an acquisition or the establishment of an alliance offering new products, the timing of revenue from the sale of products that we acquired or that result from the alliance, or from the sale of a bundle of products that includes such new products, may be different than the timing of revenue from existing products. Following an acquisition or the establishment of an alliance offering new services and products, the timing of revenue from the sale of services and products that we acquired or that result from the alliance, or from the sale of a bundle of services and products that includes such new services and products, may be different than the timing of revenue from existing services and products. In addition, our ability to maintain favorable pricing of new products may be challenging if we bundle such products with existing products. In addition, our ability to maintain favorable pricing of new services and products may be challenging if we bundle such services and products with existing services and products. A delay in the recognition of revenue from sales of acquired or alliance products, or reduced pricing due to bundled sales, may cause fluctuations in our quarterly financial results, may adversely affect our operating margins, and may reduce the benefits of such acquisitions or alliances. A delay in the recognition of revenue from sales of acquired or alliance services and products, or reduced pricing due to bundled sales, may cause fluctuations in our quarterly financial results, may adversely affect our operating margins, and may reduce the benefits of such acquisitions or alliances.

Additionally, competition within the software industry for acquisitions of businesses, technologies, and assets has been, and may continue to be, intense. As such, even if we are able to identify an acquisition that we would like to pursue, the target may be acquired by another strategic buyer or financial buyer such as a private equity firm, or we may otherwise not be able to complete the acquisition on commercially reasonable terms, if at all. Moreover, in addition to our failure to realize the anticipated benefits of any acquisition, including our revenue or return on investment assumptions, we may be exposed to unknown liabilities or impairment charges to acquired intangible assets and goodwill as a result of acquisitions we do complete.

Incorrect or improper use of our products or our failure to properly train customers on how to utilize our products could result in customer dissatisfaction and negatively affect our business, results of operations, financial condition, and growth prospects.Incorrect or improper use of our services and products or our failure to properly train customers on how to utilize our services and products could result in customer dissatisfaction and negatively affect our business, results of operations, financial condition, and growth prospects.

Our products are complex and are deployed in a wide variety of environments. The proper use of our products requires training of the customer. The proper use of our services and products requires training of the customer. If our products are not used correctly or as intended, inadequate performance may result. If our services and products are not used correctly or as intended, inadequate performance may result. Our products may also be intentionally misused or abused by customers or their employees or third parties who are able to access or use our products. Our services and products may also be intentionally misused or abused by customers or their employees or third parties who are able to access or use our services and products. Because our customers rely on our services, products, and support to manage a wide range of operations, the incorrect or improper use of our products, our failure to properly train customers on how to efficiently and effectively use our products, or our failure to properly provide services to our customers may result in negative publicity or legal claims against us. Because our customers rely on our services, products, and support to manage a wide range of operations, the incorrect or improper use of our services and products, our failure to properly train customers on how to efficiently and effectively use our services and products, or our failure to properly provide services to our customers may result in negative publicity or legal claims against us. Also, any failure by us to properly provide training or other services to existing customers will likely result in lost opportunities for follow-on and increased sales of our products.

In addition, if there is substantial turnover of customer personnel responsible, especially at the executive level, for the use and support of our products, or if customer personnel are not well trained in the use and support of our products, customers may defer the deployment of our products, may deploy them in a more limited manner than originally anticipated, or may not deploy them at all.In addition, if there is substantial turnover of customer personnel responsible, especially at the executive level, for the use and support of our services and products, or if customer personnel are not well trained in the use and support of our services and products, customers may defer the deployment of our services and products, may deploy them in a more limited manner than originally anticipated, or may not deploy them at all. Further, if there is substantial turnover of the customer personnel responsible for use of our products, our ability to renew existing licenses and make additional sales may be substantially limited. Further, if there is substantial turnover of the customer personnel responsible for use of our services and products, our ability to renew existing licenses and make additional sales may be substantially limited.

We may not be able to obtain capital when desired on favorable terms, if at all, and we may not be able to obtain capital or complete acquisitions through the use of equity without dilution to our stockholders.

We may need additional financing to execute on our current or future business strategies, including to develop new or enhance existing products, acquire businesses and technologies, service our existing debt, or otherwise to respond to competitive pressures.We may need additional financing to execute on our current or future business strategies, including to develop new or enhance existing services and products, acquire businesses and technologies, or otherwise to respond to competitive pressures.

If we raise additional funds through the issuance of equity or convertible debt securities, the percentage ownership of our existing stockholders could be significantly diluted, and newly issued securities may have rights, preferences, or privileges senior to those of existing stockholders. If we accumulate additional funds through debt financing, a substantial portion of our operating cash flow may be dedicated to the payment of principal and interest on such indebtedness, thus limiting funds available for our business activities. We cannot be assured that additional financing will be available on terms favorable to us, or at all. If adequate funds are not available, or are not available on acceptable terms, when we desire them, our ability to fund our operations, take advantage of unanticipated opportunities, develop or enhance our products, or otherwise respond to competitive pressures would be significantly limited. Any of these factors could harm our results of operations.

---

Table of Contents

Risks Related to Data Security and Privacy, Intellectual Property, and Information Technology

If our products experience cybersecurity breaches, there is unauthorized access to our customers’ data, or unauthorized use of our products or any of these events are perceived to happen, we may lose current or future customers and our reputation and business may be harmed.

Our products involve the collection, storage and processing of customer data (including, in some cases, personal data), and may provide business critical software and analytics necessary for our customers’ operations. As such, we may be an attractive target for data security attacks that threaten the confidentiality, integrity, and availability of our information technology systems and confidential information. Security breaches could result in public disclosure of confidential information, loss or modification of data affecting our customers’ operations, fraud or theft, ransom demands, or other misuse of confidential information, which in turn could result in our cloud services being perceived as not being secure, a reduction in customers using our products, as well as litigation, breach of contract claims, indemnity obligations, additional reporting requirements and/or oversight, restrictions on processing customer data, and other liabilities for our Company, all of which could lead to loss of revenue, a diminished ability to retain or attract new customers due to reputational harm, fines, costs, or other penalties or sanctions. While we have taken, and are continually updating and enhancing, steps to protect the confidential information and customer data to which we have access, including confidential information we may obtain through our customer support services or customer usage of our cloud-based services, our security measures or the security measures of companies we rely on, such as AWS, could be breached. We rely on third-party technology and systems for a variety of services, including, without limitation, encryption and authentication technology, employee email, content delivery to customers, back-office support, and other functions. We rely on third-party technology and systems for a variety of services, including, without limitation, encryption and authentication technology, employee email, content delivery to customers, back-office support, and other functions, and our ability to control or prevent breaches of any of these systems may be beyond our control. Our ability to control or prevent breaches of any of these systems may be beyond our control. Any failure by a third party to prevent or mitigate data security breaches or improper access to, or use, acquisition, disclosure, alteration or destruction of customer data could have adverse consequences for us. Because techniques used to obtain unauthorized access or infiltrate, sabotage, disable or degrade systems change frequently and generally are not identified until they are launched against a target, we may be unable to anticipate these techniques or to implement adequate preventative measures despite our efforts in implementing and deploying security measures. Because techniques used to obtain unauthorized access or infiltrate systems change frequently and generally are not identified until they are launched against a target, we may be unable to anticipate these techniques or to implement adequate preventative measures despite our efforts in implementing and deploying security measures. The use of constantly evolving technologies by diverse threat actors, such as the increased use of AI technologies, are sophisticated and complex and may increase the velocity of such threats, frequency of incident cases, and otherwise magnifying the risks associated with these types of attacks. The use of constantly evolving technologies by threat actors are sophisticated and complex and may increase the velocity of such threats, frequency of incident cases, and otherwise magnifying the risks associated with these types of attacks. These attack vectors may include social engineering/phishing, malware (including ransomware), malfeasance by insiders, human or technological error, and as a result of bugs, misconfigurations or exploited vulnerabilities in software or hardware. Although we have developed systems and processes designed to protect our and our customers’ data, prevent loss or unauthorized modification of data, ensure only authorized use of services, and prevent other cybersecurity breaches, including systems and processes designed to reduce the impact of a security breach to a third-party vendor, such measures cannot provide absolute security, and our systems may be vulnerable to malware or physical or electronic break-ins that our security measures may not detect. Although we have developed systems and processes designed to protect our and our customers’ data, prevent loss or unauthorized modification of data, ensure only authorized use of services, and other cybersecurity breaches, including systems and processes designed to reduce the impact of a security breach at a third-party vendor, such measures cannot provide Table of Contentsabsolute security. There can also be no assurance that our cybersecurity risk management program and processes, including our policies, controls or procedures, will be fully implemented, complied with or effective in protecting our information technology systems or confidential information. Individuals, including trusted employees and contractors, who circumvent our security measures may misappropriate proprietary, confidential, or personal data held by or on behalf of us, disrupt our operations, damage our systems, or otherwise damage our business. In addition, we may need to expend significant resources to protect against data security breaches or mitigate the impact of any such breaches. Any or all of these issues could negatively impact our ability to attract new customers or to increase engagement with existing customers, could cause existing customers to elect not to renew their term licenses or subscription agreements, or could subject us to third-party lawsuits, regulatory fines or other action or liability, which could adversely affect our business, results of operations, financial condition, or reputation. We cannot guarantee that any costs and liabilities incurred in relation to an attack or incident will be covered by our existing insurance policies or that applicable insurance will be available to us in the future on economically reasonable terms or at all.

In addition, data security breaches could expose us to liability under various laws and regulations across jurisdictions, increase the risk of litigation and governmental or regulatory investigation, and increase our costs for compliance. For example, we may need to notify governmental authorities and/or affected individuals with respect to certain data security breach in light of a growing number of laws, including those in the European Economic Area (“EEA”), U.K., and the United States. Complying with such numerous and complex regulations in the event of a data security breach would be expensive and difficult, and failure to comply with these regulations could subject us to regulatory scrutiny and additional liability. We may also be contractually required to notify customers or other counterparties of a security incident, including a data security breach.

Service interruptions or failures of our third-party service providers may impair the availability of our products, which may expose us to liability, damage our reputation, and harm our future financial results.

We rely on services provided by third-parties to operate our products, any of which such services, if they encounter interruptions, failure, or slowdown for any reason, could cause outages or delays in our products, negatively affect our platform,

---

Table of Contents

damage our reputation with current and potential customers, expose us to liability, cause us to lose customers, adversely affect our results of operations, or otherwise harm our business. For example, we host our platform using AWS data centers and all of our cloud products rely on resources operated by AWS. Our operations depend on protecting our virtual cloud infrastructure hosted by service providers; preserving the infrastructure’s configuration, architecture, and interconnection specifications; and maintaining access to our products and the information stored in virtual data centers and transmitted over internet service providers. Although we have disaster recovery plans that use multiple virtual data center locations, any incident affecting our service providers’ operations and infrastructure, including but not limited to those caused by power loss, telecommunications failures, unauthorized intrusion or malicious action, malware and disabling devices, natural catastrophes, terrorism, wars, and other similar events beyond our control, could negatively affect our products. A prolonged third-party service disruption affecting our platform for any of the foregoing reasons could be detrimental to our business. We may also incur significant costs for taking other actions in preparation for, or in reaction to, events that disrupt the third-party services we use.

Our platform is accessed by a large number of customers, often at the same time, and we do not control the operation of our third-party service providers. As we continue to expand the number of our customers and products available to our customers, we may not be able to scale our technology to accommodate the increased capacity requirements, which may result in interruptions or delays in our products. In addition, the failure of third-party virtual data centers, third-party internet service providers, or other third-party service providers whose services are integrated with our products, to meet our capacity requirements, could result in interruptions or delays in access to our products or impede our ability to scale our operations. In the event that our third-party service agreements are not renewed or are terminated, or there is a lapse of service, interruption of service provider connectivity or damage to such services, we could experience interruptions in access to our products as well as delays and additional expense in arranging new third-party service providers, all of which could harm our business.

Evolving policy and regulatory responses to AI and machine learning and their potential implications for the fields of information technology, data privacy, and security may result in increased compliance costs and associated concerns for us.

At present, multiple jurisdictions are taking a heightened interest in AI and machine learning. For example, multiple jurisdictions are taking a heightened interest in AI and machine learning, which we make use of. There has been a recent wave of policy and regulatory responses from various governments rolling out action plans for risk mitigation to legislation being introduced to generally oversee the use of AI. For example, in 2023, the President of the United States issued an executive order, promulgating guidelines to executive departments, and various states have enacted legislation relating to disclosure requirements for the use of AI, and in the EU, the EU AI Act, adopted in 2024, establishes a comprehensive, risk-based governance framework and applies to, amongst other entities, providers, importers, and distributors of AI systems or general-purpose AI models that are placed on the EU market or put into service or used in the EU. There is a risk that our current or future products may be subject to heightened obligations under the EU AI Act, which may impose additional costs on us, increase our risk of liability, or adversely affect our business. New or evolving regulations relating to rapidly evolving generative AI and machine learning technologies may impose additional rules and restrictions on the use of the AI in our products.

Compliance with such global laws and regulations, including but not limited to the EU AI Act and any new or evolving regulations relating to generative AI and machine learning technologies, has and will continue to require valuable management, operating expenses, and employee time and resources, and any actual or perceived failure to comply with these laws and regulations or other actual or asserted obligations relating to privacy, data protection, or cybersecurity could lead to inspections, audits, regulatory investigations and other proceedings, significant fines, severe penalties, and other relief imposed by governmental agencies and regulatory bodies, and claims, demands, and litigation by our customers or third parties, which may reduce demand for our products and result in reputational harm, substantial damages and other liabilities.

Privacy concerns could result in regulatory changes and impose additional costs and liabilities on us, limit our use of information, and adversely affect our business.

As adoption of our cloud-based products occurs, the amount of customer data, including customer personal data, that we manage, hold, and/or collect continues to increase.As adoption of our cloud-based services occurs, the amount of customer data, including customer personal information, that we manage, hold, and/or collect continues to increase. In addition, our products may collect, process, store, and use transaction-level data aggregated across insurers using our common data model. We anticipate that over time, we will continue to expand the use and collection of personal data as greater amounts of such personal data may be transferred from our customers to us. We anticipate that over time we will continue to expand the use and collection of personal information as greater amounts of such personal information may be transferred from our customers to us and we recognize that privacy and data security has become a significant issue in the United States, Europe, the U. We recognize that privacy and data security has become a significant issue in the United States, Europe, the U.K., and many other jurisdictions where we operate.

---

Table of Contents

Many federal, state, and foreign legislatures and government agencies have imposed, are considering imposing, or are considering changing restrictions and requirements about the collection, use, and disclosure of personal data. Changes to laws or regulations affecting privacy could impose additional costs and liabilities, including fines, on us and could limit our use of such information to add value for customers, including, for example, the California Consumer Privacy Act and the California Privacy Rights Act, which substantially went into effect on January 1, 2023 and other state privacy laws enacted in recent years. New EU laws related to the use of data, including in the Digital Services Act, the EU Data Act, and the EU Artificial Intelligence Act (“EU AI Act”), may impose additional rules and restrictions on the use of the data in our products. If we were required to change our business activities or revise or eliminate services, or to implement burdensome compliance measures, our business and results of operations could be harmed. We may be subject to fines, penalties, and potential litigation, including class action lawsuits, if we fail to comply with applicable privacy and/or data security laws, regulations, standards, and other requirements. We may be subject to fines, penalties, and potential litigation if we fail to comply with applicable privacy and/or data security laws, regulations, standards, and other requirements. The costs of compliance with and other burdens imposed by evolving privacy-related laws, regulations, and standards may limit the use and adoption of our products and reduce overall demand. The costs of compliance with and other burdens imposed by privacy-related laws, regulations, and standards may limit the use and adoption of our services and products and reduce overall demand.

Furthermore, concerns regarding data privacy and/or security may cause our customers’ customers to resist providing the data and information necessary to allow our customers to use our products effectively. Even the perception that the privacy and/or security of personal data is not satisfactorily managed, or does not meet applicable legal, regulatory, and other requirements, could inhibit sales of our products, and could limit adoption of our solutions, resulting in a negative impact on our sales, reputation, and results of operations. Even the perception that the privacy and/or security of personal information is not satisfactorily managed, or does not meet applicable legal, regulatory, and other requirements, could inhibit sales of our services or products, and could limit adoption of our solutions, resulting in a negative impact on our sales, reputation, and results from operations.

Privacy concerns in the EU and the U.K. are evolving and we may face fines and other penalties, as well as reputational harm, if we fail to comply with these current and evolving laws, and compliance with these laws may increase our expenses and adversely affect our business and results of operations.

On April 27, 2016, the EU adopted the European General Data Protection Regulation (the “GDPR”), that took effect on May 25, 2018. The GDPR applies to any company established in the EEA as well as to those outside the EEA if they carry out processing of personal data of individuals in the EEA that is related to the offering of goods or services to them or the monitoring of their behavior.Table of ContentsOn April 27, 2016, the EU adopted the GDPR, that took effect on May 25, 2018. The GDPR applies to any company established in the European Economic Area (“EEA”) as well as to those outside the EEA if they carry out processing of personal data of individuals in the EEA that is related to the offering of goods or services to them or the monitoring of their behavior. The GDPR has enhanced data protection obligations for processors and controllers of personal data and non-compliance with the GDPR can trigger fines of up to €20 million, or 4% of total worldwide annual revenues, whichever is higher. Given the breadth and depth of changes in data protection obligations, we have previously invested significant resources to comply with GDPR requirements. While our expenditures have decreased in recent periods as we have improved our compliance efforts, we have in the past and may in the future need to allocate additional resources in response to new interpretations, regulatory guidance, and enforcement decisions, or ongoing negotiation of data processing agreements with our customers and business partners. Given the breadth and depth of changes in data protection obligations, complying with GDPR requirements has caused us to expend significant resources and such expenditures are likely to continue into the near future as we respond to new interpretations, regulatory guidance, and enforcement decisions and as we continue to negotiate data processing agreements with our customers and business partners.

In addition, the GDPR restricts transfers of personal data outside the EEA to countries without adequate privacy protections, such as the United States, unless an appropriate safeguard specified by the GDPR such as the Standard Contractual Clauses is implemented. We expect the existing legal complexity and uncertainty regarding international personal data transfers to continue, with changes to the regulatory landscape recently adopted or anticipated from the EU and other jurisdictions such as Switzerland and the U.K. We (and many other companies) have and may in the future be required to adopt additional measures to accomplish and maintain legitimate means for the transfer and receipt of personal data from the EU to the United States and other countries. We (and many other companies) may be required to adopt additional measures to accomplish and maintain legitimate means for the transfer and receipt of personal data from the EU to the United States and other countries. As data protection authorities continue to issue further guidance and orders on personal data export mechanisms and/or continue taking enforcement action, we could suffer additional costs, complaints and/or regulatory investigations or fines, and/or if we are otherwise unable to transfer personal data between and among countries and regions in which we operate, it could affect the manner in which we provide our services, the geographical location or segregation of our relevant systems and operations, and could adversely affect our financial results.

We may experience hesitancy, reluctance, or refusal by European or multi-national customers to continue to use our products due to the potential risk exposure to such customers as a result of such developments and the data protection obligations imposed on them by various data protection authorities. Such customers may also view any alternative approaches to the transfer of any personal data as being too costly, too burdensome, or otherwise objectionable, and therefore may decide not to do business with us.

Given the nature of our cloud-based products and the current data protection landscape in the EU, we may be subject to greater risk of potential inquiries and/or enforcement actions from regulators.Given our current transition to more cloud-based services and the current data protection landscape in the EU, we may be subject to greater risk of potential inquiries and/or enforcement actions from regulators. We may find it necessary to establish alternative systems to maintain EEA personal data within the EEA, which may involve substantial expense and may cause us to need to divert resources from other aspects of our business, all of which may adversely affect our results from operations. Further, any inability to adequately address privacy concerns in connection with our cloud-based services, or comply with applicable privacy or data protection laws, regulations, and policies, could result in additional cost and liability to us, including fines and harm to our reputation, and adversely affect our ability to offer cloud-based services.

---

Table of Contents

In addition, as we are subject to the supervision of relevant data protection authorities under both the GDPR and United Kingdom’s General Data Protection Regulation (“U.K. GDPR”), we could be fined under each of those regimes independently in respect of the same breach. The U.K. GDPR mirrors the data protection obligations and fines under the GDPR, but there may be further developments causing the obligations and fines to diverge, which could cause our cost of and risks associated with compliance to increase. GDPR mirrors the data protection obligations and fines under the GDPR, but there may be further developments about the regulation of particular issues such as U. Anticipated further evolution of EU and U.K. regulations on data privacy and security and any related changes to the regulatory framework in these or other countries may increase substantially our risk exposure to the penalties to which we could be subject in the event of any non-compliance. We may incur substantial expense in complying with the new obligations to be imposed by new regulations and interpretations of existing regulations and we may be required to make significant changes to our software applications and expanding business operations, all of which may adversely affect our results of operations.

Assertions by third parties of infringement or other violation by us of their intellectual property rights could result in significant costs and substantially harm our business and results of operations.

The software industry is characterized by the existence of a large number of patents and frequent claims and related litigation regarding patents and other intellectual property rights. In particular, leading companies in the software industry own large numbers of patents, copyrights, trademarks, and trade secrets, which they may use to assert claims against us. From time to time, third parties holding such intellectual property rights, including leading companies, competitors, patent holding companies, and/or non-practicing entities, may assert patent, copyright, trademark, or other intellectual property claims against us, our customers and partners, and those from whom we license technology and intellectual property.

Although we believe that our products do not infringe upon the intellectual property rights of third parties, we cannot assure that we are not infringing or otherwise violating any third-party intellectual property rights or that third parties will not assert infringement or misappropriation claims against us with respect to current or future products, or that any such assertions will not require us to enter into royalty arrangements, result in costly litigation, or result in us being unable to use certain intellectual property.Although we believe that our services and products do not infringe upon the intellectual property rights of third parties, we cannot assure that we are not infringing or otherwise violating any third-party intellectual property rights or that third parties will not assert infringement or misappropriation claims against us with respect to current or future services or products, or that any such assertions will not require us to enter into royalty arrangements, result in costly litigation, or result in us being unable to use certain intellectual property. Infringement assertions from third parties may involve patent holding companies or other patent owners who have no relevant product revenue, and therefore our own issued and pending patents may provide little or no deterrence to these patent owners in bringing intellectual property rights claims against us.

If we are forced to defend against any infringement or misappropriation claims, whether they are with or without merit, are settled out of court, or are determined in our favor, we may be required to expend significant time and financial resources on the defense of such claims. Furthermore, an adverse outcome of a dispute may require us to pay damages, potentially including treble damages and attorneys’ fees, if we are found to have willfully infringed a party’s intellectual property; cease making, licensing, or using our products that are alleged to infringe or misappropriate the intellectual property of others; expend additional development resources to redesign our products; enter into potentially unfavorable royalty or license agreements in order to obtain the right to use necessary technologies or works; and to indemnify our partners, customers, and other third parties. Furthermore, an adverse outcome of a dispute may require us to pay damages, potentially including treble damages and attorneys’ fees, if we are found to have willfully infringed a party’s intellectual property; cease making, licensing, or using our services or products that are alleged to infringe or misappropriate the intellectual property of others; expend additional development resources to redesign our services or products; enter into potentially unfavorable royalty or license agreements in order to obtain the right to use necessary technologies or works; and to indemnify our partners, customers, and other third parties. Any of these events could seriously harm our business, results of operations, and financial condition.

Failure to protect our intellectual property could substantially harm our business and results of operations.

Our success depends in part on our ability to enforce and defend our intellectual property rights. We rely upon a combination of trademark, trade secret, copyright, patent, and unfair competition laws, as well as license agreements and other contractual provisions, to do so.

We have filed, and may in the future file, patent applications related to certain of our innovations.Table of ContentsWe have filed, and may in the future file, patent applications related to certain of our innovations. We do not know whether those patent applications will result in the issuance of a patent or whether the examination process will require us to narrow our claims. In addition, we may not receive competitive advantages from the rights granted under our patents and other intellectual property. Our existing patents and any patents granted to us or that we otherwise acquire in the future, may be contested, circumvented, or invalidated, and we may not be able to prevent third parties from infringing these patents. Therefore, the extent of the protection afforded by these patents cannot be predicted with certainty. In addition, given the costs, effort, risks, and downside of obtaining patent protection, including the requirement to ultimately disclose the invention to the public, we may choose not to seek patent protection for certain innovations; however, such patent protection could later prove to be important to our business.

We also rely on several registered and unregistered trademarks to protect our brand. Nevertheless, competitors may adopt service names similar to ours, or purchase our trademarks and confusingly similar terms as keywords in internet search engine advertising programs, thereby impeding our ability to build brand identity and possibly leading to confusion in the marketplace. In addition, there could be potential trade name or trademark infringement claims brought by owners of other registered trademarks or trademarks that incorporate variations of our trademarks. Any claims or customer confusion related to our trademarks could damage our reputation and brand and substantially harm our business and results of operations.

---

Table of Contents

We attempt to protect our intellectual property, technology, and confidential information by generally requiring our employees and consultants to enter into confidentiality agreements and assignment of inventions agreements and third parties to enter into nondisclosure agreements, all of which offer only limited protection. These agreements may not effectively prevent unauthorized use or disclosure of our confidential information, intellectual property or technology and may not provide an adequate remedy in the event of unauthorized use or disclosure of our confidential information, intellectual property, or technology. Despite our efforts to protect our confidential information, intellectual property, and technology, unauthorized third parties may gain access to our confidential proprietary information, develop and market services or products similar to ours, or use trademarks similar to ours, any of which could materially harm our business and results of operations. In addition, others may independently discover our trade secrets and confidential information, and in such cases, we could not assert any trade secret rights against such parties. Existing United States federal, state, and international intellectual property laws offer only limited protection. The laws of some foreign countries do not protect our intellectual property rights to as great an extent as the laws of the United States, and many foreign countries do not enforce these laws as diligently as governmental agencies and private parties in the United States. Moreover, policing our intellectual property rights is difficult, costly, and may not always be effective.

From time to time, legal action by us may be necessary to enforce our patents and other intellectual property rights, to protect our trade secrets, to determine the validity and scope of the intellectual property rights of others, or to defend against claims of infringement or invalidity. Such litigation could result in substantial costs and diversion of resources and could negatively affect our business, reputation, results of operations, and financial condition. If we are unable to protect our technology and to adequately maintain and protect our intellectual property rights, we may find ourselves at a competitive disadvantage to others who need not incur the additional expense, time, and effort required to create the innovative products that have enabled us to be successful to date.

We and our customers rely on technology and intellectual property of third parties, the loss of which could limit the functionality of our products and disrupt our business.

We use technology and intellectual property licensed from unaffiliated third parties in certain of our products, and we may license additional third-party technology and intellectual property in the future.We use technology and intellectual property licensed from unaffiliated third parties in certain of our services and products, and we may license additional third-party technology and intellectual property in the future. Any errors, defects, or security issues in this third-party technology and intellectual property or the integration of third-party technology and intellectual property with our products could result in errors that could harm our brand and business. Though we have not experienced resulting impact to date, recent industry incidents, such as the CrowdStrike incident, involving vulnerabilities in third-party technology, underscore the potential risks associated with the use of third-party technology and intellectual property. Moreover, licensed technology and intellectual property may not continue to be available on commercially reasonable terms, or at all, or otherwise will be subject to restrictions that under applicable law could adversely affect our proprietary software. The loss of the right to license and distribute this third-party technology could limit the functionality of our products and might require us to redesign our products. The loss of the right to license and distribute this third-party technology could limit the functionality of our services and products and might require us to redesign our services and products.

In addition, our Guidewire cloud offerings rely on third-party hosting and infrastructure services provided by AWS and other service providers, for the continuous, reliable, and secure operation of servers, related hardware and software, and network infrastructure. A prolonged AWS service disruption or slowdown for any reason could damage our reputation with current and potential customers, expose us to liability, cause us to lose customers, or otherwise harm our business.

Some of our products and technologies may use “open source” software, which may restrict how we use or distribute our services or require that we release the source code of certain products subject to those licenses. Some of our services and technologies may use “open source” software, which may restrict how we use or distribute our services or require that we release the source code of certain services and products subject to those licenses.

Some of our products and technologies may incorporate software licensed under so-called “open source” licenses. In addition to risks related to license requirements, usage of open source software can lead to greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or controls on origin of the software. Additionally, some open source licenses require that source code subject to the license be made available to the public and that any modifications or derivative works to open source software continue to be licensed under open source licenses. These open source licenses typically mandate that proprietary software, when combined in specific ways with open source software, become subject to the open source license. If we combine our proprietary software in such ways with open source software, we could be required to release the source code of our proprietary software. Further, this third-party technology and intellectual property has the potential for security-related concerns, given that we do not create or maintain such third-party technology and intellectual property that may be exposed to unknown future security risks.

We take steps to ensure that our proprietary software is not combined with, and does not incorporate, open source software in ways that would require our proprietary software to be subject to many of the restrictions in an open source license. However, few courts have interpreted open source licenses, and the manner in which these licenses may be interpreted and enforced is therefore subject to some uncertainty. Additionally, we rely on hundreds of software programmers to design our proprietary technologies, and although we take steps to prevent our programmers from including objectionable open source

---

Table of Contents

software in the technologies and software code that they design, write and modify, we do not exercise complete control over the development efforts of our programmers and we cannot be certain that our programmers have not incorporated such open source software into our proprietary products and technologies or that they will not do so in the future. In the event that portions of our proprietary technology are determined to be subject to an open source license, we could be required to publicly release the affected portions of our source code, re-engineer all or a portion of our technologies, or otherwise be limited in the licensing of our technologies, each of which could reduce or eliminate the value of our services and technologies and materially and adversely affect our business, results of operations, and prospects.

We may be obligated to disclose our proprietary source code to our customers, which may limit our ability to protect our intellectual property and could reduce the renewals of our support services.

Our software license agreements typically contain provisions permitting the customer to become a party to, or a beneficiary of, a source code escrow agreement under which we place the proprietary source code for our applicable products in escrow with a third party. Under these escrow agreements, the source code to the applicable product may be released to the customer, typically for its use to maintain, modify, and enhance the product, upon the occurrence of specified events, such as our filing for bankruptcy, discontinuance of our support services, and breaching our representations, warranties, or covenants of our agreements with our customers. Additionally, in some cases, customers have the right to request access to our source code upon demand. Some of our customers have obtained the source code for certain of our products by exercising this right, and others may do so in the future. Some of our customers have obtained the source code for certain of our services and products by exercising this right, and others may do so in the future.

Disclosing the content of our source code may limit the intellectual property protection we can obtain or maintain for that source code or the products containing that source code and may facilitate intellectual property infringement claims against us.Disclosing the content of our source code may limit the intellectual property protection we can obtain or maintain for that source code or the services and products containing that source code and may facilitate intellectual property infringement claims against us. It also could permit a customer to which a product’s source code is disclosed to support and maintain that software product without being required to purchase our support services. Each of these could harm our business, results of operations, and financial condition.

Risks Related to Legal, Regulatory, Accounting, and Tax Matters

The nature of our business requires the application of accounting guidance that requires management to make estimates and assumptions. Reported results under United States Generally Accepted Accounting Principles (“GAAP”) may vary from key metrics used to measure our business. Additionally, changes in accounting guidance may cause us to experience greater volatility in our quarterly and annual results. If we are unsuccessful in adapting to and interpreting the requirements of new guidance, or in clearly explaining to stockholders how new guidance affects reporting of our results of operations, our stock price may decline.

We prepare our consolidated financial statements to conform to GAAP. These accounting principles are subject to interpretation by the SEC, Financial Accounting Standards Board (“FASB”), and various bodies formed to interpret and create accounting rules and regulations. Accounting standards, or the guidance relating to interpretation and adoption of standards, could have a significant effect on our financial results and could affect our business. Additionally, the FASB and the SEC are focused on the integrity of financial reporting, and our accounting policies are subject to scrutiny by regulators and the public.

We cannot predict the impact of future changes to accounting principles or our related accounting policies on our financial statements going forward. In addition, were we to change our accounting estimates, including those related to the timing of revenue recognition and those used to allocate revenue between various performance obligations, our reported revenue and results of operations could be significantly impacted. If we are unsuccessful in adapting to the requirements of any new standard, or if changes to our go-to-market strategy create new risks, then we may experience greater volatility in our quarterly and annual results, which may cause our stock price to decline.

In addition, GAAP requires management to make estimates and assumptions that affect the amounts reported in the consolidated financial statements. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, the results of which form the basis for making judgments about the carrying values of assets, liabilities, equity, revenue, and expenses that are not readily apparent from other sources.

Further, revenue recognition standards require significant judgment and estimates that impact our reported revenue and results of operations. Additionally, reported revenue has and will vary from ARR, a non-GAAP metric, and cash flow associated with each customer agreement. Additionally, reported revenue has and will vary from the ARR, a non-GAAP metric, and cash flow associated with each customer agreement. For example, for some arrangements with multiple performance obligations, a portion of recurring license and support or subscription contract value is allocated to services revenue for revenue recognition purposes, but does not get allocated for purposes of calculating ARR. This revenue allocation only impacts the initial term of the contract. This means that if we increase arrangements with multiple performance obligations that include services at discounted rates, more of the total contract value would be recognized as services revenue, but our reported ARR amount would

---

Table of Contents

not be impacted. This potential difference and variability in the trends of reported amounts may cause volatility in our stock price.

If we fail to maintain effective internal control over financial reporting or identify a material weakness in our internal control over financial reporting, our ability to report our financial condition and results of operations in a timely and accurate manner could be adversely affected, investor confidence in our Company could diminish, and the value of our common stock may decline.

Preparing our consolidated financial statements involves a number of complex manual and automated processes, which are dependent upon individual data input or review and require significant management judgment. One or more of these processes may result in errors that may not be detected and could result in a material misstatement of our consolidated financial statements. The Sarbanes-Oxley Act of 2002 (the “Sarbanes-Oxley Act”) requires, among other things, that as a publicly traded company we disclose whether our internal control over financial reporting and disclosure controls and procedures are effective. The Sarbanes-Oxley Act of 2002 (the “Sarbanes-Oxley Act”) requires, among other things, that as a publicly-traded company we disclose whether our internal control over financial reporting and disclosure controls and procedures are effective.

A material weakness is a deficiency, or combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of our annual or interim financial statements will not be prevented or detected on a timely basis.

While we continually undertake steps to improve our internal control over financial reporting as our business changes, we may not be successful in making the improvements and changes necessary to be able to identify and remediate control deficiencies or material weaknesses on a timely basis. If we are unable to successfully remediate any future material weaknesses in our internal control over financial reporting, the accuracy and timing of our financial reporting may be adversely affected; our liquidity, access to capital markets and perceptions of our creditworthiness may be adversely affected; we may be unable to maintain compliance with securities laws, stock exchange listing requirements and debt instruments covenants regarding the timely filing of periodic reports; we may be subject to regulatory investigations and penalties; investors may lose confidence in our financial reporting; we may suffer defaults under our debt instruments; and our stock price may decline.

If tax laws change or we experience adverse outcomes resulting from examination of our income tax returns, it could adversely affect our results of operations.

We are subject to federal, state, and local income taxes in the United States and in foreign jurisdictions. Our future effective tax rates and the value of our deferred tax assets could be adversely affected by changes in, interpretations of, and guidance regarding tax laws, including impacts of the Tax Cuts and Jobs Act of 2017, the Coronavirus Aid, Relief, Economic Security Act of 2020, the Inflation Reduction Act of 2022, and certain OECD proposals, including the implementation of the global minimum tax under the Pillar Two model rules. Our future effective tax rates and the value of our deferred tax assets could be adversely affected by changes in, interpretations of, and guidance regarding tax laws, including impacts of the Tax Cuts and Jobs Act of 2017 (the “Tax Act”), the Coronavirus Aid, Relief, Economic Security Act of 2020, the Inflation Reduction Act of 2022, and certain OECD proposals, including the implementation of the global minimum tax under the Pillar Two model rules.

In addition, we are subject to the examination of our income tax returns by the IRS and other tax authorities. We regularly assess the likelihood of adverse outcomes resulting from such examinations to determine the adequacy of our provision for income taxes. Significant judgment is required in determining our worldwide provision for income taxes. Although we believe we have made appropriate provisions for taxes in the jurisdictions in which we operate, changes in the tax laws or challenges from tax authorities under existing tax laws could adversely affect our business, results of operations, or financial condition.

Risks Related to Ownership of Our Common Stock

Our stock price may be volatile, which could result in securities class action litigation against us.

The market price of our common stock could be subject to wide fluctuations in response to, among other things, the risk factors described in this report, the timing and amount of any share repurchases by us, and other factors beyond our control, such as fluctuations in the valuation of companies perceived by investors to be comparable to us and research analyst coverage about our business.Table of ContentsThe market price of our common stock could be subject to wide fluctuations in response to, among other things, the risk factors described in this report, the timing and amount of any share repurchases by us, and other factors beyond our control, such as fluctuations in the valuation of companies perceived by investors to be comparable to us and research analyst coverage about our business.

Furthermore, the stock markets have experienced price and volume fluctuations that have affected and continue to affect the market prices of equity securities of many companies. These fluctuations often have been unrelated or disproportionate to the operating performance of those companies. These broad market and industry fluctuations, as well as general economic, political, and market conditions, such as recessions, interest rate changes, inflation or deflation, armed conflict, international currency fluctuations, or other global events have and may continue to affect the market price of our common stock. These broad market and industry fluctuations, as well as general economic, political, and market conditions, such as recessions, interest rate changes, inflation or deflation, armed conflict, or international currency fluctuations, have and may continue to affect the market price of our common stock.

In the past, we and many companies that have experienced volatility in the market price of their stock have been subject to securities class action litigation and we may become the target of complaints of this type of litigation in the future. Securities litigation against us could result in substantial costs and divert our management’s attention from our business, which could seriously harm our business, results of operations, and financial condition.

---

Table of Contents

We currently do not intend to pay dividends on our common stock and, consequently, the only opportunity to achieve a return on investment is if the price of our common stock appreciates.

We currently do not plan to declare dividends on shares of our common stock in the foreseeable future. Consequently, the only opportunity to achieve a return on investment in our Company will be if the market price of our common stock appreciates and shares are sold at a profit.

Certain provisions of our certificate of incorporation and bylaws and of Delaware law could prevent a takeover that stockholders consider favorable and could also reduce the market price of our stock.

Our amended and restated certificate of incorporation and our amended and restated bylaws contain provisions that could delay or prevent a merger, acquisition, or other change in control that stockholders may consider favorable, including transactions in which stockholders might otherwise receive a premium for their shares. These provisions may also prevent or delay attempts by stockholders to replace or remove our current management or members of our board of directors. These provisions include:

•not providing for cumulative voting in the election of directors, which limits the ability of minority stockholders to elect director candidates;

•authorizing our board of directors to issue, without stockholder approval, preferred stock rights senior to those of common stock, which could be used to significantly dilute the ownership of a hostile acquirer;

•prohibiting stockholder action by written consent, which forces stockholder action to be taken at an annual or special meeting of our stockholders;

•limiting the persons who may call special meetings of stockholders, which could delay the ability of our stockholders to force consideration of a proposal or to take action, including the removal of directors; and

•requiring advance notification of stockholder nominations and proposals, which may discourage or deter a potential acquirer from conducting a solicitation of proxies to elect the acquirer’s own slate of directors or otherwise attempting to obtain control of us.

The affirmative vote of the holders of at least a majority of our shares of capital stock entitled to vote is generally necessary to amend or repeal the above provisions that are contained in our amended and restated certificate of incorporation. Also, absent approval of our board of directors, our amended and restated bylaws may only be amended or repealed by the affirmative vote of the holders of at least 50% of our shares of capital stock entitled to vote.

In addition, we are subject to the provisions of Section 203 of the Delaware General Corporation Law. These provisions may prohibit large stockholders, in particular those owning 15% or more of our outstanding common stock, from engaging in certain business combinations without approval of substantially all of our stockholders for a certain period of time.

These and other provisions in our amended and restated certificate of incorporation, our amended and restated bylaws, and under Delaware law could discourage potential takeover attempts, reduce the price that investors might be willing to pay for shares of our common stock in the future, and result in the market price of our shares being lower than it would be without these provisions.

Our amended and restated bylaws designate certain state or federal courts as the exclusive forum for certain litigation that may be initiated by our stockholders, which could limit stockholders’ ability to obtain a favorable judicial forum for disputes with us.Table of ContentsOur amended and restated bylaws designate certain state or federal courts as the exclusive forum for certain litigation that may be initiated by our stockholders, which could limit stockholders’ ability to obtain a favorable judicial forum for disputes with us.

Our amended and restated bylaws provide that, unless we consent in writing to the selection of an alternative forum, to the fullest extent permitted by law, the Court of Chancery of the State of Delaware will be the sole and exclusive forum for any state law claim for:

•any derivative action or proceeding brought on our behalf;

•any action asserting a claim of breach of a fiduciary duty owed by any of our directors, officers, or other employees to us or our stockholders;

•any action asserting a claim arising pursuant to the Delaware General Corporation Law, our amended and restated certificate of incorporation or our amended and restated bylaws; or

•any action asserting a claim that is governed by the internal affairs doctrine (the “Delaware Forum Provision”).

The Delaware Forum Provision will not apply to any causes of action arising under the Securities Act or the Exchange Act. Further, our amended and restated bylaws provide that, unless we consent in writing to the selection of an alternative forum, the

---

Table of Contents

United States District Court for the Northern District of California will be the sole and exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act (the “Federal Forum Provision”), as we are based in the State of California. In addition, our amended and restated bylaws provide that any person or entity purchasing or otherwise acquiring any interest in shares of our capital stock is deemed to have notice of and consented to the Delaware Forum Provision and the Federal Forum Provision; provided, however, that stockholders cannot and will not be deemed to have waived our compliance with the U.S. federal securities laws and the rules and regulations thereunder.

The Delaware Forum Provision and the Federal Forum Provision in our amended and restated bylaws may impose additional litigation costs on stockholders in pursuing any such claims. Additionally, these forum selection clauses may limit our stockholders’ ability to bring a claim in a judicial forum that they find favorable for disputes with us or our directors, officers or employees (including, without limitation, any claims in respect of stockholder nominations of directors as permitted under our amended and restated bylaws), which may discourage the filing of lawsuits against us and our directors, officers and employees, even though an action, if successful, might benefit our stockholders. In addition, while the Delaware Supreme Court ruled in March 2020 that federal forum selection provisions purporting to require claims under the Securities Act be brought in federal court are “facially valid” under Delaware law, there is uncertainty as to whether other courts will enforce our Federal Forum Provision. If the Federal Forum Provision is found to be unenforceable, we may incur additional costs associated with resolving such matters. The Federal Forum Provision may also impose additional litigation costs on stockholders who assert that the provision is not enforceable or invalid. The Court of Chancery of the State of Delaware and the United States District Court for the Northern District of California may also reach different judgments or results than would other courts, including courts where a stockholder considering an action may be located or would otherwise choose to bring the action, and such judgments may be more or less favorable to us than our stockholders.

We cannot guarantee that any share repurchase program will be fully consummated or it will enhance stockholder value, and share repurchases could affect the price of our common stock.We cannot guarantee that any share repurchase program will be fully consummated or it will enhance stockholder value, and share repurchases could affect the price of our common stockIn September 2022, our board of directors authorized and approved a share repurchase program of up to $400.0 million of our outstanding common stock and we entered into an accelerated share repurchase (“ASR”) agreement to repurchase an aggregate $200.0 million of our common stock.

In September 2022, our board of directors authorized and approved a share repurchase program of up to $400.0 million of our outstanding common stock. As of July 31, 2024, $138.2 million of the share repurchase program remained available for future repurchases. Share repurchases under the program may be made from time to time, in the open market, in privately negotiated transactions and otherwise, at the discretion of management and in accordance with applicable federal securities laws, including Rule 10b-18 of the Exchange Act, and other applicable legal requirements. Such repurchases may also be made in compliance with Rule 10b5-1 trading plans entered into by us. The timing, pricing, and size of these repurchases will depend on a number of factors, including the market price of our common stock and general market and economic conditions. The share repurchase program does not obligate us to repurchase any dollar amount or number of shares, and the program may be suspended or discontinued at any time, which may result in a decrease in the price of our common stock. The share repurchase program could affect the price of our common stock, increase volatility, and diminish our cash reserves.

General Risk Factors

If we are unable to retain our personnel and hire and integrate additional skilled personnel, we may be unable to achieve our goals and our business will suffer.

Our future success depends upon our ability to continue to attract, train, integrate, and retain highly skilled employees, particularly our executive officers, sales and marketing personnel, professional services personnel, cloud operations personnel, and software engineers, especially personnel experienced in delivering cloud-based offerings.Table of ContentsOur future success depends upon our ability to continue to attract, train, integrate, and retain highly skilled employees, particularly our executive officers, sales and marketing personnel, professional services personnel, cloud operations personnel, and software engineers, especially as we transition to a business model focused on delivering cloud-based offerings. Additionally, our stakeholders expect us to have a culture that embraces diversity, inclusion, and belonging. Additionally, our stakeholders increasingly expect us to have a culture that embraces diversity, inclusion and belonging. Our inability to attract and retain diverse and qualified personnel, or delays in hiring required personnel, may seriously harm our business, results of operations, and financial condition. If U.S. immigration policy related to skilled foreign workers were materially adjusted, such a change could hamper our efforts to hire highly skilled foreign employees, including highly specialized engineers, which would adversely impact our business.

Any one of our executive officers and other key employees could terminate his or her relationship with us at any time. The loss of one or more of our executive officers or key employees, and any failure to have in place and execute an effective succession plan for key executive officers, could significantly delay or prevent us from achieving our business and/or development objectives and could disrupt or materially harm our business. Although we strive to reduce the challenges of any transition, failure to ensure effective transfer of knowledge and a smooth transition could disrupt or adversely affect our business, results of operations, financial condition, and prospects.

We face competition for qualified individuals from numerous software and other technology companies. Competition for qualified personnel is particularly intense in the San Francisco Bay Area, where our headquarters are located, though we also face significant competition in all of our domestic and foreign development centers. Further, significant amounts of time and

---

Table of Contents

resources are required to train technical, sales, services, operations, and other personnel. We may incur significant costs to attract, train, and retain such personnel, and we may lose new employees to our competitors or other technology companies before we realize the benefit of our investment after recruiting and training them.

Also, to the extent that we hire personnel from competitors, we may be subject to allegations that such personnel have been improperly solicited or have divulged proprietary or other confidential information. In addition, we have a limited number of sales people and the loss of several sales people within a short period of time could have a negative impact on our sales efforts. Additionally, current global events and recent economic conditions have increased attrition and decreased the number of available candidates for open positions, which has increased the time to identify and hire new employees. We may be unable to attract and retain suitably qualified individuals who are capable of meeting our growing technical, operational, and managerial requirements, including managing employees and contractors remotely or in a hybrid environment, or we may be required to pay increased compensation in order to do so.

Further, our ability to expand geographically depends, in large part, on our ability to attract, retain, and integrate managers with the appropriate skills to lead the local business and employees. Similarly, our profitability depends on our ability to effectively utilize personnel with the right mix of skills and experience to perform services for our customers, including our ability to transition employees to new assignments on a timely basis. If we are unable to effectively deploy our employees globally on a timely basis to fulfill the needs of our customers, our reputation could suffer and our ability to attract new customers may be harmed. If we are unable to effectively deploy our employees globally on a timely basis to fulfill the needs of our clients, our reputation could suffer and our ability to attract new clients may be harmed.

Because of the technical nature of our products and the dynamic market in which we compete, any failure to attract, integrate, and retain qualified direct sales, professional services, cloud operations, and product development personnel, as well as our contract workers, could harm our ability to generate sales, deliver consulting services, manage our customers’ cloud environments, or successfully develop new products and enhancements of existing products.Because of the technical nature of our services and products and the dynamic market in which we compete, any failure to attract, integrate, and retain qualified direct sales, professional services, cloud operations, and product development personnel, as well as our contract workers, could harm our ability to generate sales, deliver consulting services, manage our customers’ cloud environments, or successfully develop new services and products and enhancements of existing services and products.

Our indebtedness related to our Convertible Senior Notes is due within twelve months. Servicing our indebtedness requires a significant amount of cash.Servicing our indebtedness requires a significant amount of cash. We may have to use significant cash to pay our indebtedness, which could adversely affect our business and results of operations.

As of July 31, 2024, we had outstanding an aggregate principal amount of $400.0 million of our 1.25% Convertible Senior Notes due March 2025 (the “Convertible Senior Notes”).As of July 31, 2023, we had outstanding an aggregate principal amount of $400.0 million of our 1.25% Convertible Senior Notes due 2025 (the “Convertible Senior Notes”). Our indebtedness may increase our vulnerability to any generally adverse economic and industry conditions, and we and our subsidiaries may, subject to the limitations in the terms of our existing and future indebtedness, incur additional debt, secure existing or future debt, or recapitalize our debt. If we incur additional indebtedness, the risks related to our business would increase and our ability to service or repay our indebtedness may be adversely impacted.

Pursuant to their terms, holders may convert their Convertible Senior Notes at their option prior to the scheduled maturities of their Convertible Senior Notes under certain circumstances. Upon conversion of the Convertible Senior Notes, unless we elect to deliver solely shares of our common stock to settle such conversion (other than paying cash in lieu of delivering any fractional share), we will be obligated to make cash payments. In addition, holders of our Convertible Senior Notes will have the right to require us to repurchase their Convertible Senior Notes upon the occurrence of a fundamental change (as defined in the Indenture, dated as of March 13, 2018, between the Company and U.S. Bank National Association, as trustee (the “Trustee”) (the “Base Indenture”), as amended and supplemented by the First Supplemental Indenture, dated as of March 13, 2018, between the Company and the Trustee (together with the Base Indenture, the “Indenture”)) at a repurchase price equal to 100% of the principal amount of the Convertible Senior Notes to be repurchased, plus accrued and unpaid interest, if any, to, but not including, the fundamental change purchase date. Although it is our intention and we currently expect to have the ability to settle the Convertible Senior Notes in cash, there is a risk that we may not have enough available cash or be able to obtain financing at the time we are required to make repurchases of Convertible Senior Notes surrendered therefor or Convertible Senior Notes being converted. In addition, our ability to make payments may be limited by law, by regulatory authority, or by agreements governing our future indebtedness. Our failure to repurchase Convertible Senior Notes at a time when the repurchase is required by the Indenture or to pay any cash payable on future conversions of the Convertible Senior Notes as required by such Indenture would constitute a default under such Indenture. A default under the Indenture or the fundamental change itself could also lead to a default under agreements governing our future indebtedness. If the repayment of the related indebtedness were to be accelerated after any applicable notice or grace periods, we may not have sufficient funds to repay the indebtedness and repurchase the Convertible Senior Notes or make cash payments upon conversions thereof.

Our ability to make scheduled payments of the principal and interest on our indebtedness when due or to make payments upon conversion or repurchase demands with respect to our Convertible Senior Notes, or to refinance our indebtedness as we may need or desire, depends on our future performance, which is subject to economic, financial, competitive, and other factors beyond our control. Our business may not continue to generate cash flow from operations in the future sufficient to satisfy our

---

Table of Contents

obligations under our existing indebtedness, and any future indebtedness we may incur, and to make necessary capital expenditures. If we are unable to generate such cash flow, we may be required to adopt one or more alternatives, such as reducing or delaying investments or capital expenditures, selling assets, refinancing, or obtaining additional equity capital on terms that may be onerous or highly dilutive. Our ability to refinance existing or future indebtedness will depend on the capital markets and our financial condition at such time. We may not be able to engage in any of these activities or engage in these activities on desirable terms, which could result in a default on our existing or future indebtedness and have a material adverse effect on our business, results of operations, and financial condition.

Increased and complex scrutiny of environmental, social, and governance (“ESG”) matters may require us to incur additional costs or otherwise adversely impact our business.

Increased investor, governmental, and societal attention to and expectations around the wide range of issues generally referred to as ESG matters and our response to the same, may result in increased costs (including, but not limited to, increased costs related to compliance, stakeholder engagement and contracting), impact our reputation, or otherwise negatively affect our business performance. In addition, organizations that provide information to investors on corporate governance and related matters have developed ratings processes for evaluating companies on ESG matters, while other organizations are pushing corporations not to focus on ESG matters in decision making. Both unfavorable ESG ratings and engaging in activities designed to improve such ratings could lead to negative investor sentiment toward us and/or our industry, which could have a negative impact on our access to and costs of capital. To the extent ESG matters negatively impact our reputation, we may also not be able to compete as effectively to recruit or retain employees. We may take certain actions in relation to ESG matters in response to stakeholder demand; however, such actions may be costly or be subject to numerous conditions that are outside our control, and we cannot guarantee that such actions will have the desired effect or outcome. Moreover, while we may create and publish voluntary disclosures regarding ESG matters (in particular, information related to sustainability, environmental and human capital matters) from time to time, many of the statements in such voluntary disclosures are based on certain expectations and assumptions that may or may not be representative of current or actual risks or events or forecasts of expected risks or events, including the costs associated therewith.Moreover, while we may create and publish voluntary disclosures regarding ESG matters (in particular, information related related to environmental and human capital matters) from time to time, many of the statements in such voluntary disclosures are based on certain expectations and assumptions that may or may not be representative of current or actual risks or events or Table of Contentsforecasts of expected risks or events, including the costs associated therewith. Such expectations and assumptions are necessarily uncertain and may be prone to error or subject to misinterpretation given the long timelines involved and the lack of an established single approach to identifying, measuring and reporting on many sustainability, environmental and human capital matters. Such disclosures may also be at least partially reliant on third-party information that we have not independently verified or that otherwise cannot be independently verified.

Statements about our sustainability, environmental and human capital initiatives and goals, and progress against those goals, may be based on standards for measuring progress that are still developing, internal controls and processes that continue to evolve, and assumptions that are subject to change in the future. If our related data, processing and reporting are incomplete or otherwise inaccurate, or if we fail to achieve progress on certain metrics on a timely basis, our reputation, business, financial performance, and growth could be adversely affected.

In addition, we expect there will likely continue to be increasing levels of regulation and disclosure-related requirements with respect to sustainability, environmental and human capital matters, and increased regulation will likely lead to increased compliance costs as well as scrutiny that could heighten all of the associated risks identified in this risk factor.In addition, we expect there will likely be increasing levels of regulation, disclosure-related and otherwise, with respect to ESG matters, and increased regulation will likely lead to increased compliance costs as well as scrutiny that could heighten all of the associated risks identified in this risk factor. Such compliance matters may also impact our customers, which could adversely impact our business, results of operations, or financial condition.

Global events have adversely affected, and may continue to adversely affect, our business, results of operations, and financial condition.Recent global events have adversely affected, and may continue to adversely affect, our business, results of operations, and financial condition.

---

Table of Contents

Global events have adversely affected and may continue to adversely affect workforces, organizations, economies, and financial markets globally, leading to economic downturns, inflation, and increased market volatility. Ongoing conflicts such as the wars between Israel and Hamas and between Russia and Ukraine, escalating tensions in the South China Sea, high interest rates, financial instability and crises, pandemics, and supply chain issues have added to global economic and market volatility. The ongoing conflict between Russia and Ukraine, escalating tensions in the South China Sea, inflation higher than we have seen in decades, increasing interest rates, bank failures and associated financial instability and crises, and supply chain issues have added to global economic and market volatility. Our past business and financial results, including our ARR growth rates, services revenue, and margins, have been adversely impacted due to the disruptions resulting from such events, and may be again in the future. Our past business and financial results, including our ARR growth rates, services revenue, and margins, were adversely impacted due to the disruptions resulting from these events. Such global events have disrupted and may again disrupt the normal operations of our customers’ businesses and our SI partners’ businesses. The related impacts of global events on the global economy could decrease or delay technology spending and adversely affect demand for our products. The related impacts of recent global events on the global economy could decrease or delay technology spending and adversely affect demand for our products. Further, our sales and implementation cycles could increase, which could result in contract terms more favorable to customers and a potentially longer delay between incurring operating expenses and the generation of corresponding revenue, if any, or difficulty in accurately forecasting our financial results. Further, our sales and implementation cycles have increased and could continue to increase, which has resulted in and could result in contract terms more favorable to customers and a potentially longer delay between incurring operating expenses and the generation of corresponding revenue, if any, or difficulty in accurately forecasting our financial results. Additionally, our customers may be unable to pay outstanding invoices or may request amended payment terms due to the economic impacts from such global events and related implementation delays. As a result of such developments and the related economic impact to our business, we may be required to record impairment related to our operating lease assets, investments, long-lived assets, or goodwill. As a result of these developments and the related economic impact to our business, we may be required to record impairment related to our operating lease assets, investments, long-lived assets, or goodwill. Due to the continuing and evolving nature of such global events, it is not possible for us to accurately predict the duration or magnitude of the adverse impacts and effects on our business, results of operations, or financial condition. Due to the continuing and evolving nature of these global events, it is not possible for us to accurately predict the duration or magnitude of the adverse impacts and effects on our business, results of operations, or financial condition. Further, to the extent global events adversely affects our business, results of operations, or financial condition, it may also have the effect of heightening many of the other risks described in this “Risk Factors” section. Further, to the extent recent global events adversely affects our business, results of operations, or financial condition, it may also have the effect of heightening many of the other risks described in this “Risk Factors” section.

Our customers may defer or forego purchases of our products in the event of weakened global economic conditions, political transitions, and industry consolidation.

General worldwide economic conditions remain unstable, and prolonged economic uncertainties or downturns could harm our business, results of operations, or financial condition. In particular, global inflation concerns, ongoing conflicts such as the wars between Israel and Hamas and between Russia and Ukraine, the occurrence of regional epidemics or a global pandemic and related public health measures, and escalating tensions in the South China Sea, have created and may continue to create global economic uncertainty in regions in which we have significant operations. These conditions may make it difficult for our customers and us to forecast and plan future business activities accurately, and could cause our customers to reevaluate their decision to purchase our products, which could delay and lengthen our sales cycles, delay or increase pricing pressures on services engagements, or result in cancellations of planned purchases. These conditions may make it difficult for our customers and us to forecast and plan future business activities accurately, and could cause our customers to reevaluate their decision to purchase our services and products, which could delay and lengthen our sales cycles, delay or increase pricing pressures on services engagements, or result in cancellations of planned purchases. Moreover, during challenging economic times our customers may face issues in gaining timely access to sufficient credit, which could result in an impairment of their ability to make timely payments to us. If that were to occur, we may not receive amounts owed to us and may be required to record an accounts receivable allowance, which would adversely affect our financial results. A substantial downturn in the P&C insurance industry may cause firms to react to worsening conditions by reducing their capital expenditures, reducing their spending on information technology, delaying or canceling information technology projects, or seeking to lower their costs by renegotiating vendor contracts. Negative or worsening conditions in the general economy both in the United States and abroad, including conditions resulting from financial and credit market fluctuations and inflation, could cause a decrease in corporate spending on enterprise software in general, and in the insurance industry specifically, and negatively affect the rate of growth of our business.

Furthermore, the increased pace of consolidation in the P&C insurance industry may result in reduced overall spending on our products and professional services. Acquisitions of customers or potential customers can delay or cancel sales cycles or result in existing arrangements not being renewed and because we cannot predict the timing or duration of such acquisitions, our results of operations could be materially impacted.

Factors outside of our control, including, but not limited to, natural catastrophes, the geopolitical landscape, and terrorism may adversely impact the P&C insurance industry or third parties we rely on, preventing us from expanding or maintaining our existing customer base and harming our business. Our business is subject to the risks of earthquakes, fire, floods, and other natural catastrophic events, and to interruption by man-made problems such as computer viruses.

---

Table of Contents

Our customers are P&C insurers that have experienced, and will likely experience in the future, losses from catastrophes or terrorism that may adversely impact their businesses. Catastrophes that impact our business, our customers, or third parties we rely on can be caused by various events, including, without limitation, hurricanes, tsunamis, floods, typhoons, windstorms, earthquakes, hail, tornadoes, explosions, volcanic eruptions, severe weather, excessive heat, epidemics, pandemics, and fires. Climate change and other environmental factors are contributing to an increase in erratic weather patterns globally and intensifying the impact of certain types of catastrophes. Moreover, acts of terrorism or armed conflict or uncertainty in the geopolitical landscape, including as a result of escalation in the ongoing conflicts such as the wars between Israel and Hamas and between Russia and Ukraine as well as the escalation of tensions in the South China Sea, could cause disruptions to our business or our customers’ businesses or the economy as a whole. Moreover, acts of terrorism or armed conflict or uncertainty in the geopolitical landscape, including as a result of escalation in the ongoing conflict between Russia and Ukraine as well as the escalation of tensions in the South China Sea, could cause disruptions to our business or our customers’ businesses or the economy as a whole. The risks associated with natural catastrophes, the geopolitical landscape, and terrorism are inherently unpredictable, and it is difficult to forecast the timing of such events or estimate the amount of losses they will generate. Recently, for example, various parts of the United States have suffered damage from Hurricane Idalia, wildfires in Maui, Hawaii, and heatwaves affecting the Pacific Northwest, while Turkey and Syria experienced severe earthquakes, Canada faced wildfires, and Australia experienced wildfires and flooding. The combined and expected effect of those losses on P&C insurers is significant. Such losses and losses due to future events may adversely impact our current or potential customers, which may prevent us from maintaining or expanding our customer base and increasing our revenue, as such events may cause customers to postpone purchases and professional service engagements or to discontinue existing projects.

Our corporate headquarters and a substantial portion of our operations are located in the San Francisco Bay Area, a region known for seismic activity and rising ocean levels and near an area subject to severe fire damage.Our corporate headquarters and the majority of our operations are located in the San Francisco Bay Area, a region known for seismic activity and near an area subject to severe fire damage. A significant natural disaster, such as an earthquake, tsunami, fire or flood affecting the Bay Area could have a material adverse impact on our business, results of operations, and financial condition. A significant natural disaster, such as an earthquake, tsunami, fire, flood, epidemic, or pandemic could have a material adverse impact on our business, results of operations, and financial condition.

In addition, our information technology systems are vulnerable to computer viruses, break-ins, and similar disruptions from unauthorized tampering, such as the recent CrowdStrike incident. To the extent that such disruptions result in delays or cancellations of customer orders or collections, or the deployment or availability of our products, our business, results of operations, and financial condition would be adversely affected. To the extent that such disruptions result in delays or cancellations of customer orders or collections, or the deployment or availability of our services and products, our business, results of operations, and financial condition would be adversely affected.

Adverse developments affecting certain financial institutions, as well as the banking system as a whole, could negatively affect our current and projected business operations and our financial condition and results of operations.

Adverse developments that may affect certain financial institutions and the banking system as a whole, such as events involving liquidity that are either rumored or actual, have in the past and may in the future lead to bank failures and market-wide liquidity concerns. For example, in March 2023, Silicon Valley Bank was closed by the California Department of Financial Protection and Innovation, which appointed the Federal Deposit Insurance Corporation as receiver. On March 10, 2023, Silicon Valley Bank was closed by the California Department of Financial Protection and Innovation, which appointed the Federal Deposit Insurance Corporation as receiver. Similarly, other institutions have been and may continue to be swept into receivership. Up until March of 2023, our primary banking partner in the United States was Silicon Valley Bank. Since such time, we have further diversified our banking relationships. In connection with such developments, we have not experienced any material adverse impact to our cash flow or to our current and projected business operations, financial condition, or results of operations. Although we are continuing to evaluate and diversify our banking relationships, uncertainty may remain over liquidity concerns in the broader financial services industry. Although we are continuing to evaluate and diversify our banking relationships, uncertainty remains over liquidity concerns in the broader financial services industry. As a consequence, our business, our business partners, or industry as a whole may be adversely impacted in ways that we cannot predict at this time. Further, a significant portion of our assets are held in cash, cash equivalent and marketable securities. If any financial uncertainty were to impact a broad segment of the financial services industry, our enterprise value and our future prospects could be harmed or otherwise negatively impacted.

Our revenue, results of operations and cash flows are subject to fluctuations due to changes in foreign currency exchange rates, particularly changes in the Australian Dollar, British Pound, Canadian Dollar, Euro, Indian Rupee, and Polish Zloty.

The volatility of exchange rates depends on many factors that we cannot forecast with reliable accuracy. Although we believe our operating activities act as a natural hedge for a majority of our foreign currency exposure at the cash flow or operating income level because we typically collect revenue and incur costs in the currency of the location in which we provide our software and services, our relationships with our customers are long-term in nature so it is difficult to predict if our operating activities will provide a natural hedge in the future. In addition, because our contracts are characterized by large annual payments, significant fluctuations in foreign currency exchange rates that coincide with annual payments may affect our cash flows, revenue or financial results in such quarter. Our results of operations may also be impacted by transaction gains or losses related to revaluing certain current asset and liability balances that are denominated in currencies other than the functional currency of the entity in which they are recorded. Moreover, significant and unforeseen changes in foreign currency exchange rates may cause us to fail to achieve our stated projections for revenue, ARR, and operating income, which could have an adverse effect on our stock price. We expect global exchange rates for various currencies may be more volatile than normal as a result of ongoing conflicts, including the wars between Israel and Hamas and between Russia and Ukraine and

---

Table of Contents

related events. We will continue to experience fluctuations in foreign currency exchange rates, which, if material, may harm our revenue, ARR, or results of operations.

The conditional conversion feature of the Convertible Senior Notes, if triggered, may adversely affect our financial condition and results of operations.

In the event the conditional conversion feature of the notes is triggered, holders of our Convertible Senior Notes will be entitled to convert the Convertible Senior Notes at any time during specified periods at their option. If one or more holders elect to convert their Convertible Senior Notes, unless we elect to satisfy our conversion obligation by delivering solely shares of our common stock (other than paying cash in lieu of delivering any fractional share), we would be required to settle a portion or all of our conversion obligation through the payment of cash, which could adversely affect our liquidity.

Transactions relating to our Convertible Senior Notes may affect the value of our common stock.

The conversion of some or all of the Convertible Senior Notes would dilute the ownership interests of existing stockholders to the extent we satisfy our conversion obligation by delivering shares of our common stock upon any conversion of such Convertible Senior Notes. Our Convertible Senior Notes may become in the future convertible at the option of their holders under certain circumstances. If holders of our Convertible Senior Notes elect to convert their notes, we may settle our conversion obligation by delivering to them a significant number of shares of our common stock, which would cause dilution to our existing stockholders.

In connection with the issuance of the Convertible Senior Notes, we entered into capped call transactions with certain financial institutions (the “option counterparties”). The capped call transactions are expected generally to reduce the potential dilution to our common stock upon any conversion of the notes and/or offset any cash payments we are required to make in excess of the principal amount of converted notes, as the case may be, with such reduction and/or offset subject to a cap.

From time to time, the option counterparties or their respective affiliates may modify their hedge positions by entering into or unwinding various derivative transactions with respect to our common stock and/or purchasing or selling our common stock or other securities of ours in secondary market transactions prior to the maturity of the Convertible Senior Notes. This activity could cause a decrease in the market price of our common stock.

The accounting method for convertible debt securities that may be settled in cash, such as the Convertible Senior Notes, could have a material effect on our reported financial results.

In August 2020, the FASB issued Accounting Standards Update (“ASU”) 2020-06, Debt—Debt with Conversion and Other Options (Subtopic 470-20) and Derivatives and Hedging—Contracts in Entity’s Own Equity (Subtopic 815-40), which we adopted on August 1, 2022. The ASU simplifies the accounting for convertible instruments, and among other things, eliminates the treasury stock method to calculate diluted earnings per share for convertible instruments and requires the use of the if-converted method. When calculating diluted EPS, the if-converted method requires us to assume that convertible debt instruments (and any applicable conversion premium) are converted to common stock as of the beginning of the period presented regardless of the price of our stock in periods that we have net income. Additionally, the if-converted method does not allow us to offset the impact of our capped call transactions on the calculation. We expect that such calculations will negatively affect our reported diluted EPS in the periods that we have net income irrespective of actual conversion of the Convertible Senior Notes.

We are subject to counterparty risk with respect to the capped call transactions.

The option counterparties are financial institutions, and we will be subject to the risk that any or all of them might default under the capped call transactions. Our exposure to the credit risk of the option counterparties will not be secured by any collateral. Past and recent global economic conditions have resulted in the actual or perceived failure or financial difficulties of many financial institutions. If an option counterparty becomes subject to insolvency proceedings, we will become an unsecured creditor in those proceedings with a claim equal to our exposure at that time under the capped call transactions with such option counterparty. Our exposure will depend on many factors but, generally, an increase in our exposure will be correlated to an increase in the market price and in the volatility of our common stock. In addition, upon a default by an option counterparty, we may suffer adverse tax consequences and more dilution than we currently anticipate with respect to our common stock. We can provide no assurances as to the financial stability or viability of the option counterparties.

---

Table of Contents

Item 1B.Unresolved Staff Comments

Not applicable.

Item 1C.Item 1A. Cybersecurity

Our products involve the collection, storage and processing of customer data (including, in some cases, personal data), and may provide business critical software and analytics necessary for our customers’ operations. Guidewire develops, implements, and maintains cybersecurity measures designed to safeguard our products and protect the confidentiality, integrity, and availability of our customer data and our confidential information.

Risk Management and Strategy

We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems, information, and products. Our cybersecurity risk management program includes a cybersecurity incident response plan.

We maintain various internationally recognized security certifications and aim to adopt best practices from industry-leading frameworks and standards for cybersecurity and cloud computing, including, without limitation, ISO 27001 certification, SOC 2, U.S. NIST Cybersecurity Framework (CSF), and the CIS Critical Security Controls. This does not imply that we have met any particular technical standards, specifications, or requirements, only that we use these frameworks, industry best practices, and standards as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business.

Our cybersecurity risk management program is integrated into our overall enterprise risk management program, and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas.

Our cybersecurity risk management program includes:

•risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, and our broader enterprise IT environment;

•an enterprise-wide security team principally responsible for managing our cybersecurity risk assessment processes, implementing and maintaining our security controls, and responding to cybersecurity incidents;

•the use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security controls;

•cybersecurity awareness training of our employees, including incident response personnel, product development personnel, and senior management;

•a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents; and

•a third-party risk management process for service providers, suppliers, and vendors, including, among others, vetting, periodic monitoring, and the implementation of contractual safeguards to ensure adherence to our cybersecurity standards.

We have not identified risks from known cybersecurity threats to date, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. However, we face ongoing cybersecurity risks, including threats that might become more sophisticated and effective over time, and we cannot anticipate when or the extent to which cybersecurity breaches will materially affect the Company. Additional information on the cybersecurity risks we face is discussed in Part I, Item 1A, “Risk Factors.”

Governance

Our Board, by way of our Risk Committee, oversees management of cybersecurity and other information technology risks. The Risk Committee receives periodic reports from management on our cybersecurity risks and control structure. In addition, management updates the Risk Committee, as necessary, regarding cybersecurity incidents.

---

Table of Contents

The Risk Committee reports to the full Board regarding its activities, including those related to cybersecurity. The full Board also receives briefings from management on our cybersecurity risk management program. Board members receive reports on cybersecurity risks from our Chief Information Security Officer (“CISO”), internal security staff and/or external experts as part of the Board’s continuing education on topics that impact public companies.

Our management team, including our CISO, is responsible for assessing and managing our material risks from cybersecurity threats. The team has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants. Our CISO has over 20 years of experience in the technology sector, including 18 years dedicated to information security. He has held multiple executive security roles in a large Fortune 500 company, overseeing product security, mergers and acquisitions security, marketplace security, and enterprise security. He holds a Bachelor of Science in Information Systems Management and a Masters of Business Administration.

Our management team will periodically receive information on our cybersecurity program designed to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include periodic briefings from internal security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us; and alerts and reports produced by security tools deployed in our information technology environment.

Recently Filed

Click on a ticker to see risk factors

Ticker *	File Date
AVGO	16 hours ago
TOL	17 hours ago
CSPI	18 hours ago
CIEN	18 hours ago
A	1 day, 15 hours ago
ARKR	1 day, 16 hours ago
LTCH	1 day, 16 hours ago
LIVE	1 day, 16 hours ago
HEI	1 day, 16 hours ago
ESOA	1 day, 17 hours ago
AVO	1 day, 17 hours ago
JOB	1 day, 17 hours ago
ABM	1 day, 17 hours ago
MGYR	1 day, 17 hours ago
OPXS	1 day, 17 hours ago
HPE	2 days, 1 hour ago
NDSN	2 days, 16 hours ago
HOV	2 days, 17 hours ago
NVOS	2 days, 17 hours ago
YCBD	2 days, 17 hours ago
TTC	2 days, 21 hours ago
APDN	3 days, 17 hours ago
KEYS	3 days, 17 hours ago
SONN	4 days ago
NMTC	4 days, 1 hour ago
EPIX	4 days, 2 hours ago
UPXI	4 days, 16 hours ago
CMP	4 days, 16 hours ago
QIPT	4 days, 16 hours ago
MITK	4 days, 17 hours ago
ALID	4 days, 17 hours ago
RICK	4 days, 17 hours ago
ASRE	4 days, 17 hours ago
VERU	4 days, 18 hours ago
NX	5 days, 3 hours ago
FSFG	1 week ago
EDSA	1 week ago
ODRS	1 week ago
PRKA	1 week ago
AMAT	1 week ago
GNSS	1 week ago
LEE	1 week ago
ESSA	1 week ago
HPQ	1 week, 1 day ago
SDCH	1 week, 1 day ago
LPTV	1 week, 1 day ago
ASYS	1 week, 1 day ago
NGVC	1 week, 1 day ago
GTIM	1 week, 1 day ago
LQDT	1 week, 1 day ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard

TRADE SMARTER

with our free, cutting-edge alternative data platform

Please enter user name

Password too short

Sign in

Don't have an account? Sign Up for Free

Forgot password?

TRADE SMARTER

with our free, cutting-edge alternative data platform

Please enter user name

Please enter valid email

Password too short

Password too short

Sign Up

I already have an account, Sign In

App Store (iOS)

Play Store (Android)