Risk Factors - NABL

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

ITEM 1A. RISK FACTORS

Summary of Risk Factors

Below is a summary of the principal factors that make an investment in our common stock speculative or risky. This summary does not address all of the risks that we face. Additional discussion of the risks summarized in this risk factor summary, and other risks that we face, can be found below under the heading “Risk Factors” and should be carefully considered, together with other information in this Annual Report on Form 10-K and our other filings with the SEC, before making an investment decision regarding our common stock.

Risks Related to Our Business and Industry

•Our quarterly revenue and operating results may fluctuate in the future because of a number of factors, which makes our future results difficult to predict or could cause our operating results or the guidance we provide to fall below expectations.

•If we are unable to sell subscriptions to IT services provider customers, to sell additional solutions to our existing customers or to increase the usage of our solutions by our existing customers, our revenue growth and operating results could be adversely effected.

•Our business depends on customers renewing their subscription agreements.•Our business depends on MSP partners renewing their subscription agreements. If our subscription-based business model fails to yield the benefits that we expect, our results of operations could be negatively impacted.

•We operate in highly competitive markets, which could make it difficult for us to acquire and retain customers at our historic rates.

•Our success depends on our ability to adapt to the rapidly changing needs of IT services providers, MSPs, and their SMB mid-market customers.

•If we fail to integrate our solutions with a variety of operating systems, software applications, platforms and hardware that are developed by others or ourselves, our solutions may become less competitive or obsolete and our results of operations would be harmed.

•Acquisitions present many risks that could have an adverse effect on our business and results of operations.

•We may not be able to achieve or sustain the same level of cash flows in the future.

•Because our long-term success depends on our ability to operate our business internationally and increase sales of our solutions to our customers located outside of the United States, our business is susceptible to risks associated with international operations.Because our long-term success depends on our ability to operate our business internationally and increase sales of our solutions to our MSP partners located outside of the United States, our business is susceptible to risks associated with international operations.

•We resell third-party software and integrate third-party software into our solutions that may be difficult to replace or that could cause errors or failures of our solutions and lead to a loss of customers or harm to our reputation and our operating results.

•Material defects, errors or vulnerabilities in our solutions, the failure of our solutions to block malware or prevent a security breach, misuse of our solutions, or risks of product liability claims could harm our reputation, result in significant costs to us and impair our ability to sell our solutions.

Risks Related to Our Indebtedness

•Our substantial indebtedness could adversely affect our financial health and our ability to obtain financing in the future, react to changes in our business and meet our obligations with respect to our indebtedness.

•We may be able to incur substantially more indebtedness, which could further exacerbate the risks associated with our substantial indebtedness.

Risks Related to Our Intellectual Property

•The success of our business depends on our ability to obtain, maintain, protect and enforce our intellectual property rights.

•Our solutions use third-party software that may be difficult to replace or cause errors or failures of our solutions that could lead to a loss of customers or harm to our reputation and our operating results.

Risks Related to Cybersecurity and the Cyber Incident

•Cyberattacks, including the Cyber Incident, and other security incidents have resulted, and in the future may result, in compromises or breaches of our, our customers’, or their SMB and mid-market customers’ systems, the insertion of malicious code, malware, ransomware or other vulnerabilities into our, our customers’, or their SMB and mid-market customers’ systems, the exploitation of vulnerabilities in our, our customers’, or their SMB and mid-market customers’

19

---

Table of Contents

environments, the theft or misappropriation of our, our customers’, or their SMB and mid-market customers’ proprietary and confidential information, and interference with our, our customers’, or their SMB and mid-market customers’ operations, exposure to legal and other liabilities, higher customer and employee attrition and the loss of key personnel, negative impacts to our sales, renewals and upgrades and reputational harm and other serious negative consequences, any or all of which could materially harm our business.

•The Cyber Incident has had and may continue to have an adverse effect on our business, reputation, customer and employee relations, results of operations, financial condition or cash flows.

Risks Related to Government Regulation

•We are subject to various global data privacy and security regulations, which could result in additional costs and liabilities to us.

•We are subject to governmental export controls and economic sanctions laws that could impair our ability to compete in international markets and subject us to liability.

Risks Related to Accounting and Taxation

•We are subject to fluctuations in foreign exchange and interest rates.

•Failure to maintain proper and effective internal controls could have a material adverse effect on our business.

•We are subject to potential changes in tax laws or regulations

Risks Related to Ownership of Our Common Stock and Our Organizational Structure

•The Sponsors have a controlling influence over matters requiring stockholder approval.

•The Sponsors and their affiliated funds may pursue corporate opportunities independent of us that could present conflicts with our and our stockholders’ interests.

•Our charter and bylaws contain anti-takeover provisions that could delay or discourage takeover attempts.

Risk Factors

Risks Related to Our Business and Industry

Our quarterly revenue and operating results may fluctuate in the future because of a number of factors, which makes our future results difficult to predict or could cause our operating results or the guidance we provide to fall below expectations.

Our quarterly revenue and operating results may vary significantly in the future. As a result, you should not rely on the results of any one quarter as an indication of future performance and period-to-period comparisons of our revenue and operating results may not be meaningful.

Our quarterly results of operations may fluctuate as a result of a variety of factors, including, but not limited to, those listed below, many of which are outside of our control:

•our ability to maintain and increase sales to existing customers and to attract new customers, including selling additional subscriptions to our existing customers to deliver services to their SMB and mid-market customers or for their internal use;

•changes in SMB and mid-market demand for services provided by our IT services provider customers, including those related to the number of customers serviced by our IT services provider customers and the reduced amount of services provided by our IT services provider customers to their SMB and mid-market customers;

•declines in subscription renewals and changes in net customer retention;

•lack of visibility into our financial position and results of operations in connection with our consumption-based revenue;

•our ability to capture a significant volume of qualified sales opportunities;

•our ability to convert qualified sales opportunities into new business sales at acceptable conversion rates;

•the amount and timing of operating expenses and capital expenditures related to the expansion of our operations and infrastructure and customer acquisition;

•our failure to achieve the growth rate that was anticipated by us in setting our operating and capital expense budgets;

•potential foreign exchange gains and losses related to expenses and sales denominated in currencies other than the functional currency of an associated entity;

20

---

Table of Contents

•fluctuations in foreign currency exchange rates that may negatively impact our reported results of operations;

•the timing of revenue and expenses related to the development or acquisition of technologies, solutions or businesses, or strategic partnerships and their integration;

•potential goodwill and intangible asset impairment charges and amortization associated with acquired businesses;

•the timing and success of new offerings, enhancements or functionalities introduced by us or our competitors, including potential deferral of orders from our customers in anticipation of new offerings or enhancements announced by us or our competitors;

•any other change in the competitive landscape of our industry, including consolidation among our competitors, customers, SMBs, or mid-market companies, and strategic partnerships entered into by us and our competitors;

•our ability to obtain, maintain, protect and enforce our intellectual property rights;

•changes in our subscription pricing or those of our competitors;

•the impact of new accounting pronouncements;

•general economic, industry and market conditions that impact expenditures for IT management technology for SMBs and mid-market companies in the United States and other countries where we sell our solutions;

•significant security breaches, such as the Cyber Incident, technical difficulties or interruptions to our solutions or infrastructure;

•changes in tax rates, laws or regulations in jurisdictions in which we operate; and

•the impact of a recession, pandemic, or any other adverse global economic or political conditions on our business.

Fluctuations in our quarterly operating results might lead analysts to change their models for valuing our common stock. As a result, our stock price could decline rapidly, and we could face costly securities class action suits or other unanticipated issues.

Because we recognize revenue from our longer-term subscriptions and term licenses over the subscription or license term, downturns or upturns in new sales and renewals may not be immediately reflected in our operating results and may be difficult to discern.

Certain of our customers purchase licenses for one year or longer for our products, and we expect the amount of customers with such arrangements to increase. In such cases, we generally recognize revenue as we satisfy our performance obligations over the term of their subscription. Revenue from such contracts reported in a given quarter will often be derived from the recognition of revenue relating to contracts entered into during previous quarters. Consequently, a decline in new or renewed customer contracts in any single quarter may have a smaller impact on our revenue for that quarter. However, such a decline will negatively affect our revenue in future quarters. Accordingly, the effect of significant downturns in sales and market acceptance of our solutions, and potential changes in our rate of renewals, may not be fully reflected in our results of operations until future periods. Accordingly, our ability to achieve significant growth in revenue in the future will depend on our ability to recruit, train and retain sufficient numbers of sales personnel, and on the productivity of those personnel. In addition, a significant majority of our costs are expensed as incurred, while revenue is recognized over the life of such agreements with our customer. As a result, increased growth in the number of our customers could continue to result in our recognition of more costs than revenue in the earlier periods of the terms of our agreements.

We report certain market opportunity estimates, forecasts of market growth, and other metrics, which could prove to be inaccurate, and any real or perceived inaccuracies may negatively affect our reputation and our business.

Certain estimates and information concerning our industry and market are based on third-party sources, and our estimates of our market opportunity are based on such information. Although we believe the information from such third-party sources is reliable, we have not independently verified the accuracy or completeness of the data contained in such third-party sources or the methodologies for collecting such data, and such information may prove to be inaccurate. Even if the markets in which we compete meet the size estimates and growth forecasted that we have reported, we may not successfully access these markets and our business could fail to grow at similar rates, if at all.

Additionally, certain of our operational metrics, such as annual recurring revenue (ARR), are calculated using internal systems and tools that are not validated by an independent third-party, and may differ from estimates or similar metrics published or used by third-parties due to differences in methodologies and assumptions. Our internal systems, tools, and processes have a number of limitations, and our data collection methodologies may have errors or could change over time, which could result in unexpected changes to our metrics, including the metrics we publicly disclose. If our operating metrics are not accurate, or if investors do not perceive them to be accurate, investors may lose confidence in our operating metrics and business, we could be subject to legal claims, and our business, reputation, financial condition, and results of operations could

21

---

Table of Contents

be adversely affected. In addition, limitations or errors with respect to how we measure data or with respect to the data that we measure may affect our understanding of certain details of our business, which could affect our long-term strategies.

If we are unable to sell subscriptions to new customers, to sell additional solutions to our existing customers or to increase the usage of our solutions by our existing customers, our revenue growth and operating results may be adversely effected.If we are unable to sell subscriptions to new MSP partners, to sell additional solutions to our existing MSP partners or to increase the usage of our solutions by our existing MSP partners, it could adversely affect our revenue growth and operating results.

We provide our solutions primarily under monthly or annual subscriptions to our customers. A subscription generally entitles a customer to, among other things, support, as well as security updates, fixes, functionality enhancements and upgrades to the technologies, each, if and when available. To increase our revenue, we must regularly add new customers and expand our relationships with our existing customers. To increase our revenue, we must regularly add new MSP partners and expand our relationships with our existing MSP partners. We also rely, to a significant degree, on our customers establishing and maintaining relationships with their SMB and mid-market customers, for our IT services provider customers to add new SMB and mid-market customers, for those customers to add new devices and to drive adoption of new services that we offer. We also rely, to a significant degree, on our MSPs establishing and maintaining relationships with their SME customers, for our MSP partners to add new SME customers, for those customers to add new devices and to drive adoption of new services that we offer. When our customers move from month-to-month contracts to longer-term contracts, or renew their longer-term contracts, they may reevaluate their needs and decrease their usage. In addition, economic weakness and uncertainty, tightened credit markets and constrained IT spending from time to time contribute to slowdowns in the technology industry, as well as in the industries of SMBs and the geographic regions in which we, our customers and their SMB and mid-market customers operate; this may result in reduced demand and increased price competition for our offerings. Economic weakness and uncertainty, tightened credit markets and constrained IT spending from time to time contribute to slowdowns in the technology industry, as well as in the industries of SMEs and the geographic regions in which we, our MSP partners and their SME customers operate; this may result in reduced demand and increased price competition for our offerings. Uncertainty about future economic conditions may, among other things, negatively impact the current and prospective SMB and mid-market customers of our IT services provider customers and result in delays or reductions in technology purchases. Uncertainty about future economic conditions may, among other things, negatively impact the current and prospective SME customers of our MSP partners and result in delays or reductions in technology purchases. Even if we capture a significant volume of opportunities from our digital marketing activities, we must be able to convert those opportunities into sales of our subscriptions in order to achieve revenue growth.

We primarily rely on our direct sales force to sell our solutions to new and existing customers and convert qualified opportunities into sales using our low-touch, high-velocity sales model.We primarily rely on our direct sales force to sell our solutions to new and existing MSP partners and convert qualified opportunities into sales using our low-touch, high-velocity sales model. Accordingly, our ability to achieve significant growth in revenue in the future will depend on our ability to recruit, train and retain sufficient numbers of sales personnel, and on the productivity of those personnel. Our recent and planned personnel additions may not become as productive as we would like or in a timely manner, and we may be unable to hire or retain sufficient numbers of qualified individuals in the future in the markets where we do or plan to do business.

If we do not effectively hire, integrate, train, manage, and retain additional sales personnel, and expand our sales and marketing capabilities, we may be unable to increase our customer base and increase sales to our existing customers.

Our ability to increase our customer base and achieve broader market adoption of our platform will depend to a significant extent on our ability to continue to expand our sales and marketing operations.The ability to recruit, retain and develop key employees and management personnel is critical to our success and growth, and our inability to attract and retain qualified personnel could harm our business. We have and plan to continue to dedicate significant resources to sales and marketing programs and to expand our sales and marketing capabilities to target additional potential customers, but there is no guarantee that we will be successful in attracting and maintaining additional customers. If we are unable to find efficient ways to deploy our sales and marketing investments or if our sales and marketing programs are not effective, our business and operating results will be adversely affected. If we are unable to renew such contracts on similar or more favorable terms, it could increase our expenses or otherwise materially adversely affect our business, results of operations and financial condition.

Furthermore, we plan to continue expanding our sales force and there is significant competition for sales personnel with the skills and technical knowledge that we require. Our ability to achieve revenue growth will depend, in part, on our success in hiring, integrating, training, managing, and retaining sufficient numbers of sales personnel to support our growth, particularly in international markets. New hires require significant training and may take extended time before they are productive. Our recent hires and planned hires may not become productive as quickly as we expect, or at all, and we may be unable to hire or retain sufficient numbers of qualified individuals in the markets where we do business or plan to do business. Our recent and planned personnel additions may not become as productive as we would like or in a timely manner, and we may be unable to hire or retain sufficient numbers of qualified individuals in the future in the markets where we do or plan to do business. Moreover, our international expansion may be slow or unsuccessful if we are unable to retain qualified personnel with international experience, language skills and cultural competencies in the geographic markets in which we target.

If we are unable to hire, integrate, train, manage, and retain a sufficient number of effective sales personnel, or the sales personnel we hire are not successful in obtaining new customers or increasing sales to our existing customer base, our business, operating results and financial condition will be adversely affected.

Our business depends on customers renewing their subscription agreements.•Our business depends on MSP partners renewing their subscription agreements. If our subscription-based business model fails to yield the benefits that we expect, our results of operations could be negatively impacted.

The significant majority of our revenue consists of subscription revenue. Our subscriptions generally have recurring monthly, annual, or multi-year subscription periods. Our subscriptions generally have recurring monthly or annual subscription periods. Our customers have no obligation to renew their subscription agreements after the expiration of their subscription. Our MSP partners have no obligation to renew their subscription agreements after the expiration of their subscription.

It is difficult to accurately predict long-term customer retention. Our customers’ subscription net revenue retention rates may decline or fluctuate as a result of a number of factors, including their level of satisfaction with our offerings, the prices of our solutions, the prices of tools and services offered by our competitors or reductions in our customers’ spending levels. Our MSP partners’ subscription net revenue retention rates may decline or fluctuate as a result of a number of factors, including their level of satisfaction with our offerings, the prices of our solutions, the prices of tools and services offered by our competitors or reductions in our MSP partners’ or their SME customers’ spending levels. If our

22

---

Table of Contents

customers do not renew their subscription arrangements or if they renew them on less favorable terms, our revenue may decline and our business will suffer.

We may not have visibility into a portion of our revenue that is consumption-based, which may result in our financial position and results of operations falling below internal or external expectations, which could negatively impact the price of our common stock.21Table of ContentsWe may not have visibility into a portion of our revenue that is consumption-based, which may result in our financial position and results of operations falling below internal or external expectations, which could negatively impact the price of our common stock.

A portion of our revenue is recognized based on consumption as customers use certain aspects of our platform, whether such usage is beyond their paid subscriptions or on an individual basis. This usage is particularly applicable to our unified endpoint management (“UEM”) solutions and our Cove backup, recovery and disaster recovery solutions. This usage is particularly applicable to our remote monitoring and management (“RMM”) solutions and our backup, recovery and disaster recovery solutions. Unlike our subscription revenue, which is recognized ratably over the term of the subscription, we generally recognize consumption revenue as the services are delivered. Because our customers have flexibility in the timing of their consumption, we do not have the visibility into the timing of revenue recognition that we have with our subscription revenue. Because our MSP partners have flexibility in the timing of their consumption, we do not have the visibility into the timing of revenue recognition that we have with our subscription revenue. There is a risk that our customers will not use portions of our platform that provide consumption-based revenue at all or more slowly than we expect, and our actual results may differ from our forecasts. Further, investors and securities analysts may not understand how the consumption-based portion of our business differs from the subscription-based portion of our business, and our business model may be compared to purely subscription-based business models or purely consumption-based business models. If our quarterly or annual results of operations fall below the expectations of investors and securities analysts who follow our stock, the price of our common stock could decline substantially, and we could face costly lawsuits, including securities class actions.

We operate in highly competitive markets, which could make it difficult for us to acquire and retain customers at our historic rates.

We operate in a highly competitive and dynamic industry driven by the technology needs of IT services providers, MSPs, SMBs and mid-market companies. Our industry is large and fragmented with several vendors that provide technologies used by MSPs and other IT services providers to service SMBs and mid-market companies. Our industry is large and fragmented with several vendors that provide technologies used by MSPs and other IT service providers to service SMEs. Competition in our market is based primarily on solution capabilities, including: breadth and extensibility of features and functionality; focus on and alignment on customers’ success; scalability, performance and reliability of our platform and solutions; ability to solve the technical and business problems of customers of all sizes and complexities; flexibility of deployment models, whether public or private cloud, on-premises or in a hybrid environment; continued innovation to keep pace with evolving technology requirements and the changing needs of the SMB and mid-market companies; ease of use and deployment; brand awareness and reputation among IT services providers, their technicians and other IT professionals; total cost of ownership and alignment of cost with business objectives and needs of IT services providers, MSPs, SMBs and mid-market companies; and effectiveness of sales and marketing efforts. Competition in our market is based primarily on solution capabilities, including: breadth and extensibility of features and functionality; focus on and alignment with both MSP and SME success; scalability, performance and reliability of our platform and solutions; ability to solve the technical and business problems of MSPs and customers of all sizes and complexities; flexibility of deployment models, whether public or private cloud, on-premises or in a hybrid environment; continued innovation to keep pace with evolving technology requirements and the changing needs of the SME market; ease of use and deployment; brand awareness and reputation among MSPs, their technicians and other IT professionals; total cost of ownership and alignment of cost with business objectives and needs of the MSP and SME markets; and effectiveness of sales and marketing efforts. Our customers have limited barriers to switching to a competitor’s solution from our platform if we fail to provide solutions and services that meet their needs. Our MSP partners have limited barriers to switching to a competitor’s solution from our platform if we fail to provide solutions and services that meet their needs. In addition, many of our current and potential competitors enjoy substantial competitive advantages over us, such as greater brand awareness and longer operating history, broader distribution and established relationships with IT services providers, larger sales and marketing budgets and resources, greater customer support resources, greater resources to make strategic acquisitions or enter into strategic partnerships, lower labor and development costs, larger and more mature intellectual property portfolios and substantially greater financial, technical and other resources. In addition, many of our current and potential competitors enjoy substantial competitive advantages over us, such as greater brand awareness and longer operating history, broader distribution and established relationships with MSPs, larger sales and marketing budgets and resources, greater customer support resources, greater resources to make strategic acquisitions or enter into strategic partnerships, lower labor and development costs, larger and more mature intellectual property portfolios and substantially greater financial, technical and other resources. Given their larger size, greater resources and existing customer relationships, our competitors may be able to compete and respond more effectively than we can to new or changing opportunities, technologies, standards or customer requirements.

We face competition from IT vendors focused on the MSP market which provide broad, integrated solutions that include monitoring and management, data protection, business management tools and security offerings. Examples of such vendors are Kaseya, ConnectWise and NinjaOne. Examples of such vendors are Kaseya, Datto (a Kaseya company) and ConnectWise. In addition, we compete with small to large enterprise vendors that provide solutions focused on a particular service that may be sold by IT services providers and MSPs, such as managed detection and response, extended detection and response, network monitoring, systems management, email security, remote support and data protection. In addition, we compete with small to large enterprise vendors that provide solutions focused on a particular service that may be sold by MSPs, such as network monitoring, systems management, email security, remote support and data protection. Examples of such vendors are Acronis, ArcticWolf, eSentire, ManageEngine, Proofpoint, Sophos and Veeam.

New start-up companies that innovate and large competitors, or potential competitors, that make significant investments in research and development may invent similar or superior solutions and technologies that compete with our subscriptions. In addition, some of our larger competitors, or potential competitors, have substantially broader and more diverse solutions and services offerings. This may make them less susceptible to downturns in a particular market and allow them to leverage their relationships based on other solutions or incorporate functionality into existing solutions to grow their business in a manner that discourages users from purchasing our solutions and subscriptions, including through selling at zero or negative margins, offering concessions, solutions bundling or closed technology platforms. In addition, customers that use legacy tools and services of our competitors may believe that these tools and services are sufficient to meet their IT needs or that our platform only serves the needs of a portion of the SMB and mid-market IT market. In addition, MSPs or SMEs that use legacy tools and services of our competitors may believe that these tools and services are sufficient to meet their IT needs or that our platform only serves the needs of a portion of the SME IT market. Accordingly, these organizations may continue allocating their IT budgets for such legacy tools and services and may not adopt our offerings. Further, many organizations have invested substantial personnel and financial resources to design and operate their networks and have established deep

23

---

Table of Contents

relationships with other competitive providers. As a result, these organizations may prefer to purchase from their existing suppliers rather than to add or switch to a new supplier using our solutions and services, regardless of solution performance, features or greater services offerings.

As the IT services providers industry evolves, the competitive pressure for us to innovate encompasses a wider range of services, including new offerings that require different expertise than our current offerings.As the MSP industry evolves, the competitive pressure for us to innovate encompasses a wider range of services, including new offerings that require different expertise than our current offerings. Some of our competitors have made acquisitions or entered into strategic relationships with one another to offer more competitive, bundled or integrated solution offerings and to adapt more quickly to new technologies and customer needs. Some of our competitors have made acquisitions or 22Table of Contentsentered into strategic relationships with one another to offer more competitive, bundled or integrated solution offerings and to adapt more quickly to new technologies and MSP or SME needs. We expect this trend to continue as companies attempt to strengthen or maintain their market positions in an evolving industry and as companies enter into partnerships or are acquired. Companies and alliances resulting from these possible consolidations and partnerships may create more compelling solution offerings and be able to offer more attractive pricing, making it more difficult for us to compete effectively.

These competitive pressures in our market or our failure to compete effectively may result in price reductions, decreases in net customer retention rates, reduced revenue and gross margins and loss of market share. Any failure to meet and address these factors could seriously harm our business and operating results.

Our success depends on our ability to adapt to the rapidly changing needs of IT services providers and their SMB and mid-market customers.Our success depends on our ability to adapt to the rapidly changing needs of MSP partners and their SME customers.

The SMB and mid-market IT companies IT market has grown quickly and is expected to continue to evolve rapidly. Moreover, many of our IT services providers customers and their customers operate in markets characterized by rapidly changing technologies and business plans, which require them to adopt increasingly complex networks, incorporating a variety of hardware, software applications, operating systems and networking protocols. Moreover, many of our MSP partners and their SME customers operate in markets characterized by rapidly changing technologies and business plans, which require them to adopt increasingly complex networks, incorporating a variety of hardware, software applications, operating systems and networking protocols. Our long-term growth depends on our ability to continually enhance and improve our existing offerings and develop or acquire new solutions that address the common problems encountered by technology professionals on a day-to-day basis in an evolving IT management market, including adapting to rapidly changing technologies and user preferences, adapting our offerings to evolving industry standards, predicting user preferences and industry changes in order to continue to provide value to our customers and to improve the performance and reliability of our offerings. The success of any enhancement or new solution depends on a number of factors, including its relevance to customers, changes to the form factors in technologies powering the businesses of SMBs, timely completion and introduction and market acceptance. The success of any enhancement or new solution depends on a number of factors, including its relevance to MSP partners and their SME customers, changes to the form factors in technologies powering the businesses of SMEs, timely completion and introduction and market acceptance. New solutions and enhancements that we develop or acquire may not sufficiently address the evolving needs of our existing and potential customers, may not be introduced in a timely or cost-effective manner and may not achieve the broad market acceptance necessary to generate the amount of revenue necessary to realize returns on our investments in developing or acquiring such solutions or enhancements. New solutions and enhancements that we develop or acquire may not sufficiently address the evolving needs of our existing and potential MSP partners and their SME customers, may not be introduced in a timely or cost-effective manner and may not achieve the broad market acceptance necessary to generate the amount of revenue necessary to realize returns on our investments in developing or acquiring such solutions or enhancements. If our new offerings are not successful for any reason, certain offerings in our portfolio may become obsolete, less marketable and less competitive, and our business will be harmed.

If we fail to integrate our solutions with a variety of operating systems, software applications, platforms and hardware that are developed by others or ourselves, our solutions may become less competitive or obsolete and our results of operations would be harmed.

In order to meet the needs of our customers, our solutions must integrate with a variety of network, hardware and software platforms, and we need to continuously modify and enhance our solutions to adapt to changes in hardware, software, networking, browser and database technologies.In order to meet the needs of our MSP partners, our solutions must integrate with a variety of network, hardware and software platforms, and we need to continuously modify and enhance our solutions to adapt to changes in hardware, software, networking, browser and database technologies. We believe a significant component of our value proposition to customers is the ability to optimize and configure our solutions to integrate with our systems and those of third parties. We believe a significant component of our value proposition to MSP partners is the ability to optimize and configure our solutions to integrate with our systems and those of third parties. If we are not able to integrate our solutions in a meaningful and efficient manner, whether through our inability to continue to adapt or because third parties restrict our ability to integrate with their networks, hardware or software, demand for our solutions could decrease, and our business and results of operations would be harmed.

In addition, we have a large number of solutions, and maintaining and integrating them effectively requires extensive resources. Our continuing efforts to make our solutions more interoperative may not be successful. Failure of our solutions to operate effectively with future infrastructure platforms and technologies could reduce the demand for our solutions, resulting in customer dissatisfaction and harm to our business. If we are unable to respond to changes in a cost-effective manner, our solutions may become less marketable, less competitive or obsolete and our business and results of operations may be harmed.

We have experienced substantial growth in recent years, which may not be indicative of future growth, and if we fail to manage our growth effectively, we may be unable to execute our business plan, maintain high levels of customer satisfaction or adequately address competitive challenges, and our financial performance may be adversely affected.We have experienced substantial growth in recent years, and if we fail to manage our growth effectively, we may be unable to execute our business plan, maintain high levels of customer satisfaction or adequately address competitive challenges, and our financial performance may be adversely affected.

Our business has rapidly grown, which has resulted in large increases in our number of employees, expansion of our infrastructure, new internal systems and other significant changes and additional complexities. We generated revenue of $466.1 million, $421.9 million and $371.8 million for the years ended December 31, 2024, 2023 and 2022, respectively. We generated revenue of $371.8 million, $346.5 million and $302.9 million for the years ended December 31, 2022, 2021 and 2020, respectively. While we intend to further expand our overall business, customer base and number of employees, our historical growth rate is not

24

---

Table of Contents

necessarily indicative of the growth that we may achieve in the future. The growth in our business and our management of a growing workforce and customer base that is geographically dispersed across the U.S. and internationally will require substantial management effort, infrastructure and operational capabilities. To support our growth, we must effectively transition and continue to improve our management resources and our operational and financial controls and systems, and these improvements may increase our expenses more than anticipated and result in a more complex business. To support our growth, we must effectively 23Table of Contentstransition and continue to improve our management resources and our operational and financial controls and systems, and these improvements may increase our expenses more than anticipated and result in a more complex business. We will also have to transition and anticipate the necessary expansion of our relationship management, implementation, customer support and other personnel to support our growth and achieve high levels of customer service and satisfaction. Our success will depend on our ability to complete this transition, plan for and manage this growth effectively. If we fail to complete this transition, anticipate and manage our growth, or are unable to provide high levels of customer service, our reputation, as well as our business, results of operations and financial condition, could be harmed.

Acquisitions present many risks that could have an adverse effect on our business and results of operations.

In order to expand our business and functionality of our platform, we have previously made several acquisitions and may continue making similar acquisitions and possibly larger acquisitions as part of our growth strategy, including the acquisition of Adlumin, Inc. in November 2024. The success of our future growth strategy will depend on our ability to identify, negotiate, complete and integrate acquisitions and, if necessary, to obtain satisfactory debt or equity financing to fund those acquisitions. The success of our future growth strategy will depend on our ability to identify, negotiate, complete and integrate acquisitions and, if necessary, to obtain satisfactory debt or equity financing to fund those acquisitions. Acquisitions are inherently risky and any acquisitions we complete may not be successful. Our past acquisitions and any mergers and acquisitions that we may undertake in the future involve numerous risks, including, but not limited to, the following:

•difficulties in integrating and managing the operations, personnel, systems, technologies and solutions of the companies we acquire;

•diversion of our management’s attention from normal daily operations of our business;

•our inability to maintain the key business relationships and the reputations of the businesses we acquire;

•uncertainty of entry into markets in which we have limited or no prior experience and in which competitors have stronger market positions;

•our dependence on unfamiliar affiliates, resellers, distributors and partners of the companies we acquire;

•our inability to increase revenue from an acquisition for a number of reasons, including our failure to drive demand in our existing partner base for acquired solutions and our failure to obtain sales from customers of the acquired businesses;

•increased costs related to acquired operations and continuing support and development of acquired solutions;

•liabilities or adverse operating issues, or both, including potential product errors or defects or security issues or vulnerabilities, of the businesses we acquire that we fail to discover or mitigate through due diligence or the extent of which we underestimate prior to the acquisition;

•potential goodwill and intangible asset impairment charges and amortization associated with acquired businesses;

•adverse tax consequences associated with acquisitions;

•changes in how we are required to account for our acquisitions under U.S. generally accepted accounting principles, including arrangements that we assume from an acquisition;

•potential negative perceptions of our acquisitions by customers, financial markets or investors;

•failure to obtain required approvals from governmental authorities under competition and antitrust laws on a timely basis, if at all, which could, among other things, delay or prevent us from completing a transaction, or otherwise restrict our ability to realize the expected financial or strategic goals of an acquisition;

•potential increases in our interest expense, leverage and debt service requirements if we incur additional debt to pay for an acquisition;

•our inability to apply and maintain our internal standards, controls, procedures and policies to acquired businesses; and

•potential loss of key employees of the companies we acquire.

Additionally, acquisitions or asset purchases made entirely or partially for cash may reduce our cash reserves or require us to incur additional debt under our credit facility or otherwise. We may seek to obtain additional cash to fund an acquisition by selling equity or debt securities. We may be unable to secure the equity or debt funding necessary to finance future acquisitions on terms that are acceptable to us. If we finance acquisitions by issuing equity or convertible debt securities, our existing stockholders will experience ownership dilution.

25

---

Table of Contents

The occurrence of any of these risks could have a material adverse effect on our business, results of operations, financial condition or cash flows, particularly in the case of a larger acquisition or substantially concurrent acquisitions.

We may expand our business in part through future acquisitions, but we may not be able to identify or complete suitable acquisitions, which could harm our financial performance.24Table of ContentsWe plan to expand our business in part through future acquisitions, but we may not be able to identify or complete suitable acquisitions, which could harm our financial performance.

We have previously made several acquisitions and may continue making similar acquisitions and possibly larger acquisitions as part of our growth strategy.We have previously made several acquisitions and expect to continue making similar acquisitions and possibly larger acquisitions as part of our growth strategy. However, we may be unable to implement this growth strategy if we cannot identify suitable acquisition candidates, reach agreement with acquisition targets on acceptable terms or arrange required financing for acquisitions on acceptable terms. In addition, the time and effort involved in attempting to identify acquisition candidates and consummate acquisitions may divert the attention and efforts of members of our management from the operations of our company, which could also harm our business and results of operations.

We may not be able to achieve or sustain the same level of cash flows in the future.

Our operating expenses have increased over the last several years, and we expect they may continue to increase as we hire additional personnel, expand our operations and infrastructure, both domestically and internationally, pursue acquisitions and continue to develop our platform's functionalities.We expect our operating expenses may increase over the next several years as we hire additional personnel, expand our operations and infrastructure, both domestically and internationally, pursue acquisitions and continue to develop our platform's functionalities. If our revenue does not increase to offset these increases in our operating expenses, we will not be able to achieve or maintain our historical levels of profitability in future periods. While historically our revenue has grown, in future periods, our revenue growth could slow or our revenue could decline for a number of reasons, including slowing demand for our solutions, increasing competition, a failure to gain or retain customers, a decrease in the growth of our overall market, our technology or services becoming obsolete due to technical advancements in the SMB and mid-market IT market or our failure, for any reason, to continue to capitalize on growth opportunities. While historically our revenue has grown, in future periods, our revenue growth could slow or our revenue could decline for a number of reasons, including slowing demand for our solutions, increasing competition, a failure to gain or retain MSP partners, a decrease in the growth of our overall market, our technology or services becoming obsolete due to technical advancements in the SME IT market or our failure, for any reason, to continue to capitalize on growth opportunities. As a result, our past financial performance should not be considered indicative of our future performance. Any failure by us to achieve or sustain cash flows on a consistent basis could cause us to halt our expansion, not pursue strategic business combinations, default on payments due on existing contracts, fail to continue developing our platform, solutions and services or experience other negative changes in our business.

Our operating income could fluctuate as we make future expenditures to expand our operations in order to support growth in our business, or if we fail to see the expected benefits of prior expenditures.Our operating income could fluctuate as we make future expenditures to expand our operations in order to support additional growth in our business, or if we fail to see the expected benefits of prior expenditures.

We have made significant investments in our operations to support growth, such as hiring substantial numbers of new personnel, investing in new facilities, acquiring other companies or their assets and establishing and broadening our international operations in order to expand our business. We have made substantial investments in recent years to increase our sales and marketing operations in international regions and expect to continue to invest to grow our international sales and global brand awareness. We also expect to continue to invest to grow our research and development organization, particularly internationally, such as with our new presence in India. We also expect to continue to invest to grow our research and development organization, particularly internationally. We have made multiple acquisitions in recent years and expect these acquisitions will continue to increase our operating expenses in future periods. These investments may not yield increased revenue, and even if they do, the increased revenue may not offset the amount of the investments. We may also continue to pursue acquisitions in order to expand our presence in current markets or new markets, which may increase our operating costs more than our revenue. We also expect to continue to pursue acquisitions in order to expand our presence in current markets or new markets, many or all of which may increase our operating costs more than our revenue. As a result of any of these factors, our operating income could fluctuate and may decline as a percentage of revenue relative to our prior annual periods.

Because our long-term success depends on our ability to operate our business internationally and increase sales of our solutions to our customers located outside of the United States, our business is susceptible to risks associated with international operations.Because our long-term success depends on our ability to operate our business internationally and increase sales of our solutions to our MSP partners located outside of the United States, our business is susceptible to risks associated with international operations.

We have international operations in Australia, Austria, Belarus, Canada, the Netherlands, the Philippines, Poland, Portugal, Romania and the United Kingdom.We have international operations in Australia, Austria, Belarus, Canada, the Netherlands, the Philippines, Portugal, Romania and the United Kingdom and we market and sell our solutions worldwide. Revenue from customers outside of the United States represented 51.8% of our total revenue for the fiscal year ended December 31, 2024, and as of December 31, 2024, approximately 75% of our employees were located outside of the United States. The continued international expansion of our operations requires significant management attention and financial resources and results in increased administrative and compliance costs. Our limited experience in operating our business in certain regions outside the United States increases the risk that our expansion efforts into those regions may not be successful. In particular, our business model may not be successful in particular countries or regions outside the United States for reasons that we currently are unable to anticipate. We are subject to risks associated with international sales and operations including, but not limited to:

•fluctuations in currency exchange rates in the markets where we do business, including the recently strengthened U.S. dollar, and as well as controls, regulations, and orders that might restrict our ability to repatriate cash;

•volatility, uncertainties, and recessionary pressures in the global economy or in the economies of the countries in which we operate;

26

---

Table of Contents

•the complexity of, or changes in, foreign regulatory requirements, including more stringent regulations relating to privacy and data security and the unauthorized use of, or access to, commercial and personal data, particularly in Europe;

•localization by our channel partners, including translation of our materials;

•difficulties in managing the staffing of international operations, including compliance with local labor and employment laws and regulations;

•difficulties hiring local staff, differing employer/employee relationships, and the potential need for country-specific benefits, programs, and systems;

•potentially adverse tax consequences, including the complexities of foreign value added tax systems, overlapping tax regimes, restrictions on the repatriation of earnings and changes in tax rates;

•the burdens of complying with a wide variety of foreign laws and different legal standards;

•increased financial accounting and reporting burdens and complexities;

•longer payment cycles and difficulties in collecting accounts receivable;

•longer sales cycles;

•social, economic and political instability;

•epidemics and pandemics, terrorist attacks, wars, geopolitical conflicts, disputes and security concerns in general;

•reduced or varied protection for intellectual property rights in some countries;

•the risk of increased exposure to potential cyber attacks, theft or compromise of our systems, security, data, proprietary or confidential information or intellectual property as a result of our international operations, whether by state-sponsored malfeasance or other foreign entities or individuals;

•laws and policies of the U.S. and other jurisdictions affecting international trade (including import and export control laws, tariffs and trade barriers), such as tariff schemes recently imposed or proposed by the U.S.;

•the risk of U.S. regulation of foreign operations; and

•other factors beyond our control such as natural disasters.

The occurrence of any one of these risks could negatively affect our international business and, consequently, our operating results. We cannot be certain that the investment and additional resources required to establish, acquire or integrate operations in other countries will produce desired levels of revenue or profitability. If we are unable to effectively manage our expansion into additional geographic markets, our financial condition and results of operations could be harmed.

In particular, we operate much of our research and development activities internationally and outsource a portion of the coding and testing of our solutions and solutions enhancements to contract development vendors. We believe that performing research and development in our international facilities and supplementing these activities with our contract development vendors enhances the efficiency and cost-effectiveness of our solution development. For example, although our presence in Belarus has been substantially reduced since 2022, we have research and development facilities located in Belarus, which has experienced numerous public protest activities and civil unrest since the presidential election in early August 2020, with active government and police-force intervention. We also engage third party contractors that have a limited number of employees that reside in the Ukraine. In addition, we generated a de minimis amount of revenue from customers located in Ukraine during the years ended December 31, 2024 and 2023, and Russia and Ukraine during the year ended December 31, 2022. The extent and duration of the instability in the region, and any related risk to our operations, remains uncertain, and may be further exacerbated by the ongoing presence of Russian forces in Belarus and the participation of Belarus in the Russia-Ukraine conflict. In addition, we generated a de minimis amount of revenue from customers located in Russia, Belarus and Ukraine in 2022 and 2021. The extent and duration of the instability in the region, and any related risk to our operations, remains uncertain, and may be further exacerbated by the ongoing presence of Russian forces in Belarus and the participation of Belarus in the Russia-Ukraine conflict. To date, intermittent communications and mobile internet outages have occasionally occurred in Belarus, and the United States, the European Union and various other nations have imposed economic and trade sanctions and export control restrictions against multiple Belarusian officials and entities. To date, intermittent communications and mobile internet outages have occasionally occurred in Belarus, and the United States and European Union has issued economic sanctions against specific Belarusian officials and entities. The ongoing impact of these measures, as well as any further retaliatory actions, is uncertain and may pose security risks to our people, our facilities, our technology systems and our operations, as well as to the local infrastructure, such as utilities and network services, upon which our local teams rely and adversely affect our ability to continue to do business in the region. However, the situation in the region is rapidly evolving as a result of the developing Russia-Ukraine conflict, and such events, as well as similar unrest or hostilities in other countries, may pose security risks to our people, our facilities, our technology systems and our operations, as well as to the local infrastructure, such as utilities and network services, upon which our local teams rely. While we have risk mitigation efforts in place, the realization of any of these risks could adversely affect our product development, operations, business and/or financial results and may require us to shift our research and development activities to other jurisdictions, which may result in delays in our development cycle and the incurrence of additional costs. The disruption in the region also could adversely affect our suppliers, partners and customers, which could result in negative impacts to our business and results of operations. Whether in these countries or in others in which we operate, civil unrest, political instability or uncertainty, military activities, or broad-based sanctions, should they continue for the long term or escalate, could expose us to the risks noted above, as well as numerous

27

---

Table of Contents

other risks, and require us to re-balance our geographic concentrations, any or all of which could have an adverse effect on our operations, business and financial condition.

If one or more of these risks occurs, it could require us to dedicate significant resources to remedy, and if we are unsuccessful in finding a solution, our financial results could suffer.

We have faced, and may continue to face, exposure to foreign currency exchange rate fluctuations.

We have transacted in foreign currencies and expect to transact in foreign currencies in the future. In addition, we maintain assets and liabilities that are denominated in currencies other than the functional operating currencies of our global entities. Accordingly, changes in the value of foreign currencies relative to the U.S. dollar will affect our revenue and operating results due to transactional and translational remeasurement that is reflected in our earnings. As a result of such foreign currency exchange rate fluctuations, which have been prevalent over recent periods, it could be more difficult to detect underlying trends in our business and results of operations. As a result, we may be required or choose to reduce our prices or otherwise change our pricing model, which could adversely affect our business, operating results and financial condition. In addition, to the extent that fluctuations in currency exchange rates cause our results of operations to differ from our expectations or the expectations of our investors, the trading price of our common stock could be adversely affected. We do not currently maintain a program to hedge transactional exposures in foreign currencies. However, in the future, we may use derivative instruments, such as foreign currency forward and option contracts, to hedge certain exposures to fluctuations in foreign currency exchange rates.

We resell third-party software and integrate third-party software into our solutions that may be difficult to replace or that could cause errors or failures of our solutions and lead to a loss of customers or harm to our reputation and our operating results.

In order to provide our IT services provider customers with additional functionality on our platform, we often partner with best-of-breed technology developers through license arrangements to use their software in our offerings.In order to provide our MSP partners with additional functionality on our platform, we often partner with best-of-breed technology developers through license arrangements to use their software in our offerings. We also resell certain third-party products as part of our full product offering. In the future, this software may not be available to us on commercially reasonable terms, or at all. Any loss of the right to use any of the software could result in decreased sales or decreased functionality of our solutions until equivalent technology is either developed by us or, if available from another provider, is identified, obtained and integrated, which could harm our business. Any loss of the right to use any of the software could result in decreased functionality of our solutions until equivalent technology is either developed by us or, if available from another provider, is identified, obtained and integrated, which could harm our business. In addition, any errors or defects in or failures of the third-party software could result in errors or defects in our solutions, cause our solutions to fail or increase our exposure to cyberattacks, any or all of which could harm our business and be costly to correct. Many of these providers attempt to impose limitations on their liability for such errors, defects or failures, and if enforceable, we may have additional liability to our customers or third-party providers that could harm our reputation and increase our operating costs. If we are required to replace such third-party software with new third-party software, such change may require significant work and require substantial investment of our time and resources. If we are unable to maintain licenses to software necessary to operate our business, or if third-party software that we use contains errors or defects, our costs may increase, or the services we provide may be harmed, which would adversely affect our business.

Interruptions or performance problems associated with our internal infrastructure and its reliance on third-party technologies may adversely affect our ability to manage our business and meet reporting obligations.Interruptions or performance problems associated with our internal infrastructure and its reliance on technologies from third parties may adversely affect our ability to manage our business and meet reporting obligations.

Currently, we use NetSuite to manage our order management and financial processes, salesforce.com to track our sales and marketing efforts and other third-party vendors to manage online marketing and web services. We also use third-party vendors to manage our equity compensation plans and certain aspects of our financial reporting processes. We believe the availability of these services is essential to the management of our high-volume, transaction-oriented business model. As we expand our operations, we expect to utilize additional systems and service providers that may also be essential to managing our business. Although the systems and services that we require are typically available from a number of providers, it is time-consuming and costly to qualify and implement these relationships. Therefore, if one or more of our providers suffer an interruption in their business, or experience delays, disruptions or quality-control problems in their operations, or we have to change or add additional systems and services, our ability to manage our business and produce timely and accurate financial statements would suffer.

Interruptions or performance problems associated with third-party cloud-based systems that we depend on for development or distribution of our solutions may adversely affect our business, operating results, and financial condition.Interruptions or performance problems associated with our internal infrastructure and its reliance on technologies from third parties may adversely affect our ability to manage our business and meet reporting obligations.

We currently host certain of our solutions, and expect to increasingly host our solutions, on cloud infrastructure hyperscaler providers, such as AWS and Azure. In these cases, our solutions reside on hardware operated by these providers. Our operations depend on protecting the virtual cloud infrastructure hosted by a hyperscaler by maintaining its configuration, architecture, features, and interconnection specifications, as well as the information stored in these virtual data centers and which third-party internet service providers transmit. Although we have disaster recovery plans, including the use of multiple hyperscaler locations, any incident affecting a hyperscaler’s infrastructure that may be caused by fire, flood, severe storm, earthquake, or other natural disasters, actual or threatened public health emergencies, cyber-attacks, terrorist or other attacks, and other similar events beyond our control could negatively affect our platform and our ability to deliver our solutions to our customers. Any prolonged hyperscaler service disruption affecting our SaaS platform would negatively impact our ability to

28

---

Table of Contents

serve our customers and could damage our reputation with current and potential customers, expose us to liability, cause us to lose customers, or otherwise harm our business. We may also incur significant costs for using alternative equipment or taking other actions in preparation for, or in reaction to, events that damage the hyperscaler services we use.

Hyperscalers have the right to terminate our agreements with them upon material uncured breach following prior written notice. If any of our hyperscaler service agreements are terminated, or there is a lapse of service, we would experience interruptions in access to our platform as well as significant delays and additional expense in arranging new facilities and services and/or re-architecting our solutions for deployment on a different cloud infrastructure, which would adversely affect our business, operating results, and financial condition.

Interruptions or performance problems associated with our solutions, including disruptions at any third-party data centers upon which we rely, may impair our ability to support our IT services provider customers.

Our continued operations depend substantially on the ability of our existing and potential customers to access our websites, software or cloud-based solutions within an acceptable amount of time.Our continued growth depends in part on the ability of our existing and potential MSP partners to access our websites, software or cloud-based solutions within an acceptable amount of time. We have experienced, and may in the future experience, service disruptions, outages and other performance problems due to a variety of factors, including infrastructure changes, human or software errors, capacity constraints due to an overwhelming number of users accessing our website simultaneously and denial of service or fraud or security attacks. In some instances, we may not be able to identify the cause or causes of these website performance problems within an acceptable period of time. It may become increasingly difficult to maintain and improve our website performance, especially during peak usage times and as our user traffic increases. If our websites are unavailable or if our customers are unable to access our software or cloud-based solutions within a reasonable amount of time or at all, our business would be negatively affected. If our websites are unavailable or if our MSP partners are unable to access our software or cloud-based solutions within a reasonable amount of time or at all, our business would be negatively affected. Additionally, our data centers and networks and third-party data centers and networks may experience technical failures and downtime, may fail to distribute appropriate updates, or may fail to meet the increased requirements of a growing customer base.

We provide certain of our solutions through third-party data center hosting facilities located in the United States and other countries. While we control and have access to our servers and all of the components of our network that are located in such third-party data centers, we do not control the operation of these facilities. Following expiration of the current agreement terms, the owners of the data center facilities have no obligation to renew their agreements with us on commercially reasonable terms, or at all. If we are unable to renew these agreements on commercially reasonable terms, or if one of our data center operators is acquired, we may be required to transfer our servers and other infrastructure to new data center facilities, and we may incur significant costs and possible service interruptions in connection with doing so.

Material defects, errors or vulnerabilities in our solutions, the failure of our solutions to block malware or prevent a security breach, misuse of our solutions, or risks of product liability claims could harm our reputation, result in significant costs to us and impair our ability to sell our solutions.

Our solutions, including those we resell, are multi-faceted and may be deployed with material defects, software “bugs” or errors that are not detected until after their commercial release and deployment to our customers. From time to time, certain of our customers have reported defects in our solutions related to performance, scalability, and compatibility. Our solutions also provide our customers with the ability to customize a multitude of settings, and it is possible that a customer could misconfigure our solutions or otherwise fail to configure our products in an optimal manner. Such defects and misconfigurations of our solutions could cause our platform to operate at suboptimal efficacy, cause it to fail to secure customers’ computing environments and detect and block threats, or temporarily interrupt the functionality of our customers’ endpoints. We also make frequent updates to our solutions, which may fail, resulting in temporary vulnerability that increases the likelihood of a material defect.

In addition, because the techniques used by computer hackers to access or sabotage target computing environments change frequently and generally are not recognized until launched against a target, there is a risk that an advanced attack could emerge that our solutions are unable to detect or prevent. Furthermore, as a well-known provider of solutions for IT services providers, including cloud-based technology, who in turn service a large number of SMBs, we and our customers could be targeted by attacks specifically designed to disrupt our business and harm our reputation or the business and reputation of our customers and their SMB and mid-market customers. In addition, defects or errors in our solutions could result in a failure to effectively update customers’ cloud-based products. Our data centers and networks may experience technical failures and downtime, may fail to distribute appropriate updates, or may fail to meet the increased requirements of a growing customer base, any of which could temporarily or permanently expose our customers’ computing environments, leaving their computing environments unprotected against cyber threats. If we are unable to renew these agreements on commercially reasonable terms, or if one of our data center operators is acquired, we may be required to transfer our servers and other infrastructure to new data center facilities, and we may incur significant costs and possible service interruptions in connection with doing so. Any of these situations could result in negative publicity to us, damage our reputation and

29

---

Table of Contents

increase expenses and customer relations issues, and expose us to investigations, liabilities and other costs and negative consequences, all of which would adversely affect our business, financial condition, and operating results.

Advances in computer capabilities, discoveries of new weaknesses and other developments with software generally used by the IT services provider community may increase the risk we will suffer a security breach. Furthermore, our platform may fail to detect or prevent malware, ransomware, viruses, worms or similar threats for any number of reasons, including our failure to enhance and expand our solutions to reflect industry trends, new technologies and new operating environments, the complexity of the environment of our customers and the sophistication of malware, viruses and other threats. Our solutions may fail to detect or prevent threats in any particular test for a number of reasons. We or our service providers may also suffer security breaches or unauthorized access to personal information, financial account information, and other confidential information due to customer error, rogue customer employee activity, unauthorized access by third parties acting with malicious intent or who commit an inadvertent mistake or social engineering. If we experience, or our service providers experience, any breaches of security measures or sabotage or otherwise suffer unauthorized use or disclosure of, or access to, personal information, financial account information or other confidential information, we might be required to expend significant capital and resources to address these problems. Therefore, if one or more of our providers suffer an interruption in their business, or experience delays, disruptions or quality-control problems in their operations, or we have to change or add additional systems and services, our ability to manage our business and produce timely and accurate financial statements would suffer. We may not be able to remedy any problems caused by hackers or other similar actors in a timely manner, or at all. When faced with defects or errors, we will need to provide high-quality support to our customers during remediation efforts.When faced with defects or errors, we will need to provide high-quality support to our MSP partners during remediation efforts. If our customers are dissatisfied with our support or we otherwise fail to handle complaints effectively, our brand and reputation may suffer. If our MSP partners are dissatisfied with our support or we otherwise fail to handle complaints effectively, our brand and reputation may suffer. To the extent potential customers, industry analysts or testing firms believe that the failure to detect or prevent any particular threat is a flaw or indicates that our solutions not provide significant value, our reputation and business would be harmed.

Any real or perceived defects, errors or vulnerabilities in our solutions could result in:

•lost or delayed market acceptance and sales of our solutions;

•a reduction in subscription or maintenance renewals;

•diversion of development resources;

•increased likelihood of a cyberattack;

•legal claims; and

•injury to our reputation and our brand.

Any inability to maintain a high-quality customer support organization could lead to a lack of customer satisfaction, which could hurt our customer relationships and adversely affect our business, operating results, and financial condition.

We support our customers by offering partner success strategies designed to help them better manage their own businesses, deliver service offerings powered by our platform and grow their customer bases. If we do not effectively and successfully execute our partner success strategies, our ability to sell additional solutions to existing customers would be adversely affected and our reputation with potential customers could be damaged.

In addition, our sales process is highly dependent on our product and business reputation and on positive recommendations, referrals, and peer promotions from our existing customers. Any failure to maintain high-quality partner support, or a market perception that we do not maintain high-quality support, could adversely affect our reputation, our ability to sell our solutions to existing and prospective customers, and our business, operating results and financial condition.

If we fail to maintain or grow our brands, our financial condition and operating results might suffer.If we fail to develop and maintain our brand, our financial condition and operating results might suffer.

We believe that developing, maintaining and growing awareness and integrity of our brand in a cost-effective manner are important to achieving widespread acceptance of our existing and future offerings and are important elements in attracting new customers.We believe that developing and maintaining awareness and integrity of our brand in a cost-effective manner are important to achieving widespread acceptance of our existing and future offerings and are important elements in attracting new MSP partners. In addition, during 2021, we changed our brand from “SolarWinds MSP” to “N-able,” which may have resulted in the loss of customer recognition and may have adversely affected our business and profitability. In addition, during 2021, we changed our brand from the “SolarWinds MSP” to “N-able,” which may have resulted in the loss of customer recognition and may have adversely affected our business and profitability. We believe that the importance of brand recognition will increase as we enter new markets and as competition in our existing markets further intensifies. Successful promotion of our brands will depend on the effectiveness of our marketing efforts and on our ability providing reliable and useful solutions at competitive prices. We intend to increase our expenditures on brand promotion. Brand promotion activities may not yield increased revenue, and even if they do, the increased revenue may not offset the expenses we incur in building our brands. We also rely on our customer base and their SMB and mid-market customers in a variety of ways, including giving us feedback on our offerings and to provide user-based support to our other customers through our Head Nerds program. We also rely on our MSP partner base and their SME customers in a variety of ways, including to give us feedback on our offerings and to provide user-based support to our other customers through our Head Nerds program. If poor advice or misinformation regarding our solutions is spread among users of our Head Nerds program, it could adversely affect our reputation, our financial results and our ability to promote and maintain our brands. If we fail to promote and maintain our brands successfully, fail to maintain loyalty among our customers and their SMB and mid-market customers,

30

---

Table of Contents

or incur substantial expenses in an unsuccessful attempt to introduce, promote and maintain our brands, we may be unable to attract new customers, retain our existing customers and our financial condition and results of operations could be harmed. Additionally, if our customers do not use or ineffectively use our solutions to serve their end customers, our reputation and ability to grow our business may be harmed. Additionally, if our MSP partners do not use or ineffectively use our solutions to serve their end customers, our reputation and ability to grow our business may be harmed.

In November 2024, we acquired Adlumin, Inc. Prior to the acquisition we marketed Adlumin’s managed detection and response (“MDR”) solution as “N-able MDR.” As we integrate Adlumin into our business, we may utilize the Adlumin brand name for our XDR or MDR solutions, sell such solutions under the N-able brand or some combination of the two. The transition to or from the Adlumin brand name may cause confusion or lack of brand recognition for these solutions, which could negatively impact our business and profitability. If we fail to integrate the Adlumin brand successfully, fail to maintain loyalty among legacy Adlumin customers, or incur substantial expenses in an unsuccessful attempt to introduce, promote and maintain the Adlumin brand, we may be unable to attract new customers for our XDR or MDR solutions or retain existing customers of these solutions, and our financial condition and results of operations could be harmed. If we fail to introduce our new brand, promote and maintain our brands unsuccessfully, fail to maintain loyalty among our MSP partners and their SME customers, or incur substantial expenses in an unsuccessful attempt to introduce, promote and maintain our brands, we may fail to attract new MSP partners or retain our existing MSP partners and our financial condition and results of operations could be harmed.

If we are unable to capture significant volumes of high quality sales opportunities from our digital marketing initiatives, it could adversely affect our revenue growth and operating results.

Our digital marketing program is designed to efficiently and cost-effectively drive a high volume of website traffic and deliver high quality opportunities, which are often trials of our solutions, to our sales teams. We drive website traffic and capture opportunities through events such as roadshows, partner events, and trade shows, as well as through various digital marketing initiatives, including SEO, targeted email campaigns, localized websites, social media, e-book distribution, video content, blogging and webinars. We drive website traffic and capture opportunities through events such as roadshows, partner events, and trade shows, as well as through various digital marketing initiatives, including search engine optimization (“SEO”), targeted email campaigns, localized websites, social media, e-book distribution, video content, blogging and webinars. If we fail to drive a sufficient amount of website traffic or capture a sufficient volume of high quality sales opportunities from these activities, our revenue may not grow as expected or could decrease. In addition, if either our customer success efforts or the efforts of our distributors fail to generate sufficient sales leads, our revenue may not grow as expected. If these activities are unsuccessful, we may be required to increase our sales and marketing expenses, which may not be offset by additional revenue and could adversely affect our operating results.

Our digital marketing initiatives may be unsuccessful in driving high volumes of website traffic and generating trials of our solutions, resulting in fewer high quality sales opportunities, for a number of reasons. For example, technology professionals often find our solutions when they are online searching for a solution to address a specific need. Search engines typically provide two types of search results, algorithmic and purchased listings, and we rely on both. The display, including rankings, of unpaid search results can be affected by a number of factors, many of which are not in our direct control, and may change frequently. Our SEO techniques have been developed to work with existing search algorithms used by the major search engines. However, major search engines frequently modify their search algorithms and such modifications could cause our websites to receive less favorable placements, which could reduce the number of technology professionals who visit our websites. In addition, websites must comply with search engine guidelines and policies that are complex and may change at any time. If we fail to follow such guidelines and policies properly, search engines may rank our content lower in search results or could remove our content altogether from their indexes. If we 28Table of Contentsfail to follow such guidelines and policies properly, search engines may rank our content lower in search results or could remove our content altogether from their indexes. If our websites are displayed less prominently, or fail to appear in search result listings in response to search inquiries regarding observability, IT monitoring and management, backup, data recovery, or security problems through Internet search engines for any reason, our website traffic could significantly decline, requiring us to incur increased marketing expenses to replace this traffic. If our websites are displayed less prominently, or fail to appear in search result listings in response to search inquiries regarding IT management problems through Internet search engines for any reason, our website traffic could significantly decline, requiring us to incur increased marketing expenses to replace this traffic. Any failure to replace this traffic could reduce our revenue.

In addition, the success of our digital marketing initiatives depends in part on our ability to collect customer data and communicate with existing and potential customers online and through phone calls. As part of the solution evaluation trial process and during our sales process, most of our customers agree to receive emails and other communications from us. As part of the solution evaluation trial process and during our sales process, most of our MSP partners agree to receive emails and other communications from us. We also use tracking technologies, including cookies and related technologies, to help us track the activities of the visitors to our websites. However, as discussed in greater detail below, we are subject to a wide variety of data privacy and security laws and regulations in the United States and internationally that affect our ability to collect and use customer data and communicate with customers through email and phone calls. Many jurisdictions have proposed or adopted laws that restrict or prohibit unsolicited email or “spam” or regulate the use of cookies, including the European Union’s General Data Protection Regulation. Several jurisdictions have proposed or adopted laws that restrict or prohibit unsolicited email or “spam” or regulate the use of cookies, including the European Union’s General Data Protection Regulation. These laws and regulations may impose significant monetary penalties for violations and complex and often burdensome requirements in connection with sending commercial email or other data-driven marketing practices. These new laws and regulations may impose significant monetary penalties for violations and complex and often burdensome requirements in connection with sending commercial email or other data-driven marketing practices. As a result, we may be required to modify or discontinue our existing marketing practices, which could increase our marketing costs. As a result of such regulation, we may be required to modify or discontinue our existing marketing practices, which could increase our marketing costs.

We may need to reduce or change our pricing model to remain competitive.

We generally price our subscriptions on a per-device or per-user basis with pricing based on volume tiers. We may increasingly rely on a bundled pricing model. We have changed our pricing model from time to time, and may have to do so in the future. We believe that our price increase in 2023 may have adversely affected our business, and future increases may also adversely affect our business, operating results and financial condition. At the same time, as new or existing competitors introduce tools that compete with ours or reduce their prices, we may be unable to attract new customers or retain existing customers. As new or existing competitors introduce tools that compete with ours or reduce their prices, we may be unable to attract new customers or retain existing customers. We also must determine the appropriate price to enable us to compete effectively internationally. As a result, we

31

---

Table of Contents

may be required or choose to reduce our prices or otherwise further change our pricing model, which could adversely affect our business, operating results and financial condition.

We have benefited from growth in the market for SMB and mid-market IT spending, and lack of continued growth or contraction in this market could have an adverse effect on our results of operations and financial condition.

As SMBs and mid-market companies invest in technology and their needs for continuous availability, performance and security grow, they have been increasingly relying on MSPs to manage these aspects of their businesses.As SMEs invest in technology and their needs for continuous availability, performance and security grow, they have been increasingly relying on MSPs to manage these aspects of their businesses. In addition to MSPs, other IT services providers, such as value-added resellers, systems integrators, IT consultants and data center operators, have also adopted a managed services model. In addition to MSPs, other IT service providers, such as value-added resellers, systems integrators, IT consultants and data center operators, have also adopted a managed services model. While we have benefited from the growth in SMB and mid-market spending on IT and the rise of the managed IT services model, the market is dynamic and evolving. While we have benefited from the growth in SME spending on IT and the rise of the managed IT services model, the market is dynamic and evolving. Our future financial performance will depend in large part on continued growth in both spending by SMBs and demand from SMBs for MSPs and IT services providers to provide oversight, management and security of their IT systems and devices. Our future financial performance will depend in large part on continued growth in both spending by SMEs and demand from SMEs for MSPs to provide oversight, management and security of their IT systems and devices. If this market fails to grow or grows more slowly than we currently anticipate, our results of operations and financial condition could be adversely affected.

The ability to recruit, retain and develop key employees and management personnel is critical to our success and growth, and our inability to attract and retain qualified personnel could harm our business.

Our business requires certain expertise and intellectual capital, particularly within our management team. We rely on our management team in the areas of operations, security, marketing, sales, research and development, support and general and administrative functions. We rely on our management team in the areas of operations, security, marketing, sales, support and general and administrative functions. The loss of one or more of our members of the management team could have a material adverse effect on our business.

For us to compete successfully and grow, we must retain, recruit and develop key personnel who can provide the needed expertise for our industry and solutions. As we move into new geographic areas, we will need to attract, recruit and retain qualified personnel in those locations. In addition, although acquisitions are part of our growth strategy, we could lose key personnel of the acquired businesses. The market for qualified personnel is competitive, and we may not succeed in retaining or recruiting key personnel or may fail to effectively replace current key personnel who depart with qualified or effective successors. We believe that replacing our key personnel with qualified successors is particularly challenging as we feel that our evolving business model and approach to marketing and selling our solutions are unique. We believe that replacing our key personnel with qualified successors is particularly challenging as we feel that our business model and approach to marketing and selling our solutions are unique. Any successors that we hire from outside of the company would likely be unfamiliar with our business model and may therefore require significant time to understand and appreciate the important aspects of our business or fail to do so altogether, or we may lose new employees to our competitors or other technology companies before we realize the benefit of our investment in recruiting and training them. Any successors that we hire from outside of the company would likely be unfamiliar with our business model and may therefore require significant time to understand and appreciate the important aspects of our business or fail to do so altogether. Our effort to retain and develop personnel may also result in significant additional expenses, including stock-based compensation expenses, which could adversely affect our profitability. New regulations and volatility or lack of performance in our stock price could also affect the value of our equity awards, which could affect our ability to attract and retain our key employees. Further, if efforts around diversity, equality and belonging are perceived as insufficient or overdone, we may not be able to attract and retain talent, we may be subject to investigations, litigation and other proceedings and our brand and reputation and stock price may be harmed.

We have made changes, and may make additional changes in the future, to our senior management team and other key personnel. Leadership transitions can be inherently difficult to manage, and an inadequate transition may cause disruption to our business. In addition, we cannot provide assurances that key personnel, including our executive officers, will continue to be employed by us or that we will be able to attract and retain qualified personnel in the future. We cannot provide assurances that key personnel, including our executive officers, will continue to be employed by us or that we will be able to attract and retain qualified personnel in the future. Failure to retain or attract key personnel could have an adverse effect on our business.

Our results of operations can be adversely affected by labor shortages, turnover and labor cost increases.29Table of ContentsOur results of operations can be adversely affected by labor shortages, turnover and labor cost increases.

Labor is a primary component of operating our business. A number of factors may adversely affect the labor force available to us or increase labor costs from time to time, including high employment levels, federal unemployment subsidies, and other government regulations. Although we have not experienced any material disruptions due to labor shortages to date, we have observed an overall tightening and increasingly competitive labor market. A sustained labor shortage or increased turnover rates within our employee base, whether as a result of general macroeconomic or other factors, could lead to increased costs, such as increased wage rates to attract and retain employees, and could negatively affect our ability to efficiently operate our business. A sustained labor shortage or increased turnover rates within our employee base, whether caused by COVID-19 or as a result of general macroeconomic factors, could lead to increased costs, such as increased wage rates to attract and retain employees, and could negatively affect our ability to efficiently operate our business. If we are unable to hire and retain employees capable of performing at a high level, or if mitigation measures we may take to respond to a decrease in labor availability, such as third-party outsourcing, have unintended negative effects, our business could be adversely affected. An overall labor shortage, lack of skilled labor, increased turnover or labor inflation could have a material adverse impact on our operations, results of operations, liquidity or cash flows. An overall labor shortage, lack of skilled labor, increased turnover or labor inflation, caused by COVID-19 or as a result of general macroeconomic factors, could have a material adverse impact on our operations, results of operations, liquidity or cash flows.

If we cannot maintain our corporate culture as we grow, our business may be harmed.

We believe that our corporate culture has been, and will continue to be, a critical component to our success and that our culture creates an environment that drives our employees and perpetuates our overall business strategy.We believe that our corporate culture has been a critical component to our success and that our culture creates an environment that drives our employees and perpetuates our overall business strategy. We have invested

32

---

Table of Contents

substantial time and resources in building our team and we expect to continue to hire aggressively as we expand, including with respect to our international operations. As we grow and mature as a public company and grow further internationally, we may find it difficult to maintain the parts of our corporate culture that have led to our success. Any failure to preserve our culture could negatively affect our future success, including our ability to recruit and retain personnel and effectively focus on and pursue our business strategy.

Adverse economic conditions may negatively affect our business.

Our business depends on the overall demand for information technology and on the economic health of our current and prospective customers. Any significant weakening of the economy in the United States, Europe, Asia, Australia and of the global economy, more limited availability of credit, a reduction in business confidence and activity, decreased government spending, economic uncertainty and other difficulties may affect one or more of the sectors or countries in which we sell our solutions. Global economic and political uncertainty may cause some of our IT services provider customers or potential customers, or their SMB and mid-market customers, to curtail spending generally or IT management spending specifically, and may ultimately result in new regulatory and cost challenges to our international operations. Global economic and political uncertainty may cause some of our MSP partners or potential MSP partners, or their SME customers, to curtail spending generally or IT management spending specifically, and may ultimately result in new regulatory and cost challenges to our international operations. In addition, a strong dollar could reduce demand for our solutions in countries with relatively weaker currencies. Inflation recently increased at the highest rate in four decades in the United States amid a slowing economy and there are numerous indicators suggesting a potential economic recession in the United States and other regions of the world. Any such conditions could result in reductions in subscriptions, reduction of consumption of our services, longer sales cycles, slower adoption of new technologies and increased price competition. These adverse conditions could result in reductions in subscriptions, reduction of consumption of our services, longer sales cycles, slower adoption of new technologies and increased price competition. Any of these events could have an adverse effect on our business, operating results and financial position.

Climate change may have a long-term negative impact on our business.

Risks related to climate change may have an increasingly adverse impact on our business and those of our customers, their end users and our suppliers in the longer term.Risks related to rapid climate change may have an increasingly adverse impact on our business and those of our MSP partners and suppliers in the longer term. Our business operations are subject to interruption by natural disasters, floods, fire, power shortages, pandemics, terrorism, political unrest, cyberattacks, infrastructure disruptions, geopolitical instability, war, the effects of climate change and other events beyond our control. Climate-related events, including the increasing frequency of extreme weather events and their impact on regional short-term systemic failures in the U.S. and elsewhere, have the potential to disrupt our business, our third-party vendors, and/or the business of our customers and their customers, and may cause us to experience higher attrition, losses and additional costs to maintain and resume operations. If new laws are enacted, or current laws are modified in countries in which we or our suppliers operate, we could face increased costs to comply with these laws. These costs may be incurred across various levels of our supply chain to comply with new environmental regulations, taxes and penalties, which could cause us to incur increased costs to satisfy service obligations to customers. In addition, we may be subject to increased regulations, reporting requirements and standards, or expectations regarding the environmental impacts of our business, which may result in increased compliance costs, and any untimely or inaccurate disclosure could adversely affect our reputation, business or financial performance. We are also required to make mandatory prepayments of the obligations under our credit facility in certain circumstances, including upon certain asset sales or receipt of certain insurance proceeds or condemnation awards, upon certain issuances of debt, and, annually, with a portion of our excess cash flow.

Exposure related to any future litigation could adversely affect our results of operations, profitability and cash flows.

From time to time, we have been and may be involved in various legal proceedings and claims arising in our ordinary course of business. At this time, neither we nor any of our subsidiaries is a party to, and none of our respective property is the subject of, any material legal proceeding. However, the outcomes of legal proceedings and claims brought against us are subject to significant uncertainty. Future litigation may result in a diversion of management’s attention and resources, significant costs, including monetary damages and legal fees, and injunctive relief, and may contribute to current and future stock price volatility. No assurance can be made that future litigation will not result in material financial exposure or reputational harm, which could have a material adverse effect upon our results of operations, profitability or cash flows.

In particular, the software and technology industries are characterized by the existence of a large number of patents, copyrights, trademarks and trade secrets and by frequent litigation based on allegations of infringement or other violations of intellectual property rights. We have received, and from time to time may receive, letters claiming that our solutions infringe or may infringe the patents or other intellectual property rights of others. As we face increasing competition and as our brand awareness increases, the possibility of additional intellectual property rights claims against us grows. Our technologies may not be able to withstand any third-party claims or rights against their use. Additionally, we have licensed from other parties proprietary technology covered by patents and other intellectual property rights, and these patents or other intellectual property rights may be challenged, invalidated or circumvented. These types of claims could harm our relationships with our customers, might deter future customers from acquiring our solutions or could expose us to litigation with respect to these claims. These types of claims could harm our relationships with our MSP partners, might deter future MSP partners from acquiring our solutions or could expose us to litigation with respect to these claims. Even if we are not a party to any litigation between a customer and a third party, an adverse outcome in that litigation could make it more difficult for us to defend our intellectual property in any subsequent litigation in which we are named as a party. Any of these results would have a negative effect on our business and operating results.

Any intellectual property rights claim against us or our customers, with or without merit, could be time-consuming and expensive to litigate or settle and could divert management resources and attention.Any intellectual property rights claim against us or our MSP partners, with or without merit, could be time-consuming and expensive to litigate or settle and could divert management resources and attention. As a result of any successful intellectual

33

---

Table of Contents

property rights claim against us or our customers, we might have to pay damages or stop using technology found to be in violation of a third party’s rights, which could prevent us from offering our solutions to our customers. We could also have to seek a license for the technology, which might not be available on reasonable terms, might significantly increase our cost of revenue or might require us to restrict our business activities in one or more respects. The technology also might not be available for license to us at all. As a result, we could also be required to develop alternative non-infringing technology or cease to offer a particular solutions, which could require significant effort and expense and/or hurt our revenue and financial results of operations.

Our exposure to risks associated with the use of intellectual property may be increased as a result of our past and any future acquisitions as we have a lower level of visibility into the development process with respect to acquired technology or the care taken to safeguard against infringement risks. Third parties may make infringement and similar or related claims after we have acquired technology that had not been asserted prior to our acquisition.

Our actual operating results may differ significantly from information we may provide regarding our financial outlook.Our actual operating results may differ significantly from information we may provide in the future regarding our financial outlook.

From time to time, we provide information regarding our financial outlook in our quarterly earnings releases, quarterly earnings conference calls, or otherwise, that represents our management’s estimates or expectations at that time. Information we provide regarding our financial outlook is based on projections prepared by our management that are dependent upon a number of assumptions and estimates that, while presented with numerical specificity, are inherently subject to significant business, economic and competitive uncertainties and contingencies, many of which are beyond our control, and may be based upon specific assumptions with respect to future business decisions, which may change. We typically state possible outcomes as high and low ranges, which are intended to provide a sensitivity analysis as variables are changed, but are not intended to represent that actual results could not fall outside of the suggested ranges. We provide such information as a basis for our management to discuss our business outlook with analysts and investors. We do not accept any responsibility for any projections or reports published by analysts, if any.

Information regarding our financial outlook is necessarily speculative in nature, and it can be expected that some or all of the assumptions underlying such information furnished by us will not materialize or will vary significantly from actual results. Accordingly, information that we provide regarding our financial outlook is only an estimate of what management believes is realizable at that time. Accordingly, information that we may provide regarding our financial outlook will only be an estimate of what management believes is realizable as of the date of release. Actual results may vary from our financial outlook, and the variations may be material and adverse. Actual results will vary from our financial outlook, and the variations may be material and adverse. In light of the foregoing, investors are urged to consider these factors, not to rely exclusively upon information we provide regarding our financial outlook in making an investment decision regarding our common stock, and to take such information into consideration only in conjunction with other information included in our filings filed with or furnished to the SEC, including the “Risk Factors” sections in such filings. In light of the foregoing, investors are urged to consider these factors, not to rely exclusively upon information we may provide regarding our financial outlook in making an investment decision regarding our common stock, and to take such information into consideration only in connection with other information included in our filings filed with or furnished to the SEC, including the “Risk Factors” sections in such filings.

Any failure to implement our operating strategy successfully or the occurrence of any of the events or circumstances set forth under Item 1A. Risk Factors in this Annual Report on Form 10-K could result in our actual operating results being different from information we provide regarding our financial outlook, and those differences might be adverse and material.

A pandemic, epidemic or outbreak of an infectious disease, such as the COVID-19 pandemic, may materially affect how we and our customers are operating our businesses and our financial results.

We are subject to risks related to public health crises such as the COVID-19 pandemic. The COVID-19 pandemic and policies and regulations implemented by governments in response to the COVID-19 pandemic had a significant impact, both directly and indirectly, on global businesses and commerce and indirect effects such as worker shortages and supply chain constraints. Future global health concerns could also result in social, economic, and labor instability in the countries in which we or the third parties with whom we engage operate.

The impact to our business from any future pandemics or health epidemics depends on multiple factors that cannot be accurately predicted, such as their duration and scope, the extent and effectiveness of containment actions, the disruption caused by such actions, and the efficacy and rates of vaccines. Future pandemics or health epidemics could have severe impacts on our business and our customers’ and prospective customers’ businesses. For instance, as a result of the COVID-19 pandemic, we experienced a deceleration in our year-over-year subscription revenue growth rate in the second quarter of 2020 as compared to our growth rates in prior periods. As a result of the impact of the COVID-19 pandemic, we experienced a deceleration in our year-over-year subscription revenue growth rate in the second quarter of 2020 as compared to our growth rates in prior periods. We attributed this deceleration primarily to increased churn and downgrades from existing customers and slower customer adds. Future pandemics or health epidemics may also adversely affect our productivity, employee morale, future sales, operating results, and overall financial performance. Pandemics, health epidemics, or outbreaks of infectious diseases may also have the effect of heightening many of the other risks described in this “Risk Factors” section.

Risks Related to Our Indebtedness

We have substantial indebtedness, which could adversely affect our financial health and our ability to obtain financing in the future, react to changes in our business and meet our obligations with respect to our indebtedness.

34

---

Table of Contents

As of December 31, 2024, our total indebtedness outstanding under our credit agreement, net of debt issuance costs, was $333.1 million and we had $60 million of additional unused borrowing capacity under our revolving credit facility. If we cannot generate sufficient cash flow from operations to service our debt, we may need to refinance our debt, dispose of assets, or issue equity to obtain necessary funds; we do not know whether we will be able to take any of such actions on a timely basis or on terms satisfactory to us or at all.

Our substantial indebtedness incurred under the credit agreement, combined with our other financial obligations and contractual commitments could have important consequences, including:

•requiring us to dedicate a substantial portion of our cash flows from operations to payments on our indebtedness, thereby reducing the funds available for operations, working capital, capital expenditures, acquisitions, product development and other purposes;

•increasing our vulnerability to adverse economic and industry conditions, which could place us at a competitive disadvantage compared to our competitors that have relatively less indebtedness;

•limiting our flexibility in planning for, or reacting to, changes in our business and the industries in which we operate;

•restricting us from making investments or strategic acquisitions or causing us to make non-strategic divestitures;

•requiring us under certain circumstances to repatriate earnings from our international operations in order to make payments on our indebtedness, which could subject us to local country income and withholding taxes and/or state income taxes that are not currently accrued in our financial statements;

•requiring us to liquidate short-term or long-term investments in order to make payments on our indebtedness, which could generate losses;

•exposing us to the risk of increased interest rates as borrowings under the credit agreement are subject to variable rates of interest; and

•limiting our ability to borrow additional funds, or to dispose of assets to raise funds, if needed, for working capital, capital expenditures, acquisitions, product development and other corporate purposes.

Despite our current indebtedness level, we and our restricted subsidiaries may be able to incur substantially more indebtedness, which could further exacerbate the risks associated with our substantial indebtedness.

Although the terms of the credit agreement governing our outstanding indebtedness contain restrictions on the incurrence of additional indebtedness, such restrictions are subject to a number of important exceptions and indebtedness incurred in compliance with such restrictions could be substantial. If we and our restricted subsidiaries incur significant additional indebtedness, the related risks that we face could increase. If new debt is added to our or our subsidiaries’ current debt levels, the related risks that we now face would increase, and we may not be able to meet all our debt obligations. See Management’s Discussion and Analysis of Financial Condition and Results of Operations—Liquidity and Capital Resources.

The credit agreement governing our indebtedness contains restrictions and limitations that may restrict our business and financing activities and expose us to risks that could adversely affect our liquidity and financial condition.

The credit agreement governing our credit facility contains various covenants that are operative so long as our credit facility remains outstanding. The covenants, among other things, limit our and certain of our subsidiaries’ abilities to:

•incur additional indebtedness;

•create or incur liens;

•engage in mergers, consolidations, amalgamations, liquidations, dissolutions or dispositions;

•make investments, acquisitions, loans (including guarantees), advances or capital contributions;

•sell, transfer or otherwise dispose of assets, including capital stock of subsidiaries;

•conduct, transact or otherwise engage in certain business or operations;

•create negative pledges or restrictions on the payment of dividends or payment of other amounts owed from subsidiaries;

•make prepayments or repurchases of debt that is subordinated with respect to right of payment;

•modify certain documents governing debt that is subordinated with respect to right of payment;

•pay dividends and distributions on, or redeem, repurchase or retire our capital stock; and

35

---

Table of Contents

•engage in certain transactions with affiliates.

Our credit agreement also contains a financial covenant which requires that, at the end of each fiscal quarter, for so long as the aggregate principal amount of borrowings under our revolving credit facility exceeds 35% of the aggregate commitments under the revolving credit facility, our first lien net leverage ratio cannot exceed 7.50 to 1.00. A breach of this financial covenant will not result in a default or event of default under the term loan facility under our credit agreement unless and until the lenders under our revolving credit facility have terminated the commitments under the revolving credit facility and declared the borrowings under the revolving credit facility due and payable.

Our credit agreement also contains numerous affirmative covenants that will remain in effect as long as our credit facility remains outstanding. We are also required to make mandatory prepayments of the obligations under our credit facility in certain circumstances, including upon certain asset sales or receipt of certain insurance proceeds or condemnation awards, upon certain issuances of debt, and, annually, with a portion of our excess cash flow.

Our ability to comply with the covenants and restrictions contained in the credit agreement governing our credit facility may be affected by economic, financial and industry conditions beyond our control. The restrictions in the credit agreement governing our credit facility may prevent us from taking actions that we believe would be in the best interests of our business and may make it difficult for us to execute our business strategy successfully or effectively compete with companies that are not similarly restricted. Even if our credit agreement is terminated, any additional debt that we incur in the future could subject us to similar or additional covenants.

The credit agreement includes customary events of default, including, among others, failure to pay principal, interest or other amounts; material inaccuracy of representations and warranties; violation of covenants; specified cross-default and cross-acceleration to other material indebtedness; certain bankruptcy and insolvency events; certain ERISA events; certain undischarged judgments; material invalidity of guarantees or grant of security interest; and change of control. Any default that is not cured or waived could result in the termination of our credit agreement or an acceleration of the obligations under the credit agreement. Any such default would permit the applicable lenders to declare all amounts outstanding thereunder to be due and payable, together with accrued and unpaid interest. In addition, such a default or acceleration may result in the acceleration of any other debt to which a cross-acceleration or cross-default provision applies. If we are unable to repay our indebtedness, the lenders under our credit facility could proceed against the collateral securing the indebtedness. In any such case, we may be unable to borrow under our credit facility and may not be able to repay the amounts due under our credit facility. This could have serious consequences to our financial condition and results of operations and could cause us to become bankrupt or insolvent.

Risks Related to Our Intellectual Property

The success of our business depends on our ability to obtain, maintain, protect and enforce our intellectual property rights.

Our success depends, in part, on our ability to protect proprietary methods and technologies that we develop or license so that we can prevent others from using our inventions and proprietary information. If we fail to protect our intellectual property rights adequately, our competitors might gain access to our technology and our business might be adversely affected. However, protecting and enforcing our intellectual property rights might entail significant expenses. Any of our intellectual property rights may be challenged by others, weakened or invalidated through administrative process or litigation. We rely primarily on a combination of patent, copyright, trademark, trade dress, unfair competition and trade secret laws, as well as confidentiality procedures and contractual restrictions, to establish and protect our proprietary rights. These laws, procedures and restrictions provide only limited protection.

As of December 31, 2024, we had ten issued patents. The process of obtaining patent protection is expensive and time-consuming and we may not be able to prosecute all necessary or desirable patent applications at a reasonable cost or in a timely manner. Even if issued, there can be no assurance that these patents, or our existing patents, will adequately protect our intellectual property, as the legal standards relating to the validity, enforceability and scope of protection of patent and other intellectual property rights are uncertain. Our patents and any future patents issued to us may be challenged, invalidated or circumvented, and may not provide sufficiently broad protection or may not prove to be enforceable in actions against alleged infringers. Any patents that are issued may subsequently be invalidated or otherwise limited, allowing other companies to develop offerings that compete with ours, which could adversely affect our competitive business position, business prospects and financial condition. In addition, issuance of a patent does not guarantee that we have a right to practice the patented invention. Patent applications in the United States are typically not published until 18 months after filing or, in some cases, not at all, and publications of discoveries in industry-related literature lag behind actual discoveries. We cannot be certain that third parties do not have blocking patents that could be used to prevent us from marketing or practicing our patented software or technology.

36

---

Table of Contents

We endeavor to enter into agreements with our employees and contractors and with parties with which we do business in order to limit access to and disclosure of our trade secrets and other proprietary information. We cannot be certain that the steps we have taken will prevent unauthorized use, misappropriation or reverse engineering of our technology. Moreover, others may independently develop technologies that are competitive to ours and may infringe our intellectual property. The enforcement of our intellectual property rights also depends on our legal actions against these infringers being successful, but these actions may not be successful, even when our rights have been infringed. Further, any litigation, whether or not resolved in our favor, could be costly and time-consuming.

Our exposure to risks related to the protection of intellectual property may be increased in the context of acquired technologies as we have a lower level of visibility into the development process and the actions taken to establish and protect proprietary rights in the acquired technology. In connection with past acquisitions, we have found that some associated intellectual property rights, such as domain names and trademarks in certain jurisdictions, are owned by resellers, distributors or other third parties. In the past, we have experienced difficulties in obtaining assignments of these associated intellectual property rights from third parties.

Furthermore, effective patent, trademark, trade dress, copyright and trade secret protection may not be available in every country in which our solutions are available. The laws of some foreign countries may not be as protective of intellectual property rights as those in the United States (in particular, some foreign jurisdictions do not permit patent protection for software), and mechanisms for enforcement of intellectual property rights may be inadequate. In addition, the legal standards, both in the United States and in foreign countries, relating to the validity, enforceability and scope of protection of intellectual property rights are uncertain and still evolving. Accordingly, despite our efforts, we may be unable to prevent third parties from infringing upon or misappropriating our intellectual property.

We might be required to spend significant resources to monitor and protect our intellectual property rights. We may initiate claims or litigation against third parties for infringement of our proprietary rights or to establish the validity of our proprietary rights. Litigation also puts our patents at risk of being invalidated or interpreted narrowly and our patent applications at risk of not issuing. Additionally, we may provoke third parties to assert counterclaims against us. We may not prevail in any lawsuits that we initiate, and the damages or other remedies awarded, if any, may not be commercially viable. Any litigation, whether or not resolved in our favor, could result in significant expense to us and divert the efforts of our technical and management personnel, which may adversely affect our business, results of operations, financial condition and cash flows.

Our use of open source software could negatively affect our ability to sell our offerings and subject us to possible litigation.

Some of our offerings incorporate open source software, and we intend to continue to use open source software in the future. Some terms of certain open source licenses to which we are subject have not been interpreted by U.S. or foreign courts, and there is a risk that open source software licenses could be construed in a manner that imposes unanticipated conditions or restrictions on our ability to monetize our offerings. Additionally, we may from time to time face claims from third parties claiming ownership of, or demanding release of, the open source software or derivative works that we developed using such software, which could include our proprietary source code, or otherwise seeking to enforce the terms of the applicable open source software license. These claims could result in litigation and could require us to make our software source code freely available, purchase a costly license to continue offering the software or cease offering the implicated services unless and until we can re-engineer them to avoid infringement or violation. This re-engineering process could require significant additional research and development resources, and we may not be willing to entertain the cost associated with updating the software or be able to complete it successfully. In addition to risks related to license requirements, use of certain open source software can lead to greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or controls on the origin of software and, thus, may contain security vulnerabilities or infringing or broken code. Additionally, if we utilize open source licenses that require us to contribute to open source projects, this software code is publicly available; and our ability to protect our intellectual property rights with respect to such software source code may be limited or lost entirely. We may be unable to prevent our competitors or others from using such contributed software source code. Any of these risks could be difficult to eliminate or manage, and if not addressed, could have a negative effect on our business, operating results and financial condition.

37

---

Table of Contents

Risks Related to Cybersecurity

Cyberattacks, including the Cyber Incident, and other security incidents have resulted, and in the future may result, in compromises or breaches of our, our IT services provider customers’, or their SMB and mid-market customers’ systems, the insertion of malicious code, malware, ransomware or other vulnerabilities into our, our IT services provider customers’, or their SMB and mid-market customers’ systems, the exploitation of vulnerabilities in our, our T services provider customers’, or their SMB and mid-market customers’ environments, the theft or misappropriation of our, our IT services provider customers’, or their SMB and mid-market customers’ proprietary and confidential information, and interference with our, our IT services provider customers’, or their SMB and mid-market customers’ operations, exposure to legal and other liabilities, higher customer and employee attrition and the loss of key personnel, negative impacts to our sales, renewals and upgrades and reputational harm and other serious negative consequences, any or all of which could materially harm our business.

We are heavily dependent on our technology infrastructure to operate our business, and our customers rely on our solutions to help manage and secure their IT infrastructure and environments, and that of their SMB and mid-market customers, including the protection of confidential information.We are heavily dependent on our technology infrastructure to operate our business, and our MSP partners rely on our solutions to help manage and secure their IT infrastructure and environments, and that of their SME customers, including the protection of confidential information. Despite our implementation of security measures and controls, our systems, the systems of our third-party service providers upon which we rely, the systems of our customers and the virtualized systems of our customers, as well as the information that those systems store and process are vulnerable to attack from numerous threat actors, including sophisticated nation-state and nation-state-supported actors (including advanced persistent threat intrusions). Despite our implementation of security measures and controls, our systems, the systems of our third-party service providers upon which we rely, the systems of our MSP partners and the virtualized systems of our MSP partners, as well as the information that those systems store and process are vulnerable to attack from numerous threat actors, including sophisticated nation-state and nation-state-supported actors (including advanced persistent threat intrusions). Threat actors have been, and may in the future be, able to compromise our security measures or otherwise exploit vulnerabilities in our systems, including vulnerabilities that may have been introduced through the actions of our employees or contractors or defects in design or manufacture of our products and systems or the products and systems that we procure from third parties. In doing so, they have been, and may in the future be, able to breach or compromise our IT systems, including those which we use to design, develop, deploy and support our products, and access and misappropriate our, our current and former employees’ and our customers’ proprietary and confidential information, including our software source code, introduce malware, ransomware or vulnerabilities into our products and systems and create system disruptions or shutdowns. By virtue of the role our products play in helping to manage and secure the environments and systems of our customers and their end customers, attacks on our systems and products can result in similar impacts on our customers’ and their customers’ systems and data. By virtue of the role our products play in helping to manage and secure the environments and systems of our MSP partners and their SME customers, attacks on our systems and products can result in similar impacts on our MSP partners’ and their SME customers’ systems and data.

Cybersecurity has become increasingly important to our customers as their end customers experience increased security threats while more of their workforce works remotely.Cybersecurity has become increasingly important to our MSP partners as their SME customers experience increased security threats while more of their workforce works remotely during the COVID-19 pandemic. Larger volumes of remote devices are connecting to SMBs’ networks driving increased vulnerability and incidences of ransomware and phishing attacks are growing, making security a high priority for SMBs. The potential impact of cybersecurity breaches or incidents affecting customers’ remote monitoring of multiple SMB or mid-market customers’ networks and devices is significant. The potential impact of cybersecurity breaches or incidents affecting MSP partners’ remote monitoring of multiple SME customers’ networks and devices is significant.

Moreover, the number and scale of cyberattacks have continued to increase and the methods and techniques used by threat actors, including sophisticated “supply-chain” attacks such as the Cyber Incident, continue to evolve at a rapid pace. As a result, we may be unable to identify current attacks, anticipate these attacks or implement adequate security measures. We have experienced, and may in the future experience, security breaches that may remain undetected for an extended period and, therefore, have a greater impact on our solutions, our proprietary data or the data of our IT services provider customers or their SMB and mid-market customers, and ultimately on our business. We have experienced, and may in the future experience, security breaches that may remain undetected for an extended period and, therefore, have a greater impact on our solutions, our proprietary data or the data of our MSP partners or their SME customers, and ultimately on our business. In addition, our ability to defend against and mitigate cyberattacks depends in part on prioritization decisions that we and third parties upon whom we rely make to address vulnerabilities and security defects. While we endeavor to address all identified vulnerabilities in our products, we must make determinations as to how we prioritize developing and deploying the respective fixes and we may be unable to do so prior to an attack. Likewise, even once a vulnerability has been addressed, for certain of our products, the fix will only be effective once a customer has updated the impacted product with the latest release, and customers that do not install and run the remediated versions of our products, and their SMB and mid-market customers, may remain vulnerable to attack. Likewise, even once a vulnerability has been addressed, for certain of our products, the fix will only be effective once an MSP partner has updated the impacted product with the latest release, and MSP partners that do not install and run the remediated versions of our products, and their SME customers, may remain vulnerable to attack.

Cyberattacks, including the Cyber Incident, and other security incidents have resulted, and in the future may result, in numerous risks and adverse consequences to our business, including that (a) our prevention, mitigation and remediation efforts may not be successful or sufficient, (b) our confidential and proprietary information, including our source code, as well as personal information related to current or former employees and customers, may be accessed, exfiltrated, misappropriated, compromised or corrupted, (c) we incur significant financial, legal, reputational and other harms to our business, including, loss of business, decreased sales, severe reputational damage adversely affecting current and prospective customer, employee or vendor relations and investor confidence, U.S. or foreign regulatory investigations and enforcement actions, litigation, indemnity obligations, damages for contractual breach, penalties for violation of applicable laws or regulations, including laws and regulations in the United States and other jurisdictions relating to the collection, use and security of user and other personally identifiable information and data, significant costs for remediation, impairment of our ability to protect our intellectual property, stock price volatility and other significant liabilities, (d) our insurance coverage, including coverage relating to certain security and privacy damages and claim expenses, may not be available or sufficient to compensate for all

38

---

Table of Contents

liabilities we incur related to these matters or that we may face increased costs to obtain and maintain insurance in the future, and (e) our steps to secure our internal environment, adapt and enhance our software development and build environments and ensure the security and integrity of the solutions that we deliver to our customers may not be successful or sufficient to protect against future threat actors or cyberattacks. We have incurred and expect to continue to incur significant expenses related to our cybersecurity initiatives.

The Cyber Incident has had and may continue to have an adverse effect on our business, reputation, customer and employee relations, results of operations, financial condition or cash flows.

On December 14, 2020, SolarWinds announced that it had been the victim of a cyberattack (the “Cyber Incident”) on its Orion Software Platform and internal systems. SolarWinds’ investigation revealed that as part of this attack, malicious code (“Sunburst”) was injected into builds of SolarWinds’ Orion Software Platform that it released between March 2020 and June 2020. If present and activated in a customer’s IT environment, Sunburst could potentially allow an attacker to compromise the server on which the Orion Software Platform was installed. The Cyber Incident has been widely reported by SolarWinds and other third parties and appears to be one of the most complex and sophisticated cyberattacks in history.

SolarWinds’ investigations have revealed that the threat actor employed novel and sophisticated techniques indicative of a nation state actor and consistent with the goal of cyber espionage via a supply-chain attack. Through the use of the novel SUNSPOT code injector that SolarWinds discovered in its investigation, the threat actor surreptitiously injected the Sunburst malicious code solely into builds of the Orion Software Platform. The threat actor undertook a test run of its ability to inject code into builds of the Orion Software Platform in October 2019, months prior to initiating the actual Sunburst injection into builds of the Orion Software Platform that SolarWinds released between March and June 2020. SolarWinds has not identified Sunburst in any of its more than 70 non-Orion products and tools, including, as previously disclosed, any of our N-able solutions.

As a result of the Cyber Incident, we are faced with significant risks. As a part of SolarWinds and our prior branding as “SolarWinds MSP,” the Cyber Incident has harmed, and may continue to harm, our reputation, our customer and employee relations and our operations and business as a result of both the impact it has had on our relationships with existing and prospective customers and the significant time and resources that our personnel have had and may have to devote to investigating and responding to the Cyber Incident. Customers have and may in the future defer purchasing or choose to cancel or not renew their agreements or subscriptions with us as a result of the Cyber Incident. We have expended significant costs and expenses related to the Cyber Incident including in connection with investigations, our remediation efforts, our compliance with applicable laws and regulations in connection with the threat actor’s access to and exfiltration of information related to our current or former employees and customers, and our measures to address the damage to our reputation and customers and employee relations. We are also expending additional costs in connection with our ongoing cybersecurity-related initiatives. If we are unable to maintain the trust of our current and prospective customers and their SMB and mid-market customers, negative publicity continues and/or our personnel continue to have to devote significant time to the Cyber Incident, our business, market share, results of operations and financial condition will be negatively affected. If we are unable to maintain the trust of our current and prospective MSP partners and their SME customers, negative publicity continues and/or our personnel continue to have to devote significant time to the Cyber Incident, our business, market share, results of operations and financial condition will be negatively affected.

SolarWinds has confirmed to us that it has concluded its internal investigations relating to the Cyber Incident. While SolarWinds does not know precisely when or how the threat actor first gained access to its environment, its investigations uncovered evidence that the threat actor compromised credentials and conducted research and surveillance in furtherance of its objectives through persistent access to its software development environment and internal systems, including its Office 365 environment, for at least nine months prior to initiating the test run in October 2019. During this entire period, we were a part of the SolarWinds’ shared environment and the threat actor had persistent access to our systems and Office 365 environment. SolarWinds also has found evidence that causes us to believe that the threat actor exfiltrated certain information as part of its research and surveillance. The threat actor created and moved files that we believe contained source code for our products, although we are unable to determine the actual contents of those files. The threat actor also created and moved additional files, including files that may have contained data about our customers partners and files that may have contained data relating to trial and product activation of our N-central On Demand solution. The threat actor also created and moved additional files, including files that may have contained data about our MSP partners and files that may have contained data relating to trial and product activation of our N-central On Demand solution. We do not believe that any information of the SMB and mid-market customers of our customers would have been included in the files that were created by the threat actor. We do not believe that any information of the customers of our MSP Partners would have been included in the files that were created by the threat actor. Although we are unable to determine the actual contents of these files, with respect to the files that may have contained data about our customers, we believe the information included in such files would not have contained highly sensitive personal information, such as credit card, social security, passport or bank account numbers, but could have contained other information such as customer IDs, business email addresses and encrypted customer portal login credentials. With respect to the files that may have contained data relating to trial and product activation of our N-central On Demand solutions, although we are unable to determine the actual content of such files, the information included in such files could have contained customer usernames and N-central On Demand initial passwords generated by N-able. The threat actor also moved files to a jump server, which SolarWinds believes was intended to facilitate exfiltration of the files out of the shared environment. Investigations to date have also revealed that the threat actor accessed the email accounts of certain of our personnel, some of which contained information related to current

39

---

Table of Contents

or former employees and customers. SolarWinds has notified us that it has identified all personal information contained in the emails of these accounts, and has informed us that it has provided notices to any impacted individuals and other parties as required. SolarWinds has notified us that it has identified all personal information contained in 36Table of Contentsthe emails of these accounts, and has informed us that it has provided notices to any impacted individuals and other parties as required.

In October 2023, the SEC filed a complaint against SolarWinds and its chief information officer alleging violations of the Exchange Act and Securities Act relating to SolarWinds’ cybersecurity disclosures and public statements, as well as its internal controls and disclosure controls and procedures. On July 18, 2024, the District Court for the Southern District of New York entered an order granting in large part the SolarWinds’ motion to dismiss. Only one claim remains pending before the court which concerns the accuracy of their online Security Statement. The October 2023 complaint brought, and any future developments may bring, renewed attention to the Cyber Incident and questions from some of our customers.

The discovery of new or different information regarding the Cyber Incident, including with respect to its scope, the activities of the threat actor within the shared SolarWinds environment and the related impact on any of our systems, solutions, current or former employees and customers, could increase our costs and liabilities related to the Cyber Incident and expose us to claims, investigations by U.S. federal and state and foreign governmental officials and agencies, civil and criminal litigation, including securities class action and other lawsuits, and other liability, resulting in material remedial and other expenses which may not be covered by insurance, including fines and further damage to our business, reputation, intellectual property, results of operations and financial condition. Although, subject to the terms of the Separation and Distribution Agreement, SolarWinds would indemnify us for costs we may incur, any such claims, investigations or lawsuits may result in the incurrence of significant external and internal legal and advisory costs and expenses and reputational damage to our business, as well as the diversion of management’s attention from the operation of our business and a negative impact on our employee morale. We also may not have sufficient insurance coverage for any claims or expenses to the extent that certain costs are not covered under SolarWinds’ insurance coverage or the terms of the Separation and Distribution Agreement indemnification.

The Cyber Incident also may embolden other threat actors to target our systems, which could result in additional harm to our business, reputation, intellectual property, results of operations and financial conditions. Although we have and expect to continue to deploy significant resources as part of our security infrastructure, we cannot ensure that our steps to secure our internal environment, improve our software development and build environments and protect the security and integrity of the solutions that we deliver will be successful or sufficient to protect against future threat actors or cyberattacks or perceived by existing and prospective customers partners as sufficient to address the harm caused by the Cyber Incident.

Risks Related to Accounting and Taxation

Failure to maintain proper and effective internal controls could have a material adverse effect on our business, operating results and stock price.

As a public company, we are subject to the reporting requirements of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), the Sarbanes-Oxley Act and the Dodd-Frank Act and are required to prepare our financial statements according to the rules and regulations required by the SEC. In addition, the Exchange Act requires that we file annual, quarterly and current reports. Any failure to prepare and disclose this information in a timely manner or to otherwise comply with applicable law could subject us to penalties under federal securities laws, expose us to lawsuits and restrict our ability to access financing. In addition, the Sarbanes-Oxley Act requires, among other things, that we establish and maintain effective internal controls and procedures for financial reporting and disclosure purposes. We are also required to include an attestation report on internal control over financial reporting issued by our independent registered public accounting firm. Our testing, or the subsequent testing by our independent registered public accounting firm, may reveal deficiencies in our internal control over financial reporting that are deemed to be material weaknesses. If we are not able to comply with the requirements of Section 404 of the Sarbanes-Oxley Act in a timely manner, or if we or our accounting firm identify deficiencies in our internal control over financial reporting that are deemed to be material weaknesses, the market price of our stock would likely decline and we could be subject to lawsuits, sanctions, or investigations by regulatory authorities, including SEC enforcement actions, and we could be required to restate our financial results, any of which would require additional financial and management resources. Internal control over financial reporting is complex and may be revised over time to adapt to changes in our business, or changes in applicable accounting rules. As we increased the number of contracts that have terms of one or more years, we developed controls around the accounting for these contracts. While we believe these controls are effective, they rely substantially on manual processes. We cannot assure that our internal control over financial reporting will be effective in the future or that a material weakness will not be discovered with respect to a prior period for which we had previously believed that internal controls were effective. If material weaknesses in our internal control over financial reporting are discovered or occur in the future, our consolidated financial statements may contain material misstatements and we could be required to restate our financial results, which could materially and adversely affect our business, results of operations, and financial condition, restrict our ability to access the capital markets, require us to expend significant resources to correct the material weakness, subject us to fines, penalties or judgments, harm our reputation, or otherwise cause a decline in investor confidence.

40

---

Table of Contents

Changes in financial accounting standards or practices may cause adverse, unexpected financial reporting fluctuations and affect our reported results of operations.

A change in accounting standards or practices can have a significant effect on our reported results and may even affect our reporting of transactions completed before the change is effective. New accounting pronouncements and varying interpretations of accounting pronouncements have occurred and may occur in the future. Changes to existing rules or the questioning of current practices may adversely affect our reported financial results or the way in which we conduct our business.

Our revenue recognition policy and other factors may distort our financial results in any given period and make them difficult to predict.

Under accounting standards update No. 2014-09 (Topic 606), Revenue from Contracts with Customers (“ASC 606”), we recognize revenue when our customer obtains control of goods or services in an amount that reflects the consideration that we expect to receive in exchange for those goods or services. Our subscription revenue consists of (i) SaaS agreements, (ii) term-based licenses bundled with coterminous support and (iii) maintenance and support agreements. For SaaS and maintenance and support agreements, we recognize revenue ratably over the contract period as the Company satisfies its performance obligation, beginning on the date the Company makes its service available to the customer. For term-based licenses bundled with coterminous support, we recognize revenue when the distinct license is made available to the customer, and support revenue is recognized ratably over the contract period. During the year ended December 31, 2024, we began increasing the proportion of our subscriptions that are long-term committed contracts, as compared to month-to-month contracts. In connection with this, we saw an increase in point-in-time subscription revenue, offset by estate optimization impacting our net revenue retention during the year as customers optimized their estates in the process of entering long-term committed contracts. A significant increase or decline in our subscription contracts in any one quarter may not be fully reflected in the results for that quarter but will affect our revenue in future quarters.

Furthermore, the presentation of our financial results requires us to make estimates and assumptions that may affect revenue recognition. In some instances, we could reasonably use different estimates and assumptions, and changes in estimates are likely to occur from period to period. See the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations-Critical Accounting Policies and Estimates-Revenue Recognition” included in Part II, Item 7 of this Annual Report.

Given the foregoing factors, our actual results could differ significantly from our estimates, comparing our revenue and operating results on a period-to-period basis may not be meaningful, and our past results may not be indicative of our future performance.

Our business and financial performance could be negatively impacted by changes in tax laws or regulations.

New income, sales, use or other tax laws, statutes, rules, regulations or ordinances could be enacted at any time. Further, existing tax laws, statutes, rules, regulations or ordinances could be interpreted, changed, modified or applied adversely to us. Any changes to these existing tax laws could adversely affect our domestic and international business operations and our business and financial performance, including provisions of the Inflation Reduction Act of 2022. Additionally, these events could require us or our customers to pay additional tax amounts on a prospective or retroactive basis, as well as require us or our customers to pay fines and/or penalties and interest for past amounts deemed to be due. Although, subject to the terms of the Separation and Distribution Agreement, SolarWinds would indemnify us for costs we may incur, any such claims, investigations or lawsuits may result in the incurrence of significant external and internal legal and advisory costs and expenses and reputational damage to our business, as well as the diversion of management’s attention from the operation of our business and a negative impact on our employee morale. If we raise our subscription prices to offset the costs of these changes, existing customers may cancel their subscriptions and potential customers may elect not to purchase our subscriptions. If we raise our subscription prices to offset the costs of these changes, existing MSP partners may cancel their subscriptions and potential MSP partners may elect not to purchase our subscriptions. Additionally, new, changed, modified or newly interpreted or applied tax laws could increase our customers’ and our compliance, operating and other costs, as well as the costs of our solutions. Further, these events could decrease the capital we have available to operate our business. Any or all of these events could adversely impact our business and financial performance.

Additionally, the U.S. Tax Cuts and Jobs Act of 2017 (the “Tax Act”), which was enacted on December 22, 2017, requires complex computations to be performed, significant judgments to be made in the interpretation of the provisions of the Tax Act, significant estimates in calculations and the preparation and analysis of information not previously relevant or regularly produced. The U.S. Treasury Department continues to interpret or issue guidance on how provisions of the Tax Act will be applied or otherwise administered. As additional guidance is issued, we may make adjustments to amounts that we have previously recorded that may materially impact our financial statements in the period in which the adjustments are made.

Additional liabilities related to taxes or potential tax adjustments could adversely impact our business and financial performance.

We are subject to tax and related obligations in various federal, state, local and foreign jurisdictions in which we operate or do business. The taxing rules of the various jurisdictions in which we operate or do business are often complex and subject to differing interpretations. Tax authorities could challenge our tax positions we historically have taken, or intend to take in the future, or may audit the tax filings we have made and assess additional taxes. Tax authorities may also assess taxes in

41

---

Table of Contents

jurisdictions where we have not made tax filings. Any assessments incurred could be material, and may also involve the imposition of substantial penalties and interest. Significant judgment is required in evaluating our tax positions and in establishing appropriate reserves, and the resolutions of our tax positions are unpredictable. The payment of additional taxes, penalties or interest resulting from any assessments could adversely impact our business and financial performance.

Our corporate structure and intercompany arrangements are subject to the tax laws of various jurisdictions, and we could be obligated to pay additional taxes, which would harm our operating results.

Based on our current corporate structure, we are subject to taxation in several jurisdictions around the world with increasingly complex tax laws, the application of which can be uncertain.Based on our current corporate structure, we may be subject to taxation in several jurisdictions around the world with increasingly complex tax laws, the application of which can be uncertain. The amount of taxes we pay in these jurisdictions could increase substantially as a result of changes in the applicable tax rules, including increased tax rates, new tax laws or revised interpretations of existing tax laws and precedents. In addition, the authorities in these jurisdictions could challenge our methodologies for valuing developed technology or intercompany arrangements, including our transfer pricing. The relevant taxing authorities may determine that the manner in which we operate our business does not achieve the intended tax consequences. If such a disagreement were to occur, and our position were not sustained, we could be required to pay additional taxes, interest and penalties. Such authorities could claim that various withholding requirements apply to us or our subsidiaries or assert that benefits of tax treaties are not available to us or our subsidiaries. Any increase in the amount of taxes we pay or that are imposed on us could increase our worldwide effective tax rate and adversely affect our business and operating results.

Our operating results may be negatively impacted by the loss of certain tax benefits provided to companies in our industry predominately by the governments of countries in which we have research and development personnel.

Many of the governments of countries in which we have research and development personnel provide us with certain tax benefits related to the employment of such personnel and the activities that they perform. In Belarus, for example, our local subsidiary along with other member technology companies of High-Technologies Park have a full exemption from Belarus income tax and value added tax until 2049 and are taxed at reduced rates on a variety of other taxes. We have similar arrangements with our subsidiaries in the United Kingdom and Romania. If these tax benefits are changed, terminated, not extended or comparable new tax incentives are not introduced, we expect that our effective income tax rate and/or our operating expenses could increase significantly, which could materially adversely affect our financial condition and results of operations.

Risks Related to Governmental Regulation

We are subject to various global data privacy and security regulations, which could result in additional costs and liabilities to us.

Our business is subject to a wide variety of local, state, national and international laws, directives and regulations that apply to the collection, use, retention, protection, disclosure, transfer and other processing of personal data. Moreover, because many of the features of our offerings use, store and report on SMB data, which may contain personal data, any inability to adequately address privacy concerns, to honor a data subject request, to delete stored data at the relevant times, or to comply with applicable privacy laws, regulations and policies could, even if unfounded, result in liability to us and, damage to our reputation, loss of sales and harm to our business. These data protection and privacy-related laws and regulations continue to evolve and are expected to result in ever-increasing regulatory and public scrutiny and escalating levels of enforcement and sanctions and increased costs of compliance. In the United States, these include rules and regulations promulgated under the authority of the Federal Trade Commission, and state privacy and breach notification laws. In connection with the Cyber Incident, SolarWinds’ investigations revealed that the threat actor accessed the email accounts of certain of our personnel, some of which contained information related to current or former employees and customers. In connection with the Cyber Incident, SolarWinds’ investigations have revealed that the threat actor accessed the email accounts of certain of our personnel, some of which contained information related to current or former employees and MSP partners. SolarWinds has informed us that it notified the applicable regulators in the European Union and the United States, as well as the impacted individuals where required, with respect to the personal information contained in the email accounts of certain current and former employees and customers to which the threat actor gained access. SolarWinds has informed us that it has notified the applicable regulators in the European Union and the United States, as well as the impacted individuals where required, with respect to the personal information contained in the email accounts of certain current and former employees and customers to which the threat actor gained access. In addition, if we experience another security incident with personal data, we may be required to inform the representative state attorney general or federal or country regulator, media and credit reporting agencies, and any party whose information was compromised, which could further harm our reputation and business. States and countries have enacted different requirements for protecting personal data collected and maintained electronically. We expect that there will continue to be new proposed laws, regulations and industry standards concerning privacy, data protection and information security in the United States, the European Union and other jurisdictions, and we cannot yet determine the impact such future laws, regulations and standards will have on our business or the businesses of our customers, including, but not limited to the European Union’s General Data Protection Regulation, the UK’s General Data Protection Regulation and U.S. state privacy laws, which created a range of new compliance obligations, and significantly increased financial penalties for noncompliance. We continue to assess the impact of these emerging laws on the ability to lawfully transfer personal data from the European Union to the United States, monitor relevant guidance, and refine our processes accordingly. It is possible that the decision will restrict the ability to transfer personal data from the European Union to the United States, and we may, in addition to other impacts, experience additional costs associated with increased compliance burdens, and we, our customers, and their

42

---

Table of Contents

SMB and mid-market customers face the potential for regulators in the EEA to apply different standards to the transfer of personal data from the EEA to the United States, and to block, or require ad hoc verification of measures taken with respect to, certain data flows from the EEA to the United States.

In addition, global privacy and data protection legislation, enforcement and policy activity are rapidly expanding and evolving, and may be inconsistent from jurisdiction to jurisdiction. We may, in addition to other impacts, experience additional costs associated with increased compliance burdens relative to transfers of personal data from the European Union to the United States, and we, our customers and their SMB and mid-market customers face the potential for regulators in the European Economic Area (the “EEA”) to apply different standards to the transfer of personal data from the EEA to the United States, and to block, or require ad hoc verification of measures taken with respect to, certain data flows from the EEA to the United States. It is possible that the decision will restrict the ability to transfer personal data from the European Union to the United States, and we may, in addition to other impacts, experience additional costs associated with increased compliance burdens, and we, our MSP partners, and their SME customers face the potential for regulators in the EEA to apply different standards to the transfer of personal data from the EEA to the United States, and to block, or require ad hoc verification of measures taken with respect to, certain data flows from the EEA to the United States.

Failure to comply with laws concerning privacy, data protection and information security could result in enforcement action against us, including fines, imprisonment of company officials and public censure, claims for damages by our customers, their SMB and mid-market customers, and other affected individuals, damage to our reputation and loss of goodwill (both in relation to existing IT services provider customers and their SMB and mid-market customers and prospective IT services provider customers and their SMB and mid-market customers), any of which could have a material adverse effect on our operations, financial performance and business.Failure to comply with laws concerning privacy, data protection and information security could result in enforcement action against us, including fines, imprisonment of company officials and public censure, claims for damages by our MSP partners, their SME customers, and other affected individuals, damage to our reputation and loss of goodwill (both in relation to existing MSP partners and their SME customers and prospective MSP partners and their SME customers), any of which could have a material adverse effect on our operations, financial performance and business. In addition, we could suffer adverse publicity and loss of customer confidence were it alleged or found that we did not take adequate measures to assure the confidentiality of the personal data that our customers had given to us. This could result in a loss of customers and revenue that could jeopardize our success. This could result in a loss of MSP partners and revenue that could jeopardize our success. We may not be successful in avoiding potential liability or disruption of business resulting from the failure to comply with these laws and, even if we comply with laws, may be subject to liability because of a security incident. If we were required to pay any significant amount of money in satisfaction of claims under these laws, or any similar laws enacted by other jurisdictions, or if we were forced to cease our business operations for any length of time as a result of our inability to comply fully with any of these laws, our business, operating results and financial condition could be adversely affected. Further, complying with the applicable notice requirements in the event of a security breach could result in significant costs.

Additionally, our business efficiencies and economies of scale depend on generally uniform solutions offerings and uniform treatment of customers across all jurisdictions in which we operate. Compliance requirements that vary significantly from jurisdiction to jurisdiction impose added costs on our business and can increase liability for compliance deficiencies.

We are subject to governmental export controls and economic sanctions laws that could impair our ability to compete in international markets and subject us to liability if we are not in full compliance with applicable laws.

Certain of our solutions are subject to U.S. export controls, including the U.S. Department of Commerce’s Export Administration Regulations and economic and trade sanctions regulations administered by the U.S. Treasury Department’s Office of Foreign Assets Control. These regulations may limit the export of our solutions and provision of our services outside of the United States, or may require export authorizations, including by license, a license exception or other appropriate government authorizations, including annual or semi-annual reporting and the filing of an encryption registration. Export control and economic sanctions laws may also include prohibitions on the sale or supply of certain of our solutions to embargoed or sanctioned countries, regions, governments, persons and entities. In addition, various countries regulate the importation of certain solutions, through import permitting and licensing requirements, and have enacted laws that could limit our ability to distribute our solutions. The exportation, re-exportation and importation of our solutions and the provision of services, including by our partners, must comply with these laws or else we may be adversely affected, through reputational harm, government investigations, penalties, and a curtailment or denial of our ability to export our solutions or provide services. Complying with export control and sanctions laws may be time consuming and may result in the delay or loss of sales opportunities. If we are found to be in violation of U.S. sanctions or export control laws, it could result in substantial fines and penalties for us and for the individuals working for us. Changes in export or import laws or corresponding sanctions may delay the introduction and sale of our solutions in international markets, or, in some cases, prevent the export or import of our solutions to certain countries, regions, governments, persons or entities altogether, which could adversely affect our business, financial condition and results of operations. Changes in export or import laws or corresponding sanctions may delay 39Table of Contentsthe introduction and sale of our solutions in international markets, or, in some cases, prevent the export or import of our solutions to certain countries, regions, governments, persons or entities altogether, which could adversely affect our business, financial condition and results of operations.

We are also subject to various domestic and international anti-corruption laws, such as the U.S. Foreign Corrupt Practices Act and the U.K. Bribery Act, as well as other similar anti-bribery and anti-kickback laws and regulations. These laws and regulations generally prohibit companies and their employees and intermediaries from authorizing, offering or providing improper payments or benefits to officials and other recipients for improper purposes. Although we take precautions to prevent violations of these laws, our exposure for violating these laws increases as our international presence expands and as we increase sales and operations in foreign jurisdictions.

43

---

Table of Contents

Government regulation of the Internet and e-commerce is evolving, and unfavorable changes or our failure to comply with regulations could harm our operating results.

As Internet commerce continues to evolve, increasing regulation by federal, state or foreign agencies becomes more likely. In addition to data privacy and security laws and regulations, taxation of solutions and services provided over the Internet or other charges imposed by government agencies or by private organizations for accessing the Internet may also be imposed. Any regulation imposing greater fees for Internet use or restricting information exchange over the Internet could result in a decline in the use of the Internet and the viability of Internet-based services and solutions offerings, which could harm our business and operating results.

Risks Related to the Separation and Distribution

The Separation and Distribution may not achieve some or all of the anticipated benefits, which may disrupt or adversely affect our business, results of operations and financial condition.

We may not fully realize the intended benefits of being a stand-alone public company if any of the risks identified in this “Risk Factors” section, or other events, were to occur. If we do not realize these intended benefits for any reason, our business may be negatively affected. We may be unable to achieve some or all of the benefits that we expect to achieve as an independent company in the time we expect, if at all, for a variety of reasons, including: (i) as an independent, publicly traded company, we may be more susceptible to market fluctuations and other adverse events than if we were still a part of SolarWinds; and (ii) as an independent, publicly traded company, our business is less diversified than SolarWinds’ businesses prior to the Separation and Distribution. We also may experience increased difficulties in attracting, retaining, and motivating employees or maintaining or initiating relationships with partners, customers and other parties with which we currently do business, or may do business in the future, which may adversely affect our business, results of operations and financial condition. If we fail to achieve some or all of the benefits that we expect to achieve as an independent company, or do not achieve them in the time we expect, our business, financial condition and results of operations could be adversely affected.

We could incur significant liability if the Separation and Distribution is determined to be a taxable transaction, and, in certain circumstances, we could be required to indemnify SolarWinds for material taxes and other related amounts pursuant to indemnification obligations under the tax matters agreement.

SolarWinds has received opinions of tax counsel and tax advisors regarding qualification of the Separation and Distribution, together with certain related transactions, as transactions that are generally tax-free for U.S. federal income tax purposes under Sections 368(a)(1)(D) and/or 355 of the Code. The opinions of tax counsel and tax advisors are based upon and rely on, among other things, certain facts and assumptions, as well as certain representations, statements and undertakings of SolarWinds and us, including those relating to the past and future conduct of SolarWinds and us. If any of these representations, statements or undertakings are, or become, incomplete or inaccurate, or if we or SolarWinds breach any of the respective covenants in any of the Separation and Distribution-related agreements, the opinions of tax counsel and tax advisors could be invalid and the conclusions reached therein could be jeopardized.

Notwithstanding any opinion of tax counsel and tax advisors, the Internal Revenue Service (the “IRS”) could determine that the Separation and Distribution should be treated as a taxable transaction if it were to determine that any of the facts, assumptions, representations, statements or undertakings upon which any opinion of tax counsel and tax advisors was based were false or had been violated, or if it were to disagree with the conclusions in any opinion of tax counsel and tax advisors. Any opinion of tax counsel and tax advisors would not be binding on the IRS or the courts, and we cannot assure that the IRS or a court would not assert a contrary position. SolarWinds has not requested, and does not intend to request, a ruling from the IRS with respect to the treatment of the distribution or certain related transactions for U.S. federal income tax purposes.

If the Separation and Distribution were to fail to qualify as a transaction that is generally tax-free for U.S. federal income tax purposes under Sections 355 and 368(a)(1)(D) of the Code, in general, SolarWinds would recognize taxable gain as if it had sold our common stock in a taxable sale for its fair market value, and SolarWinds stockholders who receive shares of our common stock in the distribution would be subject to tax as if they had received a taxable distribution equal to the fair market value of such shares.

We agreed in the tax matters agreement to indemnify SolarWinds for any taxes (and any related costs and other damages) resulting from the Separation and Distribution, and certain other related transactions, to the extent such amounts were to result from (i) an acquisition after the distribution of all or a portion of our equity securities, whether by merger or otherwise (and regardless of whether we participated in or otherwise facilitated the acquisition), (ii) other actions or failures to act by us or (iii) any of the representations or undertakings contained in any of the Separation and Distribution-related agreements or in the documents relating to the opinion of tax counsel and tax advisors being incorrect or violated. Any such indemnity obligations could be material and could materially affect our business and financial statements.

44

---

Table of Contents

We may not be able to engage in desirable strategic or capital-raising transactions following the Distribution.

Under current law, a distribution that would otherwise qualify as a tax-free transaction, for U.S. federal income tax purposes, under Section 355 of the Code can be rendered taxable to the parent corporation and its stockholders as a result of certain post-distribution acquisitions of shares or assets of the distributed corporation. For example, such a distribution could result in taxable gain to the parent corporation under Section 355(e) of the Code if the distribution were later deemed to be part of a plan (or series of related transactions) pursuant to which one or more persons acquired, directly or indirectly, shares representing a 50% or greater interest (by vote or value) in the distributed corporation.

To preserve the tax-free treatment of the Separation and Distribution, and in addition to our expected indemnity obligation described above, we have agreed in the tax matters agreement to restrictions that address compliance with Section 355 of the Code (including Section 355(e) of the Code). These restrictions could limit our ability to pursue certain strategic transactions, equity issuances or repurchases or other transactions that we believe may be in the best interests of our stockholders or that might increase the value of our business.

SolarWinds has agreed to indemnify us, and we have agreed to indemnify SolarWinds, for certain liabilities. Claims for indemnification by SolarWinds, or a failure by SolarWinds to provide sufficient indemnification to us, could negatively impact our business, results of operations and financial position.

Pursuant to the Separation and Distribution Agreement and certain other agreements with SolarWinds, SolarWinds has agreed to indemnify us, and we have agreed to indemnify SolarWinds, for certain liabilities. Claims for indemnification by SolarWinds could have negative consequences for our financial position. In addition, third parties could also seek to hold us responsible for any of the liabilities that SolarWinds has agreed to retain, and we cannot assure that an indemnity from SolarWinds will be sufficient to protect us against the full amount of such liabilities, or that SolarWinds will be able to fully satisfy its indemnification obligations in the future. Even if we ultimately succeed in recovering from SolarWinds any amounts for which we are held liable, we may be temporarily required to bear these losses. Each of these risks could materially adversely affect our business, results of operations and financial condition.

Some of our directors and executive officers own SolarWinds common stock, restricted shares of SolarWinds common stock or options to acquire SolarWinds common stock and hold positions with SolarWinds, which could cause conflicts of interest, or the appearance of conflicts of interest, that result in our not acting on opportunities we otherwise may have.

Some of our directors and executive officers own SolarWinds common stock, restricted shares of SolarWinds stock or options to purchase SolarWinds common stock. Ownership of SolarWinds common stock, restricted shares of SolarWinds common stock and options to purchase SolarWinds common stock by our directors and executive officers after the Separation and Distribution and the presence of executive officers or directors of SolarWinds on our board of directors could create, or appear to create, conflicts of interest with respect to matters involving both us and SolarWinds that could have different implications for SolarWinds than they do for us. For example, potential conflicts of interest could arise in connection with the resolution of any dispute between SolarWinds and us regarding terms of the agreements governing the Separation and Distribution and the relationship between SolarWinds and us thereafter, including the Separation and Distribution Agreement, the employee matters agreement, the tax matters agreement or the transition services agreement. Potential conflicts of interest could also arise if we enter into commercial arrangements with SolarWinds in the future. As a result of these actual or apparent conflicts of interest, we may be precluded from pursuing certain growth initiatives.

The allocation of intellectual property rights and data between SolarWinds and us as part of the Separation and Distribution, the shared use of certain intellectual property rights and data following the Separation and Distribution and restrictions on the use of intellectual property rights, could adversely impact our reputation, our ability to enforce certain intellectual property rights and our competitive position.

In connection with the Separation and Distribution, we entered into agreements with SolarWinds governing the allocation of intellectual property rights and data related to our business. These agreements include restrictions on our use of SolarWinds’ intellectual property rights and data licensed to us, including limitations on the field of use in which we can exercise our license rights. Moreover, the licenses granted to us under SolarWinds’ intellectual property rights and data are non-exclusive, so SolarWinds may be able to license the rights and data to third parties that may compete with us. These agreements could adversely affect our position and options relating to intellectual property enforcement, licensing negotiations and monetization and access to data used in our business. We also may not have sufficient rights to grant sublicenses of intellectual property or data used in our business, and we may be subject to third party rights pertaining to the underlying intellectual property or data. These circumstances could adversely affect our ability to protect our competitive position in the industry and otherwise adversely affect our business, financial condition and results of operations.

45

---

Table of Contents

Risks Related to Ownership of Our Common Stock and Our Organizational Structure

The requirements of being a public company, including compliance with the reporting requirements of the Exchange Act, the requirements of the Sarbanes-Oxley Act and the requirements of the NYSE, may strain our resources, increase our costs and distract management, and we may be unable to comply with these requirements in a timely or cost-effective manner.

As a public company, we are required to comply with new laws, regulations and requirements, certain corporate governance provisions of the Sarbanes-Oxley Act, related regulations of the SEC and the requirements of the NYSE, with which we were not required to comply as a business unit of SolarWinds. Complying with these statutes, regulations and requirements will occupy a significant amount of time of our board of directors and management and will significantly increase our costs and expenses. We have had to, and will need to continue to:

•institute and maintain a more comprehensive compliance function;

•comply with rules promulgated by the NYSE;

•prepare and distribute periodic public reports in compliance with our obligations under the federal securities laws;

•establish new internal policies, such as those relating to insider trading; and

•involve and retain to a greater degree outside counsel and accountants in the above activities.

Furthermore, because we ceased to be an emerging growth company as of December 31, 2023, we are required to have our independent registered public accounting firm attest to the effectiveness of our internal controls. In the future, our independent registered public accounting firm may issue a report that is adverse in the event it is not satisfied with the level at which our controls are documented, designed, operated or reviewed. Compliance with these requirements may strain our resources, increase our costs and distract management, and we may be unable to comply with these requirements in a timely or cost-effective manner.

Ensuring that we have adequate internal financial and accounting controls and procedures in place so that we can produce accurate financial statements on a timely basis is a costly and time-consuming effort that needs to be re-evaluated frequently, including if we acquire additional businesses and integrate their operations. Our internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and preparation of financial statements in accordance with GAAP. We continue to evaluate opportunities to further strengthen the effectiveness and efficiency of our internal controls and procedures for compliance with Section 404 of the Sarbanes-Oxley Act. If we make additional acquisitions, we will need to similarly assess and ensure the adequacy of the internal financial and accounting controls and procedures of such acquisitions. If we fail to maintain proper and effective internal controls, including with respect to acquired businesses, our ability to produce accurate and timely financial statements could be impaired, which could harm our operating results, harm our ability to operate our business and reduce the trading price of our common stock.In addition, we expect that being a public company subject to these rules and regulations may make it more difficult and more expensive for us to obtain director and officer liability insurance and we may be required to accept reduced policy limits and coverage or incur substantially higher costs to obtain the same or similar coverage.

In addition, being a public company subject to these rules and regulations may make it more difficult and more expensive for us to obtain director and officer liability insurance and we may be required to accept reduced policy limits and coverage or incur substantially higher costs to obtain the same or similar coverage.In addition, we expect that being a public company subject to these rules and regulations may make it more difficult and more expensive for us to obtain director and officer liability insurance and we may be required to accept reduced policy limits and coverage or incur substantially higher costs to obtain the same or similar coverage. As a result, it may be more difficult for us to attract and retain qualified individuals to serve on our board of directors or as executive officers. We cannot predict or estimate the amount of additional costs we may incur or the timing of such costs.

The trading price of our common stock has been and may continue to be volatile, which could cause the value of your investment to decline.The trading price of our common stock has been and could continue to be volatile, which could cause the value of your investment to decline.

Technology stocks have historically experienced high levels of volatility. The trading price of our common stock has fluctuated, and may continue to fluctuate, substantially. The market price of our common stock may be higher or lower than the price you pay for our common stock, depending on many factors, some of which are beyond our control and may not be related to our operating performance. These fluctuations could cause you to lose all or part of your investment in our common stock. Factors that could cause fluctuations in the trading price of our common stock include the following:

•announcements of new solutions or technologies, commercial relationships, acquisitions or other events by us or our competitors;

•changes in how customers perceive the benefits of our offerings;

•changes in subscription revenue from quarter to quarter;

•departures of key personnel;

•price and volume fluctuations in the overall stock market from time to time;

•fluctuations in the trading volume of our shares or the size of our public float;

46

---

Table of Contents

•sales of large blocks of our common stock, including sales by our Sponsors;

•actual or anticipated changes or fluctuations in our operating results;

•whether our operating results meet the expectations of securities analysts or investors;

•changes in actual or future expectations of investors or securities analysts;

•litigation involving us, our industry or both;

•cybersecurity incidents;

•regulatory developments in the United States, foreign countries or both;

•general macroeconomic conditions and trends, including market impacts related to the wars in Ukraine and the Middle East, geopolitical tensions in China, inflation, and changes in interest rates;

•major catastrophic events in our domestic and foreign markets; and

•“flash crashes,” “freeze flashes” or other glitches that disrupt trading on the securities exchange on which we are listed.

In addition, if the market for technology stocks or the stock market in general experiences a loss of investor confidence, the trading price of our common stock could decline for reasons unrelated to our business, operating results or financial condition. The trading price of our common stock might also decline in reaction to events that affect other companies in our industry even if these events do not directly affect us. In the past, following periods of volatility in the trading price of a company’s securities, securities class-action litigation has often been brought against that company. If our stock price is volatile, we may become the target of securities litigation. Securities litigation could result in substantial costs and divert our management’s attention and resources from our business. This could have an adverse effect on our business, operating results and financial condition.

If securities or industry analysts were to downgrade our stock, publish misleading or unfavorable research about our business or fail to publish reports on our business, our stock price and trading volume could decline.

The trading market for our common stock depends in part on the research and reports that securities or industry analysts publish about us or our business. If the coverage of our common stock decreases, the trading price for shares of our common stock may be negatively impacted. If one or more of the analysts downgrades our stock or publishes misleading or unfavorable research about our business, our stock price would likely decline. If one or more of the analysts ceases coverage of our common stock or fails to publish reports on us regularly, demand for our common stock could decrease, which could cause our common stock price or trading volume to decline.

Sales of substantial amounts of our common stock in the public markets, or the perception that such sales could occur, could reduce the market price of our common stock.

Sales of a substantial number of shares of our common stock in the public market, or the perception that such sales could occur, could adversely affect the market price of our common stock and may make it more difficult for you to sell your common stock at a time and price that you deem appropriate. As of December 31, 2024, the Sponsors collectively owned in the aggregate approximately 111,564,512 shares of our common stock. We granted registration rights to the Sponsors with respect to shares of our common stock. Any shares registered pursuant to the registration rights agreement will be freely tradable in the public market, subject to compliance with applicable restrictions. In addition, in connection with the private placement completed just prior to the Separation and Distribution, we granted registration rights to certain investors with respect to the 20,623,282 aggregate shares of our common stock purchased by them in the Private Placement, of which 4,837,521 remain unsold by the selling stockholders as of December 31, 2024. In connection with the acquisition of Adlumin in November 2024, we issued 1,433,729 shares of our common stock to the sellers and granted “piggyback” registration rights with respect to 1,293,674 of such shares that require us to register such shares in certain future registration statements of offerings of our common stock. In addition, in connection with the private placement completed just prior to the Separation and Distribution, we granted registration rights to the Investors with respect to the 20,623,282 aggregate shares of our common stock purchased by them in the Private Placement, of which 10,148,828 remain unsold by the selling stockholders as of December 31, 2022. Such shares are freely tradable in the public market to the extent sold pursuant to the registration statement filed by us pursuant to our obligations. Such shares are freely tradable in the public market to the extent sold pursuant to the registration statement filed by us pursuant to our obligations. Such shares are freely tradable in the public market to the extent sold pursuant to the registration statement filed by us pursuant to our obligations.

Our issuance of additional capital stock in connection with financings, acquisitions, investments, our stock incentive plans or otherwise will dilute all other stockholders.

We may issue additional capital stock in the future that will result in dilution to all other stockholders. We may also raise capital through equity financings in the future. As part of our business strategy, we may acquire or make investments in complementary companies, solutions or technologies and issue equity securities to pay for any such acquisition or investment. Any such issuances of additional capital stock may cause stockholders to experience significant dilution of their ownership interests and the per-share value of our common stock to decline.

47

---

Table of Contents

We currently do not intend to pay dividends on our common stock, and consequently, stockholders’ ability to achieve a return on their investment will depend on appreciation in the price of our common stock.

We currently do not intend to pay dividends on our common stock.We do not intend to pay dividends on our common stock. We intend to retain any earnings to finance the operation and expansion of our business, and we do not anticipate paying any cash dividends in the foreseeable future. As a result, receiving a return on investment in our common stock is solely dependent on the increase in the market price of our common stock. As a result, you may receive a return on your investment in our common stock only if the market price of our common stock increases.

Our restated charter and restated bylaws contain anti-takeover provisions that could delay or discourage takeover attempts that stockholders may consider favorable.

Our amended and restated certificate of incorporation, or our restated charter, and our amended and restated bylaws, or our restated bylaws, contain provisions that could delay or prevent a change in control of our company. These provisions could also make it difficult for stockholders to elect directors who are not nominated by the current members of our board of directors or take other corporate actions, including effecting changes in our management. These provisions could also 45Table of Contentsmake it difficult for stockholders to elect directors who are not nominated by the current members of our board of directors or take other corporate actions, including effecting changes in our management. These provisions include:

•a classified board of directors with three-year staggered terms, which could delay the ability of stockholders to change the membership of a majority of our board of directors;

•after the Sponsors no longer continue to beneficially own, in the aggregate, at least 30% of the outstanding shares of our common stock, removal of directors only for cause;

•the ability of our board of directors to issue shares of preferred stock and to determine the price and other terms of those shares, including preferences and voting rights, without stockholder approval, which could be used to significantly dilute the ownership of a hostile acquirer;

•subject to the rights of the Sponsors under the stockholders’ agreement, allowing only our board of directors to fill vacancies on our board of directors, which prevents stockholders from being able to fill vacancies on our board of directors;

•after the Sponsors no longer continue to beneficially own, in the aggregate, at least 40% of the outstanding shares of our common stock, a prohibition on stockholder action by written consent, which forces stockholder action to be taken at an annual or special meeting of our stockholders. As a result, a holder controlling a majority of our capital stock would not be able to amend our bylaws or remove directors without holding a meeting of our stockholders called in accordance with our bylaws;

•after the Sponsors no longer continue to beneficially own, in the aggregate, at least 40% of the outstanding shares of our common stock, to amend the provisions of our restated charter relating to the management of our business (including our classified board structure) or certain provisions of our bylaws, the requirement for the affirmative vote of holders of at least 66 2/3% of the voting power of all of the then-outstanding shares of the voting stock, voting together as a single class, is required, which may inhibit the ability of an acquirer to effect such amendments to facilitate an unsolicited takeover attempt;

•the ability of our board of directors to amend the bylaws, which may allow our board of directors to take additional actions to prevent an unsolicited takeover and inhibit the ability of an acquirer to amend the bylaws to facilitate an unsolicited takeover attempt;

•advance notice procedures with which stockholders must comply to nominate candidates to our board of directors or to propose matters to be acted upon at a stockholders’ meeting, which may discourage or deter a potential acquirer from conducting a solicitation of proxies to elect the acquirer’s own slate of directors or otherwise attempting to obtain control of us; and

•a prohibition of cumulative voting in the election of our board of directors, which would otherwise allow less than a majority of stockholders to elect director candidates.

Our restated charter also contains a provision that provides us with protections similar to Section 203 of the Delaware General Corporation Law (the “DGCL”), and prevents us from engaging in a business combination, such as a merger, with an interested stockholder (i.e., a person or group that acquires at least 15% of our voting stock) for a period of three years from the date such person became an interested stockholder, unless (with certain exceptions) the business combination or the transaction in which the person became an interested stockholder is approved in a prescribed manner. However, our restated charter also provides that the Sponsors, including the Silver Lake Funds and the Thoma Bravo Funds and any persons to whom any Silver Lake Fund or Thoma Bravo Fund or any of their respective affiliates sells its common stock, will not constitute “interested stockholders” for purposes of this provision.

48

---

Table of Contents

The Sponsors have a controlling influence over matters requiring stockholder approval.

As of December 31, 2024, Silver Lake and Thoma Bravo, together with their respective funds and, as applicable, their co-investors (collectively, the “Sponsors”) collectively owned in the aggregate approximately 111,564,512 shares of our common stock, representing approximately 59.5% of the voting power of our common stock as of such time. The Sponsors have entered into a stockholders’ agreement whereby they each agreed, among other things, to vote the shares each beneficially owns in favor of the director nominees designated by Silver Lake and Thoma Bravo, respectively. Notwithstanding the decision of the Court of Chancery of the State of Delaware, discussed in Note 15. Commitments and Contingencies in the Notes to Consolidated Financial Statements wherein the Court invalidated certain provisions of the stockholders’ agreement, Silver Lake and Thoma Bravo could exert significant influence over our operations and business strategy and would together have sufficient voting power to effectively control the outcome of matters requiring stockholder approval. These matters may include:

•the composition of our board of directors, which has the authority to direct our business and to appoint and remove our officers;

•approving or rejecting a merger, consolidation or other business combination;

•raising future capital; and

•amending our restated charter and restated bylaws, which govern the rights attached to our common stock.

This concentration of ownership of our common stock could delay or prevent proxy contests, mergers, tender offers, open-market purchase programs or other purchases of our common stock that might otherwise give you the opportunity to realize a premium over the then-prevailing market price of our common stock. This concentration of ownership may also adversely affect our share price.

Certain of our directors have relationships with the Sponsors, which may cause conflicts of interest with respect to our business.

Two of our seven directors are affiliated with Silver Lake. These directors have fiduciary duties to us and, in addition, have duties to the respective Sponsor and their affiliated funds, respectively. As a result, these directors may face real or apparent conflicts of interest with respect to matters affecting both us and the Sponsors, whose interests may be adverse to ours in some circumstances.

Although directors affiliated with the Sponsors currently only represent two of our seven directors, so long as the Sponsors beneficially own shares of our outstanding common stock representing at least a majority of the votes entitled to be cast by the holders of our outstanding voting stock, they can effectively control and direct our board of directors.

The Sponsors and their affiliated funds may pursue corporate opportunities independent of us that could present conflicts with our and our stockholders’ interests.

The Sponsors and their affiliated funds are in the business of making or advising on investments in companies and hold (and may from time to time in the future acquire) interests in or provide advice to businesses that directly or indirectly compete with certain portions of our business or are suppliers or customers of ours. The Sponsors and their affiliated funds may also pursue acquisitions that may be complementary to our business and, as a result, those acquisition opportunities may not be available to us.

Our restated charter provides that no officer or director of the Company who is also an officer, director, employee, partner, managing director, principal, independent contractor or other affiliate of either of the Sponsors will be liable to us or our stockholders for breach of any fiduciary duty by reason of the fact that any such individual pursues or acquires a corporate opportunity for its own account or the account of an affiliate, as applicable, instead of us, directs a corporate opportunity to any other person instead of us or does not communicate information regarding a corporate opportunity to us.

We may issue preferred stock whose terms could adversely affect the voting power or value of our common stock.

Our restated charter authorizes us to issue, without the approval of our stockholders, one or more classes or series of preferred stock having such designations, preferences, limitations and relative rights, including preferences over our common stock respecting dividends and distributions, as our board of directors may determine. The terms of one or more classes or series of preferred stock could adversely impact the voting power or value of our common stock. For example, we might grant holders of preferred stock the right to elect some number of our directors in all events or on the happening of specified events or the right to veto specified transactions. Similarly, the repurchase or redemption rights or liquidation preferences we might assign to holders of preferred stock could affect the residual value of our common stock.

49

---

Table of Contents

Our restated charter designates the Court of Chancery of the State of Delaware as the sole and exclusive forum for certain types of actions and proceedings that may be initiated by our stockholders, which could limit our stockholders’ ability to obtain a favorable judicial forum for disputes with us or our directors, officers, employees or agents.

Our restated charter provides that, unless we consent in writing to the selection of an alternative forum, the Court of Chancery of the State of Delaware will, to the fullest extent permitted by applicable law, be the sole and exclusive forum for (i) any derivative action or proceeding brought on our behalf, (ii) any action asserting a claim of breach of a fiduciary duty owed by any of our directors, officers, employees or agents to us or our stockholders, (iii) any action asserting a claim arising pursuant to any provision of the DGCL, our restated charter or restated bylaws, or (iv) any action asserting a claim against us that is governed by the internal affairs doctrine, in each such case subject to such Court of Chancery of the State of Delaware having personal jurisdiction over the indispensable parties named as defendants therein. Our restated charter further provides that, unless we consent in writing to the selection of an alternative forum, the federal district courts of the United States shall, to the fullest extent permitted by law, be the sole and exclusive forum for the resolutions of any complaint asserting a cause of action arising under the Securities Act. The exclusive forum clauses described above shall not apply to suits brought to enforce a duty or liability created by the Exchange Act, or any other claim for which the federal courts have exclusive jurisdiction. Any person or entity purchasing or otherwise acquiring any interest in shares of our capital stock will be deemed to have notice of, and consented to, the provisions of our restated charter described in the preceding sentence. The enforceability of similar choice of forum provisions in other companies’ certificates of incorporation has been challenged in legal proceedings and there is uncertainty as to whether a court would enforce such provisions. In addition, investors cannot waive compliance with the federal securities laws and the rules and regulations thereunder.

This choice-of-forum provision may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or our directors, officers, employees or agents, which may discourage such lawsuits against us and such persons. Alternatively, if a court were to find these provisions of our restated charter inapplicable to, or unenforceable in respect of, one or more of the specified types of actions or proceedings, we may incur additional costs associated with resolving such matters in other jurisdictions, which could adversely affect our business, financial condition or operating results.

We are a controlled company within the meaning of the NYSE rules and, as a result, qualify for and may rely on exemptions from certain corporate governance requirements.

As of December 31, 2024, the Sponsors beneficially owned a majority of the combined voting power of all classes of our outstanding voting stock. As a result, we are a controlled company within the meaning of the NYSE corporate governance standards. Under the NYSE rules, a company of which more than 50% of the voting power is held by another person or group of persons acting together is a controlled company and may elect not to comply with certain NYSE corporate governance requirements, including the requirements that:

•a majority of the board of directors consist of independent directors as defined under the rules of the NYSE; and

•the nominating and governance committee and compensation committee be composed entirely of independent directors with a written charter addressing the committee’s purpose and responsibilities.

These requirements will not apply to us as long as we remain a controlled company. Although we do not currently take advantage of these exemptions, we may do so in the future. Accordingly, you may not have the same protections afforded to stockholders of companies that are subject to all of the corporate governance requirements of the NYSE.

ITEM 1B. UNRESOLVED STAFF COMMENTS

None.

ITEM 1C.ITEM 1A. CYBERSECURITY

Risk Management and Strategy

The Company has adopted policies, processes, procedures and standards and implemented certain controls and procedures that allow its management to assess, identify and manage material risks from cybersecurity threats and for its Board of Directors, through its Cybersecurity Committee, to actively oversee the strategic direction, objectives, and effectiveness of the Company’s cybersecurity risk management framework.

The Company’s processes are integrated into its overall enterprise risk management program, which includes financial risk, compliance risk and other strategic and operational risks that affect the Company. The processes compliment the Company’s enterprise-wide risk assessment architecture, as implemented by the Company’s management and as overseen by the Company’s Board of Directors through its Cybersecurity Committee. In designing these processes, the Company takes into account industry frameworks such as the National Institute of Standards and Technology (NIST), Committee of Sponsoring

50

---

Table of Contents

Organizations (COSO), and International Organization for Standardization (ISO) 27001, and other industry standards. To further improve the effectiveness of its cybersecurity risk management framework, the Company has in the past, and may continue to do so in the future, engage third party consultants, to assist in testing and evaluating our security program.

The Company seeks to address cybersecurity risks through a cross-functional approach that is focused on preserving the confidentiality, security, and availability of the information that the Company collects and stores by identifying, preventing, and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur.

To identify and assess material risks from cybersecurity threats, we engage in regular network and endpoint monitoring, vulnerability assessments, penetration testing, and tabletop exercises. The Company engages a third-party to perform 24/7 monitoring for threats and unauthorized access to our information security network.

We have a formalized incident response plan (IRP) and associated procedures based on cybersecurity best practices which are refined using the information gained through testing and to further improve our cybersecurity preparedness and response infrastructure. These plans and procedures set forth the actions to be taken in responding to and recovering from cybersecurity incidents, which include triage, assessing the severity of incidents, escalation protocols, containment of incidents, investigation of incidents, and remediation. We also regularly perform phishing tests of our employees and provide annual privacy and security training for all employees. Our security training incorporates awareness of cyber threats (including but not limited to malware, ransomware, and social engineering attacks), password hygiene and incident reporting processes.

We review our cybersecurity risk framework and related policies annually with our senior management to help identify areas for continued focus and improvement. We also engage third parties to review and assess our processes annually. Our information security management system has been independently certified as being in conformity with ISO/IEC 27001:2013.

The Company has also implemented processes to identify, monitor and address material risks from cybersecurity threats associated with our use of third-party service providers, including those in our supply chain or who have access to our systems, data or facilities that house such systems or data. The Company works with such providers to recommend securities measures to be improved where possible, and generally requires those third parties that could introduce significant cybersecurity risk to us to manage their cybersecurity risks in specified ways, and to agree to be subject to cybersecurity audits, which we conduct as appropriate.

Although we have not experienced any material cybersecurity incidents since becoming a stand-alone public company in July 2021, we may experience such incidents in the future and the scope and impact of any such future incidents cannot be predicted. We have described whether and how risks from identified cybersecurity threats, including as a result of any previous cybersecurity incidents, including the Cyber Incident, have affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition in the risk factors titled “Cyberattacks, including the Cyber Incident, and other security incidents have resulted, and in the future may result, in compromises or breaches of our, our IT services provider customers’, or their SMB and mid-market customers’ systems, the insertion of malicious code, malware, ransomware or other vulnerabilities into our, our IT services provider customers’, or their SMB and mid-market customers’ systems, the exploitation of vulnerabilities in our, our IT services provider customers’, or their SMB and mid-market customers’ environments, the theft or misappropriation of our, our IT services provider customers’, or their SMB and mid-market customers’ proprietary and confidential information, and interference with our, our IT services provider customers’, or their SMB and mid-market customers’ operations, exposure to legal and other liabilities, higher customer and employee attrition and the loss of key personnel, negative impacts to our sales, renewals and upgrades and reputational harm and other serious negative consequences, any or all of which could materially harm our business” and “The Cyber Incident has had and may continue to have an adverse effect on our business, reputation, customer and employee relations, results of operations, financial condition or cash flows” in “Item 1A. Risk Factors” of this Annual Report on Form 10-K.

Governance

Role of the Board of Directors and the Cybersecurity Committee

As part of the Board of Directors’ role in overseeing the Company’s enterprise risk management program, which includes our cybersecurity risk management program, the Board is responsible for exercising oversight of management’s identification and management of, and planning for, material cybersecurity risks that may reasonably be expected to impact the Company. While the full Board has overall responsibility for risk oversight, the Board has delegated oversight responsibility related to risks from cybersecurity threats to the Cybersecurity Committee of the Board, or the Cybersecurity Committee. The Cybersecurity Committee is responsible for overseeing our information technology systems and cybersecurity risks, including plans and programs relating to cyber and data security and legal and regulatory risks associated with our products and business operations. The Cybersecurity Committee is informed of the Company’s cybersecurity risk management and receives an overview of its cybersecurity program from management at least quarterly, which covers topics including, among others, recent cybersecurity risk landscape and trends, data security posture, results from third-party assessments, training and vulnerability

51

---

Table of Contents

testing, our cybersecurity and compliance program, critical cybersecurity risks, as well as the steps management has taken to respond to such risks, emerging cybersecurity regulations, technologies and best practices. Material cybersecurity risks are also discussed during separate Board meetings as part of the Board’s risk oversight generally.

Role of Management,

Our Security Risk Committee (“SRC”), comprised of our Chief Security Officer (“CSO”), our Chief Legal Officer and representatives from the technology and product, people, IT and legal teams, is responsible for management’s oversight of cybersecurity governance, decision-making, risk management, awareness, and compliance across the Company. Our CSO works with the SRC to employ a cybersecurity program designed to protect the Company’s information systems from cybersecurity threats and to respond to incidents in accordance with the Company’s incident response plan and other policies and procedures.

The CSO manages a team that is responsible for day-to-day tracking, assessing and management of threats. The N-able security team has a dedicated incident response team, with trained resources that are responsible for the various stages of our incident management strategy, including preparation, detection and analysis, containment, eradication, and recovery. Through ongoing communications with the team, the CSO and the SRC are informed about and monitor the prevention, detection, mitigation and remediation of cybersecurity incidents and progress on cybersecurity infrastructure initiatives. In the event of a material cybersecurity incident or investigation, management will, in accordance with the Company’s IRP and other policies in place, promptly report to the Cybersecurity Committee and the Board, as appropriate. This escalation is in addition to the regular reports by the CSO to the Cybersecurity Committee on at least an annual basis.

Our CSO has served as such since 2021, and has over 20 years of experience in various roles in information security, including serving as an IT security leader at AT&T/Warner Media, where he implemented an extensive security program managing complex incident response events. He holds a degree in Information Technology.

Recently Filed

Click on a ticker to see risk factors

Ticker *	File Date
CPPTL	1 day, 17 hours ago
TUSK	1 day, 17 hours ago
EQBK	1 day, 17 hours ago
FSUN	1 day, 17 hours ago
UBX	1 day, 17 hours ago
BSTT	1 day, 17 hours ago
NDLS	1 day, 17 hours ago
FNRN	1 day, 17 hours ago
SNBR	1 day, 17 hours ago
FCBC	1 day, 17 hours ago
MYFW	1 day, 17 hours ago
BRDG	1 day, 17 hours ago
AIMD	1 day, 17 hours ago
GRND	1 day, 17 hours ago
SPFI	1 day, 17 hours ago
ATRA	1 day, 17 hours ago
SGHT	1 day, 17 hours ago
CMCT	1 day, 17 hours ago
OB	1 day, 17 hours ago
NABL	1 day, 17 hours ago
NODK	1 day, 17 hours ago
RGTI	1 day, 17 hours ago
UNTY	1 day, 17 hours ago
HBT	1 day, 17 hours ago
ZCSH	1 day, 17 hours ago
ETCG	1 day, 17 hours ago
LXRX	1 day, 17 hours ago
EBTC	1 day, 18 hours ago
GSBC	1 day, 18 hours ago
CCFN	1 day, 19 hours ago
GPLB	1 day, 19 hours ago
BCBP	1 day, 19 hours ago
SBFG	1 day, 19 hours ago
HMST	1 day, 19 hours ago
CAC	1 day, 20 hours ago
BMNM	1 day, 20 hours ago
OFLX	1 day, 20 hours ago
FSTR	1 day, 20 hours ago
CARE	1 day, 21 hours ago
IBCP	1 day, 21 hours ago
BFST	1 day, 22 hours ago
LFWD	1 day, 22 hours ago
FNLC	1 day, 23 hours ago
COOK	2 days ago
ESPR	2 days ago
FORR	2 days, 1 hour ago
MASS	2 days, 1 hour ago
ADV	2 days, 1 hour ago
NBBK	2 days, 2 hours ago
WHF	2 days, 2 hours ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard

TRADE SMARTER

with our free, cutting-edge alternative data platform

Please enter user name

Password too short

Sign in

Don't have an account? Sign Up for Free

Forgot password?

TRADE SMARTER

with our free, cutting-edge alternative data platform

Please enter user name

Please enter valid email

Password too short

Password too short

Sign Up

I already have an account, Sign In

App Store (iOS)

Play Store (Android)